@nockdev/awf 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/build.yaml +178 -0
- package/.agent/config.yaml +235 -0
- package/.agent/core/ACTIVE_MEMORY.yaml +344 -0
- package/.agent/core/ARCH_REGISTRY.yaml +252 -0
- package/.agent/core/AUDIT_POLICY.md +68 -0
- package/.agent/core/BRANDING.yaml +185 -0
- package/.agent/core/CACHE.md +59 -0
- package/.agent/core/CHECKPOINT.yaml +153 -0
- package/.agent/core/CLEANUP_ENGINE.yaml +326 -0
- package/.agent/core/CODING_STYLES.yaml +346 -0
- package/.agent/core/COMMANDS.md +93 -0
- package/.agent/core/CONTEXT_INJECTOR.yaml +325 -0
- package/.agent/core/CONTEXT_LOADER.yaml +323 -0
- package/.agent/core/CONTEXT_OPTIMIZATION.yaml +286 -0
- package/.agent/core/CONTEXT_PRIORITY.yaml +357 -0
- package/.agent/core/CUSTOMIZE.md +138 -0
- package/.agent/core/DATA_SAFETY.md +92 -0
- package/.agent/core/FLOW_ENGINE.yaml +300 -0
- package/.agent/core/GRAPH_MEMORY.yaml +420 -0
- package/.agent/core/HSA.yaml +357 -0
- package/.agent/core/HYBRID_ROUTER.yaml +346 -0
- package/.agent/core/INTENT_DETECTION.yaml +384 -0
- package/.agent/core/LIBRARY_REGISTRY.yaml +401 -0
- package/.agent/core/MCP_TOOLS.yaml +414 -0
- package/.agent/core/MEMORY_CONSOLIDATION.yaml +352 -0
- package/.agent/core/MEMORY_ENGINE.yaml +353 -0
- package/.agent/core/MEMORY_PATHS.yaml +79 -0
- package/.agent/core/MEMORY_UTILS.yaml +212 -0
- package/.agent/core/PATTERNS.yaml +319 -0
- package/.agent/core/PERMISSIONS.md +100 -0
- package/.agent/core/README.md +91 -0
- package/.agent/core/REFLECTION_ENGINE.yaml +348 -0
- package/.agent/core/ROUTER.yaml +424 -0
- package/.agent/core/SCORING_FORMULA.yaml +103 -0
- package/.agent/core/SEMANTIC_ENGINE.yaml +162 -0
- package/.agent/core/SKILLS_FLOW.yaml +341 -0
- package/.agent/core/SKILL_SCHEMA.yaml +266 -0
- package/.agent/core/STATE_MACHINE.yaml +409 -0
- package/.agent/core/SUMMARIZATION_ENGINE.yaml +258 -0
- package/.agent/core/TEMPLATES.yaml +364 -0
- package/.agent/core/TOKEN_BUDGETS.yaml +157 -0
- package/.agent/core/TOKEN_LOADING.yaml +197 -0
- package/.agent/core/TOKEN_SUMMARY.yaml +121 -0
- package/.agent/core/VERSION.yaml +240 -0
- package/.agent/core/embeddings.json +2004 -0
- package/.agent/core/session_cache.json +50 -0
- package/.agent/i18n/README.md +30 -0
- package/.agent/i18n/en.yaml +302 -0
- package/.agent/i18n/vi.yaml +302 -0
- package/.agent/ide/README.md +47 -0
- package/.agent/ide/amazonq.json +35 -0
- package/.agent/ide/amp.json +35 -0
- package/.agent/ide/antigravity.json +47 -0
- package/.agent/ide/augment.json +35 -0
- package/.agent/ide/claude.json +42 -0
- package/.agent/ide/cline.json +34 -0
- package/.agent/ide/codex.json +37 -0
- package/.agent/ide/cody.json +35 -0
- package/.agent/ide/continue.json +35 -0
- package/.agent/ide/cursor.json +42 -0
- package/.agent/ide/gemini.json +46 -0
- package/.agent/ide/jetbrains.json +35 -0
- package/.agent/ide/kiro.json +35 -0
- package/.agent/ide/opencode.json +35 -0
- package/.agent/ide/roo.json +35 -0
- package/.agent/ide/tabnine.json +35 -0
- package/.agent/ide/trae.json +35 -0
- package/.agent/ide/vscode.json +34 -0
- package/.agent/ide/windsurf.json +56 -0
- package/.agent/ide/zed.json +36 -0
- package/.agent/manifest.yaml +416 -0
- package/.agent/memory/README.md +148 -0
- package/.agent/memory/active_memories.json +35 -0
- package/.agent/memory/archive/.gitkeep +0 -0
- package/.agent/memory/audit_summary.json +58 -0
- package/.agent/memory/cleanup_log.json +34 -0
- package/.agent/memory/consolidated.md +75 -0
- package/.agent/memory/core_memory/persona.json +30 -0
- package/.agent/memory/core_memory/project.json +25 -0
- package/.agent/memory/core_memory/rules.json +29 -0
- package/.agent/memory/core_memory/user.json +24 -0
- package/.agent/memory/decisions.md +40 -0
- package/.agent/memory/graph/knowledge_graph.json +12 -0
- package/.agent/memory/insights.md +52 -0
- package/.agent/memory/metrics.json +48 -0
- package/.agent/memory/patterns/errors.json +11 -0
- package/.agent/memory/patterns/successes.json +10 -0
- package/.agent/memory/session.md +64 -0
- package/.agent/memory/session_rules.json +19 -0
- package/.agent/memory/state.json +81 -0
- package/.agent/memory/vectors/README.md +129 -0
- package/.agent/personas/README.md +180 -0
- package/.agent/personas/architect.md +186 -0
- package/.agent/personas/auditor.md +222 -0
- package/.agent/personas/debugger.md +210 -0
- package/.agent/personas/developer.md +183 -0
- package/.agent/personas/devops.md +268 -0
- package/.agent/personas/documenter.md +262 -0
- package/.agent/personas/orchestrator.md +240 -0
- package/.agent/personas/persona.schema.yaml +209 -0
- package/.agent/personas/planner.md +171 -0
- package/.agent/personas/researcher.md +194 -0
- package/.agent/personas/security.md +212 -0
- package/.agent/personas/tester.md +247 -0
- package/.agent/rules/README.md +231 -0
- package/.agent/rules/SACRED_RULES.xml +142 -0
- package/.agent/rules/constitutional/tier-0-core.yaml +182 -0
- package/.agent/rules/constitutional/tier-1-safety.yaml +272 -0
- package/.agent/rules/constitutional/tier-2-execution.yaml +294 -0
- package/.agent/rules/data/build-systems.yaml +126 -0
- package/.agent/rules/data/quality-standards.json +59 -0
- package/.agent/rules/duplication-prevention.md +138 -0
- package/.agent/rules/incremental-changes.md +146 -0
- package/.agent/rules/modules/context-management.yaml +158 -0
- package/.agent/rules/modules/edit-verification.yaml +197 -0
- package/.agent/rules/modules/evidence.yaml +185 -0
- package/.agent/rules/modules/git-workflow.yaml +165 -0
- package/.agent/rules/modules/language.yaml +155 -0
- package/.agent/rules/modules/online-research.yaml +192 -0
- package/.agent/rules/modules/quality.yaml +185 -0
- package/.agent/rules/modules/reflection.yaml +209 -0
- package/.agent/rules/modules/stop-conditions.yaml +196 -0
- package/.agent/rules/modules/terminal-safety.yaml +229 -0
- package/.agent/rules/modules/versioning.yaml +97 -0
- package/.agent/rules/modules/yagni.yaml +167 -0
- package/.agent/rules/project-detection.md +317 -0
- package/.agent/rules/prompt-injection-guard.md +260 -0
- package/.agent/rules/shell-commands.md +210 -0
- package/.agent/rules/validation-framework.md +189 -0
- package/.agent/skills/DEVELOPMENT.yaml +226 -0
- package/.agent/skills/README.md +69 -0
- package/.agent/skills/_categories.yaml +145 -0
- package/.agent/skills/_router.yaml +232 -0
- package/.agent/skills/core/_index.yaml +12 -0
- package/.agent/skills/core/api-design/META.yaml +64 -0
- package/.agent/skills/core/api-design/SKILL.md +169 -0
- package/.agent/skills/core/api-design/data/api-versioning.yaml +217 -0
- package/.agent/skills/core/api-design/data/error-responses.yaml +135 -0
- package/.agent/skills/core/api-design/data/graphql-patterns.yaml +165 -0
- package/.agent/skills/core/api-design/data/grpc-patterns.yaml +165 -0
- package/.agent/skills/core/api-design/data/http-status-codes.yaml +176 -0
- package/.agent/skills/core/api-design/data/pagination.yaml +121 -0
- package/.agent/skills/core/api-design/data/rate-limiting.yaml +135 -0
- package/.agent/skills/core/api-design/data/rest-patterns.yaml +195 -0
- package/.agent/skills/core/api-design/data/test-apis.yaml +217 -0
- package/.agent/skills/core/authentication/META.yaml +73 -0
- package/.agent/skills/core/authentication/SKILL.md +166 -0
- package/.agent/skills/core/authentication/data/anti-patterns.yaml +135 -0
- package/.agent/skills/core/authentication/data/core-patterns.yaml +256 -0
- package/.agent/skills/core/authentication/data/jwt-patterns.yaml +255 -0
- package/.agent/skills/core/authentication/data/language-csharp.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-go.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-java.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-mobile.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-python.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-rust.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-typescript.yaml +215 -0
- package/.agent/skills/core/authentication/data/mfa-patterns.yaml +175 -0
- package/.agent/skills/core/authentication/data/oauth-patterns.yaml +255 -0
- package/.agent/skills/core/authentication/data/oauth.yaml +248 -0
- package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +215 -0
- package/.agent/skills/core/authentication/data/passkeys.yaml +208 -0
- package/.agent/skills/core/authentication/data/password-patterns.yaml +175 -0
- package/.agent/skills/core/authentication/data/password.yaml +168 -0
- package/.agent/skills/core/authentication/data/session-patterns.yaml +215 -0
- package/.agent/skills/core/error-handling/META.yaml +71 -0
- package/.agent/skills/core/error-handling/SKILL.md +156 -0
- package/.agent/skills/core/error-handling/data/anti-patterns.yaml +105 -0
- package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +135 -0
- package/.agent/skills/core/error-handling/data/core-patterns.yaml +226 -0
- package/.agent/skills/core/error-handling/data/error-codes.yaml +165 -0
- package/.agent/skills/core/error-handling/data/error-messages.yaml +165 -0
- package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-go-rust.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-python-java.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +226 -0
- package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +191 -0
- package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +135 -0
- package/.agent/skills/core/logging/META.yaml +73 -0
- package/.agent/skills/core/logging/SKILL.md +184 -0
- package/.agent/skills/core/logging/data/aggregation-patterns.yaml +191 -0
- package/.agent/skills/core/logging/data/anti-patterns.yaml +121 -0
- package/.agent/skills/core/logging/data/core-patterns.yaml +226 -0
- package/.agent/skills/core/logging/data/language-csharp.yaml +191 -0
- package/.agent/skills/core/logging/data/language-go.yaml +191 -0
- package/.agent/skills/core/logging/data/language-java.yaml +191 -0
- package/.agent/skills/core/logging/data/language-kotlin.yaml +156 -0
- package/.agent/skills/core/logging/data/language-others.yaml +184 -0
- package/.agent/skills/core/logging/data/language-python.yaml +191 -0
- package/.agent/skills/core/logging/data/language-rust.yaml +191 -0
- package/.agent/skills/core/logging/data/language-swift.yaml +156 -0
- package/.agent/skills/core/logging/data/language-typescript.yaml +191 -0
- package/.agent/skills/core/logging/data/otel-logging.yaml +156 -0
- package/.agent/skills/core/observability/META.yaml +76 -0
- package/.agent/skills/core/observability/SKILL.md +153 -0
- package/.agent/skills/core/observability/data/alerting-patterns.yaml +165 -0
- package/.agent/skills/core/observability/data/anti-patterns.yaml +105 -0
- package/.agent/skills/core/observability/data/core-patterns.yaml +195 -0
- package/.agent/skills/core/observability/data/language-cpp.yaml +165 -0
- package/.agent/skills/core/observability/data/language-csharp.yaml +165 -0
- package/.agent/skills/core/observability/data/language-go.yaml +165 -0
- package/.agent/skills/core/observability/data/language-java.yaml +165 -0
- package/.agent/skills/core/observability/data/language-others.yaml +255 -0
- package/.agent/skills/core/observability/data/language-python.yaml +165 -0
- package/.agent/skills/core/observability/data/language-rust.yaml +165 -0
- package/.agent/skills/core/observability/data/language-typescript.yaml +165 -0
- package/.agent/skills/core/observability/data/metrics-patterns.yaml +135 -0
- package/.agent/skills/core/observability/data/metrics-prometheus.yaml +165 -0
- package/.agent/skills/core/observability/data/otel-core.yaml +195 -0
- package/.agent/skills/core/observability/data/profiling-patterns.yaml +135 -0
- package/.agent/skills/core/observability/data/tracing-patterns.yaml +165 -0
- package/.agent/skills/core/observability/data/tracing-tools.yaml +135 -0
- package/.agent/skills/core/security/ADVANCED.md +269 -0
- package/.agent/skills/core/security/META.yaml +97 -0
- package/.agent/skills/core/security/SKILL.md +234 -0
- package/.agent/skills/core/security/data/ai-ml-security.yaml +261 -0
- package/.agent/skills/core/security/data/api-security.yaml +230 -0
- package/.agent/skills/core/security/data/auth-patterns.yaml +195 -0
- package/.agent/skills/core/security/data/binary-exploitation.yaml +339 -0
- package/.agent/skills/core/security/data/cloud-security.yaml +269 -0
- package/.agent/skills/core/security/data/cwe-top25.yaml +415 -0
- package/.agent/skills/core/security/data/language-specific/c-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/go-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/java-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/php-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/python-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/rust-security.yaml +240 -0
- package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +369 -0
- package/.agent/skills/core/security/data/language-specific/swift-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +295 -0
- package/.agent/skills/core/security/data/mobile-security.yaml +369 -0
- package/.agent/skills/core/security/data/network-security.yaml +297 -0
- package/.agent/skills/core/security/data/owasp-top10.yaml +171 -0
- package/.agent/skills/core/security/data/reverse-engineering.yaml +497 -0
- package/.agent/skills/core/security/data/supply-chain.yaml +219 -0
- package/.agent/skills/cross-cutting/_index.yaml +15 -0
- package/.agent/skills/cross-cutting/audit-pro/META.yaml +43 -0
- package/.agent/skills/cross-cutting/audit-pro/data/checklists.yaml +644 -0
- package/.agent/skills/cross-cutting/audit-pro/data/scoring.yaml +101 -0
- package/.agent/skills/cross-cutting/aws/META.yaml +75 -0
- package/.agent/skills/cross-cutting/aws/data/ai_ml.yaml +194 -0
- package/.agent/skills/cross-cutting/aws/data/compute.yaml +191 -0
- package/.agent/skills/cross-cutting/aws/data/kubernetes.yaml +199 -0
- package/.agent/skills/cross-cutting/aws/data/storage.yaml +174 -0
- package/.agent/skills/cross-cutting/bun/META.yaml +58 -0
- package/.agent/skills/cross-cutting/bun/SKILL.md +357 -0
- package/.agent/skills/cross-cutting/bun/data/database.yaml +85 -0
- package/.agent/skills/cross-cutting/bun/data/runtime.yaml +170 -0
- package/.agent/skills/cross-cutting/bun/data/tooling.yaml +192 -0
- package/.agent/skills/cross-cutting/ci-cd/META.yaml +60 -0
- package/.agent/skills/cross-cutting/ci-cd/data/github_actions.yaml +248 -0
- package/.agent/skills/cross-cutting/ci-cd/data/security.yaml +211 -0
- package/.agent/skills/cross-cutting/coding-rules/META.yaml +61 -0
- package/.agent/skills/cross-cutting/coding-rules/SKILL.md +171 -0
- package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +96 -0
- package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +346 -0
- package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +647 -0
- package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +108 -0
- package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +260 -0
- package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +344 -0
- package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +108 -0
- package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +320 -0
- package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +164 -0
- package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +80 -0
- package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +183 -0
- package/.agent/skills/cross-cutting/database/ADVANCED.md +465 -0
- package/.agent/skills/cross-cutting/database/META.yaml +22 -0
- package/.agent/skills/cross-cutting/database/SKILL.md +816 -0
- package/.agent/skills/cross-cutting/database/data/anti_patterns.yaml +116 -0
- package/.agent/skills/cross-cutting/database/data/distributed.yaml +152 -0
- package/.agent/skills/cross-cutting/database/data/mongodb.yaml +132 -0
- package/.agent/skills/cross-cutting/database/data/mysql.yaml +130 -0
- package/.agent/skills/cross-cutting/database/data/orm.yaml +104 -0
- package/.agent/skills/cross-cutting/database/data/postgresql.yaml +170 -0
- package/.agent/skills/cross-cutting/database/data/redis.yaml +129 -0
- package/.agent/skills/cross-cutting/deno/META.yaml +68 -0
- package/.agent/skills/cross-cutting/deno/SKILL.md +343 -0
- package/.agent/skills/cross-cutting/deno/data/runtime.yaml +260 -0
- package/.agent/skills/cross-cutting/deno/data/security.yaml +168 -0
- package/.agent/skills/cross-cutting/deno/data/tooling.yaml +133 -0
- package/.agent/skills/cross-cutting/docker/META.yaml +65 -0
- package/.agent/skills/cross-cutting/docker/data/build.yaml +197 -0
- package/.agent/skills/cross-cutting/docker/data/compose.yaml +229 -0
- package/.agent/skills/cross-cutting/docker/data/security.yaml +164 -0
- package/.agent/skills/cross-cutting/electron/META.yaml +174 -0
- package/.agent/skills/cross-cutting/electron/SKILL.md +862 -0
- package/.agent/skills/cross-cutting/electron/data/build.yaml +105 -0
- package/.agent/skills/cross-cutting/electron/data/crash.yaml +103 -0
- package/.agent/skills/cross-cutting/electron/data/ipc.yaml +85 -0
- package/.agent/skills/cross-cutting/electron/data/native.yaml +157 -0
- package/.agent/skills/cross-cutting/electron/data/security.yaml +89 -0
- package/.agent/skills/cross-cutting/electron/data/storage.yaml +100 -0
- package/.agent/skills/cross-cutting/electron/data/testing.yaml +103 -0
- package/.agent/skills/cross-cutting/electron/data/updates.yaml +99 -0
- package/.agent/skills/cross-cutting/electron/data/window.yaml +83 -0
- package/.agent/skills/cross-cutting/kubernetes/META.yaml +70 -0
- package/.agent/skills/cross-cutting/kubernetes/data/networking.yaml +270 -0
- package/.agent/skills/cross-cutting/kubernetes/data/scheduling.yaml +267 -0
- package/.agent/skills/cross-cutting/kubernetes/data/security.yaml +253 -0
- package/.agent/skills/cross-cutting/kubernetes/data/workloads.yaml +251 -0
- package/.agent/skills/cross-cutting/sql/META.yaml +88 -0
- package/.agent/skills/cross-cutting/sql/SKILL.md +296 -0
- package/.agent/skills/cross-cutting/sql/data/indexing.yaml +147 -0
- package/.agent/skills/cross-cutting/sql/data/json.yaml +156 -0
- package/.agent/skills/cross-cutting/sql/data/performance.yaml +204 -0
- package/.agent/skills/cross-cutting/sql/data/queries.yaml +150 -0
- package/.agent/skills/cross-cutting/tailwind/META.yaml +72 -0
- package/.agent/skills/cross-cutting/tailwind/SKILL.md +344 -0
- package/.agent/skills/cross-cutting/tailwind/data/build.yaml +143 -0
- package/.agent/skills/cross-cutting/tailwind/data/config.yaml +109 -0
- package/.agent/skills/cross-cutting/tailwind/data/migration.yaml +149 -0
- package/.agent/skills/cross-cutting/tailwind/data/responsive.yaml +148 -0
- package/.agent/skills/cross-cutting/tailwind/data/states.yaml +152 -0
- package/.agent/skills/cross-cutting/tailwind/data/theme.yaml +126 -0
- package/.agent/skills/cross-cutting/tailwind/data/utilities.yaml +182 -0
- package/.agent/skills/cross-cutting/tailwind/data/variants.yaml +154 -0
- package/.agent/skills/cross-cutting/testing/ADVANCED.md +245 -0
- package/.agent/skills/cross-cutting/testing/META.yaml +49 -0
- package/.agent/skills/cross-cutting/testing/SKILL.md +263 -0
- package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +300 -0
- package/.agent/skills/cross-cutting/testing/data/patterns.yaml +168 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/META.yaml +108 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +565 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +331 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +1226 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +287 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +318 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +525 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +232 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +140 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-colors.yaml +467 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +75 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +918 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +107 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +372 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +195 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +177 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +1339 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +180 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +504 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +228 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +508 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +543 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +515 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +519 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +599 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +496 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +526 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +616 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +520 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +486 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +485 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +1473 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +647 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +1019 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +1009 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +347 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +393 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +303 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +496 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +76 -0
- package/.agent/skills/cross-cutting/web-perf/META.yaml +92 -0
- package/.agent/skills/cross-cutting/web-perf/SKILL.md +181 -0
- package/.agent/skills/cross-cutting/web-perf/data/cls_optimization.yaml +189 -0
- package/.agent/skills/cross-cutting/web-perf/data/core_web_vitals.yaml +282 -0
- package/.agent/skills/cross-cutting/web-perf/data/inp_optimization.yaml +240 -0
- package/.agent/skills/cross-cutting/web-perf/data/lcp_optimization.yaml +202 -0
- package/.agent/skills/cross-cutting/web-perf/data/measurement.yaml +170 -0
- package/.agent/skills/devops/_index.yaml +9 -0
- package/.agent/skills/devops/aws/ADVANCED.md +547 -0
- package/.agent/skills/devops/aws/META.yaml +84 -0
- package/.agent/skills/devops/aws/SKILL.md +711 -0
- package/.agent/skills/devops/ci-cd/ADVANCED.md +529 -0
- package/.agent/skills/devops/ci-cd/META.yaml +21 -0
- package/.agent/skills/devops/ci-cd/SKILL.md +821 -0
- package/.agent/skills/devops/docker/ADVANCED.md +495 -0
- package/.agent/skills/devops/docker/META.yaml +20 -0
- package/.agent/skills/devops/docker/SKILL.md +653 -0
- package/.agent/skills/devops/kubernetes/ADVANCED.md +252 -0
- package/.agent/skills/devops/kubernetes/META.yaml +15 -0
- package/.agent/skills/devops/kubernetes/SKILL.md +621 -0
- package/.agent/skills/frameworks/_index.yaml +13 -0
- package/.agent/skills/frameworks/angular/META.yaml +70 -0
- package/.agent/skills/frameworks/angular/SKILL.md +319 -0
- package/.agent/skills/frameworks/angular/data/core.yaml +209 -0
- package/.agent/skills/frameworks/angular/data/performance.yaml +210 -0
- package/.agent/skills/frameworks/angular/data/server.yaml +175 -0
- package/.agent/skills/frameworks/flutter/ADVANCED.md +491 -0
- package/.agent/skills/frameworks/flutter/META.yaml +64 -0
- package/.agent/skills/frameworks/flutter/SKILL.md +541 -0
- package/.agent/skills/frameworks/flutter/data/core.yaml +210 -0
- package/.agent/skills/frameworks/flutter/data/platform.yaml +246 -0
- package/.agent/skills/frameworks/flutter/data/state.yaml +250 -0
- package/.agent/skills/frameworks/nextjs/ADVANCED.md +225 -0
- package/.agent/skills/frameworks/nextjs/META.yaml +67 -0
- package/.agent/skills/frameworks/nextjs/SKILL.md +593 -0
- package/.agent/skills/frameworks/nextjs/data/caching.yaml +210 -0
- package/.agent/skills/frameworks/nextjs/data/core.yaml +255 -0
- package/.agent/skills/frameworks/nextjs/data/server.yaml +248 -0
- package/.agent/skills/frameworks/nuxt/META.yaml +57 -0
- package/.agent/skills/frameworks/nuxt/SKILL.md +283 -0
- package/.agent/skills/frameworks/nuxt/data/core.yaml +309 -0
- package/.agent/skills/frameworks/nuxt/data/server.yaml +271 -0
- package/.agent/skills/frameworks/react/ADVANCED.md +676 -0
- package/.agent/skills/frameworks/react/META.yaml +60 -0
- package/.agent/skills/frameworks/react/SKILL.md +263 -0
- package/.agent/skills/frameworks/react/data/core.yaml +278 -0
- package/.agent/skills/frameworks/react/data/server.yaml +283 -0
- package/.agent/skills/frameworks/react-native/META.yaml +59 -0
- package/.agent/skills/frameworks/react-native/SKILL.md +301 -0
- package/.agent/skills/frameworks/react-native/data/core.yaml +260 -0
- package/.agent/skills/frameworks/react-native/data/platform.yaml +287 -0
- package/.agent/skills/frameworks/svelte/META.yaml +62 -0
- package/.agent/skills/frameworks/svelte/SKILL.md +398 -0
- package/.agent/skills/frameworks/svelte/data/runes.yaml +239 -0
- package/.agent/skills/frameworks/svelte/data/sveltekit.yaml +244 -0
- package/.agent/skills/frameworks/vue/ADVANCED.md +214 -0
- package/.agent/skills/frameworks/vue/META.yaml +58 -0
- package/.agent/skills/frameworks/vue/SKILL.md +356 -0
- package/.agent/skills/frameworks/vue/data/advanced.yaml +253 -0
- package/.agent/skills/frameworks/vue/data/core.yaml +270 -0
- package/.agent/skills/index.json +143 -0
- package/.agent/skills/languages/_index.yaml +33 -0
- package/.agent/skills/languages/asm/ADVANCED.md +750 -0
- package/.agent/skills/languages/asm/META.yaml +84 -0
- package/.agent/skills/languages/asm/SKILL.md +753 -0
- package/.agent/skills/languages/asm/data/advanced.yaml +295 -0
- package/.agent/skills/languages/asm/data/core.yaml +280 -0
- package/.agent/skills/languages/c/ADVANCED.md +625 -0
- package/.agent/skills/languages/c/META.yaml +58 -0
- package/.agent/skills/languages/c/SKILL.md +748 -0
- package/.agent/skills/languages/c/data/core.yaml +179 -0
- package/.agent/skills/languages/c/data/embedded.yaml +251 -0
- package/.agent/skills/languages/c/data/memory.yaml +253 -0
- package/.agent/skills/languages/clojure/META.yaml +13 -0
- package/.agent/skills/languages/clojure/SKILL.md +130 -0
- package/.agent/skills/languages/clojure/data/core.yaml +326 -0
- package/.agent/skills/languages/cpp/ADVANCED.md +457 -0
- package/.agent/skills/languages/cpp/META.yaml +61 -0
- package/.agent/skills/languages/cpp/SKILL.md +936 -0
- package/.agent/skills/languages/cpp/data/core.yaml +304 -0
- package/.agent/skills/languages/cpp/data/memory.yaml +247 -0
- package/.agent/skills/languages/cpp/data/modern.yaml +334 -0
- package/.agent/skills/languages/crystal/META.yaml +30 -0
- package/.agent/skills/languages/crystal/SKILL.md +117 -0
- package/.agent/skills/languages/crystal/data/async.yaml +264 -0
- package/.agent/skills/languages/crystal/data/core.yaml +279 -0
- package/.agent/skills/languages/csharp/ADVANCED.md +592 -0
- package/.agent/skills/languages/csharp/META.yaml +23 -0
- package/.agent/skills/languages/csharp/SKILL.md +620 -0
- package/.agent/skills/languages/csharp/data/aspnet.yaml +448 -0
- package/.agent/skills/languages/csharp/data/core.yaml +362 -0
- package/.agent/skills/languages/elixir/META.yaml +18 -0
- package/.agent/skills/languages/elixir/SKILL.md +368 -0
- package/.agent/skills/languages/elixir/data/core.yaml +392 -0
- package/.agent/skills/languages/fsharp/META.yaml +14 -0
- package/.agent/skills/languages/fsharp/SKILL.md +113 -0
- package/.agent/skills/languages/fsharp/data/core.yaml +396 -0
- package/.agent/skills/languages/go/ADVANCED.md +260 -0
- package/.agent/skills/languages/go/META.yaml +64 -0
- package/.agent/skills/languages/go/SKILL.md +489 -0
- package/.agent/skills/languages/go/data/concurrency.yaml +424 -0
- package/.agent/skills/languages/go/data/core.yaml +399 -0
- package/.agent/skills/languages/go/data/http.yaml +507 -0
- package/.agent/skills/languages/haskell/META.yaml +18 -0
- package/.agent/skills/languages/haskell/SKILL.md +305 -0
- package/.agent/skills/languages/haskell/data/core.yaml +347 -0
- package/.agent/skills/languages/java/ADVANCED.md +450 -0
- package/.agent/skills/languages/java/META.yaml +89 -0
- package/.agent/skills/languages/java/SKILL.md +495 -0
- package/.agent/skills/languages/java/data/core.yaml +307 -0
- package/.agent/skills/languages/java/data/spring.yaml +437 -0
- package/.agent/skills/languages/javascript/ADVANCED.md +530 -0
- package/.agent/skills/languages/javascript/META.yaml +105 -0
- package/.agent/skills/languages/javascript/SKILL.md +455 -0
- package/.agent/skills/languages/javascript/data/async.yaml +290 -0
- package/.agent/skills/languages/javascript/data/core.yaml +380 -0
- package/.agent/skills/languages/javascript/data/modern.yaml +269 -0
- package/.agent/skills/languages/julia/META.yaml +13 -0
- package/.agent/skills/languages/julia/SKILL.md +174 -0
- package/.agent/skills/languages/julia/data/core.yaml +356 -0
- package/.agent/skills/languages/kotlin/ADVANCED.md +539 -0
- package/.agent/skills/languages/kotlin/META.yaml +24 -0
- package/.agent/skills/languages/kotlin/SKILL.md +525 -0
- package/.agent/skills/languages/kotlin/data/android.yaml +495 -0
- package/.agent/skills/languages/kotlin/data/core.yaml +366 -0
- package/.agent/skills/languages/lua/ADVANCED.md +257 -0
- package/.agent/skills/languages/lua/META.yaml +58 -0
- package/.agent/skills/languages/lua/SKILL.md +492 -0
- package/.agent/skills/languages/lua/data/core.yaml +264 -0
- package/.agent/skills/languages/lua/data/embedding.yaml +300 -0
- package/.agent/skills/languages/nim/META.yaml +30 -0
- package/.agent/skills/languages/nim/SKILL.md +116 -0
- package/.agent/skills/languages/nim/data/async.yaml +257 -0
- package/.agent/skills/languages/nim/data/core.yaml +241 -0
- package/.agent/skills/languages/ocaml/META.yaml +13 -0
- package/.agent/skills/languages/ocaml/SKILL.md +123 -0
- package/.agent/skills/languages/ocaml/data/core.yaml +357 -0
- package/.agent/skills/languages/perl/META.yaml +13 -0
- package/.agent/skills/languages/perl/SKILL.md +115 -0
- package/.agent/skills/languages/perl/data/core.yaml +360 -0
- package/.agent/skills/languages/php/ADVANCED.md +199 -0
- package/.agent/skills/languages/php/META.yaml +18 -0
- package/.agent/skills/languages/php/SKILL.md +488 -0
- package/.agent/skills/languages/php/data/core.yaml +392 -0
- package/.agent/skills/languages/php/data/laravel.yaml +525 -0
- package/.agent/skills/languages/python/ADVANCED.md +207 -0
- package/.agent/skills/languages/python/META.yaml +91 -0
- package/.agent/skills/languages/python/SKILL.md +495 -0
- package/.agent/skills/languages/python/data/async.yaml +265 -0
- package/.agent/skills/languages/python/data/core.yaml +259 -0
- package/.agent/skills/languages/python/data/fastapi.yaml +296 -0
- package/.agent/skills/languages/python/data/testing.yaml +226 -0
- package/.agent/skills/languages/r/META.yaml +16 -0
- package/.agent/skills/languages/r/SKILL.md +348 -0
- package/.agent/skills/languages/r/data/core.yaml +355 -0
- package/.agent/skills/languages/ruby/ADVANCED.md +381 -0
- package/.agent/skills/languages/ruby/META.yaml +19 -0
- package/.agent/skills/languages/ruby/SKILL.md +417 -0
- package/.agent/skills/languages/ruby/data/core.yaml +448 -0
- package/.agent/skills/languages/ruby/data/rails.yaml +415 -0
- package/.agent/skills/languages/rust/ADVANCED.md +212 -0
- package/.agent/skills/languages/rust/META.yaml +87 -0
- package/.agent/skills/languages/rust/SKILL.md +377 -0
- package/.agent/skills/languages/rust/data/async.yaml +404 -0
- package/.agent/skills/languages/rust/data/axum.yaml +450 -0
- package/.agent/skills/languages/rust/data/core.yaml +356 -0
- package/.agent/skills/languages/scala/META.yaml +17 -0
- package/.agent/skills/languages/scala/SKILL.md +202 -0
- package/.agent/skills/languages/scala/data/core.yaml +349 -0
- package/.agent/skills/languages/solidity/META.yaml +13 -0
- package/.agent/skills/languages/solidity/SKILL.md +188 -0
- package/.agent/skills/languages/solidity/data/core.yaml +528 -0
- package/.agent/skills/languages/swift/ADVANCED.md +231 -0
- package/.agent/skills/languages/swift/META.yaml +18 -0
- package/.agent/skills/languages/swift/SKILL.md +342 -0
- package/.agent/skills/languages/swift/data/core.yaml +489 -0
- package/.agent/skills/languages/typescript/ADVANCED.md +186 -0
- package/.agent/skills/languages/typescript/META.yaml +92 -0
- package/.agent/skills/languages/typescript/SKILL.md +306 -0
- package/.agent/skills/languages/typescript/data/async.yaml +397 -0
- package/.agent/skills/languages/typescript/data/core.yaml +283 -0
- package/.agent/skills/languages/typescript/data/validation.yaml +338 -0
- package/.agent/skills/languages/zig/META.yaml +52 -0
- package/.agent/skills/languages/zig/SKILL.md +354 -0
- package/.agent/skills/languages/zig/data/async.yaml +314 -0
- package/.agent/skills/languages/zig/data/core.yaml +302 -0
- package/.agent/templates/README.md +42 -0
- package/.agent/templates/audit-report.md +153 -0
- package/.agent/templates/chains/debug/step1-reproduce.md +83 -0
- package/.agent/templates/chains/debug/step2-isolate.md +73 -0
- package/.agent/templates/chains/debug/step3-analyze.md +86 -0
- package/.agent/templates/chains/debug/step4-fix.md +85 -0
- package/.agent/templates/chains/debug/step5-verify.md +122 -0
- package/.agent/templates/chains/implement/step1-plan.md +88 -0
- package/.agent/templates/chains/implement/step2-code.md +87 -0
- package/.agent/templates/chains/implement/step3-test.md +87 -0
- package/.agent/templates/chains/implement/step4-doc.md +118 -0
- package/.agent/templates/chains/review/step1-understand.md +74 -0
- package/.agent/templates/chains/review/step2-analyze.md +110 -0
- package/.agent/templates/chains/review/step3-fix.md +93 -0
- package/.agent/templates/chains/review/step4-summary.md +104 -0
- package/.agent/templates/debug-report.md +50 -0
- package/.agent/templates/deploy-plan.md +54 -0
- package/.agent/templates/doc-template.md +57 -0
- package/.agent/templates/findings.md +122 -0
- package/.agent/templates/index.yaml +239 -0
- package/.agent/templates/migrate-plan.md +50 -0
- package/.agent/templates/phase-template.md +72 -0
- package/.agent/templates/project-plan.md +87 -0
- package/.agent/templates/prompts/context_block.md +114 -0
- package/.agent/templates/prompts/guardrails_block.md +116 -0
- package/.agent/templates/prompts/persona_base.md +155 -0
- package/.agent/templates/prompts/tools_block.md +137 -0
- package/.agent/templates/reflection/critic.md +110 -0
- package/.agent/templates/reflection/error_analysis.md +149 -0
- package/.agent/templates/reflection/success_analysis.md +174 -0
- package/.agent/templates/task-list.md +144 -0
- package/.agent/templates/tasks/audit.yaml +146 -0
- package/.agent/templates/tasks/bug_fix.yaml +121 -0
- package/.agent/templates/tasks/code_implementation.yaml +110 -0
- package/.agent/templates/tasks/refactor.yaml +157 -0
- package/.agent/templates/test-report.md +52 -0
- package/.agent/workflows/ap.md +135 -0
- package/.agent/workflows/code.md +130 -0
- package/.agent/workflows/debug.md +230 -0
- package/.agent/workflows/deploy.md +192 -0
- package/.agent/workflows/dev.md +137 -0
- package/.agent/workflows/doc.md +124 -0
- package/.agent/workflows/env.md +98 -0
- package/.agent/workflows/fix.md +76 -0
- package/.agent/workflows/generate.md +28 -0
- package/.agent/workflows/git.md +97 -0
- package/.agent/workflows/help.md +75 -0
- package/.agent/workflows/init.md +148 -0
- package/.agent/workflows/migrate.md +135 -0
- package/.agent/workflows/monitor.md +133 -0
- package/.agent/workflows/onboard.md +144 -0
- package/.agent/workflows/orchestrate.md +117 -0
- package/.agent/workflows/perf.md +106 -0
- package/.agent/workflows/plan.md +106 -0
- package/.agent/workflows/recap.md +101 -0
- package/.agent/workflows/refactor.md +161 -0
- package/.agent/workflows/revert.md +99 -0
- package/.agent/workflows/review.md +106 -0
- package/.agent/workflows/scaffold.md +119 -0
- package/.agent/workflows/security.md +186 -0
- package/.agent/workflows/status.md +103 -0
- package/.agent/workflows/test.md +157 -0
- package/.agent/workflows/think.md +126 -0
- package/.agent/workflows/upgrade.md +109 -0
- package/.agent/workflows/visualize.md +295 -0
- package/.agent/workflows/workflow.md +196 -0
- package/README.md +64 -0
- package/dist/commands/add.d.ts +2 -0
- package/dist/commands/add.d.ts.map +1 -0
- package/dist/commands/add.js +70 -0
- package/dist/commands/add.js.map +1 -0
- package/dist/commands/config.d.ts +4 -0
- package/dist/commands/config.d.ts.map +1 -0
- package/dist/commands/config.js +152 -0
- package/dist/commands/config.js.map +1 -0
- package/dist/commands/doctor.d.ts +4 -0
- package/dist/commands/doctor.d.ts.map +1 -0
- package/dist/commands/doctor.js +98 -0
- package/dist/commands/doctor.js.map +1 -0
- package/dist/commands/hsa.d.ts +4 -0
- package/dist/commands/hsa.d.ts.map +1 -0
- package/dist/commands/hsa.js +194 -0
- package/dist/commands/hsa.js.map +1 -0
- package/dist/commands/info.d.ts +2 -0
- package/dist/commands/info.d.ts.map +1 -0
- package/dist/commands/info.js +149 -0
- package/dist/commands/info.js.map +1 -0
- package/dist/commands/init.d.ts +4 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +262 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/install-core.d.ts +4 -0
- package/dist/commands/install-core.d.ts.map +1 -0
- package/dist/commands/install-core.js +85 -0
- package/dist/commands/install-core.js.map +1 -0
- package/dist/commands/install-helpers.d.ts +27 -0
- package/dist/commands/install-helpers.d.ts.map +1 -0
- package/dist/commands/install-helpers.js +125 -0
- package/dist/commands/install-helpers.js.map +1 -0
- package/dist/commands/install-hsa.d.ts +18 -0
- package/dist/commands/install-hsa.d.ts.map +1 -0
- package/dist/commands/install-hsa.js +61 -0
- package/dist/commands/install-hsa.js.map +1 -0
- package/dist/commands/install.d.ts +4 -0
- package/dist/commands/install.d.ts.map +1 -0
- package/dist/commands/install.js +310 -0
- package/dist/commands/install.js.map +1 -0
- package/dist/commands/list.d.ts +4 -0
- package/dist/commands/list.d.ts.map +1 -0
- package/dist/commands/list.js +91 -0
- package/dist/commands/list.js.map +1 -0
- package/dist/commands/mcp-registry.d.ts +48 -0
- package/dist/commands/mcp-registry.d.ts.map +1 -0
- package/dist/commands/mcp-registry.js +246 -0
- package/dist/commands/mcp-registry.js.map +1 -0
- package/dist/commands/mcp-writers.d.ts +20 -0
- package/dist/commands/mcp-writers.d.ts.map +1 -0
- package/dist/commands/mcp-writers.js +144 -0
- package/dist/commands/mcp-writers.js.map +1 -0
- package/dist/commands/mcp.d.ts +10 -0
- package/dist/commands/mcp.d.ts.map +1 -0
- package/dist/commands/mcp.js +319 -0
- package/dist/commands/mcp.js.map +1 -0
- package/dist/commands/update.d.ts +4 -0
- package/dist/commands/update.d.ts.map +1 -0
- package/dist/commands/update.js +79 -0
- package/dist/commands/update.js.map +1 -0
- package/dist/constants/cursor-globs.d.ts +17 -0
- package/dist/constants/cursor-globs.d.ts.map +1 -0
- package/dist/constants/cursor-globs.js +62 -0
- package/dist/constants/cursor-globs.js.map +1 -0
- package/dist/constants/ide-install-specs.d.ts +36 -0
- package/dist/constants/ide-install-specs.d.ts.map +1 -0
- package/dist/constants/ide-install-specs.js +870 -0
- package/dist/constants/ide-install-specs.js.map +1 -0
- package/dist/constants/ides.d.ts +105 -0
- package/dist/constants/ides.d.ts.map +1 -0
- package/dist/constants/ides.js +412 -0
- package/dist/constants/ides.js.map +1 -0
- package/dist/constants/skills.d.ts +40 -0
- package/dist/constants/skills.d.ts.map +1 -0
- package/dist/constants/skills.js +78 -0
- package/dist/constants/skills.js.map +1 -0
- package/dist/constants.d.ts +39 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +75 -0
- package/dist/constants.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +122 -0
- package/dist/index.js.map +1 -0
- package/dist/types/flags.d.ts +47 -0
- package/dist/types/flags.d.ts.map +1 -0
- package/dist/types/flags.js +4 -0
- package/dist/types/flags.js.map +1 -0
- package/dist/types/ide-install.d.ts +175 -0
- package/dist/types/ide-install.d.ts.map +1 -0
- package/dist/types/ide-install.js +29 -0
- package/dist/types/ide-install.js.map +1 -0
- package/dist/utils/copy-helpers.d.ts +60 -0
- package/dist/utils/copy-helpers.d.ts.map +1 -0
- package/dist/utils/copy-helpers.js +617 -0
- package/dist/utils/copy-helpers.js.map +1 -0
- package/dist/utils/index.d.ts +3 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +5 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/validation.d.ts +29 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +211 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +64 -0
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
metadata:
|
|
2
|
+
skill: security
|
|
3
|
+
domain: owasp_top10
|
|
4
|
+
version: 6.2.0
|
|
5
|
+
updated: '2026-02-05'
|
|
6
|
+
migrated_from: owasp-top10.csv
|
|
7
|
+
patterns_count: 10
|
|
8
|
+
columns:
|
|
9
|
+
- id
|
|
10
|
+
- name
|
|
11
|
+
- severity
|
|
12
|
+
- version
|
|
13
|
+
- description
|
|
14
|
+
- detection_pattern
|
|
15
|
+
- fix_pattern
|
|
16
|
+
- languages
|
|
17
|
+
- example_vuln
|
|
18
|
+
- example_fix
|
|
19
|
+
patterns:
|
|
20
|
+
- id: A01
|
|
21
|
+
name: Broken Access Control
|
|
22
|
+
severity: CRITICAL
|
|
23
|
+
version: '2025'
|
|
24
|
+
description: 'Missing authorization checks. #1 in both 2021 and 2025. 100% of apps have some form.'
|
|
25
|
+
detection_pattern: (!authz|!permission|!role|admin|delete|update).*endpoint
|
|
26
|
+
fix_pattern: Implement RBAC/ABAC, check permissions on every request, deny by default
|
|
27
|
+
languages: all
|
|
28
|
+
example_vuln: '// BAD: No auth check
|
|
29
|
+
|
|
30
|
+
app.delete(''/users/:id'', (req, res) => db.deleteUser(req.params.id))'
|
|
31
|
+
example_fix: '// GOOD: Auth middleware + role check
|
|
32
|
+
|
|
33
|
+
app.delete(''/users/:id'', auth, requireRole(''admin''), (req, res) => ...)'
|
|
34
|
+
- id: A02
|
|
35
|
+
name: Security Misconfiguration
|
|
36
|
+
severity: CRITICAL
|
|
37
|
+
version: '2025'
|
|
38
|
+
description: 'Moved UP to #2 in 2025 (was #5 in 2021). Default configs, verbose errors, unused features.'
|
|
39
|
+
detection_pattern: (debug.*true|verbose|stack.*trace|default.*password)
|
|
40
|
+
fix_pattern: Hardened configs, disable unused features, custom error pages, security headers
|
|
41
|
+
languages: all
|
|
42
|
+
example_vuln: '// BAD: Debug mode in production
|
|
43
|
+
|
|
44
|
+
DEBUG=true
|
|
45
|
+
|
|
46
|
+
SHOW_STACK_TRACE=true'
|
|
47
|
+
example_fix: '// GOOD: Production config
|
|
48
|
+
|
|
49
|
+
DEBUG=false
|
|
50
|
+
|
|
51
|
+
SHOW_STACK_TRACE=false
|
|
52
|
+
|
|
53
|
+
ERROR_PAGE=/errors/500.html'
|
|
54
|
+
- id: A03
|
|
55
|
+
name: Software Supply Chain Failures
|
|
56
|
+
severity: CRITICAL
|
|
57
|
+
version: '2025'
|
|
58
|
+
description: NEW in 2025! Replaces 'Vulnerable Components'. Covers CI/CD, dependencies, build pipelines.
|
|
59
|
+
detection_pattern: (npm install|pip install|unsigned|http://|package-lock|yarn.lock)
|
|
60
|
+
fix_pattern: Signed releases, verified checksums, lock files, SBOM, private registries, dependency scanning
|
|
61
|
+
languages: all
|
|
62
|
+
example_vuln: '// BAD: Trusting external scripts, no SRI
|
|
63
|
+
|
|
64
|
+
<script src=''http://cdn.example.com/lib.js''>
|
|
65
|
+
|
|
66
|
+
// BAD: No lockfile verification'
|
|
67
|
+
example_fix: '// GOOD: SRI hash + HTTPS
|
|
68
|
+
|
|
69
|
+
<script src=''https://...'' integrity=''sha384-...''>
|
|
70
|
+
|
|
71
|
+
// GOOD: npm ci --ignore-scripts + audit'
|
|
72
|
+
- id: A04
|
|
73
|
+
name: Insecure Design
|
|
74
|
+
severity: HIGH
|
|
75
|
+
version: '2025'
|
|
76
|
+
description: Architectural flaws that can't be fixed by implementation. Missing threat modeling.
|
|
77
|
+
detection_pattern: (todo|fixme|hack|workaround).*security
|
|
78
|
+
fix_pattern: Threat modeling, secure design patterns, defense in depth, security requirements
|
|
79
|
+
languages: all
|
|
80
|
+
example_vuln: '// BAD: Password in URL
|
|
81
|
+
|
|
82
|
+
GET /reset-password?token=abc&newPassword=secret'
|
|
83
|
+
example_fix: '// GOOD: POST with body, rate limited
|
|
84
|
+
|
|
85
|
+
POST /reset-password { token, newPassword }'
|
|
86
|
+
- id: A05
|
|
87
|
+
name: Cryptographic Failures
|
|
88
|
+
severity: CRITICAL
|
|
89
|
+
version: '2025'
|
|
90
|
+
description: 'Moved DOWN to #5 in 2025 (was #2 in 2021). Weak encryption, plaintext passwords.'
|
|
91
|
+
detection_pattern: (md5|sha1|plaintext|http://)
|
|
92
|
+
fix_pattern: Use bcrypt/argon2 for passwords, TLS 1.3, AES-256-GCM for data at rest
|
|
93
|
+
languages: all
|
|
94
|
+
example_vuln: '// BAD: MD5 password hash
|
|
95
|
+
|
|
96
|
+
const hash = crypto.createHash(''md5'').update(password).digest(''hex'')'
|
|
97
|
+
example_fix: '// GOOD: bcrypt with cost factor 12
|
|
98
|
+
|
|
99
|
+
const hash = await bcrypt.hash(password, 12)'
|
|
100
|
+
- id: A06
|
|
101
|
+
name: Injection
|
|
102
|
+
severity: CRITICAL
|
|
103
|
+
version: '2025'
|
|
104
|
+
description: 'Moved DOWN to #6 in 2025 (was #3 in 2021). SQL/NoSQL/OS command injection.'
|
|
105
|
+
detection_pattern: (query\\s*\\+|exec\\s*\\(|eval\\s*\\(|system\\s*\\()
|
|
106
|
+
fix_pattern: Parameterized queries, input validation, ORM with safe methods
|
|
107
|
+
languages: all
|
|
108
|
+
example_vuln: '// BAD: SQL injection
|
|
109
|
+
|
|
110
|
+
db.query(''SELECT * FROM users WHERE id = '' + req.params.id)'
|
|
111
|
+
example_fix: '// GOOD: Parameterized query
|
|
112
|
+
|
|
113
|
+
db.query(''SELECT * FROM users WHERE id = $1'', [req.params.id])'
|
|
114
|
+
- id: A07
|
|
115
|
+
name: Identification and Authentication Failures
|
|
116
|
+
severity: CRITICAL
|
|
117
|
+
version: '2025'
|
|
118
|
+
description: Weak passwords, no MFA, session fixation, credential stuffing.
|
|
119
|
+
detection_pattern: (password.*=|session.*id|token.*storage)
|
|
120
|
+
fix_pattern: MFA, password policies (NIST 800-63B), secure session management, rate limiting
|
|
121
|
+
languages: all
|
|
122
|
+
example_vuln: '// BAD: Session ID in URL
|
|
123
|
+
|
|
124
|
+
GET /dashboard?sessionId=abc123'
|
|
125
|
+
example_fix: '// GOOD: HttpOnly cookie
|
|
126
|
+
|
|
127
|
+
Set-Cookie: sessionId=abc123; HttpOnly; Secure; SameSite=Strict'
|
|
128
|
+
- id: A08
|
|
129
|
+
name: Software and Data Integrity Failures
|
|
130
|
+
severity: HIGH
|
|
131
|
+
version: '2025'
|
|
132
|
+
description: Unsigned updates, compromised CI/CD, insecure deserialization.
|
|
133
|
+
detection_pattern: (pickle\\.load|unserialize|ObjectInputStream|auto-update)
|
|
134
|
+
fix_pattern: Signed releases, verified checksums, secure deserialization, code signing
|
|
135
|
+
languages: all
|
|
136
|
+
example_vuln: '// BAD: Insecure deserialization (Python)
|
|
137
|
+
|
|
138
|
+
pickle.loads(user_data)'
|
|
139
|
+
example_fix: '// GOOD: Safe JSON with schema validation
|
|
140
|
+
|
|
141
|
+
data = json.loads(user_data); validate(data, schema)'
|
|
142
|
+
- id: A09
|
|
143
|
+
name: Security Logging and Monitoring Failures
|
|
144
|
+
severity: MEDIUM
|
|
145
|
+
version: '2025'
|
|
146
|
+
description: Missing security logs, sensitive data in logs, no alerting.
|
|
147
|
+
detection_pattern: (console\\.log|print\\(|logger.*password|log.*token)
|
|
148
|
+
fix_pattern: Structured logging, exclude PII, security event monitoring, SIEM integration
|
|
149
|
+
languages: all
|
|
150
|
+
example_vuln: '// BAD: Logging secrets
|
|
151
|
+
|
|
152
|
+
console.log(''User login:'', { email, password })'
|
|
153
|
+
example_fix: '// GOOD: Sanitized logging
|
|
154
|
+
|
|
155
|
+
logger.info(''User login'', { email, timestamp, source_ip })'
|
|
156
|
+
- id: A10
|
|
157
|
+
name: Server-Side Request Forgery (SSRF)
|
|
158
|
+
severity: HIGH
|
|
159
|
+
version: '2025'
|
|
160
|
+
description: Server-side request forgery - fetching attacker-controlled URLs.
|
|
161
|
+
detection_pattern: (fetch\\(|request\\(|http.*get\\().*user
|
|
162
|
+
fix_pattern: URL allowlisting, disable redirects, network segmentation, metadata protection
|
|
163
|
+
languages: all
|
|
164
|
+
example_vuln: '// BAD: Fetching user-provided URL
|
|
165
|
+
|
|
166
|
+
const data = await fetch(req.query.url)'
|
|
167
|
+
example_fix: '// GOOD: Allowlist validation
|
|
168
|
+
|
|
169
|
+
if (!ALLOWED_HOSTS.includes(new URL(url).host)) throw new Error(''Blocked'')
|
|
170
|
+
|
|
171
|
+
// Also block: 169.254.169.254, localhost, internal IPs'
|
|
@@ -0,0 +1,497 @@
|
|
|
1
|
+
metadata:
|
|
2
|
+
skill: security
|
|
3
|
+
domain: reverse_engineering
|
|
4
|
+
version: 6.2.0
|
|
5
|
+
updated: '2026-02-05'
|
|
6
|
+
migrated_from: reverse-engineering.csv
|
|
7
|
+
patterns_count: 40
|
|
8
|
+
columns:
|
|
9
|
+
- id
|
|
10
|
+
- name
|
|
11
|
+
- severity
|
|
12
|
+
- category
|
|
13
|
+
- description
|
|
14
|
+
- detection_pattern
|
|
15
|
+
- fix_pattern
|
|
16
|
+
- languages
|
|
17
|
+
- tools_defeated
|
|
18
|
+
- example_code
|
|
19
|
+
patterns:
|
|
20
|
+
- id: RE-01
|
|
21
|
+
name: No Code Obfuscation
|
|
22
|
+
severity: HIGH
|
|
23
|
+
category: Static
|
|
24
|
+
description: Source code or bytecode readable without protection
|
|
25
|
+
detection_pattern: (function\\s+\\w+|class\\s+\\w+|def\\s+\\w+)(?!.*obfuscate)
|
|
26
|
+
fix_pattern: 'Use obfuscation: ProGuard R8 javascript-obfuscator pyarmor'
|
|
27
|
+
languages:
|
|
28
|
+
- java
|
|
29
|
+
- kotlin
|
|
30
|
+
- javascript
|
|
31
|
+
- python
|
|
32
|
+
tools_defeated: jadx dex2jar jd-gui
|
|
33
|
+
example_code: '// BEFORE\nfunction validateLicense(key) {\n return key === ''SECRET''\n}\n// AFTER: Use obfuscator'
|
|
34
|
+
- id: RE-02
|
|
35
|
+
name: Root Detection Missing
|
|
36
|
+
severity: CRITICAL
|
|
37
|
+
category: Mobile
|
|
38
|
+
description: App runs on rooted devices without detection
|
|
39
|
+
detection_pattern: (su|SuperSU|Magisk|busybox)(?!.*detect|check)
|
|
40
|
+
fix_pattern: Implement multi-layered root detection with fallbacks
|
|
41
|
+
languages:
|
|
42
|
+
- java
|
|
43
|
+
- kotlin
|
|
44
|
+
tools_defeated: Magisk KernelSU
|
|
45
|
+
example_code: // Detect Magisk\nval paths = arrayOf('/sbin/.magisk', '/data/adb/magisk')\nif (paths.any { File(it).exists() }) exitApp()
|
|
46
|
+
- id: RE-03
|
|
47
|
+
name: Jailbreak Detection Missing
|
|
48
|
+
severity: CRITICAL
|
|
49
|
+
category: Mobile
|
|
50
|
+
description: iOS app runs on jailbroken devices without warning
|
|
51
|
+
detection_pattern: (Cydia|checkra1n|unc0ver|Sileo)(?!.*detect)
|
|
52
|
+
fix_pattern: Implement jailbreak detection checking multiple indicators
|
|
53
|
+
languages:
|
|
54
|
+
- swift
|
|
55
|
+
- objective-c
|
|
56
|
+
tools_defeated: Electra checkra1n
|
|
57
|
+
example_code: '// Check for Cydia\nif FileManager.default.fileExists(atPath: ''/Applications/Cydia.app'') { exitApp() }'
|
|
58
|
+
- id: RE-04
|
|
59
|
+
name: Frida Detection Missing
|
|
60
|
+
severity: CRITICAL
|
|
61
|
+
category: Mobile
|
|
62
|
+
description: App does not detect Frida injection framework
|
|
63
|
+
detection_pattern: (frida|gadget|gum-js|r2frida)(?!.*detect)
|
|
64
|
+
fix_pattern: Detect Frida via port scan libraries thread names
|
|
65
|
+
languages:
|
|
66
|
+
- java
|
|
67
|
+
- kotlin
|
|
68
|
+
- swift
|
|
69
|
+
tools_defeated: Frida Objection
|
|
70
|
+
example_code: // Check Frida port 27042\nif (isPortOpen(27042)) exitApp()\n// Check loaded libraries\nif (libs.any { it.contains('frida') }) exitApp()
|
|
71
|
+
- id: RE-05
|
|
72
|
+
name: Xposed Detection Missing
|
|
73
|
+
severity: HIGH
|
|
74
|
+
category: Android
|
|
75
|
+
description: App does not detect Xposed Framework hooks
|
|
76
|
+
detection_pattern: (Xposed|EdXposed|LSPosed|de\\.robv)(?!.*detect)
|
|
77
|
+
fix_pattern: Check for Xposed via stack traces and known classes
|
|
78
|
+
languages:
|
|
79
|
+
- java
|
|
80
|
+
- kotlin
|
|
81
|
+
tools_defeated: Xposed EdXposed LSPosed
|
|
82
|
+
example_code: 'try { throw Exception() }\ncatch (e: Exception) {\n if (e.stackTrace.any { it.className.contains(''Xposed'') }) exitApp()\n}'
|
|
83
|
+
- id: RE-06
|
|
84
|
+
name: LSPosed Detection Missing
|
|
85
|
+
severity: HIGH
|
|
86
|
+
category: Android
|
|
87
|
+
description: App does not detect LSPosed specifically - new 2024
|
|
88
|
+
detection_pattern: (LSPosed|lsposed|io\\.github\\.lsposed)(?!.*detect)
|
|
89
|
+
fix_pattern: Detect LSPosed daemon and modules
|
|
90
|
+
languages:
|
|
91
|
+
- java
|
|
92
|
+
- kotlin
|
|
93
|
+
tools_defeated: LSPosed
|
|
94
|
+
example_code: // Check LSPosed daemon\nif (File('/data/adb/lspd').exists()) exitApp()
|
|
95
|
+
- id: RE-07
|
|
96
|
+
name: Play Integrity Missing
|
|
97
|
+
severity: CRITICAL
|
|
98
|
+
category: Android
|
|
99
|
+
description: App does not use Play Integrity API - replaced SafetyNet 2024
|
|
100
|
+
detection_pattern: (SafetyNet|safetynet)(?!.*playintegrity|PlayIntegrity)
|
|
101
|
+
fix_pattern: Migrate to Play Integrity API for device attestation
|
|
102
|
+
languages:
|
|
103
|
+
- java
|
|
104
|
+
- kotlin
|
|
105
|
+
tools_defeated: Magisk modules
|
|
106
|
+
example_code: // Play Integrity API (2024+)\nval integrityRequest = IntegrityManager.createRequest(nonce)\nintegrityManager.requestIntegrityToken(integrityRequest)
|
|
107
|
+
- id: RE-08
|
|
108
|
+
name: Debugger Detection Missing
|
|
109
|
+
severity: HIGH
|
|
110
|
+
category: Runtime
|
|
111
|
+
description: App does not detect attached debuggers
|
|
112
|
+
detection_pattern: (ptrace|isDebuggerPresent|PTRACE_TRACEME)(?!.*check)
|
|
113
|
+
fix_pattern: Implement anti-debugging with ptrace timing checks
|
|
114
|
+
languages:
|
|
115
|
+
- c
|
|
116
|
+
- cpp
|
|
117
|
+
- swift
|
|
118
|
+
- kotlin
|
|
119
|
+
tools_defeated: lldb gdb IDA
|
|
120
|
+
example_code: // iOS anti-debug\nBOOL isDebugged() {\n int name[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()};\n struct kinfo_proc info;\n return (info.kp_proc.p_flag & P_TRACED) != 0;\n}
|
|
121
|
+
- id: RE-09
|
|
122
|
+
name: Emulator Detection Missing
|
|
123
|
+
severity: HIGH
|
|
124
|
+
category: Mobile
|
|
125
|
+
description: App runs in emulators without restrictions
|
|
126
|
+
detection_pattern: (android_id|Build\\.MODEL|Build\\.FINGERPRINT)(?!.*emulator)
|
|
127
|
+
fix_pattern: Detect emulators via Build properties sensors performance
|
|
128
|
+
languages:
|
|
129
|
+
- java
|
|
130
|
+
- kotlin
|
|
131
|
+
tools_defeated: Genymotion Nox BlueStacks
|
|
132
|
+
example_code: 'fun isEmulator(): Boolean = Build.FINGERPRINT.startsWith(''generic'') ||\n Build.MODEL.contains(''Emulator'') || Build.MANUFACTURER.contains(''Genymotion'')'
|
|
133
|
+
- id: RE-10
|
|
134
|
+
name: String Encryption Missing
|
|
135
|
+
severity: MEDIUM
|
|
136
|
+
category: Static
|
|
137
|
+
description: Sensitive strings in plaintext including API keys
|
|
138
|
+
detection_pattern: (api.*key.*=.*['\]|password.*=.*['\"]|secret.*=.*['\"])"
|
|
139
|
+
fix_pattern: Encrypt strings at build time decrypt at runtime
|
|
140
|
+
languages: all
|
|
141
|
+
tools_defeated: strings grep
|
|
142
|
+
example_code: // BEFORE\nconst API_KEY = 'sk-1234'\n// AFTER\nconst API_KEY = decrypt(ENCRYPTED_KEY, getDeviceKey())
|
|
143
|
+
- id: RE-11
|
|
144
|
+
name: SSL Pinning Bypass Vulnerable
|
|
145
|
+
severity: CRITICAL
|
|
146
|
+
category: Network
|
|
147
|
+
description: Certificate pinning can be bypassed via hooking
|
|
148
|
+
detection_pattern: (TrustManager|HostnameVerifier|X509TrustManager)
|
|
149
|
+
fix_pattern: Move pinning logic to native code use multiple pins
|
|
150
|
+
languages:
|
|
151
|
+
- java
|
|
152
|
+
- kotlin
|
|
153
|
+
- swift
|
|
154
|
+
tools_defeated: SSLKillSwitch Frida
|
|
155
|
+
example_code: // Move to JNI/C++\nextern 'C' JNIEXPORT jboolean JNICALL\nJava_com_app_Security_verifyPin(JNIEnv*, jobject, jstring)
|
|
156
|
+
- id: RE-12
|
|
157
|
+
name: No Binary Integrity Check
|
|
158
|
+
severity: CRITICAL
|
|
159
|
+
category: Runtime
|
|
160
|
+
description: App does not verify its own binary integrity
|
|
161
|
+
detection_pattern: (checksum|hash|signature)(?!.*verify|integrity)
|
|
162
|
+
fix_pattern: Calculate and verify binary hash at runtime
|
|
163
|
+
languages: all
|
|
164
|
+
tools_defeated: Binary patching
|
|
165
|
+
example_code: // Verify APK signature at runtime\nval sig = packageManager.getPackageInfo(packageName, GET_SIGNATURES)\nif (!verifySignature(sig.signatures[0])) exitApp()
|
|
166
|
+
- id: RE-13
|
|
167
|
+
name: Weak Control Flow
|
|
168
|
+
severity: MEDIUM
|
|
169
|
+
category: Static
|
|
170
|
+
description: Linear control flow easy to follow in disassembler
|
|
171
|
+
detection_pattern: (if\\s*\\(|switch\\s*\\()(?!.*flatten)
|
|
172
|
+
fix_pattern: Use control flow flattening and opaque predicates
|
|
173
|
+
languages:
|
|
174
|
+
- c
|
|
175
|
+
- cpp
|
|
176
|
+
- rust
|
|
177
|
+
tools_defeated: IDA Ghidra
|
|
178
|
+
example_code: '// Flattened control flow\nint state = 0;\nwhile (true) {\n switch (state) {\n case 0: state = check() ? 1 : 2; break;\n }\n}'
|
|
179
|
+
- id: RE-14
|
|
180
|
+
name: Native Library Unprotected
|
|
181
|
+
severity: HIGH
|
|
182
|
+
category: Static
|
|
183
|
+
description: Native libraries without obfuscation or packing
|
|
184
|
+
detection_pattern: (\\.so|\\.dylib)(?!.*packed|protected)
|
|
185
|
+
fix_pattern: Apply native code protection OLLVM or commercial packers
|
|
186
|
+
languages:
|
|
187
|
+
- c
|
|
188
|
+
- cpp
|
|
189
|
+
tools_defeated: IDA Ghidra
|
|
190
|
+
example_code: // Use OLLVM obfuscation\n// -mllvm -fla -mllvm -bcf -mllvm -sub
|
|
191
|
+
- id: RE-15
|
|
192
|
+
name: Anti-Tampering Missing
|
|
193
|
+
severity: HIGH
|
|
194
|
+
category: Runtime
|
|
195
|
+
description: No runtime tampering detection for code or resources
|
|
196
|
+
detection_pattern: (?<!integrity|tamper).*check
|
|
197
|
+
fix_pattern: Implement runtime integrity checks for critical code
|
|
198
|
+
languages: all
|
|
199
|
+
tools_defeated: Hex editors
|
|
200
|
+
example_code: // Check code hash periodically\nif (computeHash(criticalFunction) !== EXPECTED_HASH) exitApp()
|
|
201
|
+
- id: RE-16
|
|
202
|
+
name: Screenshot Detection Missing
|
|
203
|
+
severity: MEDIUM
|
|
204
|
+
category: Mobile
|
|
205
|
+
description: App does not detect or prevent screenshots
|
|
206
|
+
detection_pattern: (FLAG_SECURE|userDidTakeScreenshot)(?!.*set)
|
|
207
|
+
fix_pattern: Set FLAG_SECURE or detect screenshot notifications
|
|
208
|
+
languages:
|
|
209
|
+
- java
|
|
210
|
+
- kotlin
|
|
211
|
+
- swift
|
|
212
|
+
tools_defeated: Screen capture
|
|
213
|
+
example_code: '// Android\nwindow.setFlags(FLAG_SECURE, FLAG_SECURE)\n// iOS: Observe UIApplicationUserDidTakeScreenshotNotification'
|
|
214
|
+
- id: RE-17
|
|
215
|
+
name: Screen Recording Detection Missing
|
|
216
|
+
severity: MEDIUM
|
|
217
|
+
category: Mobile
|
|
218
|
+
description: App does not detect screen recording
|
|
219
|
+
detection_pattern: (isCaptured|mediaProjection)(?!.*detect)
|
|
220
|
+
fix_pattern: Detect screen recording and blur sensitive content
|
|
221
|
+
languages:
|
|
222
|
+
- swift
|
|
223
|
+
- kotlin
|
|
224
|
+
tools_defeated: Screen recorder
|
|
225
|
+
example_code: // iOS\nif UIScreen.main.isCaptured { blurSensitiveContent() }
|
|
226
|
+
- id: RE-18
|
|
227
|
+
name: Memory Dump Protection Missing
|
|
228
|
+
severity: HIGH
|
|
229
|
+
category: Runtime
|
|
230
|
+
description: Sensitive data can be dumped from memory
|
|
231
|
+
detection_pattern: (malloc|new|alloc).*password|secret
|
|
232
|
+
fix_pattern: Zero sensitive data after use use secure memory
|
|
233
|
+
languages: all
|
|
234
|
+
tools_defeated: Frida memory dump
|
|
235
|
+
example_code: // Zero password after use\nmemset_s(password, sizeof(password), 0, sizeof(password));\nfree(password);
|
|
236
|
+
- id: RE-19
|
|
237
|
+
name: Hook Detection Missing
|
|
238
|
+
severity: HIGH
|
|
239
|
+
category: Runtime
|
|
240
|
+
description: App does not detect function hooking
|
|
241
|
+
detection_pattern: (hook|swizzle|replace)(?!.*detect)
|
|
242
|
+
fix_pattern: Detect hooks via code hash comparison inline checks
|
|
243
|
+
languages: all
|
|
244
|
+
tools_defeated: Frida Substrate
|
|
245
|
+
example_code: // Check PLT/GOT integrity\nif (checkFunctionIntegrity(criticalFunc) === false) exitApp()
|
|
246
|
+
- id: RE-20
|
|
247
|
+
name: Substrate Detection Missing
|
|
248
|
+
severity: HIGH
|
|
249
|
+
category: iOS
|
|
250
|
+
description: iOS app does not detect Substrate framework
|
|
251
|
+
detection_pattern: (substrate|MobileSubstrate|MSHookFunction)(?!.*detect)
|
|
252
|
+
fix_pattern: Detect Substrate presence and hooks
|
|
253
|
+
languages:
|
|
254
|
+
- swift
|
|
255
|
+
- objective-c
|
|
256
|
+
tools_defeated: Substrate Substitute
|
|
257
|
+
example_code: // Check for Substrate\nif (dlopen('/Library/MobileSubstrate', 0) != NULL) exitApp()
|
|
258
|
+
- id: RE-21
|
|
259
|
+
name: Clipboard Monitoring Missing
|
|
260
|
+
severity: MEDIUM
|
|
261
|
+
category: Mobile
|
|
262
|
+
description: App does not monitor clipboard for sensitive data theft
|
|
263
|
+
detection_pattern: (UIPasteboard|ClipboardManager)(?!.*monitor)
|
|
264
|
+
fix_pattern: Monitor clipboard changes clear sensitive data promptly
|
|
265
|
+
languages:
|
|
266
|
+
- swift
|
|
267
|
+
- kotlin
|
|
268
|
+
tools_defeated: Clipboard hijack
|
|
269
|
+
example_code: '// Clear sensitive clipboard after 30 seconds\nDispatchQueue.main.asyncAfter(deadline: .now() + 30) {\n UIPasteboard.general.string = ''''\n}'
|
|
270
|
+
- id: RE-22
|
|
271
|
+
name: Device Binding Missing
|
|
272
|
+
severity: MEDIUM
|
|
273
|
+
category: Mobile
|
|
274
|
+
description: App license not bound to device identifiers
|
|
275
|
+
detection_pattern: (device.*id|android_id|identifierForVendor)(?!.*license)
|
|
276
|
+
fix_pattern: Bind license to multiple device identifiers
|
|
277
|
+
languages:
|
|
278
|
+
- java
|
|
279
|
+
- kotlin
|
|
280
|
+
- swift
|
|
281
|
+
tools_defeated: License sharing
|
|
282
|
+
example_code: // Bind to hardware\nval deviceId = Settings.Secure.ANDROID_ID\nval license = generateLicense(userId, deviceId)
|
|
283
|
+
- id: RE-23
|
|
284
|
+
name: Time Bomb Detection
|
|
285
|
+
severity: MEDIUM
|
|
286
|
+
category: Static
|
|
287
|
+
description: App contains time-based license checks that can be bypassed
|
|
288
|
+
detection_pattern: (System\\.currentTimeMillis|Date\\.now|time\\(\\))(?!.*server)
|
|
289
|
+
fix_pattern: Use server-side time validation not device time
|
|
290
|
+
languages: all
|
|
291
|
+
tools_defeated: Time manipulation
|
|
292
|
+
example_code: // Use NTP server time\nval serverTime = fetchServerTime()\nif (serverTime > LICENSE_EXPIRY) exitApp()
|
|
293
|
+
- id: RE-24
|
|
294
|
+
name: Debug Build Detection
|
|
295
|
+
severity: LOW
|
|
296
|
+
category: Static
|
|
297
|
+
description: App does not detect if running as debug build
|
|
298
|
+
detection_pattern: (BuildConfig\\.DEBUG|DEBUG|NDEBUG)(?!.*check)
|
|
299
|
+
fix_pattern: Exit or limit functionality in debug builds
|
|
300
|
+
languages:
|
|
301
|
+
- java
|
|
302
|
+
- kotlin
|
|
303
|
+
- swift
|
|
304
|
+
tools_defeated: Debug mode
|
|
305
|
+
example_code: if (BuildConfig.DEBUG) {\n // Disable sensitive features in debug\n Log.w('Security', 'Debug build detected')\n}
|
|
306
|
+
- id: RE-25
|
|
307
|
+
name: ADB Detection Missing
|
|
308
|
+
severity: MEDIUM
|
|
309
|
+
category: Android
|
|
310
|
+
description: App does not detect ADB connection
|
|
311
|
+
detection_pattern: (adb|android_debug_bridge)(?!.*detect)
|
|
312
|
+
fix_pattern: Detect ADB connection and warn user
|
|
313
|
+
languages:
|
|
314
|
+
- java
|
|
315
|
+
- kotlin
|
|
316
|
+
tools_defeated: ADB shell
|
|
317
|
+
example_code: // Check ADB status\nval adb = Settings.Global.getString(contentResolver, 'adb_enabled')\nif (adb == '1') showWarning()
|
|
318
|
+
- id: RE-26
|
|
319
|
+
name: Developer Options Detection
|
|
320
|
+
severity: LOW
|
|
321
|
+
category: Android
|
|
322
|
+
description: App does not check for enabled developer options
|
|
323
|
+
detection_pattern: (development_settings_enabled)(?!.*check)
|
|
324
|
+
fix_pattern: Detect developer options and adjust security level
|
|
325
|
+
languages:
|
|
326
|
+
- java
|
|
327
|
+
- kotlin
|
|
328
|
+
tools_defeated: Developer menu
|
|
329
|
+
example_code: val devOpts = Settings.Secure.getInt(resolver, DEVELOPMENT_SETTINGS_ENABLED, 0)\nif (devOpts == 1) reduceSecurityLevel()
|
|
330
|
+
- id: RE-27
|
|
331
|
+
name: USB Debugging Detection
|
|
332
|
+
severity: MEDIUM
|
|
333
|
+
category: Android
|
|
334
|
+
description: App does not detect USB debugging enabled
|
|
335
|
+
detection_pattern: (usb_debug|adb_enabled)(?!.*detect)
|
|
336
|
+
fix_pattern: Detect USB debugging and warn for sensitive operations
|
|
337
|
+
languages:
|
|
338
|
+
- java
|
|
339
|
+
- kotlin
|
|
340
|
+
tools_defeated: USB debugging
|
|
341
|
+
example_code: val usbDebug = Settings.Global.getInt(resolver, ADB_ENABLED, 0)\nif (usbDebug == 1) showSecurityWarning()
|
|
342
|
+
- id: RE-28
|
|
343
|
+
name: Proxy Detection Missing
|
|
344
|
+
severity: HIGH
|
|
345
|
+
category: Network
|
|
346
|
+
description: App does not detect proxy interception
|
|
347
|
+
detection_pattern: (proxy|System\\.getProperty.*http)(?!.*detect)
|
|
348
|
+
fix_pattern: Detect proxy and certificate changes
|
|
349
|
+
languages:
|
|
350
|
+
- java
|
|
351
|
+
- kotlin
|
|
352
|
+
- swift
|
|
353
|
+
tools_defeated: Charles Burp
|
|
354
|
+
example_code: // Detect proxy\nval proxy = System.getProperty('http.proxyHost')\nif (proxy != null && !TRUSTED_PROXIES.contains(proxy)) warn()
|
|
355
|
+
- id: RE-29
|
|
356
|
+
name: VPN Detection Missing
|
|
357
|
+
severity: MEDIUM
|
|
358
|
+
category: Network
|
|
359
|
+
description: App does not detect VPN connections
|
|
360
|
+
detection_pattern: (VpnService|NetworkCapabilities\\.TRANSPORT_VPN)(?!.*detect)
|
|
361
|
+
fix_pattern: Detect VPN and adjust behavior if needed
|
|
362
|
+
languages:
|
|
363
|
+
- java
|
|
364
|
+
- kotlin
|
|
365
|
+
tools_defeated: VPN tunneling
|
|
366
|
+
example_code: // Check for VPN\nval cm = getSystemService(CONNECTIVITY_SERVICE) as ConnectivityManager\nval vpn = cm.allNetworks.any { it.hasTransport(TRANSPORT_VPN) }
|
|
367
|
+
- id: RE-30
|
|
368
|
+
name: SafetyNet Deprecated
|
|
369
|
+
severity: HIGH
|
|
370
|
+
category: Android
|
|
371
|
+
description: App still uses deprecated SafetyNet instead of Play Integrity
|
|
372
|
+
detection_pattern: SafetyNet(?!.*deprecated)|safetynetapi
|
|
373
|
+
fix_pattern: Migrate to Play Integrity API - SafetyNet sunset 2024
|
|
374
|
+
languages:
|
|
375
|
+
- java
|
|
376
|
+
- kotlin
|
|
377
|
+
tools_defeated: SafetyNet bypass
|
|
378
|
+
example_code: '// DEPRECATED: SafetyNet\n// MIGRATE TO:\nimport com.google.android.play.core.integrity.*'
|
|
379
|
+
- id: RE-31
|
|
380
|
+
name: r2frida Memory Analysis
|
|
381
|
+
severity: CRITICAL
|
|
382
|
+
category: Runtime
|
|
383
|
+
description: r2frida allows radare2 to analyze live process memory
|
|
384
|
+
detection_pattern: (r2frida|frida:\/\/|radare2.*attach)(?!.*detect)
|
|
385
|
+
fix_pattern: Detect radare2 process names and r2frida ports
|
|
386
|
+
languages: all
|
|
387
|
+
tools_defeated: r2frida
|
|
388
|
+
example_code: // Detect r2frida\nif (isPortOpen(27042) || isPortOpen(27045)) exitApp();\n// Check for r2 process
|
|
389
|
+
- id: RE-32
|
|
390
|
+
name: Objection Automation
|
|
391
|
+
severity: CRITICAL
|
|
392
|
+
category: Mobile
|
|
393
|
+
description: Objection automates Frida bypass of common protections
|
|
394
|
+
detection_pattern: (objection|explore.*frida)(?!.*multi.*check)
|
|
395
|
+
fix_pattern: Use layered detection not single check points
|
|
396
|
+
languages:
|
|
397
|
+
- java
|
|
398
|
+
- kotlin
|
|
399
|
+
- swift
|
|
400
|
+
tools_defeated: Objection
|
|
401
|
+
example_code: // Objection automates:\n// - SSL pinning bypass\n// - Root detection bypass\n// Use multiple detection methods
|
|
402
|
+
- id: RE-33
|
|
403
|
+
name: Source Map Exposure
|
|
404
|
+
severity: HIGH
|
|
405
|
+
category: Web
|
|
406
|
+
description: JavaScript source maps expose original code
|
|
407
|
+
detection_pattern: (\\.map|sourceMappingURL)(?!.*production.*false)
|
|
408
|
+
fix_pattern: Remove source maps in production builds
|
|
409
|
+
languages:
|
|
410
|
+
- javascript
|
|
411
|
+
- typescript
|
|
412
|
+
tools_defeated: Chrome DevTools
|
|
413
|
+
example_code: '// BAD: Deployed with .map\n// GOOD: Remove in production build'
|
|
414
|
+
- id: RE-34
|
|
415
|
+
name: DevTools Detection Bypass
|
|
416
|
+
severity: MEDIUM
|
|
417
|
+
category: Web
|
|
418
|
+
description: DevTools detection easily bypassed
|
|
419
|
+
detection_pattern: devtools.*detect(?!.*multiple)
|
|
420
|
+
fix_pattern: Use multiple detection methods including performance timing
|
|
421
|
+
languages:
|
|
422
|
+
- javascript
|
|
423
|
+
- typescript
|
|
424
|
+
tools_defeated: Chrome DevTools
|
|
425
|
+
example_code: '// Weak detection\nif (window.outerHeight - window.innerHeight > 200)\n// Better: timing attacks firebug detection'
|
|
426
|
+
- id: RE-35
|
|
427
|
+
name: APK Smali Patching
|
|
428
|
+
severity: HIGH
|
|
429
|
+
category: Android
|
|
430
|
+
description: APK can be decompiled modified and rebuilt
|
|
431
|
+
detection_pattern: classes\\.dex(?!.*signature.*check)
|
|
432
|
+
fix_pattern: Verify APK signature at runtime detect tampering
|
|
433
|
+
languages:
|
|
434
|
+
- java
|
|
435
|
+
- kotlin
|
|
436
|
+
tools_defeated: apktool smali
|
|
437
|
+
example_code: // Check APK signature hash at runtime\nif (getApkHash() != EXPECTED_HASH) exitApp();
|
|
438
|
+
- id: RE-36
|
|
439
|
+
name: IDA Analysis Protection
|
|
440
|
+
severity: MEDIUM
|
|
441
|
+
category: Static
|
|
442
|
+
description: Binary contains helpful debug info for IDA analysis
|
|
443
|
+
detection_pattern: (DWARF|.debug_info|symbol.*table)(?!.*strip)
|
|
444
|
+
fix_pattern: Strip debug symbols use anti-disassembly tricks
|
|
445
|
+
languages:
|
|
446
|
+
- c
|
|
447
|
+
- cpp
|
|
448
|
+
- rust
|
|
449
|
+
tools_defeated: IDA Pro Ghidra
|
|
450
|
+
example_code: '// Strip symbols: gcc -s binary\n// Use anti-disassembly: junk bytes overlapping code'
|
|
451
|
+
- id: RE-37
|
|
452
|
+
name: Binary Ninja HLIL
|
|
453
|
+
severity: MEDIUM
|
|
454
|
+
category: Static
|
|
455
|
+
description: Clean decompilation shows high-level logic
|
|
456
|
+
detection_pattern: (function|class).*logic(?!.*obfuscate)
|
|
457
|
+
fix_pattern: Use control flow flattening and MBA obfuscation
|
|
458
|
+
languages:
|
|
459
|
+
- c
|
|
460
|
+
- cpp
|
|
461
|
+
- rust
|
|
462
|
+
tools_defeated: Binary Ninja
|
|
463
|
+
example_code: '// Apply MBA: a = a + b - b + 0 * random\n// Use switch dispatch for control flow'
|
|
464
|
+
- id: RE-38
|
|
465
|
+
name: Ghidra Decompiler
|
|
466
|
+
severity: MEDIUM
|
|
467
|
+
category: Static
|
|
468
|
+
description: Ghidra provides free decompilation quality
|
|
469
|
+
detection_pattern: (ELF|PE|Mach-O)(?!.*obfuscated|packed)
|
|
470
|
+
fix_pattern: Apply commercial-grade obfuscation or packing
|
|
471
|
+
languages:
|
|
472
|
+
- c
|
|
473
|
+
- cpp
|
|
474
|
+
- rust
|
|
475
|
+
- go
|
|
476
|
+
tools_defeated: Ghidra 11.x
|
|
477
|
+
example_code: // Pack with Themida/VMProtect\n// Or use Obfuscator-LLVM
|
|
478
|
+
- id: RE-39
|
|
479
|
+
name: Dynamic Instrumentation
|
|
480
|
+
severity: HIGH
|
|
481
|
+
category: Runtime
|
|
482
|
+
description: Process can be instrumented with DynamoRIO/Pin
|
|
483
|
+
detection_pattern: (DynamoRIO|Pin|Valgrind)(?!.*detect)
|
|
484
|
+
fix_pattern: Detect instrumentation frameworks via timing checks
|
|
485
|
+
languages: all
|
|
486
|
+
tools_defeated: DynamoRIO Intel Pin
|
|
487
|
+
example_code: // Check execution timing\n// Instrumented code runs 100x slower
|
|
488
|
+
- id: RE-40
|
|
489
|
+
name: Network Traffic Analysis
|
|
490
|
+
severity: HIGH
|
|
491
|
+
category: Network
|
|
492
|
+
description: Network traffic reveals API structure and logic
|
|
493
|
+
detection_pattern: (REST|GraphQL|WebSocket)(?!.*encrypt.*payload)
|
|
494
|
+
fix_pattern: Use certificate pinning and encrypt sensitive payloads
|
|
495
|
+
languages: all
|
|
496
|
+
tools_defeated: Wireshark mitmproxy
|
|
497
|
+
example_code: // Pin certificates\n// Encrypt request/response payloads
|