@nockdev/awf 6.2.0 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (709) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +1 -1
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/i18n/en.yaml +6 -6
  43. package/.agent/i18n/vi.yaml +6 -6
  44. package/.agent/ide/README.md +1 -1
  45. package/.agent/ide/amazonq.json +3 -3
  46. package/.agent/ide/amp.json +4 -3
  47. package/.agent/ide/antigravity.json +4 -3
  48. package/.agent/ide/augment.json +4 -4
  49. package/.agent/ide/claude.json +4 -3
  50. package/.agent/ide/cline.json +4 -3
  51. package/.agent/ide/codex.json +6 -1
  52. package/.agent/ide/cody.json +4 -3
  53. package/.agent/ide/continue.json +4 -3
  54. package/.agent/ide/cursor.json +4 -3
  55. package/.agent/ide/gemini.json +4 -3
  56. package/.agent/ide/jetbrains.json +4 -3
  57. package/.agent/ide/kiro.json +4 -3
  58. package/.agent/ide/opencode.json +4 -3
  59. package/.agent/ide/roo.json +4 -3
  60. package/.agent/ide/tabnine.json +4 -3
  61. package/.agent/ide/trae.json +4 -3
  62. package/.agent/ide/vscode.json +4 -3
  63. package/.agent/ide/windsurf.json +4 -3
  64. package/.agent/ide/zed.json +4 -3
  65. package/.agent/manifest.yaml +142 -34
  66. package/.agent/memory/core_memory/persona.json +2 -2
  67. package/.agent/memory/core_memory/project.json +1 -1
  68. package/.agent/memory/core_memory/rules.json +1 -1
  69. package/.agent/memory/core_memory/user.json +1 -1
  70. package/.agent/memory/graph/knowledge_graph.json +1 -1
  71. package/.agent/memory/patterns/errors.json +1 -1
  72. package/.agent/memory/patterns/successes.json +1 -1
  73. package/.agent/memory/state.json +3 -3
  74. package/.agent/personas/README.md +1 -1
  75. package/.agent/personas/architect.md +1 -1
  76. package/.agent/personas/auditor.md +1 -1
  77. package/.agent/personas/debugger.md +1 -1
  78. package/.agent/personas/developer.md +1 -1
  79. package/.agent/personas/devops.md +1 -1
  80. package/.agent/personas/documenter.md +1 -1
  81. package/.agent/personas/orchestrator.md +1 -1
  82. package/.agent/personas/persona.schema.yaml +1 -1
  83. package/.agent/personas/planner.md +1 -1
  84. package/.agent/personas/researcher.md +1 -1
  85. package/.agent/personas/security.md +1 -1
  86. package/.agent/personas/tester.md +1 -1
  87. package/.agent/private/README.md +74 -0
  88. package/.agent/private/_index.yaml +23 -0
  89. package/.agent/private/_template/META.yaml +38 -0
  90. package/.agent/private/_template/SKILL.md +43 -0
  91. package/.agent/private/_template/data/.gitkeep +0 -0
  92. package/.agent/private/autodomyh-api/META.yaml +48 -0
  93. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  94. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  95. package/.agent/rules/README.md +24 -18
  96. package/.agent/rules/SACRED_RULES.xml +42 -36
  97. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +5 -5
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +5 -5
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +6 -6
  100. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  101. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  102. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  103. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  104. package/.agent/rules/{modules → archive}/reflection.yaml +1 -1
  105. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  106. package/.agent/rules/data/build-systems.yaml +2 -2
  107. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  108. package/.agent/rules/modules/edit-verification.yaml +1 -1
  109. package/.agent/rules/modules/git-workflow.yaml +1 -1
  110. package/.agent/rules/modules/language.yaml +1 -1
  111. package/.agent/rules/modules/online-research.yaml +1 -1
  112. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  113. package/.agent/rules/modules/quality.yaml +1 -1
  114. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  115. package/.agent/rules/modules/terminal-safety.yaml +1 -1
  116. package/.agent/rules/modules/yagni.yaml +1 -1
  117. package/.agent/rules/validation-framework.md +1 -1
  118. package/.agent/skills/DEVELOPMENT.yaml +5 -5
  119. package/.agent/skills/README.md +19 -16
  120. package/.agent/skills/_categories.yaml +60 -8
  121. package/.agent/skills/_router.yaml +61 -19
  122. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  123. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  124. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  128. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  129. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  130. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  134. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  141. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  142. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  145. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  153. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  154. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  155. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  160. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  161. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  162. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  163. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  164. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  165. package/.agent/skills/core/api-design/META.yaml +1 -5
  166. package/.agent/skills/core/api-design/SKILL.md +20 -26
  167. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  168. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  169. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  170. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  172. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  173. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  174. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  175. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  176. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  177. package/.agent/skills/core/authentication/META.yaml +1 -5
  178. package/.agent/skills/core/authentication/SKILL.md +36 -43
  179. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  180. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  181. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  182. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  183. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  190. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  191. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  192. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  193. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  194. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  195. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  196. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  197. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  198. package/.agent/skills/core/error-handling/META.yaml +1 -5
  199. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  200. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  201. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  202. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  204. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  205. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  206. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  207. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  208. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  211. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  212. package/.agent/skills/core/logging/META.yaml +1 -5
  213. package/.agent/skills/core/logging/SKILL.md +28 -42
  214. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  215. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  216. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  217. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  218. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  221. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  222. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  223. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  225. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  226. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  227. package/.agent/skills/core/observability/META.yaml +1 -5
  228. package/.agent/skills/core/observability/SKILL.md +29 -38
  229. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  230. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  231. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  232. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  233. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  237. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  238. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  240. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  241. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  242. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  243. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  244. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  245. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  246. package/.agent/skills/core/security/META.yaml +1 -5
  247. package/.agent/skills/core/security/SKILL.md +25 -25
  248. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  249. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  250. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  251. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  252. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  253. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  254. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  255. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  257. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  259. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  260. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  261. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  262. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  263. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  264. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  265. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  266. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  267. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  268. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  269. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  270. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  271. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  272. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  273. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  274. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  275. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  276. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  279. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  280. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  281. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  282. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  283. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  284. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  285. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  286. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  287. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  288. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  289. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  290. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  291. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  292. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  293. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  294. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  295. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  296. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  297. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  298. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  299. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  300. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  301. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  302. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  303. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  304. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  305. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  314. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  315. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  316. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  317. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  348. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  349. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  350. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  351. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  352. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  354. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  355. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  356. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  357. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  358. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  359. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  360. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  361. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  362. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  363. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  364. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  365. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  366. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  367. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  371. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  372. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  373. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  374. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  375. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  376. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  377. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  378. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  379. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  380. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  381. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  382. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  383. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  384. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  385. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  386. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  387. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  388. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  389. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  390. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  391. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  392. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  393. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  394. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  395. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  396. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  397. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  398. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  399. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  400. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  407. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  408. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  409. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  410. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  411. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  412. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  413. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  414. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  415. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  416. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  417. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  418. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  419. package/.agent/skills/devops/aws/META.yaml +48 -63
  420. package/.agent/skills/devops/azure/META.yaml +44 -0
  421. package/.agent/skills/devops/azure/SKILL.md +43 -0
  422. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  423. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  424. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  425. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  426. package/.agent/skills/devops/docker/META.yaml +53 -14
  427. package/.agent/skills/devops/gcp/META.yaml +43 -0
  428. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  429. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  430. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  431. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  432. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  433. package/.agent/skills/devops/terraform/META.yaml +47 -0
  434. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  435. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  436. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  437. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  438. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  439. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  440. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  441. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  442. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  443. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  444. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  445. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  446. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  447. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  448. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  449. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  450. package/.agent/skills/frameworks/react/META.yaml +20 -7
  451. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  452. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  453. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  454. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  455. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  456. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  457. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  458. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  459. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  460. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  461. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  462. package/.agent/skills/index.json +67 -14
  463. package/.agent/skills/languages/asm/META.yaml +2 -8
  464. package/.agent/skills/languages/asm/SKILL.md +1 -1
  465. package/.agent/skills/languages/c/META.yaml +2 -8
  466. package/.agent/skills/languages/c/SKILL.md +1 -1
  467. package/.agent/skills/languages/clojure/META.yaml +2 -2
  468. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  469. package/.agent/skills/languages/cpp/META.yaml +2 -8
  470. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  471. package/.agent/skills/languages/crystal/META.yaml +2 -8
  472. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  473. package/.agent/skills/languages/csharp/META.yaml +2 -2
  474. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  475. package/.agent/skills/languages/elixir/META.yaml +2 -2
  476. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  477. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  478. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  479. package/.agent/skills/languages/go/META.yaml +2 -8
  480. package/.agent/skills/languages/go/SKILL.md +1 -1
  481. package/.agent/skills/languages/haskell/META.yaml +2 -2
  482. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  483. package/.agent/skills/languages/java/META.yaml +2 -8
  484. package/.agent/skills/languages/java/SKILL.md +1 -1
  485. package/.agent/skills/languages/javascript/META.yaml +2 -8
  486. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  487. package/.agent/skills/languages/julia/META.yaml +2 -2
  488. package/.agent/skills/languages/julia/SKILL.md +1 -1
  489. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  490. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  491. package/.agent/skills/languages/lua/META.yaml +2 -8
  492. package/.agent/skills/languages/lua/SKILL.md +3 -3
  493. package/.agent/skills/languages/nim/META.yaml +2 -8
  494. package/.agent/skills/languages/nim/SKILL.md +1 -1
  495. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  496. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  497. package/.agent/skills/languages/perl/META.yaml +2 -2
  498. package/.agent/skills/languages/perl/SKILL.md +1 -1
  499. package/.agent/skills/languages/php/META.yaml +2 -2
  500. package/.agent/skills/languages/php/SKILL.md +1 -1
  501. package/.agent/skills/languages/python/META.yaml +2 -8
  502. package/.agent/skills/languages/python/SKILL.md +1 -1
  503. package/.agent/skills/languages/r/META.yaml +2 -2
  504. package/.agent/skills/languages/r/SKILL.md +1 -1
  505. package/.agent/skills/languages/ruby/META.yaml +2 -2
  506. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  507. package/.agent/skills/languages/rust/META.yaml +2 -8
  508. package/.agent/skills/languages/rust/SKILL.md +1 -1
  509. package/.agent/skills/languages/scala/META.yaml +2 -2
  510. package/.agent/skills/languages/scala/SKILL.md +1 -1
  511. package/.agent/skills/languages/solidity/META.yaml +2 -2
  512. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  513. package/.agent/skills/languages/swift/META.yaml +2 -2
  514. package/.agent/skills/languages/swift/SKILL.md +1 -1
  515. package/.agent/skills/languages/typescript/META.yaml +2 -8
  516. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  517. package/.agent/skills/languages/zig/META.yaml +5 -7
  518. package/.agent/skills/languages/zig/SKILL.md +1 -1
  519. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  520. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  521. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  522. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  523. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  524. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  525. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  526. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  527. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  528. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  529. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  531. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  532. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  533. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  534. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  535. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  536. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  537. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  538. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  539. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  540. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  541. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  542. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  543. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  544. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  545. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  546. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  547. package/.agent/templates/README.md +2 -2
  548. package/.agent/templates/debug-report.md +1 -1
  549. package/.agent/templates/deploy-plan.md +1 -1
  550. package/.agent/templates/doc-template.md +1 -1
  551. package/.agent/templates/index.yaml +2 -2
  552. package/.agent/templates/migrate-plan.md +1 -1
  553. package/.agent/templates/phase-template.md +1 -1
  554. package/.agent/templates/tasks/audit.yaml +1 -1
  555. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  556. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  557. package/.agent/templates/tasks/refactor.yaml +1 -1
  558. package/.agent/templates/test-report.md +1 -1
  559. package/.agent/workflows/code.md +22 -1
  560. package/.agent/workflows/deploy.md +5 -1
  561. package/.agent/workflows/e2e.md +112 -0
  562. package/.agent/workflows/fix.md +1 -1
  563. package/.agent/workflows/prompt.md +325 -0
  564. package/.agent/workflows/scaffold.md +1 -1
  565. package/.agent/workflows/tdd.md +108 -0
  566. package/.agent/workflows/verify.md +116 -0
  567. package/.agent/workflows/visualize.md +50 -18
  568. package/dist/commands/add.d.ts.map +1 -1
  569. package/dist/commands/add.js +9 -1
  570. package/dist/commands/add.js.map +1 -1
  571. package/dist/commands/config.d.ts.map +1 -1
  572. package/dist/commands/config.js +24 -8
  573. package/dist/commands/config.js.map +1 -1
  574. package/dist/commands/hsa.d.ts.map +1 -1
  575. package/dist/commands/hsa.js +106 -20
  576. package/dist/commands/hsa.js.map +1 -1
  577. package/dist/commands/init.d.ts.map +1 -1
  578. package/dist/commands/init.js +65 -61
  579. package/dist/commands/init.js.map +1 -1
  580. package/dist/commands/install-core.d.ts +2 -1
  581. package/dist/commands/install-core.d.ts.map +1 -1
  582. package/dist/commands/install-core.js +43 -16
  583. package/dist/commands/install-core.js.map +1 -1
  584. package/dist/commands/install-helpers.d.ts.map +1 -1
  585. package/dist/commands/install-helpers.js +23 -2
  586. package/dist/commands/install-helpers.js.map +1 -1
  587. package/dist/commands/install-hsa.d.ts +2 -5
  588. package/dist/commands/install-hsa.d.ts.map +1 -1
  589. package/dist/commands/install-hsa.js +2 -5
  590. package/dist/commands/install-hsa.js.map +1 -1
  591. package/dist/commands/install.d.ts +27 -0
  592. package/dist/commands/install.d.ts.map +1 -1
  593. package/dist/commands/install.js +68 -20
  594. package/dist/commands/install.js.map +1 -1
  595. package/dist/commands/list.d.ts.map +1 -1
  596. package/dist/commands/list.js +2 -1
  597. package/dist/commands/list.js.map +1 -1
  598. package/dist/commands/mcp-registry.d.ts +24 -9
  599. package/dist/commands/mcp-registry.d.ts.map +1 -1
  600. package/dist/commands/mcp-registry.js +39 -57
  601. package/dist/commands/mcp-registry.js.map +1 -1
  602. package/dist/commands/mcp-writers.d.ts.map +1 -1
  603. package/dist/commands/mcp-writers.js +6 -5
  604. package/dist/commands/mcp-writers.js.map +1 -1
  605. package/dist/commands/mcp.d.ts +1 -1
  606. package/dist/commands/mcp.d.ts.map +1 -1
  607. package/dist/commands/mcp.js +37 -9
  608. package/dist/commands/mcp.js.map +1 -1
  609. package/dist/commands/update.d.ts.map +1 -1
  610. package/dist/commands/update.js +16 -6
  611. package/dist/commands/update.js.map +1 -1
  612. package/dist/constants/cursor-globs.d.ts.map +1 -1
  613. package/dist/constants/cursor-globs.js +0 -6
  614. package/dist/constants/cursor-globs.js.map +1 -1
  615. package/dist/constants/ide-install-specs.js +2 -2
  616. package/dist/constants.d.ts +3 -3
  617. package/dist/constants.d.ts.map +1 -1
  618. package/dist/constants.js +3 -3
  619. package/dist/constants.js.map +1 -1
  620. package/dist/index.d.ts.map +1 -1
  621. package/dist/index.js +1 -9
  622. package/dist/index.js.map +1 -1
  623. package/dist/types/ide-install.js +1 -1
  624. package/dist/utils/copy-helpers.d.ts +7 -2
  625. package/dist/utils/copy-helpers.d.ts.map +1 -1
  626. package/dist/utils/copy-helpers.js +56 -42
  627. package/dist/utils/copy-helpers.js.map +1 -1
  628. package/dist/utils/install-manifest.d.ts +12 -0
  629. package/dist/utils/install-manifest.d.ts.map +1 -0
  630. package/dist/utils/install-manifest.js +26 -0
  631. package/dist/utils/install-manifest.js.map +1 -0
  632. package/dist/utils/validation.d.ts.map +1 -1
  633. package/dist/utils/validation.js +31 -1
  634. package/dist/utils/validation.js.map +1 -1
  635. package/package.json +1 -1
  636. package/.agent/core/embeddings.json +0 -2004
  637. package/.agent/core/session_cache.json +0 -50
  638. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  639. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  640. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  641. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  642. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  643. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  644. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  645. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  646. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  647. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  648. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  649. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  650. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  651. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  652. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  653. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  654. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  655. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  656. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  657. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  658. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  659. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  660. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  661. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  662. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  663. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  664. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  665. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  666. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  667. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  668. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  669. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  670. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  683. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  684. package/.agent/skills/devops/aws/SKILL.md +0 -711
  685. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  686. package/.agent/skills/devops/ci-cd/SKILL.md +0 -821
  687. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  688. package/.agent/skills/devops/docker/SKILL.md +0 -653
  689. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  690. package/.agent/skills/devops/kubernetes/SKILL.md +0 -621
  691. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  692. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  693. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  694. /package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +0 -0
  695. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  696. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  697. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  698. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  699. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  700. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  701. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  702. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  703. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  704. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  705. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  706. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  707. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  708. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  709. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/language-specific/ruby-security.yaml CHANGED
@@ -1,198 +1,198 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: ruby_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: ruby-security.csv
4
+ version: 6.2.1
5
+ updated: "2026-02-05"
6
+ migrated_from: ruby-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - cwe
17
- - example_code
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - cwe
17
+ - example_code
18
18
  patterns:
19
- - id: RB-01
20
- name: Mass Assignment
21
- severity: CRITICAL
22
- category: Injection
23
- description: Unprotected attributes allow overwriting sensitive fields
24
- detection_pattern: params\\.permit|attr_accessible(?!.*:role)
25
- fix_pattern: Use strong_parameters with explicit permit list
26
- cwe: CWE-915
27
- example_code: '# BAD\nUser.create(params[:user])\n# GOOD\nUser.create(params.require(:user).permit(:name, :email))'
28
- - id: RB-02
29
- name: Marshal Deserialization
30
- severity: CRITICAL
31
- category: Injection
32
- description: Marshal.load on untrusted data leads to RCE
33
- detection_pattern: Marshal\\.load(?!.*trusted)
34
- fix_pattern: Use JSON.parse instead of Marshal for untrusted data
35
- cwe: CWE-502
36
- example_code: '# RCE via Marshal\nMarshal.load(Base64.decode64(cookies[:session]))\n# SAFE: Use JSON\nJSON.parse(data)'
37
- - id: RB-03
38
- name: YAML.load Unsafe
39
- severity: CRITICAL
40
- category: Injection
41
- description: YAML.load executes arbitrary Ruby code
42
- detection_pattern: YAML\\.load(?!_file|.*permitted)
43
- fix_pattern: Use YAML.safe_load with permitted_classes
44
- cwe: CWE-502
45
- example_code: '# RCE via YAML\nYAML.load(user_input)\n# SAFE\nYAML.safe_load(user_input, permitted_classes: [Date])'
46
- - id: RB-04
47
- name: ERB Injection SSTI
48
- severity: CRITICAL
49
- category: Injection
50
- description: User input in ERB template leads to code execution
51
- detection_pattern: ERB\\.new\\(.*\\#\\{|render.*inline.*params
52
- fix_pattern: Never use user input in ERB templates directly
53
- cwe: CWE-94
54
- example_code: '# SSTI\nERB.new(\<%= #{params[:name]} %>\").result\n# SAFE: Escape output"'
55
- - id: RB-05
56
- name: Command Injection system
57
- severity: CRITICAL
58
- category: Injection
59
- description: User input in system/exec/backticks
60
- detection_pattern: system\\(.*\\#\\{|`.*\\#\\{|exec\\(.*\\+
61
- fix_pattern: Use array form or shellwords escape
62
- cwe: CWE-78
63
- example_code: '# Vulnerable\nsystem(\ls #{params[:dir]}\")\n# SAFE\nsystem(''ls'''
64
- - id: RB-06
65
- name: SQL Injection Raw
66
- severity: CRITICAL
67
- category: Injection
68
- description: Raw SQL with string interpolation
69
- detection_pattern: where\\(.*\\#\\{|find_by_sql.*\\#\\{
70
- fix_pattern: Use parameterized queries with ?
71
- cwe: CWE-89
72
- example_code: '# SQLi\nUser.where(\name = ''#{params[:name]}''\")\n# SAFE\nUser.where(name: params[:name])"'
73
- - id: RB-07
74
- name: Open Redirect
75
- severity: HIGH
76
- category: Web
77
- description: Unvalidated redirect_to with user input
78
- detection_pattern: redirect_to\\s+params|redirect_to.*url(?!_for)
79
- fix_pattern: Whitelist allowed redirect paths
80
- cwe: CWE-601
81
- example_code: '# Open redirect\nredirect_to params[:url]\n# SAFE\nredirect_to url_for(params[:path].presence_in(ALLOWED))'
82
- - id: RB-08
83
- name: Path Traversal send_file
84
- severity: HIGH
85
- category: Web
86
- description: send_file with user-controlled path
87
- detection_pattern: send_file.*params|send_data.*File\\.read.*params
88
- fix_pattern: Validate path within allowed directory
89
- cwe: CWE-22
90
- example_code: '# Path traversal\nsend_file(params[:file])\n# SAFE\nsend_file(Rails.root.join(''public'', File.basename(params[:file])))'
91
- - id: RB-09
92
- name: Eval Code Execution
93
- severity: CRITICAL
94
- category: Injection
95
- description: eval/instance_eval on user input
96
- detection_pattern: eval\\(.*params|instance_eval.*user
97
- fix_pattern: Never use eval on user input
98
- cwe: CWE-94
99
- example_code: '# RCE\neval(params[:code])\n# SAFE: Use whitelist of allowed operations'
100
- - id: RB-10
101
- name: render inline XSS
102
- severity: HIGH
103
- category: Web
104
- description: render inline without escaping
105
- detection_pattern: render.*inline.*params(?!.*escape)
106
- fix_pattern: Use html_safe only on trusted content
107
- cwe: CWE-79
108
- example_code: '# XSS\nrender inline: params[:content]\n# SAFE\nrender inline: ERB::Util.html_escape(params[:content])'
109
- - id: RB-11
110
- name: Insecure Regex ReDoS
111
- severity: MEDIUM
112
- category: DoS
113
- description: Regex with nested quantifiers vulnerable to ReDoS
114
- detection_pattern: Regexp\\.new.*\\+\\*|\\(.*\\*\\)\\+
115
- fix_pattern: Use timeout or safe regex patterns
116
- cwe: CWE-1333
117
- example_code: '# ReDoS vulnerable\n/(a+)+$/.match(user_input)\n# SAFE: Use timeout or re2 gem'
118
- - id: RB-12
119
- name: Session Fixation
120
- severity: HIGH
121
- category: Auth
122
- description: Session not regenerated after login
123
- detection_pattern: session\\[:user_id\\]\\s*=(?!.*reset_session)
124
- fix_pattern: Call reset_session before setting user
125
- cwe: CWE-384
126
- example_code: '# Fixation\nsession[:user_id] = user.id\n# SAFE\nreset_session; session[:user_id] = user.id'
127
- - id: RB-13
128
- name: CSRF Token Skip
129
- severity: HIGH
130
- category: Web
131
- description: skip_forgery_protection without API check
132
- detection_pattern: skip_forgery_protection|protect_from_forgery.*except
133
- fix_pattern: Only skip for stateless API endpoints
134
- cwe: CWE-352
135
- example_code: '# Risky\nskip_forgery_protection\n# SAFE\nprotect_from_forgery with: :null_session, if: -> { request.format.json? }'
136
- - id: RB-14
137
- name: Weak Password Hash
138
- severity: HIGH
139
- category: Crypto
140
- description: Using MD5/SHA1 for password storage
141
- detection_pattern: Digest::(MD5|SHA1).*password|digest.*password
142
- fix_pattern: Use bcrypt via has_secure_password
143
- cwe: CWE-328
144
- example_code: '# Weak\nDigest::SHA1.hexdigest(password)\n# SAFE\nhas_secure_password'
145
- - id: RB-15
146
- name: Constant Comparison Timing
147
- severity: MEDIUM
148
- category: Crypto
149
- description: String comparison vulnerable to timing attack
150
- detection_pattern: ==.*secret|secret.*==(?!.*secure_compare)
151
- fix_pattern: Use ActiveSupport::SecurityUtils.secure_compare
152
- cwe: CWE-208
153
- example_code: '# Timing attack\nparams[:token] == secret_token\n# SAFE\nActiveSupport::SecurityUtils.secure_compare(params[:token], secret_token)'
154
- - id: RB-16
155
- name: File.read Arbitrary
156
- severity: HIGH
157
- category: LFI
158
- description: File.read with user input allows LFI
159
- detection_pattern: File\\.(read|open).*params
160
- fix_pattern: Validate path and use safe_join
161
- cwe: CWE-22
162
- example_code: '# LFI\nFile.read(params[:path])\n# SAFE: Validate and restrict to allowed directory'
163
- - id: RB-17
164
- name: Paperclip/Shrine RCE
165
- severity: CRITICAL
166
- category: Upload
167
- description: Image processing without validation
168
- detection_pattern: has_attached_file|Shrine(?!.*validate)
169
- fix_pattern: Validate content type and use imagemagick safely
170
- cwe: CWE-434
171
- example_code: '# RCE via ImageMagick\nhas_attached_file :avatar\n# SAFE: Validate and restrict types'
172
- - id: RB-18
173
- name: ActiveRecord Serialize
174
- severity: HIGH
175
- category: Injection
176
- description: serialize with unsafe coder class
177
- detection_pattern: serialize.*Marshal|serialize(?!.*JSON|coder)
178
- fix_pattern: Use JSON coder for serialization
179
- cwe: CWE-502
180
- example_code: '# Unsafe\nserialize :data, Marshal\n# SAFE\nserialize :data, JSON'
181
- - id: RB-19
182
- name: Logger Injection
183
- severity: MEDIUM
184
- category: Log
185
- description: User input in logs without sanitization
186
- detection_pattern: Rails\\.logger\\.(info|debug).*params
187
- fix_pattern: Sanitize user input before logging
188
- cwe: CWE-117
189
- example_code: '# Log injection\nRails.logger.info(\User: #{params[:user]}\")\n# SAFE: Filter and sanitize"'
190
- - id: RB-20
191
- name: Rack CRLF Injection
192
- severity: HIGH
193
- category: Web
194
- description: User input in headers allows CRLF
195
- detection_pattern: response\\.headers\\[.*\\]\\s*=.*params
196
- fix_pattern: Validate header values
197
- cwe: CWE-113
198
- example_code: '# CRLF\nresponse.headers[''X-Custom''] = params[:header]\n# SAFE: Validate alphanumeric only'
19
+ - id: RB-01
20
+ name: Mass Assignment
21
+ severity: CRITICAL
22
+ category: Injection
23
+ description: Unprotected attributes allow overwriting sensitive fields
24
+ detection_pattern: params\\.permit|attr_accessible(?!.*:role)
25
+ fix_pattern: Use strong_parameters with explicit permit list
26
+ cwe: CWE-915
27
+ example_code: '# BAD\nUser.create(params[:user])\n# GOOD\nUser.create(params.require(:user).permit(:name, :email))'
28
+ - id: RB-02
29
+ name: Marshal Deserialization
30
+ severity: CRITICAL
31
+ category: Injection
32
+ description: Marshal.load on untrusted data leads to RCE
33
+ detection_pattern: Marshal\\.load(?!.*trusted)
34
+ fix_pattern: Use JSON.parse instead of Marshal for untrusted data
35
+ cwe: CWE-502
36
+ example_code: '# RCE via Marshal\nMarshal.load(Base64.decode64(cookies[:session]))\n# SAFE: Use JSON\nJSON.parse(data)'
37
+ - id: RB-03
38
+ name: YAML.load Unsafe
39
+ severity: CRITICAL
40
+ category: Injection
41
+ description: YAML.load executes arbitrary Ruby code
42
+ detection_pattern: YAML\\.load(?!_file|.*permitted)
43
+ fix_pattern: Use YAML.safe_load with permitted_classes
44
+ cwe: CWE-502
45
+ example_code: '# RCE via YAML\nYAML.load(user_input)\n# SAFE\nYAML.safe_load(user_input, permitted_classes: [Date])'
46
+ - id: RB-04
47
+ name: ERB Injection SSTI
48
+ severity: CRITICAL
49
+ category: Injection
50
+ description: User input in ERB template leads to code execution
51
+ detection_pattern: ERB\\.new\\(.*\\#\\{|render.*inline.*params
52
+ fix_pattern: Never use user input in ERB templates directly
53
+ cwe: CWE-94
54
+ example_code: '# SSTI\nERB.new(\<%= #{params[:name]} %>\").result\n# SAFE: Escape output"'
55
+ - id: RB-05
56
+ name: Command Injection system
57
+ severity: CRITICAL
58
+ category: Injection
59
+ description: User input in system/exec/backticks
60
+ detection_pattern: system\\(.*\\#\\{|`.*\\#\\{|exec\\(.*\\+
61
+ fix_pattern: Use array form or shellwords escape
62
+ cwe: CWE-78
63
+ example_code: '# Vulnerable\nsystem(\ls #{params[:dir]}\")\n# SAFE\nsystem(''ls'''
64
+ - id: RB-06
65
+ name: SQL Injection Raw
66
+ severity: CRITICAL
67
+ category: Injection
68
+ description: Raw SQL with string interpolation
69
+ detection_pattern: where\\(.*\\#\\{|find_by_sql.*\\#\\{
70
+ fix_pattern: Use parameterized queries with ?
71
+ cwe: CWE-89
72
+ example_code: '# SQLi\nUser.where(\name = ''#{params[:name]}''\")\n# SAFE\nUser.where(name: params[:name])"'
73
+ - id: RB-07
74
+ name: Open Redirect
75
+ severity: HIGH
76
+ category: Web
77
+ description: Unvalidated redirect_to with user input
78
+ detection_pattern: redirect_to\\s+params|redirect_to.*url(?!_for)
79
+ fix_pattern: Whitelist allowed redirect paths
80
+ cwe: CWE-601
81
+ example_code: '# Open redirect\nredirect_to params[:url]\n# SAFE\nredirect_to url_for(params[:path].presence_in(ALLOWED))'
82
+ - id: RB-08
83
+ name: Path Traversal send_file
84
+ severity: HIGH
85
+ category: Web
86
+ description: send_file with user-controlled path
87
+ detection_pattern: send_file.*params|send_data.*File\\.read.*params
88
+ fix_pattern: Validate path within allowed directory
89
+ cwe: CWE-22
90
+ example_code: '# Path traversal\nsend_file(params[:file])\n# SAFE\nsend_file(Rails.root.join(''public'', File.basename(params[:file])))'
91
+ - id: RB-09
92
+ name: Eval Code Execution
93
+ severity: CRITICAL
94
+ category: Injection
95
+ description: eval/instance_eval on user input
96
+ detection_pattern: eval\\(.*params|instance_eval.*user
97
+ fix_pattern: Never use eval on user input
98
+ cwe: CWE-94
99
+ example_code: '# RCE\neval(params[:code])\n# SAFE: Use whitelist of allowed operations'
100
+ - id: RB-10
101
+ name: render inline XSS
102
+ severity: HIGH
103
+ category: Web
104
+ description: render inline without escaping
105
+ detection_pattern: render.*inline.*params(?!.*escape)
106
+ fix_pattern: Use html_safe only on trusted content
107
+ cwe: CWE-79
108
+ example_code: '# XSS\nrender inline: params[:content]\n# SAFE\nrender inline: ERB::Util.html_escape(params[:content])'
109
+ - id: RB-11
110
+ name: Insecure Regex ReDoS
111
+ severity: MEDIUM
112
+ category: DoS
113
+ description: Regex with nested quantifiers vulnerable to ReDoS
114
+ detection_pattern: Regexp\\.new.*\\+\\*|\\(.*\\*\\)\\+
115
+ fix_pattern: Use timeout or safe regex patterns
116
+ cwe: CWE-1333
117
+ example_code: '# ReDoS vulnerable\n/(a+)+$/.match(user_input)\n# SAFE: Use timeout or re2 gem'
118
+ - id: RB-12
119
+ name: Session Fixation
120
+ severity: HIGH
121
+ category: Auth
122
+ description: Session not regenerated after login
123
+ detection_pattern: session\\[:user_id\\]\\s*=(?!.*reset_session)
124
+ fix_pattern: Call reset_session before setting user
125
+ cwe: CWE-384
126
+ example_code: '# Fixation\nsession[:user_id] = user.id\n# SAFE\nreset_session; session[:user_id] = user.id'
127
+ - id: RB-13
128
+ name: CSRF Token Skip
129
+ severity: HIGH
130
+ category: Web
131
+ description: skip_forgery_protection without API check
132
+ detection_pattern: skip_forgery_protection|protect_from_forgery.*except
133
+ fix_pattern: Only skip for stateless API endpoints
134
+ cwe: CWE-352
135
+ example_code: '# Risky\nskip_forgery_protection\n# SAFE\nprotect_from_forgery with: :null_session, if: -> { request.format.json? }'
136
+ - id: RB-14
137
+ name: Weak Password Hash
138
+ severity: HIGH
139
+ category: Crypto
140
+ description: Using MD5/SHA1 for password storage
141
+ detection_pattern: Digest::(MD5|SHA1).*password|digest.*password
142
+ fix_pattern: Use bcrypt via has_secure_password
143
+ cwe: CWE-328
144
+ example_code: '# Weak\nDigest::SHA1.hexdigest(password)\n# SAFE\nhas_secure_password'
145
+ - id: RB-15
146
+ name: Constant Comparison Timing
147
+ severity: MEDIUM
148
+ category: Crypto
149
+ description: String comparison vulnerable to timing attack
150
+ detection_pattern: ==.*secret|secret.*==(?!.*secure_compare)
151
+ fix_pattern: Use ActiveSupport::SecurityUtils.secure_compare
152
+ cwe: CWE-208
153
+ example_code: '# Timing attack\nparams[:token] == secret_token\n# SAFE\nActiveSupport::SecurityUtils.secure_compare(params[:token], secret_token)'
154
+ - id: RB-16
155
+ name: File.read Arbitrary
156
+ severity: HIGH
157
+ category: LFI
158
+ description: File.read with user input allows LFI
159
+ detection_pattern: File\\.(read|open).*params
160
+ fix_pattern: Validate path and use safe_join
161
+ cwe: CWE-22
162
+ example_code: '# LFI\nFile.read(params[:path])\n# SAFE: Validate and restrict to allowed directory'
163
+ - id: RB-17
164
+ name: Paperclip/Shrine RCE
165
+ severity: CRITICAL
166
+ category: Upload
167
+ description: Image processing without validation
168
+ detection_pattern: has_attached_file|Shrine(?!.*validate)
169
+ fix_pattern: Validate content type and use imagemagick safely
170
+ cwe: CWE-434
171
+ example_code: '# RCE via ImageMagick\nhas_attached_file :avatar\n# SAFE: Validate and restrict types'
172
+ - id: RB-18
173
+ name: ActiveRecord Serialize
174
+ severity: HIGH
175
+ category: Injection
176
+ description: serialize with unsafe coder class
177
+ detection_pattern: serialize.*Marshal|serialize(?!.*JSON|coder)
178
+ fix_pattern: Use JSON coder for serialization
179
+ cwe: CWE-502
180
+ example_code: '# Unsafe\nserialize :data, Marshal\n# SAFE\nserialize :data, JSON'
181
+ - id: RB-19
182
+ name: Logger Injection
183
+ severity: MEDIUM
184
+ category: Log
185
+ description: User input in logs without sanitization
186
+ detection_pattern: Rails\\.logger\\.(info|debug).*params
187
+ fix_pattern: Sanitize user input before logging
188
+ cwe: CWE-117
189
+ example_code: '# Log injection\nRails.logger.info(\User: #{params[:user]}\")\n# SAFE: Filter and sanitize"'
190
+ - id: RB-20
191
+ name: Rack CRLF Injection
192
+ severity: HIGH
193
+ category: Web
194
+ description: User input in headers allows CRLF
195
+ detection_pattern: response\\.headers\\[.*\\]\\s*=.*params
196
+ fix_pattern: Validate header values
197
+ cwe: CWE-113
198
+ example_code: '# CRLF\nresponse.headers[''X-Custom''] = params[:header]\n# SAFE: Validate alphanumeric only'