@nockdev/awf 6.2.0 → 6.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/build.yaml +3 -3
- package/.agent/config.yaml +21 -146
- package/.agent/core/AGENT_BEHAVIOR.md +86 -0
- package/.agent/core/AUDIT_POLICY.md +1 -1
- package/.agent/core/CACHE.md +1 -1
- package/.agent/core/COMMANDS.md +16 -7
- package/.agent/core/CUSTOMIZE.md +61 -3
- package/.agent/core/DATA_SAFETY.md +1 -1
- package/.agent/core/MEMORY_PATHS.yaml +2 -2
- package/.agent/core/PERMISSIONS.md +1 -1
- package/.agent/core/README.md +1 -1
- package/.agent/core/VERSION.yaml +18 -8
- package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
- package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
- package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
- package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
- package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
- package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
- package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
- package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
- package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
- package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
- package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
- package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
- package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
- package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
- package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
- package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
- package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
- package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +2 -2
- package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
- package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
- package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
- package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
- package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
- package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
- package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
- package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
- package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
- package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
- package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
- package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +1 -1
- package/.agent/i18n/en.yaml +6 -6
- package/.agent/i18n/vi.yaml +6 -6
- package/.agent/ide/README.md +1 -1
- package/.agent/ide/amazonq.json +3 -3
- package/.agent/ide/amp.json +4 -3
- package/.agent/ide/antigravity.json +4 -3
- package/.agent/ide/augment.json +4 -4
- package/.agent/ide/claude.json +4 -3
- package/.agent/ide/cline.json +4 -3
- package/.agent/ide/codex.json +6 -1
- package/.agent/ide/cody.json +4 -3
- package/.agent/ide/continue.json +4 -3
- package/.agent/ide/cursor.json +4 -3
- package/.agent/ide/gemini.json +4 -3
- package/.agent/ide/jetbrains.json +4 -3
- package/.agent/ide/kiro.json +4 -3
- package/.agent/ide/opencode.json +4 -3
- package/.agent/ide/roo.json +4 -3
- package/.agent/ide/tabnine.json +4 -3
- package/.agent/ide/trae.json +4 -3
- package/.agent/ide/vscode.json +4 -3
- package/.agent/ide/windsurf.json +4 -3
- package/.agent/ide/zed.json +4 -3
- package/.agent/manifest.yaml +142 -34
- package/.agent/memory/core_memory/persona.json +2 -2
- package/.agent/memory/core_memory/project.json +1 -1
- package/.agent/memory/core_memory/rules.json +1 -1
- package/.agent/memory/core_memory/user.json +1 -1
- package/.agent/memory/graph/knowledge_graph.json +1 -1
- package/.agent/memory/patterns/errors.json +1 -1
- package/.agent/memory/patterns/successes.json +1 -1
- package/.agent/memory/state.json +3 -3
- package/.agent/personas/README.md +1 -1
- package/.agent/personas/architect.md +1 -1
- package/.agent/personas/auditor.md +1 -1
- package/.agent/personas/debugger.md +1 -1
- package/.agent/personas/developer.md +1 -1
- package/.agent/personas/devops.md +1 -1
- package/.agent/personas/documenter.md +1 -1
- package/.agent/personas/orchestrator.md +1 -1
- package/.agent/personas/persona.schema.yaml +1 -1
- package/.agent/personas/planner.md +1 -1
- package/.agent/personas/researcher.md +1 -1
- package/.agent/personas/security.md +1 -1
- package/.agent/personas/tester.md +1 -1
- package/.agent/private/README.md +74 -0
- package/.agent/private/_index.yaml +23 -0
- package/.agent/private/_template/META.yaml +38 -0
- package/.agent/private/_template/SKILL.md +43 -0
- package/.agent/private/_template/data/.gitkeep +0 -0
- package/.agent/private/autodomyh-api/META.yaml +48 -0
- package/.agent/private/autodomyh-api/SKILL.md +141 -0
- package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
- package/.agent/rules/README.md +24 -18
- package/.agent/rules/SACRED_RULES.xml +42 -36
- package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +6 -6
- package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +6 -6
- package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +7 -7
- package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
- package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
- package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
- package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
- package/.agent/rules/{modules → archive}/reflection.yaml +2 -2
- package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
- package/.agent/rules/data/build-systems.yaml +2 -2
- package/.agent/rules/modules/agent-delegation.yaml +136 -0
- package/.agent/rules/modules/edit-verification.yaml +1 -1
- package/.agent/rules/modules/git-workflow.yaml +1 -1
- package/.agent/rules/modules/language.yaml +1 -1
- package/.agent/rules/modules/online-research.yaml +1 -1
- package/.agent/rules/modules/performance-optimization.yaml +141 -0
- package/.agent/rules/modules/quality.yaml +1 -1
- package/.agent/rules/modules/stop-conditions.yaml +1 -1
- package/.agent/rules/modules/terminal-safety.yaml +45 -1
- package/.agent/rules/modules/yagni.yaml +1 -1
- package/.agent/rules/validation-framework.md +1 -1
- package/.agent/skills/DEVELOPMENT.yaml +17 -6
- package/.agent/skills/README.md +19 -16
- package/.agent/skills/_categories.yaml +60 -8
- package/.agent/skills/_router.yaml +61 -19
- package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
- package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
- package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
- package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
- package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
- package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
- package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
- package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
- package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
- package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
- package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
- package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
- package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
- package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
- package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
- package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
- package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
- package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
- package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
- package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
- package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
- package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
- package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
- package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
- package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
- package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
- package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
- package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
- package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
- package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
- package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
- package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
- package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
- package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
- package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
- package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
- package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
- package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
- package/.agent/skills/core/api-design/META.yaml +1 -5
- package/.agent/skills/core/api-design/SKILL.md +20 -26
- package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
- package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
- package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
- package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
- package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
- package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
- package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
- package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
- package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
- package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
- package/.agent/skills/core/authentication/META.yaml +1 -5
- package/.agent/skills/core/authentication/SKILL.md +36 -43
- package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
- package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
- package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
- package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
- package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
- package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
- package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
- package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
- package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
- package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
- package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
- package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
- package/.agent/skills/core/authentication/data/password.yaml +163 -163
- package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
- package/.agent/skills/core/error-handling/META.yaml +1 -5
- package/.agent/skills/core/error-handling/SKILL.md +21 -25
- package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
- package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
- package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
- package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
- package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
- package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
- package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
- package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
- package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
- package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
- package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
- package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
- package/.agent/skills/core/logging/META.yaml +1 -5
- package/.agent/skills/core/logging/SKILL.md +28 -42
- package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
- package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
- package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
- package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
- package/.agent/skills/core/logging/data/language-go.yaml +185 -185
- package/.agent/skills/core/logging/data/language-java.yaml +185 -185
- package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
- package/.agent/skills/core/logging/data/language-others.yaml +178 -178
- package/.agent/skills/core/logging/data/language-python.yaml +185 -185
- package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
- package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
- package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
- package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
- package/.agent/skills/core/observability/META.yaml +1 -5
- package/.agent/skills/core/observability/SKILL.md +29 -38
- package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
- package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
- package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
- package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
- package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
- package/.agent/skills/core/observability/data/language-go.yaml +159 -159
- package/.agent/skills/core/observability/data/language-java.yaml +159 -159
- package/.agent/skills/core/observability/data/language-others.yaml +249 -249
- package/.agent/skills/core/observability/data/language-python.yaml +159 -159
- package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
- package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
- package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
- package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
- package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
- package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
- package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
- package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
- package/.agent/skills/core/security/META.yaml +1 -5
- package/.agent/skills/core/security/SKILL.md +25 -25
- package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
- package/.agent/skills/core/security/data/api-security.yaml +224 -224
- package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
- package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
- package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
- package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
- package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
- package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
- package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
- package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
- package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
- package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
- package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
- package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
- package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
- package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
- package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
- package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
- package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
- package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
- package/.agent/skills/core/security/data/network-security.yaml +291 -291
- package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
- package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
- package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
- package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
- package/.agent/skills/cross-cutting/_index.yaml +4 -2
- package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
- package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
- package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
- package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
- package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
- package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
- package/.agent/skills/cross-cutting/audit-pro/SKILL.md +61 -0
- package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
- package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
- package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
- package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
- package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
- package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
- package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
- package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
- package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
- package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
- package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
- package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
- package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
- package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
- package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
- package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
- package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
- package/.agent/skills/cross-cutting/database/META.yaml +2 -2
- package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
- package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
- package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
- package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
- package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
- package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
- package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
- package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
- package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
- package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
- package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
- package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
- package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
- package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
- package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
- package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
- package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
- package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
- package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
- package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
- package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
- package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
- package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
- package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
- package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
- package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
- package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
- package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
- package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
- package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
- package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
- package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
- package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
- package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
- package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
- package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
- package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
- package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
- package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
- package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
- package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
- package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
- package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
- package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
- package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
- package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
- package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
- package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
- package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
- package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
- package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
- package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
- package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
- package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
- package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
- package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
- package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
- package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
- package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
- package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
- package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
- package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
- package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
- package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
- package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
- package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
- package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
- package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
- package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
- package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
- package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
- package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
- package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
- package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
- package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
- package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
- package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
- package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
- package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
- package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
- package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
- package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
- package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
- package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
- package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
- package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
- package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
- package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
- package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
- package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
- package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
- package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
- package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
- package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
- package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
- package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
- package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
- package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
- package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
- package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
- package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
- package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
- package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
- package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
- package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
- package/.agent/skills/devops/aws/META.yaml +48 -63
- package/.agent/skills/devops/aws/SKILL.md +39 -697
- package/.agent/skills/devops/azure/META.yaml +44 -0
- package/.agent/skills/devops/azure/SKILL.md +43 -0
- package/.agent/skills/devops/azure/data/cli.yaml +69 -0
- package/.agent/skills/devops/azure/data/compute.yaml +83 -0
- package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
- package/.agent/skills/devops/ci-cd/META.yaml +47 -14
- package/.agent/skills/devops/ci-cd/SKILL.md +37 -807
- package/.agent/skills/devops/docker/META.yaml +53 -14
- package/.agent/skills/devops/docker/SKILL.md +35 -639
- package/.agent/skills/devops/gcp/META.yaml +43 -0
- package/.agent/skills/devops/gcp/SKILL.md +43 -0
- package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
- package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
- package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
- package/.agent/skills/devops/kubernetes/META.yaml +56 -7
- package/.agent/skills/devops/kubernetes/SKILL.md +38 -607
- package/.agent/skills/devops/terraform/META.yaml +47 -0
- package/.agent/skills/devops/terraform/SKILL.md +73 -0
- package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
- package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
- package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
- package/.agent/skills/frameworks/angular/META.yaml +20 -6
- package/.agent/skills/frameworks/angular/SKILL.md +1 -1
- package/.agent/skills/frameworks/flutter/META.yaml +20 -6
- package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
- package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
- package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
- package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
- package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
- package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
- package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
- package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
- package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
- package/.agent/skills/frameworks/react/META.yaml +20 -7
- package/.agent/skills/frameworks/react/SKILL.md +7 -11
- package/.agent/skills/frameworks/react/data/core.yaml +14 -2
- package/.agent/skills/frameworks/react/data/server.yaml +16 -4
- package/.agent/skills/frameworks/react-native/META.yaml +19 -6
- package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
- package/.agent/skills/frameworks/svelte/META.yaml +19 -6
- package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
- package/.agent/skills/frameworks/vue/META.yaml +20 -8
- package/.agent/skills/frameworks/vue/SKILL.md +7 -7
- package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
- package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
- package/.agent/skills/index.json +67 -14
- package/.agent/skills/languages/asm/META.yaml +2 -8
- package/.agent/skills/languages/asm/SKILL.md +1 -1
- package/.agent/skills/languages/c/META.yaml +2 -8
- package/.agent/skills/languages/c/SKILL.md +1 -1
- package/.agent/skills/languages/clojure/META.yaml +2 -2
- package/.agent/skills/languages/clojure/SKILL.md +1 -1
- package/.agent/skills/languages/cpp/META.yaml +2 -8
- package/.agent/skills/languages/cpp/SKILL.md +1 -1
- package/.agent/skills/languages/crystal/META.yaml +2 -8
- package/.agent/skills/languages/crystal/SKILL.md +1 -1
- package/.agent/skills/languages/csharp/META.yaml +2 -2
- package/.agent/skills/languages/csharp/SKILL.md +1 -1
- package/.agent/skills/languages/elixir/META.yaml +2 -2
- package/.agent/skills/languages/elixir/SKILL.md +1 -1
- package/.agent/skills/languages/fsharp/META.yaml +2 -2
- package/.agent/skills/languages/fsharp/SKILL.md +1 -1
- package/.agent/skills/languages/go/META.yaml +2 -8
- package/.agent/skills/languages/go/SKILL.md +1 -1
- package/.agent/skills/languages/haskell/META.yaml +2 -2
- package/.agent/skills/languages/haskell/SKILL.md +1 -1
- package/.agent/skills/languages/java/META.yaml +2 -8
- package/.agent/skills/languages/java/SKILL.md +1 -1
- package/.agent/skills/languages/javascript/META.yaml +2 -8
- package/.agent/skills/languages/javascript/SKILL.md +1 -1
- package/.agent/skills/languages/julia/META.yaml +2 -2
- package/.agent/skills/languages/julia/SKILL.md +1 -1
- package/.agent/skills/languages/kotlin/META.yaml +2 -2
- package/.agent/skills/languages/kotlin/SKILL.md +1 -1
- package/.agent/skills/languages/lua/META.yaml +2 -8
- package/.agent/skills/languages/lua/SKILL.md +3 -3
- package/.agent/skills/languages/nim/META.yaml +2 -8
- package/.agent/skills/languages/nim/SKILL.md +1 -1
- package/.agent/skills/languages/ocaml/META.yaml +2 -2
- package/.agent/skills/languages/ocaml/SKILL.md +1 -1
- package/.agent/skills/languages/perl/META.yaml +2 -2
- package/.agent/skills/languages/perl/SKILL.md +1 -1
- package/.agent/skills/languages/php/META.yaml +2 -2
- package/.agent/skills/languages/php/SKILL.md +1 -1
- package/.agent/skills/languages/python/META.yaml +2 -8
- package/.agent/skills/languages/python/SKILL.md +1 -1
- package/.agent/skills/languages/r/META.yaml +2 -2
- package/.agent/skills/languages/r/SKILL.md +1 -1
- package/.agent/skills/languages/ruby/META.yaml +2 -2
- package/.agent/skills/languages/ruby/SKILL.md +1 -1
- package/.agent/skills/languages/rust/META.yaml +2 -8
- package/.agent/skills/languages/rust/SKILL.md +1 -1
- package/.agent/skills/languages/scala/META.yaml +2 -2
- package/.agent/skills/languages/scala/SKILL.md +1 -1
- package/.agent/skills/languages/solidity/META.yaml +2 -2
- package/.agent/skills/languages/solidity/SKILL.md +1 -1
- package/.agent/skills/languages/swift/META.yaml +2 -2
- package/.agent/skills/languages/swift/SKILL.md +1 -1
- package/.agent/skills/languages/typescript/META.yaml +2 -8
- package/.agent/skills/languages/typescript/SKILL.md +1 -1
- package/.agent/skills/languages/zig/META.yaml +5 -7
- package/.agent/skills/languages/zig/SKILL.md +1 -1
- package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
- package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
- package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
- package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
- package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
- package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
- package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
- package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
- package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
- package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
- package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
- package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
- package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
- package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
- package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
- package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
- package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
- package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
- package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
- package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
- package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
- package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
- package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
- package/.agent/skills/tooling/mcp/META.yaml +80 -0
- package/.agent/skills/tooling/mcp/SKILL.md +114 -0
- package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
- package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
- package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
- package/.agent/templates/README.md +2 -2
- package/.agent/templates/debug-report.md +1 -1
- package/.agent/templates/deploy-plan.md +1 -1
- package/.agent/templates/doc-template.md +1 -1
- package/.agent/templates/index.yaml +2 -2
- package/.agent/templates/migrate-plan.md +1 -1
- package/.agent/templates/phase-template.md +1 -1
- package/.agent/templates/tasks/audit.yaml +1 -1
- package/.agent/templates/tasks/bug_fix.yaml +1 -1
- package/.agent/templates/tasks/code_implementation.yaml +1 -1
- package/.agent/templates/tasks/refactor.yaml +1 -1
- package/.agent/templates/test-report.md +1 -1
- package/.agent/workflows/code.md +22 -1
- package/.agent/workflows/deploy.md +5 -1
- package/.agent/workflows/e2e.md +112 -0
- package/.agent/workflows/fix.md +1 -1
- package/.agent/workflows/prompt.md +325 -0
- package/.agent/workflows/scaffold.md +1 -1
- package/.agent/workflows/tdd.md +108 -0
- package/.agent/workflows/verify.md +116 -0
- package/.agent/workflows/visualize.md +50 -18
- package/README.md +16 -13
- package/configs/aider/root.CONVENTIONS.md +51 -0
- package/configs/amazonq/root.amazonq.md +51 -0
- package/configs/amp/root.AGENTS.md +51 -0
- package/configs/antigravity/root.GEMINI.md +51 -0
- package/configs/augment/root.guidelines.md +51 -0
- package/configs/claude/root.CLAUDE.md +51 -0
- package/configs/cline/root.clinerules.md +51 -0
- package/configs/coderabbit/root.coderabbit.yaml +52 -0
- package/configs/codex/root.AGENTS.md +51 -0
- package/configs/cody/root.commands.json +76 -0
- package/configs/continue/root.continue.md +51 -0
- package/configs/copilot/root.copilot-instructions.md +51 -0
- package/configs/cursor/root.cursorrules +51 -0
- package/configs/gemini/root.GEMINI.md +51 -0
- package/configs/jetbrains/root.guidelines.md +51 -0
- package/configs/opencode/root.opencode.json +24 -0
- package/configs/roo/root.roorules.md +51 -0
- package/configs/tabnine/root.guidelines.md +51 -0
- package/configs/vscode/root.copilot-instructions.md +51 -0
- package/configs/windsurf/root.windsurfrules +51 -0
- package/configs/zed/root.settings.json +15 -0
- package/dist/commands/add.d.ts.map +1 -1
- package/dist/commands/add.js +9 -1
- package/dist/commands/add.js.map +1 -1
- package/dist/commands/config.d.ts.map +1 -1
- package/dist/commands/config.js +24 -8
- package/dist/commands/config.js.map +1 -1
- package/dist/commands/hsa.d.ts.map +1 -1
- package/dist/commands/hsa.js +106 -20
- package/dist/commands/hsa.js.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +62 -69
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/install-core.d.ts +2 -1
- package/dist/commands/install-core.d.ts.map +1 -1
- package/dist/commands/install-core.js +43 -16
- package/dist/commands/install-core.js.map +1 -1
- package/dist/commands/install-helpers.d.ts.map +1 -1
- package/dist/commands/install-helpers.js +25 -2
- package/dist/commands/install-helpers.js.map +1 -1
- package/dist/commands/install-hsa.d.ts +2 -5
- package/dist/commands/install-hsa.d.ts.map +1 -1
- package/dist/commands/install-hsa.js +2 -5
- package/dist/commands/install-hsa.js.map +1 -1
- package/dist/commands/install.d.ts +27 -0
- package/dist/commands/install.d.ts.map +1 -1
- package/dist/commands/install.js +68 -20
- package/dist/commands/install.js.map +1 -1
- package/dist/commands/list.d.ts.map +1 -1
- package/dist/commands/list.js +2 -1
- package/dist/commands/list.js.map +1 -1
- package/dist/commands/mcp-registry.d.ts +24 -9
- package/dist/commands/mcp-registry.d.ts.map +1 -1
- package/dist/commands/mcp-registry.js +39 -57
- package/dist/commands/mcp-registry.js.map +1 -1
- package/dist/commands/mcp-writers.d.ts.map +1 -1
- package/dist/commands/mcp-writers.js +6 -5
- package/dist/commands/mcp-writers.js.map +1 -1
- package/dist/commands/mcp.d.ts +1 -1
- package/dist/commands/mcp.d.ts.map +1 -1
- package/dist/commands/mcp.js +37 -9
- package/dist/commands/mcp.js.map +1 -1
- package/dist/commands/update.d.ts.map +1 -1
- package/dist/commands/update.js +16 -6
- package/dist/commands/update.js.map +1 -1
- package/dist/constants/cursor-globs.d.ts.map +1 -1
- package/dist/constants/cursor-globs.js +0 -6
- package/dist/constants/cursor-globs.js.map +1 -1
- package/dist/constants/ide-install-specs.js +9 -9
- package/dist/constants/ide-install-specs.js.map +1 -1
- package/dist/constants.d.ts +3 -3
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -9
- package/dist/index.js.map +1 -1
- package/dist/types/ide-install.js +1 -1
- package/dist/utils/copy-helpers.d.ts +7 -2
- package/dist/utils/copy-helpers.d.ts.map +1 -1
- package/dist/utils/copy-helpers.js +77 -51
- package/dist/utils/copy-helpers.js.map +1 -1
- package/dist/utils/install-manifest.d.ts +12 -0
- package/dist/utils/install-manifest.d.ts.map +1 -0
- package/dist/utils/install-manifest.js +27 -0
- package/dist/utils/install-manifest.js.map +1 -0
- package/dist/utils/validation.d.ts.map +1 -1
- package/dist/utils/validation.js +34 -7
- package/dist/utils/validation.js.map +1 -1
- package/package.json +5 -4
- package/.agent/core/embeddings.json +0 -2004
- package/.agent/core/session_cache.json +0 -50
- package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
- package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
- package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
- package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
- package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
- package/.agent/skills/devops/aws/ADVANCED.md +0 -547
- package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
- package/.agent/skills/devops/docker/ADVANCED.md +0 -495
- package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
- /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
- /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
- /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
- /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
- /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
- /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
- /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
|
@@ -1,497 +1,497 @@
|
|
|
1
1
|
metadata:
|
|
2
2
|
skill: security
|
|
3
3
|
domain: reverse_engineering
|
|
4
|
-
version: 6.2.
|
|
5
|
-
updated:
|
|
6
|
-
migrated_from: reverse-engineering.
|
|
4
|
+
version: 6.2.2
|
|
5
|
+
updated: "2026-02-05"
|
|
6
|
+
migrated_from: reverse-engineering.yaml
|
|
7
7
|
patterns_count: 40
|
|
8
8
|
columns:
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
9
|
+
- id
|
|
10
|
+
- name
|
|
11
|
+
- severity
|
|
12
|
+
- category
|
|
13
|
+
- description
|
|
14
|
+
- detection_pattern
|
|
15
|
+
- fix_pattern
|
|
16
|
+
- languages
|
|
17
|
+
- tools_defeated
|
|
18
|
+
- example_code
|
|
19
19
|
patterns:
|
|
20
|
-
- id: RE-01
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
- id: RE-02
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
- id: RE-03
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
- id: RE-04
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
- id: RE-05
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
- id: RE-06
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
- id: RE-07
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
- id: RE-08
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
- id: RE-09
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
- id: RE-10
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
- id: RE-11
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
- id: RE-12
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
- id: RE-13
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
- id: RE-14
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
- id: RE-15
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
- id: RE-16
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
- id: RE-17
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
- id: RE-18
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
- id: RE-19
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
- id: RE-20
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
- id: RE-21
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
- id: RE-22
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
- id: RE-23
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
- id: RE-24
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
- id: RE-25
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
- id: RE-26
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
- id: RE-27
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
- id: RE-28
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
- id: RE-29
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
- id: RE-30
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
- id: RE-31
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
- id: RE-32
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
- id: RE-33
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
- id: RE-34
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
- id: RE-35
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
- id: RE-36
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
- id: RE-37
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
- id: RE-38
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
- id: RE-39
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
- id: RE-40
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
20
|
+
- id: RE-01
|
|
21
|
+
name: No Code Obfuscation
|
|
22
|
+
severity: HIGH
|
|
23
|
+
category: Static
|
|
24
|
+
description: Source code or bytecode readable without protection
|
|
25
|
+
detection_pattern: (function\\s+\\w+|class\\s+\\w+|def\\s+\\w+)(?!.*obfuscate)
|
|
26
|
+
fix_pattern: "Use obfuscation: ProGuard R8 javascript-obfuscator pyarmor"
|
|
27
|
+
languages:
|
|
28
|
+
- java
|
|
29
|
+
- kotlin
|
|
30
|
+
- javascript
|
|
31
|
+
- python
|
|
32
|
+
tools_defeated: jadx dex2jar jd-gui
|
|
33
|
+
example_code: '// BEFORE\nfunction validateLicense(key) {\n return key === ''SECRET''\n}\n// AFTER: Use obfuscator'
|
|
34
|
+
- id: RE-02
|
|
35
|
+
name: Root Detection Missing
|
|
36
|
+
severity: CRITICAL
|
|
37
|
+
category: Mobile
|
|
38
|
+
description: App runs on rooted devices without detection
|
|
39
|
+
detection_pattern: (su|SuperSU|Magisk|busybox)(?!.*detect|check)
|
|
40
|
+
fix_pattern: Implement multi-layered root detection with fallbacks
|
|
41
|
+
languages:
|
|
42
|
+
- java
|
|
43
|
+
- kotlin
|
|
44
|
+
tools_defeated: Magisk KernelSU
|
|
45
|
+
example_code: // Detect Magisk\nval paths = arrayOf('/sbin/.magisk', '/data/adb/magisk')\nif (paths.any { File(it).exists() }) exitApp()
|
|
46
|
+
- id: RE-03
|
|
47
|
+
name: Jailbreak Detection Missing
|
|
48
|
+
severity: CRITICAL
|
|
49
|
+
category: Mobile
|
|
50
|
+
description: iOS app runs on jailbroken devices without warning
|
|
51
|
+
detection_pattern: (Cydia|checkra1n|unc0ver|Sileo)(?!.*detect)
|
|
52
|
+
fix_pattern: Implement jailbreak detection checking multiple indicators
|
|
53
|
+
languages:
|
|
54
|
+
- swift
|
|
55
|
+
- objective-c
|
|
56
|
+
tools_defeated: Electra checkra1n
|
|
57
|
+
example_code: '// Check for Cydia\nif FileManager.default.fileExists(atPath: ''/Applications/Cydia.app'') { exitApp() }'
|
|
58
|
+
- id: RE-04
|
|
59
|
+
name: Frida Detection Missing
|
|
60
|
+
severity: CRITICAL
|
|
61
|
+
category: Mobile
|
|
62
|
+
description: App does not detect Frida injection framework
|
|
63
|
+
detection_pattern: (frida|gadget|gum-js|r2frida)(?!.*detect)
|
|
64
|
+
fix_pattern: Detect Frida via port scan libraries thread names
|
|
65
|
+
languages:
|
|
66
|
+
- java
|
|
67
|
+
- kotlin
|
|
68
|
+
- swift
|
|
69
|
+
tools_defeated: Frida Objection
|
|
70
|
+
example_code: // Check Frida port 27042\nif (isPortOpen(27042)) exitApp()\n// Check loaded libraries\nif (libs.any { it.contains('frida') }) exitApp()
|
|
71
|
+
- id: RE-05
|
|
72
|
+
name: Xposed Detection Missing
|
|
73
|
+
severity: HIGH
|
|
74
|
+
category: Android
|
|
75
|
+
description: App does not detect Xposed Framework hooks
|
|
76
|
+
detection_pattern: (Xposed|EdXposed|LSPosed|de\\.robv)(?!.*detect)
|
|
77
|
+
fix_pattern: Check for Xposed via stack traces and known classes
|
|
78
|
+
languages:
|
|
79
|
+
- java
|
|
80
|
+
- kotlin
|
|
81
|
+
tools_defeated: Xposed EdXposed LSPosed
|
|
82
|
+
example_code: 'try { throw Exception() }\ncatch (e: Exception) {\n if (e.stackTrace.any { it.className.contains(''Xposed'') }) exitApp()\n}'
|
|
83
|
+
- id: RE-06
|
|
84
|
+
name: LSPosed Detection Missing
|
|
85
|
+
severity: HIGH
|
|
86
|
+
category: Android
|
|
87
|
+
description: App does not detect LSPosed specifically - new 2024
|
|
88
|
+
detection_pattern: (LSPosed|lsposed|io\\.github\\.lsposed)(?!.*detect)
|
|
89
|
+
fix_pattern: Detect LSPosed daemon and modules
|
|
90
|
+
languages:
|
|
91
|
+
- java
|
|
92
|
+
- kotlin
|
|
93
|
+
tools_defeated: LSPosed
|
|
94
|
+
example_code: // Check LSPosed daemon\nif (File('/data/adb/lspd').exists()) exitApp()
|
|
95
|
+
- id: RE-07
|
|
96
|
+
name: Play Integrity Missing
|
|
97
|
+
severity: CRITICAL
|
|
98
|
+
category: Android
|
|
99
|
+
description: App does not use Play Integrity API - replaced SafetyNet 2024
|
|
100
|
+
detection_pattern: (SafetyNet|safetynet)(?!.*playintegrity|PlayIntegrity)
|
|
101
|
+
fix_pattern: Migrate to Play Integrity API for device attestation
|
|
102
|
+
languages:
|
|
103
|
+
- java
|
|
104
|
+
- kotlin
|
|
105
|
+
tools_defeated: Magisk modules
|
|
106
|
+
example_code: // Play Integrity API (2024+)\nval integrityRequest = IntegrityManager.createRequest(nonce)\nintegrityManager.requestIntegrityToken(integrityRequest)
|
|
107
|
+
- id: RE-08
|
|
108
|
+
name: Debugger Detection Missing
|
|
109
|
+
severity: HIGH
|
|
110
|
+
category: Runtime
|
|
111
|
+
description: App does not detect attached debuggers
|
|
112
|
+
detection_pattern: (ptrace|isDebuggerPresent|PTRACE_TRACEME)(?!.*check)
|
|
113
|
+
fix_pattern: Implement anti-debugging with ptrace timing checks
|
|
114
|
+
languages:
|
|
115
|
+
- c
|
|
116
|
+
- cpp
|
|
117
|
+
- swift
|
|
118
|
+
- kotlin
|
|
119
|
+
tools_defeated: lldb gdb IDA
|
|
120
|
+
example_code: // iOS anti-debug\nBOOL isDebugged() {\n int name[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()};\n struct kinfo_proc info;\n return (info.kp_proc.p_flag & P_TRACED) != 0;\n}
|
|
121
|
+
- id: RE-09
|
|
122
|
+
name: Emulator Detection Missing
|
|
123
|
+
severity: HIGH
|
|
124
|
+
category: Mobile
|
|
125
|
+
description: App runs in emulators without restrictions
|
|
126
|
+
detection_pattern: (android_id|Build\\.MODEL|Build\\.FINGERPRINT)(?!.*emulator)
|
|
127
|
+
fix_pattern: Detect emulators via Build properties sensors performance
|
|
128
|
+
languages:
|
|
129
|
+
- java
|
|
130
|
+
- kotlin
|
|
131
|
+
tools_defeated: Genymotion Nox BlueStacks
|
|
132
|
+
example_code: 'fun isEmulator(): Boolean = Build.FINGERPRINT.startsWith(''generic'') ||\n Build.MODEL.contains(''Emulator'') || Build.MANUFACTURER.contains(''Genymotion'')'
|
|
133
|
+
- id: RE-10
|
|
134
|
+
name: String Encryption Missing
|
|
135
|
+
severity: MEDIUM
|
|
136
|
+
category: Static
|
|
137
|
+
description: Sensitive strings in plaintext including API keys
|
|
138
|
+
detection_pattern: (api.*key.*=.*['\]|password.*=.*['\"]|secret.*=.*['\"])"
|
|
139
|
+
fix_pattern: Encrypt strings at build time decrypt at runtime
|
|
140
|
+
languages: all
|
|
141
|
+
tools_defeated: strings grep
|
|
142
|
+
example_code: // BEFORE\nconst API_KEY = 'sk-1234'\n// AFTER\nconst API_KEY = decrypt(ENCRYPTED_KEY, getDeviceKey())
|
|
143
|
+
- id: RE-11
|
|
144
|
+
name: SSL Pinning Bypass Vulnerable
|
|
145
|
+
severity: CRITICAL
|
|
146
|
+
category: Network
|
|
147
|
+
description: Certificate pinning can be bypassed via hooking
|
|
148
|
+
detection_pattern: (TrustManager|HostnameVerifier|X509TrustManager)
|
|
149
|
+
fix_pattern: Move pinning logic to native code use multiple pins
|
|
150
|
+
languages:
|
|
151
|
+
- java
|
|
152
|
+
- kotlin
|
|
153
|
+
- swift
|
|
154
|
+
tools_defeated: SSLKillSwitch Frida
|
|
155
|
+
example_code: // Move to JNI/C++\nextern 'C' JNIEXPORT jboolean JNICALL\nJava_com_app_Security_verifyPin(JNIEnv*, jobject, jstring)
|
|
156
|
+
- id: RE-12
|
|
157
|
+
name: No Binary Integrity Check
|
|
158
|
+
severity: CRITICAL
|
|
159
|
+
category: Runtime
|
|
160
|
+
description: App does not verify its own binary integrity
|
|
161
|
+
detection_pattern: (checksum|hash|signature)(?!.*verify|integrity)
|
|
162
|
+
fix_pattern: Calculate and verify binary hash at runtime
|
|
163
|
+
languages: all
|
|
164
|
+
tools_defeated: Binary patching
|
|
165
|
+
example_code: // Verify APK signature at runtime\nval sig = packageManager.getPackageInfo(packageName, GET_SIGNATURES)\nif (!verifySignature(sig.signatures[0])) exitApp()
|
|
166
|
+
- id: RE-13
|
|
167
|
+
name: Weak Control Flow
|
|
168
|
+
severity: MEDIUM
|
|
169
|
+
category: Static
|
|
170
|
+
description: Linear control flow easy to follow in disassembler
|
|
171
|
+
detection_pattern: (if\\s*\\(|switch\\s*\\()(?!.*flatten)
|
|
172
|
+
fix_pattern: Use control flow flattening and opaque predicates
|
|
173
|
+
languages:
|
|
174
|
+
- c
|
|
175
|
+
- cpp
|
|
176
|
+
- rust
|
|
177
|
+
tools_defeated: IDA Ghidra
|
|
178
|
+
example_code: '// Flattened control flow\nint state = 0;\nwhile (true) {\n switch (state) {\n case 0: state = check() ? 1 : 2; break;\n }\n}'
|
|
179
|
+
- id: RE-14
|
|
180
|
+
name: Native Library Unprotected
|
|
181
|
+
severity: HIGH
|
|
182
|
+
category: Static
|
|
183
|
+
description: Native libraries without obfuscation or packing
|
|
184
|
+
detection_pattern: (\\.so|\\.dylib)(?!.*packed|protected)
|
|
185
|
+
fix_pattern: Apply native code protection OLLVM or commercial packers
|
|
186
|
+
languages:
|
|
187
|
+
- c
|
|
188
|
+
- cpp
|
|
189
|
+
tools_defeated: IDA Ghidra
|
|
190
|
+
example_code: // Use OLLVM obfuscation\n// -mllvm -fla -mllvm -bcf -mllvm -sub
|
|
191
|
+
- id: RE-15
|
|
192
|
+
name: Anti-Tampering Missing
|
|
193
|
+
severity: HIGH
|
|
194
|
+
category: Runtime
|
|
195
|
+
description: No runtime tampering detection for code or resources
|
|
196
|
+
detection_pattern: (?<!integrity|tamper).*check
|
|
197
|
+
fix_pattern: Implement runtime integrity checks for critical code
|
|
198
|
+
languages: all
|
|
199
|
+
tools_defeated: Hex editors
|
|
200
|
+
example_code: // Check code hash periodically\nif (computeHash(criticalFunction) !== EXPECTED_HASH) exitApp()
|
|
201
|
+
- id: RE-16
|
|
202
|
+
name: Screenshot Detection Missing
|
|
203
|
+
severity: MEDIUM
|
|
204
|
+
category: Mobile
|
|
205
|
+
description: App does not detect or prevent screenshots
|
|
206
|
+
detection_pattern: (FLAG_SECURE|userDidTakeScreenshot)(?!.*set)
|
|
207
|
+
fix_pattern: Set FLAG_SECURE or detect screenshot notifications
|
|
208
|
+
languages:
|
|
209
|
+
- java
|
|
210
|
+
- kotlin
|
|
211
|
+
- swift
|
|
212
|
+
tools_defeated: Screen capture
|
|
213
|
+
example_code: '// Android\nwindow.setFlags(FLAG_SECURE, FLAG_SECURE)\n// iOS: Observe UIApplicationUserDidTakeScreenshotNotification'
|
|
214
|
+
- id: RE-17
|
|
215
|
+
name: Screen Recording Detection Missing
|
|
216
|
+
severity: MEDIUM
|
|
217
|
+
category: Mobile
|
|
218
|
+
description: App does not detect screen recording
|
|
219
|
+
detection_pattern: (isCaptured|mediaProjection)(?!.*detect)
|
|
220
|
+
fix_pattern: Detect screen recording and blur sensitive content
|
|
221
|
+
languages:
|
|
222
|
+
- swift
|
|
223
|
+
- kotlin
|
|
224
|
+
tools_defeated: Screen recorder
|
|
225
|
+
example_code: // iOS\nif UIScreen.main.isCaptured { blurSensitiveContent() }
|
|
226
|
+
- id: RE-18
|
|
227
|
+
name: Memory Dump Protection Missing
|
|
228
|
+
severity: HIGH
|
|
229
|
+
category: Runtime
|
|
230
|
+
description: Sensitive data can be dumped from memory
|
|
231
|
+
detection_pattern: (malloc|new|alloc).*password|secret
|
|
232
|
+
fix_pattern: Zero sensitive data after use use secure memory
|
|
233
|
+
languages: all
|
|
234
|
+
tools_defeated: Frida memory dump
|
|
235
|
+
example_code: // Zero password after use\nmemset_s(password, sizeof(password), 0, sizeof(password));\nfree(password);
|
|
236
|
+
- id: RE-19
|
|
237
|
+
name: Hook Detection Missing
|
|
238
|
+
severity: HIGH
|
|
239
|
+
category: Runtime
|
|
240
|
+
description: App does not detect function hooking
|
|
241
|
+
detection_pattern: (hook|swizzle|replace)(?!.*detect)
|
|
242
|
+
fix_pattern: Detect hooks via code hash comparison inline checks
|
|
243
|
+
languages: all
|
|
244
|
+
tools_defeated: Frida Substrate
|
|
245
|
+
example_code: // Check PLT/GOT integrity\nif (checkFunctionIntegrity(criticalFunc) === false) exitApp()
|
|
246
|
+
- id: RE-20
|
|
247
|
+
name: Substrate Detection Missing
|
|
248
|
+
severity: HIGH
|
|
249
|
+
category: iOS
|
|
250
|
+
description: iOS app does not detect Substrate framework
|
|
251
|
+
detection_pattern: (substrate|MobileSubstrate|MSHookFunction)(?!.*detect)
|
|
252
|
+
fix_pattern: Detect Substrate presence and hooks
|
|
253
|
+
languages:
|
|
254
|
+
- swift
|
|
255
|
+
- objective-c
|
|
256
|
+
tools_defeated: Substrate Substitute
|
|
257
|
+
example_code: // Check for Substrate\nif (dlopen('/Library/MobileSubstrate', 0) != NULL) exitApp()
|
|
258
|
+
- id: RE-21
|
|
259
|
+
name: Clipboard Monitoring Missing
|
|
260
|
+
severity: MEDIUM
|
|
261
|
+
category: Mobile
|
|
262
|
+
description: App does not monitor clipboard for sensitive data theft
|
|
263
|
+
detection_pattern: (UIPasteboard|ClipboardManager)(?!.*monitor)
|
|
264
|
+
fix_pattern: Monitor clipboard changes clear sensitive data promptly
|
|
265
|
+
languages:
|
|
266
|
+
- swift
|
|
267
|
+
- kotlin
|
|
268
|
+
tools_defeated: Clipboard hijack
|
|
269
|
+
example_code: '// Clear sensitive clipboard after 30 seconds\nDispatchQueue.main.asyncAfter(deadline: .now() + 30) {\n UIPasteboard.general.string = ''''\n}'
|
|
270
|
+
- id: RE-22
|
|
271
|
+
name: Device Binding Missing
|
|
272
|
+
severity: MEDIUM
|
|
273
|
+
category: Mobile
|
|
274
|
+
description: App license not bound to device identifiers
|
|
275
|
+
detection_pattern: (device.*id|android_id|identifierForVendor)(?!.*license)
|
|
276
|
+
fix_pattern: Bind license to multiple device identifiers
|
|
277
|
+
languages:
|
|
278
|
+
- java
|
|
279
|
+
- kotlin
|
|
280
|
+
- swift
|
|
281
|
+
tools_defeated: License sharing
|
|
282
|
+
example_code: // Bind to hardware\nval deviceId = Settings.Secure.ANDROID_ID\nval license = generateLicense(userId, deviceId)
|
|
283
|
+
- id: RE-23
|
|
284
|
+
name: Time Bomb Detection
|
|
285
|
+
severity: MEDIUM
|
|
286
|
+
category: Static
|
|
287
|
+
description: App contains time-based license checks that can be bypassed
|
|
288
|
+
detection_pattern: (System\\.currentTimeMillis|Date\\.now|time\\(\\))(?!.*server)
|
|
289
|
+
fix_pattern: Use server-side time validation not device time
|
|
290
|
+
languages: all
|
|
291
|
+
tools_defeated: Time manipulation
|
|
292
|
+
example_code: // Use NTP server time\nval serverTime = fetchServerTime()\nif (serverTime > LICENSE_EXPIRY) exitApp()
|
|
293
|
+
- id: RE-24
|
|
294
|
+
name: Debug Build Detection
|
|
295
|
+
severity: LOW
|
|
296
|
+
category: Static
|
|
297
|
+
description: App does not detect if running as debug build
|
|
298
|
+
detection_pattern: (BuildConfig\\.DEBUG|DEBUG|NDEBUG)(?!.*check)
|
|
299
|
+
fix_pattern: Exit or limit functionality in debug builds
|
|
300
|
+
languages:
|
|
301
|
+
- java
|
|
302
|
+
- kotlin
|
|
303
|
+
- swift
|
|
304
|
+
tools_defeated: Debug mode
|
|
305
|
+
example_code: if (BuildConfig.DEBUG) {\n // Disable sensitive features in debug\n Log.w('Security', 'Debug build detected')\n}
|
|
306
|
+
- id: RE-25
|
|
307
|
+
name: ADB Detection Missing
|
|
308
|
+
severity: MEDIUM
|
|
309
|
+
category: Android
|
|
310
|
+
description: App does not detect ADB connection
|
|
311
|
+
detection_pattern: (adb|android_debug_bridge)(?!.*detect)
|
|
312
|
+
fix_pattern: Detect ADB connection and warn user
|
|
313
|
+
languages:
|
|
314
|
+
- java
|
|
315
|
+
- kotlin
|
|
316
|
+
tools_defeated: ADB shell
|
|
317
|
+
example_code: // Check ADB status\nval adb = Settings.Global.getString(contentResolver, 'adb_enabled')\nif (adb == '1') showWarning()
|
|
318
|
+
- id: RE-26
|
|
319
|
+
name: Developer Options Detection
|
|
320
|
+
severity: LOW
|
|
321
|
+
category: Android
|
|
322
|
+
description: App does not check for enabled developer options
|
|
323
|
+
detection_pattern: (development_settings_enabled)(?!.*check)
|
|
324
|
+
fix_pattern: Detect developer options and adjust security level
|
|
325
|
+
languages:
|
|
326
|
+
- java
|
|
327
|
+
- kotlin
|
|
328
|
+
tools_defeated: Developer menu
|
|
329
|
+
example_code: val devOpts = Settings.Secure.getInt(resolver, DEVELOPMENT_SETTINGS_ENABLED, 0)\nif (devOpts == 1) reduceSecurityLevel()
|
|
330
|
+
- id: RE-27
|
|
331
|
+
name: USB Debugging Detection
|
|
332
|
+
severity: MEDIUM
|
|
333
|
+
category: Android
|
|
334
|
+
description: App does not detect USB debugging enabled
|
|
335
|
+
detection_pattern: (usb_debug|adb_enabled)(?!.*detect)
|
|
336
|
+
fix_pattern: Detect USB debugging and warn for sensitive operations
|
|
337
|
+
languages:
|
|
338
|
+
- java
|
|
339
|
+
- kotlin
|
|
340
|
+
tools_defeated: USB debugging
|
|
341
|
+
example_code: val usbDebug = Settings.Global.getInt(resolver, ADB_ENABLED, 0)\nif (usbDebug == 1) showSecurityWarning()
|
|
342
|
+
- id: RE-28
|
|
343
|
+
name: Proxy Detection Missing
|
|
344
|
+
severity: HIGH
|
|
345
|
+
category: Network
|
|
346
|
+
description: App does not detect proxy interception
|
|
347
|
+
detection_pattern: (proxy|System\\.getProperty.*http)(?!.*detect)
|
|
348
|
+
fix_pattern: Detect proxy and certificate changes
|
|
349
|
+
languages:
|
|
350
|
+
- java
|
|
351
|
+
- kotlin
|
|
352
|
+
- swift
|
|
353
|
+
tools_defeated: Charles Burp
|
|
354
|
+
example_code: // Detect proxy\nval proxy = System.getProperty('http.proxyHost')\nif (proxy != null && !TRUSTED_PROXIES.contains(proxy)) warn()
|
|
355
|
+
- id: RE-29
|
|
356
|
+
name: VPN Detection Missing
|
|
357
|
+
severity: MEDIUM
|
|
358
|
+
category: Network
|
|
359
|
+
description: App does not detect VPN connections
|
|
360
|
+
detection_pattern: (VpnService|NetworkCapabilities\\.TRANSPORT_VPN)(?!.*detect)
|
|
361
|
+
fix_pattern: Detect VPN and adjust behavior if needed
|
|
362
|
+
languages:
|
|
363
|
+
- java
|
|
364
|
+
- kotlin
|
|
365
|
+
tools_defeated: VPN tunneling
|
|
366
|
+
example_code: // Check for VPN\nval cm = getSystemService(CONNECTIVITY_SERVICE) as ConnectivityManager\nval vpn = cm.allNetworks.any { it.hasTransport(TRANSPORT_VPN) }
|
|
367
|
+
- id: RE-30
|
|
368
|
+
name: SafetyNet Deprecated
|
|
369
|
+
severity: HIGH
|
|
370
|
+
category: Android
|
|
371
|
+
description: App still uses deprecated SafetyNet instead of Play Integrity
|
|
372
|
+
detection_pattern: SafetyNet(?!.*deprecated)|safetynetapi
|
|
373
|
+
fix_pattern: Migrate to Play Integrity API - SafetyNet sunset 2024
|
|
374
|
+
languages:
|
|
375
|
+
- java
|
|
376
|
+
- kotlin
|
|
377
|
+
tools_defeated: SafetyNet bypass
|
|
378
|
+
example_code: '// DEPRECATED: SafetyNet\n// MIGRATE TO:\nimport com.google.android.play.core.integrity.*'
|
|
379
|
+
- id: RE-31
|
|
380
|
+
name: r2frida Memory Analysis
|
|
381
|
+
severity: CRITICAL
|
|
382
|
+
category: Runtime
|
|
383
|
+
description: r2frida allows radare2 to analyze live process memory
|
|
384
|
+
detection_pattern: (r2frida|frida:\/\/|radare2.*attach)(?!.*detect)
|
|
385
|
+
fix_pattern: Detect radare2 process names and r2frida ports
|
|
386
|
+
languages: all
|
|
387
|
+
tools_defeated: r2frida
|
|
388
|
+
example_code: // Detect r2frida\nif (isPortOpen(27042) || isPortOpen(27045)) exitApp();\n// Check for r2 process
|
|
389
|
+
- id: RE-32
|
|
390
|
+
name: Objection Automation
|
|
391
|
+
severity: CRITICAL
|
|
392
|
+
category: Mobile
|
|
393
|
+
description: Objection automates Frida bypass of common protections
|
|
394
|
+
detection_pattern: (objection|explore.*frida)(?!.*multi.*check)
|
|
395
|
+
fix_pattern: Use layered detection not single check points
|
|
396
|
+
languages:
|
|
397
|
+
- java
|
|
398
|
+
- kotlin
|
|
399
|
+
- swift
|
|
400
|
+
tools_defeated: Objection
|
|
401
|
+
example_code: // Objection automates:\n// - SSL pinning bypass\n// - Root detection bypass\n// Use multiple detection methods
|
|
402
|
+
- id: RE-33
|
|
403
|
+
name: Source Map Exposure
|
|
404
|
+
severity: HIGH
|
|
405
|
+
category: Web
|
|
406
|
+
description: JavaScript source maps expose original code
|
|
407
|
+
detection_pattern: (\\.map|sourceMappingURL)(?!.*production.*false)
|
|
408
|
+
fix_pattern: Remove source maps in production builds
|
|
409
|
+
languages:
|
|
410
|
+
- javascript
|
|
411
|
+
- typescript
|
|
412
|
+
tools_defeated: Chrome DevTools
|
|
413
|
+
example_code: '// BAD: Deployed with .map\n// GOOD: Remove in production build'
|
|
414
|
+
- id: RE-34
|
|
415
|
+
name: DevTools Detection Bypass
|
|
416
|
+
severity: MEDIUM
|
|
417
|
+
category: Web
|
|
418
|
+
description: DevTools detection easily bypassed
|
|
419
|
+
detection_pattern: devtools.*detect(?!.*multiple)
|
|
420
|
+
fix_pattern: Use multiple detection methods including performance timing
|
|
421
|
+
languages:
|
|
422
|
+
- javascript
|
|
423
|
+
- typescript
|
|
424
|
+
tools_defeated: Chrome DevTools
|
|
425
|
+
example_code: '// Weak detection\nif (window.outerHeight - window.innerHeight > 200)\n// Better: timing attacks firebug detection'
|
|
426
|
+
- id: RE-35
|
|
427
|
+
name: APK Smali Patching
|
|
428
|
+
severity: HIGH
|
|
429
|
+
category: Android
|
|
430
|
+
description: APK can be decompiled modified and rebuilt
|
|
431
|
+
detection_pattern: classes\\.dex(?!.*signature.*check)
|
|
432
|
+
fix_pattern: Verify APK signature at runtime detect tampering
|
|
433
|
+
languages:
|
|
434
|
+
- java
|
|
435
|
+
- kotlin
|
|
436
|
+
tools_defeated: apktool smali
|
|
437
|
+
example_code: // Check APK signature hash at runtime\nif (getApkHash() != EXPECTED_HASH) exitApp();
|
|
438
|
+
- id: RE-36
|
|
439
|
+
name: IDA Analysis Protection
|
|
440
|
+
severity: MEDIUM
|
|
441
|
+
category: Static
|
|
442
|
+
description: Binary contains helpful debug info for IDA analysis
|
|
443
|
+
detection_pattern: (DWARF|.debug_info|symbol.*table)(?!.*strip)
|
|
444
|
+
fix_pattern: Strip debug symbols use anti-disassembly tricks
|
|
445
|
+
languages:
|
|
446
|
+
- c
|
|
447
|
+
- cpp
|
|
448
|
+
- rust
|
|
449
|
+
tools_defeated: IDA Pro Ghidra
|
|
450
|
+
example_code: '// Strip symbols: gcc -s binary\n// Use anti-disassembly: junk bytes overlapping code'
|
|
451
|
+
- id: RE-37
|
|
452
|
+
name: Binary Ninja HLIL
|
|
453
|
+
severity: MEDIUM
|
|
454
|
+
category: Static
|
|
455
|
+
description: Clean decompilation shows high-level logic
|
|
456
|
+
detection_pattern: (function|class).*logic(?!.*obfuscate)
|
|
457
|
+
fix_pattern: Use control flow flattening and MBA obfuscation
|
|
458
|
+
languages:
|
|
459
|
+
- c
|
|
460
|
+
- cpp
|
|
461
|
+
- rust
|
|
462
|
+
tools_defeated: Binary Ninja
|
|
463
|
+
example_code: '// Apply MBA: a = a + b - b + 0 * random\n// Use switch dispatch for control flow'
|
|
464
|
+
- id: RE-38
|
|
465
|
+
name: Ghidra Decompiler
|
|
466
|
+
severity: MEDIUM
|
|
467
|
+
category: Static
|
|
468
|
+
description: Ghidra provides free decompilation quality
|
|
469
|
+
detection_pattern: (ELF|PE|Mach-O)(?!.*obfuscated|packed)
|
|
470
|
+
fix_pattern: Apply commercial-grade obfuscation or packing
|
|
471
|
+
languages:
|
|
472
|
+
- c
|
|
473
|
+
- cpp
|
|
474
|
+
- rust
|
|
475
|
+
- go
|
|
476
|
+
tools_defeated: Ghidra 11.x
|
|
477
|
+
example_code: // Pack with Themida/VMProtect\n// Or use Obfuscator-LLVM
|
|
478
|
+
- id: RE-39
|
|
479
|
+
name: Dynamic Instrumentation
|
|
480
|
+
severity: HIGH
|
|
481
|
+
category: Runtime
|
|
482
|
+
description: Process can be instrumented with DynamoRIO/Pin
|
|
483
|
+
detection_pattern: (DynamoRIO|Pin|Valgrind)(?!.*detect)
|
|
484
|
+
fix_pattern: Detect instrumentation frameworks via timing checks
|
|
485
|
+
languages: all
|
|
486
|
+
tools_defeated: DynamoRIO Intel Pin
|
|
487
|
+
example_code: // Check execution timing\n// Instrumented code runs 100x slower
|
|
488
|
+
- id: RE-40
|
|
489
|
+
name: Network Traffic Analysis
|
|
490
|
+
severity: HIGH
|
|
491
|
+
category: Network
|
|
492
|
+
description: Network traffic reveals API structure and logic
|
|
493
|
+
detection_pattern: (REST|GraphQL|WebSocket)(?!.*encrypt.*payload)
|
|
494
|
+
fix_pattern: Use certificate pinning and encrypt sensitive payloads
|
|
495
|
+
languages: all
|
|
496
|
+
tools_defeated: Wireshark mitmproxy
|
|
497
|
+
example_code: // Pin certificates\n// Encrypt request/response payloads
|