@nockdev/awf 6.2.6 → 6.2.8

package/.agent/skills/devops/ci-cd/SKILL.md

@@ -2,6 +2,120 @@
 
 CI/CD pipeline patterns for GitHub Actions, GitLab CI, and GitOps. Includes SLSA Build Level 3, ARM64 runners, security scanning.
 
+## Decision Tree
+
+```
+Task → What CI/CD platform?
+  ├─ GitHub Actions
+  │   ├─ Simple project → Single workflow file
+  │   ├─ Monorepo → Path filters + matrix
+  │   └─ Org-wide → Reusable workflows (workflow_call)
+  ├─ GitLab CI
+  │   ├─ Simple → .gitlab-ci.yml stages
+  │   └─ Multi-project → Pipeline triggers
+  └─ Deployment strategy
+      ├─ Simple → Push-to-deploy (main branch)
+      ├─ Staged → Environment promotion (dev → staging → prod)
+      ├─ Zero-downtime → Blue/green with health checks
+      └─ Risk-managed → Canary with progressive rollout
+```
+
+## Quick Start — GitHub Actions
+
+```yaml
+# .github/workflows/ci.yml
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: "npm"
+      - run: npm ci
+      - run: npm run lint
+      - run: npm test
+      - run: npm run build
+
+  deploy:
+    needs: build-test
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    environment: production
+    permissions:
+      id-token: write # OIDC
+    steps:
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-1
+      - run: npm ci && npm run build
+      - run: aws s3 sync dist/ s3://${{ vars.BUCKET }}
+```
+
+## Quick Start — Reusable Workflow
+
+```yaml
+# .github/workflows/reusable-build.yml
+name: Build
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        type: string
+        default: "22"
+    secrets:
+      NPM_TOKEN:
+        required: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+```
+
+```yaml
+# Caller workflow
+jobs:
+  build:
+    uses: ./.github/workflows/reusable-build.yml
+    with:
+      node-version: "22"
+```
+
+## Security Best Practices
+
+- [ ] Pin actions to full SHA: `uses: actions/checkout@abc123`
+- [ ] Use OIDC for cloud auth (no long-lived secrets)
+- [ ] Set `permissions` on job/workflow level (least privilege)
+- [ ] Enable Dependabot for workflow dependency updates
+- [ ] Add `timeout-minutes` on all jobs
+- [ ] Use `continue-on-error: false` (default, be explicit)
+- [ ] Cache dependencies to reduce build time
+- [ ] Scan with CodeQL and dependency review
+- [ ] Generate SBOM for supply chain security
+- [ ] Use SLSA Level 3 attestation for artifacts
+
 ## Patterns (20 total)
 
 ### GitHub Actions (6)
@@ -36,14 +150,6 @@ CI/CD pipeline patterns for GitHub Actions, GitLab CI, and GitOps. Includes SLSA
 - GitOps with ArgoCD/Flux
 - Multi-environment promotion pipeline
 
-## Best Practices
-
-- Pin actions to commit SHA (not tags)
-- Use OIDC for cloud provider auth (no long-lived secrets)
-- Cache dependencies (npm, pip, go modules)
-- Fail fast with `continue-on-error: false`
-- Set timeout-minutes on all jobs
-
 ## Data Files
 
 - `data/github-actions.yaml` — GitHub Actions patterns

package/.agent/skills/devops/docker/META.yaml

@@ -1,5 +1,5 @@
 name: docker
-version: "6.2.6"
+version: "6.2.7"
 category: infrastructure
 tier: 3
 

package/.agent/skills/devops/docker/SKILL.md

@@ -2,6 +2,102 @@
 
 Docker containerization patterns for builds, security, and deployment. Covers Compose v5, Hardened Images, Build Cloud, Bake.
 
+## Decision Tree
+
+```
+Task → What are you building?
+  ├─ Development environment
+  │   ├─ Single service → Dockerfile + docker run
+  │   └─ Multi-service → docker-compose.yml
+  │       ├─ Hot reload → Compose watch
+  │       └─ DB included → services + healthcheck
+  ├─ Production image
+  │   ├─ Node.js → Multi-stage (builder → node:alpine)
+  │   ├─ Go → Multi-stage (builder → scratch/distroless)
+  │   ├─ Python → Multi-stage (builder → python:slim)
+  │   └─ Static site → Multi-stage (build → nginx:alpine)
+  └─ CI/CD
+      ├─ Multi-platform → Buildx (linux/amd64 + arm64)
+      └─ Complex builds → Docker Bake (HCL)
+```
+
+## Quick Start — Multi-Stage Build (Node.js)
+
+```dockerfile
+# Stage 1: Build
+FROM node:22-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --only=production
+COPY . .
+RUN npm run build
+
+# Stage 2: Production
+FROM node:22-alpine
+RUN addgroup -g 1001 -S appuser && adduser -u 1001 -S appuser -G appuser
+WORKDIR /app
+COPY --from=builder --chown=appuser:appuser /app/dist ./dist
+COPY --from=builder --chown=appuser:appuser /app/node_modules ./node_modules
+USER appuser
+EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
+CMD ["node", "dist/index.js"]
+```
+
+## Compose v5 — Dev Environment
+
+```yaml
+# docker-compose.yml
+services:
+  app:
+    build:
+      context: .
+      target: builder # Use builder stage for dev
+    volumes:
+      - .:/app
+      - /app/node_modules # Anonymous volume (don't mount)
+    ports:
+      - "3000:3000"
+    depends_on:
+      db:
+        condition: service_healthy
+    develop:
+      watch:
+        - action: sync
+          path: ./src
+          target: /app/src
+        - action: rebuild
+          path: package.json
+
+  db:
+    image: postgres:17-alpine
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASS:-dev}
+      POSTGRES_DB: myapp
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      retries: 5
+
+volumes:
+  pgdata:
+```
+
+## Security Hardening Checklist
+
+- [ ] Use specific image tags (never `:latest` in production)
+- [ ] Run as non-root user (`USER 1001`)
+- [ ] Use `COPY` instead of `ADD`
+- [ ] Add `.dockerignore` (exclude `.git`, `node_modules`, `.env`)
+- [ ] Use distroless/chainguard base images for production
+- [ ] Scan with Docker Scout: `docker scout quickview`
+- [ ] Sign images with cosign
+- [ ] Set resource limits: `--memory=512m --cpus=1`
+- [ ] Use `--init` flag for proper signal handling
+- [ ] Order Dockerfile instructions for cache optimization
+
 ## Patterns (18 total)
 
 ### Build (5)
@@ -34,14 +130,6 @@ Docker containerization patterns for builds, security, and deployment. Covers Co
 - Logging drivers configuration
 - Container networking (bridge, host, overlay)
 
-## Best Practices
-
-- Use specific image tags (never `latest` in production)
-- Order Dockerfile instructions for cache optimization
-- Use `.dockerignore` to reduce build context
-- Run as non-root user (`USER 1001`)
-- Use COPY instead of ADD (explicit behavior)
-
 ## Data Files
 
 - `data/dockerfile.yaml` — Dockerfile patterns

package/.agent/skills/devops/gcp/SKILL.md

@@ -1,43 +1,119 @@
-# Google Cloud Platform
+# GCP Cloud Services
 
-> Cloud Run • Cloud Functions • BigQuery • Firestore
+Google Cloud Platform patterns for compute, data, and AI/ML. Covers Cloud Run, GKE, Cloud Functions, Firestore, Vertex AI.
 
----
+## Decision Tree
 
-## Khi Nào Dùng
-
-- Deploy containerized apps (Cloud Run)
-- Serverless functions (Cloud Functions)
-- Big data analytics (BigQuery)
-
-## Service Selection
-
-| Service             | Type                   | Best For              |
-| ------------------- | ---------------------- | --------------------- |
-| **Cloud Run**       | Serverless containers  | APIs, web apps        |
-| **Cloud Functions** | Event-driven functions | Webhooks, triggers    |
-| **GKE**             | Managed K8s            | Complex microservices |
-| **BigQuery**        | Data warehouse         | Analytics, ML         |
-| **Firestore**       | NoSQL document DB      | Real-time apps        |
-| **Cloud SQL**       | Managed SQL            | Relational data       |
+```
+Task → What are you deploying?
+  ├─ Web API / Microservice
+  │   ├─ Stateless container → Cloud Run (serverless)
+  │   ├─ Event-driven → Cloud Functions (2nd gen)
+  │   └─ Complex orchestration → GKE Autopilot
+  ├─ Static website
+  │   └─ Cloud Storage + Cloud CDN + Load Balancer
+  ├─ Database
+  │   ├─ Relational → Cloud SQL (PostgreSQL/MySQL)
+  │   ├─ Global NoSQL → Firestore
+  │   ├─ Wide column → Bigtable
+  │   └─ Analytics → BigQuery
+  ├─ AI/ML
+  │   ├─ Gemini models → Vertex AI
+  │   ├─ Custom training → Vertex AI Training
+  │   └─ Vector search → Vertex AI Vector Search
+  └─ DevOps
+      ├─ CI/CD → Cloud Build or GitHub Actions
+      └─ IaC → Terraform (recommended) or Pulumi
+```
 
-## Cloud Run Quick Start
+## Quick Start — Cloud Run
 
 ```bash
-gcloud run deploy my-service \
+# Build + deploy in one step
+gcloud run deploy myapp \
   --source . \
   --region us-central1 \
-  --allow-unauthenticated
+  --allow-unauthenticated \
+  --min-instances 0 \
+  --max-instances 10 \
+  --memory 512Mi \
+  --cpu 1
+```
+
+## Quick Start — Vertex AI (Gemini)
+
+```python
+import vertexai
+from vertexai.generative_models import GenerativeModel
+
+vertexai.init(project="my-project", location="us-central1")
+model = GenerativeModel("gemini-2.0-flash")
+
+response = model.generate_content("Hello, Gemini!")
+print(response.text)
 ```
 
-## Common Traps
+## Quick Start — Firestore
+
+```typescript
+import { initializeApp } from "firebase-admin/app";
+import { getFirestore } from "firebase-admin/firestore";
+
+initializeApp();
+const db = getFirestore();
+
+// Write
+await db.collection("users").doc("user1").set({
+  name: "Alice",
+  email: "alice@example.com",
+});
+
+// Read with real-time listener
+db.collection("users").onSnapshot((snapshot) => {
+  snapshot.docChanges().forEach((change) => {
+    console.log(change.type, change.doc.data());
+  });
+});
+```
+
+## Patterns (22 total)
+
+### Compute (5)
+
+- Cloud Run multi-container, jobs, services
+- Cloud Functions 2nd gen (event-driven)
+- GKE Autopilot (managed K8s)
+- Compute Engine (VMs) with MIGs
+- Cloud Tasks for async processing
+
+### Data (6)
+
+- BigQuery (analytics, ML, streaming)
+- Firestore (real-time, offline sync)
+- Cloud SQL with IAM auth
+- Memorystore (Redis/Valkey)
+- Pub/Sub for messaging
+- Cloud Storage lifecycle policies
+
+### AI (5)
+
+- Vertex AI Gemini 2.0 integration
+- Vertex AI Vector Search
+- Custom model training + endpoints
+- Agent Builder
+- Document AI
+
+### Infrastructure (6)
 
-| Trap           | Fix                                    |
-| -------------- | -------------------------------------- |
-| Cold starts    | Min instances, Cloud Run always-on     |
-| IAM complexity | Use workload identity, least privilege |
-| Cost spike     | Budget alerts, quotas                  |
+- Terraform modules for GCP
+- Cloud Build CI/CD pipelines
+- Workload Identity Federation
+- Secret Manager
+- Cloud Armor (WAF)
+- VPC Service Controls
 
----
+## Data Files
 
-_DOMYH Awesome Code • GCP Skill v1.0.0_
+- `data/compute.yaml` — Cloud Run, Functions, GKE patterns
+- `data/data.yaml` — BigQuery, Firestore, Pub/Sub patterns
+- `data/ai.yaml` — Vertex AI, Gemini patterns

package/.agent/skills/devops/kubernetes/META.yaml

@@ -1,5 +1,5 @@
 name: kubernetes
-version: "6.2.6"
+version: "6.2.7"
 category: infrastructure
 tier: 3
 

package/.agent/skills/devops/kubernetes/SKILL.md

@@ -2,6 +2,131 @@
 
 Kubernetes orchestration patterns for K8s 1.32-1.33+. Covers Gateway API, Sidecar Containers, Kueue, Pod Security.
 
+## Decision Tree
+
+```
+Task → What are you deploying to K8s?
+  ├─ Stateless web app
+  │   ├─ Simple → Deployment + Service + Ingress
+  │   └─ Advanced → Deployment + Gateway API (HTTPRoute)
+  ├─ Stateful service (database, cache)
+  │   └─ StatefulSet + PersistentVolumeClaim
+  ├─ Background job
+  │   ├─ One-time → Job with backoffLimit
+  │   ├─ Scheduled → CronJob
+  │   └─ Queued → Kueue (fair scheduling)
+  ├─ Networking
+  │   ├─ Modern → Gateway API (HTTPRoute, GRPCRoute)
+  │   └─ Legacy → Ingress (nginx/traefik)
+  └─ Package management
+      ├─ Templating → Helm charts
+      └─ Patching → Kustomize overlays
+```
+
+## Quick Start — Deployment + Service
+
+```yaml
+# deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  labels:
+    app: myapp
+spec:
+  replicas: 3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0 # Zero-downtime
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: myapp
+          image: myapp:1.0.0
+          ports:
+            - containerPort: 3000
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 3000
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 3000
+            initialDelaySeconds: 15
+            periodSeconds: 20
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: myapp
+spec:
+  selector:
+    app: myapp
+  ports:
+    - port: 80
+      targetPort: 3000
+  type: ClusterIP
+```
+
+## Quick Start — Gateway API
+
+```yaml
+# gateway.yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: myapp-route
+spec:
+  parentRefs:
+    - name: main-gateway
+  hostnames:
+    - "api.example.com"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /api
+      backendRefs:
+        - name: myapp
+          port: 80
+          weight: 100
+```
+
+## Production Checklist
+
+- [ ] Set `requests` AND `limits` on all containers
+- [ ] Add `readinessProbe` and `livenessProbe`
+- [ ] Use `PodDisruptionBudget` (minAvailable: 1)
+- [ ] Apply `Pod Security Standards` (restricted)
+- [ ] Set `securityContext.runAsNonRoot: true`
+- [ ] Use `Namespace` isolation for multi-tenancy
+- [ ] Configure `NetworkPolicy` for pod-to-pod isolation
+- [ ] Enable `HorizontalPodAutoscaler` for scaling
+- [ ] Use `topologySpreadConstraints` across zones
+- [ ] Implement `startupProbe` for slow-starting apps
+
 ## Patterns (20 total)
 
 ### Networking (5)
@@ -36,14 +161,6 @@ Kubernetes orchestration patterns for K8s 1.32-1.33+. Covers Gateway API, Sideca
 - Priority classes for preemption
 - Cluster autoscaler configuration
 
-## Best Practices
-
-- Use Namespace isolation for multi-tenancy
-- Set resource requests AND limits on all containers
-- Use PodDisruptionBudget for high availability
-- Enable audit logging for security compliance
-- Use Helm or Kustomize for reproducible deployments
-
 ## Data Files
 
 - `data/gateway-api.yaml` — Gateway API patterns

package/.agent/skills/frameworks/angular/META.yaml

@@ -1,5 +1,5 @@
 name: angular
-version: "6.2.6"
+version: "6.2.7"
 display: "Angular Patterns"
 category: frontend
 tier: 1

package/.agent/skills/frameworks/angular/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: angular
 detect: ["angular.json", "*.component.ts", "@angular/core"]
-version: "6.2.6"
+version: "6.2.7"
 category: frontend
 tier: 1
 ---

package/.agent/skills/frameworks/flutter/META.yaml

@@ -1,5 +1,5 @@
 name: flutter
-version: "6.2.6"
+version: "6.2.7"
 display: "Flutter & Dart Patterns"
 category: mobile
 tier: 1

package/.agent/skills/frameworks/flutter/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: flutter
 detect: ["pubspec.yaml", "*.dart", "lib/main.dart", "analysis_options.yaml"]
-version: "6.2.6"
+version: "6.2.7"
 category: mobile
 tier: 1
 ---

package/.agent/skills/frameworks/nextjs/META.yaml

@@ -1,5 +1,5 @@
 name: nextjs
-version: "6.2.6"
+version: "6.2.7"
 display: "Next.js Patterns"
 category: frontend
 tier: 1

package/.agent/skills/frameworks/nextjs/SKILL.md

@@ -2,7 +2,7 @@
 name: nextjs
 detect:
   ["next.config.js", "next.config.mjs", "next.config.ts", "app/layout.tsx"]
-version: "6.2.6"
+version: "6.2.7"
 category: frontend
 tier: 1
 ---

package/.agent/skills/frameworks/nuxt/META.yaml

@@ -1,5 +1,5 @@
 name: nuxt
-version: "6.2.6"
+version: "6.2.7"
 display: "Nuxt Framework Patterns"
 category: frontend
 tier: 1

package/.agent/skills/frameworks/nuxt/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: nuxt
 detect: ["nuxt.config.ts", "nuxt.config.js", ".nuxtrc", "app.vue"]
-version: "6.2.6"
+version: "6.2.7"
 category: frontend
 tier: 1
 ---

package/.agent/skills/frameworks/react/META.yaml

@@ -1,5 +1,5 @@
 name: react
-version: "6.2.6"
+version: "6.2.7"
 display: "React Patterns"
 category: frontend
 tier: 1

package/.agent/skills/frameworks/react/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: react
 detect: ["package.json:react", "*.jsx", "*.tsx", "vite.config.ts"]
-version: "6.2.6"
+version: "6.2.7"
 category: frontend
 tier: 1
 ---
@@ -13,6 +13,29 @@ tier: 1
 
 ---
 
+## Decision Tree
+
+```
+Task → What React pattern?
+  ├─ Component design
+  │   ├─ List/forms → Server Components (RSC)
+  │   ├─ Interactive → Client Component ('use client')
+  │   └─ Layout → Composition pattern (children)
+  ├─ State management
+  │   ├─ Local → useState / useReducer
+  │   ├─ Shared (small) → Context + useReducer
+  │   ├─ Complex → Zustand (simple) / Jotai (atomic)
+  │   └─ Server → TanStack Query / SWR
+  ├─ Data fetching
+  │   ├─ Server → use() + fetch in RSC
+  │   ├─ Client → TanStack Query
+  │   └─ Forms → Server Actions + useActionState
+  └─ Rendering
+      ├─ SEO needed → Next.js SSR/SSG
+      ├─ SPA → Vite + React Router
+      └─ Static → Astro + React islands
+```
+
 ## 🎯 When to Use This Skill
 
 Use for: React SPAs, component libraries, client-side apps.

package/.agent/skills/frameworks/react-native/META.yaml

@@ -1,5 +1,5 @@
 name: react-native
-version: "6.2.6"
+version: "6.2.7"
 display: "React Native Patterns"
 category: mobile
 tier: 1