@oriro/orirocli 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1102) hide show
  1. package/ATTRIBUTION.md +53 -53
  2. package/LICENSE +21 -21
  3. package/README.md +20 -17
  4. package/dist/cli.js +4425 -2975
  5. package/package.json +64 -64
  6. package/skills/1password/SKILL.md +118 -118
  7. package/skills/1password/references/cli-examples.md +29 -29
  8. package/skills/1password/references/get-started.md +21 -21
  9. package/skills/21stdev/SKILL.md +64 -64
  10. package/skills/algorithmic-art/LICENSE +21 -21
  11. package/skills/algorithmic-art/SKILL.md +446 -446
  12. package/skills/algorithmic-art/templates/generator_template.js +223 -223
  13. package/skills/algorithmic-art/templates/viewer.html +598 -598
  14. package/skills/apple-notes/SKILL.md +81 -81
  15. package/skills/apple-reminders/SKILL.md +122 -122
  16. package/skills/bear-notes/SKILL.md +111 -111
  17. package/skills/blogwatcher/SKILL.md +73 -73
  18. package/skills/blucli/SKILL.md +51 -51
  19. package/skills/brand-guidelines/LICENSE +21 -21
  20. package/skills/brand-guidelines/SKILL.md +76 -76
  21. package/skills/business/biz-analysis/LICENSE +21 -21
  22. package/skills/business/biz-analysis/SKILL.md +103 -103
  23. package/skills/business/biz-corporate-strategy/LICENSE +21 -21
  24. package/skills/business/biz-corporate-strategy/SKILL.md +76 -76
  25. package/skills/business/biz-customer-success/LICENSE +21 -21
  26. package/skills/business/biz-customer-success/SKILL.md +55 -55
  27. package/skills/business/biz-entrepreneurship/LICENSE +21 -21
  28. package/skills/business/biz-entrepreneurship/SKILL.md +72 -72
  29. package/skills/business/biz-hr/LICENSE +21 -21
  30. package/skills/business/biz-hr/SKILL.md +67 -67
  31. package/skills/business/biz-international/LICENSE +21 -21
  32. package/skills/business/biz-international/SKILL.md +51 -51
  33. package/skills/business/biz-leadership/LICENSE +21 -21
  34. package/skills/business/biz-leadership/SKILL.md +106 -106
  35. package/skills/business/biz-marketing-strategy/LICENSE +21 -21
  36. package/skills/business/biz-marketing-strategy/SKILL.md +119 -119
  37. package/skills/business/biz-negotiation/LICENSE +21 -21
  38. package/skills/business/biz-negotiation/SKILL.md +152 -152
  39. package/skills/business/biz-operations/LICENSE +21 -21
  40. package/skills/business/biz-operations/SKILL.md +74 -74
  41. package/skills/business/biz-project/LICENSE +21 -21
  42. package/skills/business/biz-project/SKILL.md +203 -203
  43. package/skills/business/biz-risk/LICENSE +21 -21
  44. package/skills/business/biz-risk/SKILL.md +85 -85
  45. package/skills/business/biz-sales/LICENSE +21 -21
  46. package/skills/business/biz-sales/SKILL.md +92 -92
  47. package/skills/business/biz-startup-ops/LICENSE +21 -21
  48. package/skills/business/biz-startup-ops/SKILL.md +70 -70
  49. package/skills/business/biz-strategy/LICENSE +21 -21
  50. package/skills/business/biz-strategy/SKILL.md +233 -233
  51. package/skills/business/biz-supply-chain-advanced/LICENSE +21 -21
  52. package/skills/business/biz-supply-chain-advanced/SKILL.md +68 -68
  53. package/skills/business/fin-chartered-exams/LICENSE +21 -21
  54. package/skills/business/fin-chartered-exams/SKILL.md +69 -69
  55. package/skills/camsnap/SKILL.md +49 -49
  56. package/skills/canvas/SKILL.md +82 -82
  57. package/skills/canvas-design/LICENSE +21 -21
  58. package/skills/canvas-design/SKILL.md +140 -140
  59. package/skills/canvas-design/canvas-fonts/ArsenalSC-OFL.txt +93 -93
  60. package/skills/canvas-design/canvas-fonts/BigShoulders-OFL.txt +93 -93
  61. package/skills/canvas-design/canvas-fonts/Boldonse-OFL.txt +93 -93
  62. package/skills/canvas-design/canvas-fonts/BricolageGrotesque-OFL.txt +93 -93
  63. package/skills/canvas-design/canvas-fonts/CrimsonPro-OFL.txt +93 -93
  64. package/skills/canvas-design/canvas-fonts/DMMono-OFL.txt +93 -93
  65. package/skills/canvas-design/canvas-fonts/EricaOne-OFL.txt +94 -94
  66. package/skills/canvas-design/canvas-fonts/GeistMono-OFL.txt +93 -93
  67. package/skills/canvas-design/canvas-fonts/Gloock-OFL.txt +93 -93
  68. package/skills/canvas-design/canvas-fonts/IBMPlexMono-OFL.txt +93 -93
  69. package/skills/canvas-design/canvas-fonts/InstrumentSans-OFL.txt +93 -93
  70. package/skills/canvas-design/canvas-fonts/JetBrainsMono-OFL.txt +93 -93
  71. package/skills/canvas-design/canvas-fonts/Jura-OFL.txt +93 -93
  72. package/skills/canvas-design/canvas-fonts/LibreBaskerville-OFL.txt +93 -93
  73. package/skills/canvas-design/canvas-fonts/Lora-OFL.txt +93 -93
  74. package/skills/canvas-design/canvas-fonts/NationalPark-OFL.txt +93 -93
  75. package/skills/canvas-design/canvas-fonts/Outfit-OFL.txt +93 -93
  76. package/skills/canvas-design/canvas-fonts/PixelifySans-OFL.txt +93 -93
  77. package/skills/canvas-design/canvas-fonts/RedHatMono-OFL.txt +93 -93
  78. package/skills/canvas-design/canvas-fonts/Silkscreen-OFL.txt +93 -93
  79. package/skills/canvas-design/canvas-fonts/SmoochSans-OFL.txt +93 -93
  80. package/skills/canvas-design/canvas-fonts/Tektur-OFL.txt +93 -93
  81. package/skills/canvas-design/canvas-fonts/WorkSans-OFL.txt +93 -93
  82. package/skills/canvas-design/canvas-fonts/YoungSerif-OFL.txt +93 -93
  83. package/skills/coding-agent/SKILL.md +146 -146
  84. package/skills/communication/comm-business-writing/LICENSE +21 -21
  85. package/skills/communication/comm-business-writing/SKILL.md +67 -67
  86. package/skills/communication/comm-cross-cultural/LICENSE +21 -21
  87. package/skills/communication/comm-cross-cultural/SKILL.md +88 -88
  88. package/skills/communication/comm-journalism/LICENSE +21 -21
  89. package/skills/communication/comm-journalism/SKILL.md +81 -81
  90. package/skills/communication/comm-linguistics/LICENSE +21 -21
  91. package/skills/communication/comm-linguistics/SKILL.md +82 -82
  92. package/skills/communication/comm-negotiation/LICENSE +21 -21
  93. package/skills/communication/comm-negotiation/SKILL.md +120 -120
  94. package/skills/communication/comm-presentations/LICENSE +21 -21
  95. package/skills/communication/comm-presentations/SKILL.md +93 -93
  96. package/skills/communication/comm-public-speaking/LICENSE +21 -21
  97. package/skills/communication/comm-public-speaking/SKILL.md +68 -68
  98. package/skills/communication/comm-writing/LICENSE +21 -21
  99. package/skills/communication/comm-writing/SKILL.md +69 -69
  100. package/skills/craft/ai-engineering/LICENSE +21 -21
  101. package/skills/craft/ai-engineering/SKILL.md +828 -828
  102. package/skills/craft/app-builder-guide/LICENSE +21 -21
  103. package/skills/craft/app-builder-guide/SKILL.md +332 -332
  104. package/skills/craft/become-an-ai-engineer-26/CONTRIBUTING.md +46 -46
  105. package/skills/craft/become-an-ai-engineer-26/LICENSE +21 -21
  106. package/skills/craft/become-an-ai-engineer-26/README.md +270 -270
  107. package/skills/craft/become-an-ai-engineer-26/SKILL.md +667 -667
  108. package/skills/craft/become-an-ai-engineer-26/community/BUILDS.md +13 -13
  109. package/skills/craft/become-an-ai-engineer-26/community/DISCUSSIONS.md +8 -8
  110. package/skills/craft/become-an-ai-engineer-26/phases/phase-0-mental-models/README.md +14 -14
  111. package/skills/craft/become-an-ai-engineer-26/phases/phase-0-mental-models/project/TEMPLATE.md +33 -33
  112. package/skills/craft/become-an-ai-engineer-26/phases/phase-1-first-agent/README.md +25 -25
  113. package/skills/craft/become-an-ai-engineer-26/phases/phase-1-first-agent/code/raw_loop.py +126 -126
  114. package/skills/craft/become-an-ai-engineer-26/phases/phase-2-architecture/README.md +17 -17
  115. package/skills/craft/become-an-ai-engineer-26/phases/phase-3-harness/README.md +17 -17
  116. package/skills/craft/become-an-ai-engineer-26/phases/phase-4-evals/README.md +21 -21
  117. package/skills/craft/become-an-ai-engineer-26/phases/phase-4-evals/code/.github/workflows/eval.yml +40 -40
  118. package/skills/craft/become-an-ai-engineer-26/phases/phase-5-production/README.md +16 -16
  119. package/skills/craft/become-an-ai-engineer-26/projects/1-mobile-app-slm/README.md +11 -11
  120. package/skills/craft/become-an-ai-engineer-26/projects/2-self-improving-coder/README.md +11 -11
  121. package/skills/craft/become-an-ai-engineer-26/projects/3-video-editor-agent/README.md +11 -11
  122. package/skills/craft/become-an-ai-engineer-26/projects/4-personal-life-os/README.md +12 -12
  123. package/skills/craft/become-an-ai-engineer-26/projects/5-enterprise-workflow/README.md +12 -12
  124. package/skills/craft/become-an-ai-engineer-26/references/benchmark-numbers.md +41 -41
  125. package/skills/craft/become-an-ai-engineer-26/references/mhc-stable-training.md +73 -73
  126. package/skills/craft/become-an-ai-engineer-26/references/stack-decisions.md +37 -37
  127. package/skills/craft/become-an-ai-engineer-26/references/yarn-context-extension.md +123 -123
  128. package/skills/craft/codex-result-handling/LICENSE +21 -21
  129. package/skills/craft/codex-result-handling/SKILL.md +26 -26
  130. package/skills/craft/debug-and-build-methodology/LICENSE +21 -21
  131. package/skills/craft/debug-and-build-methodology/SKILL.md +432 -432
  132. package/skills/craft/design/LICENSE +21 -21
  133. package/skills/craft/design/SKILL.md +274 -274
  134. package/skills/craft/dev/LICENSE +21 -21
  135. package/skills/craft/dev/SKILL.md +12 -12
  136. package/skills/craft/dev/release.md +85 -85
  137. package/skills/craft/dev/roll.md +50 -50
  138. package/skills/craft/doc-coauthoring/LICENSE +21 -21
  139. package/skills/craft/doc-coauthoring/SKILL.md +397 -397
  140. package/skills/craft/focus/LICENSE +21 -21
  141. package/skills/craft/focus/SKILL.md +432 -432
  142. package/skills/craft/focus/UPSTREAM_README.md +233 -233
  143. package/skills/craft/gh/LICENSE +21 -21
  144. package/skills/craft/gh/SKILL.md +84 -84
  145. package/skills/craft/gh-skill/LICENSE +21 -21
  146. package/skills/craft/gh-skill/SKILL.md +121 -121
  147. package/skills/craft/godmode/LICENSE +21 -21
  148. package/skills/craft/godmode/SKILL.md +87 -87
  149. package/skills/craft/godmode/references/android-launch.md +680 -680
  150. package/skills/craft/godmode/references/data-gcp.md +1038 -1038
  151. package/skills/craft/godmode/references/expo-eas.md +816 -816
  152. package/skills/craft/godmode/references/ios-launch.md +734 -734
  153. package/skills/craft/google-ai-latest/LICENSE +21 -21
  154. package/skills/craft/google-ai-latest/SKILL.md +682 -682
  155. package/skills/craft/gpt-5-4-prompting/LICENSE +21 -21
  156. package/skills/craft/gpt-5-4-prompting/SKILL.md +63 -63
  157. package/skills/craft/gpt-5-4-prompting/references/codex-prompt-antipatterns.md +101 -101
  158. package/skills/craft/gpt-5-4-prompting/references/codex-prompt-recipes.md +150 -150
  159. package/skills/craft/gpt-5-4-prompting/references/prompt-blocks.md +172 -172
  160. package/skills/craft/grill-me/LICENSE +21 -21
  161. package/skills/craft/grill-me/SKILL.md +13 -13
  162. package/skills/craft/idea-to-deploy/LICENSE +21 -21
  163. package/skills/craft/idea-to-deploy/SKILL.md +292 -292
  164. package/skills/craft/idea-to-deploy/references/auth-playbook.md +195 -195
  165. package/skills/craft/idea-to-deploy/references/gcp-deployment.md +268 -268
  166. package/skills/craft/idea-to-deploy/references/stack-selection.md +117 -117
  167. package/skills/craft/image-generation-engineer/LICENSE +21 -21
  168. package/skills/craft/image-generation-engineer/SKILL.md +183 -183
  169. package/skills/craft/image-generation-engineer/references/architectures.md +260 -260
  170. package/skills/craft/image-generation-engineer/references/foundations.md +107 -107
  171. package/skills/craft/image-generation-engineer/references/inference-and-serving.md +253 -253
  172. package/skills/craft/image-generation-engineer/references/training.md +149 -149
  173. package/skills/craft/marketing/LICENSE +21 -21
  174. package/skills/craft/marketing/SKILL.md +1954 -1954
  175. package/skills/craft/master-architect/LICENSE +21 -21
  176. package/skills/craft/master-architect/SKILL.md +361 -361
  177. package/skills/craft/master-architect/references/ai-ml.md +317 -317
  178. package/skills/craft/master-architect/references/architecture.md +268 -268
  179. package/skills/craft/master-architect/references/auth-playbook.md +195 -195
  180. package/skills/craft/master-architect/references/cloud.md +323 -323
  181. package/skills/craft/master-architect/references/cyber.md +839 -839
  182. package/skills/craft/master-architect/references/data-eng.md +366 -366
  183. package/skills/craft/master-architect/references/devops.md +550 -550
  184. package/skills/craft/master-architect/references/gcp-deployment.md +268 -268
  185. package/skills/craft/master-architect/references/languages.md +748 -748
  186. package/skills/craft/master-architect/references/legacy.md +240 -240
  187. package/skills/craft/master-architect/references/mobile.md +447 -447
  188. package/skills/craft/master-architect/references/patterns.md +451 -451
  189. package/skills/craft/master-architect/references/saas-patterns.md +379 -379
  190. package/skills/craft/master-architect/references/sdlc.md +349 -349
  191. package/skills/craft/master-architect/references/stack-selection.md +117 -117
  192. package/skills/craft/oriro-ui-2026/LICENSE +21 -21
  193. package/skills/craft/oriro-ui-2026/SKILL.md +329 -329
  194. package/skills/craft/playwright-cli/LICENSE +21 -21
  195. package/skills/craft/playwright-cli/SKILL.md +393 -393
  196. package/skills/craft/playwright-cli/references/element-attributes.md +23 -23
  197. package/skills/craft/playwright-cli/references/playwright-tests.md +39 -39
  198. package/skills/craft/playwright-cli/references/request-mocking.md +87 -87
  199. package/skills/craft/playwright-cli/references/running-code.md +240 -240
  200. package/skills/craft/playwright-cli/references/session-management.md +226 -226
  201. package/skills/craft/playwright-cli/references/spec-driven-testing.md +312 -312
  202. package/skills/craft/playwright-cli/references/storage-state.md +275 -275
  203. package/skills/craft/playwright-cli/references/test-generation.md +134 -134
  204. package/skills/craft/playwright-cli/references/tracing.md +142 -142
  205. package/skills/craft/playwright-cli/references/video-recording.md +150 -150
  206. package/skills/craft/remotion-best-practices/LICENSE +21 -21
  207. package/skills/craft/remotion-best-practices/SKILL.md +345 -345
  208. package/skills/craft/remotion-best-practices/rules/3d.md +86 -86
  209. package/skills/craft/remotion-best-practices/rules/assets/charts-bar-chart.tsx +165 -165
  210. package/skills/craft/remotion-best-practices/rules/assets/text-animations-typewriter.tsx +89 -89
  211. package/skills/craft/remotion-best-practices/rules/assets/text-animations-word-highlight.tsx +101 -101
  212. package/skills/craft/remotion-best-practices/rules/audio-visualization.md +195 -195
  213. package/skills/craft/remotion-best-practices/rules/audio.md +167 -167
  214. package/skills/craft/remotion-best-practices/rules/calculate-metadata.md +118 -118
  215. package/skills/craft/remotion-best-practices/rules/compositions.md +132 -132
  216. package/skills/craft/remotion-best-practices/rules/display-captions.md +176 -176
  217. package/skills/craft/remotion-best-practices/rules/ffmpeg.md +34 -34
  218. package/skills/craft/remotion-best-practices/rules/get-audio-duration.md +58 -58
  219. package/skills/craft/remotion-best-practices/rules/get-video-dimensions.md +68 -68
  220. package/skills/craft/remotion-best-practices/rules/get-video-duration.md +60 -60
  221. package/skills/craft/remotion-best-practices/rules/gifs.md +135 -135
  222. package/skills/craft/remotion-best-practices/rules/google-fonts.md +72 -72
  223. package/skills/craft/remotion-best-practices/rules/html-in-canvas.md +122 -122
  224. package/skills/craft/remotion-best-practices/rules/images.md +67 -67
  225. package/skills/craft/remotion-best-practices/rules/import-srt-captions.md +69 -69
  226. package/skills/craft/remotion-best-practices/rules/light-leaks.md +73 -73
  227. package/skills/craft/remotion-best-practices/rules/local-fonts.md +65 -65
  228. package/skills/craft/remotion-best-practices/rules/lottie.md +67 -67
  229. package/skills/craft/remotion-best-practices/rules/maplibre.md +441 -441
  230. package/skills/craft/remotion-best-practices/rules/measuring-dom-nodes.md +34 -34
  231. package/skills/craft/remotion-best-practices/rules/measuring-text.md +140 -140
  232. package/skills/craft/remotion-best-practices/rules/parameters.md +109 -109
  233. package/skills/craft/remotion-best-practices/rules/sequencing.md +144 -144
  234. package/skills/craft/remotion-best-practices/rules/sfx.md +30 -30
  235. package/skills/craft/remotion-best-practices/rules/silence-detection.md +73 -73
  236. package/skills/craft/remotion-best-practices/rules/subtitles.md +36 -36
  237. package/skills/craft/remotion-best-practices/rules/tailwind.md +11 -11
  238. package/skills/craft/remotion-best-practices/rules/text-animations.md +20 -20
  239. package/skills/craft/remotion-best-practices/rules/timing.md +130 -130
  240. package/skills/craft/remotion-best-practices/rules/transcribe-captions.md +70 -70
  241. package/skills/craft/remotion-best-practices/rules/transitions.md +193 -193
  242. package/skills/craft/remotion-best-practices/rules/transparent-videos.md +102 -102
  243. package/skills/craft/remotion-best-practices/rules/trimming.md +51 -51
  244. package/skills/craft/remotion-best-practices/rules/videos.md +169 -169
  245. package/skills/craft/remotion-best-practices/rules/voiceover.md +94 -94
  246. package/skills/craft/supabase-postgres-best-practices/CHANGELOG.md +25 -25
  247. package/skills/craft/supabase-postgres-best-practices/LICENSE +21 -21
  248. package/skills/craft/supabase-postgres-best-practices/SKILL.md +69 -69
  249. package/skills/craft/supabase-postgres-best-practices/references/_contributing.md +166 -166
  250. package/skills/craft/supabase-postgres-best-practices/references/_sections.md +47 -47
  251. package/skills/craft/supabase-postgres-best-practices/references/_template.md +34 -34
  252. package/skills/craft/supabase-postgres-best-practices/references/advanced-full-text-search.md +55 -55
  253. package/skills/craft/supabase-postgres-best-practices/references/advanced-jsonb-indexing.md +49 -49
  254. package/skills/craft/supabase-postgres-best-practices/references/conn-idle-timeout.md +46 -46
  255. package/skills/craft/supabase-postgres-best-practices/references/conn-limits.md +44 -44
  256. package/skills/craft/supabase-postgres-best-practices/references/conn-pooling.md +41 -41
  257. package/skills/craft/supabase-postgres-best-practices/references/conn-prepared-statements.md +46 -46
  258. package/skills/craft/supabase-postgres-best-practices/references/data-batch-inserts.md +54 -54
  259. package/skills/craft/supabase-postgres-best-practices/references/data-n-plus-one.md +53 -53
  260. package/skills/craft/supabase-postgres-best-practices/references/data-pagination.md +50 -50
  261. package/skills/craft/supabase-postgres-best-practices/references/data-upsert.md +50 -50
  262. package/skills/craft/supabase-postgres-best-practices/references/lock-advisory.md +56 -56
  263. package/skills/craft/supabase-postgres-best-practices/references/lock-deadlock-prevention.md +68 -68
  264. package/skills/craft/supabase-postgres-best-practices/references/lock-short-transactions.md +50 -50
  265. package/skills/craft/supabase-postgres-best-practices/references/lock-skip-locked.md +54 -54
  266. package/skills/craft/supabase-postgres-best-practices/references/monitor-explain-analyze.md +45 -45
  267. package/skills/craft/supabase-postgres-best-practices/references/monitor-pg-stat-statements.md +55 -55
  268. package/skills/craft/supabase-postgres-best-practices/references/monitor-vacuum-analyze.md +55 -55
  269. package/skills/craft/supabase-postgres-best-practices/references/query-composite-indexes.md +44 -44
  270. package/skills/craft/supabase-postgres-best-practices/references/query-covering-indexes.md +40 -40
  271. package/skills/craft/supabase-postgres-best-practices/references/query-index-types.md +48 -48
  272. package/skills/craft/supabase-postgres-best-practices/references/query-missing-indexes.md +43 -43
  273. package/skills/craft/supabase-postgres-best-practices/references/query-partial-indexes.md +45 -45
  274. package/skills/craft/supabase-postgres-best-practices/references/schema-constraints.md +80 -80
  275. package/skills/craft/supabase-postgres-best-practices/references/schema-data-types.md +46 -46
  276. package/skills/craft/supabase-postgres-best-practices/references/schema-foreign-key-indexes.md +59 -59
  277. package/skills/craft/supabase-postgres-best-practices/references/schema-lowercase-identifiers.md +55 -55
  278. package/skills/craft/supabase-postgres-best-practices/references/schema-partitioning.md +55 -55
  279. package/skills/craft/supabase-postgres-best-practices/references/schema-primary-keys.md +61 -61
  280. package/skills/craft/supabase-postgres-best-practices/references/security-privileges.md +54 -54
  281. package/skills/craft/supabase-postgres-best-practices/references/security-rls-basics.md +50 -50
  282. package/skills/craft/supabase-postgres-best-practices/references/security-rls-performance.md +63 -63
  283. package/skills/craft/uipm-banner-design/LICENSE +21 -21
  284. package/skills/craft/uipm-banner-design/SKILL.md +201 -201
  285. package/skills/craft/uipm-banner-design/references/banner-sizes-and-styles.md +129 -129
  286. package/skills/craft/uipm-brand/LICENSE +21 -21
  287. package/skills/craft/uipm-brand/SKILL.md +104 -104
  288. package/skills/craft/uipm-brand/references/approval-checklist.md +184 -184
  289. package/skills/craft/uipm-brand/references/asset-organization.md +167 -167
  290. package/skills/craft/uipm-brand/references/brand-guideline-template.md +161 -161
  291. package/skills/craft/uipm-brand/references/color-palette-management.md +203 -203
  292. package/skills/craft/uipm-brand/references/consistency-checklist.md +105 -105
  293. package/skills/craft/uipm-brand/references/logo-usage-rules.md +204 -204
  294. package/skills/craft/uipm-brand/references/messaging-framework.md +91 -91
  295. package/skills/craft/uipm-brand/references/typography-specifications.md +265 -265
  296. package/skills/craft/uipm-brand/references/update.md +128 -128
  297. package/skills/craft/uipm-brand/references/visual-identity.md +109 -109
  298. package/skills/craft/uipm-brand/references/voice-framework.md +99 -99
  299. package/skills/craft/uipm-brand/scripts/extract-colors.cjs +333 -333
  300. package/skills/craft/uipm-brand/scripts/inject-brand-context.cjs +324 -324
  301. package/skills/craft/uipm-brand/scripts/sync-brand-to-tokens.cjs +269 -269
  302. package/skills/craft/uipm-brand/scripts/validate-asset.cjs +361 -361
  303. package/skills/craft/uipm-brand/templates/brand-guidelines-starter.md +280 -280
  304. package/skills/craft/uipm-design/LICENSE +21 -21
  305. package/skills/craft/uipm-design/SKILL.md +305 -305
  306. package/skills/craft/uipm-design/data/cip/deliverables.csv +50 -50
  307. package/skills/craft/uipm-design/data/cip/industries.csv +20 -20
  308. package/skills/craft/uipm-design/data/cip/mockup-contexts.csv +20 -20
  309. package/skills/craft/uipm-design/data/cip/styles.csv +20 -20
  310. package/skills/craft/uipm-design/data/icon/styles.csv +16 -16
  311. package/skills/craft/uipm-design/data/logo/colors.csv +56 -56
  312. package/skills/craft/uipm-design/data/logo/industries.csv +56 -56
  313. package/skills/craft/uipm-design/data/logo/styles.csv +56 -56
  314. package/skills/craft/uipm-design/references/banner-sizes-and-styles.md +129 -129
  315. package/skills/craft/uipm-design/references/cip-deliverable-guide.md +111 -111
  316. package/skills/craft/uipm-design/references/cip-design.md +121 -121
  317. package/skills/craft/uipm-design/references/cip-prompt-engineering.md +94 -94
  318. package/skills/craft/uipm-design/references/cip-style-guide.md +76 -76
  319. package/skills/craft/uipm-design/references/design-routing.md +226 -226
  320. package/skills/craft/uipm-design/references/icon-design.md +122 -122
  321. package/skills/craft/uipm-design/references/logo-color-psychology.md +113 -113
  322. package/skills/craft/uipm-design/references/logo-design.md +92 -92
  323. package/skills/craft/uipm-design/references/logo-prompt-engineering.md +176 -176
  324. package/skills/craft/uipm-design/references/logo-style-guide.md +129 -129
  325. package/skills/craft/uipm-design/references/slides-copywriting-formulas.md +92 -92
  326. package/skills/craft/uipm-design/references/slides-create.md +5 -5
  327. package/skills/craft/uipm-design/references/slides-html-template.md +374 -374
  328. package/skills/craft/uipm-design/references/slides-layout-patterns.md +155 -155
  329. package/skills/craft/uipm-design/references/slides-strategies.md +97 -97
  330. package/skills/craft/uipm-design/references/slides.md +42 -42
  331. package/skills/craft/uipm-design/references/social-photos-design.md +353 -353
  332. package/skills/craft/uipm-design/scripts/cip/core.py +215 -215
  333. package/skills/craft/uipm-design/scripts/cip/generate.py +484 -484
  334. package/skills/craft/uipm-design/scripts/cip/render-html.py +424 -424
  335. package/skills/craft/uipm-design/scripts/cip/search.py +127 -127
  336. package/skills/craft/uipm-design/scripts/icon/generate.py +487 -487
  337. package/skills/craft/uipm-design/scripts/logo/core.py +175 -175
  338. package/skills/craft/uipm-design/scripts/logo/generate.py +362 -362
  339. package/skills/craft/uipm-design/scripts/logo/search.py +114 -114
  340. package/skills/craft/uipm-design-system/LICENSE +21 -21
  341. package/skills/craft/uipm-design-system/SKILL.md +255 -255
  342. package/skills/craft/uipm-design-system/data/slide-backgrounds.csv +11 -11
  343. package/skills/craft/uipm-design-system/data/slide-charts.csv +26 -26
  344. package/skills/craft/uipm-design-system/data/slide-color-logic.csv +14 -14
  345. package/skills/craft/uipm-design-system/data/slide-copy.csv +26 -26
  346. package/skills/craft/uipm-design-system/data/slide-layout-logic.csv +16 -16
  347. package/skills/craft/uipm-design-system/data/slide-layouts.csv +26 -26
  348. package/skills/craft/uipm-design-system/data/slide-strategies.csv +16 -16
  349. package/skills/craft/uipm-design-system/data/slide-typography.csv +15 -15
  350. package/skills/craft/uipm-design-system/references/component-specs.md +236 -236
  351. package/skills/craft/uipm-design-system/references/component-tokens.md +214 -214
  352. package/skills/craft/uipm-design-system/references/primitive-tokens.md +199 -199
  353. package/skills/craft/uipm-design-system/references/semantic-tokens.md +215 -215
  354. package/skills/craft/uipm-design-system/references/states-and-variants.md +243 -243
  355. package/skills/craft/uipm-design-system/references/tailwind-integration.md +257 -257
  356. package/skills/craft/uipm-design-system/references/token-architecture.md +226 -226
  357. package/skills/craft/uipm-design-system/scripts/embed-tokens.cjs +97 -97
  358. package/skills/craft/uipm-design-system/scripts/fetch-background.py +317 -317
  359. package/skills/craft/uipm-design-system/scripts/generate-slide.py +753 -753
  360. package/skills/craft/uipm-design-system/scripts/generate-tokens.cjs +213 -213
  361. package/skills/craft/uipm-design-system/scripts/html-token-validator.py +327 -327
  362. package/skills/craft/uipm-design-system/scripts/search-slides.py +218 -218
  363. package/skills/craft/uipm-design-system/scripts/slide-token-validator.py +35 -35
  364. package/skills/craft/uipm-design-system/scripts/slide_search_core.py +453 -453
  365. package/skills/craft/uipm-design-system/scripts/validate-tokens.cjs +254 -254
  366. package/skills/craft/uipm-design-system/templates/design-tokens-starter.json +143 -143
  367. package/skills/craft/uipm-slides/LICENSE +21 -21
  368. package/skills/craft/uipm-slides/SKILL.md +45 -45
  369. package/skills/craft/uipm-slides/references/copywriting-formulas.md +92 -92
  370. package/skills/craft/uipm-slides/references/create.md +5 -5
  371. package/skills/craft/uipm-slides/references/html-template.md +374 -374
  372. package/skills/craft/uipm-slides/references/layout-patterns.md +155 -155
  373. package/skills/craft/uipm-slides/references/slide-strategies.md +97 -97
  374. package/skills/craft/uipm-ui-ux-pro-max/LICENSE +21 -21
  375. package/skills/craft/uipm-ui-ux-pro-max/SKILL.md +678 -678
  376. package/skills/craft/uipm-ui-ux-pro-max/data/_sync_all.py +414 -414
  377. package/skills/craft/uipm-ui-ux-pro-max/data/app-interface.csv +30 -30
  378. package/skills/craft/uipm-ui-ux-pro-max/data/charts.csv +26 -26
  379. package/skills/craft/uipm-ui-ux-pro-max/data/colors.csv +161 -161
  380. package/skills/craft/uipm-ui-ux-pro-max/data/design.csv +1775 -1775
  381. package/skills/craft/uipm-ui-ux-pro-max/data/draft.csv +1778 -1778
  382. package/skills/craft/uipm-ui-ux-pro-max/data/google-fonts.csv +1924 -1924
  383. package/skills/craft/uipm-ui-ux-pro-max/data/icons.csv +105 -105
  384. package/skills/craft/uipm-ui-ux-pro-max/data/landing.csv +35 -35
  385. package/skills/craft/uipm-ui-ux-pro-max/data/products.csv +162 -162
  386. package/skills/craft/uipm-ui-ux-pro-max/data/react-performance.csv +45 -45
  387. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/angular.csv +51 -51
  388. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/astro.csv +54 -54
  389. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/flutter.csv +53 -53
  390. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
  391. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
  392. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/laravel.csv +51 -51
  393. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
  394. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
  395. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
  396. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/react-native.csv +52 -52
  397. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/react.csv +54 -54
  398. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
  399. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/svelte.csv +54 -54
  400. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
  401. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/threejs.csv +54 -54
  402. package/skills/craft/uipm-ui-ux-pro-max/data/stacks/vue.csv +50 -50
  403. package/skills/craft/uipm-ui-ux-pro-max/data/styles.csv +85 -85
  404. package/skills/craft/uipm-ui-ux-pro-max/data/typography.csv +74 -74
  405. package/skills/craft/uipm-ui-ux-pro-max/data/ui-reasoning.csv +162 -162
  406. package/skills/craft/uipm-ui-ux-pro-max/data/ux-guidelines.csv +99 -99
  407. package/skills/craft/uipm-ui-ux-pro-max/scripts/core.py +262 -262
  408. package/skills/craft/uipm-ui-ux-pro-max/scripts/design_system.py +1148 -1148
  409. package/skills/craft/uipm-ui-ux-pro-max/scripts/search.py +114 -114
  410. package/skills/craft/uipm-ui-ux-pro-max/templates/base/quick-reference.md +297 -297
  411. package/skills/craft/uipm-ui-ux-pro-max/templates/base/skill-content.md +375 -375
  412. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/agent.json +21 -21
  413. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/augment.json +18 -18
  414. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/claude.json +21 -21
  415. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/codebuddy.json +21 -21
  416. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/codex.json +21 -21
  417. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/continue.json +21 -21
  418. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/copilot.json +21 -21
  419. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/cursor.json +21 -21
  420. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/droid.json +21 -21
  421. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/gemini.json +21 -21
  422. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/kilocode.json +21 -21
  423. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/kiro.json +21 -21
  424. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/opencode.json +21 -21
  425. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/qoder.json +21 -21
  426. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/roocode.json +21 -21
  427. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/trae.json +21 -21
  428. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/warp.json +18 -18
  429. package/skills/craft/uipm-ui-ux-pro-max/templates/platforms/windsurf.json +21 -21
  430. package/skills/craft/vercel-optimize/AGENTS.md +48 -48
  431. package/skills/craft/vercel-optimize/CONTRIBUTING.md +41 -41
  432. package/skills/craft/vercel-optimize/LICENSE +21 -21
  433. package/skills/craft/vercel-optimize/README.md +91 -91
  434. package/skills/craft/vercel-optimize/SKILL.md +325 -325
  435. package/skills/craft/vercel-optimize/lib/auth-route.mjs +23 -23
  436. package/skills/craft/vercel-optimize/lib/budget-summary.mjs +208 -208
  437. package/skills/craft/vercel-optimize/lib/citations.mjs +147 -147
  438. package/skills/craft/vercel-optimize/lib/cost-coverage.mjs +162 -162
  439. package/skills/craft/vercel-optimize/lib/dedup-recs.mjs +340 -340
  440. package/skills/craft/vercel-optimize/lib/deep-dive.mjs +371 -371
  441. package/skills/craft/vercel-optimize/lib/display-labels.mjs +219 -219
  442. package/skills/craft/vercel-optimize/lib/extract-claims.mjs +640 -640
  443. package/skills/craft/vercel-optimize/lib/framework-support.mjs +69 -69
  444. package/skills/craft/vercel-optimize/lib/gates/build-minutes-fanout.mjs +73 -73
  445. package/skills/craft/vercel-optimize/lib/gates/cold-start.mjs +72 -72
  446. package/skills/craft/vercel-optimize/lib/gates/contract.mjs +82 -82
  447. package/skills/craft/vercel-optimize/lib/gates/cwv-poor.mjs +95 -95
  448. package/skills/craft/vercel-optimize/lib/gates/external-api-slow.mjs +60 -60
  449. package/skills/craft/vercel-optimize/lib/gates/hard-gates.mjs +70 -70
  450. package/skills/craft/vercel-optimize/lib/gates/index.mjs +45 -45
  451. package/skills/craft/vercel-optimize/lib/gates/isr-overrevalidation.mjs +62 -62
  452. package/skills/craft/vercel-optimize/lib/gates/middleware-heavy.mjs +53 -53
  453. package/skills/craft/vercel-optimize/lib/gates/observability-events-attribution.mjs +58 -58
  454. package/skills/craft/vercel-optimize/lib/gates/platform-bot-protection.mjs +123 -123
  455. package/skills/craft/vercel-optimize/lib/gates/platform-fluid-compute.mjs +94 -94
  456. package/skills/craft/vercel-optimize/lib/gates/region-misconfig.mjs +71 -71
  457. package/skills/craft/vercel-optimize/lib/gates/route-errors.mjs +95 -95
  458. package/skills/craft/vercel-optimize/lib/gates/scanner-driven.mjs +150 -150
  459. package/skills/craft/vercel-optimize/lib/gates/select-candidates.mjs +137 -137
  460. package/skills/craft/vercel-optimize/lib/gates/slow-route.mjs +97 -97
  461. package/skills/craft/vercel-optimize/lib/gates/types.d.ts +38 -38
  462. package/skills/craft/vercel-optimize/lib/gates/uncached-route.mjs +103 -103
  463. package/skills/craft/vercel-optimize/lib/gates/usage-spike-triage.mjs +122 -122
  464. package/skills/craft/vercel-optimize/lib/grade-recommendation.mjs +170 -170
  465. package/skills/craft/vercel-optimize/lib/impact-label.mjs +128 -128
  466. package/skills/craft/vercel-optimize/lib/impact-magnitude.mjs +66 -66
  467. package/skills/craft/vercel-optimize/lib/investigation-brief.mjs +751 -751
  468. package/skills/craft/vercel-optimize/lib/observation-safety.mjs +217 -217
  469. package/skills/craft/vercel-optimize/lib/project-facts.mjs +101 -101
  470. package/skills/craft/vercel-optimize/lib/queries.mjs +333 -333
  471. package/skills/craft/vercel-optimize/lib/reconcile-candidates.mjs +388 -388
  472. package/skills/craft/vercel-optimize/lib/render-report.mjs +1065 -1065
  473. package/skills/craft/vercel-optimize/lib/repo-root.mjs +97 -97
  474. package/skills/craft/vercel-optimize/lib/route-normalize.mjs +224 -224
  475. package/skills/craft/vercel-optimize/lib/sanitizers/bot-protection-certainty.mjs +56 -56
  476. package/skills/craft/vercel-optimize/lib/sanitizers/cache-tag-invalidation-certainty.mjs +33 -33
  477. package/skills/craft/vercel-optimize/lib/sanitizers/count-correct.mjs +53 -53
  478. package/skills/craft/vercel-optimize/lib/sanitizers/function-duration-invocations.mjs +32 -32
  479. package/skills/craft/vercel-optimize/lib/sanitizers/index.mjs +87 -87
  480. package/skills/craft/vercel-optimize/lib/sanitizers/middleware-conflict.mjs +37 -37
  481. package/skills/craft/vercel-optimize/lib/sanitizers/missing-citation.mjs +16 -16
  482. package/skills/craft/vercel-optimize/lib/sanitizers/pre-release.mjs +75 -75
  483. package/skills/craft/vercel-optimize/lib/sanitizers/rate-limit.mjs +73 -73
  484. package/skills/craft/vercel-optimize/lib/sanitizers/rendering-mode-mislabel.mjs +42 -42
  485. package/skills/craft/vercel-optimize/lib/sanitizers/undeclared-dep.mjs +110 -110
  486. package/skills/craft/vercel-optimize/lib/sanitizers/vercel-directive-strip.mjs +37 -37
  487. package/skills/craft/vercel-optimize/lib/sanitizers/window-units.mjs +26 -26
  488. package/skills/craft/vercel-optimize/lib/scanners/cache-components-suspense-dedupe.mjs +114 -114
  489. package/skills/craft/vercel-optimize/lib/scanners/edge-heavy-import.mjs +102 -102
  490. package/skills/craft/vercel-optimize/lib/scanners/force-dynamic.mjs +39 -39
  491. package/skills/craft/vercel-optimize/lib/scanners/headers-in-page.mjs +43 -43
  492. package/skills/craft/vercel-optimize/lib/scanners/index.mjs +35 -35
  493. package/skills/craft/vercel-optimize/lib/scanners/large-static-asset.mjs +93 -93
  494. package/skills/craft/vercel-optimize/lib/scanners/max-age-without-s-maxage.mjs +47 -47
  495. package/skills/craft/vercel-optimize/lib/scanners/middleware-broad-matcher.mjs +53 -53
  496. package/skills/craft/vercel-optimize/lib/scanners/missing-cache-headers.mjs +97 -97
  497. package/skills/craft/vercel-optimize/lib/scanners/prisma-include-tree.mjs +39 -39
  498. package/skills/craft/vercel-optimize/lib/scanners/region-pin-in-config.mjs +89 -89
  499. package/skills/craft/vercel-optimize/lib/scanners/source-maps-production.mjs +33 -33
  500. package/skills/craft/vercel-optimize/lib/scanners/sveltekit-prerender-missing.mjs +47 -47
  501. package/skills/craft/vercel-optimize/lib/scanners/turbo-force-bypass.mjs +136 -136
  502. package/skills/craft/vercel-optimize/lib/scanners/unoptimized-image.mjs +127 -127
  503. package/skills/craft/vercel-optimize/lib/scanners/use-cache-date-stamp.mjs +112 -112
  504. package/skills/craft/vercel-optimize/lib/support-topics.mjs +365 -365
  505. package/skills/craft/vercel-optimize/lib/throttle.mjs +280 -280
  506. package/skills/craft/vercel-optimize/lib/util.mjs +17 -17
  507. package/skills/craft/vercel-optimize/lib/vercel.mjs +855 -855
  508. package/skills/craft/vercel-optimize/lib/verify-claim.mjs +1843 -1843
  509. package/skills/craft/vercel-optimize/lib/workspace-resolver.mjs +552 -552
  510. package/skills/craft/vercel-optimize/metadata.json +14 -14
  511. package/skills/craft/vercel-optimize/references/candidates.md +176 -176
  512. package/skills/craft/vercel-optimize/references/data-collection.md +224 -224
  513. package/skills/craft/vercel-optimize/references/docs-library.json +683 -683
  514. package/skills/craft/vercel-optimize/references/doctrine.md +108 -108
  515. package/skills/craft/vercel-optimize/references/observability-plus.md +109 -109
  516. package/skills/craft/vercel-optimize/references/playbooks/README.md +57 -57
  517. package/skills/craft/vercel-optimize/references/playbooks/ai-application.md +32 -32
  518. package/skills/craft/vercel-optimize/references/playbooks/api-service.md +30 -30
  519. package/skills/craft/vercel-optimize/references/playbooks/content-site.md +30 -30
  520. package/skills/craft/vercel-optimize/references/playbooks/ecommerce.md +30 -30
  521. package/skills/craft/vercel-optimize/references/playbooks/marketing.md +30 -30
  522. package/skills/craft/vercel-optimize/references/playbooks/saas.md +31 -31
  523. package/skills/craft/vercel-optimize/references/playbooks/sveltekit.md +75 -75
  524. package/skills/craft/vercel-optimize/references/recommendations.md +214 -214
  525. package/skills/craft/vercel-optimize/references/scanner-patterns.md +266 -266
  526. package/skills/craft/vercel-optimize/references/scoring.md +208 -208
  527. package/skills/craft/vercel-optimize/references/support-topics/README.md +50 -50
  528. package/skills/craft/vercel-optimize/references/support-topics/astro-edge-middleware-scope.md +30 -30
  529. package/skills/craft/vercel-optimize/references/support-topics/astro-output-mode-and-isr.md +31 -31
  530. package/skills/craft/vercel-optimize/references/support-topics/auth-preserving-parallelization.md +30 -30
  531. package/skills/craft/vercel-optimize/references/support-topics/bot-protection-product-guardrails.md +32 -32
  532. package/skills/craft/vercel-optimize/references/support-topics/build-minutes-monorepo-fanout.md +32 -32
  533. package/skills/craft/vercel-optimize/references/support-topics/cache-components-static-shell-boundaries.md +31 -31
  534. package/skills/craft/vercel-optimize/references/support-topics/cache-components-suspense-dedupe-pitfall.md +32 -32
  535. package/skills/craft/vercel-optimize/references/support-topics/cdn-cache-auth-safety.md +31 -31
  536. package/skills/craft/vercel-optimize/references/support-topics/cold-start-initialization-bundle.md +31 -31
  537. package/skills/craft/vercel-optimize/references/support-topics/core-web-vitals-client-bottlenecks.md +33 -33
  538. package/skills/craft/vercel-optimize/references/support-topics/database-egress-pooling-region.md +32 -32
  539. package/skills/craft/vercel-optimize/references/support-topics/dynamic-rendering-traps.md +31 -31
  540. package/skills/craft/vercel-optimize/references/support-topics/external-api-critical-path-platform.md +31 -31
  541. package/skills/craft/vercel-optimize/references/support-topics/external-api-critical-path.md +31 -31
  542. package/skills/craft/vercel-optimize/references/support-topics/fast-data-transfer-payloads.md +26 -26
  543. package/skills/craft/vercel-optimize/references/support-topics/fluid-compute-caveats.md +26 -26
  544. package/skills/craft/vercel-optimize/references/support-topics/function-duration-io-and-after.md +31 -31
  545. package/skills/craft/vercel-optimize/references/support-topics/function-invocation-reduction.md +31 -31
  546. package/skills/craft/vercel-optimize/references/support-topics/function-region-misconfiguration-ttfb.md +31 -31
  547. package/skills/craft/vercel-optimize/references/support-topics/image-optimization-cost-control.md +31 -31
  548. package/skills/craft/vercel-optimize/references/support-topics/isr-revalidation-static-generation.md +31 -31
  549. package/skills/craft/vercel-optimize/references/support-topics/middleware-proxy-edge-cost.md +30 -30
  550. package/skills/craft/vercel-optimize/references/support-topics/next-fetch-revalidate-floor.md +30 -30
  551. package/skills/craft/vercel-optimize/references/support-topics/next-font-cls-self-hosting.md +31 -31
  552. package/skills/craft/vercel-optimize/references/support-topics/next-heavy-ui-lazy-load-boundaries.md +28 -28
  553. package/skills/craft/vercel-optimize/references/support-topics/next-image-lcp-preload-sizes.md +31 -31
  554. package/skills/craft/vercel-optimize/references/support-topics/next-route-handler-get-cache-defaults.md +30 -30
  555. package/skills/craft/vercel-optimize/references/support-topics/next-script-third-party-strategy.md +31 -31
  556. package/skills/craft/vercel-optimize/references/support-topics/nextjs-version-cache-semantics.md +31 -31
  557. package/skills/craft/vercel-optimize/references/support-topics/not-found-catchall-request-waste.md +33 -33
  558. package/skills/craft/vercel-optimize/references/support-topics/nuxt-route-rules-cache-isr.md +31 -31
  559. package/skills/craft/vercel-optimize/references/support-topics/observability-events-cost-attribution.md +27 -27
  560. package/skills/craft/vercel-optimize/references/support-topics/post-response-work-waituntil.md +26 -26
  561. package/skills/craft/vercel-optimize/references/support-topics/route-error-durable-offload.md +33 -33
  562. package/skills/craft/vercel-optimize/references/support-topics/route-error-runtime-limits.md +31 -31
  563. package/skills/craft/vercel-optimize/references/support-topics/runtime-cache-reusable-data.md +30 -30
  564. package/skills/craft/vercel-optimize/references/support-topics/sveltekit-isr-prerender-safety.md +31 -31
  565. package/skills/craft/vercel-optimize/references/support-topics/sveltekit-split-cold-start-tradeoff.md +30 -30
  566. package/skills/craft/vercel-optimize/references/support-topics/usage-spike-triage.md +31 -31
  567. package/skills/craft/vercel-optimize/references/support-topics/use-cache-date-stamp-isr-write-amplifier.md +31 -31
  568. package/skills/craft/vercel-optimize/references/support-topics/use-cache-remote-shared-origin-data.md +30 -30
  569. package/skills/craft/vercel-optimize/references/support-topics/workflow-resumable-stream-routes.md +32 -32
  570. package/skills/craft/vercel-optimize/references/verification.md +102 -102
  571. package/skills/craft/vercel-optimize/references/voice.md +76 -76
  572. package/skills/craft/vercel-optimize/scripts/budget-summary.mjs +58 -58
  573. package/skills/craft/vercel-optimize/scripts/build-docs.mjs +76 -76
  574. package/skills/craft/vercel-optimize/scripts/check-citations.mjs +91 -91
  575. package/skills/craft/vercel-optimize/scripts/check-docs-fresh.mjs +100 -100
  576. package/skills/craft/vercel-optimize/scripts/collect-signals.mjs +638 -638
  577. package/skills/craft/vercel-optimize/scripts/collect-sub-agent-outputs.mjs +306 -306
  578. package/skills/craft/vercel-optimize/scripts/deep-dive.mjs +358 -358
  579. package/skills/craft/vercel-optimize/scripts/gate-investigations.mjs +178 -178
  580. package/skills/craft/vercel-optimize/scripts/merge-signals.mjs +203 -203
  581. package/skills/craft/vercel-optimize/scripts/prepare-investigation-brief.mjs +249 -249
  582. package/skills/craft/vercel-optimize/scripts/reconcile-candidates.mjs +69 -69
  583. package/skills/craft/vercel-optimize/scripts/render-report.mjs +462 -462
  584. package/skills/craft/vercel-optimize/scripts/scan-codebase.mjs +361 -361
  585. package/skills/craft/vercel-optimize/scripts/verify-and-regen.mjs +379 -379
  586. package/skills/craft/vercel-optimize/scripts/verify-finding.mjs +21 -21
  587. package/skills/craft/web-design-guidelines/LICENSE +21 -21
  588. package/skills/craft/web-design-guidelines/SKILL.md +43 -43
  589. package/skills/craft/zero-to-live/LICENSE +21 -21
  590. package/skills/craft/zero-to-live/SKILL.md +422 -422
  591. package/skills/creative/creative-3d-modeling/LICENSE +21 -21
  592. package/skills/creative/creative-3d-modeling/SKILL.md +70 -70
  593. package/skills/creative/creative-architecture/LICENSE +21 -21
  594. package/skills/creative/creative-architecture/SKILL.md +94 -94
  595. package/skills/creative/creative-design-principles/LICENSE +21 -21
  596. package/skills/creative/creative-design-principles/SKILL.md +95 -95
  597. package/skills/creative/creative-fashion-advanced/LICENSE +21 -21
  598. package/skills/creative/creative-fashion-advanced/SKILL.md +68 -68
  599. package/skills/creative/creative-fashion-design/LICENSE +21 -21
  600. package/skills/creative/creative-fashion-design/SKILL.md +66 -66
  601. package/skills/creative/creative-game-design/LICENSE +21 -21
  602. package/skills/creative/creative-game-design/SKILL.md +77 -77
  603. package/skills/creative/creative-industrial-design/LICENSE +21 -21
  604. package/skills/creative/creative-industrial-design/SKILL.md +57 -57
  605. package/skills/creative/creative-interior-design/LICENSE +21 -21
  606. package/skills/creative/creative-interior-design/SKILL.md +59 -59
  607. package/skills/creative/creative-music-theory/LICENSE +21 -21
  608. package/skills/creative/creative-music-theory/SKILL.md +98 -98
  609. package/skills/creative/creative-photography/LICENSE +21 -21
  610. package/skills/creative/creative-photography/SKILL.md +87 -87
  611. package/skills/creative/creative-textile-science/LICENSE +21 -21
  612. package/skills/creative/creative-textile-science/SKILL.md +67 -67
  613. package/skills/creative/creative-ux/LICENSE +21 -21
  614. package/skills/creative/creative-ux/SKILL.md +81 -81
  615. package/skills/creative/creative-video/LICENSE +21 -21
  616. package/skills/creative/creative-video/SKILL.md +84 -84
  617. package/skills/creative/creative-writing-craft/LICENSE +21 -21
  618. package/skills/creative/creative-writing-craft/SKILL.md +91 -91
  619. package/skills/diagram-maker/SKILL.md +56 -56
  620. package/skills/diagram-maker/references/excalidraw-patterns.md +85 -85
  621. package/skills/diagram-maker/references/svg-template.md +112 -112
  622. package/skills/discord/SKILL.md +140 -140
  623. package/skills/education/edu-adult-learning/LICENSE +21 -21
  624. package/skills/education/edu-adult-learning/SKILL.md +81 -81
  625. package/skills/education/edu-africa-multilingual/LICENSE +21 -21
  626. package/skills/education/edu-africa-multilingual/SKILL.md +55 -55
  627. package/skills/education/edu-arabic/LICENSE +21 -21
  628. package/skills/education/edu-arabic/SKILL.md +60 -60
  629. package/skills/education/edu-australia-nz/LICENSE +21 -21
  630. package/skills/education/edu-australia-nz/SKILL.md +48 -48
  631. package/skills/education/edu-china-mandarin/LICENSE +21 -21
  632. package/skills/education/edu-china-mandarin/SKILL.md +58 -58
  633. package/skills/education/edu-critical-thinking/LICENSE +21 -21
  634. package/skills/education/edu-critical-thinking/SKILL.md +86 -86
  635. package/skills/education/edu-curriculum/LICENSE +21 -21
  636. package/skills/education/edu-curriculum/SKILL.md +87 -87
  637. package/skills/education/edu-ed-tech/LICENSE +21 -21
  638. package/skills/education/edu-ed-tech/SKILL.md +73 -73
  639. package/skills/education/edu-france/LICENSE +21 -21
  640. package/skills/education/edu-france/SKILL.md +42 -42
  641. package/skills/education/edu-germany/LICENSE +21 -21
  642. package/skills/education/edu-germany/SKILL.md +46 -46
  643. package/skills/education/edu-india-competitive/LICENSE +21 -21
  644. package/skills/education/edu-india-competitive/SKILL.md +159 -159
  645. package/skills/education/edu-india-east/LICENSE +21 -21
  646. package/skills/education/edu-india-east/SKILL.md +60 -60
  647. package/skills/education/edu-india-hindi/LICENSE +21 -21
  648. package/skills/education/edu-india-hindi/SKILL.md +107 -107
  649. package/skills/education/edu-india-south/LICENSE +21 -21
  650. package/skills/education/edu-india-south/SKILL.md +64 -64
  651. package/skills/education/edu-india-west/LICENSE +21 -21
  652. package/skills/education/edu-india-west/SKILL.md +68 -68
  653. package/skills/education/edu-indonesia-malay/LICENSE +21 -21
  654. package/skills/education/edu-indonesia-malay/SKILL.md +57 -57
  655. package/skills/education/edu-international-ib/LICENSE +21 -21
  656. package/skills/education/edu-international-ib/SKILL.md +61 -61
  657. package/skills/education/edu-japan/LICENSE +21 -21
  658. package/skills/education/edu-japan/SKILL.md +48 -48
  659. package/skills/education/edu-korea/LICENSE +21 -21
  660. package/skills/education/edu-korea/SKILL.md +48 -48
  661. package/skills/education/edu-learning-science/LICENSE +21 -21
  662. package/skills/education/edu-learning-science/SKILL.md +76 -76
  663. package/skills/education/edu-portuguese-brazil/LICENSE +21 -21
  664. package/skills/education/edu-portuguese-brazil/SKILL.md +51 -51
  665. package/skills/education/edu-russia/LICENSE +21 -21
  666. package/skills/education/edu-russia/SKILL.md +50 -50
  667. package/skills/education/edu-spain-latam/LICENSE +21 -21
  668. package/skills/education/edu-spain-latam/SKILL.md +55 -55
  669. package/skills/education/edu-special/LICENSE +21 -21
  670. package/skills/education/edu-special/SKILL.md +76 -76
  671. package/skills/education/edu-thailand/LICENSE +21 -21
  672. package/skills/education/edu-thailand/SKILL.md +55 -55
  673. package/skills/education/edu-turkey/LICENSE +21 -21
  674. package/skills/education/edu-turkey/SKILL.md +58 -58
  675. package/skills/education/edu-uk-gcse-alevel/LICENSE +21 -21
  676. package/skills/education/edu-uk-gcse-alevel/SKILL.md +51 -51
  677. package/skills/education/edu-usa-graduate/LICENSE +21 -21
  678. package/skills/education/edu-usa-graduate/SKILL.md +57 -57
  679. package/skills/education/edu-usa-sat-act/LICENSE +21 -21
  680. package/skills/education/edu-usa-sat-act/SKILL.md +55 -55
  681. package/skills/education/edu-vietnam/LICENSE +21 -21
  682. package/skills/education/edu-vietnam/SKILL.md +53 -53
  683. package/skills/eightctl/SKILL.md +54 -54
  684. package/skills/engineering/eng-aerospace/LICENSE +21 -21
  685. package/skills/engineering/eng-aerospace/SKILL.md +117 -117
  686. package/skills/engineering/eng-chemical/LICENSE +21 -21
  687. package/skills/engineering/eng-chemical/SKILL.md +63 -63
  688. package/skills/engineering/eng-civil/LICENSE +21 -21
  689. package/skills/engineering/eng-civil/SKILL.md +223 -223
  690. package/skills/engineering/eng-control-systems/LICENSE +21 -21
  691. package/skills/engineering/eng-control-systems/SKILL.md +158 -158
  692. package/skills/engineering/eng-cryogenics/LICENSE +21 -21
  693. package/skills/engineering/eng-cryogenics/SKILL.md +151 -151
  694. package/skills/engineering/eng-electrical/LICENSE +21 -21
  695. package/skills/engineering/eng-electrical/SKILL.md +70 -70
  696. package/skills/engineering/eng-electronics-embedded/LICENSE +21 -21
  697. package/skills/engineering/eng-electronics-embedded/SKILL.md +89 -89
  698. package/skills/engineering/eng-environmental/LICENSE +21 -21
  699. package/skills/engineering/eng-environmental/SKILL.md +66 -66
  700. package/skills/engineering/eng-manufacturing/LICENSE +21 -21
  701. package/skills/engineering/eng-manufacturing/SKILL.md +78 -78
  702. package/skills/engineering/eng-mechanical/LICENSE +21 -21
  703. package/skills/engineering/eng-mechanical/SKILL.md +66 -66
  704. package/skills/engineering/eng-project/LICENSE +21 -21
  705. package/skills/engineering/eng-project/SKILL.md +72 -72
  706. package/skills/engineering/eng-propulsion/LICENSE +21 -21
  707. package/skills/engineering/eng-propulsion/SKILL.md +133 -133
  708. package/skills/engineering/eng-robotics/LICENSE +21 -21
  709. package/skills/engineering/eng-robotics/SKILL.md +92 -92
  710. package/skills/engineering/eng-systems/LICENSE +21 -21
  711. package/skills/engineering/eng-systems/SKILL.md +81 -81
  712. package/skills/environment/env-biodiversity/LICENSE +21 -21
  713. package/skills/environment/env-biodiversity/SKILL.md +66 -66
  714. package/skills/environment/env-circular-economy/LICENSE +21 -21
  715. package/skills/environment/env-circular-economy/SKILL.md +71 -71
  716. package/skills/environment/env-climate-action/LICENSE +21 -21
  717. package/skills/environment/env-climate-action/SKILL.md +55 -55
  718. package/skills/environment/env-energy/LICENSE +21 -21
  719. package/skills/environment/env-energy/SKILL.md +83 -83
  720. package/skills/environment/env-sustainability-biz/LICENSE +21 -21
  721. package/skills/environment/env-sustainability-biz/SKILL.md +65 -65
  722. package/skills/environment/env-water/LICENSE +21 -21
  723. package/skills/environment/env-water/SKILL.md +67 -67
  724. package/skills/finance/finance-accounting/LICENSE +21 -21
  725. package/skills/finance/finance-accounting/SKILL.md +239 -239
  726. package/skills/finance/finance-banking/LICENSE +21 -21
  727. package/skills/finance/finance-banking/SKILL.md +54 -54
  728. package/skills/finance/finance-corporate/LICENSE +21 -21
  729. package/skills/finance/finance-corporate/SKILL.md +105 -105
  730. package/skills/finance/finance-crypto/LICENSE +21 -21
  731. package/skills/finance/finance-crypto/SKILL.md +94 -94
  732. package/skills/finance/finance-debt-management/LICENSE +21 -21
  733. package/skills/finance/finance-debt-management/SKILL.md +87 -87
  734. package/skills/finance/finance-insurance/LICENSE +21 -21
  735. package/skills/finance/finance-insurance/SKILL.md +91 -91
  736. package/skills/finance/finance-investing/LICENSE +21 -21
  737. package/skills/finance/finance-investing/SKILL.md +269 -269
  738. package/skills/finance/finance-options-derivatives/LICENSE +21 -21
  739. package/skills/finance/finance-options-derivatives/SKILL.md +68 -68
  740. package/skills/finance/finance-personal/LICENSE +21 -21
  741. package/skills/finance/finance-personal/SKILL.md +268 -268
  742. package/skills/finance/finance-real-estate/LICENSE +21 -21
  743. package/skills/finance/finance-real-estate/SKILL.md +110 -110
  744. package/skills/finance/finance-startup/LICENSE +21 -21
  745. package/skills/finance/finance-startup/SKILL.md +253 -253
  746. package/skills/finance/finance-tax-planning/LICENSE +21 -21
  747. package/skills/finance/finance-tax-planning/SKILL.md +89 -89
  748. package/skills/finance/finance-trading/LICENSE +21 -21
  749. package/skills/finance/finance-trading/SKILL.md +112 -112
  750. package/skills/gemini/SKILL.md +51 -51
  751. package/skills/gh-issues/SKILL.md +216 -216
  752. package/skills/gifgrep/SKILL.md +89 -89
  753. package/skills/github/SKILL.md +87 -87
  754. package/skills/gog/SKILL.md +120 -120
  755. package/skills/goplaces/SKILL.md +56 -56
  756. package/skills/graphify/SKILL.md +619 -619
  757. package/skills/health/health-aging/LICENSE +21 -21
  758. package/skills/health/health-aging/SKILL.md +82 -82
  759. package/skills/health/health-chronic/LICENSE +21 -21
  760. package/skills/health/health-chronic/SKILL.md +202 -202
  761. package/skills/health/health-dental/LICENSE +21 -21
  762. package/skills/health/health-dental/SKILL.md +41 -41
  763. package/skills/health/health-eye-care/LICENSE +21 -21
  764. package/skills/health/health-eye-care/SKILL.md +56 -56
  765. package/skills/health/health-first-aid/LICENSE +21 -21
  766. package/skills/health/health-first-aid/SKILL.md +201 -201
  767. package/skills/health/health-fitness/LICENSE +21 -21
  768. package/skills/health/health-fitness/SKILL.md +111 -111
  769. package/skills/health/health-general/LICENSE +21 -21
  770. package/skills/health/health-general/SKILL.md +277 -277
  771. package/skills/health/health-mens/LICENSE +21 -21
  772. package/skills/health/health-mens/SKILL.md +53 -53
  773. package/skills/health/health-mental/LICENSE +21 -21
  774. package/skills/health/health-mental/SKILL.md +221 -221
  775. package/skills/health/health-naturopathy-ayurveda/LICENSE +21 -21
  776. package/skills/health/health-naturopathy-ayurveda/SKILL.md +60 -60
  777. package/skills/health/health-nutrition/LICENSE +21 -21
  778. package/skills/health/health-nutrition/SKILL.md +262 -262
  779. package/skills/health/health-pediatric/LICENSE +21 -21
  780. package/skills/health/health-pediatric/SKILL.md +94 -94
  781. package/skills/health/health-pharmacology/LICENSE +21 -21
  782. package/skills/health/health-pharmacology/SKILL.md +87 -87
  783. package/skills/health/health-pregnancy/LICENSE +21 -21
  784. package/skills/health/health-pregnancy/SKILL.md +71 -71
  785. package/skills/health/health-skin/LICENSE +21 -21
  786. package/skills/health/health-skin/SKILL.md +71 -71
  787. package/skills/health/health-sleep/LICENSE +21 -21
  788. package/skills/health/health-sleep/SKILL.md +81 -81
  789. package/skills/health/health-womens/LICENSE +21 -21
  790. package/skills/health/health-womens/SKILL.md +72 -72
  791. package/skills/health/health-yoga-wellness/LICENSE +21 -21
  792. package/skills/health/health-yoga-wellness/SKILL.md +58 -58
  793. package/skills/healthcare-systems/health-sys-global/LICENSE +21 -21
  794. package/skills/healthcare-systems/health-sys-global/SKILL.md +69 -69
  795. package/skills/healthcare-systems/health-sys-management/LICENSE +21 -21
  796. package/skills/healthcare-systems/health-sys-management/SKILL.md +71 -71
  797. package/skills/healthcare-systems/health-sys-navigation/LICENSE +21 -21
  798. package/skills/healthcare-systems/health-sys-navigation/SKILL.md +60 -60
  799. package/skills/healthcare-systems/health-sys-public/LICENSE +21 -21
  800. package/skills/healthcare-systems/health-sys-public/SKILL.md +71 -71
  801. package/skills/healthcheck/SKILL.md +109 -109
  802. package/skills/himalaya/SKILL.md +84 -84
  803. package/skills/himalaya/references/configuration.md +184 -184
  804. package/skills/himalaya/references/message-composition.md +199 -199
  805. package/skills/humanities/humanities-history-world/LICENSE +21 -21
  806. package/skills/humanities/humanities-history-world/SKILL.md +59 -59
  807. package/skills/humanities/humanities-indian-classical/LICENSE +21 -21
  808. package/skills/humanities/humanities-indian-classical/SKILL.md +104 -104
  809. package/skills/humanities/humanities-philosophy/LICENSE +21 -21
  810. package/skills/humanities/humanities-philosophy/SKILL.md +105 -105
  811. package/skills/humanities/humanities-world-religions/LICENSE +21 -21
  812. package/skills/humanities/humanities-world-religions/SKILL.md +67 -67
  813. package/skills/impeccable/SKILL.md +185 -185
  814. package/skills/imsg/SKILL.md +126 -126
  815. package/skills/industry/industry-construction/LICENSE +21 -21
  816. package/skills/industry/industry-construction/SKILL.md +81 -81
  817. package/skills/industry/industry-education-sector/LICENSE +21 -21
  818. package/skills/industry/industry-education-sector/SKILL.md +49 -49
  819. package/skills/industry/industry-fashion/LICENSE +21 -21
  820. package/skills/industry/industry-fashion/SKILL.md +82 -82
  821. package/skills/industry/industry-food/LICENSE +21 -21
  822. package/skills/industry/industry-food/SKILL.md +79 -79
  823. package/skills/industry/industry-government/LICENSE +21 -21
  824. package/skills/industry/industry-government/SKILL.md +80 -80
  825. package/skills/industry/industry-hospitality/LICENSE +21 -21
  826. package/skills/industry/industry-hospitality/SKILL.md +73 -73
  827. package/skills/industry/industry-insurance-sector/LICENSE +21 -21
  828. package/skills/industry/industry-insurance-sector/SKILL.md +57 -57
  829. package/skills/industry/industry-logistics/LICENSE +21 -21
  830. package/skills/industry/industry-logistics/SKILL.md +80 -80
  831. package/skills/industry/industry-media/LICENSE +21 -21
  832. package/skills/industry/industry-media/SKILL.md +66 -66
  833. package/skills/industry/industry-nonprofit/LICENSE +21 -21
  834. package/skills/industry/industry-nonprofit/SKILL.md +77 -77
  835. package/skills/industry/industry-pharma/LICENSE +21 -21
  836. package/skills/industry/industry-pharma/SKILL.md +69 -69
  837. package/skills/industry/industry-real-estate/LICENSE +21 -21
  838. package/skills/industry/industry-real-estate/SKILL.md +61 -61
  839. package/skills/industry/industry-sports/LICENSE +21 -21
  840. package/skills/industry/industry-sports/SKILL.md +71 -71
  841. package/skills/industry/industry-tech-startup/LICENSE +21 -21
  842. package/skills/industry/industry-tech-startup/SKILL.md +82 -82
  843. package/skills/internal-comms/LICENSE +21 -21
  844. package/skills/internal-comms/SKILL.md +38 -38
  845. package/skills/internal-comms/examples/3p-updates.md +49 -49
  846. package/skills/internal-comms/examples/company-newsletter.md +76 -76
  847. package/skills/internal-comms/examples/faq-answers.md +35 -35
  848. package/skills/internal-comms/examples/general-comms.md +19 -19
  849. package/skills/legal/legal-business/LICENSE +21 -21
  850. package/skills/legal/legal-business/SKILL.md +227 -227
  851. package/skills/legal/legal-consumer/LICENSE +21 -21
  852. package/skills/legal/legal-consumer/SKILL.md +155 -155
  853. package/skills/legal/legal-contracts/LICENSE +21 -21
  854. package/skills/legal/legal-contracts/SKILL.md +268 -268
  855. package/skills/legal/legal-corporate-governance/LICENSE +21 -21
  856. package/skills/legal/legal-corporate-governance/SKILL.md +53 -53
  857. package/skills/legal/legal-employment/LICENSE +21 -21
  858. package/skills/legal/legal-employment/SKILL.md +291 -291
  859. package/skills/legal/legal-immigration/LICENSE +21 -21
  860. package/skills/legal/legal-immigration/SKILL.md +146 -146
  861. package/skills/legal/legal-international/LICENSE +21 -21
  862. package/skills/legal/legal-international/SKILL.md +51 -51
  863. package/skills/legal/legal-ip/LICENSE +21 -21
  864. package/skills/legal/legal-ip/SKILL.md +264 -264
  865. package/skills/legal/legal-privacy/LICENSE +21 -21
  866. package/skills/legal/legal-privacy/SKILL.md +161 -161
  867. package/skills/legal/legal-real-estate/LICENSE +21 -21
  868. package/skills/legal/legal-real-estate/SKILL.md +142 -142
  869. package/skills/legal/legal-startup/LICENSE +21 -21
  870. package/skills/legal/legal-startup/SKILL.md +182 -182
  871. package/skills/legal/legal-tax/LICENSE +21 -21
  872. package/skills/legal/legal-tax/SKILL.md +156 -156
  873. package/skills/mcp-builder/LICENSE +21 -21
  874. package/skills/mcp-builder/SKILL.md +257 -257
  875. package/skills/mcp-builder/reference/evaluation.md +630 -630
  876. package/skills/mcp-builder/reference/mcp_best_practices.md +269 -269
  877. package/skills/mcp-builder/reference/node_mcp_server.md +980 -980
  878. package/skills/mcp-builder/reference/python_mcp_server.md +737 -737
  879. package/skills/mcp-builder/scripts/connections.py +151 -151
  880. package/skills/mcp-builder/scripts/evaluation.py +373 -373
  881. package/skills/mcp-builder/scripts/example_evaluation.xml +22 -22
  882. package/skills/mcp-builder/scripts/requirements.txt +2 -2
  883. package/skills/mcporter/SKILL.md +65 -65
  884. package/skills/meme-maker/SKILL.md +46 -46
  885. package/skills/meme-maker/references/templates.json +358 -358
  886. package/skills/meme-maker/scripts/meme.mjs +398 -398
  887. package/skills/mental-health/mental-health-cbt/LICENSE +21 -21
  888. package/skills/mental-health/mental-health-cbt/SKILL.md +254 -254
  889. package/skills/mental-health/psych-addiction/LICENSE +21 -21
  890. package/skills/mental-health/psych-addiction/SKILL.md +79 -79
  891. package/skills/mental-health/psych-behavioral-econ/LICENSE +21 -21
  892. package/skills/mental-health/psych-behavioral-econ/SKILL.md +84 -84
  893. package/skills/mental-health/psych-child/LICENSE +21 -21
  894. package/skills/mental-health/psych-child/SKILL.md +84 -84
  895. package/skills/mental-health/psych-grief/LICENSE +21 -21
  896. package/skills/mental-health/psych-grief/SKILL.md +85 -85
  897. package/skills/mental-health/psych-mindfulness/LICENSE +21 -21
  898. package/skills/mental-health/psych-mindfulness/SKILL.md +71 -71
  899. package/skills/mental-health/psych-org/LICENSE +21 -21
  900. package/skills/mental-health/psych-org/SKILL.md +115 -115
  901. package/skills/mental-health/psych-positive/LICENSE +21 -21
  902. package/skills/mental-health/psych-positive/SKILL.md +86 -86
  903. package/skills/mental-health/psych-relationships/LICENSE +21 -21
  904. package/skills/mental-health/psych-relationships/SKILL.md +100 -100
  905. package/skills/mental-health/psych-trauma/LICENSE +21 -21
  906. package/skills/mental-health/psych-trauma/SKILL.md +109 -109
  907. package/skills/model-usage/SKILL.md +75 -75
  908. package/skills/model-usage/references/codexbar-cli.md +33 -33
  909. package/skills/model-usage/scripts/model_usage.py +319 -319
  910. package/skills/model-usage/scripts/test_model_usage.py +40 -40
  911. package/skills/nano-pdf/SKILL.md +42 -42
  912. package/skills/node-connect/SKILL.md +147 -147
  913. package/skills/node-inspect-debugger/SKILL.md +88 -88
  914. package/skills/notion/SKILL.md +154 -154
  915. package/skills/obsidian/SKILL.md +123 -123
  916. package/skills/openai-whisper/SKILL.md +42 -42
  917. package/skills/openai-whisper-api/SKILL.md +75 -75
  918. package/skills/openai-whisper-api/scripts/transcribe.sh +154 -154
  919. package/skills/openhue/SKILL.md +116 -116
  920. package/skills/oracle/SKILL.md +130 -130
  921. package/skills/ordercli/SKILL.md +82 -82
  922. package/skills/peekaboo/SKILL.md +217 -217
  923. package/skills/pyproject.toml +10 -10
  924. package/skills/python-debugpy/SKILL.md +76 -76
  925. package/skills/sag/SKILL.md +91 -91
  926. package/skills/science/sci-astronomy/LICENSE +21 -21
  927. package/skills/science/sci-astronomy/SKILL.md +80 -80
  928. package/skills/science/sci-biology/LICENSE +21 -21
  929. package/skills/science/sci-biology/SKILL.md +74 -74
  930. package/skills/science/sci-chemistry/LICENSE +21 -21
  931. package/skills/science/sci-chemistry/SKILL.md +89 -89
  932. package/skills/science/sci-climate/LICENSE +21 -21
  933. package/skills/science/sci-climate/SKILL.md +72 -72
  934. package/skills/science/sci-data-analysis/LICENSE +21 -21
  935. package/skills/science/sci-data-analysis/SKILL.md +87 -87
  936. package/skills/science/sci-environmental-science/LICENSE +21 -21
  937. package/skills/science/sci-environmental-science/SKILL.md +69 -69
  938. package/skills/science/sci-geology/LICENSE +21 -21
  939. package/skills/science/sci-geology/SKILL.md +56 -56
  940. package/skills/science/sci-method/LICENSE +21 -21
  941. package/skills/science/sci-method/SKILL.md +77 -77
  942. package/skills/science/sci-neuroscience/LICENSE +21 -21
  943. package/skills/science/sci-neuroscience/SKILL.md +79 -79
  944. package/skills/science/sci-physics/LICENSE +21 -21
  945. package/skills/science/sci-physics/SKILL.md +78 -78
  946. package/skills/science/sci-research-methods/LICENSE +21 -21
  947. package/skills/science/sci-research-methods/SKILL.md +83 -83
  948. package/skills/science/sci-statistics/LICENSE +21 -21
  949. package/skills/science/sci-statistics/SKILL.md +249 -249
  950. package/skills/session-logs/SKILL.md +155 -155
  951. package/skills/sherpa-onnx-tts/SKILL.md +113 -113
  952. package/skills/skill-creator/SKILL.md +81 -81
  953. package/skills/skill-creator/license.txt +202 -202
  954. package/skills/skill-creator/scripts/init_skill.py +378 -378
  955. package/skills/skill-creator/scripts/package_skill.py +144 -144
  956. package/skills/skill-creator/scripts/quick_validate.py +169 -169
  957. package/skills/skill-creator/scripts/test_init_skill.py +51 -51
  958. package/skills/skill-creator/scripts/test_package_skill.py +199 -199
  959. package/skills/skill-creator/scripts/test_quick_validate.py +116 -116
  960. package/skills/slack/SKILL.md +82 -82
  961. package/skills/slack-gif-creator/LICENSE +21 -21
  962. package/skills/slack-gif-creator/SKILL.md +293 -293
  963. package/skills/slack-gif-creator/requirements.txt +3 -3
  964. package/skills/social-sciences/social-anthropology/LICENSE +21 -21
  965. package/skills/social-sciences/social-anthropology/SKILL.md +62 -62
  966. package/skills/social-sciences/social-economics/LICENSE +21 -21
  967. package/skills/social-sciences/social-economics/SKILL.md +88 -88
  968. package/skills/social-sciences/social-geography/LICENSE +21 -21
  969. package/skills/social-sciences/social-geography/SKILL.md +61 -61
  970. package/skills/social-sciences/social-international-dev/LICENSE +21 -21
  971. package/skills/social-sciences/social-international-dev/SKILL.md +76 -76
  972. package/skills/social-sciences/social-political-science/LICENSE +21 -21
  973. package/skills/social-sciences/social-political-science/SKILL.md +70 -70
  974. package/skills/social-sciences/social-public-policy/LICENSE +21 -21
  975. package/skills/social-sciences/social-public-policy/SKILL.md +73 -73
  976. package/skills/social-sciences/social-sociology/LICENSE +21 -21
  977. package/skills/social-sciences/social-sociology/SKILL.md +78 -78
  978. package/skills/songsee/SKILL.md +53 -53
  979. package/skills/sonoscli/SKILL.md +69 -69
  980. package/skills/spike/SKILL.md +55 -55
  981. package/skills/spotify-player/SKILL.md +68 -68
  982. package/skills/summarize/SKILL.md +90 -90
  983. package/skills/taskflow/SKILL.md +153 -153
  984. package/skills/taskflow/examples/inbox-triage.lobster +33 -33
  985. package/skills/taskflow/examples/pr-intake.lobster +32 -32
  986. package/skills/taskflow-inbox-triage/SKILL.md +123 -123
  987. package/skills/technical/ai-ethics/LICENSE +21 -21
  988. package/skills/technical/ai-ethics/SKILL.md +92 -92
  989. package/skills/technical/ai-product-builder/LICENSE +21 -21
  990. package/skills/technical/ai-product-builder/SKILL.md +180 -180
  991. package/skills/technical/analytics-setup/LICENSE +21 -21
  992. package/skills/technical/analytics-setup/SKILL.md +125 -125
  993. package/skills/technical/api-builder/LICENSE +21 -21
  994. package/skills/technical/api-builder/SKILL.md +202 -202
  995. package/skills/technical/architecture-decisions/LICENSE +21 -21
  996. package/skills/technical/architecture-decisions/SKILL.md +120 -120
  997. package/skills/technical/auth-security/LICENSE +21 -21
  998. package/skills/technical/auth-security/SKILL.md +209 -209
  999. package/skills/technical/blockchain-web3/LICENSE +21 -21
  1000. package/skills/technical/blockchain-web3/SKILL.md +84 -84
  1001. package/skills/technical/cloud-architecture/LICENSE +21 -21
  1002. package/skills/technical/cloud-architecture/SKILL.md +85 -85
  1003. package/skills/technical/content-platform/LICENSE +21 -21
  1004. package/skills/technical/content-platform/SKILL.md +134 -134
  1005. package/skills/technical/cybersecurity-advanced/LICENSE +21 -21
  1006. package/skills/technical/cybersecurity-advanced/SKILL.md +99 -99
  1007. package/skills/technical/data-engineering/LICENSE +21 -21
  1008. package/skills/technical/data-engineering/SKILL.md +117 -117
  1009. package/skills/technical/database-design/LICENSE +21 -21
  1010. package/skills/technical/database-design/SKILL.md +185 -185
  1011. package/skills/technical/devops-cicd/LICENSE +21 -21
  1012. package/skills/technical/devops-cicd/SKILL.md +181 -181
  1013. package/skills/technical/ecommerce-builder/LICENSE +21 -21
  1014. package/skills/technical/ecommerce-builder/SKILL.md +123 -123
  1015. package/skills/technical/email-marketing/LICENSE +21 -21
  1016. package/skills/technical/email-marketing/SKILL.md +128 -128
  1017. package/skills/technical/fintech-builder/LICENSE +21 -21
  1018. package/skills/technical/fintech-builder/SKILL.md +141 -141
  1019. package/skills/technical/full-stack-web/LICENSE +21 -21
  1020. package/skills/technical/full-stack-web/SKILL.md +173 -173
  1021. package/skills/technical/gdpr-basics/LICENSE +21 -21
  1022. package/skills/technical/gdpr-basics/SKILL.md +145 -145
  1023. package/skills/technical/launch-playbook/LICENSE +21 -21
  1024. package/skills/technical/launch-playbook/SKILL.md +95 -95
  1025. package/skills/technical/marketing-copy/LICENSE +21 -21
  1026. package/skills/technical/marketing-copy/SKILL.md +126 -126
  1027. package/skills/technical/marketplace-builder/LICENSE +21 -21
  1028. package/skills/technical/marketplace-builder/SKILL.md +105 -105
  1029. package/skills/technical/mobile-pwa/LICENSE +21 -21
  1030. package/skills/technical/mobile-pwa/SKILL.md +191 -191
  1031. package/skills/technical/no-code-tools/LICENSE +21 -21
  1032. package/skills/technical/no-code-tools/SKILL.md +80 -80
  1033. package/skills/technical/open-source/LICENSE +21 -21
  1034. package/skills/technical/open-source/SKILL.md +71 -71
  1035. package/skills/technical/performance-optimization/LICENSE +21 -21
  1036. package/skills/technical/performance-optimization/SKILL.md +155 -155
  1037. package/skills/technical/pricing-design/LICENSE +21 -21
  1038. package/skills/technical/pricing-design/SKILL.md +87 -87
  1039. package/skills/technical/product-management/LICENSE +21 -21
  1040. package/skills/technical/product-management/SKILL.md +94 -94
  1041. package/skills/technical/saas-builder/LICENSE +21 -21
  1042. package/skills/technical/saas-builder/SKILL.md +138 -138
  1043. package/skills/technical/scope-estimation/LICENSE +21 -21
  1044. package/skills/technical/scope-estimation/SKILL.md +99 -99
  1045. package/skills/technical/secrets-management/LICENSE +21 -21
  1046. package/skills/technical/secrets-management/SKILL.md +135 -135
  1047. package/skills/technical/seo-technical/LICENSE +21 -21
  1048. package/skills/technical/seo-technical/SKILL.md +136 -136
  1049. package/skills/technical/technical-writing/LICENSE +21 -21
  1050. package/skills/technical/technical-writing/SKILL.md +149 -149
  1051. package/skills/technical/ux-research-tools/LICENSE +21 -21
  1052. package/skills/technical/ux-research-tools/SKILL.md +54 -54
  1053. package/skills/theme-factory/LICENSE +21 -21
  1054. package/skills/theme-factory/SKILL.md +65 -65
  1055. package/skills/theme-factory/themes/arctic-frost.md +19 -19
  1056. package/skills/theme-factory/themes/botanical-garden.md +19 -19
  1057. package/skills/theme-factory/themes/desert-rose.md +19 -19
  1058. package/skills/theme-factory/themes/forest-canopy.md +19 -19
  1059. package/skills/theme-factory/themes/golden-hour.md +19 -19
  1060. package/skills/theme-factory/themes/midnight-galaxy.md +19 -19
  1061. package/skills/theme-factory/themes/modern-minimalist.md +19 -19
  1062. package/skills/theme-factory/themes/ocean-depths.md +19 -19
  1063. package/skills/theme-factory/themes/sunset-boulevard.md +19 -19
  1064. package/skills/theme-factory/themes/tech-innovation.md +19 -19
  1065. package/skills/things-mac/SKILL.md +90 -90
  1066. package/skills/tmux/SKILL.md +95 -95
  1067. package/skills/tmux/scripts/find-sessions.sh +112 -112
  1068. package/skills/tmux/scripts/wait-for-text.sh +83 -83
  1069. package/skills/trades/trades-agriculture/LICENSE +21 -21
  1070. package/skills/trades/trades-agriculture/SKILL.md +80 -80
  1071. package/skills/trades/trades-automotive/LICENSE +21 -21
  1072. package/skills/trades/trades-automotive/SKILL.md +84 -84
  1073. package/skills/trades/trades-carpentry/LICENSE +21 -21
  1074. package/skills/trades/trades-carpentry/SKILL.md +71 -71
  1075. package/skills/trades/trades-cooking-pro/LICENSE +21 -21
  1076. package/skills/trades/trades-cooking-pro/SKILL.md +90 -90
  1077. package/skills/trades/trades-electrical/LICENSE +21 -21
  1078. package/skills/trades/trades-electrical/SKILL.md +146 -146
  1079. package/skills/trades/trades-hvac/LICENSE +21 -21
  1080. package/skills/trades/trades-hvac/SKILL.md +80 -80
  1081. package/skills/trades/trades-landscaping/LICENSE +21 -21
  1082. package/skills/trades/trades-landscaping/SKILL.md +60 -60
  1083. package/skills/trades/trades-metalworking/LICENSE +21 -21
  1084. package/skills/trades/trades-metalworking/SKILL.md +64 -64
  1085. package/skills/trades/trades-painting/LICENSE +21 -21
  1086. package/skills/trades/trades-painting/SKILL.md +70 -70
  1087. package/skills/trades/trades-plumbing/LICENSE +21 -21
  1088. package/skills/trades/trades-plumbing/SKILL.md +160 -160
  1089. package/skills/trades/trades-welding/LICENSE +21 -21
  1090. package/skills/trades/trades-welding/SKILL.md +82 -82
  1091. package/skills/trello/SKILL.md +112 -112
  1092. package/skills/uipm-ui-styling/SKILL.md +328 -328
  1093. package/skills/video-frames/SKILL.md +50 -50
  1094. package/skills/video-frames/scripts/frame.sh +81 -81
  1095. package/skills/voice-call/SKILL.md +49 -49
  1096. package/skills/wacli/SKILL.md +76 -76
  1097. package/skills/weather/SKILL.md +91 -91
  1098. package/skills/web-artifacts-builder/LICENSE +21 -21
  1099. package/skills/web-artifacts-builder/SKILL.md +82 -82
  1100. package/skills/web-artifacts-builder/scripts/bundle-artifact.sh +53 -53
  1101. package/skills/web-artifacts-builder/scripts/init-artifact.sh +322 -322
  1102. package/skills/xurl/SKILL.md +124 -124
@@ -1,839 +1,839 @@
1
- # Cybersecurity Intelligence Reference
2
-
3
- # Covers: AppSec, NetSec, CloudSec, DevSecOps, Threat Intel, SIEM, Compliance, Fraud, Incident Response
4
-
5
- ## DEFENSE IN DEPTH MODEL
6
-
7
- Never rely on a single control. Layer security at every level:
8
-
9
- ```
10
- Layer 1 — Perimeter: WAF, DDoS protection, CDN edge rules, geo-blocking
11
- Layer 2 — Network: Firewall rules, VPC isolation, private subnets, VPN, zero-trust network access
12
- Layer 3 — Identity: MFA, SSO, PAM, least privilege, just-in-time access
13
- Layer 4 — Application: Input validation, auth/authz, CSRF, rate limiting, API security
14
- Layer 5 — Data: Encryption at rest + transit, tokenization, masking, key management
15
- Layer 6 — Endpoint: EDR, patch management, container hardening, OS baselines
16
- Layer 7 — Detection: SIEM, anomaly detection, threat intel feeds, behavioral analytics
17
- Layer 8 — Response: IR playbooks, forensics capability, backup/restore tested weekly
18
-
19
- Principle: Assume every layer will eventually be breached. Design so that one breach ≠ catastrophe.
20
- ```
21
-
22
- ---
23
-
24
- ## OWASP TOP 10 — WEB (2021) — Fix Every One
25
-
26
- ### A01: Broken Access Control (Most Common)
27
-
28
- ```
29
- Attack: Access /api/users/456 as user 123. Horizontal privilege escalation.
30
- Fix: Always verify ownership: WHERE id = $1 AND org_id = $current_org
31
- Row-Level Security in PostgreSQL enforces this at DB level.
32
- Never trust user-supplied IDs without authorization check.
33
- Test: Authenticated as User A, attempt all User B's resource endpoints.
34
-
35
- Code fix:
36
- // BAD:
37
- const tx = await db.transaction.findUnique({ where: { id: req.params.id }})
38
-
39
- // GOOD:
40
- const tx = await db.transaction.findUnique({
41
- where: { id: req.params.id, userId: req.user.id } // scope to authenticated user
42
- })
43
- if (!tx) throw new NotFoundError() // same error whether missing or unauthorized
44
- ```
45
-
46
- ### A02: Cryptographic Failures
47
-
48
- ```
49
- Attack: Sensitive data in plaintext DB, MD5 passwords, HTTP traffic, weak keys.
50
- Fix: TLS 1.3 everywhere. AES-256-GCM for data at rest.
51
- Passwords: argon2id (winner of PHC). Never MD5/SHA1/bcrypt(cost<12).
52
- PII fields: encrypt at application layer (not just disk encryption).
53
- No secrets in logs. No PAN/SSN in URLs.
54
-
55
- Password hashing:
56
- import argon2 from 'argon2'
57
- const hash = await argon2.hash(password, {
58
- type: argon2.argon2id,
59
- memoryCost: 65536, // 64MB
60
- timeCost: 3, // 3 iterations
61
- parallelism: 4 // 4 threads
62
- })
63
- ```
64
-
65
- ### A03: Injection (SQL, NoSQL, LDAP, Command)
66
-
67
- ```
68
- Attack: User inputs: ' OR '1'='1 → dumps entire table.
69
- Fix: Parameterized queries. ALWAYS. No string concatenation in queries.
70
- ORM query builders (Prisma, SQLAlchemy) are safe by default.
71
- Command injection: never exec() user input. Use allowlists.
72
-
73
- // NEVER:
74
- db.query(`SELECT * FROM users WHERE email = '${email}'`)
75
-
76
- // ALWAYS:
77
- db.query('SELECT * FROM users WHERE email = $1', [email])
78
- ```
79
-
80
- ### A04: Insecure Design
81
-
82
- ```
83
- Attack: Business logic flaws — buy item for $0, skip payment step, replay coupons.
84
- Fix: Threat model every feature before coding.
85
- State machine validation — enforce valid state transitions server-side.
86
- Rate limit sensitive operations (password reset: 3/hour, not 1000/hour).
87
- Never trust client-side price/discount calculation.
88
- ```
89
-
90
- ### A05: Security Misconfiguration
91
-
92
- ```
93
- Common: Default credentials, directory listing, verbose error messages in prod,
94
- open S3 buckets, unrestricted CORS, unused ports open, debug mode on.
95
- Fix: Infrastructure as Code — configuration is reviewed, version-controlled.
96
- CSPM tool (Wiz, Prisma Cloud, or free: CloudSploit) scans continuously.
97
- Env diff check: prod config audited against security baseline weekly.
98
- Error responses: generic in prod, never stack traces to client.
99
- ```
100
-
101
- ### A06: Vulnerable and Outdated Components
102
-
103
- ```
104
- Fix: Renovate Bot or Dependabot — auto-PRs for dependency updates weekly.
105
- Snyk or OWASP Dependency-Check in CI — block on critical CVEs.
106
- Container base image scanning — Trivy on every Docker build.
107
- SBOM (Software Bill of Materials) generated on every release.
108
- Never use packages with 0 maintenance activity in past 12 months.
109
- Pin exact versions in lockfiles (package-lock.json, requirements.txt).
110
- ```
111
-
112
- ### A07: Identification and Authentication Failures
113
-
114
- ```
115
- Attack: Credential stuffing, brute force, session fixation, weak tokens.
116
- Fix: MFA mandatory for admin, recommended for all users.
117
- Account lockout: 5 failed attempts → 15min lockout + alert.
118
- Secure session: HttpOnly, Secure, SameSite=Strict cookies.
119
- Token storage: never localStorage (XSS), always HttpOnly cookies.
120
- Password policy: min 12 chars, check against HaveIBeenPwned API.
121
- JWT: RS256 (not HS256), short TTL (15min), rotate signing keys quarterly.
122
- ```
123
-
124
- ### A08: Software and Data Integrity Failures
125
-
126
- ```
127
- Attack: Tampered auto-updates, unsigned packages, CI/CD pipeline compromise.
128
- Fix: Verify checksums/signatures on all downloaded artifacts.
129
- Sigstore/Cosign for container image signing.
130
- SLSA framework for supply chain levels (target SLSA Level 3).
131
- CI/CD: separate credentials per environment, audit pipeline configs.
132
- npm: use --ignore-scripts flag, audit before install.
133
- ```
134
-
135
- ### A09: Security Logging and Monitoring Failures
136
-
137
- ```
138
- Fix: Log: every auth event, admin action, failed access, data mutation.
139
- Include: timestamp (UTC), user_id, org_id, IP, action, resource, result.
140
- Never log: passwords, tokens, PAN, SSN, CVV, full credit card.
141
- Alert within 15 minutes on: impossible travel, mass data export,
142
- admin privilege escalation, >10 auth failures.
143
- Log retention: 90 days hot, 1 year cold (PCI DSS requires 1 year).
144
- SIEM: ingest all logs, alert on patterns, not just individual events.
145
- ```
146
-
147
- ### A10: Server-Side Request Forgery (SSRF)
148
-
149
- ```
150
- Attack: User supplies URL → server fetches it → attacker reads internal metadata API.
151
- AWS: http://169.254.169.254/latest/meta-data/iam/security-credentials/
152
- Fix: Allowlist permitted URL destinations — never arbitrary user-supplied URLs.
153
- Block RFC 1918 addresses (10.x, 172.16.x, 192.168.x) and 169.254.x.
154
- Use DNS resolution + IP check BEFORE fetching.
155
- Disable HTTP redirects or validate redirect target against allowlist.
156
- ```
157
-
158
- ---
159
-
160
- ## OWASP API SECURITY TOP 10 (2023)
161
-
162
- ```
163
- API1: Broken Object Level Authorization → Scope every query to authenticated user/org
164
- API2: Broken Authentication → Short-lived tokens, rotate refresh tokens
165
- API3: Broken Object Property Auth → Allowlist response fields, never return full DB row
166
- API4: Unrestricted Resource Consumption → Rate limit, payload size limits, pagination required
167
- API5: Broken Function Level Auth → Admin endpoints on separate auth check, not just UI hide
168
- API6: Unrestricted Access to Sensitive Business Flows → Bot detection, device fingerprinting
169
- API7: Server-Side Request Forgery → Same as web SSRF above
170
- API8: Security Misconfiguration → No CORS *, no debug headers, no default paths
171
- API9: Improper Inventory Management → API versioning, decommission old versions with traffic
172
- API10: Unsafe Consumption of APIs → Validate all third-party API responses before use
173
- ```
174
-
175
- ---
176
-
177
- ## THREAT MODELING
178
-
179
- ### STRIDE Framework (Apply to Every Feature)
180
-
181
- ```
182
- S — Spoofing: Can an attacker impersonate a legitimate user or service?
183
- Mitigate: Strong auth, mutual TLS, digital signatures
184
-
185
- T — Tampering: Can data be modified in transit or at rest without detection?
186
- Mitigate: Integrity checks, signed tokens, audit logs, TLS
187
-
188
- R — Repudiation: Can someone deny performing an action?
189
- Mitigate: Immutable audit logs, signed requests, non-repudiation tokens
190
-
191
- I — Information Disclosure: Can sensitive data be exposed to unauthorized parties?
192
- Mitigate: Least privilege, encryption, data classification, masking
193
-
194
- D — Denial of Service: Can an attacker disrupt availability?
195
- Mitigate: Rate limiting, auto-scaling, circuit breakers, DDoS protection
196
-
197
- E — Elevation of Privilege: Can a user gain more access than they should have?
198
- Mitigate: RBAC, least privilege, privilege validation server-side
199
- ```
200
-
201
- ### Threat Modeling Process (Per Feature)
202
-
203
- ```
204
- Step 1: DECOMPOSE — Draw data flow diagram. Identify trust boundaries, entry points, data stores.
205
- Step 2: THREATS — For each component, apply STRIDE. List all plausible attacks.
206
- Step 3: RANK — Severity × Likelihood = Risk score (DREAD or CVSS)
207
- Step 4: MITIGATE — For each threat: mitigate, transfer, accept, or avoid.
208
- Step 5: VALIDATE — Write security test for each mitigated threat.
209
- Step 6: REPEAT — Re-threat-model when architecture changes.
210
-
211
- Time required: 2-4 hours per major feature. Non-negotiable for financial features.
212
- ```
213
-
214
- ---
215
-
216
- ## APPLICATION SECURITY (APPSEC) PIPELINE
217
-
218
- ### DevSecOps — Shift Left
219
-
220
- ```
221
- Pre-commit: git-secrets / detect-secrets / Gitleaks — block secret commits
222
- IDE plugins: Snyk IntelliJ, SonarLint VSCode (real-time SAST)
223
-
224
- PR / CI: SAST — Static analysis (Semgrep, SonarQube, CodeQL)
225
- SCA — Dependency check (Snyk, OWASP DC, npm audit)
226
- Secrets scan — Gitleaks, TruffleHog
227
- IaC scan — Checkov, tfsec (Terraform misconfigs)
228
- Container scan — Trivy (image CVEs)
229
-
230
- Pre-deploy: DAST — Dynamic scan against staging (OWASP ZAP, Burp Suite)
231
- API fuzzing — Schemathesis, restler-fuzzer
232
-
233
- Production: RASP — Runtime application self-protection (contrast, sqreen)
234
- WAF — Cloudflare WAF / AWS WAF / Cloud Armor (rules updated weekly)
235
- Dependency monitor — Snyk monitor / Dependabot alerts
236
- ```
237
-
238
- ### SAST Tool Selection
239
-
240
- ```
241
- Semgrep: Fast, open source, custom rules, CI-native. Best first choice.
242
- SonarQube: Comprehensive, CI integration, tracks debt over time. Self-hosted or cloud.
243
- CodeQL: GitHub-native, deep semantic analysis, best for complex vulnerability patterns.
244
- Checkmarx: Enterprise, expensive, deep analysis.
245
- Veracode: Enterprise SaaS, compliance-oriented.
246
-
247
- Run Semgrep + SonarQube minimum. CodeQL for GitHub repos (free for public).
248
- ```
249
-
250
- ### Penetration Testing Methodology
251
-
252
- ```
253
- Phase 1 — Reconnaissance:
254
- Passive: Shodan, Censys, Google dorks, LinkedIn (OSINT)
255
- Active: nmap port scan, service fingerprinting, SSL/TLS scan (testssl.sh)
256
-
257
- Phase 2 — Enumeration:
258
- Web: Dirb/ffuf (directory brute-force), nikto (web scanner)
259
- API: Postman collection analysis, OpenAPI spec review, parameter fuzzing
260
- Auth: JWT inspection, session token analysis, OAuth flow review
261
-
262
- Phase 3 — Exploitation:
263
- Automated: OWASP ZAP active scan, SQLmap (SQL injection), Nuclei templates
264
- Manual: Business logic testing, auth bypass, IDOR, race conditions
265
-
266
- Phase 4 — Post-Exploitation:
267
- Lateral movement (if scoped), privilege escalation, persistence mechanisms
268
-
269
- Phase 5 — Reporting:
270
- CVSS scores for each finding, reproduction steps, remediation guidance, risk rating
271
-
272
- Cadence: Annual third-party pentest + quarterly internal. Before major releases.
273
- Tools: Burp Suite Pro, OWASP ZAP, Metasploit, Nmap, Nikto, SQLmap, Nuclei, Amass
274
- ```
275
-
276
- ---
277
-
278
- ## ZERO TRUST ARCHITECTURE
279
-
280
- ```
281
- Core Principles:
282
- 1. Never trust, always verify — network location grants zero trust
283
- 2. Least privilege access — time-limited, just enough, just-in-time
284
- 3. Assume breach — segment everything, monitor everything, limit blast radius
285
- 4. Verify explicitly — authenticate and authorize every request, every time
286
-
287
- Implementation:
288
- Identity: Every user + device verified before access (MFA + device health check)
289
- Device: Managed devices only for admin access. MDM enrolled.
290
- Network: Micro-segmentation. Services can't talk unless explicitly allowed.
291
- Replace VPN with identity-aware proxy (Google BeyondCorp, Cloudflare Access)
292
- Application: Each app verifies identity independently. No "trusted" internal networks.
293
- Data: Classify data. Apply policy per classification. Encrypt in use.
294
-
295
- GCP Implementation:
296
- Identity-Aware Proxy (IAP) → protects internal apps without VPN
297
- VPC Service Controls → data perimeter, prevents data exfil from GCP services
298
- Organization Policy → org-wide guardrails (no public IPs, require CMEK, etc.)
299
- Access Context Manager → attribute-based access (IP, device, user)
300
- ```
301
-
302
- ---
303
-
304
- ## CLOUD SECURITY (CSPM + CWPP)
305
-
306
- ### Cloud Security Posture Management (CSPM)
307
-
308
- ```
309
- What it does: Continuously scans cloud config for misconfigurations and compliance violations
310
- Tools:
311
- Wiz: Best coverage, agentless, fast. $15K+/yr
312
- Prisma Cloud: Palo Alto, comprehensive, expensive
313
- Lacework: Behavioral analysis + CSPM combo
314
- CloudSploit: Open source, GCP/AWS/Azure. Free.
315
- ScoutSuite: Open source audit tool. Run quarterly.
316
-
317
- Must-catch misconfigs:
318
- □ Public S3/GCS buckets
319
- □ Unrestricted security group rules (0.0.0.0/0 inbound)
320
- □ Unencrypted database instances
321
- □ MFA not enabled on root/admin accounts
322
- □ Logging disabled (CloudTrail/Cloud Audit Logs)
323
- □ Old IAM access keys (>90 days)
324
- □ Public SSH/RDP ports exposed (22, 3389)
325
- □ Default VPC in use for production
326
- ```
327
-
328
- ### Container & Kubernetes Security
329
-
330
- ```
331
- Image security:
332
- □ Base image: use distroless or alpine (minimal attack surface)
333
- □ Never run as root (USER nobody in Dockerfile)
334
- □ No secrets in image layers (check with Trivy --secret)
335
- □ Sign images with Cosign (Sigstore)
336
- □ Image pull policy: Always (never cached stale images in prod)
337
-
338
- Kubernetes:
339
- □ RBAC: no cluster-admin for workloads. Namespace-scoped roles only.
340
- □ Network Policies: default deny all, explicit allow per service pair
341
- □ Pod Security Standards: Restricted profile in production
342
- □ Secrets: use External Secrets Operator (GCP Secret Manager → K8s Secret)
343
- □ No privileged containers. No hostPID/hostNetwork.
344
- □ Resource limits on every container (prevents noisy neighbor + DoS)
345
- □ Admission controllers: OPA/Gatekeeper or Kyverno policy engine
346
- □ Runtime: Falco (detects anomalous container behavior in real-time)
347
-
348
- Runtime security:
349
- Falco rules to alert on:
350
- - Shell spawned in container (exec into running container)
351
- - Unexpected outbound connections from container
352
- - Sensitive file read (/etc/shadow, /proc/*/mem)
353
- - Privilege escalation attempts
354
- ```
355
-
356
- ### GCP Security Hardening Checklist
357
-
358
- ```
359
- Organization level:
360
- □ Organization Policy: Restrict public IPs on Cloud SQL
361
- □ Organization Policy: Require OS Login for Compute Engine
362
- □ Organization Policy: Restrict allowed APIs per project
363
- □ Cloud Audit Logs: DATA_READ + DATA_WRITE + ADMIN_WRITE on all services
364
- □ SCC (Security Command Center) Premium enabled
365
-
366
- Project level:
367
- □ Default service accounts not used (create custom, least privilege)
368
- □ Service account keys: rotate quarterly or use Workload Identity instead
369
- □ Cloud SQL: private IP only, no public IP, SSL required
370
- □ GCS: uniform bucket-level access, no legacy ACLs
371
- □ Cloud Run: no unauthenticated invocations (except public endpoints)
372
- □ Secret Manager: audit access log enabled, rotation schedule set
373
- □ VPC: Private Google Access enabled, no default firewall rules
374
- ```
375
-
376
- ---
377
-
378
- ## SECURITY MONITORING & SIEM
379
-
380
- ### What to Log (Mandatory)
381
-
382
- ```
383
- Authentication events:
384
- login_success, login_failure, logout, mfa_challenge, mfa_success, mfa_failure,
385
- password_reset_requested, password_changed, token_refreshed, token_revoked,
386
- session_expired, account_locked, account_unlocked
387
-
388
- Authorization events:
389
- access_denied, privilege_escalation_attempt, role_assigned, role_revoked,
390
- admin_action (any), api_key_created, api_key_deleted
391
-
392
- Data events:
393
- record_created, record_updated, record_deleted (with before/after for sensitive fields),
394
- bulk_export, bulk_delete, pii_accessed (who accessed whose data)
395
-
396
- Infrastructure events:
397
- deploy_started, deploy_completed, deploy_failed, config_changed,
398
- secret_accessed (who, when, which secret), IAM_policy_changed
399
-
400
- Format (every log line must have all fields):
401
- {
402
- "timestamp": "2024-01-15T10:30:00.000Z", // UTC always
403
- "trace_id": "abc-123", // correlate across services
404
- "user_id": "usr_xyz", // who did it
405
- "org_id": "org_abc", // tenant context
406
- "ip": "1.2.3.4", // source IP
407
- "user_agent": "...", // client context
408
- "action": "transaction.created", // what happened
409
- "resource_id": "tx_123", // on what
410
- "result": "success", // success/failure/denied
411
- "duration_ms": 45 // performance context
412
- }
413
- ```
414
-
415
- ### SIEM Architecture
416
-
417
- ```
418
- Sources: App logs, Cloud Audit Logs, WAF logs, VPC Flow Logs, DNS logs
419
- Ingestion: Pub/Sub (GCP) or Kafka → log pipeline
420
- Normalization: Parse into common schema (CEF or ECS — Elastic Common Schema)
421
- Storage: BigQuery (GCP) or Elasticsearch — index for fast search
422
- Correlation: Detection rules — alert on patterns, not single events
423
- Alerting: PagerDuty / OpsGenie → on-call rotation
424
- Response: SOAR (Security Orchestration) — auto-remediate known patterns
425
-
426
- Tools:
427
- Managed: Google Chronicle, Microsoft Sentinel, Splunk, Sumo Logic
428
- Open source: ELK Stack (Elasticsearch + Logstash + Kibana) + Sigma rules
429
- Lightweight: Grafana + Loki + alert rules (good for small teams, low cost)
430
- GCP-native: Chronicle SIEM (Google's) — best GCP log integration
431
- ```
432
-
433
- ### Detection Rules (Critical Alerts — PagerDuty Immediately)
434
-
435
- ```
436
- Brute force: >10 auth failures from same IP in 5 minutes
437
- Credential stuffing: >5 failed logins across different accounts from same IP
438
- Impossible travel: Login from country A, then country B within 2 hours
439
- Mass data export: Single user exports >1000 records in 10 minutes
440
- Privilege escalation: Role change granting admin-level access
441
- New admin account: Any new user assigned admin/owner role
442
- Off-hours admin: Admin action between 10PM-6AM (tune per org)
443
- API key abuse: Single API key >10,000 requests in 1 hour
444
- Secret access: Service accessing secrets it has never accessed before
445
- Public resource: Cloud storage bucket or DB made publicly accessible
446
- New external IP: Cloud Run service starts communicating with unknown external IP
447
- ```
448
-
449
- ### Threat Intelligence Integration
450
-
451
- ```
452
- Feeds to consume:
453
- MITRE ATT&CK: Adversary tactics, techniques, procedures (TTPs) — map detections to ATT&CK
454
- CISA KEV: Known Exploited Vulnerabilities — patch these IMMEDIATELY (cisa.gov/kev)
455
- NVD CVE: National Vulnerability Database — monitor for new critical CVEs
456
- AlienVault OTX: Open threat intelligence — IP/domain/hash reputation
457
- Shodan: Monitor your own external attack surface
458
- PhishTank: Phishing URL feeds
459
-
460
- Integration pattern:
461
- Enrich every inbound IP in logs against threat intel feed (check reputation score)
462
- Block known-bad IPs at WAF level automatically
463
- Alert when traffic matches known malicious patterns (IoCs)
464
-
465
- Tools: MISP (open source threat intel platform), OpenCTI, ThreatConnect
466
- ```
467
-
468
- ---
469
-
470
- ## CRYPTOGRAPHY STANDARDS
471
-
472
- ### What to Use (2024)
473
-
474
- ```
475
- Symmetric encryption: AES-256-GCM (authenticated encryption — integrity + confidentiality)
476
- ChaCha20-Poly1305 (faster on mobile/embedded, same security)
477
- Never: DES, 3DES, AES-ECB, RC4
478
-
479
- Asymmetric: RSA-4096 (key exchange/signing) — prefer Ed25519 for new systems
480
- Ed25519 / ECDSA P-256 (digital signatures — faster, smaller keys)
481
- ECDH P-256 (key agreement)
482
- Never: RSA < 2048, DSA, MD5/SHA1 for signing
483
-
484
- Hashing: SHA-256 / SHA-3 for data integrity
485
- BLAKE3 for performance-critical hashing
486
- argon2id for password storage (never SHA/MD5 for passwords)
487
- Never: MD5, SHA1 for security purposes
488
-
489
- TLS: TLS 1.3 required. TLS 1.2 acceptable with restricted ciphers.
490
- Never: SSL, TLS 1.0, TLS 1.1
491
- Cipher suites: ECDHE + AES-128-GCM, ECDHE + AES-256-GCM, ECDHE + ChaCha20
492
-
493
- Key management: GCP Cloud KMS or AWS KMS or HashiCorp Vault
494
- Rotate encryption keys annually
495
- Key hierarchy: Master Key → Data Encryption Keys → Data
496
- FIPS 140-2 Level 3 HSM for financial/regulated workloads
497
-
498
- JWT signing: RS256 (RSA) or ES256 (ECDSA) — never HS256 in multi-service arch
499
- Key rotation: quarterly, with overlap period
500
- ```
501
-
502
- ### Envelope Encryption Pattern
503
-
504
- ```python
505
- # Google Cloud KMS envelope encryption
506
- from google.cloud import kms
507
-
508
- def encrypt_sensitive_field(plaintext: str, key_name: str) -> dict:
509
- # 1. Generate a data encryption key (DEK) locally
510
- import os
511
- dek = os.urandom(32) # 256-bit AES key
512
-
513
- # 2. Encrypt your data with the DEK
514
- ciphertext = aes_gcm_encrypt(plaintext.encode(), dek)
515
-
516
- # 3. Wrap (encrypt) the DEK with Cloud KMS master key
517
- kms_client = kms.KeyManagementServiceClient()
518
- wrapped_dek = kms_client.encrypt(name=key_name, plaintext=dek).ciphertext
519
-
520
- # 4. Store: ciphertext + wrapped DEK (KMS key never leaves KMS)
521
- return {"ciphertext": ciphertext.hex(), "wrapped_dek": wrapped_dek.hex()}
522
- # Decrypt: unwrap DEK via KMS → decrypt ciphertext with DEK
523
- ```
524
-
525
- ---
526
-
527
- ## IDENTITY & ACCESS MANAGEMENT
528
-
529
- ### Privileged Access Management (PAM)
530
-
531
- ```
532
- Just-In-Time (JIT) access:
533
- Engineers request elevated access for specific task + timeframe
534
- Auto-approved for standard ops, human approval for sensitive data access
535
- Access expires automatically (1-8 hours, not permanent)
536
- All actions logged with business justification
537
- Tools: CyberArk, BeyondTrust, HashiCorp Boundary, GCP PAM (preview)
538
-
539
- Service-to-service auth:
540
- GCP: Workload Identity Federation (no service account keys)
541
- AWS: IAM Roles for Service Accounts (IRSA)
542
- On-prem: SPIFFE/SPIRE for workload identity
543
- Never: long-lived service account keys stored in config
544
-
545
- MFA Requirements (enforce in code, not just policy):
546
- Admin access: FIDO2/Passkeys or hardware token (YubiKey) — TOTP not sufficient
547
- Standard users: TOTP app minimum (Google Authenticator, Authy)
548
- API access: API keys + IP allowlist + request signing
549
- Never: SMS-based MFA for high-value accounts (SIM swap vulnerable)
550
- ```
551
-
552
- ### IAM Audit (Run Monthly)
553
-
554
- ```
555
- Find over-privileged roles:
556
- GCP: gcloud projects get-iam-policy PROJECT --format=json | analyze
557
- AWS: IAM Access Analyzer + unused access findings
558
-
559
- Check for:
560
- □ Roles with * on resources (over-broad)
561
- □ Service accounts with owner/editor (should be specific roles)
562
- □ IAM access keys older than 90 days
563
- □ Unused service accounts (no API activity >30 days → delete)
564
- □ Users with direct permissions (should be via groups/roles)
565
- □ Cross-account trust relationships (any unexpected?)
566
- ```
567
-
568
- ---
569
-
570
- ## INCIDENT RESPONSE
571
-
572
- ### Severity Classification
573
-
574
- ```
575
- P0 — Critical: Active breach, data exfil in progress, ransomware, service down
576
- Response: 5min. War room immediately. CEO + Legal notified.
577
-
578
- P1 — High: Suspected breach, critical vuln exploited, auth system compromised
579
- Response: 15min. Security lead + engineering lead.
580
-
581
- P2 — Medium: Anomalous behavior, failed exploitation attempt, compliance gap found
582
- Response: 1 hour. Security team + affected service owner.
583
-
584
- P3 — Low: Policy violation, low-severity CVE, config drift
585
- Response: Next business day. Assigned owner.
586
- ```
587
-
588
- ### NIST Incident Response Framework
589
-
590
- ```
591
- 1. PREPARE:
592
- □ IR plan documented + tested quarterly
593
- □ Contact list: security team, legal, PR, executives, regulators
594
- □ Forensic tools pre-installed (not scrambling to install during incident)
595
- □ Evidence preservation procedures known to all engineers
596
- □ Cyber insurance policy in place
597
-
598
- 2. IDENTIFY:
599
- □ What happened? When did it start? (look for earliest indicator)
600
- □ What systems are affected? (blast radius assessment)
601
- □ Is it still ongoing? (contain before investigating)
602
- □ Log preservation: export logs to isolated read-only bucket immediately
603
-
604
- 3. CONTAIN:
605
- Short-term: Block attacker (IP ban, revoke credentials, isolate instance)
606
- Long-term: Patch, fix configuration, rebuild if necessary
607
- Do NOT shut everything down immediately — preserve evidence first
608
-
609
- 4. ERADICATE:
610
- Remove all attacker persistence (backdoors, new user accounts, cron jobs)
611
- Scan ALL systems — attackers often pivot from initial compromise
612
- Reset all credentials that may have been exposed
613
- Rotate all secrets (assume all secrets compromised)
614
-
615
- 5. RECOVER:
616
- Restore from clean backups (verify backups are clean — attackers may have been in months)
617
- Deploy patched/clean systems
618
- Monitor intensively for 30 days post-recovery
619
- Gradual return to service — don't rush
620
-
621
- 6. LESSONS LEARNED:
622
- Blameless post-mortem within 72 hours
623
- Root cause analysis (5 Whys)
624
- Detection gap: why didn't we catch this sooner?
625
- Prevention: specific fixes with owners and deadlines
626
- Update runbooks + detection rules
627
- ```
628
-
629
- ### Breach Notification Requirements
630
-
631
- ```
632
- GDPR: 72 hours to supervisory authority if personal data affected
633
- CCPA: Reasonable notice to affected California residents
634
- PCI DSS: Immediate notification to card brands (Visa, Mastercard) + acquiring bank
635
- HIPAA: 60 days to HHS, affected individuals, and media (if >500 in a state)
636
- India PDPB: 72 hours to Data Protection Board (when enacted)
637
- SEC (US): 4 business days for material cybersecurity incidents (Rule 8-K)
638
- RBI (India): Immediate to RBI CSITE + NPCI for payment system incidents
639
-
640
- Prepare breach notification templates in advance. Legal review annually.
641
- ```
642
-
643
- ---
644
-
645
- ## VULNERABILITY MANAGEMENT
646
-
647
- ### CVE Tracking & Patch SLAs
648
-
649
- ```
650
- CVSS Score → Patch Timeline:
651
- Critical (9.0-10.0): Patch within 24 hours. Emergency change if needed.
652
- High (7.0-8.9): Patch within 7 days.
653
- Medium (4.0-6.9): Patch within 30 days.
654
- Low (0.1-3.9): Patch within 90 days.
655
-
656
- CISA KEV overrides: Patch within 2 weeks regardless of CVSS (these are actively exploited).
657
-
658
- Automation:
659
- Renovate Bot: Auto-PRs for dependency updates (better than Dependabot — more flexible)
660
- Trivy: Scan container images in CI, block critical CVEs
661
- Snyk: Monitor production containers + code continuously
662
- Grafeas: Artifact metadata and attestation (GCP-native)
663
- ```
664
-
665
- ### SBOM (Software Bill of Materials)
666
-
667
- ```
668
- Generate on every release:
669
- Node.js: cyclonedx-node-npm --output-file sbom.json
670
- Python: cyclonedx-py -p -e -o sbom.json
671
- Java: CycloneDX Maven/Gradle plugin
672
- Docker: syft image:tag -o cyclonedx-json=sbom.json
673
-
674
- Store in artifact registry alongside each release.
675
- Required by: US Executive Order 14028, EU Cyber Resilience Act, PCI DSS 4.0.
676
- Enables: rapid "do we use Log4j?" type queries during zero-day events.
677
- ```
678
-
679
- ---
680
-
681
- ## COMPLIANCE FRAMEWORKS
682
-
683
- ### SOC 2 Type II (Most Important for SaaS)
684
-
685
- ```
686
- Trust Services Criteria:
687
- Security: CC6 — Logical access, CC7 — System operations, CC8 — Change management
688
- Availability: Uptime SLAs, disaster recovery, capacity planning
689
- Confidentiality: Data classification, encryption, access controls
690
- Processing Integrity: Complete, accurate, timely processing
691
- Privacy: GDPR/CCPA alignment, consent management
692
-
693
- Controls required (sample):
694
- □ All access requires MFA
695
- □ Background checks for all employees with system access
696
- □ Annual security training for all staff
697
- □ Penetration test annually
698
- □ Business continuity plan tested annually
699
- □ Incident response tested quarterly
700
- □ Vendor security assessments for critical vendors
701
- □ Encryption at rest and in transit
702
- □ Change management process documented
703
- □ Vulnerability management program with SLAs
704
-
705
- Tools:
706
- Vanta: Best automated SOC2 prep (<user> already using). ~$15K/yr. Gets to audit-ready fastest.
707
- Drata: Vanta competitor, good integrations.
708
- Secureframe: Strong for early-stage.
709
- Manual: Feasible but 10x more work.
710
-
711
- Timeline: SOC2 Type I in 3 months (controls exist). Type II in 12 months (controls operated for period).
712
- ```
713
-
714
- ### PCI DSS 4.0 (If Handling Card Data)
715
-
716
- ```
717
- Key requirements for SaaS (Level 4 — <20K transactions):
718
- □ Never store raw PANs, CVV, or full magnetic stripe
719
- □ Tokenize: use Stripe.js/Elements — card data never touches your server
720
- □ WAF protecting all web-facing systems
721
- □ Vulnerability scanning quarterly (ASV scan)
722
- □ Penetration test annually
723
- □ Maintain audit logs 12 months
724
- □ MFA for all non-consumer access
725
- □ Encrypt cardholder data in transit (TLS 1.2+)
726
- □ Self-Assessment Questionnaire (SAQ A or SAQ A-EP for most SaaS)
727
-
728
- Best advice: Use Stripe.js + Stripe Elements. Never touch raw card data. Reduces scope to SAQ A.
729
- ```
730
-
731
- ### GDPR / Data Privacy
732
-
733
- ```
734
- Core requirements:
735
- □ Lawful basis for processing (consent, contract, legitimate interest, etc.)
736
- □ Data subject rights: access, rectification, erasure ("right to be forgotten"), portability
737
- □ Privacy by design: collect minimum data, purpose limitation
738
- □ Data Processing Agreements (DPAs) with all sub-processors
739
- □ Records of Processing Activities (ROPA) — document what you process and why
740
- □ 72-hour breach notification to supervisory authority
741
- □ DPIA (Data Protection Impact Assessment) for high-risk processing
742
- □ Cookie consent — real consent, not dark patterns
743
-
744
- Technical implementation:
745
- Data inventory: Every field of every table — classify: PII / sensitive / public
746
- Erasure: User delete → anonymize or delete all PII across all tables + backups
747
- Portability: Export user data as machine-readable JSON/CSV on request
748
- Data residency: EU personal data must stay in EU (or adequate third country)
749
- Consent logging: Timestamp, IP, consent text version for every consent collected
750
- ```
751
-
752
- ---
753
-
754
- ## FRAUD DETECTION & FINANCIAL CRIME (<project>-Specific)
755
-
756
- ### Real-Time Fraud Signal Architecture
757
-
758
- ```
759
- Transaction Event → Feature Extraction → Risk Scoring → Decision → Action
760
- ↓ ↓
761
- [Feature Store] [ML Model + Rules]
762
-
763
- velocity, device, IP, behavior, history
764
-
765
- Signal categories:
766
- Velocity: transactions per hour/day, amount per period, new payee frequency
767
- Device: device fingerprint, new device, rooted/jailbroken, emulator detected
768
- Location: IP geolocation, distance from last transaction, impossible travel
769
- Behavior: typing speed, session duration, navigation pattern (vs baseline)
770
- Network: VPN/proxy/Tor detected, datacenter IP, known fraud IP
771
- Identity: name/address/phone mismatch, synthetic identity signals
772
- Transaction: unusual amount (vs history), unusual merchant, round amounts, split transactions
773
- ```
774
-
775
- ### Fraud Rule Engine Design
776
-
777
- ```
778
- Priority execution:
779
- P0 Hard Block: Stolen card list, OFAC sanctions match, known fraud device → instant deny
780
- P1 Hard Block: Velocity limit exceeded, impossible travel, known fraud IP → instant deny
781
- P2 Soft Block: ML score > 0.9 → step-up auth (OTP required)
782
- P3 Review: ML score 0.7-0.9 → human review queue
783
- P4 Monitor: ML score 0.4-0.7 → flag for pattern analysis
784
- P5 Allow: ML score < 0.4 → approve (standard risk)
785
-
786
- Rule governance:
787
- Every rule: owner, creation date, last review date, hit rate, precision/recall
788
- Rules reviewed monthly — prune low-precision rules, add new patterns
789
- A/B test rule changes — never deploy blind
790
- False positive rate target: <0.5% (every false positive = lost revenue + angry customer)
791
- ```
792
-
793
- ### AML (Anti-Money Laundering) Technical Controls
794
-
795
- ```
796
- Structuring detection: Transactions just below reporting thresholds (e.g., $9,900)
797
- Alert: 3+ transactions in 24h summing to >$10K per user
798
-
799
- Layering detection: Rapid fund movement across multiple accounts
800
- Alert: Money in → out to different account within 1 hour
801
-
802
- Round-tripping: Funds leaving and returning to same source
803
- Graph analysis: detect cycles in transaction graph
804
-
805
- SAR filing: Automated SAR (Suspicious Activity Report) generation
806
- File with FinCEN within 30 days of detection (US requirement)
807
- Store SAR data with 5-year retention
808
-
809
- KYC integration: Identity verification at onboarding (Jumio, Onfido, Persona)
810
- Enhanced due diligence for high-risk users (PEPs, high-volume)
811
- Ongoing monitoring: re-verify on behavior change triggers
812
- ```
813
-
814
- ---
815
-
816
- ## SECURITY METRICS (MEASURE THESE)
817
-
818
- ```
819
- Detection:
820
- MTTD: Mean Time to Detect — target <1 hour for critical events
821
- Alert fidelity: True positive rate of security alerts — target >30% (tune to reduce noise)
822
- Coverage: % of attack surface with detection rules
823
-
824
- Response:
825
- MTTR: Mean Time to Respond — target <4 hours for P0/P1
826
- MTTC: Mean Time to Contain — stop ongoing attack — target <30 min for P0
827
-
828
- Prevention:
829
- Patch compliance: % of critical CVEs patched within SLA — target 100% for critical
830
- Vuln backlog: Open vulnerabilities by severity — track weekly, trending down
831
- Security debt: Security findings in code — track like technical debt
832
-
833
- Posture:
834
- Cloud compliance score: CSPM findings — target 0 critical, <10 high
835
- Pen test findings: Track findings year-over-year — should decrease
836
- Security training: % staff completed annual training — target 100%
837
-
838
- Report to leadership: Monthly 1-page security scorecard. Executives must see these numbers.
839
- ```
1
+ # Cybersecurity Intelligence Reference
2
+
3
+ # Covers: AppSec, NetSec, CloudSec, DevSecOps, Threat Intel, SIEM, Compliance, Fraud, Incident Response
4
+
5
+ ## DEFENSE IN DEPTH MODEL
6
+
7
+ Never rely on a single control. Layer security at every level:
8
+
9
+ ```
10
+ Layer 1 — Perimeter: WAF, DDoS protection, CDN edge rules, geo-blocking
11
+ Layer 2 — Network: Firewall rules, VPC isolation, private subnets, VPN, zero-trust network access
12
+ Layer 3 — Identity: MFA, SSO, PAM, least privilege, just-in-time access
13
+ Layer 4 — Application: Input validation, auth/authz, CSRF, rate limiting, API security
14
+ Layer 5 — Data: Encryption at rest + transit, tokenization, masking, key management
15
+ Layer 6 — Endpoint: EDR, patch management, container hardening, OS baselines
16
+ Layer 7 — Detection: SIEM, anomaly detection, threat intel feeds, behavioral analytics
17
+ Layer 8 — Response: IR playbooks, forensics capability, backup/restore tested weekly
18
+
19
+ Principle: Assume every layer will eventually be breached. Design so that one breach ≠ catastrophe.
20
+ ```
21
+
22
+ ---
23
+
24
+ ## OWASP TOP 10 — WEB (2021) — Fix Every One
25
+
26
+ ### A01: Broken Access Control (Most Common)
27
+
28
+ ```
29
+ Attack: Access /api/users/456 as user 123. Horizontal privilege escalation.
30
+ Fix: Always verify ownership: WHERE id = $1 AND org_id = $current_org
31
+ Row-Level Security in PostgreSQL enforces this at DB level.
32
+ Never trust user-supplied IDs without authorization check.
33
+ Test: Authenticated as User A, attempt all User B's resource endpoints.
34
+
35
+ Code fix:
36
+ // BAD:
37
+ const tx = await db.transaction.findUnique({ where: { id: req.params.id }})
38
+
39
+ // GOOD:
40
+ const tx = await db.transaction.findUnique({
41
+ where: { id: req.params.id, userId: req.user.id } // scope to authenticated user
42
+ })
43
+ if (!tx) throw new NotFoundError() // same error whether missing or unauthorized
44
+ ```
45
+
46
+ ### A02: Cryptographic Failures
47
+
48
+ ```
49
+ Attack: Sensitive data in plaintext DB, MD5 passwords, HTTP traffic, weak keys.
50
+ Fix: TLS 1.3 everywhere. AES-256-GCM for data at rest.
51
+ Passwords: argon2id (winner of PHC). Never MD5/SHA1/bcrypt(cost<12).
52
+ PII fields: encrypt at application layer (not just disk encryption).
53
+ No secrets in logs. No PAN/SSN in URLs.
54
+
55
+ Password hashing:
56
+ import argon2 from 'argon2'
57
+ const hash = await argon2.hash(password, {
58
+ type: argon2.argon2id,
59
+ memoryCost: 65536, // 64MB
60
+ timeCost: 3, // 3 iterations
61
+ parallelism: 4 // 4 threads
62
+ })
63
+ ```
64
+
65
+ ### A03: Injection (SQL, NoSQL, LDAP, Command)
66
+
67
+ ```
68
+ Attack: User inputs: ' OR '1'='1 → dumps entire table.
69
+ Fix: Parameterized queries. ALWAYS. No string concatenation in queries.
70
+ ORM query builders (Prisma, SQLAlchemy) are safe by default.
71
+ Command injection: never exec() user input. Use allowlists.
72
+
73
+ // NEVER:
74
+ db.query(`SELECT * FROM users WHERE email = '${email}'`)
75
+
76
+ // ALWAYS:
77
+ db.query('SELECT * FROM users WHERE email = $1', [email])
78
+ ```
79
+
80
+ ### A04: Insecure Design
81
+
82
+ ```
83
+ Attack: Business logic flaws — buy item for $0, skip payment step, replay coupons.
84
+ Fix: Threat model every feature before coding.
85
+ State machine validation — enforce valid state transitions server-side.
86
+ Rate limit sensitive operations (password reset: 3/hour, not 1000/hour).
87
+ Never trust client-side price/discount calculation.
88
+ ```
89
+
90
+ ### A05: Security Misconfiguration
91
+
92
+ ```
93
+ Common: Default credentials, directory listing, verbose error messages in prod,
94
+ open S3 buckets, unrestricted CORS, unused ports open, debug mode on.
95
+ Fix: Infrastructure as Code — configuration is reviewed, version-controlled.
96
+ CSPM tool (Wiz, Prisma Cloud, or free: CloudSploit) scans continuously.
97
+ Env diff check: prod config audited against security baseline weekly.
98
+ Error responses: generic in prod, never stack traces to client.
99
+ ```
100
+
101
+ ### A06: Vulnerable and Outdated Components
102
+
103
+ ```
104
+ Fix: Renovate Bot or Dependabot — auto-PRs for dependency updates weekly.
105
+ Snyk or OWASP Dependency-Check in CI — block on critical CVEs.
106
+ Container base image scanning — Trivy on every Docker build.
107
+ SBOM (Software Bill of Materials) generated on every release.
108
+ Never use packages with 0 maintenance activity in past 12 months.
109
+ Pin exact versions in lockfiles (package-lock.json, requirements.txt).
110
+ ```
111
+
112
+ ### A07: Identification and Authentication Failures
113
+
114
+ ```
115
+ Attack: Credential stuffing, brute force, session fixation, weak tokens.
116
+ Fix: MFA mandatory for admin, recommended for all users.
117
+ Account lockout: 5 failed attempts → 15min lockout + alert.
118
+ Secure session: HttpOnly, Secure, SameSite=Strict cookies.
119
+ Token storage: never localStorage (XSS), always HttpOnly cookies.
120
+ Password policy: min 12 chars, check against HaveIBeenPwned API.
121
+ JWT: RS256 (not HS256), short TTL (15min), rotate signing keys quarterly.
122
+ ```
123
+
124
+ ### A08: Software and Data Integrity Failures
125
+
126
+ ```
127
+ Attack: Tampered auto-updates, unsigned packages, CI/CD pipeline compromise.
128
+ Fix: Verify checksums/signatures on all downloaded artifacts.
129
+ Sigstore/Cosign for container image signing.
130
+ SLSA framework for supply chain levels (target SLSA Level 3).
131
+ CI/CD: separate credentials per environment, audit pipeline configs.
132
+ npm: use --ignore-scripts flag, audit before install.
133
+ ```
134
+
135
+ ### A09: Security Logging and Monitoring Failures
136
+
137
+ ```
138
+ Fix: Log: every auth event, admin action, failed access, data mutation.
139
+ Include: timestamp (UTC), user_id, org_id, IP, action, resource, result.
140
+ Never log: passwords, tokens, PAN, SSN, CVV, full credit card.
141
+ Alert within 15 minutes on: impossible travel, mass data export,
142
+ admin privilege escalation, >10 auth failures.
143
+ Log retention: 90 days hot, 1 year cold (PCI DSS requires 1 year).
144
+ SIEM: ingest all logs, alert on patterns, not just individual events.
145
+ ```
146
+
147
+ ### A10: Server-Side Request Forgery (SSRF)
148
+
149
+ ```
150
+ Attack: User supplies URL → server fetches it → attacker reads internal metadata API.
151
+ AWS: http://169.254.169.254/latest/meta-data/iam/security-credentials/
152
+ Fix: Allowlist permitted URL destinations — never arbitrary user-supplied URLs.
153
+ Block RFC 1918 addresses (10.x, 172.16.x, 192.168.x) and 169.254.x.
154
+ Use DNS resolution + IP check BEFORE fetching.
155
+ Disable HTTP redirects or validate redirect target against allowlist.
156
+ ```
157
+
158
+ ---
159
+
160
+ ## OWASP API SECURITY TOP 10 (2023)
161
+
162
+ ```
163
+ API1: Broken Object Level Authorization → Scope every query to authenticated user/org
164
+ API2: Broken Authentication → Short-lived tokens, rotate refresh tokens
165
+ API3: Broken Object Property Auth → Allowlist response fields, never return full DB row
166
+ API4: Unrestricted Resource Consumption → Rate limit, payload size limits, pagination required
167
+ API5: Broken Function Level Auth → Admin endpoints on separate auth check, not just UI hide
168
+ API6: Unrestricted Access to Sensitive Business Flows → Bot detection, device fingerprinting
169
+ API7: Server-Side Request Forgery → Same as web SSRF above
170
+ API8: Security Misconfiguration → No CORS *, no debug headers, no default paths
171
+ API9: Improper Inventory Management → API versioning, decommission old versions with traffic
172
+ API10: Unsafe Consumption of APIs → Validate all third-party API responses before use
173
+ ```
174
+
175
+ ---
176
+
177
+ ## THREAT MODELING
178
+
179
+ ### STRIDE Framework (Apply to Every Feature)
180
+
181
+ ```
182
+ S — Spoofing: Can an attacker impersonate a legitimate user or service?
183
+ Mitigate: Strong auth, mutual TLS, digital signatures
184
+
185
+ T — Tampering: Can data be modified in transit or at rest without detection?
186
+ Mitigate: Integrity checks, signed tokens, audit logs, TLS
187
+
188
+ R — Repudiation: Can someone deny performing an action?
189
+ Mitigate: Immutable audit logs, signed requests, non-repudiation tokens
190
+
191
+ I — Information Disclosure: Can sensitive data be exposed to unauthorized parties?
192
+ Mitigate: Least privilege, encryption, data classification, masking
193
+
194
+ D — Denial of Service: Can an attacker disrupt availability?
195
+ Mitigate: Rate limiting, auto-scaling, circuit breakers, DDoS protection
196
+
197
+ E — Elevation of Privilege: Can a user gain more access than they should have?
198
+ Mitigate: RBAC, least privilege, privilege validation server-side
199
+ ```
200
+
201
+ ### Threat Modeling Process (Per Feature)
202
+
203
+ ```
204
+ Step 1: DECOMPOSE — Draw data flow diagram. Identify trust boundaries, entry points, data stores.
205
+ Step 2: THREATS — For each component, apply STRIDE. List all plausible attacks.
206
+ Step 3: RANK — Severity × Likelihood = Risk score (DREAD or CVSS)
207
+ Step 4: MITIGATE — For each threat: mitigate, transfer, accept, or avoid.
208
+ Step 5: VALIDATE — Write security test for each mitigated threat.
209
+ Step 6: REPEAT — Re-threat-model when architecture changes.
210
+
211
+ Time required: 2-4 hours per major feature. Non-negotiable for financial features.
212
+ ```
213
+
214
+ ---
215
+
216
+ ## APPLICATION SECURITY (APPSEC) PIPELINE
217
+
218
+ ### DevSecOps — Shift Left
219
+
220
+ ```
221
+ Pre-commit: git-secrets / detect-secrets / Gitleaks — block secret commits
222
+ IDE plugins: Snyk IntelliJ, SonarLint VSCode (real-time SAST)
223
+
224
+ PR / CI: SAST — Static analysis (Semgrep, SonarQube, CodeQL)
225
+ SCA — Dependency check (Snyk, OWASP DC, npm audit)
226
+ Secrets scan — Gitleaks, TruffleHog
227
+ IaC scan — Checkov, tfsec (Terraform misconfigs)
228
+ Container scan — Trivy (image CVEs)
229
+
230
+ Pre-deploy: DAST — Dynamic scan against staging (OWASP ZAP, Burp Suite)
231
+ API fuzzing — Schemathesis, restler-fuzzer
232
+
233
+ Production: RASP — Runtime application self-protection (contrast, sqreen)
234
+ WAF — Cloudflare WAF / AWS WAF / Cloud Armor (rules updated weekly)
235
+ Dependency monitor — Snyk monitor / Dependabot alerts
236
+ ```
237
+
238
+ ### SAST Tool Selection
239
+
240
+ ```
241
+ Semgrep: Fast, open source, custom rules, CI-native. Best first choice.
242
+ SonarQube: Comprehensive, CI integration, tracks debt over time. Self-hosted or cloud.
243
+ CodeQL: GitHub-native, deep semantic analysis, best for complex vulnerability patterns.
244
+ Checkmarx: Enterprise, expensive, deep analysis.
245
+ Veracode: Enterprise SaaS, compliance-oriented.
246
+
247
+ Run Semgrep + SonarQube minimum. CodeQL for GitHub repos (free for public).
248
+ ```
249
+
250
+ ### Penetration Testing Methodology
251
+
252
+ ```
253
+ Phase 1 — Reconnaissance:
254
+ Passive: Shodan, Censys, Google dorks, LinkedIn (OSINT)
255
+ Active: nmap port scan, service fingerprinting, SSL/TLS scan (testssl.sh)
256
+
257
+ Phase 2 — Enumeration:
258
+ Web: Dirb/ffuf (directory brute-force), nikto (web scanner)
259
+ API: Postman collection analysis, OpenAPI spec review, parameter fuzzing
260
+ Auth: JWT inspection, session token analysis, OAuth flow review
261
+
262
+ Phase 3 — Exploitation:
263
+ Automated: OWASP ZAP active scan, SQLmap (SQL injection), Nuclei templates
264
+ Manual: Business logic testing, auth bypass, IDOR, race conditions
265
+
266
+ Phase 4 — Post-Exploitation:
267
+ Lateral movement (if scoped), privilege escalation, persistence mechanisms
268
+
269
+ Phase 5 — Reporting:
270
+ CVSS scores for each finding, reproduction steps, remediation guidance, risk rating
271
+
272
+ Cadence: Annual third-party pentest + quarterly internal. Before major releases.
273
+ Tools: Burp Suite Pro, OWASP ZAP, Metasploit, Nmap, Nikto, SQLmap, Nuclei, Amass
274
+ ```
275
+
276
+ ---
277
+
278
+ ## ZERO TRUST ARCHITECTURE
279
+
280
+ ```
281
+ Core Principles:
282
+ 1. Never trust, always verify — network location grants zero trust
283
+ 2. Least privilege access — time-limited, just enough, just-in-time
284
+ 3. Assume breach — segment everything, monitor everything, limit blast radius
285
+ 4. Verify explicitly — authenticate and authorize every request, every time
286
+
287
+ Implementation:
288
+ Identity: Every user + device verified before access (MFA + device health check)
289
+ Device: Managed devices only for admin access. MDM enrolled.
290
+ Network: Micro-segmentation. Services can't talk unless explicitly allowed.
291
+ Replace VPN with identity-aware proxy (Google BeyondCorp, Cloudflare Access)
292
+ Application: Each app verifies identity independently. No "trusted" internal networks.
293
+ Data: Classify data. Apply policy per classification. Encrypt in use.
294
+
295
+ GCP Implementation:
296
+ Identity-Aware Proxy (IAP) → protects internal apps without VPN
297
+ VPC Service Controls → data perimeter, prevents data exfil from GCP services
298
+ Organization Policy → org-wide guardrails (no public IPs, require CMEK, etc.)
299
+ Access Context Manager → attribute-based access (IP, device, user)
300
+ ```
301
+
302
+ ---
303
+
304
+ ## CLOUD SECURITY (CSPM + CWPP)
305
+
306
+ ### Cloud Security Posture Management (CSPM)
307
+
308
+ ```
309
+ What it does: Continuously scans cloud config for misconfigurations and compliance violations
310
+ Tools:
311
+ Wiz: Best coverage, agentless, fast. $15K+/yr
312
+ Prisma Cloud: Palo Alto, comprehensive, expensive
313
+ Lacework: Behavioral analysis + CSPM combo
314
+ CloudSploit: Open source, GCP/AWS/Azure. Free.
315
+ ScoutSuite: Open source audit tool. Run quarterly.
316
+
317
+ Must-catch misconfigs:
318
+ □ Public S3/GCS buckets
319
+ □ Unrestricted security group rules (0.0.0.0/0 inbound)
320
+ □ Unencrypted database instances
321
+ □ MFA not enabled on root/admin accounts
322
+ □ Logging disabled (CloudTrail/Cloud Audit Logs)
323
+ □ Old IAM access keys (>90 days)
324
+ □ Public SSH/RDP ports exposed (22, 3389)
325
+ □ Default VPC in use for production
326
+ ```
327
+
328
+ ### Container & Kubernetes Security
329
+
330
+ ```
331
+ Image security:
332
+ □ Base image: use distroless or alpine (minimal attack surface)
333
+ □ Never run as root (USER nobody in Dockerfile)
334
+ □ No secrets in image layers (check with Trivy --secret)
335
+ □ Sign images with Cosign (Sigstore)
336
+ □ Image pull policy: Always (never cached stale images in prod)
337
+
338
+ Kubernetes:
339
+ □ RBAC: no cluster-admin for workloads. Namespace-scoped roles only.
340
+ □ Network Policies: default deny all, explicit allow per service pair
341
+ □ Pod Security Standards: Restricted profile in production
342
+ □ Secrets: use External Secrets Operator (GCP Secret Manager → K8s Secret)
343
+ □ No privileged containers. No hostPID/hostNetwork.
344
+ □ Resource limits on every container (prevents noisy neighbor + DoS)
345
+ □ Admission controllers: OPA/Gatekeeper or Kyverno policy engine
346
+ □ Runtime: Falco (detects anomalous container behavior in real-time)
347
+
348
+ Runtime security:
349
+ Falco rules to alert on:
350
+ - Shell spawned in container (exec into running container)
351
+ - Unexpected outbound connections from container
352
+ - Sensitive file read (/etc/shadow, /proc/*/mem)
353
+ - Privilege escalation attempts
354
+ ```
355
+
356
+ ### GCP Security Hardening Checklist
357
+
358
+ ```
359
+ Organization level:
360
+ □ Organization Policy: Restrict public IPs on Cloud SQL
361
+ □ Organization Policy: Require OS Login for Compute Engine
362
+ □ Organization Policy: Restrict allowed APIs per project
363
+ □ Cloud Audit Logs: DATA_READ + DATA_WRITE + ADMIN_WRITE on all services
364
+ □ SCC (Security Command Center) Premium enabled
365
+
366
+ Project level:
367
+ □ Default service accounts not used (create custom, least privilege)
368
+ □ Service account keys: rotate quarterly or use Workload Identity instead
369
+ □ Cloud SQL: private IP only, no public IP, SSL required
370
+ □ GCS: uniform bucket-level access, no legacy ACLs
371
+ □ Cloud Run: no unauthenticated invocations (except public endpoints)
372
+ □ Secret Manager: audit access log enabled, rotation schedule set
373
+ □ VPC: Private Google Access enabled, no default firewall rules
374
+ ```
375
+
376
+ ---
377
+
378
+ ## SECURITY MONITORING & SIEM
379
+
380
+ ### What to Log (Mandatory)
381
+
382
+ ```
383
+ Authentication events:
384
+ login_success, login_failure, logout, mfa_challenge, mfa_success, mfa_failure,
385
+ password_reset_requested, password_changed, token_refreshed, token_revoked,
386
+ session_expired, account_locked, account_unlocked
387
+
388
+ Authorization events:
389
+ access_denied, privilege_escalation_attempt, role_assigned, role_revoked,
390
+ admin_action (any), api_key_created, api_key_deleted
391
+
392
+ Data events:
393
+ record_created, record_updated, record_deleted (with before/after for sensitive fields),
394
+ bulk_export, bulk_delete, pii_accessed (who accessed whose data)
395
+
396
+ Infrastructure events:
397
+ deploy_started, deploy_completed, deploy_failed, config_changed,
398
+ secret_accessed (who, when, which secret), IAM_policy_changed
399
+
400
+ Format (every log line must have all fields):
401
+ {
402
+ "timestamp": "2024-01-15T10:30:00.000Z", // UTC always
403
+ "trace_id": "abc-123", // correlate across services
404
+ "user_id": "usr_xyz", // who did it
405
+ "org_id": "org_abc", // tenant context
406
+ "ip": "1.2.3.4", // source IP
407
+ "user_agent": "...", // client context
408
+ "action": "transaction.created", // what happened
409
+ "resource_id": "tx_123", // on what
410
+ "result": "success", // success/failure/denied
411
+ "duration_ms": 45 // performance context
412
+ }
413
+ ```
414
+
415
+ ### SIEM Architecture
416
+
417
+ ```
418
+ Sources: App logs, Cloud Audit Logs, WAF logs, VPC Flow Logs, DNS logs
419
+ Ingestion: Pub/Sub (GCP) or Kafka → log pipeline
420
+ Normalization: Parse into common schema (CEF or ECS — Elastic Common Schema)
421
+ Storage: BigQuery (GCP) or Elasticsearch — index for fast search
422
+ Correlation: Detection rules — alert on patterns, not single events
423
+ Alerting: PagerDuty / OpsGenie → on-call rotation
424
+ Response: SOAR (Security Orchestration) — auto-remediate known patterns
425
+
426
+ Tools:
427
+ Managed: Google Chronicle, Microsoft Sentinel, Splunk, Sumo Logic
428
+ Open source: ELK Stack (Elasticsearch + Logstash + Kibana) + Sigma rules
429
+ Lightweight: Grafana + Loki + alert rules (good for small teams, low cost)
430
+ GCP-native: Chronicle SIEM (Google's) — best GCP log integration
431
+ ```
432
+
433
+ ### Detection Rules (Critical Alerts — PagerDuty Immediately)
434
+
435
+ ```
436
+ Brute force: >10 auth failures from same IP in 5 minutes
437
+ Credential stuffing: >5 failed logins across different accounts from same IP
438
+ Impossible travel: Login from country A, then country B within 2 hours
439
+ Mass data export: Single user exports >1000 records in 10 minutes
440
+ Privilege escalation: Role change granting admin-level access
441
+ New admin account: Any new user assigned admin/owner role
442
+ Off-hours admin: Admin action between 10PM-6AM (tune per org)
443
+ API key abuse: Single API key >10,000 requests in 1 hour
444
+ Secret access: Service accessing secrets it has never accessed before
445
+ Public resource: Cloud storage bucket or DB made publicly accessible
446
+ New external IP: Cloud Run service starts communicating with unknown external IP
447
+ ```
448
+
449
+ ### Threat Intelligence Integration
450
+
451
+ ```
452
+ Feeds to consume:
453
+ MITRE ATT&CK: Adversary tactics, techniques, procedures (TTPs) — map detections to ATT&CK
454
+ CISA KEV: Known Exploited Vulnerabilities — patch these IMMEDIATELY (cisa.gov/kev)
455
+ NVD CVE: National Vulnerability Database — monitor for new critical CVEs
456
+ AlienVault OTX: Open threat intelligence — IP/domain/hash reputation
457
+ Shodan: Monitor your own external attack surface
458
+ PhishTank: Phishing URL feeds
459
+
460
+ Integration pattern:
461
+ Enrich every inbound IP in logs against threat intel feed (check reputation score)
462
+ Block known-bad IPs at WAF level automatically
463
+ Alert when traffic matches known malicious patterns (IoCs)
464
+
465
+ Tools: MISP (open source threat intel platform), OpenCTI, ThreatConnect
466
+ ```
467
+
468
+ ---
469
+
470
+ ## CRYPTOGRAPHY STANDARDS
471
+
472
+ ### What to Use (2024)
473
+
474
+ ```
475
+ Symmetric encryption: AES-256-GCM (authenticated encryption — integrity + confidentiality)
476
+ ChaCha20-Poly1305 (faster on mobile/embedded, same security)
477
+ Never: DES, 3DES, AES-ECB, RC4
478
+
479
+ Asymmetric: RSA-4096 (key exchange/signing) — prefer Ed25519 for new systems
480
+ Ed25519 / ECDSA P-256 (digital signatures — faster, smaller keys)
481
+ ECDH P-256 (key agreement)
482
+ Never: RSA < 2048, DSA, MD5/SHA1 for signing
483
+
484
+ Hashing: SHA-256 / SHA-3 for data integrity
485
+ BLAKE3 for performance-critical hashing
486
+ argon2id for password storage (never SHA/MD5 for passwords)
487
+ Never: MD5, SHA1 for security purposes
488
+
489
+ TLS: TLS 1.3 required. TLS 1.2 acceptable with restricted ciphers.
490
+ Never: SSL, TLS 1.0, TLS 1.1
491
+ Cipher suites: ECDHE + AES-128-GCM, ECDHE + AES-256-GCM, ECDHE + ChaCha20
492
+
493
+ Key management: GCP Cloud KMS or AWS KMS or HashiCorp Vault
494
+ Rotate encryption keys annually
495
+ Key hierarchy: Master Key → Data Encryption Keys → Data
496
+ FIPS 140-2 Level 3 HSM for financial/regulated workloads
497
+
498
+ JWT signing: RS256 (RSA) or ES256 (ECDSA) — never HS256 in multi-service arch
499
+ Key rotation: quarterly, with overlap period
500
+ ```
501
+
502
+ ### Envelope Encryption Pattern
503
+
504
+ ```python
505
+ # Google Cloud KMS envelope encryption
506
+ from google.cloud import kms
507
+
508
+ def encrypt_sensitive_field(plaintext: str, key_name: str) -> dict:
509
+ # 1. Generate a data encryption key (DEK) locally
510
+ import os
511
+ dek = os.urandom(32) # 256-bit AES key
512
+
513
+ # 2. Encrypt your data with the DEK
514
+ ciphertext = aes_gcm_encrypt(plaintext.encode(), dek)
515
+
516
+ # 3. Wrap (encrypt) the DEK with Cloud KMS master key
517
+ kms_client = kms.KeyManagementServiceClient()
518
+ wrapped_dek = kms_client.encrypt(name=key_name, plaintext=dek).ciphertext
519
+
520
+ # 4. Store: ciphertext + wrapped DEK (KMS key never leaves KMS)
521
+ return {"ciphertext": ciphertext.hex(), "wrapped_dek": wrapped_dek.hex()}
522
+ # Decrypt: unwrap DEK via KMS → decrypt ciphertext with DEK
523
+ ```
524
+
525
+ ---
526
+
527
+ ## IDENTITY & ACCESS MANAGEMENT
528
+
529
+ ### Privileged Access Management (PAM)
530
+
531
+ ```
532
+ Just-In-Time (JIT) access:
533
+ Engineers request elevated access for specific task + timeframe
534
+ Auto-approved for standard ops, human approval for sensitive data access
535
+ Access expires automatically (1-8 hours, not permanent)
536
+ All actions logged with business justification
537
+ Tools: CyberArk, BeyondTrust, HashiCorp Boundary, GCP PAM (preview)
538
+
539
+ Service-to-service auth:
540
+ GCP: Workload Identity Federation (no service account keys)
541
+ AWS: IAM Roles for Service Accounts (IRSA)
542
+ On-prem: SPIFFE/SPIRE for workload identity
543
+ Never: long-lived service account keys stored in config
544
+
545
+ MFA Requirements (enforce in code, not just policy):
546
+ Admin access: FIDO2/Passkeys or hardware token (YubiKey) — TOTP not sufficient
547
+ Standard users: TOTP app minimum (Google Authenticator, Authy)
548
+ API access: API keys + IP allowlist + request signing
549
+ Never: SMS-based MFA for high-value accounts (SIM swap vulnerable)
550
+ ```
551
+
552
+ ### IAM Audit (Run Monthly)
553
+
554
+ ```
555
+ Find over-privileged roles:
556
+ GCP: gcloud projects get-iam-policy PROJECT --format=json | analyze
557
+ AWS: IAM Access Analyzer + unused access findings
558
+
559
+ Check for:
560
+ □ Roles with * on resources (over-broad)
561
+ □ Service accounts with owner/editor (should be specific roles)
562
+ □ IAM access keys older than 90 days
563
+ □ Unused service accounts (no API activity >30 days → delete)
564
+ □ Users with direct permissions (should be via groups/roles)
565
+ □ Cross-account trust relationships (any unexpected?)
566
+ ```
567
+
568
+ ---
569
+
570
+ ## INCIDENT RESPONSE
571
+
572
+ ### Severity Classification
573
+
574
+ ```
575
+ P0 — Critical: Active breach, data exfil in progress, ransomware, service down
576
+ Response: 5min. War room immediately. CEO + Legal notified.
577
+
578
+ P1 — High: Suspected breach, critical vuln exploited, auth system compromised
579
+ Response: 15min. Security lead + engineering lead.
580
+
581
+ P2 — Medium: Anomalous behavior, failed exploitation attempt, compliance gap found
582
+ Response: 1 hour. Security team + affected service owner.
583
+
584
+ P3 — Low: Policy violation, low-severity CVE, config drift
585
+ Response: Next business day. Assigned owner.
586
+ ```
587
+
588
+ ### NIST Incident Response Framework
589
+
590
+ ```
591
+ 1. PREPARE:
592
+ □ IR plan documented + tested quarterly
593
+ □ Contact list: security team, legal, PR, executives, regulators
594
+ □ Forensic tools pre-installed (not scrambling to install during incident)
595
+ □ Evidence preservation procedures known to all engineers
596
+ □ Cyber insurance policy in place
597
+
598
+ 2. IDENTIFY:
599
+ □ What happened? When did it start? (look for earliest indicator)
600
+ □ What systems are affected? (blast radius assessment)
601
+ □ Is it still ongoing? (contain before investigating)
602
+ □ Log preservation: export logs to isolated read-only bucket immediately
603
+
604
+ 3. CONTAIN:
605
+ Short-term: Block attacker (IP ban, revoke credentials, isolate instance)
606
+ Long-term: Patch, fix configuration, rebuild if necessary
607
+ Do NOT shut everything down immediately — preserve evidence first
608
+
609
+ 4. ERADICATE:
610
+ Remove all attacker persistence (backdoors, new user accounts, cron jobs)
611
+ Scan ALL systems — attackers often pivot from initial compromise
612
+ Reset all credentials that may have been exposed
613
+ Rotate all secrets (assume all secrets compromised)
614
+
615
+ 5. RECOVER:
616
+ Restore from clean backups (verify backups are clean — attackers may have been in months)
617
+ Deploy patched/clean systems
618
+ Monitor intensively for 30 days post-recovery
619
+ Gradual return to service — don't rush
620
+
621
+ 6. LESSONS LEARNED:
622
+ Blameless post-mortem within 72 hours
623
+ Root cause analysis (5 Whys)
624
+ Detection gap: why didn't we catch this sooner?
625
+ Prevention: specific fixes with owners and deadlines
626
+ Update runbooks + detection rules
627
+ ```
628
+
629
+ ### Breach Notification Requirements
630
+
631
+ ```
632
+ GDPR: 72 hours to supervisory authority if personal data affected
633
+ CCPA: Reasonable notice to affected California residents
634
+ PCI DSS: Immediate notification to card brands (Visa, Mastercard) + acquiring bank
635
+ HIPAA: 60 days to HHS, affected individuals, and media (if >500 in a state)
636
+ India PDPB: 72 hours to Data Protection Board (when enacted)
637
+ SEC (US): 4 business days for material cybersecurity incidents (Rule 8-K)
638
+ RBI (India): Immediate to RBI CSITE + NPCI for payment system incidents
639
+
640
+ Prepare breach notification templates in advance. Legal review annually.
641
+ ```
642
+
643
+ ---
644
+
645
+ ## VULNERABILITY MANAGEMENT
646
+
647
+ ### CVE Tracking & Patch SLAs
648
+
649
+ ```
650
+ CVSS Score → Patch Timeline:
651
+ Critical (9.0-10.0): Patch within 24 hours. Emergency change if needed.
652
+ High (7.0-8.9): Patch within 7 days.
653
+ Medium (4.0-6.9): Patch within 30 days.
654
+ Low (0.1-3.9): Patch within 90 days.
655
+
656
+ CISA KEV overrides: Patch within 2 weeks regardless of CVSS (these are actively exploited).
657
+
658
+ Automation:
659
+ Renovate Bot: Auto-PRs for dependency updates (better than Dependabot — more flexible)
660
+ Trivy: Scan container images in CI, block critical CVEs
661
+ Snyk: Monitor production containers + code continuously
662
+ Grafeas: Artifact metadata and attestation (GCP-native)
663
+ ```
664
+
665
+ ### SBOM (Software Bill of Materials)
666
+
667
+ ```
668
+ Generate on every release:
669
+ Node.js: cyclonedx-node-npm --output-file sbom.json
670
+ Python: cyclonedx-py -p -e -o sbom.json
671
+ Java: CycloneDX Maven/Gradle plugin
672
+ Docker: syft image:tag -o cyclonedx-json=sbom.json
673
+
674
+ Store in artifact registry alongside each release.
675
+ Required by: US Executive Order 14028, EU Cyber Resilience Act, PCI DSS 4.0.
676
+ Enables: rapid "do we use Log4j?" type queries during zero-day events.
677
+ ```
678
+
679
+ ---
680
+
681
+ ## COMPLIANCE FRAMEWORKS
682
+
683
+ ### SOC 2 Type II (Most Important for SaaS)
684
+
685
+ ```
686
+ Trust Services Criteria:
687
+ Security: CC6 — Logical access, CC7 — System operations, CC8 — Change management
688
+ Availability: Uptime SLAs, disaster recovery, capacity planning
689
+ Confidentiality: Data classification, encryption, access controls
690
+ Processing Integrity: Complete, accurate, timely processing
691
+ Privacy: GDPR/CCPA alignment, consent management
692
+
693
+ Controls required (sample):
694
+ □ All access requires MFA
695
+ □ Background checks for all employees with system access
696
+ □ Annual security training for all staff
697
+ □ Penetration test annually
698
+ □ Business continuity plan tested annually
699
+ □ Incident response tested quarterly
700
+ □ Vendor security assessments for critical vendors
701
+ □ Encryption at rest and in transit
702
+ □ Change management process documented
703
+ □ Vulnerability management program with SLAs
704
+
705
+ Tools:
706
+ Vanta: Best automated SOC2 prep (<user> already using). ~$15K/yr. Gets to audit-ready fastest.
707
+ Drata: Vanta competitor, good integrations.
708
+ Secureframe: Strong for early-stage.
709
+ Manual: Feasible but 10x more work.
710
+
711
+ Timeline: SOC2 Type I in 3 months (controls exist). Type II in 12 months (controls operated for period).
712
+ ```
713
+
714
+ ### PCI DSS 4.0 (If Handling Card Data)
715
+
716
+ ```
717
+ Key requirements for SaaS (Level 4 — <20K transactions):
718
+ □ Never store raw PANs, CVV, or full magnetic stripe
719
+ □ Tokenize: use Stripe.js/Elements — card data never touches your server
720
+ □ WAF protecting all web-facing systems
721
+ □ Vulnerability scanning quarterly (ASV scan)
722
+ □ Penetration test annually
723
+ □ Maintain audit logs 12 months
724
+ □ MFA for all non-consumer access
725
+ □ Encrypt cardholder data in transit (TLS 1.2+)
726
+ □ Self-Assessment Questionnaire (SAQ A or SAQ A-EP for most SaaS)
727
+
728
+ Best advice: Use Stripe.js + Stripe Elements. Never touch raw card data. Reduces scope to SAQ A.
729
+ ```
730
+
731
+ ### GDPR / Data Privacy
732
+
733
+ ```
734
+ Core requirements:
735
+ □ Lawful basis for processing (consent, contract, legitimate interest, etc.)
736
+ □ Data subject rights: access, rectification, erasure ("right to be forgotten"), portability
737
+ □ Privacy by design: collect minimum data, purpose limitation
738
+ □ Data Processing Agreements (DPAs) with all sub-processors
739
+ □ Records of Processing Activities (ROPA) — document what you process and why
740
+ □ 72-hour breach notification to supervisory authority
741
+ □ DPIA (Data Protection Impact Assessment) for high-risk processing
742
+ □ Cookie consent — real consent, not dark patterns
743
+
744
+ Technical implementation:
745
+ Data inventory: Every field of every table — classify: PII / sensitive / public
746
+ Erasure: User delete → anonymize or delete all PII across all tables + backups
747
+ Portability: Export user data as machine-readable JSON/CSV on request
748
+ Data residency: EU personal data must stay in EU (or adequate third country)
749
+ Consent logging: Timestamp, IP, consent text version for every consent collected
750
+ ```
751
+
752
+ ---
753
+
754
+ ## FRAUD DETECTION & FINANCIAL CRIME (<project>-Specific)
755
+
756
+ ### Real-Time Fraud Signal Architecture
757
+
758
+ ```
759
+ Transaction Event → Feature Extraction → Risk Scoring → Decision → Action
760
+ ↓ ↓
761
+ [Feature Store] [ML Model + Rules]
762
+
763
+ velocity, device, IP, behavior, history
764
+
765
+ Signal categories:
766
+ Velocity: transactions per hour/day, amount per period, new payee frequency
767
+ Device: device fingerprint, new device, rooted/jailbroken, emulator detected
768
+ Location: IP geolocation, distance from last transaction, impossible travel
769
+ Behavior: typing speed, session duration, navigation pattern (vs baseline)
770
+ Network: VPN/proxy/Tor detected, datacenter IP, known fraud IP
771
+ Identity: name/address/phone mismatch, synthetic identity signals
772
+ Transaction: unusual amount (vs history), unusual merchant, round amounts, split transactions
773
+ ```
774
+
775
+ ### Fraud Rule Engine Design
776
+
777
+ ```
778
+ Priority execution:
779
+ P0 Hard Block: Stolen card list, OFAC sanctions match, known fraud device → instant deny
780
+ P1 Hard Block: Velocity limit exceeded, impossible travel, known fraud IP → instant deny
781
+ P2 Soft Block: ML score > 0.9 → step-up auth (OTP required)
782
+ P3 Review: ML score 0.7-0.9 → human review queue
783
+ P4 Monitor: ML score 0.4-0.7 → flag for pattern analysis
784
+ P5 Allow: ML score < 0.4 → approve (standard risk)
785
+
786
+ Rule governance:
787
+ Every rule: owner, creation date, last review date, hit rate, precision/recall
788
+ Rules reviewed monthly — prune low-precision rules, add new patterns
789
+ A/B test rule changes — never deploy blind
790
+ False positive rate target: <0.5% (every false positive = lost revenue + angry customer)
791
+ ```
792
+
793
+ ### AML (Anti-Money Laundering) Technical Controls
794
+
795
+ ```
796
+ Structuring detection: Transactions just below reporting thresholds (e.g., $9,900)
797
+ Alert: 3+ transactions in 24h summing to >$10K per user
798
+
799
+ Layering detection: Rapid fund movement across multiple accounts
800
+ Alert: Money in → out to different account within 1 hour
801
+
802
+ Round-tripping: Funds leaving and returning to same source
803
+ Graph analysis: detect cycles in transaction graph
804
+
805
+ SAR filing: Automated SAR (Suspicious Activity Report) generation
806
+ File with FinCEN within 30 days of detection (US requirement)
807
+ Store SAR data with 5-year retention
808
+
809
+ KYC integration: Identity verification at onboarding (Jumio, Onfido, Persona)
810
+ Enhanced due diligence for high-risk users (PEPs, high-volume)
811
+ Ongoing monitoring: re-verify on behavior change triggers
812
+ ```
813
+
814
+ ---
815
+
816
+ ## SECURITY METRICS (MEASURE THESE)
817
+
818
+ ```
819
+ Detection:
820
+ MTTD: Mean Time to Detect — target <1 hour for critical events
821
+ Alert fidelity: True positive rate of security alerts — target >30% (tune to reduce noise)
822
+ Coverage: % of attack surface with detection rules
823
+
824
+ Response:
825
+ MTTR: Mean Time to Respond — target <4 hours for P0/P1
826
+ MTTC: Mean Time to Contain — stop ongoing attack — target <30 min for P0
827
+
828
+ Prevention:
829
+ Patch compliance: % of critical CVEs patched within SLA — target 100% for critical
830
+ Vuln backlog: Open vulnerabilities by severity — track weekly, trending down
831
+ Security debt: Security findings in code — track like technical debt
832
+
833
+ Posture:
834
+ Cloud compliance score: CSPM findings — target 0 critical, <10 high
835
+ Pen test findings: Track findings year-over-year — should decrease
836
+ Security training: % staff completed annual training — target 100%
837
+
838
+ Report to leadership: Monthly 1-page security scorecard. Executives must see these numbers.
839
+ ```