npm - @nockdev/awf - Versions diffs - 6.2.0 - Mend

@nockdev/awf 6.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

package/.agent/build.yaml +178 -0
package/.agent/config.yaml +235 -0
package/.agent/core/ACTIVE_MEMORY.yaml +344 -0
package/.agent/core/ARCH_REGISTRY.yaml +252 -0
package/.agent/core/AUDIT_POLICY.md +68 -0
package/.agent/core/BRANDING.yaml +185 -0
package/.agent/core/CACHE.md +59 -0
package/.agent/core/CHECKPOINT.yaml +153 -0
package/.agent/core/CLEANUP_ENGINE.yaml +326 -0
package/.agent/core/CODING_STYLES.yaml +346 -0
package/.agent/core/COMMANDS.md +93 -0
package/.agent/core/CONTEXT_INJECTOR.yaml +325 -0
package/.agent/core/CONTEXT_LOADER.yaml +323 -0
package/.agent/core/CONTEXT_OPTIMIZATION.yaml +286 -0
package/.agent/core/CONTEXT_PRIORITY.yaml +357 -0
package/.agent/core/CUSTOMIZE.md +138 -0
package/.agent/core/DATA_SAFETY.md +92 -0
package/.agent/core/FLOW_ENGINE.yaml +300 -0
package/.agent/core/GRAPH_MEMORY.yaml +420 -0
package/.agent/core/HSA.yaml +357 -0
package/.agent/core/HYBRID_ROUTER.yaml +346 -0
package/.agent/core/INTENT_DETECTION.yaml +384 -0
package/.agent/core/LIBRARY_REGISTRY.yaml +401 -0
package/.agent/core/MCP_TOOLS.yaml +414 -0
package/.agent/core/MEMORY_CONSOLIDATION.yaml +352 -0
package/.agent/core/MEMORY_ENGINE.yaml +353 -0
package/.agent/core/MEMORY_PATHS.yaml +79 -0
package/.agent/core/MEMORY_UTILS.yaml +212 -0
package/.agent/core/PATTERNS.yaml +319 -0
package/.agent/core/PERMISSIONS.md +100 -0
package/.agent/core/README.md +91 -0
package/.agent/core/REFLECTION_ENGINE.yaml +348 -0
package/.agent/core/ROUTER.yaml +424 -0
package/.agent/core/SCORING_FORMULA.yaml +103 -0
package/.agent/core/SEMANTIC_ENGINE.yaml +162 -0
package/.agent/core/SKILLS_FLOW.yaml +341 -0
package/.agent/core/SKILL_SCHEMA.yaml +266 -0
package/.agent/core/STATE_MACHINE.yaml +409 -0
package/.agent/core/SUMMARIZATION_ENGINE.yaml +258 -0
package/.agent/core/TEMPLATES.yaml +364 -0
package/.agent/core/TOKEN_BUDGETS.yaml +157 -0
package/.agent/core/TOKEN_LOADING.yaml +197 -0
package/.agent/core/TOKEN_SUMMARY.yaml +121 -0
package/.agent/core/VERSION.yaml +240 -0
package/.agent/core/embeddings.json +2004 -0
package/.agent/core/session_cache.json +50 -0
package/.agent/i18n/README.md +30 -0
package/.agent/i18n/en.yaml +302 -0
package/.agent/i18n/vi.yaml +302 -0
package/.agent/ide/README.md +47 -0
package/.agent/ide/amazonq.json +35 -0
package/.agent/ide/amp.json +35 -0
package/.agent/ide/antigravity.json +47 -0
package/.agent/ide/augment.json +35 -0
package/.agent/ide/claude.json +42 -0
package/.agent/ide/cline.json +34 -0
package/.agent/ide/codex.json +37 -0
package/.agent/ide/cody.json +35 -0
package/.agent/ide/continue.json +35 -0
package/.agent/ide/cursor.json +42 -0
package/.agent/ide/gemini.json +46 -0
package/.agent/ide/jetbrains.json +35 -0
package/.agent/ide/kiro.json +35 -0
package/.agent/ide/opencode.json +35 -0
package/.agent/ide/roo.json +35 -0
package/.agent/ide/tabnine.json +35 -0
package/.agent/ide/trae.json +35 -0
package/.agent/ide/vscode.json +34 -0
package/.agent/ide/windsurf.json +56 -0
package/.agent/ide/zed.json +36 -0
package/.agent/manifest.yaml +416 -0
package/.agent/memory/README.md +148 -0
package/.agent/memory/active_memories.json +35 -0
package/.agent/memory/archive/.gitkeep +0 -0
package/.agent/memory/audit_summary.json +58 -0
package/.agent/memory/cleanup_log.json +34 -0
package/.agent/memory/consolidated.md +75 -0
package/.agent/memory/core_memory/persona.json +30 -0
package/.agent/memory/core_memory/project.json +25 -0
package/.agent/memory/core_memory/rules.json +29 -0
package/.agent/memory/core_memory/user.json +24 -0
package/.agent/memory/decisions.md +40 -0
package/.agent/memory/graph/knowledge_graph.json +12 -0
package/.agent/memory/insights.md +52 -0
package/.agent/memory/metrics.json +48 -0
package/.agent/memory/patterns/errors.json +11 -0
package/.agent/memory/patterns/successes.json +10 -0
package/.agent/memory/session.md +64 -0
package/.agent/memory/session_rules.json +19 -0
package/.agent/memory/state.json +81 -0
package/.agent/memory/vectors/README.md +129 -0
package/.agent/personas/README.md +180 -0
package/.agent/personas/architect.md +186 -0
package/.agent/personas/auditor.md +222 -0
package/.agent/personas/debugger.md +210 -0
package/.agent/personas/developer.md +183 -0
package/.agent/personas/devops.md +268 -0
package/.agent/personas/documenter.md +262 -0
package/.agent/personas/orchestrator.md +240 -0
package/.agent/personas/persona.schema.yaml +209 -0
package/.agent/personas/planner.md +171 -0
package/.agent/personas/researcher.md +194 -0
package/.agent/personas/security.md +212 -0
package/.agent/personas/tester.md +247 -0
package/.agent/rules/README.md +231 -0
package/.agent/rules/SACRED_RULES.xml +142 -0
package/.agent/rules/constitutional/tier-0-core.yaml +182 -0
package/.agent/rules/constitutional/tier-1-safety.yaml +272 -0
package/.agent/rules/constitutional/tier-2-execution.yaml +294 -0
package/.agent/rules/data/build-systems.yaml +126 -0
package/.agent/rules/data/quality-standards.json +59 -0
package/.agent/rules/duplication-prevention.md +138 -0
package/.agent/rules/incremental-changes.md +146 -0
package/.agent/rules/modules/context-management.yaml +158 -0
package/.agent/rules/modules/edit-verification.yaml +197 -0
package/.agent/rules/modules/evidence.yaml +185 -0
package/.agent/rules/modules/git-workflow.yaml +165 -0
package/.agent/rules/modules/language.yaml +155 -0
package/.agent/rules/modules/online-research.yaml +192 -0
package/.agent/rules/modules/quality.yaml +185 -0
package/.agent/rules/modules/reflection.yaml +209 -0
package/.agent/rules/modules/stop-conditions.yaml +196 -0
package/.agent/rules/modules/terminal-safety.yaml +229 -0
package/.agent/rules/modules/versioning.yaml +97 -0
package/.agent/rules/modules/yagni.yaml +167 -0
package/.agent/rules/project-detection.md +317 -0
package/.agent/rules/prompt-injection-guard.md +260 -0
package/.agent/rules/shell-commands.md +210 -0
package/.agent/rules/validation-framework.md +189 -0
package/.agent/skills/DEVELOPMENT.yaml +226 -0
package/.agent/skills/README.md +69 -0
package/.agent/skills/_categories.yaml +145 -0
package/.agent/skills/_router.yaml +232 -0
package/.agent/skills/core/_index.yaml +12 -0
package/.agent/skills/core/api-design/META.yaml +64 -0
package/.agent/skills/core/api-design/SKILL.md +169 -0
package/.agent/skills/core/api-design/data/api-versioning.yaml +217 -0
package/.agent/skills/core/api-design/data/error-responses.yaml +135 -0
package/.agent/skills/core/api-design/data/graphql-patterns.yaml +165 -0
package/.agent/skills/core/api-design/data/grpc-patterns.yaml +165 -0
package/.agent/skills/core/api-design/data/http-status-codes.yaml +176 -0
package/.agent/skills/core/api-design/data/pagination.yaml +121 -0
package/.agent/skills/core/api-design/data/rate-limiting.yaml +135 -0
package/.agent/skills/core/api-design/data/rest-patterns.yaml +195 -0
package/.agent/skills/core/api-design/data/test-apis.yaml +217 -0
package/.agent/skills/core/authentication/META.yaml +73 -0
package/.agent/skills/core/authentication/SKILL.md +166 -0
package/.agent/skills/core/authentication/data/anti-patterns.yaml +135 -0
package/.agent/skills/core/authentication/data/core-patterns.yaml +256 -0
package/.agent/skills/core/authentication/data/jwt-patterns.yaml +255 -0
package/.agent/skills/core/authentication/data/language-csharp.yaml +215 -0
package/.agent/skills/core/authentication/data/language-go.yaml +215 -0
package/.agent/skills/core/authentication/data/language-java.yaml +215 -0
package/.agent/skills/core/authentication/data/language-mobile.yaml +215 -0
package/.agent/skills/core/authentication/data/language-python.yaml +215 -0
package/.agent/skills/core/authentication/data/language-rust.yaml +215 -0
package/.agent/skills/core/authentication/data/language-typescript.yaml +215 -0
package/.agent/skills/core/authentication/data/mfa-patterns.yaml +175 -0
package/.agent/skills/core/authentication/data/oauth-patterns.yaml +255 -0
package/.agent/skills/core/authentication/data/oauth.yaml +248 -0
package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +215 -0
package/.agent/skills/core/authentication/data/passkeys.yaml +208 -0
package/.agent/skills/core/authentication/data/password-patterns.yaml +175 -0
package/.agent/skills/core/authentication/data/password.yaml +168 -0
package/.agent/skills/core/authentication/data/session-patterns.yaml +215 -0
package/.agent/skills/core/error-handling/META.yaml +71 -0
package/.agent/skills/core/error-handling/SKILL.md +156 -0
package/.agent/skills/core/error-handling/data/anti-patterns.yaml +105 -0
package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +135 -0
package/.agent/skills/core/error-handling/data/core-patterns.yaml +226 -0
package/.agent/skills/core/error-handling/data/error-codes.yaml +165 -0
package/.agent/skills/core/error-handling/data/error-messages.yaml +165 -0
package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-go-rust.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-python-java.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +226 -0
package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +226 -0
package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +191 -0
package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +135 -0
package/.agent/skills/core/logging/META.yaml +73 -0
package/.agent/skills/core/logging/SKILL.md +184 -0
package/.agent/skills/core/logging/data/aggregation-patterns.yaml +191 -0
package/.agent/skills/core/logging/data/anti-patterns.yaml +121 -0
package/.agent/skills/core/logging/data/core-patterns.yaml +226 -0
package/.agent/skills/core/logging/data/language-csharp.yaml +191 -0
package/.agent/skills/core/logging/data/language-go.yaml +191 -0
package/.agent/skills/core/logging/data/language-java.yaml +191 -0
package/.agent/skills/core/logging/data/language-kotlin.yaml +156 -0
package/.agent/skills/core/logging/data/language-others.yaml +184 -0
package/.agent/skills/core/logging/data/language-python.yaml +191 -0
package/.agent/skills/core/logging/data/language-rust.yaml +191 -0
package/.agent/skills/core/logging/data/language-swift.yaml +156 -0
package/.agent/skills/core/logging/data/language-typescript.yaml +191 -0
package/.agent/skills/core/logging/data/otel-logging.yaml +156 -0
package/.agent/skills/core/observability/META.yaml +76 -0
package/.agent/skills/core/observability/SKILL.md +153 -0
package/.agent/skills/core/observability/data/alerting-patterns.yaml +165 -0
package/.agent/skills/core/observability/data/anti-patterns.yaml +105 -0
package/.agent/skills/core/observability/data/core-patterns.yaml +195 -0
package/.agent/skills/core/observability/data/language-cpp.yaml +165 -0
package/.agent/skills/core/observability/data/language-csharp.yaml +165 -0
package/.agent/skills/core/observability/data/language-go.yaml +165 -0
package/.agent/skills/core/observability/data/language-java.yaml +165 -0
package/.agent/skills/core/observability/data/language-others.yaml +255 -0
package/.agent/skills/core/observability/data/language-python.yaml +165 -0
package/.agent/skills/core/observability/data/language-rust.yaml +165 -0
package/.agent/skills/core/observability/data/language-typescript.yaml +165 -0
package/.agent/skills/core/observability/data/metrics-patterns.yaml +135 -0
package/.agent/skills/core/observability/data/metrics-prometheus.yaml +165 -0
package/.agent/skills/core/observability/data/otel-core.yaml +195 -0
package/.agent/skills/core/observability/data/profiling-patterns.yaml +135 -0
package/.agent/skills/core/observability/data/tracing-patterns.yaml +165 -0
package/.agent/skills/core/observability/data/tracing-tools.yaml +135 -0
package/.agent/skills/core/security/ADVANCED.md +269 -0
package/.agent/skills/core/security/META.yaml +97 -0
package/.agent/skills/core/security/SKILL.md +234 -0
package/.agent/skills/core/security/data/ai-ml-security.yaml +261 -0
package/.agent/skills/core/security/data/api-security.yaml +230 -0
package/.agent/skills/core/security/data/auth-patterns.yaml +195 -0
package/.agent/skills/core/security/data/binary-exploitation.yaml +339 -0
package/.agent/skills/core/security/data/cloud-security.yaml +269 -0
package/.agent/skills/core/security/data/cwe-top25.yaml +415 -0
package/.agent/skills/core/security/data/language-specific/c-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/go-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/java-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/php-security.yaml +219 -0
package/.agent/skills/core/security/data/language-specific/python-security.yaml +295 -0
package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/rust-security.yaml +240 -0
package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +369 -0
package/.agent/skills/core/security/data/language-specific/swift-security.yaml +198 -0
package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +295 -0
package/.agent/skills/core/security/data/mobile-security.yaml +369 -0
package/.agent/skills/core/security/data/network-security.yaml +297 -0
package/.agent/skills/core/security/data/owasp-top10.yaml +171 -0
package/.agent/skills/core/security/data/reverse-engineering.yaml +497 -0
package/.agent/skills/core/security/data/supply-chain.yaml +219 -0
package/.agent/skills/cross-cutting/_index.yaml +15 -0
package/.agent/skills/cross-cutting/audit-pro/META.yaml +43 -0
package/.agent/skills/cross-cutting/audit-pro/data/checklists.yaml +644 -0
package/.agent/skills/cross-cutting/audit-pro/data/scoring.yaml +101 -0
package/.agent/skills/cross-cutting/aws/META.yaml +75 -0
package/.agent/skills/cross-cutting/aws/data/ai_ml.yaml +194 -0
package/.agent/skills/cross-cutting/aws/data/compute.yaml +191 -0
package/.agent/skills/cross-cutting/aws/data/kubernetes.yaml +199 -0
package/.agent/skills/cross-cutting/aws/data/storage.yaml +174 -0
package/.agent/skills/cross-cutting/bun/META.yaml +58 -0
package/.agent/skills/cross-cutting/bun/SKILL.md +357 -0
package/.agent/skills/cross-cutting/bun/data/database.yaml +85 -0
package/.agent/skills/cross-cutting/bun/data/runtime.yaml +170 -0
package/.agent/skills/cross-cutting/bun/data/tooling.yaml +192 -0
package/.agent/skills/cross-cutting/ci-cd/META.yaml +60 -0
package/.agent/skills/cross-cutting/ci-cd/data/github_actions.yaml +248 -0
package/.agent/skills/cross-cutting/ci-cd/data/security.yaml +211 -0
package/.agent/skills/cross-cutting/coding-rules/META.yaml +61 -0
package/.agent/skills/cross-cutting/coding-rules/SKILL.md +171 -0
package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +96 -0
package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +346 -0
package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +647 -0
package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +108 -0
package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +260 -0
package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +344 -0
package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +108 -0
package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +320 -0
package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +164 -0
package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +80 -0
package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +183 -0
package/.agent/skills/cross-cutting/database/ADVANCED.md +465 -0
package/.agent/skills/cross-cutting/database/META.yaml +22 -0
package/.agent/skills/cross-cutting/database/SKILL.md +816 -0
package/.agent/skills/cross-cutting/database/data/anti_patterns.yaml +116 -0
package/.agent/skills/cross-cutting/database/data/distributed.yaml +152 -0
package/.agent/skills/cross-cutting/database/data/mongodb.yaml +132 -0
package/.agent/skills/cross-cutting/database/data/mysql.yaml +130 -0
package/.agent/skills/cross-cutting/database/data/orm.yaml +104 -0
package/.agent/skills/cross-cutting/database/data/postgresql.yaml +170 -0
package/.agent/skills/cross-cutting/database/data/redis.yaml +129 -0
package/.agent/skills/cross-cutting/deno/META.yaml +68 -0
package/.agent/skills/cross-cutting/deno/SKILL.md +343 -0
package/.agent/skills/cross-cutting/deno/data/runtime.yaml +260 -0
package/.agent/skills/cross-cutting/deno/data/security.yaml +168 -0
package/.agent/skills/cross-cutting/deno/data/tooling.yaml +133 -0
package/.agent/skills/cross-cutting/docker/META.yaml +65 -0
package/.agent/skills/cross-cutting/docker/data/build.yaml +197 -0
package/.agent/skills/cross-cutting/docker/data/compose.yaml +229 -0
package/.agent/skills/cross-cutting/docker/data/security.yaml +164 -0
package/.agent/skills/cross-cutting/electron/META.yaml +174 -0
package/.agent/skills/cross-cutting/electron/SKILL.md +862 -0
package/.agent/skills/cross-cutting/electron/data/build.yaml +105 -0
package/.agent/skills/cross-cutting/electron/data/crash.yaml +103 -0
package/.agent/skills/cross-cutting/electron/data/ipc.yaml +85 -0
package/.agent/skills/cross-cutting/electron/data/native.yaml +157 -0
package/.agent/skills/cross-cutting/electron/data/security.yaml +89 -0
package/.agent/skills/cross-cutting/electron/data/storage.yaml +100 -0
package/.agent/skills/cross-cutting/electron/data/testing.yaml +103 -0
package/.agent/skills/cross-cutting/electron/data/updates.yaml +99 -0
package/.agent/skills/cross-cutting/electron/data/window.yaml +83 -0
package/.agent/skills/cross-cutting/kubernetes/META.yaml +70 -0
package/.agent/skills/cross-cutting/kubernetes/data/networking.yaml +270 -0
package/.agent/skills/cross-cutting/kubernetes/data/scheduling.yaml +267 -0
package/.agent/skills/cross-cutting/kubernetes/data/security.yaml +253 -0
package/.agent/skills/cross-cutting/kubernetes/data/workloads.yaml +251 -0
package/.agent/skills/cross-cutting/sql/META.yaml +88 -0
package/.agent/skills/cross-cutting/sql/SKILL.md +296 -0
package/.agent/skills/cross-cutting/sql/data/indexing.yaml +147 -0
package/.agent/skills/cross-cutting/sql/data/json.yaml +156 -0
package/.agent/skills/cross-cutting/sql/data/performance.yaml +204 -0
package/.agent/skills/cross-cutting/sql/data/queries.yaml +150 -0
package/.agent/skills/cross-cutting/tailwind/META.yaml +72 -0
package/.agent/skills/cross-cutting/tailwind/SKILL.md +344 -0
package/.agent/skills/cross-cutting/tailwind/data/build.yaml +143 -0
package/.agent/skills/cross-cutting/tailwind/data/config.yaml +109 -0
package/.agent/skills/cross-cutting/tailwind/data/migration.yaml +149 -0
package/.agent/skills/cross-cutting/tailwind/data/responsive.yaml +148 -0
package/.agent/skills/cross-cutting/tailwind/data/states.yaml +152 -0
package/.agent/skills/cross-cutting/tailwind/data/theme.yaml +126 -0
package/.agent/skills/cross-cutting/tailwind/data/utilities.yaml +182 -0
package/.agent/skills/cross-cutting/tailwind/data/variants.yaml +154 -0
package/.agent/skills/cross-cutting/testing/ADVANCED.md +245 -0
package/.agent/skills/cross-cutting/testing/META.yaml +49 -0
package/.agent/skills/cross-cutting/testing/SKILL.md +263 -0
package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +300 -0
package/.agent/skills/cross-cutting/testing/data/patterns.yaml +168 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/META.yaml +108 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +565 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +331 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +1226 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +287 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +318 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +525 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +232 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +140 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-colors.yaml +467 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +75 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +918 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +107 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +372 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +195 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +177 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +1339 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +180 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +504 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +228 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +508 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +543 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +515 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +519 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +599 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +496 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +526 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +616 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +520 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +486 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +485 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +1473 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +647 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +1019 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +1009 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +347 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +393 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +303 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +496 -0
package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +76 -0
package/.agent/skills/cross-cutting/web-perf/META.yaml +92 -0
package/.agent/skills/cross-cutting/web-perf/SKILL.md +181 -0
package/.agent/skills/cross-cutting/web-perf/data/cls_optimization.yaml +189 -0
package/.agent/skills/cross-cutting/web-perf/data/core_web_vitals.yaml +282 -0
package/.agent/skills/cross-cutting/web-perf/data/inp_optimization.yaml +240 -0
package/.agent/skills/cross-cutting/web-perf/data/lcp_optimization.yaml +202 -0
package/.agent/skills/cross-cutting/web-perf/data/measurement.yaml +170 -0
package/.agent/skills/devops/_index.yaml +9 -0
package/.agent/skills/devops/aws/ADVANCED.md +547 -0
package/.agent/skills/devops/aws/META.yaml +84 -0
package/.agent/skills/devops/aws/SKILL.md +711 -0
package/.agent/skills/devops/ci-cd/ADVANCED.md +529 -0
package/.agent/skills/devops/ci-cd/META.yaml +21 -0
package/.agent/skills/devops/ci-cd/SKILL.md +821 -0
package/.agent/skills/devops/docker/ADVANCED.md +495 -0
package/.agent/skills/devops/docker/META.yaml +20 -0
package/.agent/skills/devops/docker/SKILL.md +653 -0
package/.agent/skills/devops/kubernetes/ADVANCED.md +252 -0
package/.agent/skills/devops/kubernetes/META.yaml +15 -0
package/.agent/skills/devops/kubernetes/SKILL.md +621 -0
package/.agent/skills/frameworks/_index.yaml +13 -0
package/.agent/skills/frameworks/angular/META.yaml +70 -0
package/.agent/skills/frameworks/angular/SKILL.md +319 -0
package/.agent/skills/frameworks/angular/data/core.yaml +209 -0
package/.agent/skills/frameworks/angular/data/performance.yaml +210 -0
package/.agent/skills/frameworks/angular/data/server.yaml +175 -0
package/.agent/skills/frameworks/flutter/ADVANCED.md +491 -0
package/.agent/skills/frameworks/flutter/META.yaml +64 -0
package/.agent/skills/frameworks/flutter/SKILL.md +541 -0
package/.agent/skills/frameworks/flutter/data/core.yaml +210 -0
package/.agent/skills/frameworks/flutter/data/platform.yaml +246 -0
package/.agent/skills/frameworks/flutter/data/state.yaml +250 -0
package/.agent/skills/frameworks/nextjs/ADVANCED.md +225 -0
package/.agent/skills/frameworks/nextjs/META.yaml +67 -0
package/.agent/skills/frameworks/nextjs/SKILL.md +593 -0
package/.agent/skills/frameworks/nextjs/data/caching.yaml +210 -0
package/.agent/skills/frameworks/nextjs/data/core.yaml +255 -0
package/.agent/skills/frameworks/nextjs/data/server.yaml +248 -0
package/.agent/skills/frameworks/nuxt/META.yaml +57 -0
package/.agent/skills/frameworks/nuxt/SKILL.md +283 -0
package/.agent/skills/frameworks/nuxt/data/core.yaml +309 -0
package/.agent/skills/frameworks/nuxt/data/server.yaml +271 -0
package/.agent/skills/frameworks/react/ADVANCED.md +676 -0
package/.agent/skills/frameworks/react/META.yaml +60 -0
package/.agent/skills/frameworks/react/SKILL.md +263 -0
package/.agent/skills/frameworks/react/data/core.yaml +278 -0
package/.agent/skills/frameworks/react/data/server.yaml +283 -0
package/.agent/skills/frameworks/react-native/META.yaml +59 -0
package/.agent/skills/frameworks/react-native/SKILL.md +301 -0
package/.agent/skills/frameworks/react-native/data/core.yaml +260 -0
package/.agent/skills/frameworks/react-native/data/platform.yaml +287 -0
package/.agent/skills/frameworks/svelte/META.yaml +62 -0
package/.agent/skills/frameworks/svelte/SKILL.md +398 -0
package/.agent/skills/frameworks/svelte/data/runes.yaml +239 -0
package/.agent/skills/frameworks/svelte/data/sveltekit.yaml +244 -0
package/.agent/skills/frameworks/vue/ADVANCED.md +214 -0
package/.agent/skills/frameworks/vue/META.yaml +58 -0
package/.agent/skills/frameworks/vue/SKILL.md +356 -0
package/.agent/skills/frameworks/vue/data/advanced.yaml +253 -0
package/.agent/skills/frameworks/vue/data/core.yaml +270 -0
package/.agent/skills/index.json +143 -0
package/.agent/skills/languages/_index.yaml +33 -0
package/.agent/skills/languages/asm/ADVANCED.md +750 -0
package/.agent/skills/languages/asm/META.yaml +84 -0
package/.agent/skills/languages/asm/SKILL.md +753 -0
package/.agent/skills/languages/asm/data/advanced.yaml +295 -0
package/.agent/skills/languages/asm/data/core.yaml +280 -0
package/.agent/skills/languages/c/ADVANCED.md +625 -0
package/.agent/skills/languages/c/META.yaml +58 -0
package/.agent/skills/languages/c/SKILL.md +748 -0
package/.agent/skills/languages/c/data/core.yaml +179 -0
package/.agent/skills/languages/c/data/embedded.yaml +251 -0
package/.agent/skills/languages/c/data/memory.yaml +253 -0
package/.agent/skills/languages/clojure/META.yaml +13 -0
package/.agent/skills/languages/clojure/SKILL.md +130 -0
package/.agent/skills/languages/clojure/data/core.yaml +326 -0
package/.agent/skills/languages/cpp/ADVANCED.md +457 -0
package/.agent/skills/languages/cpp/META.yaml +61 -0
package/.agent/skills/languages/cpp/SKILL.md +936 -0
package/.agent/skills/languages/cpp/data/core.yaml +304 -0
package/.agent/skills/languages/cpp/data/memory.yaml +247 -0
package/.agent/skills/languages/cpp/data/modern.yaml +334 -0
package/.agent/skills/languages/crystal/META.yaml +30 -0
package/.agent/skills/languages/crystal/SKILL.md +117 -0
package/.agent/skills/languages/crystal/data/async.yaml +264 -0
package/.agent/skills/languages/crystal/data/core.yaml +279 -0
package/.agent/skills/languages/csharp/ADVANCED.md +592 -0
package/.agent/skills/languages/csharp/META.yaml +23 -0
package/.agent/skills/languages/csharp/SKILL.md +620 -0
package/.agent/skills/languages/csharp/data/aspnet.yaml +448 -0
package/.agent/skills/languages/csharp/data/core.yaml +362 -0
package/.agent/skills/languages/elixir/META.yaml +18 -0
package/.agent/skills/languages/elixir/SKILL.md +368 -0
package/.agent/skills/languages/elixir/data/core.yaml +392 -0
package/.agent/skills/languages/fsharp/META.yaml +14 -0
package/.agent/skills/languages/fsharp/SKILL.md +113 -0
package/.agent/skills/languages/fsharp/data/core.yaml +396 -0
package/.agent/skills/languages/go/ADVANCED.md +260 -0
package/.agent/skills/languages/go/META.yaml +64 -0
package/.agent/skills/languages/go/SKILL.md +489 -0
package/.agent/skills/languages/go/data/concurrency.yaml +424 -0
package/.agent/skills/languages/go/data/core.yaml +399 -0
package/.agent/skills/languages/go/data/http.yaml +507 -0
package/.agent/skills/languages/haskell/META.yaml +18 -0
package/.agent/skills/languages/haskell/SKILL.md +305 -0
package/.agent/skills/languages/haskell/data/core.yaml +347 -0
package/.agent/skills/languages/java/ADVANCED.md +450 -0
package/.agent/skills/languages/java/META.yaml +89 -0
package/.agent/skills/languages/java/SKILL.md +495 -0
package/.agent/skills/languages/java/data/core.yaml +307 -0
package/.agent/skills/languages/java/data/spring.yaml +437 -0
package/.agent/skills/languages/javascript/ADVANCED.md +530 -0
package/.agent/skills/languages/javascript/META.yaml +105 -0
package/.agent/skills/languages/javascript/SKILL.md +455 -0
package/.agent/skills/languages/javascript/data/async.yaml +290 -0
package/.agent/skills/languages/javascript/data/core.yaml +380 -0
package/.agent/skills/languages/javascript/data/modern.yaml +269 -0
package/.agent/skills/languages/julia/META.yaml +13 -0
package/.agent/skills/languages/julia/SKILL.md +174 -0
package/.agent/skills/languages/julia/data/core.yaml +356 -0
package/.agent/skills/languages/kotlin/ADVANCED.md +539 -0
package/.agent/skills/languages/kotlin/META.yaml +24 -0
package/.agent/skills/languages/kotlin/SKILL.md +525 -0
package/.agent/skills/languages/kotlin/data/android.yaml +495 -0
package/.agent/skills/languages/kotlin/data/core.yaml +366 -0
package/.agent/skills/languages/lua/ADVANCED.md +257 -0
package/.agent/skills/languages/lua/META.yaml +58 -0
package/.agent/skills/languages/lua/SKILL.md +492 -0
package/.agent/skills/languages/lua/data/core.yaml +264 -0
package/.agent/skills/languages/lua/data/embedding.yaml +300 -0
package/.agent/skills/languages/nim/META.yaml +30 -0
package/.agent/skills/languages/nim/SKILL.md +116 -0
package/.agent/skills/languages/nim/data/async.yaml +257 -0
package/.agent/skills/languages/nim/data/core.yaml +241 -0
package/.agent/skills/languages/ocaml/META.yaml +13 -0
package/.agent/skills/languages/ocaml/SKILL.md +123 -0
package/.agent/skills/languages/ocaml/data/core.yaml +357 -0
package/.agent/skills/languages/perl/META.yaml +13 -0
package/.agent/skills/languages/perl/SKILL.md +115 -0
package/.agent/skills/languages/perl/data/core.yaml +360 -0
package/.agent/skills/languages/php/ADVANCED.md +199 -0
package/.agent/skills/languages/php/META.yaml +18 -0
package/.agent/skills/languages/php/SKILL.md +488 -0
package/.agent/skills/languages/php/data/core.yaml +392 -0
package/.agent/skills/languages/php/data/laravel.yaml +525 -0
package/.agent/skills/languages/python/ADVANCED.md +207 -0
package/.agent/skills/languages/python/META.yaml +91 -0
package/.agent/skills/languages/python/SKILL.md +495 -0
package/.agent/skills/languages/python/data/async.yaml +265 -0
package/.agent/skills/languages/python/data/core.yaml +259 -0
package/.agent/skills/languages/python/data/fastapi.yaml +296 -0
package/.agent/skills/languages/python/data/testing.yaml +226 -0
package/.agent/skills/languages/r/META.yaml +16 -0
package/.agent/skills/languages/r/SKILL.md +348 -0
package/.agent/skills/languages/r/data/core.yaml +355 -0
package/.agent/skills/languages/ruby/ADVANCED.md +381 -0
package/.agent/skills/languages/ruby/META.yaml +19 -0
package/.agent/skills/languages/ruby/SKILL.md +417 -0
package/.agent/skills/languages/ruby/data/core.yaml +448 -0
package/.agent/skills/languages/ruby/data/rails.yaml +415 -0
package/.agent/skills/languages/rust/ADVANCED.md +212 -0
package/.agent/skills/languages/rust/META.yaml +87 -0
package/.agent/skills/languages/rust/SKILL.md +377 -0
package/.agent/skills/languages/rust/data/async.yaml +404 -0
package/.agent/skills/languages/rust/data/axum.yaml +450 -0
package/.agent/skills/languages/rust/data/core.yaml +356 -0
package/.agent/skills/languages/scala/META.yaml +17 -0
package/.agent/skills/languages/scala/SKILL.md +202 -0
package/.agent/skills/languages/scala/data/core.yaml +349 -0
package/.agent/skills/languages/solidity/META.yaml +13 -0
package/.agent/skills/languages/solidity/SKILL.md +188 -0
package/.agent/skills/languages/solidity/data/core.yaml +528 -0
package/.agent/skills/languages/swift/ADVANCED.md +231 -0
package/.agent/skills/languages/swift/META.yaml +18 -0
package/.agent/skills/languages/swift/SKILL.md +342 -0
package/.agent/skills/languages/swift/data/core.yaml +489 -0
package/.agent/skills/languages/typescript/ADVANCED.md +186 -0
package/.agent/skills/languages/typescript/META.yaml +92 -0
package/.agent/skills/languages/typescript/SKILL.md +306 -0
package/.agent/skills/languages/typescript/data/async.yaml +397 -0
package/.agent/skills/languages/typescript/data/core.yaml +283 -0
package/.agent/skills/languages/typescript/data/validation.yaml +338 -0
package/.agent/skills/languages/zig/META.yaml +52 -0
package/.agent/skills/languages/zig/SKILL.md +354 -0
package/.agent/skills/languages/zig/data/async.yaml +314 -0
package/.agent/skills/languages/zig/data/core.yaml +302 -0
package/.agent/templates/README.md +42 -0
package/.agent/templates/audit-report.md +153 -0
package/.agent/templates/chains/debug/step1-reproduce.md +83 -0
package/.agent/templates/chains/debug/step2-isolate.md +73 -0
package/.agent/templates/chains/debug/step3-analyze.md +86 -0
package/.agent/templates/chains/debug/step4-fix.md +85 -0
package/.agent/templates/chains/debug/step5-verify.md +122 -0
package/.agent/templates/chains/implement/step1-plan.md +88 -0
package/.agent/templates/chains/implement/step2-code.md +87 -0
package/.agent/templates/chains/implement/step3-test.md +87 -0
package/.agent/templates/chains/implement/step4-doc.md +118 -0
package/.agent/templates/chains/review/step1-understand.md +74 -0
package/.agent/templates/chains/review/step2-analyze.md +110 -0
package/.agent/templates/chains/review/step3-fix.md +93 -0
package/.agent/templates/chains/review/step4-summary.md +104 -0
package/.agent/templates/debug-report.md +50 -0
package/.agent/templates/deploy-plan.md +54 -0
package/.agent/templates/doc-template.md +57 -0
package/.agent/templates/findings.md +122 -0
package/.agent/templates/index.yaml +239 -0
package/.agent/templates/migrate-plan.md +50 -0
package/.agent/templates/phase-template.md +72 -0
package/.agent/templates/project-plan.md +87 -0
package/.agent/templates/prompts/context_block.md +114 -0
package/.agent/templates/prompts/guardrails_block.md +116 -0
package/.agent/templates/prompts/persona_base.md +155 -0
package/.agent/templates/prompts/tools_block.md +137 -0
package/.agent/templates/reflection/critic.md +110 -0
package/.agent/templates/reflection/error_analysis.md +149 -0
package/.agent/templates/reflection/success_analysis.md +174 -0
package/.agent/templates/task-list.md +144 -0
package/.agent/templates/tasks/audit.yaml +146 -0
package/.agent/templates/tasks/bug_fix.yaml +121 -0
package/.agent/templates/tasks/code_implementation.yaml +110 -0
package/.agent/templates/tasks/refactor.yaml +157 -0
package/.agent/templates/test-report.md +52 -0
package/.agent/workflows/ap.md +135 -0
package/.agent/workflows/code.md +130 -0
package/.agent/workflows/debug.md +230 -0
package/.agent/workflows/deploy.md +192 -0
package/.agent/workflows/dev.md +137 -0
package/.agent/workflows/doc.md +124 -0
package/.agent/workflows/env.md +98 -0
package/.agent/workflows/fix.md +76 -0
package/.agent/workflows/generate.md +28 -0
package/.agent/workflows/git.md +97 -0
package/.agent/workflows/help.md +75 -0
package/.agent/workflows/init.md +148 -0
package/.agent/workflows/migrate.md +135 -0
package/.agent/workflows/monitor.md +133 -0
package/.agent/workflows/onboard.md +144 -0
package/.agent/workflows/orchestrate.md +117 -0
package/.agent/workflows/perf.md +106 -0
package/.agent/workflows/plan.md +106 -0
package/.agent/workflows/recap.md +101 -0
package/.agent/workflows/refactor.md +161 -0
package/.agent/workflows/revert.md +99 -0
package/.agent/workflows/review.md +106 -0
package/.agent/workflows/scaffold.md +119 -0
package/.agent/workflows/security.md +186 -0
package/.agent/workflows/status.md +103 -0
package/.agent/workflows/test.md +157 -0
package/.agent/workflows/think.md +126 -0
package/.agent/workflows/upgrade.md +109 -0
package/.agent/workflows/visualize.md +295 -0
package/.agent/workflows/workflow.md +196 -0
package/README.md +64 -0
package/dist/commands/add.d.ts +2 -0
package/dist/commands/add.d.ts.map +1 -0
package/dist/commands/add.js +70 -0
package/dist/commands/add.js.map +1 -0
package/dist/commands/config.d.ts +4 -0
package/dist/commands/config.d.ts.map +1 -0
package/dist/commands/config.js +152 -0
package/dist/commands/config.js.map +1 -0
package/dist/commands/doctor.d.ts +4 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +98 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/hsa.d.ts +4 -0
package/dist/commands/hsa.d.ts.map +1 -0
package/dist/commands/hsa.js +194 -0
package/dist/commands/hsa.js.map +1 -0
package/dist/commands/info.d.ts +2 -0
package/dist/commands/info.d.ts.map +1 -0
package/dist/commands/info.js +149 -0
package/dist/commands/info.js.map +1 -0
package/dist/commands/init.d.ts +4 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +262 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/install-core.d.ts +4 -0
package/dist/commands/install-core.d.ts.map +1 -0
package/dist/commands/install-core.js +85 -0
package/dist/commands/install-core.js.map +1 -0
package/dist/commands/install-helpers.d.ts +27 -0
package/dist/commands/install-helpers.d.ts.map +1 -0
package/dist/commands/install-helpers.js +125 -0
package/dist/commands/install-helpers.js.map +1 -0
package/dist/commands/install-hsa.d.ts +18 -0
package/dist/commands/install-hsa.d.ts.map +1 -0
package/dist/commands/install-hsa.js +61 -0
package/dist/commands/install-hsa.js.map +1 -0
package/dist/commands/install.d.ts +4 -0
package/dist/commands/install.d.ts.map +1 -0
package/dist/commands/install.js +310 -0
package/dist/commands/install.js.map +1 -0
package/dist/commands/list.d.ts +4 -0
package/dist/commands/list.d.ts.map +1 -0
package/dist/commands/list.js +91 -0
package/dist/commands/list.js.map +1 -0
package/dist/commands/mcp-registry.d.ts +48 -0
package/dist/commands/mcp-registry.d.ts.map +1 -0
package/dist/commands/mcp-registry.js +246 -0
package/dist/commands/mcp-registry.js.map +1 -0
package/dist/commands/mcp-writers.d.ts +20 -0
package/dist/commands/mcp-writers.d.ts.map +1 -0
package/dist/commands/mcp-writers.js +144 -0
package/dist/commands/mcp-writers.js.map +1 -0
package/dist/commands/mcp.d.ts +10 -0
package/dist/commands/mcp.d.ts.map +1 -0
package/dist/commands/mcp.js +319 -0
package/dist/commands/mcp.js.map +1 -0
package/dist/commands/update.d.ts +4 -0
package/dist/commands/update.d.ts.map +1 -0
package/dist/commands/update.js +79 -0
package/dist/commands/update.js.map +1 -0
package/dist/constants/cursor-globs.d.ts +17 -0
package/dist/constants/cursor-globs.d.ts.map +1 -0
package/dist/constants/cursor-globs.js +62 -0
package/dist/constants/cursor-globs.js.map +1 -0
package/dist/constants/ide-install-specs.d.ts +36 -0
package/dist/constants/ide-install-specs.d.ts.map +1 -0
package/dist/constants/ide-install-specs.js +870 -0
package/dist/constants/ide-install-specs.js.map +1 -0
package/dist/constants/ides.d.ts +105 -0
package/dist/constants/ides.d.ts.map +1 -0
package/dist/constants/ides.js +412 -0
package/dist/constants/ides.js.map +1 -0
package/dist/constants/skills.d.ts +40 -0
package/dist/constants/skills.d.ts.map +1 -0
package/dist/constants/skills.js +78 -0
package/dist/constants/skills.js.map +1 -0
package/dist/constants.d.ts +39 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +75 -0
package/dist/constants.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +122 -0
package/dist/index.js.map +1 -0
package/dist/types/flags.d.ts +47 -0
package/dist/types/flags.d.ts.map +1 -0
package/dist/types/flags.js +4 -0
package/dist/types/flags.js.map +1 -0
package/dist/types/ide-install.d.ts +175 -0
package/dist/types/ide-install.d.ts.map +1 -0
package/dist/types/ide-install.js +29 -0
package/dist/types/ide-install.js.map +1 -0
package/dist/utils/copy-helpers.d.ts +60 -0
package/dist/utils/copy-helpers.d.ts.map +1 -0
package/dist/utils/copy-helpers.js +617 -0
package/dist/utils/copy-helpers.js.map +1 -0
package/dist/utils/index.d.ts +3 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +5 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/validation.d.ts +29 -0
package/dist/utils/validation.d.ts.map +1 -0
package/dist/utils/validation.js +211 -0
package/dist/utils/validation.js.map +1 -0
package/package.json +64 -0

package/.agent/skills/core/security/data/language-specific/rust-security.yaml ADDED Viewed

@@ -0,0 +1,240 @@
+metadata:
+  skill: security
+  domain: rust_security
+  version: 6.2.0
+  updated: '2026-02-05'
+  migrated_from: rust-security.csv
+  patterns_count: 20
+  columns:
+  - id
+  - name
+  - severity
+  - category
+  - description
+  - detection_pattern
+  - fix_pattern
+  - cwe
+  - cve_reference
+  - example_vuln
+  - example_fix
+patterns:
+- id: RS-01
+  name: Windows Command Injection
+  severity: CRITICAL
+  category: Injection
+  description: Command::new on Windows with .bat/.cmd allows injection
+  detection_pattern: Command::new.*\\.(bat|cmd)(?!.*escape)
+  fix_pattern: Upgrade Rust 1.77.2+ properly escape batch arguments
+  cwe: CWE-78
+  cve_reference: CVE-2024-24576
+  example_vuln: Command::new('script.bat').arg(user_input)
+  example_fix: '// Rust 1.77.2+ fixed\n// Or use: Command::new(''cmd'').args([''/C'', &escaped])'
+- id: RS-02
+  name: Command Injection Whitespace Bypass
+  severity: CRITICAL
+  category: Injection
+  description: CVE-2024-24576 fix bypassed with trailing whitespace
+  detection_pattern: Command::new.*bat.*\\s+['\](?!.*trim)"
+  fix_pattern: Upgrade Rust 1.81.0+ trim trailing whitespace from filenames
+  cwe: CWE-78
+  cve_reference: CVE-2024-43402
+  example_vuln: Command::new('script.bat  ').arg(user)
+  example_fix: let cmd = cmd_name.trim_end(); Command::new(cmd)
+- id: RS-03
+  name: Unsafe Block Misuse
+  severity: HIGH
+  category: Memory
+  description: unsafe block without documented safety invariants
+  detection_pattern: unsafe\\s*\\{(?!.*// SAFETY:)
+  fix_pattern: Document safety invariants for every unsafe block
+  cwe: CWE-787
+  cve_reference: n/a
+  example_vuln: unsafe { *ptr = 42; }
+  example_fix: 'unsafe {\n    // SAFETY: ptr is valid and aligned\n    *ptr = 42;\n}'
+- id: RS-04
+  name: FFI Null Pointer
+  severity: CRITICAL
+  category: Memory
+  description: FFI with potential null pointer dereference
+  detection_pattern: extern.*fn.*\\*(?!.*NonNull|Option)
+  fix_pattern: Use NonNull or Option<> for FFI pointers
+  cwe: CWE-476
+  cve_reference: n/a
+  example_vuln: 'extern fn process(ptr: *const u8)'
+  example_fix: 'extern fn process(ptr: Option<NonNull<u8>>)'
+- id: RS-05
+  name: Integer Overflow Release
+  severity: HIGH
+  category: Math
+  description: Integer overflow in release mode causes wrap
+  detection_pattern: \\+|\\-|\\*(?!.*checked|saturating|wrapping)
+  fix_pattern: Use checked_* saturating_* or enable overflow-checks in release
+  cwe: CWE-190
+  cve_reference: n/a
+  example_vuln: let result = a + b; // May wrap in release
+  example_fix: let result = a.checked_add(b).unwrap_or(MAX);
+- id: RS-06
+  name: Race Condition Static Mut
+  severity: CRITICAL
+  category: Concurrency
+  description: static mut accessed from multiple threads without sync
+  detection_pattern: static\\s+mut\\s+\\w+(?!.*Mutex|RwLock)
+  fix_pattern: Use Mutex Atomic or once_cell::sync::Lazy
+  cwe: CWE-362
+  cve_reference: n/a
+  example_vuln: 'static mut COUNTER: u32 = 0;'
+  example_fix: 'use std::sync::atomic::AtomicU32;\nstatic COUNTER: AtomicU32 = AtomicU32::new(0);'
+- id: RS-07
+  name: Uninitialized Memory Use
+  severity: CRITICAL
+  category: Memory
+  description: MaybeUninit used before proper initialization
+  detection_pattern: MaybeUninit::uninit\\(\\).*assume_init(?!.*write)
+  fix_pattern: Initialize memory before calling assume_init
+  cwe: CWE-908
+  cve_reference: n/a
+  example_vuln: let x = MaybeUninit::uninit().assume_init();
+  example_fix: let mut x = MaybeUninit::uninit();\nx.write(0);\nlet x = x.assume_init();
+- id: RS-08
+  name: Double Free via ManuallyDrop
+  severity: CRITICAL
+  category: Memory
+  description: ManuallyDrop dropped multiple times
+  detection_pattern: ManuallyDrop::drop\\(&mut.*\\).*drop
+  fix_pattern: Track drop state or use take() instead
+  cwe: CWE-415
+  cve_reference: n/a
+  example_vuln: ManuallyDrop::drop(&mut x);\nManuallyDrop::drop(&mut x);
+  example_fix: let val = ManuallyDrop::take(&mut x); // Takes ownership
+- id: RS-09
+  name: Use After Free
+  severity: CRITICAL
+  category: Memory
+  description: Raw pointer used after memory freed
+  detection_pattern: drop\\(.*\\).*\\*.*ptr|free.*then.*deref
+  fix_pattern: Ensure lifetime validity null after free
+  cwe: CWE-416
+  cve_reference: n/a
+  example_vuln: drop(Box::from_raw(ptr));\nprintln!(\{}\"
+  example_fix: '*ptr);"'
+- id: RS-10
+  name: Buffer Overflow slice
+  severity: HIGH
+  category: Memory
+  description: Slice index without bounds check in unsafe
+  detection_pattern: get_unchecked(?!.*bounds)
+  fix_pattern: Use get() with Option or check bounds first
+  cwe: CWE-787
+  cve_reference: n/a
+  example_vuln: unsafe { *arr.get_unchecked(i) }
+  example_fix: arr.get(i).copied() // Safe, returns Option
+- id: RS-11
+  name: Path Traversal
+  severity: HIGH
+  category: File
+  description: User input in PathBuf without canonicalization
+  detection_pattern: PathBuf::from.*input(?!.*canonicalize)
+  fix_pattern: Use canonicalize() and validate against base dir
+  cwe: CWE-22
+  cve_reference: n/a
+  example_vuln: let path = PathBuf::from(user_input);
+  example_fix: let path = PathBuf::from(user_input).canonicalize()?;\nif !path.starts_with(base) { return Err(...) }
+- id: RS-12
+  name: Panic in FFI Boundary
+  severity: HIGH
+  category: FFI
+  description: panic! or unwrap() in extern fn causes UB
+  detection_pattern: extern.*fn[^}]+unwrap|extern.*fn[^}]+panic
+  fix_pattern: Use catch_unwind or return Result codes at FFI boundary
+  cwe: CWE-248
+  cve_reference: n/a
+  example_vuln: extern fn handler() {\n    x.unwrap(); // Panic = UB\n}
+  example_fix: extern fn handler() -> i32 {\n    match std::panic::catch_unwind(|| x) {\n        Ok(_) => 0,\n        Err(_) => -1,\n    }\n}
+- id: RS-13
+  name: Format String Injection
+  severity: MEDIUM
+  category: Injection
+  description: User input in format! macro with untrusted format
+  detection_pattern: format!\\(.*input.*\\{
+  fix_pattern: Sanitize input or use positional/named args only
+  cwe: CWE-134
+  cve_reference: n/a
+  example_vuln: format!(user_fmt, val) // fmt is untrusted
+  example_fix: format!(\{}\"
+- id: RS-14
+  name: SQL Injection sqlx
+  severity: HIGH
+  category: Injection
+  description: query() with string interpolation
+  detection_pattern: query\\(.*f!|query\\(.*\\+.*input
+  fix_pattern: Use query!() macro or bind parameters with query()
+  cwe: CWE-89
+  cve_reference: n/a
+  example_vuln: sqlx::query(&format!(\SELECT * WHERE id={}\"
+  example_fix: id))"
+- id: RS-15
+  name: Insecure Random
+  severity: HIGH
+  category: Cryptography
+  description: rand crate StdRng used without proper seeding
+  detection_pattern: StdRng::from_entropy(?!.*crypto)|thread_rng.*secret
+  fix_pattern: Use rand::rngs::OsRng for cryptographic purposes
+  cwe: CWE-330
+  cve_reference: n/a
+  example_vuln: 'let mut rng = thread_rng();\nlet key: [u8; 32] = rng.gen();'
+  example_fix: 'use rand::rngs::OsRng;\nlet key: [u8; 32] = OsRng.gen();'
+- id: RS-16
+  name: TOCTOU File Race
+  severity: HIGH
+  category: File
+  description: File checked then opened without atomic operation
+  detection_pattern: Path::exists.*File::open|metadata.*then.*open
+  fix_pattern: Use atomic file operations or proper locking
+  cwe: CWE-367
+  cve_reference: n/a
+  example_vuln: if path.exists() {\n    File::open(path)?;\n}
+  example_fix: File::options().create_new(true).open(path)?
+- id: RS-17
+  name: Deadlock Potential
+  severity: MEDIUM
+  category: Concurrency
+  description: Multiple locks acquired in different order
+  detection_pattern: lock\\(\\).*lock\\(\\)(?!.*try_lock)
+  fix_pattern: Always acquire locks in consistent order or use try_lock
+  cwe: CWE-833
+  cve_reference: n/a
+  example_vuln: 'let _a = mutex_a.lock();\nlet _b = mutex_b.lock(); // Other thread: b then a'
+  example_fix: '// Always lock in same order: a then b\n// Or use try_lock with backoff'
+- id: RS-18
+  name: Unsound Send/Sync
+  severity: CRITICAL
+  category: Concurrency
+  description: unsafe impl Send/Sync without proper invariants
+  detection_pattern: unsafe\\s+impl\\s+(Send|Sync)(?!.*// SAFETY:)
+  fix_pattern: Document safety requirements verify thread-safety
+  cwe: CWE-362
+  cve_reference: n/a
+  example_vuln: unsafe impl Send for MyPtr {}
+  example_fix: '// SAFETY: MyPtr only contains thread-safe atomics\nunsafe impl Send for MyPtr {}'
+- id: RS-19
+  name: env::var Injection
+  severity: MEDIUM
+  category: Environment
+  description: Environment variable used without validation
+  detection_pattern: env::var.*unwrap.*then.*execute
+  fix_pattern: Validate environment variables before use in commands
+  cwe: CWE-88
+  cve_reference: n/a
+  example_vuln: let path = env::var(\PATH\").unwrap();\nCommand::new(path)"
+  example_fix: let path = env::var(\SAFE_PATH\").ok().filter(|p| ALLOWED.contains(p));"
+- id: RS-20
+  name: Regex DoS
+  severity: HIGH
+  category: DoS
+  description: Regex with user input without timeout
+  detection_pattern: Regex::new.*input(?!.*size_limit)
+  fix_pattern: Use regex crate with size_limit or validate pattern
+  cwe: CWE-400
+  cve_reference: n/a
+  example_vuln: let re = Regex::new(&user_pattern)?;
+  example_fix: let re = RegexBuilder::new(&user_pattern)\n    .size_limit(1024)\n    .build()?;

package/.agent/skills/core/security/data/language-specific/solidity-security.yaml ADDED Viewed

@@ -0,0 +1,369 @@
+metadata:
+  skill: security
+  domain: solidity_security
+  version: 6.2.0
+  updated: '2026-02-05'
+  migrated_from: solidity-security.csv
+  patterns_count: 35
+  columns:
+  - id
+  - name
+  - severity
+  - category
+  - description
+  - detection_pattern
+  - fix_pattern
+  - cwe
+  - example_vuln
+  - example_fix
+patterns:
+- id: SOL-01
+  name: Reentrancy Attack
+  severity: CRITICAL
+  category: Logic
+  description: External call before state update allows reentrancy
+  detection_pattern: (\.call|transfer|send)\{.*\}\(.*\).*state
+  fix_pattern: Use Checks-Effects-Interactions pattern or ReentrancyGuard
+  cwe: CWE-841
+  example_vuln: 'function withdraw() { msg.sender.call{value: balance}(''''); balance = 0; }'
+  example_fix: 'function withdraw() { uint bal = balance; balance = 0; msg.sender.call{value: bal}(''''); }'
+- id: SOL-02
+  name: Integer Overflow Pre-0.8
+  severity: CRITICAL
+  category: Math
+  description: Arithmetic overflow in Solidity < 0.8 without SafeMath
+  detection_pattern: (\+|\-|\*)(?!.*SafeMath|.*unchecked).*pragma.*<.*0\.8
+  fix_pattern: Upgrade to Solidity 0.8+ or use SafeMath library
+  cwe: CWE-190
+  example_vuln: uint8 x = 255; x += 1; // Overflows to 0
+  example_fix: '// Solidity 0.8+: auto-reverts on overflow\nuint8 x = 255; x += 1; // Reverts'
+- id: SOL-03
+  name: Unchecked Call Return
+  severity: HIGH
+  category: Logic
+  description: Call send or transfer return value not checked
+  detection_pattern: (\.call|\.send)(?!.*require|.*if)
+  fix_pattern: Always check return value of external calls
+  cwe: CWE-252
+  example_vuln: payable(addr).send(amount);
+  example_fix: require(payable(addr).send(amount), 'Transfer failed');
+- id: SOL-04
+  name: Delegatecall Injection
+  severity: CRITICAL
+  category: Logic
+  description: Delegatecall to user-controlled address allows takeover
+  detection_pattern: delegatecall.*\(.*user|msg\.sender
+  fix_pattern: Never delegatecall to untrusted addresses validate target
+  cwe: CWE-284
+  example_vuln: contract.delegatecall(abi.encode(userFn));
+  example_fix: // Only delegatecall to trusted implementations
+- id: SOL-05
+  name: Storage Collision
+  severity: CRITICAL
+  category: Upgrade
+  description: Proxy storage layout conflicts with implementation
+  detection_pattern: (Proxy|upgradeable)(?!.*ERC1967|storage.*layout)
+  fix_pattern: Use ERC1967 storage slots or unstructured storage pattern
+  cwe: CWE-665
+  example_vuln: // Implementation inherits from different base
+  example_fix: // Use EIP-1967 storage slots\nbytes32 constant SLOT = keccak256('eip1967.proxy.implementation');
+- id: SOL-06
+  name: Uninitialized Storage
+  severity: HIGH
+  category: Memory
+  description: Storage variables used before initialization
+  detection_pattern: (address|uint).*storage(?!.*=|.*initialize)
+  fix_pattern: Always initialize storage variables explicitly
+  cwe: CWE-665
+  example_vuln: address public owner; // Never set
+  example_fix: constructor() { owner = msg.sender; }
+- id: SOL-07
+  name: Tx.origin Authentication
+  severity: HIGH
+  category: Auth
+  description: Using tx.origin for authentication vulnerable to phishing
+  detection_pattern: tx\.origin\s*(==|!=)
+  fix_pattern: Use msg.sender not tx.origin for authentication
+  cwe: CWE-346
+  example_vuln: require(tx.origin == owner);
+  example_fix: require(msg.sender == owner);
+- id: SOL-08
+  name: Block Timestamp Manipulation
+  severity: MEDIUM
+  category: Logic
+  description: Using block.timestamp for critical decisions
+  detection_pattern: block\.timestamp.*(?!logging|event).*random|winner
+  fix_pattern: Avoid block.timestamp for randomness or precise timing
+  cwe: CWE-330
+  example_vuln: winner = block.timestamp % participants.length;
+  example_fix: // Use Chainlink VRF for randomness
+- id: SOL-09
+  name: Missing Access Control
+  severity: CRITICAL
+  category: Auth
+  description: Sensitive functions without proper access modifiers
+  detection_pattern: function.*(transfer|withdraw|mint)(?!.*onlyOwner|require.*msg\.sender)
+  fix_pattern: Add access control modifiers to sensitive functions
+  cwe: CWE-284
+  example_vuln: function mint(uint amount) public { _mint(msg.sender, amount); }
+  example_fix: function mint(uint amount) public onlyOwner { _mint(msg.sender, amount); }
+- id: SOL-10
+  name: Front-Running Vulnerability
+  severity: HIGH
+  category: Logic
+  description: Transaction can be front-run by observing mempool
+  detection_pattern: (swap|buy|sell)(?!.*commit.*reveal|slippage)
+  fix_pattern: Use commit-reveal scheme or slippage protection
+  cwe: CWE-362
+  example_vuln: function swap(uint minOut) { ... }
+  example_fix: // Add deadline and slippage protection\nfunction swap(uint minOut, uint deadline) { require(block.timestamp <= deadline); }
+- id: SOL-11
+  name: Denial of Service
+  severity: HIGH
+  category: DoS
+  description: Gas-heavy operations in loops on unbounded arrays
+  detection_pattern: for.*length(?!.*gas|limit)
+  fix_pattern: Add gas limits pagination or pull over push pattern
+  cwe: CWE-400
+  example_vuln: for (uint i = 0; i < users.length; i++) { users[i].transfer(1 ether); }
+  example_fix: '// Use pull pattern: users claim their own funds'
+- id: SOL-12
+  name: Floating Pragma
+  severity: LOW
+  category: Config
+  description: Pragma version not locked to specific version
+  detection_pattern: pragma.*solidity.*\^|>=(?!.*<)
+  fix_pattern: Lock pragma to specific version for production
+  cwe: CWE-665
+  example_vuln: pragma solidity ^0.8.0;
+  example_fix: pragma solidity 0.8.19;
+- id: SOL-13
+  name: Missing Events
+  severity: LOW
+  category: Audit
+  description: State changes without event emission
+  detection_pattern: (=|\+\+|\-\-)(?!.*emit).*state
+  fix_pattern: Emit events for all state-changing operations
+  cwe: CWE-778
+  example_vuln: owner = newOwner;
+  example_fix: emit OwnerChanged(owner, newOwner);\nowner = newOwner;
+- id: SOL-14
+  name: Selfdestruct Vulnerability
+  severity: MEDIUM
+  category: Logic
+  description: Contract can be destroyed by unauthorized caller
+  detection_pattern: selfdestruct(?!.*onlyOwner)
+  fix_pattern: Add access control or remove selfdestruct
+  cwe: CWE-284
+  example_vuln: function kill() public { selfdestruct(payable(msg.sender)); }
+  example_fix: function kill() public onlyOwner { selfdestruct(payable(msg.sender)); }
+- id: SOL-15
+  name: Signature Malleability
+  severity: HIGH
+  category: Crypto
+  description: ECDSA signature can be altered to produce valid variant
+  detection_pattern: ecrecover(?!.*nonce|used\[)
+  fix_pattern: Track used signatures implement replay protection
+  cwe: CWE-347
+  example_vuln: address signer = ecrecover(hash, v, r, s);
+  example_fix: require(!usedSignatures[sig]); usedSignatures[sig] = true;
+- id: SOL-16
+  name: Flash Loan Attack
+  severity: CRITICAL
+  category: DeFi
+  description: Price or state manipulated within single transaction
+  detection_pattern: (getPrice|reserve|balance)(?!.*TWAP|oracle)
+  fix_pattern: Use TWAPs or trusted oracles for price data
+  cwe: CWE-362
+  example_vuln: uint price = reserve1 / reserve0; // Manipulable
+  example_fix: // Use Chainlink price feed\nuint price = priceFeed.latestRoundData();
+- id: SOL-17
+  name: Precision Loss
+  severity: MEDIUM
+  category: Math
+  description: Integer division causes precision loss
+  detection_pattern: (/.*\*|\*/.*<)(?!.*1e18|WAD|RAY)
+  fix_pattern: Multiply before divide use fixed-point math libraries
+  cwe: CWE-682
+  example_vuln: uint result = (a / b) * c;
+  example_fix: uint result = (a * c) / b; // Or use WAD
+- id: SOL-18
+  name: Missing Zero Address Check
+  severity: MEDIUM
+  category: Input
+  description: Address parameters not validated for zero address
+  detection_pattern: (address.*=|address.*param)(?!.*!=.*0|require)
+  fix_pattern: Always check for zero address on critical params
+  cwe: CWE-20
+  example_vuln: function setOwner(address _owner) { owner = _owner; }
+  example_fix: require(_owner != address(0)); owner = _owner;
+- id: SOL-19
+  name: Unbounded Return Data
+  severity: MEDIUM
+  category: Gas
+  description: External call with unbounded return data causes OOG
+  detection_pattern: staticcall|call(?!.*gas.*limit)
+  fix_pattern: Use assembly to limit return data copy size
+  cwe: CWE-400
+  example_vuln: (bool success, bytes memory data) = addr.call(payload);
+  example_fix: // Use low-level call with gas limit
+- id: SOL-20
+  name: Initializer Not Protected
+  severity: CRITICAL
+  category: Upgrade
+  description: Initializer can be called multiple times
+  detection_pattern: function.*initialize(?!.*initializer)
+  fix_pattern: Use OpenZeppelin's initializer modifier
+  cwe: CWE-665
+  example_vuln: function initialize(address _owner) public { owner = _owner; }
+  example_fix: function initialize(address _owner) public initializer { owner = _owner; }
+- id: SOL-21
+  name: Cross-Chain Replay
+  severity: CRITICAL
+  category: Bridge
+  description: Signature valid on multiple chains without chain ID
+  detection_pattern: ecrecover(?!.*chainId|block\.chainid)
+  fix_pattern: Include block.chainid in signature data
+  cwe: CWE-294
+  example_vuln: bytes32 hash = keccak256(abi.encode(to, amount));
+  example_fix: bytes32 hash = keccak256(abi.encode(block.chainid, to, amount));
+- id: SOL-22
+  name: Bridge Oracle Manipulation
+  severity: CRITICAL
+  category: Bridge
+  description: Bridge relies on single oracle for cross-chain messages
+  detection_pattern: oracle(?!.*multi|threshold|decentralized)
+  fix_pattern: Use multi-sig oracles or threshold signatures
+  cwe: CWE-346
+  example_vuln: function receiveMessage(bytes memory proof) { validateOracle(proof); }
+  example_fix: // Use threshold signatures with 2/3 consensus
+- id: SOL-23
+  name: MEV Sandwich Attack
+  severity: HIGH
+  category: DeFi
+  description: Swap can be sandwiched by MEV bots
+  detection_pattern: swap(?!.*flashbots|private.*pool)
+  fix_pattern: Use private mempools or MEV protection services
+  cwe: CWE-362
+  example_vuln: // Public swap can be exploited\nfunction swap(uint amount) { ... }
+  example_fix: // Use Flashbots Protect or MEV-Share
+- id: SOL-24
+  name: EIP-4337 Validation Gas
+  severity: HIGH
+  category: AA
+  description: Account abstraction validateUserOp gas not limited
+  detection_pattern: validateUserOp(?!.*gasLimit)
+  fix_pattern: Limit validation gas to prevent DoS
+  cwe: CWE-400
+  example_vuln: function validateUserOp(UserOperation op) { // Unbounded }
+  example_fix: // Limit validation to 200k gas
+- id: SOL-25
+  name: ERC-4626 Inflation Attack
+  severity: CRITICAL
+  category: DeFi
+  description: Vault share inflation via first deposit frontrun
+  detection_pattern: deposit(?!.*virtualAssets|offset)
+  fix_pattern: Use virtual assets to prevent inflation
+  cwe: CWE-682
+  example_vuln: function deposit(uint assets) { shares = assets / totalAssets; }
+  example_fix: '// Add virtual offset: shares = assets / (totalAssets + 1)'
+- id: SOL-26
+  name: Create2 Factory Hijack
+  severity: HIGH
+  category: Deploy
+  description: CREATE2 address can be hijacked with same salt
+  detection_pattern: create2(?!.*validate.*deployer)
+  fix_pattern: Validate deployer in salt or use access control
+  cwe: CWE-94
+  example_vuln: address deployed = Create2.deploy(salt, bytecode);
+  example_fix: // Include msg.sender in salt
+- id: SOL-27
+  name: Permit2 Signature Reuse
+  severity: HIGH
+  category: DeFi
+  description: Permit2 signatures indefinitely valid without expiration
+  detection_pattern: permit(?!.*deadline|expiration)
+  fix_pattern: Always include deadline in permit signatures
+  cwe: CWE-613
+  example_vuln: // No expiration\npermit(owner, spender, value, v, r, s);
+  example_fix: permit(owner, spender, value, deadline, v, r, s);
+- id: SOL-28
+  name: LayerZero Untrusted Path
+  severity: CRITICAL
+  category: Bridge
+  description: LayerZero message from untrusted source endpoint
+  detection_pattern: lzReceive(?!.*trustedRemote)
+  fix_pattern: Validate trustedRemoteLookup for source
+  cwe: CWE-284
+  example_vuln: function lzReceive(uint16 srcChainId) { process(); }
+  example_fix: require(trustedRemoteLookup[srcChainId] != bytes32(0));
+- id: SOL-29
+  name: Diamond Facet Collision
+  severity: HIGH
+  category: Upgrade
+  description: EIP-2535 function selector collision between facets
+  detection_pattern: diamondCut(?!.*checkSelectors)
+  fix_pattern: Check for selector collisions during upgrades
+  cwe: CWE-694
+  example_vuln: // Selectors can collide\ndiamondCut(facets);
+  example_fix: // Use facet selector registry
+- id: SOL-30
+  name: Account Abstraction Paymaster DoS
+  severity: HIGH
+  category: AA
+  description: Paymaster can be drained by malicious operations
+  detection_pattern: paymaster(?!.*whitelist|rateLimit)
+  fix_pattern: Implement rate limiting and whitelist
+  cwe: CWE-400
+  example_vuln: function validatePaymasterUserOp() { // Any op pays }
+  example_fix: // Rate limit per user and validate operation
+- id: SOL-31
+  name: ERC-721A Overflow
+  severity: HIGH
+  category: NFT
+  description: ERC721A quantity overflow in batch mint
+  detection_pattern: _mint(?!.*maxBatch|quantity.*check)
+  fix_pattern: Limit batch size to prevent overflow
+  cwe: CWE-190
+  example_vuln: function batchMint(uint quantity) { _mint(to, quantity); }
+  example_fix: require(quantity <= MAX_BATCH); _mint(to, quantity);
+- id: SOL-32
+  name: Governance Flash Loan
+  severity: CRITICAL
+  category: DAO
+  description: Voting power acquired via flash loan for single block
+  detection_pattern: snapshot(?!.*delay|timelock)
+  fix_pattern: Use voting delay and snapshot before proposal
+  cwe: CWE-362
+  example_vuln: // Vote immediately after deposit\nfunction vote() { require(balance[msg.sender] > 0); }
+  example_fix: // Snapshot voting power 1 block before
+- id: SOL-33
+  name: EIP-712 Domain Separator Cache
+  severity: MEDIUM
+  category: Crypto
+  description: Cached domain separator invalid after chain fork
+  detection_pattern: DOMAIN_SEPARATOR(?!.*computed|block\.chainid)
+  fix_pattern: Recompute domain separator if chainId changes
+  cwe: CWE-294
+  example_vuln: bytes32 public immutable DOMAIN_SEPARATOR;
+  example_fix: 'function DOMAIN_SEPARATOR() public view returns (bytes32) { return block.chainid == chainIdCached ? cached : compute(); }'
+- id: SOL-34
+  name: NFT Royalty Bypass
+  severity: MEDIUM
+  category: NFT
+  description: ERC-2981 royalties not enforced on marketplace
+  detection_pattern: royaltyInfo(?!.*enforce|operator)
+  fix_pattern: Use operator filtering or on-chain enforcement
+  cwe: CWE-284
+  example_vuln: // Royalties optional\nfunction royaltyInfo() { return (receiver, amount); }
+  example_fix: // Use OperatorFilterer to enforce
+- id: SOL-35
+  name: Insufficient Randomness Commit
+  severity: HIGH
+  category: Logic
+  description: Commit-reveal with predictable reveal
+  detection_pattern: reveal(?!.*blockhash.*future|VRF)
+  fix_pattern: Use Chainlink VRF or blockhash of future block
+  cwe: CWE-330
+  example_vuln: function reveal(bytes32 seed) { random = uint(keccak256(seed)); }
+  example_fix: // Request randomness from Chainlink VRF