@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/SKILL.md CHANGED
@@ -2,7 +2,7 @@
2
2
  name: security
3
3
  detect: ["always"]
4
4
  priority: 0
5
- version: "6.1.2"
5
+ version: "6.2.2"
6
6
  ---
7
7
 
8
8
  # Security Patterns (Enhanced 2026)
@@ -13,32 +13,32 @@ version: "6.1.2"
13
13
 
14
14
  ### Core Security
15
15
 
16
- | File | Content | Records |
17
- | ------------------- | ------------------------------------- | ------- |
18
- | `owasp-top10.csv` | OWASP Top 10:2025 (NEW: Supply Chain) | 10 |
19
- | `cwe-top25.csv` | CWE Top 25:2024 (XSS now #1) | 25 |
20
- | `auth-patterns.csv` | AuthN/AuthZ patterns | 15 |
16
+ | File | Content | Records |
17
+ | -------------------- | ------------------------------------- | ------- |
18
+ | `owasp-top10.yaml` | OWASP Top 10:2025 (NEW: Supply Chain) | 10 |
19
+ | `cwe-top25.yaml` | CWE Top 25:2024 (XSS now #1) | 25 |
20
+ | `auth-patterns.yaml` | AuthN/AuthZ patterns | 15 |
21
21
 
22
22
  ### Domain-Specific Security
23
23
 
24
- | File | Content | Records |
25
- | ------------------------- | ------------------------------------- | ------- |
26
- | `network-security.csv` | TLS, DNS, GraphQL, gRPC, WebSocket | 25 |
27
- | `api-security.csv` | OWASP API Top 10:2023, JWT, OAuth | 20 |
28
- | `mobile-security.csv` | OWASP Mobile Top 10:2024, iOS/Android | 35 |
29
- | `cloud-security.csv` | AWS/Azure/GCP, K8s, IaC | 25 |
30
- | `supply-chain.csv` | SLSA, SBOM, Dependency security | 20 |
31
- | `ai-ml-security.csv` | LLM, Prompt Injection, Adversarial | 20 |
32
- | `reverse-engineering.csv` | Frida, Xposed, Play Integrity | 30 |
24
+ | File | Content | Records |
25
+ | -------------------------- | ------------------------------------- | ------- |
26
+ | `network-security.yaml` | TLS, DNS, GraphQL, gRPC, WebSocket | 25 |
27
+ | `api-security.yaml` | OWASP API Top 10:2023, JWT, OAuth | 20 |
28
+ | `mobile-security.yaml` | OWASP Mobile Top 10:2024, iOS/Android | 35 |
29
+ | `cloud-security.yaml` | AWS/Azure/GCP, K8s, IaC | 25 |
30
+ | `supply-chain.yaml` | SLSA, SBOM, Dependency security | 20 |
31
+ | `ai-ml-security.yaml` | LLM, Prompt Injection, Adversarial | 20 |
32
+ | `reverse-engineering.yaml` | Frida, Xposed, Play Integrity | 30 |
33
33
 
34
34
  ### Language-Specific
35
35
 
36
- | File | Content | Records |
37
- | ----------------------------------------- | -------------------- | ------- |
38
- | `language-specific/go-security.csv` | Go-specific patterns | 20 |
39
- | `language-specific/csharp-security.csv` | C#/.NET patterns | 20 |
40
- | `language-specific/php-security.csv` | PHP patterns | 20 |
41
- | `language-specific/solidity-security.csv` | Smart contracts | 20 |
36
+ | File | Content | Records |
37
+ | ------------------------------------------ | -------------------- | ------- |
38
+ | `language-specific/go-security.yaml` | Go-specific patterns | 20 |
39
+ | `language-specific/csharp-security.yaml` | C#/.NET patterns | 20 |
40
+ | `language-specific/php-security.yaml` | PHP patterns | 20 |
41
+ | `language-specific/solidity-security.yaml` | Smart contracts | 20 |
42
42
 
43
43
  **Total: 290+ patterns across 14 files**
44
44
 
@@ -76,7 +76,7 @@ version: "6.1.2"
76
76
 
77
77
  ## 🔥 NEW: AI/ML Security
78
78
 
79
- > See `data/ai-ml-security.csv` for 20 AI/ML threat patterns.
79
+ > See `data/ai-ml-security.yaml` for 20 AI/ML threat patterns.
80
80
 
81
81
  | ID | Vulnerability | Severity | Fix |
82
82
  | ------- | ------------------ | -------- | ------------------------------ |
@@ -114,7 +114,7 @@ def secure_llm_call(user_input: str) -> str:
114
114
 
115
115
  ## 📱 Mobile Security (OWASP 2024)
116
116
 
117
- > See `data/mobile-security.csv` for 35 mobile patterns.
117
+ > See `data/mobile-security.yaml` for 35 mobile patterns.
118
118
 
119
119
  | ID | Vulnerability | Platform | Fix |
120
120
  | --- | -------------------------------- | -------- | -------------------------- |
@@ -138,7 +138,7 @@ integrityManager.requestIntegrityToken(integrityRequest)
138
138
 
139
139
  ## ☁️ Cloud Security
140
140
 
141
- > See `data/cloud-security.csv` for 25 cloud patterns.
141
+ > See `data/cloud-security.yaml` for 25 cloud patterns.
142
142
 
143
143
  ```hcl
144
144
  # ✅ Terraform: S3 Bucket Security
@@ -168,7 +168,7 @@ resource "aws_instance" "secure" {
168
168
 
169
169
  ## 🔗 Supply Chain Security
170
170
 
171
- > See `data/supply-chain.csv` for 20 patterns.
171
+ > See `data/supply-chain.yaml` for 20 patterns.
172
172
 
173
173
  | SLSA Level | Description | Requirements |
174
174
  | ---------- | ------------- | ----------------- |
package/.agent/skills/core/security/data/ai-ml-security.yaml CHANGED
@@ -1,261 +1,261 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: ai_ml_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: ai-ml-security.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: ai-ml-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - subcategory
14
- - description
15
- - detection_pattern
16
- - fix_pattern
17
- - languages
18
- - example_vuln
19
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - subcategory
14
+ - description
15
+ - detection_pattern
16
+ - fix_pattern
17
+ - languages
18
+ - example_vuln
19
+ - example_fix
20
20
  patterns:
21
- - id: AIML-01
22
- name: Prompt Injection
23
- severity: CRITICAL
24
- category: LLM
25
- subcategory: Input
26
- description: Malicious prompts manipulate LLM behavior via user input
27
- detection_pattern: (prompt.*user|input.*llm|openai.*messages)(?!.*sanitize|filter)
28
- fix_pattern: Sanitize user input use system prompts defensively
29
- languages:
30
- - python
31
- - javascript
32
- - typescript
33
- example_vuln: 'messages = [{''role'': ''user'', ''content'': user_input}]'
34
- example_fix: 'messages = [{''role'': ''system'', ''content'': STRICT_SYSTEM_PROMPT},\n{''role'': ''user'', ''content'': sanitize(user_input)}]'
35
- - id: AIML-02
36
- name: Indirect Prompt Injection
37
- severity: CRITICAL
38
- category: LLM
39
- subcategory: Input
40
- description: LLM processes external content containing hidden instructions
41
- detection_pattern: (fetch.*url|read.*document|web.*search).*llm(?!.*strip|clean)
42
- fix_pattern: Scan and sanitize all external content before LLM processing
43
- languages:
44
- - python
45
- - javascript
46
- example_vuln: doc = fetch(url)\nresponse = llm.complete(doc)
47
- example_fix: doc = fetch(url)\ncleaned = strip_instructions(doc)\nresponse = llm.complete(cleaned)
48
- - id: AIML-03
49
- name: Jailbreaking Vulnerability
50
- severity: HIGH
51
- category: LLM
52
- subcategory: Safety
53
- description: System prompts can be bypassed with crafted inputs
54
- detection_pattern: (system.*prompt|instruction)(?!.*guard|check)
55
- fix_pattern: Use prompt injection detection and content filtering
56
- languages:
57
- - python
58
- - javascript
59
- example_vuln: system = 'Be helpful'\nllm.chat(user_input)
60
- example_fix: 'if detect_jailbreak(user_input): reject()\nif not content_policy_check(response): filter()'
61
- - id: AIML-04
62
- name: Training Data Poisoning
63
- severity: CRITICAL
64
- category: ML
65
- subcategory: Training
66
- description: Malicious data injected into training datasets
67
- detection_pattern: (train|fit|fine_tune).*data(?!.*validate|verify)
68
- fix_pattern: Validate training data verify sources implement data provenance
69
- languages: python
70
- example_vuln: model.train(user_data)
71
- example_fix: validated = validate_samples(user_data)\nmodel.train(validated)
72
- - id: AIML-05
73
- name: Model Extraction Attack
74
- severity: HIGH
75
- category: ML
76
- subcategory: Model
77
- description: API allows extraction of model weights or architecture
78
- detection_pattern: (model|weights).*api(?!.*rate.*limit|auth)
79
- fix_pattern: Implement rate limiting watermarking query detection
80
- languages:
81
- - python
82
- - javascript
83
- example_vuln: '@app.route(''/predict'')\ndef predict(input): return model(input).tolist()'
84
- example_fix: '@app.route(''/predict'')\n@rate_limit(100/hour)\n@detect_extraction\ndef predict(input): return {''result'': label} # No raw logits'
85
- - id: AIML-06
86
- name: Model Inversion Attack
87
- severity: HIGH
88
- category: ML
89
- subcategory: Privacy
90
- description: Model predictions leak training data information
91
- detection_pattern: (predict|confidence).*return(?!.*quantize|noise)
92
- fix_pattern: Return only top-K predictions add noise to outputs
93
- languages: python
94
- example_vuln: 'return {''probs'': model(x).numpy()}'
95
- example_fix: 'return {''label'': top_prediction} # No raw probabilities'
96
- - id: AIML-07
97
- name: Adversarial Input Attack
98
- severity: HIGH
99
- category: ML
100
- subcategory: Robustness
101
- description: Model vulnerable to crafted inputs causing misclassification
102
- detection_pattern: (model\\.predict|classify)(?!.*adversarial|robust)
103
- fix_pattern: Implement adversarial training input preprocessing
104
- languages: python
105
- example_vuln: prediction = model.predict(image)
106
- example_fix: prediction = model.predict(preprocess_defense(image))
107
- - id: AIML-08
108
- name: Insecure Model Loading
109
- severity: CRITICAL
110
- category: ML
111
- subcategory: Runtime
112
- description: Model loaded from untrusted source without verification
113
- detection_pattern: (pickle\\.load|torch\\.load|load_model)(?!.*verify|trusted)
114
- fix_pattern: Verify model signatures use safetensors format
115
- languages: python
116
- example_vuln: 'model = torch.load(''model.pkl'') # Arbitrary code exec'
117
- example_fix: model = safetensors.torch.load_file('model.safetensors')
118
- - id: AIML-09
119
- name: LLM Data Leakage
120
- severity: CRITICAL
121
- category: LLM
122
- subcategory: Privacy
123
- description: LLM returns sensitive data from training or context
124
- detection_pattern: (context|rag).*(?!.*filter|redact).*response
125
- fix_pattern: Filter sensitive data from context and responses
126
- languages:
127
- - python
128
- - javascript
129
- example_vuln: response = llm.chat(context=all_documents)
130
- example_fix: filtered_context = redact_pii(documents)\nresponse = pii_filter(llm.chat(context=filtered_context))
131
- - id: AIML-10
132
- name: Insecure AI Output Handling
133
- severity: HIGH
134
- category: LLM
135
- subcategory: Integration
136
- description: LLM output used without validation in code execution
137
- detection_pattern: (llm|gpt|claude).*response.*eval|exec(?!.*sandbox)
138
- fix_pattern: Validate and sandbox all AI-generated code
139
- languages:
140
- - python
141
- - javascript
142
- example_vuln: code = llm.generate_code()\nexec(code)
143
- example_fix: code = llm.generate_code()\nif validate_syntax(code):\n run_sandboxed(code)
144
- - id: AIML-11
145
- name: Excessive Agency
146
- severity: HIGH
147
- category: LLM
148
- subcategory: Safety
149
- description: LLM has too many capabilities without human oversight
150
- detection_pattern: (tools|functions).*(?!.*approval|confirm).*execute
151
- fix_pattern: Require human approval for sensitive operations
152
- languages:
153
- - python
154
- - javascript
155
- example_vuln: tools = [delete_file, send_email, api_call]\nllm.run(tools)
156
- example_fix: tools = [read_only_tools]\nif action.is_sensitive:\n await require_approval()
157
- - id: AIML-12
158
- name: RAG Poisoning
159
- severity: HIGH
160
- category: LLM
161
- subcategory: RAG
162
- description: Retrieval-Augmented Generation with untrusted sources
163
- detection_pattern: (vector\\.search|rag).*external(?!.*trust|verify)
164
- fix_pattern: Validate and score RAG sources filter untrusted content
165
- languages: python
166
- example_vuln: 'docs = vectordb.search(query) # Any source'
167
- example_fix: docs = vectordb.search(query)\ntrusted = [d for d in docs if d.source in TRUSTED]
168
- - id: AIML-13
169
- name: Embedding Leakage
170
- severity: MEDIUM
171
- category: ML
172
- subcategory: Privacy
173
- description: Embeddings expose sensitive information from inputs
174
- detection_pattern: (embed|encode).*return(?!.*noise|truncate)
175
- fix_pattern: Add differential privacy noise to embeddings
176
- languages: python
177
- example_vuln: 'return model.encode(text) # Full embedding'
178
- example_fix: 'return add_noise(model.encode(text)[:128]) # Truncated & noised'
179
- - id: AIML-14
180
- name: AI Supply Chain Risk
181
- severity: HIGH
182
- category: ML
183
- subcategory: Supply
184
- description: Using untrusted models from public hubs without verification
185
- detection_pattern: (huggingface|modelzoo|download)(?!.*verify|scan)
186
- fix_pattern: Scan models for backdoors verify provenance signatures
187
- languages: python
188
- example_vuln: model = AutoModel.from_pretrained('random/model')
189
- example_fix: model = AutoModel.from_pretrained('verified-org/model')\nverify_signature(model)
190
- - id: AIML-15
191
- name: Missing AI Guardrails
192
- severity: HIGH
193
- category: LLM
194
- subcategory: Safety
195
- description: LLM deployed without content safety guardrails
196
- detection_pattern: (llm|chat|complete)(?!.*guard|moderate|filter)
197
- fix_pattern: Implement input and output content moderation
198
- languages:
199
- - python
200
- - javascript
201
- example_vuln: response = llm.complete(prompt)
202
- example_fix: 'if not is_safe(prompt): reject()\nresponse = llm.complete(prompt)\nif not is_safe(response): filter()'
203
- - id: AIML-16
204
- name: Bias Exploitation
205
- severity: MEDIUM
206
- category: ML
207
- subcategory: Fairness
208
- description: Model biases exploited for adversarial purposes
209
- detection_pattern: (predict|classify)(?!.*fairness|bias.*check)
210
- fix_pattern: Monitor for demographic bias implement fairness checks
211
- languages: python
212
- example_vuln: result = model.predict(input)
213
- example_fix: 'result = model.predict(input)\nif bias_detected(result): flag_for_review()'
214
- - id: AIML-17
215
- name: Denial of Wallet
216
- severity: HIGH
217
- category: LLM
218
- subcategory: Resource
219
- description: Expensive AI operations triggered without limits
220
- detection_pattern: (openai|anthropic)\\.(?!.*budget|limit)
221
- fix_pattern: Implement token budgets and cost controls
222
- languages:
223
- - python
224
- - javascript
225
- example_vuln: 'response = openai.chat(messages) # No limits'
226
- example_fix: 'if token_count(messages) > MAX_TOKENS: reject()\nwith budget_limit(max_cost=1.0):\n response = openai.chat(messages)'
227
- - id: AIML-18
228
- name: Shadow AI Usage
229
- severity: MEDIUM
230
- category: Compliance
231
- subcategory: Governance
232
- description: Unauthorized AI tools used in production without approval
233
- detection_pattern: (openai|claude|gemini)(?!.*approved|registered)
234
- fix_pattern: Register and approve all AI services audit usage
235
- languages:
236
- - python
237
- - javascript
238
- example_vuln: '# Using ChatGPT for code review without approval'
239
- example_fix: '# Only use company-approved AI services\n# Log all AI usage for audit'
240
- - id: AIML-19
241
- name: Feature Extraction Leak
242
- severity: MEDIUM
243
- category: ML
244
- subcategory: Privacy
245
- description: Model features reveal sensitive attribute information
246
- detection_pattern: (features|encode).*user(?!.*anonymize)
247
- fix_pattern: Anonymize features remove identifying attributes
248
- languages: python
249
- example_vuln: features = extract_features(user_data)
250
- example_fix: features = anonymize(extract_features(mask_pii(user_data)))
251
- - id: AIML-20
252
- name: Membership Inference
253
- severity: HIGH
254
- category: ML
255
- subcategory: Privacy
256
- description: Model reveals whether data was used in training
257
- detection_pattern: (predict|probability).*return(?!.*defend)
258
- fix_pattern: Apply differential privacy or output perturbation
259
- languages: python
260
- example_vuln: return model.predict_proba(x)
261
- example_fix: return defend_membership_inference(model.predict(x))
21
+ - id: AIML-01
22
+ name: Prompt Injection
23
+ severity: CRITICAL
24
+ category: LLM
25
+ subcategory: Input
26
+ description: Malicious prompts manipulate LLM behavior via user input
27
+ detection_pattern: (prompt.*user|input.*llm|openai.*messages)(?!.*sanitize|filter)
28
+ fix_pattern: Sanitize user input use system prompts defensively
29
+ languages:
30
+ - python
31
+ - javascript
32
+ - typescript
33
+ example_vuln: "messages = [{'role': 'user', 'content': user_input}]"
34
+ example_fix: 'messages = [{''role'': ''system'', ''content'': STRICT_SYSTEM_PROMPT},\n{''role'': ''user'', ''content'': sanitize(user_input)}]'
35
+ - id: AIML-02
36
+ name: Indirect Prompt Injection
37
+ severity: CRITICAL
38
+ category: LLM
39
+ subcategory: Input
40
+ description: LLM processes external content containing hidden instructions
41
+ detection_pattern: (fetch.*url|read.*document|web.*search).*llm(?!.*strip|clean)
42
+ fix_pattern: Scan and sanitize all external content before LLM processing
43
+ languages:
44
+ - python
45
+ - javascript
46
+ example_vuln: doc = fetch(url)\nresponse = llm.complete(doc)
47
+ example_fix: doc = fetch(url)\ncleaned = strip_instructions(doc)\nresponse = llm.complete(cleaned)
48
+ - id: AIML-03
49
+ name: Jailbreaking Vulnerability
50
+ severity: HIGH
51
+ category: LLM
52
+ subcategory: Safety
53
+ description: System prompts can be bypassed with crafted inputs
54
+ detection_pattern: (system.*prompt|instruction)(?!.*guard|check)
55
+ fix_pattern: Use prompt injection detection and content filtering
56
+ languages:
57
+ - python
58
+ - javascript
59
+ example_vuln: system = 'Be helpful'\nllm.chat(user_input)
60
+ example_fix: 'if detect_jailbreak(user_input): reject()\nif not content_policy_check(response): filter()'
61
+ - id: AIML-04
62
+ name: Training Data Poisoning
63
+ severity: CRITICAL
64
+ category: ML
65
+ subcategory: Training
66
+ description: Malicious data injected into training datasets
67
+ detection_pattern: (train|fit|fine_tune).*data(?!.*validate|verify)
68
+ fix_pattern: Validate training data verify sources implement data provenance
69
+ languages: python
70
+ example_vuln: model.train(user_data)
71
+ example_fix: validated = validate_samples(user_data)\nmodel.train(validated)
72
+ - id: AIML-05
73
+ name: Model Extraction Attack
74
+ severity: HIGH
75
+ category: ML
76
+ subcategory: Model
77
+ description: API allows extraction of model weights or architecture
78
+ detection_pattern: (model|weights).*api(?!.*rate.*limit|auth)
79
+ fix_pattern: Implement rate limiting watermarking query detection
80
+ languages:
81
+ - python
82
+ - javascript
83
+ example_vuln: '@app.route(''/predict'')\ndef predict(input): return model(input).tolist()'
84
+ example_fix: '@app.route(''/predict'')\n@rate_limit(100/hour)\n@detect_extraction\ndef predict(input): return {''result'': label} # No raw logits'
85
+ - id: AIML-06
86
+ name: Model Inversion Attack
87
+ severity: HIGH
88
+ category: ML
89
+ subcategory: Privacy
90
+ description: Model predictions leak training data information
91
+ detection_pattern: (predict|confidence).*return(?!.*quantize|noise)
92
+ fix_pattern: Return only top-K predictions add noise to outputs
93
+ languages: python
94
+ example_vuln: "return {'probs': model(x).numpy()}"
95
+ example_fix: "return {'label': top_prediction} # No raw probabilities"
96
+ - id: AIML-07
97
+ name: Adversarial Input Attack
98
+ severity: HIGH
99
+ category: ML
100
+ subcategory: Robustness
101
+ description: Model vulnerable to crafted inputs causing misclassification
102
+ detection_pattern: (model\\.predict|classify)(?!.*adversarial|robust)
103
+ fix_pattern: Implement adversarial training input preprocessing
104
+ languages: python
105
+ example_vuln: prediction = model.predict(image)
106
+ example_fix: prediction = model.predict(preprocess_defense(image))
107
+ - id: AIML-08
108
+ name: Insecure Model Loading
109
+ severity: CRITICAL
110
+ category: ML
111
+ subcategory: Runtime
112
+ description: Model loaded from untrusted source without verification
113
+ detection_pattern: (pickle\\.load|torch\\.load|load_model)(?!.*verify|trusted)
114
+ fix_pattern: Verify model signatures use safetensors format
115
+ languages: python
116
+ example_vuln: "model = torch.load('model.pkl') # Arbitrary code exec"
117
+ example_fix: model = safetensors.torch.load_file('model.safetensors')
118
+ - id: AIML-09
119
+ name: LLM Data Leakage
120
+ severity: CRITICAL
121
+ category: LLM
122
+ subcategory: Privacy
123
+ description: LLM returns sensitive data from training or context
124
+ detection_pattern: (context|rag).*(?!.*filter|redact).*response
125
+ fix_pattern: Filter sensitive data from context and responses
126
+ languages:
127
+ - python
128
+ - javascript
129
+ example_vuln: response = llm.chat(context=all_documents)
130
+ example_fix: filtered_context = redact_pii(documents)\nresponse = pii_filter(llm.chat(context=filtered_context))
131
+ - id: AIML-10
132
+ name: Insecure AI Output Handling
133
+ severity: HIGH
134
+ category: LLM
135
+ subcategory: Integration
136
+ description: LLM output used without validation in code execution
137
+ detection_pattern: (llm|gpt|claude).*response.*eval|exec(?!.*sandbox)
138
+ fix_pattern: Validate and sandbox all AI-generated code
139
+ languages:
140
+ - python
141
+ - javascript
142
+ example_vuln: code = llm.generate_code()\nexec(code)
143
+ example_fix: code = llm.generate_code()\nif validate_syntax(code):\n run_sandboxed(code)
144
+ - id: AIML-11
145
+ name: Excessive Agency
146
+ severity: HIGH
147
+ category: LLM
148
+ subcategory: Safety
149
+ description: LLM has too many capabilities without human oversight
150
+ detection_pattern: (tools|functions).*(?!.*approval|confirm).*execute
151
+ fix_pattern: Require human approval for sensitive operations
152
+ languages:
153
+ - python
154
+ - javascript
155
+ example_vuln: tools = [delete_file, send_email, api_call]\nllm.run(tools)
156
+ example_fix: tools = [read_only_tools]\nif action.is_sensitive:\n await require_approval()
157
+ - id: AIML-12
158
+ name: RAG Poisoning
159
+ severity: HIGH
160
+ category: LLM
161
+ subcategory: RAG
162
+ description: Retrieval-Augmented Generation with untrusted sources
163
+ detection_pattern: (vector\\.search|rag).*external(?!.*trust|verify)
164
+ fix_pattern: Validate and score RAG sources filter untrusted content
165
+ languages: python
166
+ example_vuln: "docs = vectordb.search(query) # Any source"
167
+ example_fix: docs = vectordb.search(query)\ntrusted = [d for d in docs if d.source in TRUSTED]
168
+ - id: AIML-13
169
+ name: Embedding Leakage
170
+ severity: MEDIUM
171
+ category: ML
172
+ subcategory: Privacy
173
+ description: Embeddings expose sensitive information from inputs
174
+ detection_pattern: (embed|encode).*return(?!.*noise|truncate)
175
+ fix_pattern: Add differential privacy noise to embeddings
176
+ languages: python
177
+ example_vuln: "return model.encode(text) # Full embedding"
178
+ example_fix: "return add_noise(model.encode(text)[:128]) # Truncated & noised"
179
+ - id: AIML-14
180
+ name: AI Supply Chain Risk
181
+ severity: HIGH
182
+ category: ML
183
+ subcategory: Supply
184
+ description: Using untrusted models from public hubs without verification
185
+ detection_pattern: (huggingface|modelzoo|download)(?!.*verify|scan)
186
+ fix_pattern: Scan models for backdoors verify provenance signatures
187
+ languages: python
188
+ example_vuln: model = AutoModel.from_pretrained('random/model')
189
+ example_fix: model = AutoModel.from_pretrained('verified-org/model')\nverify_signature(model)
190
+ - id: AIML-15
191
+ name: Missing AI Guardrails
192
+ severity: HIGH
193
+ category: LLM
194
+ subcategory: Safety
195
+ description: LLM deployed without content safety guardrails
196
+ detection_pattern: (llm|chat|complete)(?!.*guard|moderate|filter)
197
+ fix_pattern: Implement input and output content moderation
198
+ languages:
199
+ - python
200
+ - javascript
201
+ example_vuln: response = llm.complete(prompt)
202
+ example_fix: 'if not is_safe(prompt): reject()\nresponse = llm.complete(prompt)\nif not is_safe(response): filter()'
203
+ - id: AIML-16
204
+ name: Bias Exploitation
205
+ severity: MEDIUM
206
+ category: ML
207
+ subcategory: Fairness
208
+ description: Model biases exploited for adversarial purposes
209
+ detection_pattern: (predict|classify)(?!.*fairness|bias.*check)
210
+ fix_pattern: Monitor for demographic bias implement fairness checks
211
+ languages: python
212
+ example_vuln: result = model.predict(input)
213
+ example_fix: 'result = model.predict(input)\nif bias_detected(result): flag_for_review()'
214
+ - id: AIML-17
215
+ name: Denial of Wallet
216
+ severity: HIGH
217
+ category: LLM
218
+ subcategory: Resource
219
+ description: Expensive AI operations triggered without limits
220
+ detection_pattern: (openai|anthropic)\\.(?!.*budget|limit)
221
+ fix_pattern: Implement token budgets and cost controls
222
+ languages:
223
+ - python
224
+ - javascript
225
+ example_vuln: "response = openai.chat(messages) # No limits"
226
+ example_fix: 'if token_count(messages) > MAX_TOKENS: reject()\nwith budget_limit(max_cost=1.0):\n response = openai.chat(messages)'
227
+ - id: AIML-18
228
+ name: Shadow AI Usage
229
+ severity: MEDIUM
230
+ category: Compliance
231
+ subcategory: Governance
232
+ description: Unauthorized AI tools used in production without approval
233
+ detection_pattern: (openai|claude|gemini)(?!.*approved|registered)
234
+ fix_pattern: Register and approve all AI services audit usage
235
+ languages:
236
+ - python
237
+ - javascript
238
+ example_vuln: "# Using ChatGPT for code review without approval"
239
+ example_fix: '# Only use company-approved AI services\n# Log all AI usage for audit'
240
+ - id: AIML-19
241
+ name: Feature Extraction Leak
242
+ severity: MEDIUM
243
+ category: ML
244
+ subcategory: Privacy
245
+ description: Model features reveal sensitive attribute information
246
+ detection_pattern: (features|encode).*user(?!.*anonymize)
247
+ fix_pattern: Anonymize features remove identifying attributes
248
+ languages: python
249
+ example_vuln: features = extract_features(user_data)
250
+ example_fix: features = anonymize(extract_features(mask_pii(user_data)))
251
+ - id: AIML-20
252
+ name: Membership Inference
253
+ severity: HIGH
254
+ category: ML
255
+ subcategory: Privacy
256
+ description: Model reveals whether data was used in training
257
+ detection_pattern: (predict|probability).*return(?!.*defend)
258
+ fix_pattern: Apply differential privacy or output perturbation
259
+ languages: python
260
+ example_vuln: return model.predict_proba(x)
261
+ example_fix: return defend_membership_inference(model.predict(x))