@nockdev/awf 6.2.0 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (733) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
  43. package/.agent/i18n/en.yaml +6 -6
  44. package/.agent/i18n/vi.yaml +6 -6
  45. package/.agent/ide/README.md +1 -1
  46. package/.agent/ide/amazonq.json +3 -3
  47. package/.agent/ide/amp.json +4 -3
  48. package/.agent/ide/antigravity.json +4 -3
  49. package/.agent/ide/augment.json +4 -4
  50. package/.agent/ide/claude.json +4 -3
  51. package/.agent/ide/cline.json +4 -3
  52. package/.agent/ide/codex.json +6 -1
  53. package/.agent/ide/cody.json +4 -3
  54. package/.agent/ide/continue.json +4 -3
  55. package/.agent/ide/cursor.json +4 -3
  56. package/.agent/ide/gemini.json +4 -3
  57. package/.agent/ide/jetbrains.json +4 -3
  58. package/.agent/ide/kiro.json +4 -3
  59. package/.agent/ide/opencode.json +4 -3
  60. package/.agent/ide/roo.json +4 -3
  61. package/.agent/ide/tabnine.json +4 -3
  62. package/.agent/ide/trae.json +4 -3
  63. package/.agent/ide/vscode.json +4 -3
  64. package/.agent/ide/windsurf.json +4 -3
  65. package/.agent/ide/zed.json +4 -3
  66. package/.agent/manifest.yaml +142 -34
  67. package/.agent/memory/core_memory/persona.json +2 -2
  68. package/.agent/memory/core_memory/project.json +1 -1
  69. package/.agent/memory/core_memory/rules.json +1 -1
  70. package/.agent/memory/core_memory/user.json +1 -1
  71. package/.agent/memory/graph/knowledge_graph.json +1 -1
  72. package/.agent/memory/patterns/errors.json +1 -1
  73. package/.agent/memory/patterns/successes.json +1 -1
  74. package/.agent/memory/state.json +3 -3
  75. package/.agent/personas/README.md +1 -1
  76. package/.agent/personas/architect.md +1 -1
  77. package/.agent/personas/auditor.md +1 -1
  78. package/.agent/personas/debugger.md +1 -1
  79. package/.agent/personas/developer.md +1 -1
  80. package/.agent/personas/devops.md +1 -1
  81. package/.agent/personas/documenter.md +1 -1
  82. package/.agent/personas/orchestrator.md +1 -1
  83. package/.agent/personas/persona.schema.yaml +1 -1
  84. package/.agent/personas/planner.md +1 -1
  85. package/.agent/personas/researcher.md +1 -1
  86. package/.agent/personas/security.md +1 -1
  87. package/.agent/personas/tester.md +1 -1
  88. package/.agent/private/README.md +74 -0
  89. package/.agent/private/_index.yaml +23 -0
  90. package/.agent/private/_template/META.yaml +38 -0
  91. package/.agent/private/_template/SKILL.md +43 -0
  92. package/.agent/private/_template/data/.gitkeep +0 -0
  93. package/.agent/private/autodomyh-api/META.yaml +48 -0
  94. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  95. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  96. package/.agent/rules/README.md +24 -18
  97. package/.agent/rules/SACRED_RULES.xml +42 -36
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
  100. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
  101. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  102. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  103. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  104. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  105. package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
  106. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  107. package/.agent/rules/data/build-systems.yaml +2 -2
  108. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  109. package/.agent/rules/modules/edit-verification.yaml +1 -1
  110. package/.agent/rules/modules/git-workflow.yaml +1 -1
  111. package/.agent/rules/modules/language.yaml +1 -1
  112. package/.agent/rules/modules/online-research.yaml +1 -1
  113. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  114. package/.agent/rules/modules/quality.yaml +1 -1
  115. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  116. package/.agent/rules/modules/terminal-safety.yaml +45 -1
  117. package/.agent/rules/modules/yagni.yaml +1 -1
  118. package/.agent/rules/validation-framework.md +1 -1
  119. package/.agent/skills/DEVELOPMENT.yaml +17 -6
  120. package/.agent/skills/README.md +19 -16
  121. package/.agent/skills/_categories.yaml +60 -8
  122. package/.agent/skills/_router.yaml +61 -19
  123. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  124. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  128. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  129. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  130. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  134. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  141. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  142. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  145. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  153. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  154. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  155. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  160. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  161. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  162. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  163. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  164. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  165. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  166. package/.agent/skills/core/api-design/META.yaml +1 -5
  167. package/.agent/skills/core/api-design/SKILL.md +20 -26
  168. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  169. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  170. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  172. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  173. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  174. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  175. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  176. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  177. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  178. package/.agent/skills/core/authentication/META.yaml +1 -5
  179. package/.agent/skills/core/authentication/SKILL.md +36 -43
  180. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  181. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  182. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  183. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  190. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  191. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  192. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  193. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  194. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  195. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  196. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  197. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  198. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  199. package/.agent/skills/core/error-handling/META.yaml +1 -5
  200. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  201. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  202. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  204. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  205. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  206. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  207. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  208. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  211. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  212. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  213. package/.agent/skills/core/logging/META.yaml +1 -5
  214. package/.agent/skills/core/logging/SKILL.md +28 -42
  215. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  216. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  217. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  218. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  221. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  222. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  223. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  225. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  226. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  227. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  228. package/.agent/skills/core/observability/META.yaml +1 -5
  229. package/.agent/skills/core/observability/SKILL.md +29 -38
  230. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  231. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  232. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  233. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  237. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  238. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  240. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  241. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  242. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  243. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  244. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  245. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  246. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  247. package/.agent/skills/core/security/META.yaml +1 -5
  248. package/.agent/skills/core/security/SKILL.md +25 -25
  249. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  250. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  251. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  252. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  253. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  254. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  255. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  257. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  259. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  260. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  261. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  262. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  263. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  264. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  265. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  266. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  267. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  268. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  269. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  270. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  271. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  272. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  273. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  274. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  275. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  276. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  279. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  280. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  281. package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
  282. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  283. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  284. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  285. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  286. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  287. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  288. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  289. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  290. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  291. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  292. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  293. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  294. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  295. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  296. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  297. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  298. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  299. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  300. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  301. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  302. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  303. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  304. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  305. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  314. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  315. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  316. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  317. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  348. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  349. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  350. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  351. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  352. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  354. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  355. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  356. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  357. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  358. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  359. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  360. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  361. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  362. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  363. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  364. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  365. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  366. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  367. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  371. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  372. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  373. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  374. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  375. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  376. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  377. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  378. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  379. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  380. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  381. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  382. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  383. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  384. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  385. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  386. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  387. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  388. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  389. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  390. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  391. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  392. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  393. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  394. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  395. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  396. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  397. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  398. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  399. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  400. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  407. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  408. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  409. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  410. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  411. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  412. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  413. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  414. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  415. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  416. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  417. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  418. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  419. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  420. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  421. package/.agent/skills/devops/aws/META.yaml +48 -63
  422. package/.agent/skills/devops/aws/SKILL.md +39 -697
  423. package/.agent/skills/devops/azure/META.yaml +44 -0
  424. package/.agent/skills/devops/azure/SKILL.md +43 -0
  425. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  426. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  427. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  428. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  429. package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
  430. package/.agent/skills/devops/docker/META.yaml +53 -14
  431. package/.agent/skills/devops/docker/SKILL.md +35 -639
  432. package/.agent/skills/devops/gcp/META.yaml +43 -0
  433. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  434. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  435. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  436. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  437. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  438. package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
  439. package/.agent/skills/devops/terraform/META.yaml +47 -0
  440. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  441. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  442. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  443. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  444. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  445. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  446. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  447. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  448. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  449. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  450. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  451. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  452. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  453. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  454. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  455. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  456. package/.agent/skills/frameworks/react/META.yaml +20 -7
  457. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  458. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  459. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  460. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  461. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  462. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  463. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  464. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  465. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  466. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  467. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  468. package/.agent/skills/index.json +67 -14
  469. package/.agent/skills/languages/asm/META.yaml +2 -8
  470. package/.agent/skills/languages/asm/SKILL.md +1 -1
  471. package/.agent/skills/languages/c/META.yaml +2 -8
  472. package/.agent/skills/languages/c/SKILL.md +1 -1
  473. package/.agent/skills/languages/clojure/META.yaml +2 -2
  474. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  475. package/.agent/skills/languages/cpp/META.yaml +2 -8
  476. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  477. package/.agent/skills/languages/crystal/META.yaml +2 -8
  478. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  479. package/.agent/skills/languages/csharp/META.yaml +2 -2
  480. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  481. package/.agent/skills/languages/elixir/META.yaml +2 -2
  482. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  483. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  484. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  485. package/.agent/skills/languages/go/META.yaml +2 -8
  486. package/.agent/skills/languages/go/SKILL.md +1 -1
  487. package/.agent/skills/languages/haskell/META.yaml +2 -2
  488. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  489. package/.agent/skills/languages/java/META.yaml +2 -8
  490. package/.agent/skills/languages/java/SKILL.md +1 -1
  491. package/.agent/skills/languages/javascript/META.yaml +2 -8
  492. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  493. package/.agent/skills/languages/julia/META.yaml +2 -2
  494. package/.agent/skills/languages/julia/SKILL.md +1 -1
  495. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  496. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  497. package/.agent/skills/languages/lua/META.yaml +2 -8
  498. package/.agent/skills/languages/lua/SKILL.md +3 -3
  499. package/.agent/skills/languages/nim/META.yaml +2 -8
  500. package/.agent/skills/languages/nim/SKILL.md +1 -1
  501. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  502. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  503. package/.agent/skills/languages/perl/META.yaml +2 -2
  504. package/.agent/skills/languages/perl/SKILL.md +1 -1
  505. package/.agent/skills/languages/php/META.yaml +2 -2
  506. package/.agent/skills/languages/php/SKILL.md +1 -1
  507. package/.agent/skills/languages/python/META.yaml +2 -8
  508. package/.agent/skills/languages/python/SKILL.md +1 -1
  509. package/.agent/skills/languages/r/META.yaml +2 -2
  510. package/.agent/skills/languages/r/SKILL.md +1 -1
  511. package/.agent/skills/languages/ruby/META.yaml +2 -2
  512. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  513. package/.agent/skills/languages/rust/META.yaml +2 -8
  514. package/.agent/skills/languages/rust/SKILL.md +1 -1
  515. package/.agent/skills/languages/scala/META.yaml +2 -2
  516. package/.agent/skills/languages/scala/SKILL.md +1 -1
  517. package/.agent/skills/languages/solidity/META.yaml +2 -2
  518. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  519. package/.agent/skills/languages/swift/META.yaml +2 -2
  520. package/.agent/skills/languages/swift/SKILL.md +1 -1
  521. package/.agent/skills/languages/typescript/META.yaml +2 -8
  522. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  523. package/.agent/skills/languages/zig/META.yaml +5 -7
  524. package/.agent/skills/languages/zig/SKILL.md +1 -1
  525. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  526. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  527. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  528. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  529. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  531. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  532. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  533. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  534. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  535. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  536. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  537. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  538. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  539. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  540. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  541. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  542. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  543. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  544. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  545. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  546. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  547. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  548. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  549. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  550. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  551. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  552. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  553. package/.agent/templates/README.md +2 -2
  554. package/.agent/templates/debug-report.md +1 -1
  555. package/.agent/templates/deploy-plan.md +1 -1
  556. package/.agent/templates/doc-template.md +1 -1
  557. package/.agent/templates/index.yaml +2 -2
  558. package/.agent/templates/migrate-plan.md +1 -1
  559. package/.agent/templates/phase-template.md +1 -1
  560. package/.agent/templates/tasks/audit.yaml +1 -1
  561. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  562. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  563. package/.agent/templates/tasks/refactor.yaml +1 -1
  564. package/.agent/templates/test-report.md +1 -1
  565. package/.agent/workflows/code.md +22 -1
  566. package/.agent/workflows/deploy.md +5 -1
  567. package/.agent/workflows/e2e.md +112 -0
  568. package/.agent/workflows/fix.md +1 -1
  569. package/.agent/workflows/prompt.md +325 -0
  570. package/.agent/workflows/scaffold.md +1 -1
  571. package/.agent/workflows/tdd.md +108 -0
  572. package/.agent/workflows/verify.md +116 -0
  573. package/.agent/workflows/visualize.md +50 -18
  574. package/README.md +16 -13
  575. package/configs/aider/root.CONVENTIONS.md +51 -0
  576. package/configs/amazonq/root.amazonq.md +51 -0
  577. package/configs/amp/root.AGENTS.md +51 -0
  578. package/configs/antigravity/root.GEMINI.md +51 -0
  579. package/configs/augment/root.guidelines.md +51 -0
  580. package/configs/claude/root.CLAUDE.md +51 -0
  581. package/configs/cline/root.clinerules.md +51 -0
  582. package/configs/coderabbit/root.coderabbit.yaml +52 -0
  583. package/configs/codex/root.AGENTS.md +51 -0
  584. package/configs/cody/root.commands.json +76 -0
  585. package/configs/continue/root.continue.md +51 -0
  586. package/configs/copilot/root.copilot-instructions.md +51 -0
  587. package/configs/cursor/root.cursorrules +51 -0
  588. package/configs/gemini/root.GEMINI.md +51 -0
  589. package/configs/jetbrains/root.guidelines.md +51 -0
  590. package/configs/opencode/root.opencode.json +24 -0
  591. package/configs/roo/root.roorules.md +51 -0
  592. package/configs/tabnine/root.guidelines.md +51 -0
  593. package/configs/vscode/root.copilot-instructions.md +51 -0
  594. package/configs/windsurf/root.windsurfrules +51 -0
  595. package/configs/zed/root.settings.json +15 -0
  596. package/dist/commands/add.d.ts.map +1 -1
  597. package/dist/commands/add.js +9 -1
  598. package/dist/commands/add.js.map +1 -1
  599. package/dist/commands/config.d.ts.map +1 -1
  600. package/dist/commands/config.js +24 -8
  601. package/dist/commands/config.js.map +1 -1
  602. package/dist/commands/hsa.d.ts.map +1 -1
  603. package/dist/commands/hsa.js +106 -20
  604. package/dist/commands/hsa.js.map +1 -1
  605. package/dist/commands/init.d.ts.map +1 -1
  606. package/dist/commands/init.js +62 -69
  607. package/dist/commands/init.js.map +1 -1
  608. package/dist/commands/install-core.d.ts +2 -1
  609. package/dist/commands/install-core.d.ts.map +1 -1
  610. package/dist/commands/install-core.js +43 -16
  611. package/dist/commands/install-core.js.map +1 -1
  612. package/dist/commands/install-helpers.d.ts.map +1 -1
  613. package/dist/commands/install-helpers.js +25 -2
  614. package/dist/commands/install-helpers.js.map +1 -1
  615. package/dist/commands/install-hsa.d.ts +2 -5
  616. package/dist/commands/install-hsa.d.ts.map +1 -1
  617. package/dist/commands/install-hsa.js +2 -5
  618. package/dist/commands/install-hsa.js.map +1 -1
  619. package/dist/commands/install.d.ts +27 -0
  620. package/dist/commands/install.d.ts.map +1 -1
  621. package/dist/commands/install.js +68 -20
  622. package/dist/commands/install.js.map +1 -1
  623. package/dist/commands/list.d.ts.map +1 -1
  624. package/dist/commands/list.js +2 -1
  625. package/dist/commands/list.js.map +1 -1
  626. package/dist/commands/mcp-registry.d.ts +24 -9
  627. package/dist/commands/mcp-registry.d.ts.map +1 -1
  628. package/dist/commands/mcp-registry.js +39 -57
  629. package/dist/commands/mcp-registry.js.map +1 -1
  630. package/dist/commands/mcp-writers.d.ts.map +1 -1
  631. package/dist/commands/mcp-writers.js +6 -5
  632. package/dist/commands/mcp-writers.js.map +1 -1
  633. package/dist/commands/mcp.d.ts +1 -1
  634. package/dist/commands/mcp.d.ts.map +1 -1
  635. package/dist/commands/mcp.js +37 -9
  636. package/dist/commands/mcp.js.map +1 -1
  637. package/dist/commands/update.d.ts.map +1 -1
  638. package/dist/commands/update.js +16 -6
  639. package/dist/commands/update.js.map +1 -1
  640. package/dist/constants/cursor-globs.d.ts.map +1 -1
  641. package/dist/constants/cursor-globs.js +0 -6
  642. package/dist/constants/cursor-globs.js.map +1 -1
  643. package/dist/constants/ide-install-specs.js +9 -9
  644. package/dist/constants/ide-install-specs.js.map +1 -1
  645. package/dist/constants.d.ts +3 -3
  646. package/dist/constants.d.ts.map +1 -1
  647. package/dist/constants.js +3 -3
  648. package/dist/constants.js.map +1 -1
  649. package/dist/index.d.ts.map +1 -1
  650. package/dist/index.js +1 -9
  651. package/dist/index.js.map +1 -1
  652. package/dist/types/ide-install.js +1 -1
  653. package/dist/utils/copy-helpers.d.ts +7 -2
  654. package/dist/utils/copy-helpers.d.ts.map +1 -1
  655. package/dist/utils/copy-helpers.js +77 -51
  656. package/dist/utils/copy-helpers.js.map +1 -1
  657. package/dist/utils/install-manifest.d.ts +12 -0
  658. package/dist/utils/install-manifest.d.ts.map +1 -0
  659. package/dist/utils/install-manifest.js +27 -0
  660. package/dist/utils/install-manifest.js.map +1 -0
  661. package/dist/utils/validation.d.ts.map +1 -1
  662. package/dist/utils/validation.js +34 -7
  663. package/dist/utils/validation.js.map +1 -1
  664. package/package.json +5 -4
  665. package/.agent/core/embeddings.json +0 -2004
  666. package/.agent/core/session_cache.json +0 -50
  667. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  668. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  669. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  670. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  683. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  684. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  685. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  686. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  687. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  688. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  689. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  690. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  691. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  692. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  693. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  694. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  695. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  696. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  697. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  698. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  699. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  700. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  701. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  702. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  703. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  704. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  705. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  706. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  707. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  708. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  709. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  710. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  711. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  712. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  713. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  714. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  715. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  716. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  717. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  718. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  719. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  720. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  721. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  722. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  723. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  724. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  725. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  726. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  727. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  728. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  729. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  730. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  731. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  732. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  733. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/data/language-specific/php-security.yaml CHANGED
@@ -1,219 +1,219 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: php_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: php-security.csv
4
+ version: 6.2.2
5
+ updated: "2026-02-05"
6
+ migrated_from: php-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - description
14
- - detection_pattern
15
- - fix_pattern
16
- - cwe
17
- - example_vuln
18
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - description
14
+ - detection_pattern
15
+ - fix_pattern
16
+ - cwe
17
+ - example_vuln
18
+ - example_fix
19
19
  patterns:
20
- - id: PHP-01
21
- name: SQL Injection
22
- severity: CRITICAL
23
- category: Injection
24
- description: Variable interpolation in SQL queries
25
- detection_pattern: (mysql_query|mysqli_query|->query).*\\$(?!.*prepare|bindParam)
26
- fix_pattern: Use PDO with prepared statements
27
- cwe: CWE-89
28
- example_vuln: mysqli_query($conn, \SELECT * FROM users WHERE id = $id\");"
29
- example_fix: $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');\n$stmt->execute([$id]);
30
- - id: PHP-02
31
- name: XSS Output
32
- severity: HIGH
33
- category: XSS
34
- description: User input echoed without htmlspecialchars
35
- detection_pattern: echo.*\\$_(GET|POST|REQUEST)(?!.*htmlspecialchars)
36
- fix_pattern: Use htmlspecialchars with ENT_QUOTES
37
- cwe: CWE-79
38
- example_vuln: echo $_GET['name'];
39
- example_fix: echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
40
- - id: PHP-03
41
- name: Command Injection
42
- severity: CRITICAL
43
- category: Injection
44
- description: User input in shell_exec or system
45
- detection_pattern: (shell_exec|system|exec|passthru).*\\$(?!.*escapeshellarg)
46
- fix_pattern: Use escapeshellarg and escapeshellcmd
47
- cwe: CWE-78
48
- example_vuln: system('ping ' . $_GET['host']);
49
- example_fix: system('ping ' . escapeshellarg($_GET['host']));
50
- - id: PHP-04
51
- name: File Inclusion
52
- severity: CRITICAL
53
- category: LFI
54
- description: User input in include or require
55
- detection_pattern: (include|require|include_once|require_once).*\\$(?!.*whitelist)
56
- fix_pattern: Use whitelist validate against allowed files
57
- cwe: CWE-98
58
- example_vuln: include($_GET['page'] . '.php');
59
- example_fix: $allowed = ['home', 'about'];\nif (in_array($page, $allowed)) include($page . '.php');
60
- - id: PHP-05
61
- name: Path Traversal
62
- severity: HIGH
63
- category: File
64
- description: User input in file functions
65
- detection_pattern: (file_get_contents|fopen|readfile).*\\$(?!.*realpath|basename)
66
- fix_pattern: Use realpath and validate against base directory
67
- cwe: CWE-22
68
- example_vuln: readfile('uploads/' . $_GET['file']);
69
- example_fix: $path = realpath('uploads/' . $_GET['file']);\nif (strpos($path, realpath('uploads/')) !== 0) die('Invalid');
70
- - id: PHP-06
71
- name: Insecure Deserialization
72
- severity: CRITICAL
73
- category: Deserialization
74
- description: unserialize on user input
75
- detection_pattern: unserialize.*\\$_(GET|POST|REQUEST|COOKIE)
76
- fix_pattern: Use JSON or restrict allowed classes
77
- cwe: CWE-502
78
- example_vuln: $data = unserialize($_POST['data']);
79
- example_fix: '$data = unserialize($_POST[''data''], [''allowed_classes'' => false]);\n// Or: $data = json_decode($_POST[''data'']);'
80
- - id: PHP-07
81
- name: Weak Password Hash
82
- severity: HIGH
83
- category: Crypto
84
- description: MD5 or SHA1 for password hashing
85
- detection_pattern: (md5|sha1).*password|\\$_POST\\['password'\\]
86
- fix_pattern: Use password_hash with PASSWORD_DEFAULT
87
- cwe: CWE-327
88
- example_vuln: $hash = md5($password);
89
- example_fix: '$hash = password_hash($password, PASSWORD_DEFAULT);\n// Verify: password_verify($input, $hash)'
90
- - id: PHP-08
91
- name: CSRF Missing
92
- severity: HIGH
93
- category: CSRF
94
- description: Form without CSRF token validation
95
- detection_pattern: \\$_POST(?!.*csrf|token.*verify)
96
- fix_pattern: Implement CSRF tokens validate on submit
97
- cwe: CWE-352
98
- example_vuln: if ($_POST['action'] == 'delete') { /* delete */ }
99
- example_fix: if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die('Invalid');
100
- - id: PHP-09
101
- name: Session Fixation
102
- severity: HIGH
103
- category: Session
104
- description: Session ID not regenerated on login
105
- detection_pattern: session_start(?!.*session_regenerate_id)
106
- fix_pattern: Call session_regenerate_id after authentication
107
- cwe: CWE-384
108
- example_vuln: session_start();\n$_SESSION['user'] = $user;
109
- example_fix: session_start();\nsession_regenerate_id(true);\n$_SESSION['user'] = $user;
110
- - id: PHP-10
111
- name: Insecure Cookie
112
- severity: HIGH
113
- category: Session
114
- description: Cookies without security flags
115
- detection_pattern: setcookie.*(?!.*httponly|secure|samesite)
116
- fix_pattern: Set httponly secure samesite flags
117
- cwe: CWE-614
118
- example_vuln: setcookie('session', $token);
119
- example_fix: setcookie('session', $token, [\n 'httponly' => true,\n 'secure' => true,\n 'samesite' => 'Strict'\n]);
120
- - id: PHP-11
121
- name: Open Redirect
122
- severity: MEDIUM
123
- category: Redirect
124
- description: User input in header redirect
125
- detection_pattern: header.*Location.*\\$(?!.*allowlist)
126
- fix_pattern: Validate redirect URLs against allowlist
127
- cwe: CWE-601
128
- example_vuln: 'header(''Location: '' . $_GET[''url'']);'
129
- example_fix: '$allowed = [''/'', ''/dashboard''];\nif (in_array($url, $allowed)) header(''Location: '' . $url);'
130
- - id: PHP-12
131
- name: XML External Entity
132
- severity: CRITICAL
133
- category: XXE
134
- description: XML parsing with external entities
135
- detection_pattern: libxml_disable_entity_loader.*false|DOMDocument(?!.*LIBXML_NOENT)
136
- fix_pattern: Disable external entity loading
137
- cwe: CWE-611
138
- example_vuln: $doc = new DOMDocument();\n$doc->loadXML($xml);
139
- example_fix: libxml_disable_entity_loader(true);\n$doc = new DOMDocument();\n$doc->loadXML($xml, LIBXML_NOENT | LIBXML_DTDLOAD);
140
- - id: PHP-13
141
- name: Information Exposure
142
- severity: MEDIUM
143
- category: Info
144
- description: Error display enabled in production
145
- detection_pattern: display_errors.*On|error_reporting.*E_ALL
146
- fix_pattern: Disable display_errors log to file instead
147
- cwe: CWE-209
148
- example_vuln: display_errors = On
149
- example_fix: display_errors = Off\nlog_errors = On
150
- - id: PHP-14
151
- name: Unsafe File Upload
152
- severity: CRITICAL
153
- category: Upload
154
- description: File upload without validation
155
- detection_pattern: move_uploaded_file(?!.*mime|extension.*whitelist)
156
- fix_pattern: Validate MIME type extension and scan content
157
- cwe: CWE-434
158
- example_vuln: move_uploaded_file($_FILES['f']['tmp_name'], $target);
159
- example_fix: $allowed = ['image/jpeg', 'image/png'];\nif (!in_array($_FILES['f']['type'], $allowed)) die();
160
- - id: PHP-15
161
- name: Eval Injection
162
- severity: CRITICAL
163
- category: Injection
164
- description: User input in eval or create_function
165
- detection_pattern: (eval|create_function|assert).*\\$
166
- fix_pattern: Never use eval with user input use alternatives
167
- cwe: CWE-94
168
- example_vuln: eval('$result = ' . $_GET['expr'] . ';');
169
- example_fix: // Use a math parser library instead of eval
170
- - id: PHP-16
171
- name: Preg Callback Injection
172
- severity: HIGH
173
- category: Injection
174
- description: PREG_REPLACE_EVAL or preg_replace with /e modifier
175
- detection_pattern: preg_replace.*\\/e|PREG_REPLACE_EVAL
176
- fix_pattern: Use preg_replace_callback instead
177
- cwe: CWE-94
178
- example_vuln: preg_replace('/.*/e', $_GET['code'], $input);
179
- example_fix: preg_replace_callback('/.*/', function($m) { /* safe */ }, $input);
180
- - id: PHP-17
181
- name: Type Juggling
182
- severity: HIGH
183
- category: Auth
184
- description: Loose comparison with user input
185
- detection_pattern: ==.*\\$_(GET|POST)|\\$_(GET|POST).*==
186
- fix_pattern: Use strict comparison === or hash_equals
187
- cwe: CWE-697
188
- example_vuln: if ($_POST['token'] == $secret) { /* bypass */ }
189
- example_fix: if (hash_equals($secret, $_POST['token'])) { }
190
- - id: PHP-18
191
- name: Unvalidated Redirect
192
- severity: MEDIUM
193
- category: Redirect
194
- description: header() with unvalidated user input
195
- detection_pattern: header\\s*\\(.*\\$(?!.*parse_url|filter_var)
196
- fix_pattern: Validate URL format and domain
197
- cwe: CWE-601
198
- example_vuln: 'header(''Refresh: 0; url='' . $_GET[''url'']);'
199
- example_fix: '$url = filter_var($_GET[''url''], FILTER_VALIDATE_URL);\nif ($url && parse_url($url, PHP_URL_HOST) === ''example.com'') header(''Location: '' . $url);'
200
- - id: PHP-19
201
- name: Insecure Random
202
- severity: HIGH
203
- category: Crypto
204
- description: Using rand() or mt_rand() for security
205
- detection_pattern: (rand|mt_rand|uniqid)\\(\\)(?!.*random_bytes)
206
- fix_pattern: Use random_bytes or random_int for security
207
- cwe: CWE-338
208
- example_vuln: $token = md5(mt_rand());
209
- example_fix: $token = bin2hex(random_bytes(32));
210
- - id: PHP-20
211
- name: Register Globals Style
212
- severity: HIGH
213
- category: Config
214
- description: Direct use of uninitialized variables
215
- detection_pattern: \\$(?!_(GET|POST|SESSION|SERVER|FILES))\\w+(?!.*=).*\\$_(GET|POST)
216
- fix_pattern: Always initialize variables validate input
217
- cwe: CWE-94
218
- example_vuln: if ($admin) { /* bypass if $admin in GET */ }
219
- example_fix: $admin = false;\n$admin = isset($_SESSION['admin']) && $_SESSION['admin'];
20
+ - id: PHP-01
21
+ name: SQL Injection
22
+ severity: CRITICAL
23
+ category: Injection
24
+ description: Variable interpolation in SQL queries
25
+ detection_pattern: (mysql_query|mysqli_query|->query).*\\$(?!.*prepare|bindParam)
26
+ fix_pattern: Use PDO with prepared statements
27
+ cwe: CWE-89
28
+ example_vuln: mysqli_query($conn, \SELECT * FROM users WHERE id = $id\");"
29
+ example_fix: $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');\n$stmt->execute([$id]);
30
+ - id: PHP-02
31
+ name: XSS Output
32
+ severity: HIGH
33
+ category: XSS
34
+ description: User input echoed without htmlspecialchars
35
+ detection_pattern: echo.*\\$_(GET|POST|REQUEST)(?!.*htmlspecialchars)
36
+ fix_pattern: Use htmlspecialchars with ENT_QUOTES
37
+ cwe: CWE-79
38
+ example_vuln: echo $_GET['name'];
39
+ example_fix: echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
40
+ - id: PHP-03
41
+ name: Command Injection
42
+ severity: CRITICAL
43
+ category: Injection
44
+ description: User input in shell_exec or system
45
+ detection_pattern: (shell_exec|system|exec|passthru).*\\$(?!.*escapeshellarg)
46
+ fix_pattern: Use escapeshellarg and escapeshellcmd
47
+ cwe: CWE-78
48
+ example_vuln: system('ping ' . $_GET['host']);
49
+ example_fix: system('ping ' . escapeshellarg($_GET['host']));
50
+ - id: PHP-04
51
+ name: File Inclusion
52
+ severity: CRITICAL
53
+ category: LFI
54
+ description: User input in include or require
55
+ detection_pattern: (include|require|include_once|require_once).*\\$(?!.*whitelist)
56
+ fix_pattern: Use whitelist validate against allowed files
57
+ cwe: CWE-98
58
+ example_vuln: include($_GET['page'] . '.php');
59
+ example_fix: $allowed = ['home', 'about'];\nif (in_array($page, $allowed)) include($page . '.php');
60
+ - id: PHP-05
61
+ name: Path Traversal
62
+ severity: HIGH
63
+ category: File
64
+ description: User input in file functions
65
+ detection_pattern: (file_get_contents|fopen|readfile).*\\$(?!.*realpath|basename)
66
+ fix_pattern: Use realpath and validate against base directory
67
+ cwe: CWE-22
68
+ example_vuln: readfile('uploads/' . $_GET['file']);
69
+ example_fix: $path = realpath('uploads/' . $_GET['file']);\nif (strpos($path, realpath('uploads/')) !== 0) die('Invalid');
70
+ - id: PHP-06
71
+ name: Insecure Deserialization
72
+ severity: CRITICAL
73
+ category: Deserialization
74
+ description: unserialize on user input
75
+ detection_pattern: unserialize.*\\$_(GET|POST|REQUEST|COOKIE)
76
+ fix_pattern: Use JSON or restrict allowed classes
77
+ cwe: CWE-502
78
+ example_vuln: $data = unserialize($_POST['data']);
79
+ example_fix: '$data = unserialize($_POST[''data''], [''allowed_classes'' => false]);\n// Or: $data = json_decode($_POST[''data'']);'
80
+ - id: PHP-07
81
+ name: Weak Password Hash
82
+ severity: HIGH
83
+ category: Crypto
84
+ description: MD5 or SHA1 for password hashing
85
+ detection_pattern: (md5|sha1).*password|\\$_POST\\['password'\\]
86
+ fix_pattern: Use password_hash with PASSWORD_DEFAULT
87
+ cwe: CWE-327
88
+ example_vuln: $hash = md5($password);
89
+ example_fix: '$hash = password_hash($password, PASSWORD_DEFAULT);\n// Verify: password_verify($input, $hash)'
90
+ - id: PHP-08
91
+ name: CSRF Missing
92
+ severity: HIGH
93
+ category: CSRF
94
+ description: Form without CSRF token validation
95
+ detection_pattern: \\$_POST(?!.*csrf|token.*verify)
96
+ fix_pattern: Implement CSRF tokens validate on submit
97
+ cwe: CWE-352
98
+ example_vuln: if ($_POST['action'] == 'delete') { /* delete */ }
99
+ example_fix: if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die('Invalid');
100
+ - id: PHP-09
101
+ name: Session Fixation
102
+ severity: HIGH
103
+ category: Session
104
+ description: Session ID not regenerated on login
105
+ detection_pattern: session_start(?!.*session_regenerate_id)
106
+ fix_pattern: Call session_regenerate_id after authentication
107
+ cwe: CWE-384
108
+ example_vuln: session_start();\n$_SESSION['user'] = $user;
109
+ example_fix: session_start();\nsession_regenerate_id(true);\n$_SESSION['user'] = $user;
110
+ - id: PHP-10
111
+ name: Insecure Cookie
112
+ severity: HIGH
113
+ category: Session
114
+ description: Cookies without security flags
115
+ detection_pattern: setcookie.*(?!.*httponly|secure|samesite)
116
+ fix_pattern: Set httponly secure samesite flags
117
+ cwe: CWE-614
118
+ example_vuln: setcookie('session', $token);
119
+ example_fix: setcookie('session', $token, [\n 'httponly' => true,\n 'secure' => true,\n 'samesite' => 'Strict'\n]);
120
+ - id: PHP-11
121
+ name: Open Redirect
122
+ severity: MEDIUM
123
+ category: Redirect
124
+ description: User input in header redirect
125
+ detection_pattern: header.*Location.*\\$(?!.*allowlist)
126
+ fix_pattern: Validate redirect URLs against allowlist
127
+ cwe: CWE-601
128
+ example_vuln: "header('Location: ' . $_GET['url']);"
129
+ example_fix: '$allowed = [''/'', ''/dashboard''];\nif (in_array($url, $allowed)) header(''Location: '' . $url);'
130
+ - id: PHP-12
131
+ name: XML External Entity
132
+ severity: CRITICAL
133
+ category: XXE
134
+ description: XML parsing with external entities
135
+ detection_pattern: libxml_disable_entity_loader.*false|DOMDocument(?!.*LIBXML_NOENT)
136
+ fix_pattern: Disable external entity loading
137
+ cwe: CWE-611
138
+ example_vuln: $doc = new DOMDocument();\n$doc->loadXML($xml);
139
+ example_fix: libxml_disable_entity_loader(true);\n$doc = new DOMDocument();\n$doc->loadXML($xml, LIBXML_NOENT | LIBXML_DTDLOAD);
140
+ - id: PHP-13
141
+ name: Information Exposure
142
+ severity: MEDIUM
143
+ category: Info
144
+ description: Error display enabled in production
145
+ detection_pattern: display_errors.*On|error_reporting.*E_ALL
146
+ fix_pattern: Disable display_errors log to file instead
147
+ cwe: CWE-209
148
+ example_vuln: display_errors = On
149
+ example_fix: display_errors = Off\nlog_errors = On
150
+ - id: PHP-14
151
+ name: Unsafe File Upload
152
+ severity: CRITICAL
153
+ category: Upload
154
+ description: File upload without validation
155
+ detection_pattern: move_uploaded_file(?!.*mime|extension.*whitelist)
156
+ fix_pattern: Validate MIME type extension and scan content
157
+ cwe: CWE-434
158
+ example_vuln: move_uploaded_file($_FILES['f']['tmp_name'], $target);
159
+ example_fix: $allowed = ['image/jpeg', 'image/png'];\nif (!in_array($_FILES['f']['type'], $allowed)) die();
160
+ - id: PHP-15
161
+ name: Eval Injection
162
+ severity: CRITICAL
163
+ category: Injection
164
+ description: User input in eval or create_function
165
+ detection_pattern: (eval|create_function|assert).*\\$
166
+ fix_pattern: Never use eval with user input use alternatives
167
+ cwe: CWE-94
168
+ example_vuln: eval('$result = ' . $_GET['expr'] . ';');
169
+ example_fix: // Use a math parser library instead of eval
170
+ - id: PHP-16
171
+ name: Preg Callback Injection
172
+ severity: HIGH
173
+ category: Injection
174
+ description: PREG_REPLACE_EVAL or preg_replace with /e modifier
175
+ detection_pattern: preg_replace.*\\/e|PREG_REPLACE_EVAL
176
+ fix_pattern: Use preg_replace_callback instead
177
+ cwe: CWE-94
178
+ example_vuln: preg_replace('/.*/e', $_GET['code'], $input);
179
+ example_fix: preg_replace_callback('/.*/', function($m) { /* safe */ }, $input);
180
+ - id: PHP-17
181
+ name: Type Juggling
182
+ severity: HIGH
183
+ category: Auth
184
+ description: Loose comparison with user input
185
+ detection_pattern: ==.*\\$_(GET|POST)|\\$_(GET|POST).*==
186
+ fix_pattern: Use strict comparison === or hash_equals
187
+ cwe: CWE-697
188
+ example_vuln: if ($_POST['token'] == $secret) { /* bypass */ }
189
+ example_fix: if (hash_equals($secret, $_POST['token'])) { }
190
+ - id: PHP-18
191
+ name: Unvalidated Redirect
192
+ severity: MEDIUM
193
+ category: Redirect
194
+ description: header() with unvalidated user input
195
+ detection_pattern: header\\s*\\(.*\\$(?!.*parse_url|filter_var)
196
+ fix_pattern: Validate URL format and domain
197
+ cwe: CWE-601
198
+ example_vuln: "header('Refresh: 0; url=' . $_GET['url']);"
199
+ example_fix: '$url = filter_var($_GET[''url''], FILTER_VALIDATE_URL);\nif ($url && parse_url($url, PHP_URL_HOST) === ''example.com'') header(''Location: '' . $url);'
200
+ - id: PHP-19
201
+ name: Insecure Random
202
+ severity: HIGH
203
+ category: Crypto
204
+ description: Using rand() or mt_rand() for security
205
+ detection_pattern: (rand|mt_rand|uniqid)\\(\\)(?!.*random_bytes)
206
+ fix_pattern: Use random_bytes or random_int for security
207
+ cwe: CWE-338
208
+ example_vuln: $token = md5(mt_rand());
209
+ example_fix: $token = bin2hex(random_bytes(32));
210
+ - id: PHP-20
211
+ name: Register Globals Style
212
+ severity: HIGH
213
+ category: Config
214
+ description: Direct use of uninitialized variables
215
+ detection_pattern: \\$(?!_(GET|POST|SESSION|SERVER|FILES))\\w+(?!.*=).*\\$_(GET|POST)
216
+ fix_pattern: Always initialize variables validate input
217
+ cwe: CWE-94
218
+ example_vuln: if ($admin) { /* bypass if $admin in GET */ }
219
+ example_fix: $admin = false;\n$admin = isset($_SESSION['admin']) && $_SESSION['admin'];