@nockdev/awf 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/build.yaml +178 -0
- package/.agent/config.yaml +235 -0
- package/.agent/core/ACTIVE_MEMORY.yaml +344 -0
- package/.agent/core/ARCH_REGISTRY.yaml +252 -0
- package/.agent/core/AUDIT_POLICY.md +68 -0
- package/.agent/core/BRANDING.yaml +185 -0
- package/.agent/core/CACHE.md +59 -0
- package/.agent/core/CHECKPOINT.yaml +153 -0
- package/.agent/core/CLEANUP_ENGINE.yaml +326 -0
- package/.agent/core/CODING_STYLES.yaml +346 -0
- package/.agent/core/COMMANDS.md +93 -0
- package/.agent/core/CONTEXT_INJECTOR.yaml +325 -0
- package/.agent/core/CONTEXT_LOADER.yaml +323 -0
- package/.agent/core/CONTEXT_OPTIMIZATION.yaml +286 -0
- package/.agent/core/CONTEXT_PRIORITY.yaml +357 -0
- package/.agent/core/CUSTOMIZE.md +138 -0
- package/.agent/core/DATA_SAFETY.md +92 -0
- package/.agent/core/FLOW_ENGINE.yaml +300 -0
- package/.agent/core/GRAPH_MEMORY.yaml +420 -0
- package/.agent/core/HSA.yaml +357 -0
- package/.agent/core/HYBRID_ROUTER.yaml +346 -0
- package/.agent/core/INTENT_DETECTION.yaml +384 -0
- package/.agent/core/LIBRARY_REGISTRY.yaml +401 -0
- package/.agent/core/MCP_TOOLS.yaml +414 -0
- package/.agent/core/MEMORY_CONSOLIDATION.yaml +352 -0
- package/.agent/core/MEMORY_ENGINE.yaml +353 -0
- package/.agent/core/MEMORY_PATHS.yaml +79 -0
- package/.agent/core/MEMORY_UTILS.yaml +212 -0
- package/.agent/core/PATTERNS.yaml +319 -0
- package/.agent/core/PERMISSIONS.md +100 -0
- package/.agent/core/README.md +91 -0
- package/.agent/core/REFLECTION_ENGINE.yaml +348 -0
- package/.agent/core/ROUTER.yaml +424 -0
- package/.agent/core/SCORING_FORMULA.yaml +103 -0
- package/.agent/core/SEMANTIC_ENGINE.yaml +162 -0
- package/.agent/core/SKILLS_FLOW.yaml +341 -0
- package/.agent/core/SKILL_SCHEMA.yaml +266 -0
- package/.agent/core/STATE_MACHINE.yaml +409 -0
- package/.agent/core/SUMMARIZATION_ENGINE.yaml +258 -0
- package/.agent/core/TEMPLATES.yaml +364 -0
- package/.agent/core/TOKEN_BUDGETS.yaml +157 -0
- package/.agent/core/TOKEN_LOADING.yaml +197 -0
- package/.agent/core/TOKEN_SUMMARY.yaml +121 -0
- package/.agent/core/VERSION.yaml +240 -0
- package/.agent/core/embeddings.json +2004 -0
- package/.agent/core/session_cache.json +50 -0
- package/.agent/i18n/README.md +30 -0
- package/.agent/i18n/en.yaml +302 -0
- package/.agent/i18n/vi.yaml +302 -0
- package/.agent/ide/README.md +47 -0
- package/.agent/ide/amazonq.json +35 -0
- package/.agent/ide/amp.json +35 -0
- package/.agent/ide/antigravity.json +47 -0
- package/.agent/ide/augment.json +35 -0
- package/.agent/ide/claude.json +42 -0
- package/.agent/ide/cline.json +34 -0
- package/.agent/ide/codex.json +37 -0
- package/.agent/ide/cody.json +35 -0
- package/.agent/ide/continue.json +35 -0
- package/.agent/ide/cursor.json +42 -0
- package/.agent/ide/gemini.json +46 -0
- package/.agent/ide/jetbrains.json +35 -0
- package/.agent/ide/kiro.json +35 -0
- package/.agent/ide/opencode.json +35 -0
- package/.agent/ide/roo.json +35 -0
- package/.agent/ide/tabnine.json +35 -0
- package/.agent/ide/trae.json +35 -0
- package/.agent/ide/vscode.json +34 -0
- package/.agent/ide/windsurf.json +56 -0
- package/.agent/ide/zed.json +36 -0
- package/.agent/manifest.yaml +416 -0
- package/.agent/memory/README.md +148 -0
- package/.agent/memory/active_memories.json +35 -0
- package/.agent/memory/archive/.gitkeep +0 -0
- package/.agent/memory/audit_summary.json +58 -0
- package/.agent/memory/cleanup_log.json +34 -0
- package/.agent/memory/consolidated.md +75 -0
- package/.agent/memory/core_memory/persona.json +30 -0
- package/.agent/memory/core_memory/project.json +25 -0
- package/.agent/memory/core_memory/rules.json +29 -0
- package/.agent/memory/core_memory/user.json +24 -0
- package/.agent/memory/decisions.md +40 -0
- package/.agent/memory/graph/knowledge_graph.json +12 -0
- package/.agent/memory/insights.md +52 -0
- package/.agent/memory/metrics.json +48 -0
- package/.agent/memory/patterns/errors.json +11 -0
- package/.agent/memory/patterns/successes.json +10 -0
- package/.agent/memory/session.md +64 -0
- package/.agent/memory/session_rules.json +19 -0
- package/.agent/memory/state.json +81 -0
- package/.agent/memory/vectors/README.md +129 -0
- package/.agent/personas/README.md +180 -0
- package/.agent/personas/architect.md +186 -0
- package/.agent/personas/auditor.md +222 -0
- package/.agent/personas/debugger.md +210 -0
- package/.agent/personas/developer.md +183 -0
- package/.agent/personas/devops.md +268 -0
- package/.agent/personas/documenter.md +262 -0
- package/.agent/personas/orchestrator.md +240 -0
- package/.agent/personas/persona.schema.yaml +209 -0
- package/.agent/personas/planner.md +171 -0
- package/.agent/personas/researcher.md +194 -0
- package/.agent/personas/security.md +212 -0
- package/.agent/personas/tester.md +247 -0
- package/.agent/rules/README.md +231 -0
- package/.agent/rules/SACRED_RULES.xml +142 -0
- package/.agent/rules/constitutional/tier-0-core.yaml +182 -0
- package/.agent/rules/constitutional/tier-1-safety.yaml +272 -0
- package/.agent/rules/constitutional/tier-2-execution.yaml +294 -0
- package/.agent/rules/data/build-systems.yaml +126 -0
- package/.agent/rules/data/quality-standards.json +59 -0
- package/.agent/rules/duplication-prevention.md +138 -0
- package/.agent/rules/incremental-changes.md +146 -0
- package/.agent/rules/modules/context-management.yaml +158 -0
- package/.agent/rules/modules/edit-verification.yaml +197 -0
- package/.agent/rules/modules/evidence.yaml +185 -0
- package/.agent/rules/modules/git-workflow.yaml +165 -0
- package/.agent/rules/modules/language.yaml +155 -0
- package/.agent/rules/modules/online-research.yaml +192 -0
- package/.agent/rules/modules/quality.yaml +185 -0
- package/.agent/rules/modules/reflection.yaml +209 -0
- package/.agent/rules/modules/stop-conditions.yaml +196 -0
- package/.agent/rules/modules/terminal-safety.yaml +229 -0
- package/.agent/rules/modules/versioning.yaml +97 -0
- package/.agent/rules/modules/yagni.yaml +167 -0
- package/.agent/rules/project-detection.md +317 -0
- package/.agent/rules/prompt-injection-guard.md +260 -0
- package/.agent/rules/shell-commands.md +210 -0
- package/.agent/rules/validation-framework.md +189 -0
- package/.agent/skills/DEVELOPMENT.yaml +226 -0
- package/.agent/skills/README.md +69 -0
- package/.agent/skills/_categories.yaml +145 -0
- package/.agent/skills/_router.yaml +232 -0
- package/.agent/skills/core/_index.yaml +12 -0
- package/.agent/skills/core/api-design/META.yaml +64 -0
- package/.agent/skills/core/api-design/SKILL.md +169 -0
- package/.agent/skills/core/api-design/data/api-versioning.yaml +217 -0
- package/.agent/skills/core/api-design/data/error-responses.yaml +135 -0
- package/.agent/skills/core/api-design/data/graphql-patterns.yaml +165 -0
- package/.agent/skills/core/api-design/data/grpc-patterns.yaml +165 -0
- package/.agent/skills/core/api-design/data/http-status-codes.yaml +176 -0
- package/.agent/skills/core/api-design/data/pagination.yaml +121 -0
- package/.agent/skills/core/api-design/data/rate-limiting.yaml +135 -0
- package/.agent/skills/core/api-design/data/rest-patterns.yaml +195 -0
- package/.agent/skills/core/api-design/data/test-apis.yaml +217 -0
- package/.agent/skills/core/authentication/META.yaml +73 -0
- package/.agent/skills/core/authentication/SKILL.md +166 -0
- package/.agent/skills/core/authentication/data/anti-patterns.yaml +135 -0
- package/.agent/skills/core/authentication/data/core-patterns.yaml +256 -0
- package/.agent/skills/core/authentication/data/jwt-patterns.yaml +255 -0
- package/.agent/skills/core/authentication/data/language-csharp.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-go.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-java.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-mobile.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-python.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-rust.yaml +215 -0
- package/.agent/skills/core/authentication/data/language-typescript.yaml +215 -0
- package/.agent/skills/core/authentication/data/mfa-patterns.yaml +175 -0
- package/.agent/skills/core/authentication/data/oauth-patterns.yaml +255 -0
- package/.agent/skills/core/authentication/data/oauth.yaml +248 -0
- package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +215 -0
- package/.agent/skills/core/authentication/data/passkeys.yaml +208 -0
- package/.agent/skills/core/authentication/data/password-patterns.yaml +175 -0
- package/.agent/skills/core/authentication/data/password.yaml +168 -0
- package/.agent/skills/core/authentication/data/session-patterns.yaml +215 -0
- package/.agent/skills/core/error-handling/META.yaml +71 -0
- package/.agent/skills/core/error-handling/SKILL.md +156 -0
- package/.agent/skills/core/error-handling/data/anti-patterns.yaml +105 -0
- package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +135 -0
- package/.agent/skills/core/error-handling/data/core-patterns.yaml +226 -0
- package/.agent/skills/core/error-handling/data/error-codes.yaml +165 -0
- package/.agent/skills/core/error-handling/data/error-messages.yaml +165 -0
- package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-go-rust.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-python-java.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +226 -0
- package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +226 -0
- package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +191 -0
- package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +135 -0
- package/.agent/skills/core/logging/META.yaml +73 -0
- package/.agent/skills/core/logging/SKILL.md +184 -0
- package/.agent/skills/core/logging/data/aggregation-patterns.yaml +191 -0
- package/.agent/skills/core/logging/data/anti-patterns.yaml +121 -0
- package/.agent/skills/core/logging/data/core-patterns.yaml +226 -0
- package/.agent/skills/core/logging/data/language-csharp.yaml +191 -0
- package/.agent/skills/core/logging/data/language-go.yaml +191 -0
- package/.agent/skills/core/logging/data/language-java.yaml +191 -0
- package/.agent/skills/core/logging/data/language-kotlin.yaml +156 -0
- package/.agent/skills/core/logging/data/language-others.yaml +184 -0
- package/.agent/skills/core/logging/data/language-python.yaml +191 -0
- package/.agent/skills/core/logging/data/language-rust.yaml +191 -0
- package/.agent/skills/core/logging/data/language-swift.yaml +156 -0
- package/.agent/skills/core/logging/data/language-typescript.yaml +191 -0
- package/.agent/skills/core/logging/data/otel-logging.yaml +156 -0
- package/.agent/skills/core/observability/META.yaml +76 -0
- package/.agent/skills/core/observability/SKILL.md +153 -0
- package/.agent/skills/core/observability/data/alerting-patterns.yaml +165 -0
- package/.agent/skills/core/observability/data/anti-patterns.yaml +105 -0
- package/.agent/skills/core/observability/data/core-patterns.yaml +195 -0
- package/.agent/skills/core/observability/data/language-cpp.yaml +165 -0
- package/.agent/skills/core/observability/data/language-csharp.yaml +165 -0
- package/.agent/skills/core/observability/data/language-go.yaml +165 -0
- package/.agent/skills/core/observability/data/language-java.yaml +165 -0
- package/.agent/skills/core/observability/data/language-others.yaml +255 -0
- package/.agent/skills/core/observability/data/language-python.yaml +165 -0
- package/.agent/skills/core/observability/data/language-rust.yaml +165 -0
- package/.agent/skills/core/observability/data/language-typescript.yaml +165 -0
- package/.agent/skills/core/observability/data/metrics-patterns.yaml +135 -0
- package/.agent/skills/core/observability/data/metrics-prometheus.yaml +165 -0
- package/.agent/skills/core/observability/data/otel-core.yaml +195 -0
- package/.agent/skills/core/observability/data/profiling-patterns.yaml +135 -0
- package/.agent/skills/core/observability/data/tracing-patterns.yaml +165 -0
- package/.agent/skills/core/observability/data/tracing-tools.yaml +135 -0
- package/.agent/skills/core/security/ADVANCED.md +269 -0
- package/.agent/skills/core/security/META.yaml +97 -0
- package/.agent/skills/core/security/SKILL.md +234 -0
- package/.agent/skills/core/security/data/ai-ml-security.yaml +261 -0
- package/.agent/skills/core/security/data/api-security.yaml +230 -0
- package/.agent/skills/core/security/data/auth-patterns.yaml +195 -0
- package/.agent/skills/core/security/data/binary-exploitation.yaml +339 -0
- package/.agent/skills/core/security/data/cloud-security.yaml +269 -0
- package/.agent/skills/core/security/data/cwe-top25.yaml +415 -0
- package/.agent/skills/core/security/data/language-specific/c-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/go-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/java-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/php-security.yaml +219 -0
- package/.agent/skills/core/security/data/language-specific/python-security.yaml +295 -0
- package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/rust-security.yaml +240 -0
- package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +369 -0
- package/.agent/skills/core/security/data/language-specific/swift-security.yaml +198 -0
- package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +295 -0
- package/.agent/skills/core/security/data/mobile-security.yaml +369 -0
- package/.agent/skills/core/security/data/network-security.yaml +297 -0
- package/.agent/skills/core/security/data/owasp-top10.yaml +171 -0
- package/.agent/skills/core/security/data/reverse-engineering.yaml +497 -0
- package/.agent/skills/core/security/data/supply-chain.yaml +219 -0
- package/.agent/skills/cross-cutting/_index.yaml +15 -0
- package/.agent/skills/cross-cutting/audit-pro/META.yaml +43 -0
- package/.agent/skills/cross-cutting/audit-pro/data/checklists.yaml +644 -0
- package/.agent/skills/cross-cutting/audit-pro/data/scoring.yaml +101 -0
- package/.agent/skills/cross-cutting/aws/META.yaml +75 -0
- package/.agent/skills/cross-cutting/aws/data/ai_ml.yaml +194 -0
- package/.agent/skills/cross-cutting/aws/data/compute.yaml +191 -0
- package/.agent/skills/cross-cutting/aws/data/kubernetes.yaml +199 -0
- package/.agent/skills/cross-cutting/aws/data/storage.yaml +174 -0
- package/.agent/skills/cross-cutting/bun/META.yaml +58 -0
- package/.agent/skills/cross-cutting/bun/SKILL.md +357 -0
- package/.agent/skills/cross-cutting/bun/data/database.yaml +85 -0
- package/.agent/skills/cross-cutting/bun/data/runtime.yaml +170 -0
- package/.agent/skills/cross-cutting/bun/data/tooling.yaml +192 -0
- package/.agent/skills/cross-cutting/ci-cd/META.yaml +60 -0
- package/.agent/skills/cross-cutting/ci-cd/data/github_actions.yaml +248 -0
- package/.agent/skills/cross-cutting/ci-cd/data/security.yaml +211 -0
- package/.agent/skills/cross-cutting/coding-rules/META.yaml +61 -0
- package/.agent/skills/cross-cutting/coding-rules/SKILL.md +171 -0
- package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +96 -0
- package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +346 -0
- package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +647 -0
- package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +108 -0
- package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +260 -0
- package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +344 -0
- package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +108 -0
- package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +320 -0
- package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +164 -0
- package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +80 -0
- package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +183 -0
- package/.agent/skills/cross-cutting/database/ADVANCED.md +465 -0
- package/.agent/skills/cross-cutting/database/META.yaml +22 -0
- package/.agent/skills/cross-cutting/database/SKILL.md +816 -0
- package/.agent/skills/cross-cutting/database/data/anti_patterns.yaml +116 -0
- package/.agent/skills/cross-cutting/database/data/distributed.yaml +152 -0
- package/.agent/skills/cross-cutting/database/data/mongodb.yaml +132 -0
- package/.agent/skills/cross-cutting/database/data/mysql.yaml +130 -0
- package/.agent/skills/cross-cutting/database/data/orm.yaml +104 -0
- package/.agent/skills/cross-cutting/database/data/postgresql.yaml +170 -0
- package/.agent/skills/cross-cutting/database/data/redis.yaml +129 -0
- package/.agent/skills/cross-cutting/deno/META.yaml +68 -0
- package/.agent/skills/cross-cutting/deno/SKILL.md +343 -0
- package/.agent/skills/cross-cutting/deno/data/runtime.yaml +260 -0
- package/.agent/skills/cross-cutting/deno/data/security.yaml +168 -0
- package/.agent/skills/cross-cutting/deno/data/tooling.yaml +133 -0
- package/.agent/skills/cross-cutting/docker/META.yaml +65 -0
- package/.agent/skills/cross-cutting/docker/data/build.yaml +197 -0
- package/.agent/skills/cross-cutting/docker/data/compose.yaml +229 -0
- package/.agent/skills/cross-cutting/docker/data/security.yaml +164 -0
- package/.agent/skills/cross-cutting/electron/META.yaml +174 -0
- package/.agent/skills/cross-cutting/electron/SKILL.md +862 -0
- package/.agent/skills/cross-cutting/electron/data/build.yaml +105 -0
- package/.agent/skills/cross-cutting/electron/data/crash.yaml +103 -0
- package/.agent/skills/cross-cutting/electron/data/ipc.yaml +85 -0
- package/.agent/skills/cross-cutting/electron/data/native.yaml +157 -0
- package/.agent/skills/cross-cutting/electron/data/security.yaml +89 -0
- package/.agent/skills/cross-cutting/electron/data/storage.yaml +100 -0
- package/.agent/skills/cross-cutting/electron/data/testing.yaml +103 -0
- package/.agent/skills/cross-cutting/electron/data/updates.yaml +99 -0
- package/.agent/skills/cross-cutting/electron/data/window.yaml +83 -0
- package/.agent/skills/cross-cutting/kubernetes/META.yaml +70 -0
- package/.agent/skills/cross-cutting/kubernetes/data/networking.yaml +270 -0
- package/.agent/skills/cross-cutting/kubernetes/data/scheduling.yaml +267 -0
- package/.agent/skills/cross-cutting/kubernetes/data/security.yaml +253 -0
- package/.agent/skills/cross-cutting/kubernetes/data/workloads.yaml +251 -0
- package/.agent/skills/cross-cutting/sql/META.yaml +88 -0
- package/.agent/skills/cross-cutting/sql/SKILL.md +296 -0
- package/.agent/skills/cross-cutting/sql/data/indexing.yaml +147 -0
- package/.agent/skills/cross-cutting/sql/data/json.yaml +156 -0
- package/.agent/skills/cross-cutting/sql/data/performance.yaml +204 -0
- package/.agent/skills/cross-cutting/sql/data/queries.yaml +150 -0
- package/.agent/skills/cross-cutting/tailwind/META.yaml +72 -0
- package/.agent/skills/cross-cutting/tailwind/SKILL.md +344 -0
- package/.agent/skills/cross-cutting/tailwind/data/build.yaml +143 -0
- package/.agent/skills/cross-cutting/tailwind/data/config.yaml +109 -0
- package/.agent/skills/cross-cutting/tailwind/data/migration.yaml +149 -0
- package/.agent/skills/cross-cutting/tailwind/data/responsive.yaml +148 -0
- package/.agent/skills/cross-cutting/tailwind/data/states.yaml +152 -0
- package/.agent/skills/cross-cutting/tailwind/data/theme.yaml +126 -0
- package/.agent/skills/cross-cutting/tailwind/data/utilities.yaml +182 -0
- package/.agent/skills/cross-cutting/tailwind/data/variants.yaml +154 -0
- package/.agent/skills/cross-cutting/testing/ADVANCED.md +245 -0
- package/.agent/skills/cross-cutting/testing/META.yaml +49 -0
- package/.agent/skills/cross-cutting/testing/SKILL.md +263 -0
- package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +300 -0
- package/.agent/skills/cross-cutting/testing/data/patterns.yaml +168 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/META.yaml +108 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +565 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +331 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +1226 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +287 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +318 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +525 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +232 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +140 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-colors.yaml +467 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +75 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +918 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +107 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +372 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +195 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +177 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +1339 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +180 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +504 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +228 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +508 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +543 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +515 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +519 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +599 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +496 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +526 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +616 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +520 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +486 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +485 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +1473 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +647 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +1019 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +1009 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +347 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +393 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +303 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +496 -0
- package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +76 -0
- package/.agent/skills/cross-cutting/web-perf/META.yaml +92 -0
- package/.agent/skills/cross-cutting/web-perf/SKILL.md +181 -0
- package/.agent/skills/cross-cutting/web-perf/data/cls_optimization.yaml +189 -0
- package/.agent/skills/cross-cutting/web-perf/data/core_web_vitals.yaml +282 -0
- package/.agent/skills/cross-cutting/web-perf/data/inp_optimization.yaml +240 -0
- package/.agent/skills/cross-cutting/web-perf/data/lcp_optimization.yaml +202 -0
- package/.agent/skills/cross-cutting/web-perf/data/measurement.yaml +170 -0
- package/.agent/skills/devops/_index.yaml +9 -0
- package/.agent/skills/devops/aws/ADVANCED.md +547 -0
- package/.agent/skills/devops/aws/META.yaml +84 -0
- package/.agent/skills/devops/aws/SKILL.md +711 -0
- package/.agent/skills/devops/ci-cd/ADVANCED.md +529 -0
- package/.agent/skills/devops/ci-cd/META.yaml +21 -0
- package/.agent/skills/devops/ci-cd/SKILL.md +821 -0
- package/.agent/skills/devops/docker/ADVANCED.md +495 -0
- package/.agent/skills/devops/docker/META.yaml +20 -0
- package/.agent/skills/devops/docker/SKILL.md +653 -0
- package/.agent/skills/devops/kubernetes/ADVANCED.md +252 -0
- package/.agent/skills/devops/kubernetes/META.yaml +15 -0
- package/.agent/skills/devops/kubernetes/SKILL.md +621 -0
- package/.agent/skills/frameworks/_index.yaml +13 -0
- package/.agent/skills/frameworks/angular/META.yaml +70 -0
- package/.agent/skills/frameworks/angular/SKILL.md +319 -0
- package/.agent/skills/frameworks/angular/data/core.yaml +209 -0
- package/.agent/skills/frameworks/angular/data/performance.yaml +210 -0
- package/.agent/skills/frameworks/angular/data/server.yaml +175 -0
- package/.agent/skills/frameworks/flutter/ADVANCED.md +491 -0
- package/.agent/skills/frameworks/flutter/META.yaml +64 -0
- package/.agent/skills/frameworks/flutter/SKILL.md +541 -0
- package/.agent/skills/frameworks/flutter/data/core.yaml +210 -0
- package/.agent/skills/frameworks/flutter/data/platform.yaml +246 -0
- package/.agent/skills/frameworks/flutter/data/state.yaml +250 -0
- package/.agent/skills/frameworks/nextjs/ADVANCED.md +225 -0
- package/.agent/skills/frameworks/nextjs/META.yaml +67 -0
- package/.agent/skills/frameworks/nextjs/SKILL.md +593 -0
- package/.agent/skills/frameworks/nextjs/data/caching.yaml +210 -0
- package/.agent/skills/frameworks/nextjs/data/core.yaml +255 -0
- package/.agent/skills/frameworks/nextjs/data/server.yaml +248 -0
- package/.agent/skills/frameworks/nuxt/META.yaml +57 -0
- package/.agent/skills/frameworks/nuxt/SKILL.md +283 -0
- package/.agent/skills/frameworks/nuxt/data/core.yaml +309 -0
- package/.agent/skills/frameworks/nuxt/data/server.yaml +271 -0
- package/.agent/skills/frameworks/react/ADVANCED.md +676 -0
- package/.agent/skills/frameworks/react/META.yaml +60 -0
- package/.agent/skills/frameworks/react/SKILL.md +263 -0
- package/.agent/skills/frameworks/react/data/core.yaml +278 -0
- package/.agent/skills/frameworks/react/data/server.yaml +283 -0
- package/.agent/skills/frameworks/react-native/META.yaml +59 -0
- package/.agent/skills/frameworks/react-native/SKILL.md +301 -0
- package/.agent/skills/frameworks/react-native/data/core.yaml +260 -0
- package/.agent/skills/frameworks/react-native/data/platform.yaml +287 -0
- package/.agent/skills/frameworks/svelte/META.yaml +62 -0
- package/.agent/skills/frameworks/svelte/SKILL.md +398 -0
- package/.agent/skills/frameworks/svelte/data/runes.yaml +239 -0
- package/.agent/skills/frameworks/svelte/data/sveltekit.yaml +244 -0
- package/.agent/skills/frameworks/vue/ADVANCED.md +214 -0
- package/.agent/skills/frameworks/vue/META.yaml +58 -0
- package/.agent/skills/frameworks/vue/SKILL.md +356 -0
- package/.agent/skills/frameworks/vue/data/advanced.yaml +253 -0
- package/.agent/skills/frameworks/vue/data/core.yaml +270 -0
- package/.agent/skills/index.json +143 -0
- package/.agent/skills/languages/_index.yaml +33 -0
- package/.agent/skills/languages/asm/ADVANCED.md +750 -0
- package/.agent/skills/languages/asm/META.yaml +84 -0
- package/.agent/skills/languages/asm/SKILL.md +753 -0
- package/.agent/skills/languages/asm/data/advanced.yaml +295 -0
- package/.agent/skills/languages/asm/data/core.yaml +280 -0
- package/.agent/skills/languages/c/ADVANCED.md +625 -0
- package/.agent/skills/languages/c/META.yaml +58 -0
- package/.agent/skills/languages/c/SKILL.md +748 -0
- package/.agent/skills/languages/c/data/core.yaml +179 -0
- package/.agent/skills/languages/c/data/embedded.yaml +251 -0
- package/.agent/skills/languages/c/data/memory.yaml +253 -0
- package/.agent/skills/languages/clojure/META.yaml +13 -0
- package/.agent/skills/languages/clojure/SKILL.md +130 -0
- package/.agent/skills/languages/clojure/data/core.yaml +326 -0
- package/.agent/skills/languages/cpp/ADVANCED.md +457 -0
- package/.agent/skills/languages/cpp/META.yaml +61 -0
- package/.agent/skills/languages/cpp/SKILL.md +936 -0
- package/.agent/skills/languages/cpp/data/core.yaml +304 -0
- package/.agent/skills/languages/cpp/data/memory.yaml +247 -0
- package/.agent/skills/languages/cpp/data/modern.yaml +334 -0
- package/.agent/skills/languages/crystal/META.yaml +30 -0
- package/.agent/skills/languages/crystal/SKILL.md +117 -0
- package/.agent/skills/languages/crystal/data/async.yaml +264 -0
- package/.agent/skills/languages/crystal/data/core.yaml +279 -0
- package/.agent/skills/languages/csharp/ADVANCED.md +592 -0
- package/.agent/skills/languages/csharp/META.yaml +23 -0
- package/.agent/skills/languages/csharp/SKILL.md +620 -0
- package/.agent/skills/languages/csharp/data/aspnet.yaml +448 -0
- package/.agent/skills/languages/csharp/data/core.yaml +362 -0
- package/.agent/skills/languages/elixir/META.yaml +18 -0
- package/.agent/skills/languages/elixir/SKILL.md +368 -0
- package/.agent/skills/languages/elixir/data/core.yaml +392 -0
- package/.agent/skills/languages/fsharp/META.yaml +14 -0
- package/.agent/skills/languages/fsharp/SKILL.md +113 -0
- package/.agent/skills/languages/fsharp/data/core.yaml +396 -0
- package/.agent/skills/languages/go/ADVANCED.md +260 -0
- package/.agent/skills/languages/go/META.yaml +64 -0
- package/.agent/skills/languages/go/SKILL.md +489 -0
- package/.agent/skills/languages/go/data/concurrency.yaml +424 -0
- package/.agent/skills/languages/go/data/core.yaml +399 -0
- package/.agent/skills/languages/go/data/http.yaml +507 -0
- package/.agent/skills/languages/haskell/META.yaml +18 -0
- package/.agent/skills/languages/haskell/SKILL.md +305 -0
- package/.agent/skills/languages/haskell/data/core.yaml +347 -0
- package/.agent/skills/languages/java/ADVANCED.md +450 -0
- package/.agent/skills/languages/java/META.yaml +89 -0
- package/.agent/skills/languages/java/SKILL.md +495 -0
- package/.agent/skills/languages/java/data/core.yaml +307 -0
- package/.agent/skills/languages/java/data/spring.yaml +437 -0
- package/.agent/skills/languages/javascript/ADVANCED.md +530 -0
- package/.agent/skills/languages/javascript/META.yaml +105 -0
- package/.agent/skills/languages/javascript/SKILL.md +455 -0
- package/.agent/skills/languages/javascript/data/async.yaml +290 -0
- package/.agent/skills/languages/javascript/data/core.yaml +380 -0
- package/.agent/skills/languages/javascript/data/modern.yaml +269 -0
- package/.agent/skills/languages/julia/META.yaml +13 -0
- package/.agent/skills/languages/julia/SKILL.md +174 -0
- package/.agent/skills/languages/julia/data/core.yaml +356 -0
- package/.agent/skills/languages/kotlin/ADVANCED.md +539 -0
- package/.agent/skills/languages/kotlin/META.yaml +24 -0
- package/.agent/skills/languages/kotlin/SKILL.md +525 -0
- package/.agent/skills/languages/kotlin/data/android.yaml +495 -0
- package/.agent/skills/languages/kotlin/data/core.yaml +366 -0
- package/.agent/skills/languages/lua/ADVANCED.md +257 -0
- package/.agent/skills/languages/lua/META.yaml +58 -0
- package/.agent/skills/languages/lua/SKILL.md +492 -0
- package/.agent/skills/languages/lua/data/core.yaml +264 -0
- package/.agent/skills/languages/lua/data/embedding.yaml +300 -0
- package/.agent/skills/languages/nim/META.yaml +30 -0
- package/.agent/skills/languages/nim/SKILL.md +116 -0
- package/.agent/skills/languages/nim/data/async.yaml +257 -0
- package/.agent/skills/languages/nim/data/core.yaml +241 -0
- package/.agent/skills/languages/ocaml/META.yaml +13 -0
- package/.agent/skills/languages/ocaml/SKILL.md +123 -0
- package/.agent/skills/languages/ocaml/data/core.yaml +357 -0
- package/.agent/skills/languages/perl/META.yaml +13 -0
- package/.agent/skills/languages/perl/SKILL.md +115 -0
- package/.agent/skills/languages/perl/data/core.yaml +360 -0
- package/.agent/skills/languages/php/ADVANCED.md +199 -0
- package/.agent/skills/languages/php/META.yaml +18 -0
- package/.agent/skills/languages/php/SKILL.md +488 -0
- package/.agent/skills/languages/php/data/core.yaml +392 -0
- package/.agent/skills/languages/php/data/laravel.yaml +525 -0
- package/.agent/skills/languages/python/ADVANCED.md +207 -0
- package/.agent/skills/languages/python/META.yaml +91 -0
- package/.agent/skills/languages/python/SKILL.md +495 -0
- package/.agent/skills/languages/python/data/async.yaml +265 -0
- package/.agent/skills/languages/python/data/core.yaml +259 -0
- package/.agent/skills/languages/python/data/fastapi.yaml +296 -0
- package/.agent/skills/languages/python/data/testing.yaml +226 -0
- package/.agent/skills/languages/r/META.yaml +16 -0
- package/.agent/skills/languages/r/SKILL.md +348 -0
- package/.agent/skills/languages/r/data/core.yaml +355 -0
- package/.agent/skills/languages/ruby/ADVANCED.md +381 -0
- package/.agent/skills/languages/ruby/META.yaml +19 -0
- package/.agent/skills/languages/ruby/SKILL.md +417 -0
- package/.agent/skills/languages/ruby/data/core.yaml +448 -0
- package/.agent/skills/languages/ruby/data/rails.yaml +415 -0
- package/.agent/skills/languages/rust/ADVANCED.md +212 -0
- package/.agent/skills/languages/rust/META.yaml +87 -0
- package/.agent/skills/languages/rust/SKILL.md +377 -0
- package/.agent/skills/languages/rust/data/async.yaml +404 -0
- package/.agent/skills/languages/rust/data/axum.yaml +450 -0
- package/.agent/skills/languages/rust/data/core.yaml +356 -0
- package/.agent/skills/languages/scala/META.yaml +17 -0
- package/.agent/skills/languages/scala/SKILL.md +202 -0
- package/.agent/skills/languages/scala/data/core.yaml +349 -0
- package/.agent/skills/languages/solidity/META.yaml +13 -0
- package/.agent/skills/languages/solidity/SKILL.md +188 -0
- package/.agent/skills/languages/solidity/data/core.yaml +528 -0
- package/.agent/skills/languages/swift/ADVANCED.md +231 -0
- package/.agent/skills/languages/swift/META.yaml +18 -0
- package/.agent/skills/languages/swift/SKILL.md +342 -0
- package/.agent/skills/languages/swift/data/core.yaml +489 -0
- package/.agent/skills/languages/typescript/ADVANCED.md +186 -0
- package/.agent/skills/languages/typescript/META.yaml +92 -0
- package/.agent/skills/languages/typescript/SKILL.md +306 -0
- package/.agent/skills/languages/typescript/data/async.yaml +397 -0
- package/.agent/skills/languages/typescript/data/core.yaml +283 -0
- package/.agent/skills/languages/typescript/data/validation.yaml +338 -0
- package/.agent/skills/languages/zig/META.yaml +52 -0
- package/.agent/skills/languages/zig/SKILL.md +354 -0
- package/.agent/skills/languages/zig/data/async.yaml +314 -0
- package/.agent/skills/languages/zig/data/core.yaml +302 -0
- package/.agent/templates/README.md +42 -0
- package/.agent/templates/audit-report.md +153 -0
- package/.agent/templates/chains/debug/step1-reproduce.md +83 -0
- package/.agent/templates/chains/debug/step2-isolate.md +73 -0
- package/.agent/templates/chains/debug/step3-analyze.md +86 -0
- package/.agent/templates/chains/debug/step4-fix.md +85 -0
- package/.agent/templates/chains/debug/step5-verify.md +122 -0
- package/.agent/templates/chains/implement/step1-plan.md +88 -0
- package/.agent/templates/chains/implement/step2-code.md +87 -0
- package/.agent/templates/chains/implement/step3-test.md +87 -0
- package/.agent/templates/chains/implement/step4-doc.md +118 -0
- package/.agent/templates/chains/review/step1-understand.md +74 -0
- package/.agent/templates/chains/review/step2-analyze.md +110 -0
- package/.agent/templates/chains/review/step3-fix.md +93 -0
- package/.agent/templates/chains/review/step4-summary.md +104 -0
- package/.agent/templates/debug-report.md +50 -0
- package/.agent/templates/deploy-plan.md +54 -0
- package/.agent/templates/doc-template.md +57 -0
- package/.agent/templates/findings.md +122 -0
- package/.agent/templates/index.yaml +239 -0
- package/.agent/templates/migrate-plan.md +50 -0
- package/.agent/templates/phase-template.md +72 -0
- package/.agent/templates/project-plan.md +87 -0
- package/.agent/templates/prompts/context_block.md +114 -0
- package/.agent/templates/prompts/guardrails_block.md +116 -0
- package/.agent/templates/prompts/persona_base.md +155 -0
- package/.agent/templates/prompts/tools_block.md +137 -0
- package/.agent/templates/reflection/critic.md +110 -0
- package/.agent/templates/reflection/error_analysis.md +149 -0
- package/.agent/templates/reflection/success_analysis.md +174 -0
- package/.agent/templates/task-list.md +144 -0
- package/.agent/templates/tasks/audit.yaml +146 -0
- package/.agent/templates/tasks/bug_fix.yaml +121 -0
- package/.agent/templates/tasks/code_implementation.yaml +110 -0
- package/.agent/templates/tasks/refactor.yaml +157 -0
- package/.agent/templates/test-report.md +52 -0
- package/.agent/workflows/ap.md +135 -0
- package/.agent/workflows/code.md +130 -0
- package/.agent/workflows/debug.md +230 -0
- package/.agent/workflows/deploy.md +192 -0
- package/.agent/workflows/dev.md +137 -0
- package/.agent/workflows/doc.md +124 -0
- package/.agent/workflows/env.md +98 -0
- package/.agent/workflows/fix.md +76 -0
- package/.agent/workflows/generate.md +28 -0
- package/.agent/workflows/git.md +97 -0
- package/.agent/workflows/help.md +75 -0
- package/.agent/workflows/init.md +148 -0
- package/.agent/workflows/migrate.md +135 -0
- package/.agent/workflows/monitor.md +133 -0
- package/.agent/workflows/onboard.md +144 -0
- package/.agent/workflows/orchestrate.md +117 -0
- package/.agent/workflows/perf.md +106 -0
- package/.agent/workflows/plan.md +106 -0
- package/.agent/workflows/recap.md +101 -0
- package/.agent/workflows/refactor.md +161 -0
- package/.agent/workflows/revert.md +99 -0
- package/.agent/workflows/review.md +106 -0
- package/.agent/workflows/scaffold.md +119 -0
- package/.agent/workflows/security.md +186 -0
- package/.agent/workflows/status.md +103 -0
- package/.agent/workflows/test.md +157 -0
- package/.agent/workflows/think.md +126 -0
- package/.agent/workflows/upgrade.md +109 -0
- package/.agent/workflows/visualize.md +295 -0
- package/.agent/workflows/workflow.md +196 -0
- package/README.md +64 -0
- package/dist/commands/add.d.ts +2 -0
- package/dist/commands/add.d.ts.map +1 -0
- package/dist/commands/add.js +70 -0
- package/dist/commands/add.js.map +1 -0
- package/dist/commands/config.d.ts +4 -0
- package/dist/commands/config.d.ts.map +1 -0
- package/dist/commands/config.js +152 -0
- package/dist/commands/config.js.map +1 -0
- package/dist/commands/doctor.d.ts +4 -0
- package/dist/commands/doctor.d.ts.map +1 -0
- package/dist/commands/doctor.js +98 -0
- package/dist/commands/doctor.js.map +1 -0
- package/dist/commands/hsa.d.ts +4 -0
- package/dist/commands/hsa.d.ts.map +1 -0
- package/dist/commands/hsa.js +194 -0
- package/dist/commands/hsa.js.map +1 -0
- package/dist/commands/info.d.ts +2 -0
- package/dist/commands/info.d.ts.map +1 -0
- package/dist/commands/info.js +149 -0
- package/dist/commands/info.js.map +1 -0
- package/dist/commands/init.d.ts +4 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +262 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/install-core.d.ts +4 -0
- package/dist/commands/install-core.d.ts.map +1 -0
- package/dist/commands/install-core.js +85 -0
- package/dist/commands/install-core.js.map +1 -0
- package/dist/commands/install-helpers.d.ts +27 -0
- package/dist/commands/install-helpers.d.ts.map +1 -0
- package/dist/commands/install-helpers.js +125 -0
- package/dist/commands/install-helpers.js.map +1 -0
- package/dist/commands/install-hsa.d.ts +18 -0
- package/dist/commands/install-hsa.d.ts.map +1 -0
- package/dist/commands/install-hsa.js +61 -0
- package/dist/commands/install-hsa.js.map +1 -0
- package/dist/commands/install.d.ts +4 -0
- package/dist/commands/install.d.ts.map +1 -0
- package/dist/commands/install.js +310 -0
- package/dist/commands/install.js.map +1 -0
- package/dist/commands/list.d.ts +4 -0
- package/dist/commands/list.d.ts.map +1 -0
- package/dist/commands/list.js +91 -0
- package/dist/commands/list.js.map +1 -0
- package/dist/commands/mcp-registry.d.ts +48 -0
- package/dist/commands/mcp-registry.d.ts.map +1 -0
- package/dist/commands/mcp-registry.js +246 -0
- package/dist/commands/mcp-registry.js.map +1 -0
- package/dist/commands/mcp-writers.d.ts +20 -0
- package/dist/commands/mcp-writers.d.ts.map +1 -0
- package/dist/commands/mcp-writers.js +144 -0
- package/dist/commands/mcp-writers.js.map +1 -0
- package/dist/commands/mcp.d.ts +10 -0
- package/dist/commands/mcp.d.ts.map +1 -0
- package/dist/commands/mcp.js +319 -0
- package/dist/commands/mcp.js.map +1 -0
- package/dist/commands/update.d.ts +4 -0
- package/dist/commands/update.d.ts.map +1 -0
- package/dist/commands/update.js +79 -0
- package/dist/commands/update.js.map +1 -0
- package/dist/constants/cursor-globs.d.ts +17 -0
- package/dist/constants/cursor-globs.d.ts.map +1 -0
- package/dist/constants/cursor-globs.js +62 -0
- package/dist/constants/cursor-globs.js.map +1 -0
- package/dist/constants/ide-install-specs.d.ts +36 -0
- package/dist/constants/ide-install-specs.d.ts.map +1 -0
- package/dist/constants/ide-install-specs.js +870 -0
- package/dist/constants/ide-install-specs.js.map +1 -0
- package/dist/constants/ides.d.ts +105 -0
- package/dist/constants/ides.d.ts.map +1 -0
- package/dist/constants/ides.js +412 -0
- package/dist/constants/ides.js.map +1 -0
- package/dist/constants/skills.d.ts +40 -0
- package/dist/constants/skills.d.ts.map +1 -0
- package/dist/constants/skills.js +78 -0
- package/dist/constants/skills.js.map +1 -0
- package/dist/constants.d.ts +39 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +75 -0
- package/dist/constants.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +122 -0
- package/dist/index.js.map +1 -0
- package/dist/types/flags.d.ts +47 -0
- package/dist/types/flags.d.ts.map +1 -0
- package/dist/types/flags.js +4 -0
- package/dist/types/flags.js.map +1 -0
- package/dist/types/ide-install.d.ts +175 -0
- package/dist/types/ide-install.d.ts.map +1 -0
- package/dist/types/ide-install.js +29 -0
- package/dist/types/ide-install.js.map +1 -0
- package/dist/utils/copy-helpers.d.ts +60 -0
- package/dist/utils/copy-helpers.d.ts.map +1 -0
- package/dist/utils/copy-helpers.js +617 -0
- package/dist/utils/copy-helpers.js.map +1 -0
- package/dist/utils/index.d.ts +3 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +5 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/validation.d.ts +29 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +211 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +64 -0
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
# =============================================================================
|
|
2
|
+
# Bun 1.3+ Development Tools Patterns (Feb 2026)
|
|
3
|
+
# =============================================================================
|
|
4
|
+
# Testing, bundling, CLI tools
|
|
5
|
+
|
|
6
|
+
metadata:
|
|
7
|
+
skill: bun
|
|
8
|
+
domain: tooling
|
|
9
|
+
version: "1.3.3"
|
|
10
|
+
updated: "2026-02-05"
|
|
11
|
+
patterns_count: 9
|
|
12
|
+
|
|
13
|
+
patterns:
|
|
14
|
+
- id: bun020
|
|
15
|
+
name: bun test
|
|
16
|
+
category: testing
|
|
17
|
+
version: "1.0+"
|
|
18
|
+
description: Jest-compatible test runner with built-in coverage and watch mode
|
|
19
|
+
text: test runner describe expect mock unit integration jest vitest
|
|
20
|
+
example: |
|
|
21
|
+
// test/example.test.ts
|
|
22
|
+
import { describe, expect, it, mock } from "bun:test";
|
|
23
|
+
|
|
24
|
+
describe("Calculator", () => {
|
|
25
|
+
it("should add numbers", () => {
|
|
26
|
+
expect(1 + 2).toBe(3);
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
// Run: bun test --watch --coverage
|
|
31
|
+
severity: HIGH
|
|
32
|
+
docs_url: https://bun.sh/docs/cli/test
|
|
33
|
+
|
|
34
|
+
- id: bun021
|
|
35
|
+
name: Bun.build
|
|
36
|
+
category: bundler
|
|
37
|
+
version: "1.0+"
|
|
38
|
+
description: ESBuild-inspired bundler for browser and server, TypeScript, JSX, CSS
|
|
39
|
+
text: bundle bundler minify sourcemap browser node production build
|
|
40
|
+
example: |
|
|
41
|
+
await Bun.build({
|
|
42
|
+
entrypoints: ["./src/index.tsx"],
|
|
43
|
+
outdir: "./dist",
|
|
44
|
+
target: "browser",
|
|
45
|
+
minify: true,
|
|
46
|
+
splitting: true,
|
|
47
|
+
sourcemap: "external",
|
|
48
|
+
});
|
|
49
|
+
severity: HIGH
|
|
50
|
+
docs_url: https://bun.sh/docs/bundler
|
|
51
|
+
|
|
52
|
+
- id: bun022
|
|
53
|
+
name: HTML Imports
|
|
54
|
+
category: frontend
|
|
55
|
+
version: "1.2+"
|
|
56
|
+
description: Zero-config frontend dev - auto minify and bundle JS/CSS from HTML
|
|
57
|
+
text: html import zero config frontend react transpile bundle hmr
|
|
58
|
+
example: |
|
|
59
|
+
<!-- index.html -->
|
|
60
|
+
<script type="module" src="./app.tsx"></script>
|
|
61
|
+
|
|
62
|
+
# Run: bun ./index.html
|
|
63
|
+
# Auto-transpiles TypeScript, bundles, HMR enabled
|
|
64
|
+
severity: HIGH
|
|
65
|
+
docs_url: https://bun.sh/docs/runtime/loaders
|
|
66
|
+
|
|
67
|
+
- id: bun023
|
|
68
|
+
name: bun update
|
|
69
|
+
category: cli
|
|
70
|
+
version: "1.2+"
|
|
71
|
+
description: Interactive dependency update with semver awareness
|
|
72
|
+
text: update dependencies package upgrade interactive npm
|
|
73
|
+
example: |
|
|
74
|
+
# Interactive update
|
|
75
|
+
bun update --interactive
|
|
76
|
+
|
|
77
|
+
# Update specific package
|
|
78
|
+
bun update react
|
|
79
|
+
|
|
80
|
+
# Update all to latest
|
|
81
|
+
bun update --latest
|
|
82
|
+
severity: MEDIUM
|
|
83
|
+
docs_url: https://bun.sh/docs/cli/update
|
|
84
|
+
|
|
85
|
+
- id: bun024
|
|
86
|
+
name: bun compile
|
|
87
|
+
category: cli
|
|
88
|
+
version: "1.3+"
|
|
89
|
+
description: Cross-platform compile to standalone executable
|
|
90
|
+
text: compile standalone executable binary cross platform deploy
|
|
91
|
+
example: |
|
|
92
|
+
# Compile for Linux
|
|
93
|
+
bun compile --target=linux-x64 ./server.ts
|
|
94
|
+
|
|
95
|
+
# Compile for Windows
|
|
96
|
+
bun compile --target=windows-x64 ./server.ts
|
|
97
|
+
|
|
98
|
+
# Compile for macOS ARM
|
|
99
|
+
bun compile --target=darwin-arm64 ./server.ts
|
|
100
|
+
severity: HIGH
|
|
101
|
+
docs_url: https://bun.sh/docs/bundler/executables
|
|
102
|
+
|
|
103
|
+
- id: bun025
|
|
104
|
+
name: Security Scanner
|
|
105
|
+
category: security
|
|
106
|
+
version: "1.3+"
|
|
107
|
+
description: Scan packages for vulnerabilities during install (Socket.dev integration)
|
|
108
|
+
text: security scanner vulnerability scan audit socket dependencies
|
|
109
|
+
example: |
|
|
110
|
+
# Scan during install
|
|
111
|
+
bun install --security-scan
|
|
112
|
+
|
|
113
|
+
# Audit existing packages
|
|
114
|
+
bun audit
|
|
115
|
+
severity: CRITICAL
|
|
116
|
+
docs_url: https://bun.sh/docs/cli/security
|
|
117
|
+
|
|
118
|
+
# ✅ NEW: Bun 1.3.x Features (Feb 2026)
|
|
119
|
+
- id: bun026
|
|
120
|
+
name: Bun.SQL Unified Client
|
|
121
|
+
category: database
|
|
122
|
+
version: "1.3+"
|
|
123
|
+
description: |
|
|
124
|
+
Unified database API for MySQL, MariaDB, PostgreSQL, SQLite.
|
|
125
|
+
Native implementation, zero external dependencies, high performance.
|
|
126
|
+
text: sql database mysql postgres postgresql sqlite mariadb query unified native
|
|
127
|
+
example: |
|
|
128
|
+
import { SQL } from "bun";
|
|
129
|
+
|
|
130
|
+
// ✅ Unified API across databases
|
|
131
|
+
const db = SQL.connect("postgres://localhost/mydb");
|
|
132
|
+
// or: SQL.connect("mysql://localhost/mydb")
|
|
133
|
+
// or: SQL.connect("sqlite://./local.db")
|
|
134
|
+
|
|
135
|
+
const users = await db.query("SELECT * FROM users WHERE id = ?", [1]);
|
|
136
|
+
|
|
137
|
+
// Transaction support
|
|
138
|
+
await db.transaction(async (tx) => {
|
|
139
|
+
await tx.query("INSERT INTO orders ...");
|
|
140
|
+
await tx.query("UPDATE inventory ...");
|
|
141
|
+
});
|
|
142
|
+
severity: HIGH
|
|
143
|
+
docs_url: https://bun.sh/docs/api/sql
|
|
144
|
+
|
|
145
|
+
- id: bun027
|
|
146
|
+
name: Built-in Redis Client
|
|
147
|
+
category: database
|
|
148
|
+
version: "1.3+"
|
|
149
|
+
description: |
|
|
150
|
+
Native Redis client, 7.9x faster than ioredis.
|
|
151
|
+
Zero dependencies, supports cluster, streams, Lua scripting (planned).
|
|
152
|
+
text: redis cache client native fast ioredis cluster streams pubsub
|
|
153
|
+
example: |
|
|
154
|
+
import { Redis } from "bun";
|
|
155
|
+
|
|
156
|
+
// ✅ 7.9x faster than ioredis
|
|
157
|
+
const redis = Redis.connect("redis://localhost:6379");
|
|
158
|
+
|
|
159
|
+
// Basic operations
|
|
160
|
+
await redis.set("key", "value");
|
|
161
|
+
const value = await redis.get("key");
|
|
162
|
+
|
|
163
|
+
// Pub/Sub
|
|
164
|
+
await redis.subscribe("channel", (message) => {
|
|
165
|
+
console.log("Received:", message);
|
|
166
|
+
});
|
|
167
|
+
|
|
168
|
+
await redis.publish("channel", "Hello!");
|
|
169
|
+
severity: HIGH
|
|
170
|
+
docs_url: https://bun.sh/docs/api/redis
|
|
171
|
+
|
|
172
|
+
- id: bun028
|
|
173
|
+
name: CompressionStream API
|
|
174
|
+
category: runtime
|
|
175
|
+
version: "1.3+"
|
|
176
|
+
description: Web standard CompressionStream/DecompressionStream for gzip, deflate
|
|
177
|
+
text: compression stream gzip deflate browser standard web api
|
|
178
|
+
example: |
|
|
179
|
+
// ✅ Web standard compression
|
|
180
|
+
const input = new Blob(["Hello, World!".repeat(1000)]);
|
|
181
|
+
|
|
182
|
+
// Compress
|
|
183
|
+
const compressed = await new Response(
|
|
184
|
+
input.stream().pipeThrough(new CompressionStream("gzip"))
|
|
185
|
+
).blob();
|
|
186
|
+
|
|
187
|
+
// Decompress
|
|
188
|
+
const decompressed = await new Response(
|
|
189
|
+
compressed.stream().pipeThrough(new DecompressionStream("gzip"))
|
|
190
|
+
).text();
|
|
191
|
+
severity: MEDIUM
|
|
192
|
+
docs_url: https://bun.sh/docs/api/compression
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
name: ci-cd
|
|
2
|
+
version: "6.2.0"
|
|
3
|
+
category: infrastructure
|
|
4
|
+
tier: 3
|
|
5
|
+
|
|
6
|
+
desc: "CI/CD pipeline patterns for GitHub Actions, GitLab CI, and GitOps. Includes SLSA Build Level 3, ARM64 runners, security scanning."
|
|
7
|
+
|
|
8
|
+
patterns:
|
|
9
|
+
total: 20
|
|
10
|
+
domains:
|
|
11
|
+
github-actions: 6
|
|
12
|
+
gitlab-ci: 5
|
|
13
|
+
security: 5
|
|
14
|
+
deployment: 4
|
|
15
|
+
|
|
16
|
+
hsa:
|
|
17
|
+
enabled: true
|
|
18
|
+
adapter: cicd_adapter.py
|
|
19
|
+
|
|
20
|
+
triggers:
|
|
21
|
+
file_patterns:
|
|
22
|
+
- ".github/workflows/*.yml"
|
|
23
|
+
- ".gitlab-ci.yml"
|
|
24
|
+
- "Jenkinsfile"
|
|
25
|
+
- "azure-pipelines.yml"
|
|
26
|
+
- ".circleci/config.yml"
|
|
27
|
+
keywords:
|
|
28
|
+
# General
|
|
29
|
+
- ci cd
|
|
30
|
+
- pipeline
|
|
31
|
+
- continuous integration
|
|
32
|
+
- continuous deployment
|
|
33
|
+
- workflow
|
|
34
|
+
# GitHub Actions
|
|
35
|
+
- github actions
|
|
36
|
+
- actions workflow
|
|
37
|
+
- reusable workflow
|
|
38
|
+
- composite action
|
|
39
|
+
- arm64 runner
|
|
40
|
+
- slsa attestation
|
|
41
|
+
# Security
|
|
42
|
+
- dependency review
|
|
43
|
+
- code scanning
|
|
44
|
+
- secret scanning
|
|
45
|
+
- artifact attestation
|
|
46
|
+
- supply chain
|
|
47
|
+
intents:
|
|
48
|
+
- create pipeline
|
|
49
|
+
- setup ci
|
|
50
|
+
- deploy workflow
|
|
51
|
+
- secure pipeline
|
|
52
|
+
|
|
53
|
+
related_skills:
|
|
54
|
+
- docker
|
|
55
|
+
- kubernetes
|
|
56
|
+
- aws
|
|
57
|
+
- security
|
|
58
|
+
|
|
59
|
+
prevent_confusion_with:
|
|
60
|
+
- aws: "ci-cd is platform-agnostic, aws covers AWS-specific deployment"
|
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
# =============================================================================
|
|
2
|
+
# GitHub Actions Patterns (Feb 2026)
|
|
3
|
+
# =============================================================================
|
|
4
|
+
# ARM64 runners, SLSA, artifact attestations from 2025-2026
|
|
5
|
+
|
|
6
|
+
metadata:
|
|
7
|
+
skill: ci-cd
|
|
8
|
+
domain: github-actions
|
|
9
|
+
version: "2026.1"
|
|
10
|
+
updated: "2026-02-05"
|
|
11
|
+
patterns_count: 6
|
|
12
|
+
|
|
13
|
+
patterns:
|
|
14
|
+
- id: cicd001
|
|
15
|
+
name: ARM64 Linux Runners
|
|
16
|
+
category: github-actions
|
|
17
|
+
version: "2024+"
|
|
18
|
+
description: Native ARM64/Graviton runners for 40% cost savings
|
|
19
|
+
text: github actions arm64 graviton linux runner cost savings
|
|
20
|
+
example: |
|
|
21
|
+
# GitHub Actions ARM64 runner
|
|
22
|
+
jobs:
|
|
23
|
+
build:
|
|
24
|
+
runs-on: ubuntu-24.04-arm64 # ARM64 runner
|
|
25
|
+
steps:
|
|
26
|
+
- uses: actions/checkout@v4
|
|
27
|
+
- name: Build
|
|
28
|
+
run: go build -v ./...
|
|
29
|
+
|
|
30
|
+
# Cost comparison:
|
|
31
|
+
# - ubuntu-latest (x64): $0.008/min
|
|
32
|
+
# - ubuntu-24.04-arm64: $0.005/min (37% savings!)
|
|
33
|
+
|
|
34
|
+
# Performance for Go/Rust/Node:
|
|
35
|
+
# - Often 10-20% faster builds
|
|
36
|
+
# - Better for container builds
|
|
37
|
+
|
|
38
|
+
# Matrix for multi-arch:
|
|
39
|
+
strategy:
|
|
40
|
+
matrix:
|
|
41
|
+
runner: [ubuntu-latest, ubuntu-24.04-arm64]
|
|
42
|
+
severity: HIGH
|
|
43
|
+
docs_url: https://docs.github.com/en/actions/using-github-hosted-runners
|
|
44
|
+
|
|
45
|
+
- id: cicd002
|
|
46
|
+
name: SLSA Build Level 3
|
|
47
|
+
category: security
|
|
48
|
+
version: "2024+"
|
|
49
|
+
description: Supply chain attestation with SLSA Level 3 provenance
|
|
50
|
+
text: slsa attestation supply chain security provenance level 3
|
|
51
|
+
example: |
|
|
52
|
+
name: SLSA Build
|
|
53
|
+
|
|
54
|
+
on:
|
|
55
|
+
push:
|
|
56
|
+
tags: ['v*']
|
|
57
|
+
|
|
58
|
+
jobs:
|
|
59
|
+
build:
|
|
60
|
+
runs-on: ubuntu-latest
|
|
61
|
+
permissions:
|
|
62
|
+
id-token: write
|
|
63
|
+
contents: read
|
|
64
|
+
attestations: write
|
|
65
|
+
steps:
|
|
66
|
+
- uses: actions/checkout@v4
|
|
67
|
+
|
|
68
|
+
- name: Build artifact
|
|
69
|
+
run: go build -o myapp
|
|
70
|
+
|
|
71
|
+
- name: Generate SLSA provenance
|
|
72
|
+
uses: actions/attest-build-provenance@v2
|
|
73
|
+
with:
|
|
74
|
+
subject-path: 'myapp'
|
|
75
|
+
# SLSA Level 3 - Hermetic, Parameterless
|
|
76
|
+
slsa-level: 3
|
|
77
|
+
|
|
78
|
+
# SLSA Levels:
|
|
79
|
+
# - Level 1: Basic attestation
|
|
80
|
+
# - Level 2: Build service generates provenance
|
|
81
|
+
# - Level 3: Hermetic builds, non-falsifiable provenance
|
|
82
|
+
severity: CRITICAL
|
|
83
|
+
docs_url: https://slsa.dev/spec/v1.0/
|
|
84
|
+
|
|
85
|
+
- id: cicd003
|
|
86
|
+
name: Artifact Attestations
|
|
87
|
+
category: security
|
|
88
|
+
version: "2024+"
|
|
89
|
+
description: Cryptographic proof of artifact origin
|
|
90
|
+
text: artifact attestation sigstore cosign container signing
|
|
91
|
+
example: |
|
|
92
|
+
name: Container Build with Attestation
|
|
93
|
+
|
|
94
|
+
jobs:
|
|
95
|
+
build:
|
|
96
|
+
runs-on: ubuntu-latest
|
|
97
|
+
permissions:
|
|
98
|
+
packages: write
|
|
99
|
+
id-token: write
|
|
100
|
+
attestations: write
|
|
101
|
+
steps:
|
|
102
|
+
- uses: docker/login-action@v3
|
|
103
|
+
with:
|
|
104
|
+
registry: ghcr.io
|
|
105
|
+
username: ${{ github.actor }}
|
|
106
|
+
password: ${{ secrets.GITHUB_TOKEN }}
|
|
107
|
+
|
|
108
|
+
- name: Build and push
|
|
109
|
+
id: push
|
|
110
|
+
uses: docker/build-push-action@v5
|
|
111
|
+
with:
|
|
112
|
+
push: true
|
|
113
|
+
tags: ghcr.io/${{ github.repository }}:latest
|
|
114
|
+
|
|
115
|
+
- name: Attest container
|
|
116
|
+
uses: actions/attest-build-provenance@v2
|
|
117
|
+
with:
|
|
118
|
+
subject-name: ghcr.io/${{ github.repository }}
|
|
119
|
+
subject-digest: ${{ steps.push.outputs.digest }}
|
|
120
|
+
|
|
121
|
+
# Verify attestation:
|
|
122
|
+
# gh attestation verify ghcr.io/org/repo:latest
|
|
123
|
+
severity: HIGH
|
|
124
|
+
docs_url: https://docs.github.com/en/actions/security-guides/using-artifact-attestations
|
|
125
|
+
|
|
126
|
+
- id: cicd004
|
|
127
|
+
name: Environment Deployment Protection
|
|
128
|
+
category: deployment
|
|
129
|
+
version: "2024+"
|
|
130
|
+
description: Required reviewers and wait timers for production deployments
|
|
131
|
+
text: github actions environment protection deployment approval
|
|
132
|
+
example: |
|
|
133
|
+
name: Deploy to Production
|
|
134
|
+
|
|
135
|
+
on:
|
|
136
|
+
push:
|
|
137
|
+
branches: [main]
|
|
138
|
+
|
|
139
|
+
jobs:
|
|
140
|
+
deploy-staging:
|
|
141
|
+
runs-on: ubuntu-latest
|
|
142
|
+
environment: staging
|
|
143
|
+
steps:
|
|
144
|
+
- run: ./deploy.sh staging
|
|
145
|
+
|
|
146
|
+
deploy-production:
|
|
147
|
+
needs: deploy-staging
|
|
148
|
+
runs-on: ubuntu-latest
|
|
149
|
+
# Protection rules in repo settings
|
|
150
|
+
environment:
|
|
151
|
+
name: production
|
|
152
|
+
url: https://example.com
|
|
153
|
+
steps:
|
|
154
|
+
- run: ./deploy.sh production
|
|
155
|
+
|
|
156
|
+
# Environment protection rules (configured in UI):
|
|
157
|
+
# - Required reviewers: team-leads
|
|
158
|
+
# - Wait timer: 15 minutes
|
|
159
|
+
# - Branch restrictions: main only
|
|
160
|
+
# - Deployment branches: tags matching v*
|
|
161
|
+
severity: HIGH
|
|
162
|
+
docs_url: https://docs.github.com/en/actions/deployment/targeting-different-environments
|
|
163
|
+
|
|
164
|
+
- id: cicd005
|
|
165
|
+
name: Reusable Workflows
|
|
166
|
+
category: github-actions
|
|
167
|
+
version: "2022+"
|
|
168
|
+
description: DRY workflows with inputs and secrets passthrough
|
|
169
|
+
text: reusable workflows dry composite shared workflow call
|
|
170
|
+
example: |
|
|
171
|
+
# .github/workflows/reusable-build.yml
|
|
172
|
+
name: Reusable Build
|
|
173
|
+
|
|
174
|
+
on:
|
|
175
|
+
workflow_call:
|
|
176
|
+
inputs:
|
|
177
|
+
node-version:
|
|
178
|
+
required: true
|
|
179
|
+
type: string
|
|
180
|
+
secrets:
|
|
181
|
+
npm-token:
|
|
182
|
+
required: true
|
|
183
|
+
|
|
184
|
+
jobs:
|
|
185
|
+
build:
|
|
186
|
+
runs-on: ubuntu-latest
|
|
187
|
+
steps:
|
|
188
|
+
- uses: actions/checkout@v4
|
|
189
|
+
- uses: actions/setup-node@v4
|
|
190
|
+
with:
|
|
191
|
+
node-version: ${{ inputs.node-version }}
|
|
192
|
+
- run: npm ci
|
|
193
|
+
env:
|
|
194
|
+
NPM_TOKEN: ${{ secrets.npm-token }}
|
|
195
|
+
|
|
196
|
+
# Caller workflow
|
|
197
|
+
# .github/workflows/main.yml
|
|
198
|
+
jobs:
|
|
199
|
+
call-build:
|
|
200
|
+
uses: ./.github/workflows/reusable-build.yml
|
|
201
|
+
with:
|
|
202
|
+
node-version: '20'
|
|
203
|
+
secrets:
|
|
204
|
+
npm-token: ${{ secrets.NPM_TOKEN }}
|
|
205
|
+
severity: MEDIUM
|
|
206
|
+
docs_url: https://docs.github.com/en/actions/using-workflows/reusing-workflows
|
|
207
|
+
|
|
208
|
+
- id: cicd006
|
|
209
|
+
name: Composite Actions
|
|
210
|
+
category: github-actions
|
|
211
|
+
version: "2022+"
|
|
212
|
+
description: Bundle multiple steps into reusable custom action
|
|
213
|
+
text: composite action custom reusable steps bundle action.yml
|
|
214
|
+
example: |
|
|
215
|
+
# action.yml - Custom composite action
|
|
216
|
+
name: 'Build and Test'
|
|
217
|
+
description: 'Build and test Node.js project'
|
|
218
|
+
inputs:
|
|
219
|
+
node-version:
|
|
220
|
+
description: 'Node.js version'
|
|
221
|
+
required: false
|
|
222
|
+
default: '20'
|
|
223
|
+
runs:
|
|
224
|
+
using: 'composite'
|
|
225
|
+
steps:
|
|
226
|
+
- uses: actions/setup-node@v4
|
|
227
|
+
with:
|
|
228
|
+
node-version: ${{ inputs.node-version }}
|
|
229
|
+
cache: 'npm'
|
|
230
|
+
|
|
231
|
+
- name: Install
|
|
232
|
+
shell: bash
|
|
233
|
+
run: npm ci
|
|
234
|
+
|
|
235
|
+
- name: Lint
|
|
236
|
+
shell: bash
|
|
237
|
+
run: npm run lint
|
|
238
|
+
|
|
239
|
+
- name: Test
|
|
240
|
+
shell: bash
|
|
241
|
+
run: npm test -- --coverage
|
|
242
|
+
|
|
243
|
+
# Use in workflow:
|
|
244
|
+
- uses: ./.github/actions/build-and-test
|
|
245
|
+
with:
|
|
246
|
+
node-version: '22'
|
|
247
|
+
severity: MEDIUM
|
|
248
|
+
docs_url: https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
|
|
@@ -0,0 +1,211 @@
|
|
|
1
|
+
# =============================================================================
|
|
2
|
+
# CI/CD Security Patterns (Feb 2026)
|
|
3
|
+
# =============================================================================
|
|
4
|
+
# Dependency review, secret scanning, supply chain security
|
|
5
|
+
|
|
6
|
+
metadata:
|
|
7
|
+
skill: ci-cd
|
|
8
|
+
domain: security
|
|
9
|
+
version: "2026.1"
|
|
10
|
+
updated: "2026-02-05"
|
|
11
|
+
patterns_count: 5
|
|
12
|
+
|
|
13
|
+
patterns:
|
|
14
|
+
- id: cicd010
|
|
15
|
+
name: Dependency Review Action
|
|
16
|
+
category: security
|
|
17
|
+
version: "2023+"
|
|
18
|
+
description: Block PRs that introduce vulnerable dependencies
|
|
19
|
+
text: dependency review vulnerability scan pr check security
|
|
20
|
+
example: |
|
|
21
|
+
name: Dependency Review
|
|
22
|
+
|
|
23
|
+
on: pull_request
|
|
24
|
+
|
|
25
|
+
permissions:
|
|
26
|
+
contents: read
|
|
27
|
+
pull-requests: write
|
|
28
|
+
|
|
29
|
+
jobs:
|
|
30
|
+
dependency-review:
|
|
31
|
+
runs-on: ubuntu-latest
|
|
32
|
+
steps:
|
|
33
|
+
- uses: actions/checkout@v4
|
|
34
|
+
- uses: actions/dependency-review-action@v4
|
|
35
|
+
with:
|
|
36
|
+
# Fail on critical/high vulnerabilities
|
|
37
|
+
fail-on-severity: high
|
|
38
|
+
# Allow specific licenses
|
|
39
|
+
allow-licenses: MIT, Apache-2.0, BSD-3-Clause
|
|
40
|
+
# Deny copyleft for commercial projects
|
|
41
|
+
deny-licenses: GPL-3.0, AGPL-3.0
|
|
42
|
+
|
|
43
|
+
# Also enable in repo settings:
|
|
44
|
+
# - Dependabot security updates
|
|
45
|
+
# - Dependabot version updates
|
|
46
|
+
severity: CRITICAL
|
|
47
|
+
docs_url: https://github.com/actions/dependency-review-action
|
|
48
|
+
|
|
49
|
+
- id: cicd011
|
|
50
|
+
name: CodeQL Security Scanning
|
|
51
|
+
category: security
|
|
52
|
+
version: "2022+"
|
|
53
|
+
description: Semantic code analysis for security vulnerabilities
|
|
54
|
+
text: codeql security scanning sast static analysis vulnerabilities
|
|
55
|
+
example: |
|
|
56
|
+
name: CodeQL Analysis
|
|
57
|
+
|
|
58
|
+
on:
|
|
59
|
+
push:
|
|
60
|
+
branches: [main]
|
|
61
|
+
pull_request:
|
|
62
|
+
branches: [main]
|
|
63
|
+
schedule:
|
|
64
|
+
- cron: '0 6 * * 1' # Weekly
|
|
65
|
+
|
|
66
|
+
jobs:
|
|
67
|
+
analyze:
|
|
68
|
+
runs-on: ubuntu-latest
|
|
69
|
+
permissions:
|
|
70
|
+
security-events: write
|
|
71
|
+
contents: read
|
|
72
|
+
strategy:
|
|
73
|
+
matrix:
|
|
74
|
+
language: ['javascript', 'python', 'go']
|
|
75
|
+
steps:
|
|
76
|
+
- uses: actions/checkout@v4
|
|
77
|
+
|
|
78
|
+
- uses: github/codeql-action/init@v3
|
|
79
|
+
with:
|
|
80
|
+
languages: ${{ matrix.language }}
|
|
81
|
+
# Use extended queries for more findings
|
|
82
|
+
queries: +security-extended
|
|
83
|
+
|
|
84
|
+
- uses: github/codeql-action/autobuild@v3
|
|
85
|
+
|
|
86
|
+
- uses: github/codeql-action/analyze@v3
|
|
87
|
+
with:
|
|
88
|
+
category: "/language:${{ matrix.language }}"
|
|
89
|
+
|
|
90
|
+
# Results appear in Security tab
|
|
91
|
+
severity: CRITICAL
|
|
92
|
+
docs_url: https://docs.github.com/en/code-security/code-scanning
|
|
93
|
+
|
|
94
|
+
- id: cicd012
|
|
95
|
+
name: Secret Scanning Push Protection
|
|
96
|
+
category: security
|
|
97
|
+
version: "2023+"
|
|
98
|
+
description: Block pushes containing hardcoded secrets
|
|
99
|
+
text: secret scanning push protection block credentials tokens
|
|
100
|
+
example: |
|
|
101
|
+
# Enable in repo settings:
|
|
102
|
+
# Settings > Security > Secret scanning > Push protection
|
|
103
|
+
|
|
104
|
+
# When enabled:
|
|
105
|
+
# 1. Git push blocked if secrets detected
|
|
106
|
+
# 2. Developer sees which secrets found
|
|
107
|
+
# 3. Options: remove secret, bypass (with reason), cancel
|
|
108
|
+
|
|
109
|
+
# Supported secret types (200+):
|
|
110
|
+
# - AWS keys
|
|
111
|
+
# - GitHub tokens
|
|
112
|
+
# - Azure credentials
|
|
113
|
+
# - Database passwords
|
|
114
|
+
# - API keys
|
|
115
|
+
|
|
116
|
+
# Custom patterns (org level):
|
|
117
|
+
# Pattern: mycompany_[a-zA-Z0-9]{32}
|
|
118
|
+
# Used for internal API keys
|
|
119
|
+
|
|
120
|
+
# API to check commits:
|
|
121
|
+
gh api /repos/{owner}/{repo}/secret-scanning/alerts
|
|
122
|
+
|
|
123
|
+
# Best practice: Use GHAS for enterprise
|
|
124
|
+
severity: CRITICAL
|
|
125
|
+
docs_url: https://docs.github.com/en/code-security/secret-scanning
|
|
126
|
+
|
|
127
|
+
- id: cicd013
|
|
128
|
+
name: OIDC for Cloud Authentication
|
|
129
|
+
category: security
|
|
130
|
+
version: "2022+"
|
|
131
|
+
description: Keyless auth to AWS/Azure/GCP using GitHub OIDC
|
|
132
|
+
text: oidc authentication keyless aws azure gcp workload identity
|
|
133
|
+
example: |
|
|
134
|
+
name: Deploy with OIDC
|
|
135
|
+
|
|
136
|
+
on:
|
|
137
|
+
push:
|
|
138
|
+
branches: [main]
|
|
139
|
+
|
|
140
|
+
permissions:
|
|
141
|
+
id-token: write # Required for OIDC
|
|
142
|
+
contents: read
|
|
143
|
+
|
|
144
|
+
jobs:
|
|
145
|
+
deploy:
|
|
146
|
+
runs-on: ubuntu-latest
|
|
147
|
+
steps:
|
|
148
|
+
# AWS
|
|
149
|
+
- uses: aws-actions/configure-aws-credentials@v4
|
|
150
|
+
with:
|
|
151
|
+
role-to-assume: arn:aws:iam::123456789:role/GitHubActions
|
|
152
|
+
aws-region: us-east-1
|
|
153
|
+
|
|
154
|
+
# Azure
|
|
155
|
+
- uses: azure/login@v2
|
|
156
|
+
with:
|
|
157
|
+
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
158
|
+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
159
|
+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
160
|
+
|
|
161
|
+
# GCP
|
|
162
|
+
- uses: google-github-actions/auth@v2
|
|
163
|
+
with:
|
|
164
|
+
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/...'
|
|
165
|
+
service_account: 'github-actions@project.iam.gserviceaccount.com'
|
|
166
|
+
|
|
167
|
+
# Benefits: No long-lived credentials, automatic rotation
|
|
168
|
+
severity: CRITICAL
|
|
169
|
+
docs_url: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
|
|
170
|
+
|
|
171
|
+
- id: cicd014
|
|
172
|
+
name: Permissions Hardening
|
|
173
|
+
category: security
|
|
174
|
+
version: "2022+"
|
|
175
|
+
description: Principle of least privilege for workflow permissions
|
|
176
|
+
text: permissions security hardening principle least privilege token
|
|
177
|
+
example: |
|
|
178
|
+
name: Secure Workflow
|
|
179
|
+
|
|
180
|
+
on: push
|
|
181
|
+
|
|
182
|
+
# Restrictive default permissions
|
|
183
|
+
permissions:
|
|
184
|
+
contents: read
|
|
185
|
+
|
|
186
|
+
jobs:
|
|
187
|
+
build:
|
|
188
|
+
runs-on: ubuntu-latest
|
|
189
|
+
steps:
|
|
190
|
+
- uses: actions/checkout@v4
|
|
191
|
+
- run: npm ci && npm test
|
|
192
|
+
|
|
193
|
+
publish:
|
|
194
|
+
needs: build
|
|
195
|
+
runs-on: ubuntu-latest
|
|
196
|
+
# Grant write only where needed
|
|
197
|
+
permissions:
|
|
198
|
+
contents: read
|
|
199
|
+
packages: write
|
|
200
|
+
steps:
|
|
201
|
+
- uses: actions/checkout@v4
|
|
202
|
+
- run: npm publish
|
|
203
|
+
|
|
204
|
+
# Security best practices:
|
|
205
|
+
# 1. Default to read-only at workflow level
|
|
206
|
+
# 2. Grant write permissions per-job
|
|
207
|
+
# 3. Never use permissions: write-all
|
|
208
|
+
# 4. Audit third-party actions
|
|
209
|
+
# 5. Pin action versions to SHA
|
|
210
|
+
severity: HIGH
|
|
211
|
+
docs_url: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
|