npm - @nockdev/awf - Versions diffs - 6.2.0 - Mend

@nockdev/awf 6.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

package/.agent/build.yaml +178 -0
package/.agent/config.yaml +235 -0
package/.agent/core/ACTIVE_MEMORY.yaml +344 -0
package/.agent/core/ARCH_REGISTRY.yaml +252 -0
package/.agent/core/AUDIT_POLICY.md +68 -0
package/.agent/core/BRANDING.yaml +185 -0
package/.agent/core/CACHE.md +59 -0
package/.agent/core/CHECKPOINT.yaml +153 -0
package/.agent/core/CLEANUP_ENGINE.yaml +326 -0
package/.agent/core/CODING_STYLES.yaml +346 -0
package/.agent/core/COMMANDS.md +93 -0
package/.agent/core/CONTEXT_INJECTOR.yaml +325 -0
package/.agent/core/CONTEXT_LOADER.yaml +323 -0
package/.agent/core/CONTEXT_OPTIMIZATION.yaml +286 -0
package/.agent/core/CONTEXT_PRIORITY.yaml +357 -0
package/.agent/core/CUSTOMIZE.md +138 -0
package/.agent/core/DATA_SAFETY.md +92 -0
package/.agent/core/FLOW_ENGINE.yaml +300 -0
package/.agent/core/GRAPH_MEMORY.yaml +420 -0
package/.agent/core/HSA.yaml +357 -0
package/.agent/core/HYBRID_ROUTER.yaml +346 -0
package/.agent/core/INTENT_DETECTION.yaml +384 -0
package/.agent/core/LIBRARY_REGISTRY.yaml +401 -0
package/.agent/core/MCP_TOOLS.yaml +414 -0
package/.agent/core/MEMORY_CONSOLIDATION.yaml +352 -0
package/.agent/core/MEMORY_ENGINE.yaml +353 -0
package/.agent/core/MEMORY_PATHS.yaml +79 -0
package/.agent/core/MEMORY_UTILS.yaml +212 -0
package/.agent/core/PATTERNS.yaml +319 -0
package/.agent/core/PERMISSIONS.md +100 -0
package/.agent/core/README.md +91 -0
package/.agent/core/REFLECTION_ENGINE.yaml +348 -0
package/.agent/core/ROUTER.yaml +424 -0
package/.agent/core/SCORING_FORMULA.yaml +103 -0
package/.agent/core/SEMANTIC_ENGINE.yaml +162 -0
package/.agent/core/SKILLS_FLOW.yaml +341 -0
package/.agent/core/SKILL_SCHEMA.yaml +266 -0
package/.agent/core/STATE_MACHINE.yaml +409 -0
package/.agent/core/SUMMARIZATION_ENGINE.yaml +258 -0
package/.agent/core/TEMPLATES.yaml +364 -0
package/.agent/core/TOKEN_BUDGETS.yaml +157 -0
package/.agent/core/TOKEN_LOADING.yaml +197 -0
package/.agent/core/TOKEN_SUMMARY.yaml +121 -0
package/.agent/core/VERSION.yaml +240 -0
package/.agent/core/embeddings.json +2004 -0
package/.agent/core/session_cache.json +50 -0
package/.agent/i18n/README.md +30 -0
package/.agent/i18n/en.yaml +302 -0
package/.agent/i18n/vi.yaml +302 -0
package/.agent/ide/README.md +47 -0
package/.agent/ide/amazonq.json +35 -0
package/.agent/ide/amp.json +35 -0
package/.agent/ide/antigravity.json +47 -0
package/.agent/ide/augment.json +35 -0
package/.agent/ide/claude.json +42 -0
package/.agent/ide/cline.json +34 -0
package/.agent/ide/codex.json +37 -0
package/.agent/ide/cody.json +35 -0
package/.agent/ide/continue.json +35 -0
package/.agent/ide/cursor.json +42 -0
package/.agent/ide/gemini.json +46 -0
package/.agent/ide/jetbrains.json +35 -0
package/.agent/ide/kiro.json +35 -0
package/.agent/ide/opencode.json +35 -0
package/.agent/ide/roo.json +35 -0
package/.agent/ide/tabnine.json +35 -0
package/.agent/ide/trae.json +35 -0
package/.agent/ide/vscode.json +34 -0
package/.agent/ide/windsurf.json +56 -0
package/.agent/ide/zed.json +36 -0
package/.agent/manifest.yaml +416 -0
package/.agent/memory/README.md +148 -0
package/.agent/memory/active_memories.json +35 -0
package/.agent/memory/archive/.gitkeep +0 -0
package/.agent/memory/audit_summary.json +58 -0
package/.agent/memory/cleanup_log.json +34 -0
package/.agent/memory/consolidated.md +75 -0
package/.agent/memory/core_memory/persona.json +30 -0
package/.agent/memory/core_memory/project.json +25 -0
package/.agent/memory/core_memory/rules.json +29 -0
package/.agent/memory/core_memory/user.json +24 -0
package/.agent/memory/decisions.md +40 -0
package/.agent/memory/graph/knowledge_graph.json +12 -0
package/.agent/memory/insights.md +52 -0
package/.agent/memory/metrics.json +48 -0
package/.agent/memory/patterns/errors.json +11 -0
package/.agent/memory/patterns/successes.json +10 -0
package/.agent/memory/session.md +64 -0
package/.agent/memory/session_rules.json +19 -0
package/.agent/memory/state.json +81 -0
package/.agent/memory/vectors/README.md +129 -0
package/.agent/personas/README.md +180 -0
package/.agent/personas/architect.md +186 -0
package/.agent/personas/auditor.md +222 -0
package/.agent/personas/debugger.md +210 -0
package/.agent/personas/developer.md +183 -0
package/.agent/personas/devops.md +268 -0
package/.agent/personas/documenter.md +262 -0
package/.agent/personas/orchestrator.md +240 -0
package/.agent/personas/persona.schema.yaml +209 -0
package/.agent/personas/planner.md +171 -0
package/.agent/personas/researcher.md +194 -0
package/.agent/personas/security.md +212 -0
package/.agent/personas/tester.md +247 -0
package/.agent/rules/README.md +231 -0
package/.agent/rules/SACRED_RULES.xml +142 -0
package/.agent/rules/constitutional/tier-0-core.yaml +182 -0
package/.agent/rules/constitutional/tier-1-safety.yaml +272 -0
package/.agent/rules/constitutional/tier-2-execution.yaml +294 -0
package/.agent/rules/data/build-systems.yaml +126 -0
package/.agent/rules/data/quality-standards.json +59 -0
package/.agent/rules/duplication-prevention.md +138 -0
package/.agent/rules/incremental-changes.md +146 -0
package/.agent/rules/modules/context-management.yaml +158 -0
package/.agent/rules/modules/edit-verification.yaml +197 -0
package/.agent/rules/modules/evidence.yaml +185 -0
package/.agent/rules/modules/git-workflow.yaml +165 -0
package/.agent/rules/modules/language.yaml +155 -0
package/.agent/rules/modules/online-research.yaml +192 -0
package/.agent/rules/modules/quality.yaml +185 -0
package/.agent/rules/modules/reflection.yaml +209 -0
package/.agent/rules/modules/stop-conditions.yaml +196 -0
package/.agent/rules/modules/terminal-safety.yaml +229 -0
package/.agent/rules/modules/versioning.yaml +97 -0
package/.agent/rules/modules/yagni.yaml +167 -0
package/.agent/rules/project-detection.md +317 -0
package/.agent/rules/prompt-injection-guard.md +260 -0
package/.agent/rules/shell-commands.md +210 -0
package/.agent/rules/validation-framework.md +189 -0
package/.agent/skills/DEVELOPMENT.yaml +226 -0
package/.agent/skills/README.md +69 -0
package/.agent/skills/_categories.yaml +145 -0
package/.agent/skills/_router.yaml +232 -0
package/.agent/skills/core/_index.yaml +12 -0
package/.agent/skills/core/api-design/META.yaml +64 -0
package/.agent/skills/core/api-design/SKILL.md +169 -0
package/.agent/skills/core/api-design/data/api-versioning.yaml +217 -0
package/.agent/skills/core/api-design/data/error-responses.yaml +135 -0
package/.agent/skills/core/api-design/data/graphql-patterns.yaml +165 -0
package/.agent/skills/core/api-design/data/grpc-patterns.yaml +165 -0
package/.agent/skills/core/api-design/data/http-status-codes.yaml +176 -0
package/.agent/skills/core/api-design/data/pagination.yaml +121 -0
package/.agent/skills/core/api-design/data/rate-limiting.yaml +135 -0
package/.agent/skills/core/api-design/data/rest-patterns.yaml +195 -0
package/.agent/skills/core/api-design/data/test-apis.yaml +217 -0
package/.agent/skills/core/authentication/META.yaml +73 -0
package/.agent/skills/core/authentication/SKILL.md +166 -0
package/.agent/skills/core/authentication/data/anti-patterns.yaml +135 -0
package/.agent/skills/core/authentication/data/core-patterns.yaml +256 -0
package/.agent/skills/core/authentication/data/jwt-patterns.yaml +255 -0
package/.agent/skills/core/authentication/data/language-csharp.yaml +215 -0
package/.agent/skills/core/authentication/data/language-go.yaml +215 -0
package/.agent/skills/core/authentication/data/language-java.yaml +215 -0
package/.agent/skills/core/authentication/data/language-mobile.yaml +215 -0
package/.agent/skills/core/authentication/data/language-python.yaml +215 -0
package/.agent/skills/core/authentication/data/language-rust.yaml +215 -0
package/.agent/skills/core/authentication/data/language-typescript.yaml +215 -0
package/.agent/skills/core/authentication/data/mfa-patterns.yaml +175 -0
package/.agent/skills/core/authentication/data/oauth-patterns.yaml +255 -0
package/.agent/skills/core/authentication/data/oauth.yaml +248 -0
package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +215 -0
package/.agent/skills/core/authentication/data/passkeys.yaml +208 -0
package/.agent/skills/core/authentication/data/password-patterns.yaml +175 -0
package/.agent/skills/core/authentication/data/password.yaml +168 -0
package/.agent/skills/core/authentication/data/session-patterns.yaml +215 -0
package/.agent/skills/core/error-handling/META.yaml +71 -0
package/.agent/skills/core/error-handling/SKILL.md +156 -0
package/.agent/skills/core/error-handling/data/anti-patterns.yaml +105 -0
package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +135 -0
package/.agent/skills/core/error-handling/data/core-patterns.yaml +226 -0
package/.agent/skills/core/error-handling/data/error-codes.yaml +165 -0
package/.agent/skills/core/error-handling/data/error-messages.yaml +165 -0
package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-go-rust.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-python-java.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +226 -0
package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +191 -0
package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +135 -0
package/.agent/skills/core/logging/META.yaml +73 -0
package/.agent/skills/core/logging/SKILL.md +184 -0
package/.agent/skills/core/logging/data/aggregation-patterns.yaml +191 -0
package/.agent/skills/core/logging/data/anti-patterns.yaml +121 -0
package/.agent/skills/core/logging/data/core-patterns.yaml +226 -0
package/.agent/skills/core/logging/data/language-csharp.yaml +191 -0
package/.agent/skills/core/logging/data/language-go.yaml +191 -0
package/.agent/skills/core/logging/data/language-java.yaml +191 -0
package/.agent/skills/core/logging/data/language-kotlin.yaml +156 -0
package/.agent/skills/core/logging/data/language-others.yaml +184 -0
package/.agent/skills/core/logging/data/language-python.yaml +191 -0
package/.agent/skills/core/logging/data/language-rust.yaml +191 -0
package/.agent/skills/core/logging/data/language-swift.yaml +156 -0
package/.agent/skills/core/logging/data/language-typescript.yaml +191 -0
package/.agent/skills/core/logging/data/otel-logging.yaml +156 -0
package/.agent/skills/core/observability/META.yaml +76 -0
package/.agent/skills/core/observability/SKILL.md +153 -0
package/.agent/skills/core/observability/data/alerting-patterns.yaml +165 -0
package/.agent/skills/core/observability/data/anti-patterns.yaml +105 -0
package/.agent/skills/core/observability/data/core-patterns.yaml +195 -0
package/.agent/skills/core/observability/data/language-cpp.yaml +165 -0
package/.agent/skills/core/observability/data/language-csharp.yaml +165 -0
package/.agent/skills/core/observability/data/language-go.yaml +165 -0
package/.agent/skills/core/observability/data/language-java.yaml +165 -0
package/.agent/skills/core/observability/data/language-others.yaml +255 -0
package/.agent/skills/core/observability/data/language-python.yaml +165 -0
package/.agent/skills/core/observability/data/language-rust.yaml +165 -0
package/.agent/skills/core/observability/data/language-typescript.yaml +165 -0
package/.agent/skills/core/observability/data/metrics-patterns.yaml +135 -0
package/.agent/skills/core/observability/data/metrics-prometheus.yaml +165 -0
package/.agent/skills/core/observability/data/otel-core.yaml +195 -0
package/.agent/skills/core/observability/data/profiling-patterns.yaml +135 -0
package/.agent/skills/core/observability/data/tracing-patterns.yaml +165 -0
package/.agent/skills/core/observability/data/tracing-tools.yaml +135 -0
package/.agent/skills/core/security/ADVANCED.md +269 -0
package/.agent/skills/core/security/META.yaml +97 -0
package/.agent/skills/core/security/SKILL.md +234 -0
package/.agent/skills/core/security/data/ai-ml-security.yaml +261 -0
package/.agent/skills/core/security/data/api-security.yaml +230 -0
package/.agent/skills/core/security/data/auth-patterns.yaml +195 -0
package/.agent/skills/core/security/data/binary-exploitation.yaml +339 -0
package/.agent/skills/core/security/data/cloud-security.yaml +269 -0
package/.agent/skills/core/security/data/cwe-top25.yaml +415 -0
package/.agent/skills/core/security/data/language-specific/c-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/go-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/java-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/php-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/python-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/rust-security.yaml +240 -0
package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +369 -0
package/.agent/skills/core/security/data/language-specific/swift-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +295 -0
package/.agent/skills/core/security/data/mobile-security.yaml +369 -0
package/.agent/skills/core/security/data/network-security.yaml +297 -0
package/.agent/skills/core/security/data/owasp-top10.yaml +171 -0
package/.agent/skills/core/security/data/reverse-engineering.yaml +497 -0
package/.agent/skills/core/security/data/supply-chain.yaml +219 -0
package/.agent/skills/cross-cutting/_index.yaml +15 -0
package/.agent/skills/cross-cutting/audit-pro/META.yaml +43 -0
package/.agent/skills/cross-cutting/audit-pro/data/checklists.yaml +644 -0
package/.agent/skills/cross-cutting/audit-pro/data/scoring.yaml +101 -0
package/.agent/skills/cross-cutting/aws/META.yaml +75 -0
package/.agent/skills/cross-cutting/aws/data/ai_ml.yaml +194 -0
package/.agent/skills/cross-cutting/aws/data/compute.yaml +191 -0
package/.agent/skills/cross-cutting/aws/data/kubernetes.yaml +199 -0
package/.agent/skills/cross-cutting/aws/data/storage.yaml +174 -0
package/.agent/skills/cross-cutting/bun/META.yaml +58 -0
package/.agent/skills/cross-cutting/bun/SKILL.md +357 -0
package/.agent/skills/cross-cutting/bun/data/database.yaml +85 -0
package/.agent/skills/cross-cutting/bun/data/runtime.yaml +170 -0
package/.agent/skills/cross-cutting/bun/data/tooling.yaml +192 -0
package/.agent/skills/cross-cutting/ci-cd/META.yaml +60 -0
package/.agent/skills/cross-cutting/ci-cd/data/github_actions.yaml +248 -0
package/.agent/skills/cross-cutting/ci-cd/data/security.yaml +211 -0
package/.agent/skills/cross-cutting/coding-rules/META.yaml +61 -0
package/.agent/skills/cross-cutting/coding-rules/SKILL.md +171 -0
package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +96 -0
package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +346 -0
package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +647 -0
package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +108 -0
package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +260 -0
package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +344 -0
package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +108 -0
package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +320 -0
package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +164 -0
package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +80 -0
package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +183 -0
package/.agent/skills/cross-cutting/database/ADVANCED.md +465 -0
package/.agent/skills/cross-cutting/database/META.yaml +22 -0
package/.agent/skills/cross-cutting/database/SKILL.md +816 -0
package/.agent/skills/cross-cutting/database/data/anti_patterns.yaml +116 -0
package/.agent/skills/cross-cutting/database/data/distributed.yaml +152 -0
package/.agent/skills/cross-cutting/database/data/mongodb.yaml +132 -0
package/.agent/skills/cross-cutting/database/data/mysql.yaml +130 -0
package/.agent/skills/cross-cutting/database/data/orm.yaml +104 -0
package/.agent/skills/cross-cutting/database/data/postgresql.yaml +170 -0
package/.agent/skills/cross-cutting/database/data/redis.yaml +129 -0
package/.agent/skills/cross-cutting/deno/META.yaml +68 -0
package/.agent/skills/cross-cutting/deno/SKILL.md +343 -0
package/.agent/skills/cross-cutting/deno/data/runtime.yaml +260 -0
package/.agent/skills/cross-cutting/deno/data/security.yaml +168 -0
package/.agent/skills/cross-cutting/deno/data/tooling.yaml +133 -0
package/.agent/skills/cross-cutting/docker/META.yaml +65 -0
package/.agent/skills/cross-cutting/docker/data/build.yaml +197 -0
package/.agent/skills/cross-cutting/docker/data/compose.yaml +229 -0
package/.agent/skills/cross-cutting/docker/data/security.yaml +164 -0
package/.agent/skills/cross-cutting/electron/META.yaml +174 -0
package/.agent/skills/cross-cutting/electron/SKILL.md +862 -0
package/.agent/skills/cross-cutting/electron/data/build.yaml +105 -0
package/.agent/skills/cross-cutting/electron/data/crash.yaml +103 -0
package/.agent/skills/cross-cutting/electron/data/ipc.yaml +85 -0
package/.agent/skills/cross-cutting/electron/data/native.yaml +157 -0
package/.agent/skills/cross-cutting/electron/data/security.yaml +89 -0
package/.agent/skills/cross-cutting/electron/data/storage.yaml +100 -0
package/.agent/skills/cross-cutting/electron/data/testing.yaml +103 -0
package/.agent/skills/cross-cutting/electron/data/updates.yaml +99 -0
package/.agent/skills/cross-cutting/electron/data/window.yaml +83 -0
package/.agent/skills/cross-cutting/kubernetes/META.yaml +70 -0
package/.agent/skills/cross-cutting/kubernetes/data/networking.yaml +270 -0
package/.agent/skills/cross-cutting/kubernetes/data/scheduling.yaml +267 -0
package/.agent/skills/cross-cutting/kubernetes/data/security.yaml +253 -0
package/.agent/skills/cross-cutting/kubernetes/data/workloads.yaml +251 -0
package/.agent/skills/cross-cutting/sql/META.yaml +88 -0
package/.agent/skills/cross-cutting/sql/SKILL.md +296 -0
package/.agent/skills/cross-cutting/sql/data/indexing.yaml +147 -0
package/.agent/skills/cross-cutting/sql/data/json.yaml +156 -0
package/.agent/skills/cross-cutting/sql/data/performance.yaml +204 -0
package/.agent/skills/cross-cutting/sql/data/queries.yaml +150 -0
package/.agent/skills/cross-cutting/tailwind/META.yaml +72 -0
package/.agent/skills/cross-cutting/tailwind/SKILL.md +344 -0
package/.agent/skills/cross-cutting/tailwind/data/build.yaml +143 -0
package/.agent/skills/cross-cutting/tailwind/data/config.yaml +109 -0
package/.agent/skills/cross-cutting/tailwind/data/migration.yaml +149 -0
package/.agent/skills/cross-cutting/tailwind/data/responsive.yaml +148 -0
package/.agent/skills/cross-cutting/tailwind/data/states.yaml +152 -0
package/.agent/skills/cross-cutting/tailwind/data/theme.yaml +126 -0
package/.agent/skills/cross-cutting/tailwind/data/utilities.yaml +182 -0
package/.agent/skills/cross-cutting/tailwind/data/variants.yaml +154 -0
package/.agent/skills/cross-cutting/testing/ADVANCED.md +245 -0
package/.agent/skills/cross-cutting/testing/META.yaml +49 -0
package/.agent/skills/cross-cutting/testing/SKILL.md +263 -0
package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +300 -0
package/.agent/skills/cross-cutting/testing/data/patterns.yaml +168 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/META.yaml +108 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +565 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +331 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +1226 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +287 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +318 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +525 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +232 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +140 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-colors.yaml +467 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +75 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +918 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +107 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +372 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +195 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +177 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +1339 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +180 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +504 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +228 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +508 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +543 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +515 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +519 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +599 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +496 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +526 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +616 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +520 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +486 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +485 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +1473 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +647 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +1019 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +1009 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +347 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +393 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +303 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +496 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +76 -0
package/.agent/skills/cross-cutting/web-perf/META.yaml +92 -0
package/.agent/skills/cross-cutting/web-perf/SKILL.md +181 -0
package/.agent/skills/cross-cutting/web-perf/data/cls_optimization.yaml +189 -0
package/.agent/skills/cross-cutting/web-perf/data/core_web_vitals.yaml +282 -0
package/.agent/skills/cross-cutting/web-perf/data/inp_optimization.yaml +240 -0
package/.agent/skills/cross-cutting/web-perf/data/lcp_optimization.yaml +202 -0
package/.agent/skills/cross-cutting/web-perf/data/measurement.yaml +170 -0
package/.agent/skills/devops/_index.yaml +9 -0
package/.agent/skills/devops/aws/ADVANCED.md +547 -0
package/.agent/skills/devops/aws/META.yaml +84 -0
package/.agent/skills/devops/aws/SKILL.md +711 -0
package/.agent/skills/devops/ci-cd/ADVANCED.md +529 -0
package/.agent/skills/devops/ci-cd/META.yaml +21 -0
package/.agent/skills/devops/ci-cd/SKILL.md +821 -0
package/.agent/skills/devops/docker/ADVANCED.md +495 -0
package/.agent/skills/devops/docker/META.yaml +20 -0
package/.agent/skills/devops/docker/SKILL.md +653 -0
package/.agent/skills/devops/kubernetes/ADVANCED.md +252 -0
package/.agent/skills/devops/kubernetes/META.yaml +15 -0
package/.agent/skills/devops/kubernetes/SKILL.md +621 -0
package/.agent/skills/frameworks/_index.yaml +13 -0
package/.agent/skills/frameworks/angular/META.yaml +70 -0
package/.agent/skills/frameworks/angular/SKILL.md +319 -0
package/.agent/skills/frameworks/angular/data/core.yaml +209 -0
package/.agent/skills/frameworks/angular/data/performance.yaml +210 -0
package/.agent/skills/frameworks/angular/data/server.yaml +175 -0
package/.agent/skills/frameworks/flutter/ADVANCED.md +491 -0
package/.agent/skills/frameworks/flutter/META.yaml +64 -0
package/.agent/skills/frameworks/flutter/SKILL.md +541 -0
package/.agent/skills/frameworks/flutter/data/core.yaml +210 -0
package/.agent/skills/frameworks/flutter/data/platform.yaml +246 -0
package/.agent/skills/frameworks/flutter/data/state.yaml +250 -0
package/.agent/skills/frameworks/nextjs/ADVANCED.md +225 -0
package/.agent/skills/frameworks/nextjs/META.yaml +67 -0
package/.agent/skills/frameworks/nextjs/SKILL.md +593 -0
package/.agent/skills/frameworks/nextjs/data/caching.yaml +210 -0
package/.agent/skills/frameworks/nextjs/data/core.yaml +255 -0
package/.agent/skills/frameworks/nextjs/data/server.yaml +248 -0
package/.agent/skills/frameworks/nuxt/META.yaml +57 -0
package/.agent/skills/frameworks/nuxt/SKILL.md +283 -0
package/.agent/skills/frameworks/nuxt/data/core.yaml +309 -0
package/.agent/skills/frameworks/nuxt/data/server.yaml +271 -0
package/.agent/skills/frameworks/react/ADVANCED.md +676 -0
package/.agent/skills/frameworks/react/META.yaml +60 -0
package/.agent/skills/frameworks/react/SKILL.md +263 -0
package/.agent/skills/frameworks/react/data/core.yaml +278 -0
package/.agent/skills/frameworks/react/data/server.yaml +283 -0
package/.agent/skills/frameworks/react-native/META.yaml +59 -0
package/.agent/skills/frameworks/react-native/SKILL.md +301 -0
package/.agent/skills/frameworks/react-native/data/core.yaml +260 -0
package/.agent/skills/frameworks/react-native/data/platform.yaml +287 -0
package/.agent/skills/frameworks/svelte/META.yaml +62 -0
package/.agent/skills/frameworks/svelte/SKILL.md +398 -0
package/.agent/skills/frameworks/svelte/data/runes.yaml +239 -0
package/.agent/skills/frameworks/svelte/data/sveltekit.yaml +244 -0
package/.agent/skills/frameworks/vue/ADVANCED.md +214 -0
package/.agent/skills/frameworks/vue/META.yaml +58 -0
package/.agent/skills/frameworks/vue/SKILL.md +356 -0
package/.agent/skills/frameworks/vue/data/advanced.yaml +253 -0
package/.agent/skills/frameworks/vue/data/core.yaml +270 -0
package/.agent/skills/index.json +143 -0
package/.agent/skills/languages/_index.yaml +33 -0
package/.agent/skills/languages/asm/ADVANCED.md +750 -0
package/.agent/skills/languages/asm/META.yaml +84 -0
package/.agent/skills/languages/asm/SKILL.md +753 -0
package/.agent/skills/languages/asm/data/advanced.yaml +295 -0
package/.agent/skills/languages/asm/data/core.yaml +280 -0
package/.agent/skills/languages/c/ADVANCED.md +625 -0
package/.agent/skills/languages/c/META.yaml +58 -0
package/.agent/skills/languages/c/SKILL.md +748 -0
package/.agent/skills/languages/c/data/core.yaml +179 -0
package/.agent/skills/languages/c/data/embedded.yaml +251 -0
package/.agent/skills/languages/c/data/memory.yaml +253 -0
package/.agent/skills/languages/clojure/META.yaml +13 -0
package/.agent/skills/languages/clojure/SKILL.md +130 -0
package/.agent/skills/languages/clojure/data/core.yaml +326 -0
package/.agent/skills/languages/cpp/ADVANCED.md +457 -0
package/.agent/skills/languages/cpp/META.yaml +61 -0
package/.agent/skills/languages/cpp/SKILL.md +936 -0
package/.agent/skills/languages/cpp/data/core.yaml +304 -0
package/.agent/skills/languages/cpp/data/memory.yaml +247 -0
package/.agent/skills/languages/cpp/data/modern.yaml +334 -0
package/.agent/skills/languages/crystal/META.yaml +30 -0
package/.agent/skills/languages/crystal/SKILL.md +117 -0
package/.agent/skills/languages/crystal/data/async.yaml +264 -0
package/.agent/skills/languages/crystal/data/core.yaml +279 -0
package/.agent/skills/languages/csharp/ADVANCED.md +592 -0
package/.agent/skills/languages/csharp/META.yaml +23 -0
package/.agent/skills/languages/csharp/SKILL.md +620 -0
package/.agent/skills/languages/csharp/data/aspnet.yaml +448 -0
package/.agent/skills/languages/csharp/data/core.yaml +362 -0
package/.agent/skills/languages/elixir/META.yaml +18 -0
package/.agent/skills/languages/elixir/SKILL.md +368 -0
package/.agent/skills/languages/elixir/data/core.yaml +392 -0
package/.agent/skills/languages/fsharp/META.yaml +14 -0
package/.agent/skills/languages/fsharp/SKILL.md +113 -0
package/.agent/skills/languages/fsharp/data/core.yaml +396 -0
package/.agent/skills/languages/go/ADVANCED.md +260 -0
package/.agent/skills/languages/go/META.yaml +64 -0
package/.agent/skills/languages/go/SKILL.md +489 -0
package/.agent/skills/languages/go/data/concurrency.yaml +424 -0
package/.agent/skills/languages/go/data/core.yaml +399 -0
package/.agent/skills/languages/go/data/http.yaml +507 -0
package/.agent/skills/languages/haskell/META.yaml +18 -0
package/.agent/skills/languages/haskell/SKILL.md +305 -0
package/.agent/skills/languages/haskell/data/core.yaml +347 -0
package/.agent/skills/languages/java/ADVANCED.md +450 -0
package/.agent/skills/languages/java/META.yaml +89 -0
package/.agent/skills/languages/java/SKILL.md +495 -0
package/.agent/skills/languages/java/data/core.yaml +307 -0
package/.agent/skills/languages/java/data/spring.yaml +437 -0
package/.agent/skills/languages/javascript/ADVANCED.md +530 -0
package/.agent/skills/languages/javascript/META.yaml +105 -0
package/.agent/skills/languages/javascript/SKILL.md +455 -0
package/.agent/skills/languages/javascript/data/async.yaml +290 -0
package/.agent/skills/languages/javascript/data/core.yaml +380 -0
package/.agent/skills/languages/javascript/data/modern.yaml +269 -0
package/.agent/skills/languages/julia/META.yaml +13 -0
package/.agent/skills/languages/julia/SKILL.md +174 -0
package/.agent/skills/languages/julia/data/core.yaml +356 -0
package/.agent/skills/languages/kotlin/ADVANCED.md +539 -0
package/.agent/skills/languages/kotlin/META.yaml +24 -0
package/.agent/skills/languages/kotlin/SKILL.md +525 -0
package/.agent/skills/languages/kotlin/data/android.yaml +495 -0
package/.agent/skills/languages/kotlin/data/core.yaml +366 -0
package/.agent/skills/languages/lua/ADVANCED.md +257 -0
package/.agent/skills/languages/lua/META.yaml +58 -0
package/.agent/skills/languages/lua/SKILL.md +492 -0
package/.agent/skills/languages/lua/data/core.yaml +264 -0
package/.agent/skills/languages/lua/data/embedding.yaml +300 -0
package/.agent/skills/languages/nim/META.yaml +30 -0
package/.agent/skills/languages/nim/SKILL.md +116 -0
package/.agent/skills/languages/nim/data/async.yaml +257 -0
package/.agent/skills/languages/nim/data/core.yaml +241 -0
package/.agent/skills/languages/ocaml/META.yaml +13 -0
package/.agent/skills/languages/ocaml/SKILL.md +123 -0
package/.agent/skills/languages/ocaml/data/core.yaml +357 -0
package/.agent/skills/languages/perl/META.yaml +13 -0
package/.agent/skills/languages/perl/SKILL.md +115 -0
package/.agent/skills/languages/perl/data/core.yaml +360 -0
package/.agent/skills/languages/php/ADVANCED.md +199 -0
package/.agent/skills/languages/php/META.yaml +18 -0
package/.agent/skills/languages/php/SKILL.md +488 -0
package/.agent/skills/languages/php/data/core.yaml +392 -0
package/.agent/skills/languages/php/data/laravel.yaml +525 -0
package/.agent/skills/languages/python/ADVANCED.md +207 -0
package/.agent/skills/languages/python/META.yaml +91 -0
package/.agent/skills/languages/python/SKILL.md +495 -0
package/.agent/skills/languages/python/data/async.yaml +265 -0
package/.agent/skills/languages/python/data/core.yaml +259 -0
package/.agent/skills/languages/python/data/fastapi.yaml +296 -0
package/.agent/skills/languages/python/data/testing.yaml +226 -0
package/.agent/skills/languages/r/META.yaml +16 -0
package/.agent/skills/languages/r/SKILL.md +348 -0
package/.agent/skills/languages/r/data/core.yaml +355 -0
package/.agent/skills/languages/ruby/ADVANCED.md +381 -0
package/.agent/skills/languages/ruby/META.yaml +19 -0
package/.agent/skills/languages/ruby/SKILL.md +417 -0
package/.agent/skills/languages/ruby/data/core.yaml +448 -0
package/.agent/skills/languages/ruby/data/rails.yaml +415 -0
package/.agent/skills/languages/rust/ADVANCED.md +212 -0
package/.agent/skills/languages/rust/META.yaml +87 -0
package/.agent/skills/languages/rust/SKILL.md +377 -0
package/.agent/skills/languages/rust/data/async.yaml +404 -0
package/.agent/skills/languages/rust/data/axum.yaml +450 -0
package/.agent/skills/languages/rust/data/core.yaml +356 -0
package/.agent/skills/languages/scala/META.yaml +17 -0
package/.agent/skills/languages/scala/SKILL.md +202 -0
package/.agent/skills/languages/scala/data/core.yaml +349 -0
package/.agent/skills/languages/solidity/META.yaml +13 -0
package/.agent/skills/languages/solidity/SKILL.md +188 -0
package/.agent/skills/languages/solidity/data/core.yaml +528 -0
package/.agent/skills/languages/swift/ADVANCED.md +231 -0
package/.agent/skills/languages/swift/META.yaml +18 -0
package/.agent/skills/languages/swift/SKILL.md +342 -0
package/.agent/skills/languages/swift/data/core.yaml +489 -0
package/.agent/skills/languages/typescript/ADVANCED.md +186 -0
package/.agent/skills/languages/typescript/META.yaml +92 -0
package/.agent/skills/languages/typescript/SKILL.md +306 -0
package/.agent/skills/languages/typescript/data/async.yaml +397 -0
package/.agent/skills/languages/typescript/data/core.yaml +283 -0
package/.agent/skills/languages/typescript/data/validation.yaml +338 -0
package/.agent/skills/languages/zig/META.yaml +52 -0
package/.agent/skills/languages/zig/SKILL.md +354 -0
package/.agent/skills/languages/zig/data/async.yaml +314 -0
package/.agent/skills/languages/zig/data/core.yaml +302 -0
package/.agent/templates/README.md +42 -0
package/.agent/templates/audit-report.md +153 -0
package/.agent/templates/chains/debug/step1-reproduce.md +83 -0
package/.agent/templates/chains/debug/step2-isolate.md +73 -0
package/.agent/templates/chains/debug/step3-analyze.md +86 -0
package/.agent/templates/chains/debug/step4-fix.md +85 -0
package/.agent/templates/chains/debug/step5-verify.md +122 -0
package/.agent/templates/chains/implement/step1-plan.md +88 -0
package/.agent/templates/chains/implement/step2-code.md +87 -0
package/.agent/templates/chains/implement/step3-test.md +87 -0
package/.agent/templates/chains/implement/step4-doc.md +118 -0
package/.agent/templates/chains/review/step1-understand.md +74 -0
package/.agent/templates/chains/review/step2-analyze.md +110 -0
package/.agent/templates/chains/review/step3-fix.md +93 -0
package/.agent/templates/chains/review/step4-summary.md +104 -0
package/.agent/templates/debug-report.md +50 -0
package/.agent/templates/deploy-plan.md +54 -0
package/.agent/templates/doc-template.md +57 -0
package/.agent/templates/findings.md +122 -0
package/.agent/templates/index.yaml +239 -0
package/.agent/templates/migrate-plan.md +50 -0
package/.agent/templates/phase-template.md +72 -0
package/.agent/templates/project-plan.md +87 -0
package/.agent/templates/prompts/context_block.md +114 -0
package/.agent/templates/prompts/guardrails_block.md +116 -0
package/.agent/templates/prompts/persona_base.md +155 -0
package/.agent/templates/prompts/tools_block.md +137 -0
package/.agent/templates/reflection/critic.md +110 -0
package/.agent/templates/reflection/error_analysis.md +149 -0
package/.agent/templates/reflection/success_analysis.md +174 -0
package/.agent/templates/task-list.md +144 -0
package/.agent/templates/tasks/audit.yaml +146 -0
package/.agent/templates/tasks/bug_fix.yaml +121 -0
package/.agent/templates/tasks/code_implementation.yaml +110 -0
package/.agent/templates/tasks/refactor.yaml +157 -0
package/.agent/templates/test-report.md +52 -0
package/.agent/workflows/ap.md +135 -0
package/.agent/workflows/code.md +130 -0
package/.agent/workflows/debug.md +230 -0
package/.agent/workflows/deploy.md +192 -0
package/.agent/workflows/dev.md +137 -0
package/.agent/workflows/doc.md +124 -0
package/.agent/workflows/env.md +98 -0
package/.agent/workflows/fix.md +76 -0
package/.agent/workflows/generate.md +28 -0
package/.agent/workflows/git.md +97 -0
package/.agent/workflows/help.md +75 -0
package/.agent/workflows/init.md +148 -0
package/.agent/workflows/migrate.md +135 -0
package/.agent/workflows/monitor.md +133 -0
package/.agent/workflows/onboard.md +144 -0
package/.agent/workflows/orchestrate.md +117 -0
package/.agent/workflows/perf.md +106 -0
package/.agent/workflows/plan.md +106 -0
package/.agent/workflows/recap.md +101 -0
package/.agent/workflows/refactor.md +161 -0
package/.agent/workflows/revert.md +99 -0
package/.agent/workflows/review.md +106 -0
package/.agent/workflows/scaffold.md +119 -0
package/.agent/workflows/security.md +186 -0
package/.agent/workflows/status.md +103 -0
package/.agent/workflows/test.md +157 -0
package/.agent/workflows/think.md +126 -0
package/.agent/workflows/upgrade.md +109 -0
package/.agent/workflows/visualize.md +295 -0
package/.agent/workflows/workflow.md +196 -0
package/README.md +64 -0
package/dist/commands/add.d.ts +2 -0
package/dist/commands/add.d.ts.map +1 -0
package/dist/commands/add.js +70 -0
package/dist/commands/add.js.map +1 -0
package/dist/commands/config.d.ts +4 -0
package/dist/commands/config.d.ts.map +1 -0
package/dist/commands/config.js +152 -0
package/dist/commands/config.js.map +1 -0
package/dist/commands/doctor.d.ts +4 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +98 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/hsa.d.ts +4 -0
package/dist/commands/hsa.d.ts.map +1 -0
package/dist/commands/hsa.js +194 -0
package/dist/commands/hsa.js.map +1 -0
package/dist/commands/info.d.ts +2 -0
package/dist/commands/info.d.ts.map +1 -0
package/dist/commands/info.js +149 -0
package/dist/commands/info.js.map +1 -0
package/dist/commands/init.d.ts +4 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +262 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/install-core.d.ts +4 -0
package/dist/commands/install-core.d.ts.map +1 -0
package/dist/commands/install-core.js +85 -0
package/dist/commands/install-core.js.map +1 -0
package/dist/commands/install-helpers.d.ts +27 -0
package/dist/commands/install-helpers.d.ts.map +1 -0
package/dist/commands/install-helpers.js +125 -0
package/dist/commands/install-helpers.js.map +1 -0
package/dist/commands/install-hsa.d.ts +18 -0
package/dist/commands/install-hsa.d.ts.map +1 -0
package/dist/commands/install-hsa.js +61 -0
package/dist/commands/install-hsa.js.map +1 -0
package/dist/commands/install.d.ts +4 -0
package/dist/commands/install.d.ts.map +1 -0
package/dist/commands/install.js +310 -0
package/dist/commands/install.js.map +1 -0
package/dist/commands/list.d.ts +4 -0
package/dist/commands/list.d.ts.map +1 -0
package/dist/commands/list.js +91 -0
package/dist/commands/list.js.map +1 -0
package/dist/commands/mcp-registry.d.ts +48 -0
package/dist/commands/mcp-registry.d.ts.map +1 -0
package/dist/commands/mcp-registry.js +246 -0
package/dist/commands/mcp-registry.js.map +1 -0
package/dist/commands/mcp-writers.d.ts +20 -0
package/dist/commands/mcp-writers.d.ts.map +1 -0
package/dist/commands/mcp-writers.js +144 -0
package/dist/commands/mcp-writers.js.map +1 -0
package/dist/commands/mcp.d.ts +10 -0
package/dist/commands/mcp.d.ts.map +1 -0
package/dist/commands/mcp.js +319 -0
package/dist/commands/mcp.js.map +1 -0
package/dist/commands/update.d.ts +4 -0
package/dist/commands/update.d.ts.map +1 -0
package/dist/commands/update.js +79 -0
package/dist/commands/update.js.map +1 -0
package/dist/constants/cursor-globs.d.ts +17 -0
package/dist/constants/cursor-globs.d.ts.map +1 -0
package/dist/constants/cursor-globs.js +62 -0
package/dist/constants/cursor-globs.js.map +1 -0
package/dist/constants/ide-install-specs.d.ts +36 -0
package/dist/constants/ide-install-specs.d.ts.map +1 -0
package/dist/constants/ide-install-specs.js +870 -0
package/dist/constants/ide-install-specs.js.map +1 -0
package/dist/constants/ides.d.ts +105 -0
package/dist/constants/ides.d.ts.map +1 -0
package/dist/constants/ides.js +412 -0
package/dist/constants/ides.js.map +1 -0
package/dist/constants/skills.d.ts +40 -0
package/dist/constants/skills.d.ts.map +1 -0
package/dist/constants/skills.js +78 -0
package/dist/constants/skills.js.map +1 -0
package/dist/constants.d.ts +39 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +75 -0
package/dist/constants.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +122 -0
package/dist/index.js.map +1 -0
package/dist/types/flags.d.ts +47 -0
package/dist/types/flags.d.ts.map +1 -0
package/dist/types/flags.js +4 -0
package/dist/types/flags.js.map +1 -0
package/dist/types/ide-install.d.ts +175 -0
package/dist/types/ide-install.d.ts.map +1 -0
package/dist/types/ide-install.js +29 -0
package/dist/types/ide-install.js.map +1 -0
package/dist/utils/copy-helpers.d.ts +60 -0
package/dist/utils/copy-helpers.d.ts.map +1 -0
package/dist/utils/copy-helpers.js +617 -0
package/dist/utils/copy-helpers.js.map +1 -0
package/dist/utils/index.d.ts +3 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +5 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/validation.d.ts +29 -0
package/dist/utils/validation.d.ts.map +1 -0
package/dist/utils/validation.js +211 -0
package/dist/utils/validation.js.map +1 -0
package/package.json +64 -0

package/.agent/skills/core/security/data/cwe-top25.yaml ADDED Viewed

@@ -0,0 +1,415 @@
+metadata:
+  skill: security
+  domain: cwe_top25
+  version: 6.2.0
+  updated: '2026-02-05'
+  migrated_from: cwe-top25.csv
+  patterns_count: 25
+  columns:
+  - id
+  - name
+  - severity
+  - category
+  - rank_2024
+  - description
+  - detection_pattern
+  - fix_pattern
+  - languages
+  - example_vuln
+  - example_fix
+patterns:
+- id: CWE-79
+  name: Cross-site Scripting (XSS)
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '1'
+  description: 'Rendering untrusted data in HTML without encoding. #1 in 2024 (was #2)'
+  detection_pattern: (innerHTML|document\\.write|dangerouslySetInnerHTML)
+  fix_pattern: HTML entity encoding, CSP headers, sanitize libraries
+  languages:
+  - javascript
+  - typescript
+  example_vuln: '// BAD: Direct HTML injection
+    element.innerHTML = userInput'
+  example_fix: '// GOOD: Text content or sanitize
+    element.textContent = userInput
+    // or: DOMPurify.sanitize(userInput)'
+- id: CWE-787
+  name: Out-of-bounds Write
+  severity: CRITICAL
+  category: Memory
+  rank_2024: '2'
+  description: 'Writing data past buffer end. #2 in 2024 (was #1)'
+  detection_pattern: (strcpy|strcat|sprintf|gets\\()
+  fix_pattern: 'Use safe functions: strncpy, snprintf, fgets with size limits'
+  languages:
+  - c
+  - cpp
+  example_vuln: '// BAD: Buffer overflow
+    char buf[10]; strcpy(buf, userInput);'
+  example_fix: '// GOOD: Bounded copy
+    char buf[10]; strncpy(buf, userInput, sizeof(buf)-1); buf[sizeof(buf)-1] = ''\\0'';'
+- id: CWE-89
+  name: SQL Injection
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '3'
+  description: Constructing SQL queries from untrusted input without parameterization.
+  detection_pattern: (query.*\\+|execute.*\\+|SELECT.*\\$\\{)
+  fix_pattern: Parameterized queries, ORM, prepared statements
+  languages: all
+  example_vuln: '// BAD: String concatenation
+    db.query(`SELECT * FROM users WHERE name = ''${name}''`)'
+  example_fix: '// GOOD: Prepared statement
+    db.query(''SELECT * FROM users WHERE name = ?'', [name])'
+- id: CWE-352
+  name: Cross-Site Request Forgery (CSRF)
+  severity: HIGH
+  category: Session
+  rank_2024: '4'
+  description: Forging requests from authenticated users. Jumped 5 positions in 2024.
+  detection_pattern: (form.*method.*post|fetch\\(.*method.*POST)
+  fix_pattern: CSRF tokens, SameSite cookies, double-submit cookies
+  languages: all
+  example_vuln: '// BAD: No CSRF protection
+    <form method=''POST'' action=''/transfer''>'
+  example_fix: '// GOOD: CSRF token
+    <input type=''hidden'' name=''csrf'' value=''{{token}}''>'
+- id: CWE-22
+  name: Path Traversal
+  severity: HIGH
+  category: Injection
+  rank_2024: '5'
+  description: 'Using user input to access files outside intended directory. Moved to #5.'
+  detection_pattern: (readFile\\(|open\\(|include\\().*req\\.(params|query|body)
+  fix_pattern: Path normalization, jail to base directory, allowlisting
+  languages: all
+  example_vuln: '// BAD: Path traversal
+    fs.readFile(''/uploads/'' + req.query.file)'
+  example_fix: '// GOOD: Path normalization
+    const safePath = path.resolve(''/uploads'', path.basename(req.query.file))'
+- id: CWE-125
+  name: Out-of-bounds Read
+  severity: HIGH
+  category: Memory
+  rank_2024: '6'
+  description: Reading data beyond buffer boundaries (information leak).
+  detection_pattern: (buffer\\[|array\\[|ptr\\+)
+  fix_pattern: Bounds checking, safe iterators, span/slice types
+  languages:
+  - c
+  - cpp
+  - rust
+  example_vuln: '// BAD: Array out of bounds
+    for(int i=0; i<=len; i++) buf[i]'
+  example_fix: '// GOOD: Proper bounds
+    for(int i=0; i<len; i++) buf[i]'
+- id: CWE-78
+  name: OS Command Injection
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '7'
+  description: Executing shell commands with untrusted input.
+  detection_pattern: (exec\\(|system\\(|popen\\(|shell_exec)
+  fix_pattern: Avoid shell, use safe APIs, input validation
+  languages: all
+  example_vuln: '// BAD: Shell command injection
+    exec(`rm -rf ${userPath}`)'
+  example_fix: '// GOOD: Use safe API
+    fs.rmSync(path.resolve(safeBaseDir, userPath), { recursive: true })'
+- id: CWE-416
+  name: Use After Free
+  severity: CRITICAL
+  category: Memory
+  rank_2024: '8'
+  description: Accessing memory after it has been freed.
+  detection_pattern: (free\\(.*\\)|delete\\s+|\\.release\\(\\))
+  fix_pattern: Smart pointers, RAII, null after free
+  languages:
+  - c
+  - cpp
+  - rust
+  example_vuln: '// BAD: Use after free
+    free(ptr); printf(''%s'', ptr);'
+  example_fix: '// GOOD: Null after free
+    free(ptr); ptr = NULL;'
+- id: CWE-862
+  name: Missing Authorization
+  severity: CRITICAL
+  category: AuthZ
+  rank_2024: '9'
+  description: Lack of proper checks to ensure users have necessary permissions.
+  detection_pattern: (app\\.(get|post|put|delete)\\()(?!.*authorize)
+  fix_pattern: Authorization middleware, RBAC/ABAC, deny by default
+  languages: all
+  example_vuln: '// BAD: No authz check
+    app.get(''/admin/users'', getUsers)'
+  example_fix: '// GOOD: Authorization middleware
+    app.get(''/admin/users'', requireRole(''admin''), getUsers)'
+- id: CWE-434
+  name: Unrestricted File Upload
+  severity: HIGH
+  category: Injection
+  rank_2024: '10'
+  description: Allowing upload of executable files or scripts.
+  detection_pattern: (file.*upload|multer|formidable)
+  fix_pattern: File type validation, rename files, store outside webroot
+  languages: all
+  example_vuln: '// BAD: No file type check
+    app.post(''/upload'', multer().single(''file''))'
+  example_fix: '// GOOD: Validate MIME and extension
+    if (!ALLOWED_TYPES.includes(file.mimetype)) throw new Error(''Invalid type'')'
+- id: CWE-94
+  name: Code Injection
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '11'
+  description: Injecting and executing arbitrary code. Jumped 12 positions in 2024!
+  detection_pattern: (eval\\(|new Function\\(|vm\\.runInContext)
+  fix_pattern: Avoid eval, use safe parsers, sandbox execution
+  languages: all
+  example_vuln: '// BAD: Code injection
+    eval(userInput)'
+  example_fix: '// GOOD: Safe alternative
+    JSON.parse(userInput) // for data parsing'
+- id: CWE-20
+  name: Improper Input Validation
+  severity: HIGH
+  category: Validation
+  rank_2024: '12'
+  description: Not validating user input for type, length, format, range.
+  detection_pattern: (parseInt\\(|Number\\(|JSON\\.parse\\()
+  fix_pattern: Schema validation (Zod, Joi), type checking, range validation
+  languages: all
+  example_vuln: '// BAD: No validation
+    const age = parseInt(req.body.age)'
+  example_fix: '// GOOD: Schema validation
+    const schema = z.object({ age: z.number().min(0).max(150) })'
+- id: CWE-77
+  name: Command Injection
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '13'
+  description: Improper neutralization of special elements in a command.
+  detection_pattern: (spawn\\(|execFile\\().*\\$
+  fix_pattern: Use arrays for args, avoid shell, sanitize input
+  languages: all
+  example_vuln: '// BAD: Command injection risk
+    spawn(''cmd'', `/c ${userInput}`)'
+  example_fix: '// GOOD: Separate args
+    spawn(''cmd'', [''/c'', sanitize(userInput)], { shell: false })'
+- id: CWE-287
+  name: Improper Authentication
+  severity: CRITICAL
+  category: AuthN
+  rank_2024: '14'
+  description: Incorrect or insufficient authentication mechanisms.
+  detection_pattern: (password.*==|token.*===)
+  fix_pattern: Use timing-safe comparison, secure session, MFA
+  languages: all
+  example_vuln: '// BAD: Timing attack vulnerable
+    if (token === storedToken)'
+  example_fix: '// GOOD: Timing-safe compare
+    crypto.timingSafeEqual(Buffer.from(token), Buffer.from(storedToken))'
+- id: CWE-269
+  name: Improper Privilege Management
+  severity: HIGH
+  category: AuthZ
+  rank_2024: '15'
+  description: Flaws in how privileges are assigned, managed, or enforced.
+  detection_pattern: (setRole|addPermission|elevate)
+  fix_pattern: Principle of least privilege, regular audits, separation of duties
+  languages: all
+  example_vuln: '// BAD: Overly broad permissions
+    user.role = ''superadmin'''
+  example_fix: '// GOOD: Minimal required permissions
+    user.permissions = [''read:own_data'', ''write:own_data'']'
+- id: CWE-502
+  name: Deserialization of Untrusted Data
+  severity: CRITICAL
+  category: Injection
+  rank_2024: '16'
+  description: Deserializing data from untrusted sources without validation.
+  detection_pattern: (pickle\\.load|unserialize|ObjectInputStream|JSON\\.parse\\(.*body)
+  fix_pattern: Avoid native deserialization, use JSON, validate schema
+  languages: all
+  example_vuln: '// BAD: Unsafe deserialization (Python)
+    pickle.loads(user_data)'
+  example_fix: '// GOOD: Safe JSON with schema
+    data = json.loads(user_data); validate(data, schema)'
+- id: CWE-200
+  name: Exposure of Sensitive Information
+  severity: MEDIUM
+  category: Disclosure
+  rank_2024: '17'
+  description: Sensitive data revealed to unauthorized actors.
+  detection_pattern: (console\\.log.*password|log.*secret|res\\.send.*error\\.stack)
+  fix_pattern: Sanitize logs, custom error pages, filter responses
+  languages: all
+  example_vuln: '// BAD: Expose stack trace
+    res.status(500).send(error.stack)'
+  example_fix: '// GOOD: Generic error
+    res.status(500).json({ error: ''Internal server error'' })'
+- id: CWE-863
+  name: Incorrect Authorization
+  severity: HIGH
+  category: AuthZ
+  rank_2024: '18'
+  description: Authorization performed incorrectly, leading to unauthorized access.
+  detection_pattern: (if.*role.*!=|unless.*admin)
+  fix_pattern: Centralized authz, policy-based access, audit logs
+  languages: all
+  example_vuln: '// BAD: Inverted logic
+    if (user.role != ''admin'') allowAccess()'
+  example_fix: '// GOOD: Explicit check
+    if (user.role === ''admin'') allowAccess()'
+- id: CWE-918
+  name: Server-Side Request Forgery (SSRF)
+  severity: HIGH
+  category: Injection
+  rank_2024: '19'
+  description: Server makes requests to attacker-controlled URLs.
+  detection_pattern: (fetch\\(|axios\\.|request\\().*user
+  fix_pattern: URL allowlisting, disable redirects, network segmentation
+  languages: all
+  example_vuln: '// BAD: Fetch user URL
+    fetch(req.query.url)'
+  example_fix: '// GOOD: Allowlist validation
+    if (!ALLOWED_HOSTS.includes(new URL(url).host)) throw new Error(''Blocked'')'
+- id: CWE-119
+  name: Memory Buffer Bounds
+  severity: CRITICAL
+  category: Memory
+  rank_2024: '20'
+  description: Operations that read/write outside intended memory buffer.
+  detection_pattern: (memcpy|memmove|buffer\\[.*\\+)
+  fix_pattern: Bounds checking, AddressSanitizer, safe functions
+  languages:
+  - c
+  - cpp
+  example_vuln: '// BAD: No bounds check
+    memcpy(dest, src, len)'
+  example_fix: '// GOOD: Check bounds first
+    if (len <= sizeof(dest)) memcpy(dest, src, len)'
+- id: CWE-476
+  name: NULL Pointer Dereference
+  severity: HIGH
+  category: Memory
+  rank_2024: '21'
+  description: Program attempts to use a pointer that has NULL value.
+  detection_pattern: (->|\\*ptr)(?!.*if.*null)
+  fix_pattern: Null checks, Optional types, smart pointers
+  languages:
+  - c
+  - cpp
+  - java
+  example_vuln: '// BAD: No null check
+    printf(''%s'', ptr->name);'
+  example_fix: '// GOOD: Check first
+    if (ptr != NULL) printf(''%s'', ptr->name);'
+- id: CWE-798
+  name: Hard-coded Credentials
+  severity: CRITICAL
+  category: Secrets
+  rank_2024: '22'
+  description: Embedding credentials directly into code.
+  detection_pattern: (password.*=.*['\]|apiKey.*=.*['\"]|secret.*=.*['\"])"
+  fix_pattern: Environment variables, secrets manager, rotation
+  languages: all
+  example_vuln: '// BAD: Hardcoded secret
+    const API_KEY = ''sk-1234567890'''
+  example_fix: '// GOOD: Environment variable
+    const API_KEY = process.env.API_KEY'
+- id: CWE-190
+  name: Integer Overflow
+  severity: HIGH
+  category: Math
+  rank_2024: '23'
+  description: Arithmetic creates value larger than max representable.
+  detection_pattern: (\\+\\+|\\+=|\\*=)(?!.*overflow)
+  fix_pattern: Safe math libraries, range checks, big integers
+  languages:
+  - c
+  - cpp
+  - java
+  example_vuln: '// BAD: Potential overflow
+    int total = a + b;'
+  example_fix: '// GOOD: Check overflow
+    if (a > INT_MAX - b) throw new Error(''Overflow'');'
+- id: CWE-400
+  name: Uncontrolled Resource Consumption
+  severity: MEDIUM
+  category: DoS
+  rank_2024: '24'
+  description: Consuming excessive system resources (DoS).
+  detection_pattern: (while.*true|for.*;;|setTimeout.*0)
+  fix_pattern: Rate limiting, timeouts, resource quotas
+  languages: all
+  example_vuln: '// BAD: Unbounded recursion
+    function loop() { loop(); }'
+  example_fix: '// GOOD: With limit
+    function loop(depth = 0) { if (depth > 100) return; loop(depth + 1); }'
+- id: CWE-306
+  name: Missing Authentication
+  severity: CRITICAL
+  category: AuthN
+  rank_2024: '25'
+  description: Critical function lacks proper authentication.
+  detection_pattern: (app\\.(get|post|put|delete)\\()(?!.*auth)
+  fix_pattern: Auth middleware on all protected routes
+  languages: all
+  example_vuln: '// BAD: No auth
+    app.delete(''/api/users/:id'', deleteUser)'
+  example_fix: '// GOOD: Auth middleware
+    app.delete(''/api/users/:id'', requireAuth, deleteUser)'

package/.agent/skills/core/security/data/language-specific/c-security.yaml ADDED Viewed

@@ -0,0 +1,295 @@
+metadata:
+  skill: security
+  domain: c_security
+  version: 6.2.0
+  updated: '2026-02-05'
+  migrated_from: c-security.csv
+  patterns_count: 25
+  columns:
+  - id
+  - name
+  - severity
+  - category
+  - description
+  - detection_pattern
+  - fix_pattern
+  - cwe
+  - cve_reference
+  - example_vuln
+  - example_fix
+patterns:
+- id: C-01
+  name: Stack Buffer Overflow
+  severity: CRITICAL
+  category: Memory
+  description: Buffer on stack overwritten via user input leading to RCE
+  detection_pattern: (strcpy|sprintf|gets|scanf)\\((?!.*n)
+  fix_pattern: Use strncpy snprintf fgets scanf with width specifier
+  cwe: CWE-121
+  cve_reference: CVE-2025-0282
+  example_vuln: char buf[64]; strcpy(buf, user_input);
+  example_fix: char buf[64]; strncpy(buf, user_input, sizeof(buf)-1); buf[63] = '\\0';
+- id: C-02
+  name: Heap Buffer Overflow
+  severity: CRITICAL
+  category: Memory
+  description: Buffer on heap overwritten allowing heap corruption RCE
+  detection_pattern: (malloc|realloc).*memcpy(?!.*size_check)
+  fix_pattern: Validate size before memcpy use bounded functions
+  cwe: CWE-122
+  cve_reference: CVE-2025-47436
+  example_vuln: char *buf = malloc(64); memcpy(buf, data, data_len);
+  example_fix: if (data_len > 64) return -1; memcpy(buf, data, data_len);
+- id: C-03
+  name: Format String Vulnerability
+  severity: CRITICAL
+  category: Injection
+  description: User input passed directly to printf allows arbitrary read/write
+  detection_pattern: (printf|fprintf|sprintf|syslog)\\(.*input(?!.*%)
+  fix_pattern: Use format specifier never pass user input directly
+  cwe: CWE-134
+  cve_reference: n/a
+  example_vuln: printf(user_input);
+  example_fix: printf(\%s\"
+- id: C-04
+  name: Integer Overflow
+  severity: HIGH
+  category: Math
+  description: Integer arithmetic without overflow check leads to small buffer
+  detection_pattern: (malloc|realloc)\\(.*\\*(?!.*overflow|check)
+  fix_pattern: Check for overflow before arithmetic use safe_mul
+  cwe: CWE-190
+  cve_reference: CVE-2024-7025
+  example_vuln: size_t size = width * height; char *buf = malloc(size);
+  example_fix: if (width > SIZE_MAX/height) return -1; size_t size = width * height;
+- id: C-05
+  name: Off-by-One Error
+  severity: HIGH
+  category: Memory
+  description: Loop boundary error allows one byte overflow
+  detection_pattern: for.*\\<.*=.*len|while.*\\<=.*size
+  fix_pattern: Use strict < comparison verify buffer bounds
+  cwe: CWE-193
+  cve_reference: n/a
+  example_vuln: for (int i = 0; i <= len; i++) buf[i] = src[i];
+  example_fix: for (int i = 0; i < len; i++) buf[i] = src[i];
+- id: C-06
+  name: Use After Free
+  severity: CRITICAL
+  category: Memory
+  description: Memory accessed after free causing crash or code execution
+  detection_pattern: free\\(.*\\).*\\n.*(?!.*=.*NULL)
+  fix_pattern: Set pointer to NULL after free check before use
+  cwe: CWE-416
+  cve_reference: n/a
+  example_vuln: free(ptr); process(ptr);
+  example_fix: free(ptr); ptr = NULL; if (ptr) process(ptr);
+- id: C-07
+  name: Double Free
+  severity: CRITICAL
+  category: Memory
+  description: Memory freed twice causing heap corruption
+  detection_pattern: free\\(.*\\).*\\n.*free\\(.*same_ptr)
+  fix_pattern: Set pointer to NULL after free track allocation state
+  cwe: CWE-415
+  cve_reference: n/a
+  example_vuln: free(ptr); free(ptr);
+  example_fix: free(ptr); ptr = NULL;
+- id: C-08
+  name: Null Pointer Dereference
+  severity: HIGH
+  category: Memory
+  description: Pointer dereferenced without null check
+  detection_pattern: \*\\w+(?!.*if.*!=.*NULL|!=.*NULL)
+  fix_pattern: Check pointer for NULL before dereference
+  cwe: CWE-476
+  cve_reference: n/a
+  example_vuln: return *data;
+  example_fix: if (data == NULL) return -1; return *data;
+- id: C-09
+  name: Command Injection system
+  severity: CRITICAL
+  category: Injection
+  description: system() with user input allows command execution
+  detection_pattern: system\\(.*input|popen\\(.*user
+  fix_pattern: Use execve with argument array avoid shell
+  cwe: CWE-78
+  cve_reference: n/a
+  example_vuln: system(\cat \" + filename);"
+  example_fix: execl(\/bin/cat\"
+- id: C-10
+  name: Path Traversal
+  severity: HIGH
+  category: File
+  description: User file path without validation allows directory escape
+  detection_pattern: fopen\\(.*input(?!.*realpath|canonical)
+  fix_pattern: Use realpath validate path is within allowed directory
+  cwe: CWE-22
+  cve_reference: n/a
+  example_vuln: fopen(user_path, \r\");"
+  example_fix: char *real = realpath(user_path, NULL); if (strncmp(real, base, strlen(base)) != 0) return -1;
+- id: C-11
+  name: Uninitialized Variable
+  severity: HIGH
+  category: Memory
+  description: Variable used before initialization contains garbage
+  detection_pattern: (int|char|void\\*)\\s+\\w+;\\s*(?!.*=).*use
+  fix_pattern: Initialize all variables at declaration
+  cwe: CWE-457
+  cve_reference: n/a
+  example_vuln: int count; if (flag) count = 10; return count;
+  example_fix: int count = 0; if (flag) count = 10; return count;
+- id: C-12
+  name: Race Condition File
+  severity: HIGH
+  category: Concurrency
+  description: TOCTOU race between check and use of file
+  detection_pattern: access\\(.*\\).*open\\(|stat\\(.*\\).*fopen
+  fix_pattern: Use atomic operations fopen directly with flags
+  cwe: CWE-367
+  cve_reference: n/a
+  example_vuln: if (access(file, R_OK) == 0) fopen(file, \r\");"
+  example_fix: FILE *f = fopen(file, \r\"); if (f == NULL) return -1;"
+- id: C-13
+  name: Insecure Temporary File
+  severity: HIGH
+  category: File
+  description: mktemp creates predictable temporary file names
+  detection_pattern: mktemp\\((?!.*mkstemp)
+  fix_pattern: Use mkstemp or tmpfile for secure temp files
+  cwe: CWE-377
+  cve_reference: n/a
+  example_vuln: char *tmp = mktemp(template); fopen(tmp, \w\");"
+  example_fix: int fd = mkstemp(template); FILE *f = fdopen(fd, \w\");"
+- id: C-14
+  name: Memory Leak
+  severity: MEDIUM
+  category: Memory
+  description: Allocated memory never freed causing resource exhaustion
+  detection_pattern: malloc|calloc(?!.*free)
+  fix_pattern: Ensure every malloc has corresponding free use RAII patterns
+  cwe: CWE-401
+  cve_reference: n/a
+  example_vuln: char *buf = malloc(1024); return result;
+  example_fix: char *buf = malloc(1024); /* ... */ free(buf); return result;
+- id: C-15
+  name: Unbounded String Copy
+  severity: CRITICAL
+  category: Memory
+  description: String functions without length limit
+  detection_pattern: strncat.*sizeof(?!.*-1)|strcat\\(
+  fix_pattern: Use strncat with proper size accounting for null terminator
+  cwe: CWE-120
+  cve_reference: n/a
+  example_vuln: strncat(dest, src, sizeof(dest));
+  example_fix: strncat(dest, src, sizeof(dest) - strlen(dest) - 1);
+- id: C-16
+  name: Signed Integer Overflow
+  severity: HIGH
+  category: Math
+  description: Signed integer overflow is undefined behavior
+  detection_pattern: (int|long).*\\+.*>.*MAX|signed.*overflow
+  fix_pattern: Use unsigned types or explicit overflow checks
+  cwe: CWE-190
+  cve_reference: n/a
+  example_vuln: int result = a + b; if (result < a) // Too late
+  example_fix: if (a > INT_MAX - b) return -1; int result = a + b;
+- id: C-17
+  name: Improper Array Index
+  severity: HIGH
+  category: Memory
+  description: Array accessed with unchecked index
+  detection_pattern: \\[.*input\\]|\\[.*user(?!.*check|bound)
+  fix_pattern: Validate array index against bounds before access
+  cwe: CWE-129
+  cve_reference: n/a
+  example_vuln: return array[user_index];
+  example_fix: if (user_index >= array_size) return -1; return array[user_index];
+- id: C-18
+  name: Signal Handler Race
+  severity: HIGH
+  category: Concurrency
+  description: Non-reentrant function called from signal handler
+  detection_pattern: signal.*handler.*printf|malloc.*signal_handler
+  fix_pattern: Use only async-signal-safe functions in handlers
+  cwe: CWE-364
+  cve_reference: n/a
+  example_vuln: void handler(int sig) { printf(\signal\"); }"
+  example_fix: void handler(int sig) { write(1, \signal\"
+- id: C-19
+  name: Weak Random Number
+  severity: HIGH
+  category: Crypto
+  description: rand() used for security-sensitive values
+  detection_pattern: rand\\(\\).*token|srand.*time(?!.*secure)
+  fix_pattern: Use CSPRNG like /dev/urandom or arc4random
+  cwe: CWE-330
+  cve_reference: n/a
+  example_vuln: int token = rand();
+  example_fix: arc4random_buf(token, sizeof(token));
+- id: C-20
+  name: Sensitive Data in Core
+  severity: HIGH
+  category: Information
+  description: Sensitive data may appear in core dumps
+  detection_pattern: password|secret.*malloc(?!.*mlock)
+  fix_pattern: Use mlock to prevent paging clear sensitive data
+  cwe: CWE-316
+  cve_reference: n/a
+  example_vuln: char *password = malloc(256);
+  example_fix: char *password = malloc(256); mlock(password, 256);
+- id: C-21
+  name: va_arg Type Mismatch
+  severity: CRITICAL
+  category: Memory
+  description: va_arg used with wrong type causing undefined behavior
+  detection_pattern: va_arg\\(.*,\\s*\\w+(?!.*promoted)
+  fix_pattern: Match va_arg type with actual argument type
+  cwe: CWE-119
+  cve_reference: n/a
+  example_vuln: int val = va_arg(args, short); // Wrong
+  example_fix: int val = va_arg(args, int); // short promotes to int
+- id: C-22
+  name: Uncontrolled Recursion
+  severity: MEDIUM
+  category: DoS
+  description: Recursive function without depth limit causes stack overflow
+  detection_pattern: \\w+\\(.*\\)\\s*\\{[^}]*\\w+\\((?!.*depth)
+  fix_pattern: Add depth parameter and limit max recursion depth
+  cwe: CWE-674
+  cve_reference: n/a
+  example_vuln: void parse(Node *n) { parse(n->child); }
+  example_fix: void parse(Node *n, int depth) { if (depth > MAX_DEPTH) return; parse(n->child, depth+1); }
+- id: C-23
+  name: Dangerous Function gets
+  severity: CRITICAL
+  category: Memory
+  description: gets() has no bounds checking now deprecated
+  detection_pattern: gets\\(
+  fix_pattern: Replace with fgets() which has size limit
+  cwe: CWE-242
+  cve_reference: n/a
+  example_vuln: gets(buffer);
+  example_fix: fgets(buffer, sizeof(buffer), stdin);
+- id: C-24
+  name: Missing Return Value Check
+  severity: HIGH
+  category: Error
+  description: malloc/realloc return value not checked for NULL
+  detection_pattern: (malloc|realloc)\\(.*\\)(?!.*if.*==.*NULL|!=.*NULL)
+  fix_pattern: Always check return value of memory allocation
+  cwe: CWE-252
+  cve_reference: n/a
+  example_vuln: char *p = malloc(size); *p = 'x';
+  example_fix: char *p = malloc(size); if (p == NULL) return -1; *p = 'x';
+- id: C-25
+  name: Insecure Permissions
+  severity: MEDIUM
+  category: File
+  description: File created with world-readable permissions
+  detection_pattern: open\\(.*0777|fopen(?!.*fchmod)
+  fix_pattern: Use restrictive permissions 0600 for sensitive files
+  cwe: CWE-732
+  cve_reference: n/a
+  example_vuln: open(file, O_CREAT, 0777);
+  example_fix: open(file, O_CREAT, 0600);