@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/language-specific/csharp-security.yaml CHANGED
@@ -1,219 +1,219 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: csharp_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: csharp-security.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: csharp-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - cwe
17
- - example_vuln
18
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - cwe
17
+ - example_vuln
18
+ - example_fix
19
19
  patterns:
20
- - id: CS-01
21
- name: SQL Injection
22
- severity: CRITICAL
23
- category: Injection
24
- description: String concatenation in SQL queries
25
- detection_pattern: (SqlCommand|ExecuteReader|ExecuteNonQuery).*\\+.*Request
26
- fix_pattern: Use parameterized queries with SqlParameter
27
- cwe: CWE-89
28
- example_vuln: cmd.CommandText = 'SELECT * FROM Users WHERE id = ' + userId;
29
- example_fix: cmd.CommandText = 'SELECT * FROM Users WHERE id = @id';\ncmd.Parameters.AddWithValue('@id', userId);
30
- - id: CS-02
31
- name: XSS Via Response Write
32
- severity: HIGH
33
- category: XSS
34
- description: User input written to response without encoding
35
- detection_pattern: Response\\.Write.*Request(?!.*Encode|HtmlEncode)
36
- fix_pattern: Use HttpUtility.HtmlEncode for all user output
37
- cwe: CWE-79
38
- example_vuln: Response.Write(Request['name']);
39
- example_fix: Response.Write(HttpUtility.HtmlEncode(Request['name']));
40
- - id: CS-03
41
- name: Insecure Deserialization
42
- severity: CRITICAL
43
- category: Deserialization
44
- description: BinaryFormatter used for untrusted data
45
- detection_pattern: BinaryFormatter|SoapFormatter|ObjectStateFormatter
46
- fix_pattern: Use JSON or XML with type constraints avoid TypeNameHandling
47
- cwe: CWE-502
48
- example_vuln: var bf = new BinaryFormatter();\nbf.Deserialize(stream);
49
- example_fix: var settings = new JsonSerializerSettings { TypeNameHandling = TypeNameHandling.None };
50
- - id: CS-04
51
- name: Path Traversal
52
- severity: HIGH
53
- category: File
54
- description: User input in file path without validation
55
- detection_pattern: (File\\.Open|ReadAllText|WriteAllText).*Request
56
- fix_pattern: Use Path.GetFullPath and validate against base directory
57
- cwe: CWE-22
58
- example_vuln: File.ReadAllText(basePath + Request['file']);
59
- example_fix: var full = Path.GetFullPath(Path.Combine(basePath, file));\nif (!full.StartsWith(basePath)) throw new SecurityException();
60
- - id: CS-05
61
- name: Command Injection
62
- severity: CRITICAL
63
- category: Injection
64
- description: User input in Process.Start without sanitization
65
- detection_pattern: Process\\.Start.*Request.*(?!.*AllowedCommands)
66
- fix_pattern: Use argument arrays validate against allowlist
67
- cwe: CWE-78
68
- example_vuln: Process.Start('cmd', '/c ' + userCommand);
69
- example_fix: // Only allow specific commands\nif (!AllowedCommands.Contains(cmd)) throw new SecurityException();
70
- - id: CS-06
71
- name: Missing CSRF Token
72
- severity: HIGH
73
- category: CSRF
74
- description: Form without AntiForgeryToken validation
75
- detection_pattern: \\[HttpPost\\](?!.*ValidateAntiForgeryToken)
76
- fix_pattern: Add [ValidateAntiForgeryToken] to all POST actions
77
- cwe: CWE-352
78
- example_vuln: '[HttpPost]\npublic IActionResult Transfer()'
79
- example_fix: '[HttpPost]\n[ValidateAntiForgeryToken]\npublic IActionResult Transfer()'
80
- - id: CS-07
81
- name: Weak Password Hashing
82
- severity: HIGH
83
- category: Crypto
84
- description: Using MD5 SHA1 or custom hashing for passwords
85
- detection_pattern: (MD5|SHA1)\\.Create|GetHashCode.*password
86
- fix_pattern: Use Argon2 or PBKDF2 with sufficient iterations
87
- cwe: CWE-327
88
- example_vuln: var hash = MD5.Create().ComputeHash(password);
89
- example_fix: var hash = Rfc2898DeriveBytes.Pbkdf2(password, salt, 100000, HashAlgorithmName.SHA256, 32);
90
- - id: CS-08
91
- name: Hardcoded Connection String
92
- severity: HIGH
93
- category: Secrets
94
- description: Database connection string in source code
95
- detection_pattern: (Server=|Data Source=|Password=).*['\]"
96
- fix_pattern: Use IConfiguration and secrets management
97
- cwe: CWE-798
98
- example_vuln: var conn = 'Server=db;Password=secret123';
99
- example_fix: var conn = _configuration.GetConnectionString('Default');
100
- - id: CS-09
101
- name: Missing Authorization
102
- severity: HIGH
103
- category: AuthZ
104
- description: Controller action without authorization check
105
- detection_pattern: \\[HttpGet\\](?!.*\\[Authorize\\]).*public.*IActionResult
106
- fix_pattern: Add [Authorize] or policy-based authorization
107
- cwe: CWE-284
108
- example_vuln: '[HttpGet]\npublic IActionResult AdminPanel()'
109
- example_fix: '[Authorize(Roles = ''Admin'')]\n[HttpGet]\npublic IActionResult AdminPanel()'
110
- - id: CS-10
111
- name: Insecure Cookie
112
- severity: HIGH
113
- category: Session
114
- description: Cookie without Secure HttpOnly SameSite flags
115
- detection_pattern: new Cookie|Response\\.Cookies(?!.*Secure|HttpOnly)
116
- fix_pattern: Set Secure HttpOnly SameSite=Strict on cookies
117
- cwe: CWE-614
118
- example_vuln: Response.Cookies.Append('session', token);
119
- example_fix: Response.Cookies.Append('session', token, new CookieOptions { Secure = true, HttpOnly = true, SameSite = SameSiteMode.Strict });
120
- - id: CS-11
121
- name: Regex DoS
122
- severity: HIGH
123
- category: DoS
124
- description: Vulnerable regex pattern causing catastrophic backtracking
125
- detection_pattern: new Regex\\(.*\\*\\+|\\+\\+|\\*\\?
126
- fix_pattern: Use timeout on regex or simplify patterns
127
- cwe: CWE-400
128
- example_vuln: var regex = new Regex('(a+)+$');
129
- example_fix: var regex = new Regex('a+$', RegexOptions.None, TimeSpan.FromSeconds(1));
130
- - id: CS-12
131
- name: XML External Entity
132
- severity: CRITICAL
133
- category: Injection
134
- description: XXE processing enabled in XML parser
135
- detection_pattern: XmlReader\\.Create(?!.*DtdProcessing.*Prohibit)
136
- fix_pattern: Disable DTD processing and external entities
137
- cwe: CWE-611
138
- example_vuln: var reader = XmlReader.Create(stream);
139
- example_fix: var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null };
140
- - id: CS-13
141
- name: LDAP Injection
142
- severity: HIGH
143
- category: Injection
144
- description: User input in LDAP query without escaping
145
- detection_pattern: DirectorySearcher.*Filter.*\\+.*Request
146
- fix_pattern: Escape special LDAP characters in user input
147
- cwe: CWE-90
148
- example_vuln: searcher.Filter = '(uid=' + username + ')';
149
- example_fix: searcher.Filter = '(uid=' + EscapeLdap(username) + ')';
150
- - id: CS-14
151
- name: Open Redirect
152
- severity: MEDIUM
153
- category: Redirect
154
- description: User input in redirect without validation
155
- detection_pattern: Redirect(Request\\[|RedirectToAction.*Request
156
- fix_pattern: Validate URLs against allowlist use LocalRedirect
157
- cwe: CWE-601
158
- example_vuln: return Redirect(Request['returnUrl']);
159
- example_fix: if (!Url.IsLocalUrl(returnUrl)) returnUrl = '/';\nreturn LocalRedirect(returnUrl);
160
- - id: CS-15
161
- name: Mass Assignment
162
- severity: HIGH
163
- category: Binding
164
- description: Model binding without property whitelist
165
- detection_pattern: \\[Bind\\](?!.*Include).*public.*IActionResult
166
- fix_pattern: Use [Bind(Include = 'prop1,prop2')] or DTOs
167
- cwe: CWE-915
168
- example_vuln: public IActionResult Update(User user)
169
- example_fix: public IActionResult Update([Bind(Include = 'Name,Email')] UserDto dto)
170
- - id: CS-16
171
- name: Nullable Deref
172
- severity: MEDIUM
173
- category: NullRef
174
- description: Nullable reference used without null check
175
- detection_pattern: (\\?|null).*\\.(?!\\?)
176
- fix_pattern: Use null-conditional operator or explicit checks
177
- cwe: CWE-476
178
- example_vuln: string name = user.Profile.Name;
179
- example_fix: string? name = user?.Profile?.Name;
180
- - id: CS-17
181
- name: Weak Random
182
- severity: HIGH
183
- category: Crypto
184
- description: Using System.Random for security tokens
185
- detection_pattern: new\\s+Random\\(\\)(?!.*crypto)
186
- fix_pattern: Use RandomNumberGenerator for security values
187
- cwe: CWE-338
188
- example_vuln: var token = new Random().Next().ToString();
189
- example_fix: var token = RandomNumberGenerator.GetBytes(32);
190
- - id: CS-18
191
- name: Exposed Error Details
192
- severity: MEDIUM
193
- category: Info
194
- description: Detailed errors exposed in production
195
- detection_pattern: UseDeveloperExceptionPage(?!.*IsDevelopment)
196
- fix_pattern: Only show detailed errors in development
197
- cwe: CWE-209
198
- example_vuln: app.UseDeveloperExceptionPage();
199
- example_fix: if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
200
- - id: CS-19
201
- name: Unvalidated File Upload
202
- severity: HIGH
203
- category: Upload
204
- description: File upload without type and size validation
205
- detection_pattern: IFormFile(?!.*ContentType|Length.*check)
206
- fix_pattern: Validate file type size and scan for malware
207
- cwe: CWE-434
208
- example_vuln: await file.CopyToAsync(stream);
209
- example_fix: if (file.Length > 10_000_000 || !AllowedTypes.Contains(file.ContentType)) throw new ValidationException();
210
- - id: CS-20
211
- name: Logging Sensitive Data
212
- severity: MEDIUM
213
- category: Privacy
214
- description: Passwords or tokens in log output
215
- detection_pattern: _logger\\.(Log|Information|Debug).*password|token|secret
216
- fix_pattern: Never log sensitive data use structured logging
217
- cwe: CWE-532
218
- example_vuln: '_logger.LogInformation($''User {email} token: {token}'');'
219
- example_fix: _logger.LogInformation('User {Email} logged in', email); // No token
20
+ - id: CS-01
21
+ name: SQL Injection
22
+ severity: CRITICAL
23
+ category: Injection
24
+ description: String concatenation in SQL queries
25
+ detection_pattern: (SqlCommand|ExecuteReader|ExecuteNonQuery).*\\+.*Request
26
+ fix_pattern: Use parameterized queries with SqlParameter
27
+ cwe: CWE-89
28
+ example_vuln: cmd.CommandText = 'SELECT * FROM Users WHERE id = ' + userId;
29
+ example_fix: cmd.CommandText = 'SELECT * FROM Users WHERE id = @id';\ncmd.Parameters.AddWithValue('@id', userId);
30
+ - id: CS-02
31
+ name: XSS Via Response Write
32
+ severity: HIGH
33
+ category: XSS
34
+ description: User input written to response without encoding
35
+ detection_pattern: Response\\.Write.*Request(?!.*Encode|HtmlEncode)
36
+ fix_pattern: Use HttpUtility.HtmlEncode for all user output
37
+ cwe: CWE-79
38
+ example_vuln: Response.Write(Request['name']);
39
+ example_fix: Response.Write(HttpUtility.HtmlEncode(Request['name']));
40
+ - id: CS-03
41
+ name: Insecure Deserialization
42
+ severity: CRITICAL
43
+ category: Deserialization
44
+ description: BinaryFormatter used for untrusted data
45
+ detection_pattern: BinaryFormatter|SoapFormatter|ObjectStateFormatter
46
+ fix_pattern: Use JSON or XML with type constraints avoid TypeNameHandling
47
+ cwe: CWE-502
48
+ example_vuln: var bf = new BinaryFormatter();\nbf.Deserialize(stream);
49
+ example_fix: var settings = new JsonSerializerSettings { TypeNameHandling = TypeNameHandling.None };
50
+ - id: CS-04
51
+ name: Path Traversal
52
+ severity: HIGH
53
+ category: File
54
+ description: User input in file path without validation
55
+ detection_pattern: (File\\.Open|ReadAllText|WriteAllText).*Request
56
+ fix_pattern: Use Path.GetFullPath and validate against base directory
57
+ cwe: CWE-22
58
+ example_vuln: File.ReadAllText(basePath + Request['file']);
59
+ example_fix: var full = Path.GetFullPath(Path.Combine(basePath, file));\nif (!full.StartsWith(basePath)) throw new SecurityException();
60
+ - id: CS-05
61
+ name: Command Injection
62
+ severity: CRITICAL
63
+ category: Injection
64
+ description: User input in Process.Start without sanitization
65
+ detection_pattern: Process\\.Start.*Request.*(?!.*AllowedCommands)
66
+ fix_pattern: Use argument arrays validate against allowlist
67
+ cwe: CWE-78
68
+ example_vuln: Process.Start('cmd', '/c ' + userCommand);
69
+ example_fix: // Only allow specific commands\nif (!AllowedCommands.Contains(cmd)) throw new SecurityException();
70
+ - id: CS-06
71
+ name: Missing CSRF Token
72
+ severity: HIGH
73
+ category: CSRF
74
+ description: Form without AntiForgeryToken validation
75
+ detection_pattern: \\[HttpPost\\](?!.*ValidateAntiForgeryToken)
76
+ fix_pattern: Add [ValidateAntiForgeryToken] to all POST actions
77
+ cwe: CWE-352
78
+ example_vuln: '[HttpPost]\npublic IActionResult Transfer()'
79
+ example_fix: '[HttpPost]\n[ValidateAntiForgeryToken]\npublic IActionResult Transfer()'
80
+ - id: CS-07
81
+ name: Weak Password Hashing
82
+ severity: HIGH
83
+ category: Crypto
84
+ description: Using MD5 SHA1 or custom hashing for passwords
85
+ detection_pattern: (MD5|SHA1)\\.Create|GetHashCode.*password
86
+ fix_pattern: Use Argon2 or PBKDF2 with sufficient iterations
87
+ cwe: CWE-327
88
+ example_vuln: var hash = MD5.Create().ComputeHash(password);
89
+ example_fix: var hash = Rfc2898DeriveBytes.Pbkdf2(password, salt, 100000, HashAlgorithmName.SHA256, 32);
90
+ - id: CS-08
91
+ name: Hardcoded Connection String
92
+ severity: HIGH
93
+ category: Secrets
94
+ description: Database connection string in source code
95
+ detection_pattern: (Server=|Data Source=|Password=).*['\]"
96
+ fix_pattern: Use IConfiguration and secrets management
97
+ cwe: CWE-798
98
+ example_vuln: var conn = 'Server=db;Password=secret123';
99
+ example_fix: var conn = _configuration.GetConnectionString('Default');
100
+ - id: CS-09
101
+ name: Missing Authorization
102
+ severity: HIGH
103
+ category: AuthZ
104
+ description: Controller action without authorization check
105
+ detection_pattern: \\[HttpGet\\](?!.*\\[Authorize\\]).*public.*IActionResult
106
+ fix_pattern: Add [Authorize] or policy-based authorization
107
+ cwe: CWE-284
108
+ example_vuln: '[HttpGet]\npublic IActionResult AdminPanel()'
109
+ example_fix: '[Authorize(Roles = ''Admin'')]\n[HttpGet]\npublic IActionResult AdminPanel()'
110
+ - id: CS-10
111
+ name: Insecure Cookie
112
+ severity: HIGH
113
+ category: Session
114
+ description: Cookie without Secure HttpOnly SameSite flags
115
+ detection_pattern: new Cookie|Response\\.Cookies(?!.*Secure|HttpOnly)
116
+ fix_pattern: Set Secure HttpOnly SameSite=Strict on cookies
117
+ cwe: CWE-614
118
+ example_vuln: Response.Cookies.Append('session', token);
119
+ example_fix: Response.Cookies.Append('session', token, new CookieOptions { Secure = true, HttpOnly = true, SameSite = SameSiteMode.Strict });
120
+ - id: CS-11
121
+ name: Regex DoS
122
+ severity: HIGH
123
+ category: DoS
124
+ description: Vulnerable regex pattern causing catastrophic backtracking
125
+ detection_pattern: new Regex\\(.*\\*\\+|\\+\\+|\\*\\?
126
+ fix_pattern: Use timeout on regex or simplify patterns
127
+ cwe: CWE-400
128
+ example_vuln: var regex = new Regex('(a+)+$');
129
+ example_fix: var regex = new Regex('a+$', RegexOptions.None, TimeSpan.FromSeconds(1));
130
+ - id: CS-12
131
+ name: XML External Entity
132
+ severity: CRITICAL
133
+ category: Injection
134
+ description: XXE processing enabled in XML parser
135
+ detection_pattern: XmlReader\\.Create(?!.*DtdProcessing.*Prohibit)
136
+ fix_pattern: Disable DTD processing and external entities
137
+ cwe: CWE-611
138
+ example_vuln: var reader = XmlReader.Create(stream);
139
+ example_fix: var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null };
140
+ - id: CS-13
141
+ name: LDAP Injection
142
+ severity: HIGH
143
+ category: Injection
144
+ description: User input in LDAP query without escaping
145
+ detection_pattern: DirectorySearcher.*Filter.*\\+.*Request
146
+ fix_pattern: Escape special LDAP characters in user input
147
+ cwe: CWE-90
148
+ example_vuln: searcher.Filter = '(uid=' + username + ')';
149
+ example_fix: searcher.Filter = '(uid=' + EscapeLdap(username) + ')';
150
+ - id: CS-14
151
+ name: Open Redirect
152
+ severity: MEDIUM
153
+ category: Redirect
154
+ description: User input in redirect without validation
155
+ detection_pattern: Redirect(Request\\[|RedirectToAction.*Request
156
+ fix_pattern: Validate URLs against allowlist use LocalRedirect
157
+ cwe: CWE-601
158
+ example_vuln: return Redirect(Request['returnUrl']);
159
+ example_fix: if (!Url.IsLocalUrl(returnUrl)) returnUrl = '/';\nreturn LocalRedirect(returnUrl);
160
+ - id: CS-15
161
+ name: Mass Assignment
162
+ severity: HIGH
163
+ category: Binding
164
+ description: Model binding without property whitelist
165
+ detection_pattern: \\[Bind\\](?!.*Include).*public.*IActionResult
166
+ fix_pattern: Use [Bind(Include = 'prop1,prop2')] or DTOs
167
+ cwe: CWE-915
168
+ example_vuln: public IActionResult Update(User user)
169
+ example_fix: public IActionResult Update([Bind(Include = 'Name,Email')] UserDto dto)
170
+ - id: CS-16
171
+ name: Nullable Deref
172
+ severity: MEDIUM
173
+ category: NullRef
174
+ description: Nullable reference used without null check
175
+ detection_pattern: (\\?|null).*\\.(?!\\?)
176
+ fix_pattern: Use null-conditional operator or explicit checks
177
+ cwe: CWE-476
178
+ example_vuln: string name = user.Profile.Name;
179
+ example_fix: string? name = user?.Profile?.Name;
180
+ - id: CS-17
181
+ name: Weak Random
182
+ severity: HIGH
183
+ category: Crypto
184
+ description: Using System.Random for security tokens
185
+ detection_pattern: new\\s+Random\\(\\)(?!.*crypto)
186
+ fix_pattern: Use RandomNumberGenerator for security values
187
+ cwe: CWE-338
188
+ example_vuln: var token = new Random().Next().ToString();
189
+ example_fix: var token = RandomNumberGenerator.GetBytes(32);
190
+ - id: CS-18
191
+ name: Exposed Error Details
192
+ severity: MEDIUM
193
+ category: Info
194
+ description: Detailed errors exposed in production
195
+ detection_pattern: UseDeveloperExceptionPage(?!.*IsDevelopment)
196
+ fix_pattern: Only show detailed errors in development
197
+ cwe: CWE-209
198
+ example_vuln: app.UseDeveloperExceptionPage();
199
+ example_fix: if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
200
+ - id: CS-19
201
+ name: Unvalidated File Upload
202
+ severity: HIGH
203
+ category: Upload
204
+ description: File upload without type and size validation
205
+ detection_pattern: IFormFile(?!.*ContentType|Length.*check)
206
+ fix_pattern: Validate file type size and scan for malware
207
+ cwe: CWE-434
208
+ example_vuln: await file.CopyToAsync(stream);
209
+ example_fix: if (file.Length > 10_000_000 || !AllowedTypes.Contains(file.ContentType)) throw new ValidationException();
210
+ - id: CS-20
211
+ name: Logging Sensitive Data
212
+ severity: MEDIUM
213
+ category: Privacy
214
+ description: Passwords or tokens in log output
215
+ detection_pattern: _logger\\.(Log|Information|Debug).*password|token|secret
216
+ fix_pattern: Never log sensitive data use structured logging
217
+ cwe: CWE-532
218
+ example_vuln: "_logger.LogInformation($'User {email} token: {token}');"
219
+ example_fix: _logger.LogInformation('User {Email} logged in', email); // No token