@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/language-specific/go-security.yaml CHANGED
@@ -1,219 +1,219 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: go_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: go-security.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: go-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - cwe
17
- - example_vuln
18
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - cwe
17
+ - example_vuln
18
+ - example_fix
19
19
  patterns:
20
- - id: GO-01
21
- name: Unchecked Error Return
22
- severity: HIGH
23
- category: Error
24
- description: Error return value ignored allowing silent failures
25
- detection_pattern: err\\s*:?=.*\\n(?!.*if\\s+err|.*err\\s*!=)
26
- fix_pattern: Always check error returns handle or propagate
27
- cwe: CWE-252
28
- example_vuln: result, _ := doSomething()
29
- example_fix: result, err := doSomething()\nif err != nil { return err }
30
- - id: GO-02
31
- name: Race Condition
32
- severity: CRITICAL
33
- category: Concurrency
34
- description: Concurrent map access or shared state without sync
35
- detection_pattern: (map\\[.*\\].*go\\s+func|go\\s+func.*map\\[)(?!.*sync|mutex|atomic)
36
- fix_pattern: Use sync.Mutex sync.Map or channels for shared state
37
- cwe: CWE-362
38
- example_vuln: var cache map[string]int\ngo func() { cache['key'] = val }()
39
- example_fix: var mu sync.Mutex\nmu.Lock()\ncache['key'] = val\nmu.Unlock()
40
- - id: GO-03
41
- name: Command Injection
42
- severity: CRITICAL
43
- category: Injection
44
- description: User input used in exec.Command without sanitization
45
- detection_pattern: exec\\.Command\\(.*\\+|fmt\\.Sprintf.*exec\\.Command
46
- fix_pattern: Use argument arrays never shell strings validate input
47
- cwe: CWE-78
48
- example_vuln: exec.Command('sh', '-c', 'echo ' + userInput)
49
- example_fix: exec.Command('echo', userInput) // No shell
50
- - id: GO-04
51
- name: Path Traversal
52
- severity: HIGH
53
- category: File
54
- description: User input in filepath.Join without sanitization
55
- detection_pattern: filepath\\.Join.*req\\.|os\\.Open.*\\+|ioutil\\.ReadFile.*\\+
56
- fix_pattern: Use filepath.Clean validate path is within allowed dir
57
- cwe: CWE-22
58
- example_vuln: filepath.Join(baseDir, req.URL.Query().Get('file'))
59
- example_fix: clean := filepath.Clean(userPath)\nif !strings.HasPrefix(clean, baseDir) { return err }
60
- - id: GO-05
61
- name: SQL Injection
62
- severity: CRITICAL
63
- category: Injection
64
- description: String concatenation in SQL queries
65
- detection_pattern: (db\\.Query|db\\.Exec)\\(.*\\+|fmt\\.Sprintf.*Query
66
- fix_pattern: Use parameterized queries with db.Query(query args...)
67
- cwe: CWE-89
68
- example_vuln: db.Query('SELECT * FROM users WHERE id = ' + id)
69
- example_fix: db.Query('SELECT * FROM users WHERE id = ?', id)
70
- - id: GO-06
71
- name: Weak TLS Config
72
- severity: HIGH
73
- category: Crypto
74
- description: TLS config allows weak versions or insecure settings
75
- detection_pattern: MinVersion.*tls\\.VersionTLS1[01]|InsecureSkipVerify.*true
76
- fix_pattern: Enforce TLS 1.2+ verify certificates
77
- cwe: CWE-327
78
- example_vuln: '&tls.Config{MinVersion: tls.VersionTLS10}'
79
- example_fix: '&tls.Config{MinVersion: tls.VersionTLS12}'
80
- - id: GO-07
81
- name: Unsafe Pointer Use
82
- severity: HIGH
83
- category: Memory
84
- description: Unsafe pointer operations risking memory corruption
85
- detection_pattern: unsafe\\.Pointer|uintptr(?!.*reflect\\.SliceHeader)
86
- fix_pattern: Avoid unsafe unless absolutely necessary add bounds checks
87
- cwe: CWE-119
88
- example_vuln: ptr := unsafe.Pointer(&data)\n*(*int)(ptr) = 42
89
- example_fix: // Use safe alternatives or add extensive validation
90
- - id: GO-08
91
- name: Missing Timeout
92
- severity: HIGH
93
- category: Reliability
94
- description: HTTP client or context without timeout
95
- detection_pattern: http\\.DefaultClient|context\\.Background\\(\\)(?!.*WithTimeout)
96
- fix_pattern: Always set timeouts on HTTP clients and contexts
97
- cwe: CWE-400
98
- example_vuln: resp, err := http.Get(url)
99
- example_fix: ctx, cancel := context.WithTimeout(ctx, 10*time.Second)\nreq = req.WithContext(ctx)
100
- - id: GO-09
101
- name: Goroutine Leak
102
- severity: MEDIUM
103
- category: Memory
104
- description: Goroutines started without cancellation mechanism
105
- detection_pattern: go\\s+func\\(\\)(?!.*context|done|cancel)
106
- fix_pattern: Use context for cancellation or done channels
107
- cwe: CWE-400
108
- example_vuln: go func() { for { process() } }()
109
- example_fix: 'go func() { for { select { case <-ctx.Done(): return } } }()'
110
- - id: GO-10
111
- name: Template Injection
112
- severity: HIGH
113
- category: Injection
114
- description: User input in HTML templates without escaping
115
- detection_pattern: template\\.HTML\\(.*req|text/template.*user
116
- fix_pattern: Use html/template package always escape user data
117
- cwe: CWE-79
118
- example_vuln: template.HTML(userInput)
119
- example_fix: // html/template auto-escapes\ntmpl.Execute(w, data) // data is escaped
120
- - id: GO-11
121
- name: SSRF Via HTTP Client
122
- severity: CRITICAL
123
- category: Network
124
- description: User-controlled URLs fetched without validation
125
- detection_pattern: http\\.(Get|Post|Do).*req\\.(URL|Body|Query)
126
- fix_pattern: Validate URLs against allowlist block internal IPs
127
- cwe: CWE-918
128
- example_vuln: http.Get(req.Query.Get('url'))
129
- example_fix: url := req.Query.Get('url')\nif !isAllowed(url) { return }\nhttp.Get(url)
130
- - id: GO-12
131
- name: Crypto Rand Misuse
132
- severity: HIGH
133
- category: Crypto
134
- description: Using math/rand instead of crypto/rand for security
135
- detection_pattern: math/rand(?!.*seed)|rand\\.(Int|Read)(?!.*crypto)
136
- fix_pattern: Use crypto/rand for security-sensitive random values
137
- cwe: CWE-338
138
- example_vuln: import 'math/rand'\ntoken := rand.Int()
139
- example_fix: import 'crypto/rand'\nrand.Read(token)
140
- - id: GO-13
141
- name: Defer in Loop
142
- severity: MEDIUM
143
- category: Resource
144
- description: Defer statement inside loop causing resource accumulation
145
- detection_pattern: for.*\\{[^}]*defer
146
- fix_pattern: Move defer outside loop or use explicit close
147
- cwe: CWE-400
148
- example_vuln: for _, f := range files { defer f.Close() }
149
- example_fix: for _, f := range files { f.Close() }
150
- - id: GO-14
151
- name: Missing Input Validation
152
- severity: HIGH
153
- category: Input
154
- description: No validation on struct fields from HTTP request
155
- detection_pattern: json\\.Unmarshal.*req\\.Body(?!.*valid)
156
- fix_pattern: Use validator package validate before processing
157
- cwe: CWE-20
158
- example_vuln: json.Unmarshal(body, &req)
159
- example_fix: json.Unmarshal(body, &req)\nif err := validate.Struct(req); err != nil { return err }
160
- - id: GO-15
161
- name: Hardcoded Credentials
162
- severity: CRITICAL
163
- category: Secrets
164
- description: Passwords or API keys hardcoded in source
165
- detection_pattern: (password|apikey|secret)\\s*[:=]\\s*['\][^'\"]+['\"]"
166
- fix_pattern: Use environment variables or secrets manager
167
- cwe: CWE-798
168
- example_vuln: dbPassword := 'mypassword123'
169
- example_fix: dbPassword := os.Getenv('DB_PASSWORD')
170
- - id: GO-16
171
- name: Integer Overflow
172
- severity: HIGH
173
- category: Math
174
- description: Integer operations without overflow check
175
- detection_pattern: \\+\\+|\\+=|\\*=(?!.*overflow|check)
176
- fix_pattern: Use math.MaxInt checks or safe math libraries
177
- cwe: CWE-190
178
- example_vuln: total := a + b // May overflow
179
- example_fix: if a > math.MaxInt64-b { return ErrOverflow }\ntotal := a + b
180
- - id: GO-17
181
- name: Missing CSRF Protection
182
- severity: HIGH
183
- category: Web
184
- description: Form handlers without CSRF token validation
185
- detection_pattern: http\\.HandleFunc.*/.*POST(?!.*csrf)
186
- fix_pattern: Implement CSRF tokens for all state-changing requests
187
- cwe: CWE-352
188
- example_vuln: http.HandleFunc('/transfer', transferHandler)
189
- example_fix: // Use gorilla/csrf middleware\nhttp.Handle('/transfer', csrf.Protect(key)(handler))
190
- - id: GO-18
191
- name: Open Redirect
192
- severity: MEDIUM
193
- category: Web
194
- description: Redirect destination from user input without validation
195
- detection_pattern: http\\.Redirect.*req\\.(URL|Query|Form)
196
- fix_pattern: Validate redirect URLs against allowlist
197
- cwe: CWE-601
198
- example_vuln: http.Redirect(w, r, r.Query.Get('next'), 302)
199
- example_fix: next := r.Query.Get('next')\nif !isInternal(next) { next = '/' }\nhttp.Redirect(w, r, next, 302)
200
- - id: GO-19
201
- name: Nil Pointer Dereference
202
- severity: HIGH
203
- category: Runtime
204
- description: Pointer usage without nil check
205
- detection_pattern: (\\*\\w+)\\.(\\w+)(?<!if.*!=.*nil.*\\{)
206
- fix_pattern: Check for nil before dereferencing pointers
207
- cwe: CWE-476
208
- example_vuln: user.Name // user may be nil
209
- example_fix: if user == nil { return ErrNotFound }\nname := user.Name
210
- - id: GO-20
211
- name: Sync Once Misuse
212
- severity: MEDIUM
213
- category: Concurrency
214
- description: sync.Once with closure over wrong variable
215
- detection_pattern: sync\\.Once.*Do.*func.*\\{.*rangeVar
216
- fix_pattern: Capture loop variable correctly in closure
217
- cwe: CWE-362
218
- example_vuln: for _, v := range items { once.Do(func() { use(v) }) }
219
- example_fix: for _, v := range items { v := v; once.Do(func() { use(v) }) }
20
+ - id: GO-01
21
+ name: Unchecked Error Return
22
+ severity: HIGH
23
+ category: Error
24
+ description: Error return value ignored allowing silent failures
25
+ detection_pattern: err\\s*:?=.*\\n(?!.*if\\s+err|.*err\\s*!=)
26
+ fix_pattern: Always check error returns handle or propagate
27
+ cwe: CWE-252
28
+ example_vuln: result, _ := doSomething()
29
+ example_fix: result, err := doSomething()\nif err != nil { return err }
30
+ - id: GO-02
31
+ name: Race Condition
32
+ severity: CRITICAL
33
+ category: Concurrency
34
+ description: Concurrent map access or shared state without sync
35
+ detection_pattern: (map\\[.*\\].*go\\s+func|go\\s+func.*map\\[)(?!.*sync|mutex|atomic)
36
+ fix_pattern: Use sync.Mutex sync.Map or channels for shared state
37
+ cwe: CWE-362
38
+ example_vuln: var cache map[string]int\ngo func() { cache['key'] = val }()
39
+ example_fix: var mu sync.Mutex\nmu.Lock()\ncache['key'] = val\nmu.Unlock()
40
+ - id: GO-03
41
+ name: Command Injection
42
+ severity: CRITICAL
43
+ category: Injection
44
+ description: User input used in exec.Command without sanitization
45
+ detection_pattern: exec\\.Command\\(.*\\+|fmt\\.Sprintf.*exec\\.Command
46
+ fix_pattern: Use argument arrays never shell strings validate input
47
+ cwe: CWE-78
48
+ example_vuln: exec.Command('sh', '-c', 'echo ' + userInput)
49
+ example_fix: exec.Command('echo', userInput) // No shell
50
+ - id: GO-04
51
+ name: Path Traversal
52
+ severity: HIGH
53
+ category: File
54
+ description: User input in filepath.Join without sanitization
55
+ detection_pattern: filepath\\.Join.*req\\.|os\\.Open.*\\+|ioutil\\.ReadFile.*\\+
56
+ fix_pattern: Use filepath.Clean validate path is within allowed dir
57
+ cwe: CWE-22
58
+ example_vuln: filepath.Join(baseDir, req.URL.Query().Get('file'))
59
+ example_fix: clean := filepath.Clean(userPath)\nif !strings.HasPrefix(clean, baseDir) { return err }
60
+ - id: GO-05
61
+ name: SQL Injection
62
+ severity: CRITICAL
63
+ category: Injection
64
+ description: String concatenation in SQL queries
65
+ detection_pattern: (db\\.Query|db\\.Exec)\\(.*\\+|fmt\\.Sprintf.*Query
66
+ fix_pattern: Use parameterized queries with db.Query(query args...)
67
+ cwe: CWE-89
68
+ example_vuln: db.Query('SELECT * FROM users WHERE id = ' + id)
69
+ example_fix: db.Query('SELECT * FROM users WHERE id = ?', id)
70
+ - id: GO-06
71
+ name: Weak TLS Config
72
+ severity: HIGH
73
+ category: Crypto
74
+ description: TLS config allows weak versions or insecure settings
75
+ detection_pattern: MinVersion.*tls\\.VersionTLS1[01]|InsecureSkipVerify.*true
76
+ fix_pattern: Enforce TLS 1.2+ verify certificates
77
+ cwe: CWE-327
78
+ example_vuln: "&tls.Config{MinVersion: tls.VersionTLS10}"
79
+ example_fix: "&tls.Config{MinVersion: tls.VersionTLS12}"
80
+ - id: GO-07
81
+ name: Unsafe Pointer Use
82
+ severity: HIGH
83
+ category: Memory
84
+ description: Unsafe pointer operations risking memory corruption
85
+ detection_pattern: unsafe\\.Pointer|uintptr(?!.*reflect\\.SliceHeader)
86
+ fix_pattern: Avoid unsafe unless absolutely necessary add bounds checks
87
+ cwe: CWE-119
88
+ example_vuln: ptr := unsafe.Pointer(&data)\n*(*int)(ptr) = 42
89
+ example_fix: // Use safe alternatives or add extensive validation
90
+ - id: GO-08
91
+ name: Missing Timeout
92
+ severity: HIGH
93
+ category: Reliability
94
+ description: HTTP client or context without timeout
95
+ detection_pattern: http\\.DefaultClient|context\\.Background\\(\\)(?!.*WithTimeout)
96
+ fix_pattern: Always set timeouts on HTTP clients and contexts
97
+ cwe: CWE-400
98
+ example_vuln: resp, err := http.Get(url)
99
+ example_fix: ctx, cancel := context.WithTimeout(ctx, 10*time.Second)\nreq = req.WithContext(ctx)
100
+ - id: GO-09
101
+ name: Goroutine Leak
102
+ severity: MEDIUM
103
+ category: Memory
104
+ description: Goroutines started without cancellation mechanism
105
+ detection_pattern: go\\s+func\\(\\)(?!.*context|done|cancel)
106
+ fix_pattern: Use context for cancellation or done channels
107
+ cwe: CWE-400
108
+ example_vuln: go func() { for { process() } }()
109
+ example_fix: "go func() { for { select { case <-ctx.Done(): return } } }()"
110
+ - id: GO-10
111
+ name: Template Injection
112
+ severity: HIGH
113
+ category: Injection
114
+ description: User input in HTML templates without escaping
115
+ detection_pattern: template\\.HTML\\(.*req|text/template.*user
116
+ fix_pattern: Use html/template package always escape user data
117
+ cwe: CWE-79
118
+ example_vuln: template.HTML(userInput)
119
+ example_fix: // html/template auto-escapes\ntmpl.Execute(w, data) // data is escaped
120
+ - id: GO-11
121
+ name: SSRF Via HTTP Client
122
+ severity: CRITICAL
123
+ category: Network
124
+ description: User-controlled URLs fetched without validation
125
+ detection_pattern: http\\.(Get|Post|Do).*req\\.(URL|Body|Query)
126
+ fix_pattern: Validate URLs against allowlist block internal IPs
127
+ cwe: CWE-918
128
+ example_vuln: http.Get(req.Query.Get('url'))
129
+ example_fix: url := req.Query.Get('url')\nif !isAllowed(url) { return }\nhttp.Get(url)
130
+ - id: GO-12
131
+ name: Crypto Rand Misuse
132
+ severity: HIGH
133
+ category: Crypto
134
+ description: Using math/rand instead of crypto/rand for security
135
+ detection_pattern: math/rand(?!.*seed)|rand\\.(Int|Read)(?!.*crypto)
136
+ fix_pattern: Use crypto/rand for security-sensitive random values
137
+ cwe: CWE-338
138
+ example_vuln: import 'math/rand'\ntoken := rand.Int()
139
+ example_fix: import 'crypto/rand'\nrand.Read(token)
140
+ - id: GO-13
141
+ name: Defer in Loop
142
+ severity: MEDIUM
143
+ category: Resource
144
+ description: Defer statement inside loop causing resource accumulation
145
+ detection_pattern: for.*\\{[^}]*defer
146
+ fix_pattern: Move defer outside loop or use explicit close
147
+ cwe: CWE-400
148
+ example_vuln: for _, f := range files { defer f.Close() }
149
+ example_fix: for _, f := range files { f.Close() }
150
+ - id: GO-14
151
+ name: Missing Input Validation
152
+ severity: HIGH
153
+ category: Input
154
+ description: No validation on struct fields from HTTP request
155
+ detection_pattern: json\\.Unmarshal.*req\\.Body(?!.*valid)
156
+ fix_pattern: Use validator package validate before processing
157
+ cwe: CWE-20
158
+ example_vuln: json.Unmarshal(body, &req)
159
+ example_fix: json.Unmarshal(body, &req)\nif err := validate.Struct(req); err != nil { return err }
160
+ - id: GO-15
161
+ name: Hardcoded Credentials
162
+ severity: CRITICAL
163
+ category: Secrets
164
+ description: Passwords or API keys hardcoded in source
165
+ detection_pattern: (password|apikey|secret)\\s*[:=]\\s*['\][^'\"]+['\"]"
166
+ fix_pattern: Use environment variables or secrets manager
167
+ cwe: CWE-798
168
+ example_vuln: dbPassword := 'mypassword123'
169
+ example_fix: dbPassword := os.Getenv('DB_PASSWORD')
170
+ - id: GO-16
171
+ name: Integer Overflow
172
+ severity: HIGH
173
+ category: Math
174
+ description: Integer operations without overflow check
175
+ detection_pattern: \\+\\+|\\+=|\\*=(?!.*overflow|check)
176
+ fix_pattern: Use math.MaxInt checks or safe math libraries
177
+ cwe: CWE-190
178
+ example_vuln: total := a + b // May overflow
179
+ example_fix: if a > math.MaxInt64-b { return ErrOverflow }\ntotal := a + b
180
+ - id: GO-17
181
+ name: Missing CSRF Protection
182
+ severity: HIGH
183
+ category: Web
184
+ description: Form handlers without CSRF token validation
185
+ detection_pattern: http\\.HandleFunc.*/.*POST(?!.*csrf)
186
+ fix_pattern: Implement CSRF tokens for all state-changing requests
187
+ cwe: CWE-352
188
+ example_vuln: http.HandleFunc('/transfer', transferHandler)
189
+ example_fix: // Use gorilla/csrf middleware\nhttp.Handle('/transfer', csrf.Protect(key)(handler))
190
+ - id: GO-18
191
+ name: Open Redirect
192
+ severity: MEDIUM
193
+ category: Web
194
+ description: Redirect destination from user input without validation
195
+ detection_pattern: http\\.Redirect.*req\\.(URL|Query|Form)
196
+ fix_pattern: Validate redirect URLs against allowlist
197
+ cwe: CWE-601
198
+ example_vuln: http.Redirect(w, r, r.Query.Get('next'), 302)
199
+ example_fix: next := r.Query.Get('next')\nif !isInternal(next) { next = '/' }\nhttp.Redirect(w, r, next, 302)
200
+ - id: GO-19
201
+ name: Nil Pointer Dereference
202
+ severity: HIGH
203
+ category: Runtime
204
+ description: Pointer usage without nil check
205
+ detection_pattern: (\\*\\w+)\\.(\\w+)(?<!if.*!=.*nil.*\\{)
206
+ fix_pattern: Check for nil before dereferencing pointers
207
+ cwe: CWE-476
208
+ example_vuln: user.Name // user may be nil
209
+ example_fix: if user == nil { return ErrNotFound }\nname := user.Name
210
+ - id: GO-20
211
+ name: Sync Once Misuse
212
+ severity: MEDIUM
213
+ category: Concurrency
214
+ description: sync.Once with closure over wrong variable
215
+ detection_pattern: sync\\.Once.*Do.*func.*\\{.*rangeVar
216
+ fix_pattern: Capture loop variable correctly in closure
217
+ cwe: CWE-362
218
+ example_vuln: for _, v := range items { once.Do(func() { use(v) }) }
219
+ example_fix: for _, v := range items { v := v; once.Do(func() { use(v) }) }