@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/language-specific/c-security.yaml CHANGED
@@ -1,295 +1,295 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: c_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: c-security.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: c-security.yaml
7
7
  patterns_count: 25
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - cwe
17
- - cve_reference
18
- - example_vuln
19
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - cwe
17
+ - cve_reference
18
+ - example_vuln
19
+ - example_fix
20
20
  patterns:
21
- - id: C-01
22
- name: Stack Buffer Overflow
23
- severity: CRITICAL
24
- category: Memory
25
- description: Buffer on stack overwritten via user input leading to RCE
26
- detection_pattern: (strcpy|sprintf|gets|scanf)\\((?!.*n)
27
- fix_pattern: Use strncpy snprintf fgets scanf with width specifier
28
- cwe: CWE-121
29
- cve_reference: CVE-2025-0282
30
- example_vuln: char buf[64]; strcpy(buf, user_input);
31
- example_fix: char buf[64]; strncpy(buf, user_input, sizeof(buf)-1); buf[63] = '\\0';
32
- - id: C-02
33
- name: Heap Buffer Overflow
34
- severity: CRITICAL
35
- category: Memory
36
- description: Buffer on heap overwritten allowing heap corruption RCE
37
- detection_pattern: (malloc|realloc).*memcpy(?!.*size_check)
38
- fix_pattern: Validate size before memcpy use bounded functions
39
- cwe: CWE-122
40
- cve_reference: CVE-2025-47436
41
- example_vuln: char *buf = malloc(64); memcpy(buf, data, data_len);
42
- example_fix: if (data_len > 64) return -1; memcpy(buf, data, data_len);
43
- - id: C-03
44
- name: Format String Vulnerability
45
- severity: CRITICAL
46
- category: Injection
47
- description: User input passed directly to printf allows arbitrary read/write
48
- detection_pattern: (printf|fprintf|sprintf|syslog)\\(.*input(?!.*%)
49
- fix_pattern: Use format specifier never pass user input directly
50
- cwe: CWE-134
51
- cve_reference: n/a
52
- example_vuln: printf(user_input);
53
- example_fix: printf(\%s\"
54
- - id: C-04
55
- name: Integer Overflow
56
- severity: HIGH
57
- category: Math
58
- description: Integer arithmetic without overflow check leads to small buffer
59
- detection_pattern: (malloc|realloc)\\(.*\\*(?!.*overflow|check)
60
- fix_pattern: Check for overflow before arithmetic use safe_mul
61
- cwe: CWE-190
62
- cve_reference: CVE-2024-7025
63
- example_vuln: size_t size = width * height; char *buf = malloc(size);
64
- example_fix: if (width > SIZE_MAX/height) return -1; size_t size = width * height;
65
- - id: C-05
66
- name: Off-by-One Error
67
- severity: HIGH
68
- category: Memory
69
- description: Loop boundary error allows one byte overflow
70
- detection_pattern: for.*\\<.*=.*len|while.*\\<=.*size
71
- fix_pattern: Use strict < comparison verify buffer bounds
72
- cwe: CWE-193
73
- cve_reference: n/a
74
- example_vuln: for (int i = 0; i <= len; i++) buf[i] = src[i];
75
- example_fix: for (int i = 0; i < len; i++) buf[i] = src[i];
76
- - id: C-06
77
- name: Use After Free
78
- severity: CRITICAL
79
- category: Memory
80
- description: Memory accessed after free causing crash or code execution
81
- detection_pattern: free\\(.*\\).*\\n.*(?!.*=.*NULL)
82
- fix_pattern: Set pointer to NULL after free check before use
83
- cwe: CWE-416
84
- cve_reference: n/a
85
- example_vuln: free(ptr); process(ptr);
86
- example_fix: free(ptr); ptr = NULL; if (ptr) process(ptr);
87
- - id: C-07
88
- name: Double Free
89
- severity: CRITICAL
90
- category: Memory
91
- description: Memory freed twice causing heap corruption
92
- detection_pattern: free\\(.*\\).*\\n.*free\\(.*same_ptr)
93
- fix_pattern: Set pointer to NULL after free track allocation state
94
- cwe: CWE-415
95
- cve_reference: n/a
96
- example_vuln: free(ptr); free(ptr);
97
- example_fix: free(ptr); ptr = NULL;
98
- - id: C-08
99
- name: Null Pointer Dereference
100
- severity: HIGH
101
- category: Memory
102
- description: Pointer dereferenced without null check
103
- detection_pattern: \*\\w+(?!.*if.*!=.*NULL|!=.*NULL)
104
- fix_pattern: Check pointer for NULL before dereference
105
- cwe: CWE-476
106
- cve_reference: n/a
107
- example_vuln: return *data;
108
- example_fix: if (data == NULL) return -1; return *data;
109
- - id: C-09
110
- name: Command Injection system
111
- severity: CRITICAL
112
- category: Injection
113
- description: system() with user input allows command execution
114
- detection_pattern: system\\(.*input|popen\\(.*user
115
- fix_pattern: Use execve with argument array avoid shell
116
- cwe: CWE-78
117
- cve_reference: n/a
118
- example_vuln: system(\cat \" + filename);"
119
- example_fix: execl(\/bin/cat\"
120
- - id: C-10
121
- name: Path Traversal
122
- severity: HIGH
123
- category: File
124
- description: User file path without validation allows directory escape
125
- detection_pattern: fopen\\(.*input(?!.*realpath|canonical)
126
- fix_pattern: Use realpath validate path is within allowed directory
127
- cwe: CWE-22
128
- cve_reference: n/a
129
- example_vuln: fopen(user_path, \r\");"
130
- example_fix: char *real = realpath(user_path, NULL); if (strncmp(real, base, strlen(base)) != 0) return -1;
131
- - id: C-11
132
- name: Uninitialized Variable
133
- severity: HIGH
134
- category: Memory
135
- description: Variable used before initialization contains garbage
136
- detection_pattern: (int|char|void\\*)\\s+\\w+;\\s*(?!.*=).*use
137
- fix_pattern: Initialize all variables at declaration
138
- cwe: CWE-457
139
- cve_reference: n/a
140
- example_vuln: int count; if (flag) count = 10; return count;
141
- example_fix: int count = 0; if (flag) count = 10; return count;
142
- - id: C-12
143
- name: Race Condition File
144
- severity: HIGH
145
- category: Concurrency
146
- description: TOCTOU race between check and use of file
147
- detection_pattern: access\\(.*\\).*open\\(|stat\\(.*\\).*fopen
148
- fix_pattern: Use atomic operations fopen directly with flags
149
- cwe: CWE-367
150
- cve_reference: n/a
151
- example_vuln: if (access(file, R_OK) == 0) fopen(file, \r\");"
152
- example_fix: FILE *f = fopen(file, \r\"); if (f == NULL) return -1;"
153
- - id: C-13
154
- name: Insecure Temporary File
155
- severity: HIGH
156
- category: File
157
- description: mktemp creates predictable temporary file names
158
- detection_pattern: mktemp\\((?!.*mkstemp)
159
- fix_pattern: Use mkstemp or tmpfile for secure temp files
160
- cwe: CWE-377
161
- cve_reference: n/a
162
- example_vuln: char *tmp = mktemp(template); fopen(tmp, \w\");"
163
- example_fix: int fd = mkstemp(template); FILE *f = fdopen(fd, \w\");"
164
- - id: C-14
165
- name: Memory Leak
166
- severity: MEDIUM
167
- category: Memory
168
- description: Allocated memory never freed causing resource exhaustion
169
- detection_pattern: malloc|calloc(?!.*free)
170
- fix_pattern: Ensure every malloc has corresponding free use RAII patterns
171
- cwe: CWE-401
172
- cve_reference: n/a
173
- example_vuln: char *buf = malloc(1024); return result;
174
- example_fix: char *buf = malloc(1024); /* ... */ free(buf); return result;
175
- - id: C-15
176
- name: Unbounded String Copy
177
- severity: CRITICAL
178
- category: Memory
179
- description: String functions without length limit
180
- detection_pattern: strncat.*sizeof(?!.*-1)|strcat\\(
181
- fix_pattern: Use strncat with proper size accounting for null terminator
182
- cwe: CWE-120
183
- cve_reference: n/a
184
- example_vuln: strncat(dest, src, sizeof(dest));
185
- example_fix: strncat(dest, src, sizeof(dest) - strlen(dest) - 1);
186
- - id: C-16
187
- name: Signed Integer Overflow
188
- severity: HIGH
189
- category: Math
190
- description: Signed integer overflow is undefined behavior
191
- detection_pattern: (int|long).*\\+.*>.*MAX|signed.*overflow
192
- fix_pattern: Use unsigned types or explicit overflow checks
193
- cwe: CWE-190
194
- cve_reference: n/a
195
- example_vuln: int result = a + b; if (result < a) // Too late
196
- example_fix: if (a > INT_MAX - b) return -1; int result = a + b;
197
- - id: C-17
198
- name: Improper Array Index
199
- severity: HIGH
200
- category: Memory
201
- description: Array accessed with unchecked index
202
- detection_pattern: \\[.*input\\]|\\[.*user(?!.*check|bound)
203
- fix_pattern: Validate array index against bounds before access
204
- cwe: CWE-129
205
- cve_reference: n/a
206
- example_vuln: return array[user_index];
207
- example_fix: if (user_index >= array_size) return -1; return array[user_index];
208
- - id: C-18
209
- name: Signal Handler Race
210
- severity: HIGH
211
- category: Concurrency
212
- description: Non-reentrant function called from signal handler
213
- detection_pattern: signal.*handler.*printf|malloc.*signal_handler
214
- fix_pattern: Use only async-signal-safe functions in handlers
215
- cwe: CWE-364
216
- cve_reference: n/a
217
- example_vuln: void handler(int sig) { printf(\signal\"); }"
218
- example_fix: void handler(int sig) { write(1, \signal\"
219
- - id: C-19
220
- name: Weak Random Number
221
- severity: HIGH
222
- category: Crypto
223
- description: rand() used for security-sensitive values
224
- detection_pattern: rand\\(\\).*token|srand.*time(?!.*secure)
225
- fix_pattern: Use CSPRNG like /dev/urandom or arc4random
226
- cwe: CWE-330
227
- cve_reference: n/a
228
- example_vuln: int token = rand();
229
- example_fix: arc4random_buf(token, sizeof(token));
230
- - id: C-20
231
- name: Sensitive Data in Core
232
- severity: HIGH
233
- category: Information
234
- description: Sensitive data may appear in core dumps
235
- detection_pattern: password|secret.*malloc(?!.*mlock)
236
- fix_pattern: Use mlock to prevent paging clear sensitive data
237
- cwe: CWE-316
238
- cve_reference: n/a
239
- example_vuln: char *password = malloc(256);
240
- example_fix: char *password = malloc(256); mlock(password, 256);
241
- - id: C-21
242
- name: va_arg Type Mismatch
243
- severity: CRITICAL
244
- category: Memory
245
- description: va_arg used with wrong type causing undefined behavior
246
- detection_pattern: va_arg\\(.*,\\s*\\w+(?!.*promoted)
247
- fix_pattern: Match va_arg type with actual argument type
248
- cwe: CWE-119
249
- cve_reference: n/a
250
- example_vuln: int val = va_arg(args, short); // Wrong
251
- example_fix: int val = va_arg(args, int); // short promotes to int
252
- - id: C-22
253
- name: Uncontrolled Recursion
254
- severity: MEDIUM
255
- category: DoS
256
- description: Recursive function without depth limit causes stack overflow
257
- detection_pattern: \\w+\\(.*\\)\\s*\\{[^}]*\\w+\\((?!.*depth)
258
- fix_pattern: Add depth parameter and limit max recursion depth
259
- cwe: CWE-674
260
- cve_reference: n/a
261
- example_vuln: void parse(Node *n) { parse(n->child); }
262
- example_fix: void parse(Node *n, int depth) { if (depth > MAX_DEPTH) return; parse(n->child, depth+1); }
263
- - id: C-23
264
- name: Dangerous Function gets
265
- severity: CRITICAL
266
- category: Memory
267
- description: gets() has no bounds checking now deprecated
268
- detection_pattern: gets\\(
269
- fix_pattern: Replace with fgets() which has size limit
270
- cwe: CWE-242
271
- cve_reference: n/a
272
- example_vuln: gets(buffer);
273
- example_fix: fgets(buffer, sizeof(buffer), stdin);
274
- - id: C-24
275
- name: Missing Return Value Check
276
- severity: HIGH
277
- category: Error
278
- description: malloc/realloc return value not checked for NULL
279
- detection_pattern: (malloc|realloc)\\(.*\\)(?!.*if.*==.*NULL|!=.*NULL)
280
- fix_pattern: Always check return value of memory allocation
281
- cwe: CWE-252
282
- cve_reference: n/a
283
- example_vuln: char *p = malloc(size); *p = 'x';
284
- example_fix: char *p = malloc(size); if (p == NULL) return -1; *p = 'x';
285
- - id: C-25
286
- name: Insecure Permissions
287
- severity: MEDIUM
288
- category: File
289
- description: File created with world-readable permissions
290
- detection_pattern: open\\(.*0777|fopen(?!.*fchmod)
291
- fix_pattern: Use restrictive permissions 0600 for sensitive files
292
- cwe: CWE-732
293
- cve_reference: n/a
294
- example_vuln: open(file, O_CREAT, 0777);
295
- example_fix: open(file, O_CREAT, 0600);
21
+ - id: C-01
22
+ name: Stack Buffer Overflow
23
+ severity: CRITICAL
24
+ category: Memory
25
+ description: Buffer on stack overwritten via user input leading to RCE
26
+ detection_pattern: (strcpy|sprintf|gets|scanf)\\((?!.*n)
27
+ fix_pattern: Use strncpy snprintf fgets scanf with width specifier
28
+ cwe: CWE-121
29
+ cve_reference: CVE-2025-0282
30
+ example_vuln: char buf[64]; strcpy(buf, user_input);
31
+ example_fix: char buf[64]; strncpy(buf, user_input, sizeof(buf)-1); buf[63] = '\\0';
32
+ - id: C-02
33
+ name: Heap Buffer Overflow
34
+ severity: CRITICAL
35
+ category: Memory
36
+ description: Buffer on heap overwritten allowing heap corruption RCE
37
+ detection_pattern: (malloc|realloc).*memcpy(?!.*size_check)
38
+ fix_pattern: Validate size before memcpy use bounded functions
39
+ cwe: CWE-122
40
+ cve_reference: CVE-2025-47436
41
+ example_vuln: char *buf = malloc(64); memcpy(buf, data, data_len);
42
+ example_fix: if (data_len > 64) return -1; memcpy(buf, data, data_len);
43
+ - id: C-03
44
+ name: Format String Vulnerability
45
+ severity: CRITICAL
46
+ category: Injection
47
+ description: User input passed directly to printf allows arbitrary read/write
48
+ detection_pattern: (printf|fprintf|sprintf|syslog)\\(.*input(?!.*%)
49
+ fix_pattern: Use format specifier never pass user input directly
50
+ cwe: CWE-134
51
+ cve_reference: n/a
52
+ example_vuln: printf(user_input);
53
+ example_fix: printf(\%s\"
54
+ - id: C-04
55
+ name: Integer Overflow
56
+ severity: HIGH
57
+ category: Math
58
+ description: Integer arithmetic without overflow check leads to small buffer
59
+ detection_pattern: (malloc|realloc)\\(.*\\*(?!.*overflow|check)
60
+ fix_pattern: Check for overflow before arithmetic use safe_mul
61
+ cwe: CWE-190
62
+ cve_reference: CVE-2024-7025
63
+ example_vuln: size_t size = width * height; char *buf = malloc(size);
64
+ example_fix: if (width > SIZE_MAX/height) return -1; size_t size = width * height;
65
+ - id: C-05
66
+ name: Off-by-One Error
67
+ severity: HIGH
68
+ category: Memory
69
+ description: Loop boundary error allows one byte overflow
70
+ detection_pattern: for.*\\<.*=.*len|while.*\\<=.*size
71
+ fix_pattern: Use strict < comparison verify buffer bounds
72
+ cwe: CWE-193
73
+ cve_reference: n/a
74
+ example_vuln: for (int i = 0; i <= len; i++) buf[i] = src[i];
75
+ example_fix: for (int i = 0; i < len; i++) buf[i] = src[i];
76
+ - id: C-06
77
+ name: Use After Free
78
+ severity: CRITICAL
79
+ category: Memory
80
+ description: Memory accessed after free causing crash or code execution
81
+ detection_pattern: free\\(.*\\).*\\n.*(?!.*=.*NULL)
82
+ fix_pattern: Set pointer to NULL after free check before use
83
+ cwe: CWE-416
84
+ cve_reference: n/a
85
+ example_vuln: free(ptr); process(ptr);
86
+ example_fix: free(ptr); ptr = NULL; if (ptr) process(ptr);
87
+ - id: C-07
88
+ name: Double Free
89
+ severity: CRITICAL
90
+ category: Memory
91
+ description: Memory freed twice causing heap corruption
92
+ detection_pattern: free\\(.*\\).*\\n.*free\\(.*same_ptr)
93
+ fix_pattern: Set pointer to NULL after free track allocation state
94
+ cwe: CWE-415
95
+ cve_reference: n/a
96
+ example_vuln: free(ptr); free(ptr);
97
+ example_fix: free(ptr); ptr = NULL;
98
+ - id: C-08
99
+ name: Null Pointer Dereference
100
+ severity: HIGH
101
+ category: Memory
102
+ description: Pointer dereferenced without null check
103
+ detection_pattern: \*\\w+(?!.*if.*!=.*NULL|!=.*NULL)
104
+ fix_pattern: Check pointer for NULL before dereference
105
+ cwe: CWE-476
106
+ cve_reference: n/a
107
+ example_vuln: return *data;
108
+ example_fix: if (data == NULL) return -1; return *data;
109
+ - id: C-09
110
+ name: Command Injection system
111
+ severity: CRITICAL
112
+ category: Injection
113
+ description: system() with user input allows command execution
114
+ detection_pattern: system\\(.*input|popen\\(.*user
115
+ fix_pattern: Use execve with argument array avoid shell
116
+ cwe: CWE-78
117
+ cve_reference: n/a
118
+ example_vuln: system(\cat \" + filename);"
119
+ example_fix: execl(\/bin/cat\"
120
+ - id: C-10
121
+ name: Path Traversal
122
+ severity: HIGH
123
+ category: File
124
+ description: User file path without validation allows directory escape
125
+ detection_pattern: fopen\\(.*input(?!.*realpath|canonical)
126
+ fix_pattern: Use realpath validate path is within allowed directory
127
+ cwe: CWE-22
128
+ cve_reference: n/a
129
+ example_vuln: fopen(user_path, \r\");"
130
+ example_fix: char *real = realpath(user_path, NULL); if (strncmp(real, base, strlen(base)) != 0) return -1;
131
+ - id: C-11
132
+ name: Uninitialized Variable
133
+ severity: HIGH
134
+ category: Memory
135
+ description: Variable used before initialization contains garbage
136
+ detection_pattern: (int|char|void\\*)\\s+\\w+;\\s*(?!.*=).*use
137
+ fix_pattern: Initialize all variables at declaration
138
+ cwe: CWE-457
139
+ cve_reference: n/a
140
+ example_vuln: int count; if (flag) count = 10; return count;
141
+ example_fix: int count = 0; if (flag) count = 10; return count;
142
+ - id: C-12
143
+ name: Race Condition File
144
+ severity: HIGH
145
+ category: Concurrency
146
+ description: TOCTOU race between check and use of file
147
+ detection_pattern: access\\(.*\\).*open\\(|stat\\(.*\\).*fopen
148
+ fix_pattern: Use atomic operations fopen directly with flags
149
+ cwe: CWE-367
150
+ cve_reference: n/a
151
+ example_vuln: if (access(file, R_OK) == 0) fopen(file, \r\");"
152
+ example_fix: FILE *f = fopen(file, \r\"); if (f == NULL) return -1;"
153
+ - id: C-13
154
+ name: Insecure Temporary File
155
+ severity: HIGH
156
+ category: File
157
+ description: mktemp creates predictable temporary file names
158
+ detection_pattern: mktemp\\((?!.*mkstemp)
159
+ fix_pattern: Use mkstemp or tmpfile for secure temp files
160
+ cwe: CWE-377
161
+ cve_reference: n/a
162
+ example_vuln: char *tmp = mktemp(template); fopen(tmp, \w\");"
163
+ example_fix: int fd = mkstemp(template); FILE *f = fdopen(fd, \w\");"
164
+ - id: C-14
165
+ name: Memory Leak
166
+ severity: MEDIUM
167
+ category: Memory
168
+ description: Allocated memory never freed causing resource exhaustion
169
+ detection_pattern: malloc|calloc(?!.*free)
170
+ fix_pattern: Ensure every malloc has corresponding free use RAII patterns
171
+ cwe: CWE-401
172
+ cve_reference: n/a
173
+ example_vuln: char *buf = malloc(1024); return result;
174
+ example_fix: char *buf = malloc(1024); /* ... */ free(buf); return result;
175
+ - id: C-15
176
+ name: Unbounded String Copy
177
+ severity: CRITICAL
178
+ category: Memory
179
+ description: String functions without length limit
180
+ detection_pattern: strncat.*sizeof(?!.*-1)|strcat\\(
181
+ fix_pattern: Use strncat with proper size accounting for null terminator
182
+ cwe: CWE-120
183
+ cve_reference: n/a
184
+ example_vuln: strncat(dest, src, sizeof(dest));
185
+ example_fix: strncat(dest, src, sizeof(dest) - strlen(dest) - 1);
186
+ - id: C-16
187
+ name: Signed Integer Overflow
188
+ severity: HIGH
189
+ category: Math
190
+ description: Signed integer overflow is undefined behavior
191
+ detection_pattern: (int|long).*\\+.*>.*MAX|signed.*overflow
192
+ fix_pattern: Use unsigned types or explicit overflow checks
193
+ cwe: CWE-190
194
+ cve_reference: n/a
195
+ example_vuln: int result = a + b; if (result < a) // Too late
196
+ example_fix: if (a > INT_MAX - b) return -1; int result = a + b;
197
+ - id: C-17
198
+ name: Improper Array Index
199
+ severity: HIGH
200
+ category: Memory
201
+ description: Array accessed with unchecked index
202
+ detection_pattern: \\[.*input\\]|\\[.*user(?!.*check|bound)
203
+ fix_pattern: Validate array index against bounds before access
204
+ cwe: CWE-129
205
+ cve_reference: n/a
206
+ example_vuln: return array[user_index];
207
+ example_fix: if (user_index >= array_size) return -1; return array[user_index];
208
+ - id: C-18
209
+ name: Signal Handler Race
210
+ severity: HIGH
211
+ category: Concurrency
212
+ description: Non-reentrant function called from signal handler
213
+ detection_pattern: signal.*handler.*printf|malloc.*signal_handler
214
+ fix_pattern: Use only async-signal-safe functions in handlers
215
+ cwe: CWE-364
216
+ cve_reference: n/a
217
+ example_vuln: void handler(int sig) { printf(\signal\"); }"
218
+ example_fix: void handler(int sig) { write(1, \signal\"
219
+ - id: C-19
220
+ name: Weak Random Number
221
+ severity: HIGH
222
+ category: Crypto
223
+ description: rand() used for security-sensitive values
224
+ detection_pattern: rand\\(\\).*token|srand.*time(?!.*secure)
225
+ fix_pattern: Use CSPRNG like /dev/urandom or arc4random
226
+ cwe: CWE-330
227
+ cve_reference: n/a
228
+ example_vuln: int token = rand();
229
+ example_fix: arc4random_buf(token, sizeof(token));
230
+ - id: C-20
231
+ name: Sensitive Data in Core
232
+ severity: HIGH
233
+ category: Information
234
+ description: Sensitive data may appear in core dumps
235
+ detection_pattern: password|secret.*malloc(?!.*mlock)
236
+ fix_pattern: Use mlock to prevent paging clear sensitive data
237
+ cwe: CWE-316
238
+ cve_reference: n/a
239
+ example_vuln: char *password = malloc(256);
240
+ example_fix: char *password = malloc(256); mlock(password, 256);
241
+ - id: C-21
242
+ name: va_arg Type Mismatch
243
+ severity: CRITICAL
244
+ category: Memory
245
+ description: va_arg used with wrong type causing undefined behavior
246
+ detection_pattern: va_arg\\(.*,\\s*\\w+(?!.*promoted)
247
+ fix_pattern: Match va_arg type with actual argument type
248
+ cwe: CWE-119
249
+ cve_reference: n/a
250
+ example_vuln: int val = va_arg(args, short); // Wrong
251
+ example_fix: int val = va_arg(args, int); // short promotes to int
252
+ - id: C-22
253
+ name: Uncontrolled Recursion
254
+ severity: MEDIUM
255
+ category: DoS
256
+ description: Recursive function without depth limit causes stack overflow
257
+ detection_pattern: \\w+\\(.*\\)\\s*\\{[^}]*\\w+\\((?!.*depth)
258
+ fix_pattern: Add depth parameter and limit max recursion depth
259
+ cwe: CWE-674
260
+ cve_reference: n/a
261
+ example_vuln: void parse(Node *n) { parse(n->child); }
262
+ example_fix: void parse(Node *n, int depth) { if (depth > MAX_DEPTH) return; parse(n->child, depth+1); }
263
+ - id: C-23
264
+ name: Dangerous Function gets
265
+ severity: CRITICAL
266
+ category: Memory
267
+ description: gets() has no bounds checking now deprecated
268
+ detection_pattern: gets\\(
269
+ fix_pattern: Replace with fgets() which has size limit
270
+ cwe: CWE-242
271
+ cve_reference: n/a
272
+ example_vuln: gets(buffer);
273
+ example_fix: fgets(buffer, sizeof(buffer), stdin);
274
+ - id: C-24
275
+ name: Missing Return Value Check
276
+ severity: HIGH
277
+ category: Error
278
+ description: malloc/realloc return value not checked for NULL
279
+ detection_pattern: (malloc|realloc)\\(.*\\)(?!.*if.*==.*NULL|!=.*NULL)
280
+ fix_pattern: Always check return value of memory allocation
281
+ cwe: CWE-252
282
+ cve_reference: n/a
283
+ example_vuln: char *p = malloc(size); *p = 'x';
284
+ example_fix: char *p = malloc(size); if (p == NULL) return -1; *p = 'x';
285
+ - id: C-25
286
+ name: Insecure Permissions
287
+ severity: MEDIUM
288
+ category: File
289
+ description: File created with world-readable permissions
290
+ detection_pattern: open\\(.*0777|fopen(?!.*fchmod)
291
+ fix_pattern: Use restrictive permissions 0600 for sensitive files
292
+ cwe: CWE-732
293
+ cve_reference: n/a
294
+ example_vuln: open(file, O_CREAT, 0777);
295
+ example_fix: open(file, O_CREAT, 0600);