@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/auth-patterns.yaml CHANGED
@@ -1,195 +1,195 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: auth_patterns
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: auth-patterns.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: auth-patterns.yaml
7
7
  patterns_count: 15
8
8
  columns:
9
- - pattern
10
- - category
11
- - description
12
- - languages
13
- - use_case
14
- - example_code
15
- - anti_pattern
9
+ - pattern
10
+ - category
11
+ - description
12
+ - languages
13
+ - use_case
14
+ - example_code
15
+ - anti_pattern
16
16
  patterns:
17
- - id: item_001
18
- pattern: JWT_VERIFICATION
19
- category: AuthN
20
- description: Verify JWT signature and claims before trusting payload
21
- languages:
22
- - typescript
23
- - go
24
- - python
25
- - java
26
- use_case: API authentication, stateless sessions
27
- example_code: '// TypeScript (jose)
28
-
29
- import { jwtVerify } from ''jose'';
30
-
31
- const { payload } = await jwtVerify(token, secretKey);'
32
- anti_pattern: '// NEVER: Skip verification
33
-
34
- const payload = JSON.parse(atob(token.split(''.'')[1]))'
35
- - id: item_002
36
- pattern: JWT_EXPIRY
37
- category: AuthN
38
- description: Always set and check token expiration (exp claim)
39
- languages: all
40
- use_case: Short-lived access tokens, refresh token rotation
41
- example_code: '// Issue with expiry
42
-
43
- jwt.sign({ userId }, secret, { expiresIn: ''15m'' })
44
-
45
- // Verify checks exp automatically'
46
- anti_pattern: '// NEVER: No expiry
47
-
48
- jwt.sign({ userId }, secret) // Token valid forever'
49
- - id: item_003
50
- pattern: PASSWORD_BCRYPT
51
- category: AuthN
52
- description: Hash passwords with bcrypt cost factor 12+ or argon2id
53
- languages: all
54
- use_case: User registration, password storage
55
- example_code: '// bcrypt
56
-
57
- const hash = await bcrypt.hash(password, 12);
58
-
59
- const valid = await bcrypt.compare(input, hash);'
60
- anti_pattern: '// NEVER: MD5/SHA1/plaintext
61
-
62
- const hash = crypto.createHash(''md5'').update(password)'
63
- - id: item_004
64
- pattern: OAUTH2_PKCE
65
- category: AuthN
66
- description: Use PKCE for public clients (SPA, mobile)
67
- languages:
68
- - typescript
69
- - swift
70
- - kotlin
71
- use_case: OAuth2 authorization code flow
72
- example_code: '// Generate code verifier + challenge
73
-
74
- const verifier = generateCodeVerifier();
75
-
76
- const challenge = sha256(verifier);'
77
- anti_pattern: '// NEVER: Implicit flow for new apps
78
-
79
- response_type=token // Deprecated'
80
- - id: item_005
81
- pattern: MFA_TOTP
82
- category: AuthN
83
- description: Implement TOTP-based MFA with backup codes
84
- languages: all
85
- use_case: Two-factor authentication
86
- example_code: '// Verify TOTP
87
-
88
- import { authenticator } from ''otplib'';
89
-
90
- const isValid = authenticator.verify({ token, secret });'
91
- anti_pattern: '// NEVER: SMS-only MFA (SIM swap vulnerable)'
92
- - id: item_006
93
- pattern: SESSION_HTTPONLY
94
- category: Session
95
- description: Set HttpOnly, Secure, SameSite on session cookies
96
- languages: all
97
- use_case: Web session management
98
- example_code: 'Set-Cookie: sessionId=xxx; HttpOnly; Secure; SameSite=Strict; Path=/'
99
- anti_pattern: '// NEVER: Accessible to JS
100
-
101
- Set-Cookie: sessionId=xxx'
102
- - id: item_007
103
- pattern: SESSION_ROTATION
104
- category: Session
105
- description: Regenerate session ID after login to prevent fixation
106
- languages: all
107
- use_case: Login flow
108
- example_code: '// After successful auth
109
-
110
- req.session.regenerate(() => { /* assign user */ });'
111
- anti_pattern: '// NEVER: Keep same session ID'
112
- - id: item_008
113
- pattern: RATE_LIMITING
114
- category: AuthN
115
- description: Implement rate limiting on auth endpoints
116
- languages: all
117
- use_case: Login, password reset, API
118
- example_code: '// express-rate-limit
119
-
120
- const limiter = rateLimit({ windowMs: 15*60*1000, max: 5 });
121
-
122
- app.use(''/login'', limiter);'
123
- anti_pattern: '// NEVER: Unlimited attempts'
124
- - id: item_009
125
- pattern: API_KEY_ROTATION
126
- category: AuthZ
127
- description: Support API key rotation without downtime
128
- languages: all
129
- use_case: API authentication
130
- example_code: '// Accept multiple keys during rotation
131
-
132
- const validKeys = [currentKey, previousKey];
133
-
134
- if (!validKeys.includes(providedKey)) throw 401;'
135
- anti_pattern: '// NEVER: Single key, no rotation plan'
136
- - id: item_010
137
- pattern: RBAC_MIDDLEWARE
138
- category: AuthZ
139
- description: Check permissions at middleware level, not in handlers
140
- languages: all
141
- use_case: Role-based access control
142
- example_code: "// Middleware pattern\nconst requireRole = (role) => (req, res, next) => {\n if (!req.user.roles.includes(role)) return res.status(403);\n next();\n};"
143
- anti_pattern: '// NEVER: Check roles in each handler manually'
144
- - id: item_011
145
- pattern: CORS_ALLOWLIST
146
- category: AuthZ
147
- description: Whitelist specific origins, not wildcard
148
- languages: all
149
- use_case: Cross-origin API access
150
- example_code: '// Specific origins
151
-
152
- cors({ origin: [''https://app.example.com''] })'
153
- anti_pattern: '// NEVER: Allow all
154
-
155
- cors({ origin: ''*'', credentials: true }) // Dangerous combo'
156
- - id: item_012
157
- pattern: INPUT_SANITIZATION
158
- category: Validation
159
- description: Sanitize all user input before use
160
- languages: all
161
- use_case: XSS prevention, injection prevention
162
- example_code: '// DOMPurify for HTML
163
-
164
- const clean = DOMPurify.sanitize(userHtml);
165
-
166
- // Zod for data
167
-
168
- const data = schema.parse(req.body);'
169
- anti_pattern: '// NEVER: Trust user input directly'
170
- - id: item_013
171
- pattern: CSP_HEADER
172
- category: Headers
173
- description: Content-Security-Policy to prevent XSS
174
- languages: all
175
- use_case: Web applications
176
- example_code: 'Content-Security-Policy: default-src ''self''; script-src ''self''; style-src ''self'''
177
- anti_pattern: '// NEVER: No CSP or unsafe-inline everywhere'
178
- - id: item_014
179
- pattern: HSTS_HEADER
180
- category: Headers
181
- description: Strict-Transport-Security for HTTPS enforcement
182
- languages: all
183
- use_case: All production sites
184
- example_code: 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'
185
- anti_pattern: '// NEVER: Allow HTTP in production'
186
- - id: item_015
187
- pattern: X_FRAME_OPTIONS
188
- category: Headers
189
- description: Prevent clickjacking with frame-ancestors
190
- languages: all
191
- use_case: Web applications
192
- example_code: 'X-Frame-Options: DENY
193
-
194
- // or CSP: frame-ancestors ''none'''
195
- anti_pattern: '// NEVER: Allow any framing'
17
+ - id: item_001
18
+ pattern: JWT_VERIFICATION
19
+ category: AuthN
20
+ description: Verify JWT signature and claims before trusting payload
21
+ languages:
22
+ - typescript
23
+ - go
24
+ - python
25
+ - java
26
+ use_case: API authentication, stateless sessions
27
+ example_code: "// TypeScript (jose)
28
+
29
+ import { jwtVerify } from 'jose';
30
+
31
+ const { payload } = await jwtVerify(token, secretKey);"
32
+ anti_pattern: "// NEVER: Skip verification
33
+
34
+ const payload = JSON.parse(atob(token.split('.')[1]))"
35
+ - id: item_002
36
+ pattern: JWT_EXPIRY
37
+ category: AuthN
38
+ description: Always set and check token expiration (exp claim)
39
+ languages: all
40
+ use_case: Short-lived access tokens, refresh token rotation
41
+ example_code: "// Issue with expiry
42
+
43
+ jwt.sign({ userId }, secret, { expiresIn: '15m' })
44
+
45
+ // Verify checks exp automatically"
46
+ anti_pattern: "// NEVER: No expiry
47
+
48
+ jwt.sign({ userId }, secret) // Token valid forever"
49
+ - id: item_003
50
+ pattern: PASSWORD_BCRYPT
51
+ category: AuthN
52
+ description: Hash passwords with bcrypt cost factor 12+ or argon2id
53
+ languages: all
54
+ use_case: User registration, password storage
55
+ example_code: "// bcrypt
56
+
57
+ const hash = await bcrypt.hash(password, 12);
58
+
59
+ const valid = await bcrypt.compare(input, hash);"
60
+ anti_pattern: "// NEVER: MD5/SHA1/plaintext
61
+
62
+ const hash = crypto.createHash('md5').update(password)"
63
+ - id: item_004
64
+ pattern: OAUTH2_PKCE
65
+ category: AuthN
66
+ description: Use PKCE for public clients (SPA, mobile)
67
+ languages:
68
+ - typescript
69
+ - swift
70
+ - kotlin
71
+ use_case: OAuth2 authorization code flow
72
+ example_code: "// Generate code verifier + challenge
73
+
74
+ const verifier = generateCodeVerifier();
75
+
76
+ const challenge = sha256(verifier);"
77
+ anti_pattern: "// NEVER: Implicit flow for new apps
78
+
79
+ response_type=token // Deprecated"
80
+ - id: item_005
81
+ pattern: MFA_TOTP
82
+ category: AuthN
83
+ description: Implement TOTP-based MFA with backup codes
84
+ languages: all
85
+ use_case: Two-factor authentication
86
+ example_code: "// Verify TOTP
87
+
88
+ import { authenticator } from 'otplib';
89
+
90
+ const isValid = authenticator.verify({ token, secret });"
91
+ anti_pattern: "// NEVER: SMS-only MFA (SIM swap vulnerable)"
92
+ - id: item_006
93
+ pattern: SESSION_HTTPONLY
94
+ category: Session
95
+ description: Set HttpOnly, Secure, SameSite on session cookies
96
+ languages: all
97
+ use_case: Web session management
98
+ example_code: "Set-Cookie: sessionId=xxx; HttpOnly; Secure; SameSite=Strict; Path=/"
99
+ anti_pattern: "// NEVER: Accessible to JS
100
+
101
+ Set-Cookie: sessionId=xxx"
102
+ - id: item_007
103
+ pattern: SESSION_ROTATION
104
+ category: Session
105
+ description: Regenerate session ID after login to prevent fixation
106
+ languages: all
107
+ use_case: Login flow
108
+ example_code: "// After successful auth
109
+
110
+ req.session.regenerate(() => { /* assign user */ });"
111
+ anti_pattern: "// NEVER: Keep same session ID"
112
+ - id: item_008
113
+ pattern: RATE_LIMITING
114
+ category: AuthN
115
+ description: Implement rate limiting on auth endpoints
116
+ languages: all
117
+ use_case: Login, password reset, API
118
+ example_code: "// express-rate-limit
119
+
120
+ const limiter = rateLimit({ windowMs: 15*60*1000, max: 5 });
121
+
122
+ app.use('/login', limiter);"
123
+ anti_pattern: "// NEVER: Unlimited attempts"
124
+ - id: item_009
125
+ pattern: API_KEY_ROTATION
126
+ category: AuthZ
127
+ description: Support API key rotation without downtime
128
+ languages: all
129
+ use_case: API authentication
130
+ example_code: "// Accept multiple keys during rotation
131
+
132
+ const validKeys = [currentKey, previousKey];
133
+
134
+ if (!validKeys.includes(providedKey)) throw 401;"
135
+ anti_pattern: "// NEVER: Single key, no rotation plan"
136
+ - id: item_010
137
+ pattern: RBAC_MIDDLEWARE
138
+ category: AuthZ
139
+ description: Check permissions at middleware level, not in handlers
140
+ languages: all
141
+ use_case: Role-based access control
142
+ example_code: "// Middleware pattern\nconst requireRole = (role) => (req, res, next) => {\n if (!req.user.roles.includes(role)) return res.status(403);\n next();\n};"
143
+ anti_pattern: "// NEVER: Check roles in each handler manually"
144
+ - id: item_011
145
+ pattern: CORS_ALLOWLIST
146
+ category: AuthZ
147
+ description: Whitelist specific origins, not wildcard
148
+ languages: all
149
+ use_case: Cross-origin API access
150
+ example_code: "// Specific origins
151
+
152
+ cors({ origin: ['https://app.example.com'] })"
153
+ anti_pattern: "// NEVER: Allow all
154
+
155
+ cors({ origin: '*', credentials: true }) // Dangerous combo"
156
+ - id: item_012
157
+ pattern: INPUT_SANITIZATION
158
+ category: Validation
159
+ description: Sanitize all user input before use
160
+ languages: all
161
+ use_case: XSS prevention, injection prevention
162
+ example_code: "// DOMPurify for HTML
163
+
164
+ const clean = DOMPurify.sanitize(userHtml);
165
+
166
+ // Zod for data
167
+
168
+ const data = schema.parse(req.body);"
169
+ anti_pattern: "// NEVER: Trust user input directly"
170
+ - id: item_013
171
+ pattern: CSP_HEADER
172
+ category: Headers
173
+ description: Content-Security-Policy to prevent XSS
174
+ languages: all
175
+ use_case: Web applications
176
+ example_code: "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'"
177
+ anti_pattern: "// NEVER: No CSP or unsafe-inline everywhere"
178
+ - id: item_014
179
+ pattern: HSTS_HEADER
180
+ category: Headers
181
+ description: Strict-Transport-Security for HTTPS enforcement
182
+ languages: all
183
+ use_case: All production sites
184
+ example_code: "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload"
185
+ anti_pattern: "// NEVER: Allow HTTP in production"
186
+ - id: item_015
187
+ pattern: X_FRAME_OPTIONS
188
+ category: Headers
189
+ description: Prevent clickjacking with frame-ancestors
190
+ languages: all
191
+ use_case: Web applications
192
+ example_code: "X-Frame-Options: DENY
193
+
194
+ // or CSP: frame-ancestors 'none'"
195
+ anti_pattern: "// NEVER: Allow any framing"