npm - @qubiit/lmagent - Versions diffs - 2.5.0 - Mend

@qubiit/lmagent 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/.editorconfig +18 -0
package/AGENTS.md +169 -0
package/CLAUDE.md +122 -0
package/CONTRIBUTING.md +90 -0
package/LICENSE +21 -0
package/README.md +195 -0
package/config/commands.yaml +194 -0
package/config/levels.yaml +135 -0
package/config/models.yaml +192 -0
package/config/settings.yaml +405 -0
package/config/tools-extended.yaml +534 -0
package/config/tools.yaml +437 -0
package/docs/assets/logo.png +0 -0
package/docs/commands.md +132 -0
package/docs/customization-guide.md +445 -0
package/docs/getting-started.md +154 -0
package/docs/how-to-start.md +242 -0
package/docs/navigation-index.md +227 -0
package/docs/usage-guide.md +113 -0
package/install.js +1044 -0
package/package.json +35 -0
package/pyproject.toml +182 -0
package/rules/_bootstrap.md +138 -0
package/rules/agents-ia.md +607 -0
package/rules/api-design.md +337 -0
package/rules/automations-n8n.md +646 -0
package/rules/code-style.md +570 -0
package/rules/documentation.md +98 -0
package/rules/security.md +316 -0
package/rules/stack.md +395 -0
package/rules/testing.md +326 -0
package/rules/workflow.md +353 -0
package/scripts/create_skill.js +300 -0
package/scripts/validate_skills.js +283 -0
package/skills/ai-agent-engineer/SKILL.md +394 -0
package/skills/ai-agent-engineer/references/agent-patterns.md +149 -0
package/skills/api-designer/SKILL.md +429 -0
package/skills/api-designer/references/api-standards.md +13 -0
package/skills/architect/SKILL.md +285 -0
package/skills/architect/references/c4-model.md +133 -0
package/skills/automation-engineer/SKILL.md +352 -0
package/skills/automation-engineer/references/n8n-patterns.md +127 -0
package/skills/backend-engineer/SKILL.md +261 -0
package/skills/backend-engineer/assets/fastapi-project-structure.yaml +74 -0
package/skills/backend-engineer/references/debugging-guide.md +174 -0
package/skills/backend-engineer/references/design-patterns.md +208 -0
package/skills/backend-engineer/scripts/scaffold_backend.py +313 -0
package/skills/bmad-methodology/SKILL.md +202 -0
package/skills/bmad-methodology/references/scale-adaptive-levels.md +141 -0
package/skills/browser-agent/SKILL.md +502 -0
package/skills/browser-agent/scripts/playwright_setup.ts +16 -0
package/skills/code-reviewer/SKILL.md +306 -0
package/skills/code-reviewer/references/code-review-checklist.md +16 -0
package/skills/data-engineer/SKILL.md +474 -0
package/skills/data-engineer/assets/pg-monitoring-queries.sql +154 -0
package/skills/data-engineer/references/index-strategy.md +128 -0
package/skills/data-engineer/scripts/backup_postgres.py +221 -0
package/skills/devops-engineer/SKILL.md +547 -0
package/skills/devops-engineer/references/ci-cd-patterns.md +265 -0
package/skills/devops-engineer/scripts/docker_healthcheck.py +125 -0
package/skills/document-generator/SKILL.md +746 -0
package/skills/document-generator/references/pdf-generation.md +22 -0
package/skills/frontend-engineer/SKILL.md +532 -0
package/skills/frontend-engineer/references/accessibility-guide.md +146 -0
package/skills/frontend-engineer/scripts/audit_bundle.py +144 -0
package/skills/git-workflow/SKILL.md +374 -0
package/skills/git-workflow/references/git-flow.md +25 -0
package/skills/mcp-builder/SKILL.md +471 -0
package/skills/mcp-builder/references/mcp-server-guide.md +23 -0
package/skills/mobile-engineer/SKILL.md +502 -0
package/skills/mobile-engineer/references/platform-guidelines.md +160 -0
package/skills/orchestrator/SKILL.md +246 -0
package/skills/orchestrator/references/methodology-routing.md +117 -0
package/skills/orchestrator/references/persona-mapping.md +85 -0
package/skills/orchestrator/references/routing-logic.md +110 -0
package/skills/performance-engineer/SKILL.md +549 -0
package/skills/performance-engineer/references/caching-patterns.md +181 -0
package/skills/performance-engineer/scripts/profile_endpoint.py +170 -0
package/skills/product-manager/SKILL.md +488 -0
package/skills/product-manager/references/prioritization-frameworks.md +126 -0
package/skills/prompt-engineer/SKILL.md +433 -0
package/skills/prompt-engineer/references/prompt-patterns.md +158 -0
package/skills/qa-engineer/SKILL.md +441 -0
package/skills/qa-engineer/references/testing-strategy.md +166 -0
package/skills/qa-engineer/scripts/run_coverage.py +147 -0
package/skills/scrum-master/SKILL.md +225 -0
package/skills/scrum-master/references/sprint-ceremonies.md +159 -0
package/skills/security-analyst/SKILL.md +390 -0
package/skills/security-analyst/references/owasp-top10.md +188 -0
package/skills/security-analyst/scripts/audit_security.py +242 -0
package/skills/seo-auditor/SKILL.md +523 -0
package/skills/seo-auditor/references/seo-checklist.md +17 -0
package/skills/spec-driven-dev/SKILL.md +342 -0
package/skills/spec-driven-dev/references/phase-gates.md +107 -0
package/skills/supabase-expert/SKILL.md +602 -0
package/skills/supabase-expert/references/supabase-patterns.md +19 -0
package/skills/swe-agent/SKILL.md +311 -0
package/skills/swe-agent/references/trajectory-format.md +134 -0
package/skills/systematic-debugger/SKILL.md +512 -0
package/skills/systematic-debugger/references/debugging-guide.md +12 -0
package/skills/tech-lead/SKILL.md +409 -0
package/skills/tech-lead/references/code-review-checklist.md +111 -0
package/skills/technical-writer/SKILL.md +631 -0
package/skills/technical-writer/references/doc-templates.md +218 -0
package/skills/testing-strategist/SKILL.md +476 -0
package/skills/testing-strategist/references/testing-pyramid.md +16 -0
package/skills/ux-ui-designer/SKILL.md +419 -0
package/skills/ux-ui-designer/references/design-system-foundation.md +168 -0
package/skills_overview.txt +94 -0
package/templates/PROJECT_KICKOFF.md +284 -0
package/templates/SKILL_TEMPLATE.md +131 -0
package/templates/USAGE.md +95 -0
package/templates/agent-python/README.md +71 -0
package/templates/agent-python/agent.py +272 -0
package/templates/agent-python/config.yaml +76 -0
package/templates/agent-python/prompts/system.md +109 -0
package/templates/agent-python/requirements.txt +7 -0
package/templates/automation-n8n/README.md +14 -0
package/templates/automation-n8n/webhook-handler.json +57 -0
package/templates/backend-node/Dockerfile +12 -0
package/templates/backend-node/README.md +15 -0
package/templates/backend-node/package.json +30 -0
package/templates/backend-node/src/index.ts +19 -0
package/templates/backend-node/src/routes.ts +7 -0
package/templates/backend-node/tsconfig.json +22 -0
package/templates/backend-python/Dockerfile +11 -0
package/templates/backend-python/README.md +78 -0
package/templates/backend-python/app/core/config.py +12 -0
package/templates/backend-python/app/core/database.py +12 -0
package/templates/backend-python/app/main.py +17 -0
package/templates/backend-python/app/routers/__init__.py +1 -0
package/templates/backend-python/app/routers/health.py +7 -0
package/templates/backend-python/requirements-dev.txt +6 -0
package/templates/backend-python/requirements.txt +4 -0
package/templates/backend-python/tests/test_health.py +9 -0
package/templates/checkpoint.yaml +117 -0
package/templates/database/README.md +474 -0
package/templates/frontend-react/README.md +446 -0
package/templates/plan.yaml +320 -0
package/templates/session.yaml +125 -0
package/templates/spec.yaml +229 -0
package/templates/tasks.yaml +330 -0
package/workflows/bugfix-backend.md +380 -0
package/workflows/documentation.md +232 -0
package/workflows/generate-prd.md +320 -0
package/workflows/ideation.md +396 -0
package/workflows/new-agent-ia.md +497 -0
package/workflows/new-automation.md +374 -0
package/workflows/new-feature.md +290 -0
package/workflows/optimize-performance.md +373 -0
package/workflows/resolve-github-issue.md +524 -0
package/workflows/security-review.md +291 -0
package/workflows/spec-driven.md +476 -0
package/workflows/testing-strategy.md +296 -0
package/workflows/third-party-integration.md +277 -0

package/workflows/security-review.md ADDED Viewed

@@ -0,0 +1,291 @@
+---
+description: Workflow para ejecutar una revisión de seguridad
+level: 2-3
+personas: [security-analyst, backend-engineer]
+---
+# Security Review Workflow
+Este workflow guía una revisión de seguridad de código o cambios.
+## Pre-requisitos
+1. Leer [AGENTS.md](../AGENTS.md)
+2. Leer [rules/stack.md](../rules/stack.md)
+3. Leer [personas/security-analyst.md](../personas/security-analyst.md)
+## Información Requerida
+1. **Alcance**: ¿Qué se está revisando? (PR, módulo, sistema completo)
+2. **Tipo de cambio**: ¿Nuevo código, refactor, integración?
+3. **Datos sensibles**: ¿Se manejan datos PII, financieros, etc.?
+4. **Exposición**: ¿Es interno, público, API?
+---
+## Paso 1: Clasificar Riesgo
+### Matriz de Riesgo
+| Factor | Bajo | Medio | Alto | Crítico |
+|--------|------|-------|------|---------|
+| Datos | Públicos | Internos | PII | Financieros/Salud |
+| Acceso | Interno | Autenticado | Público | Sin restricción |
+| Impacto | UX | Funcional | Datos | Sistema completo |
+### Determinar Profundidad de Review
+```
+Riesgo Bajo    → Quick review (30 min)
+Riesgo Medio   → Standard review (1-2 hrs)
+Riesgo Alto    → Deep review (4+ hrs)
+Riesgo Crítico → Full audit + penetration test
+```
+---
+## Paso 2: Checklist de Seguridad
+### Autenticación
+- [ ] ¿Se valida el token/sesión en cada request?
+- [ ] ¿Los tokens tienen expiración?
+- [ ] ¿Se usa HTTPS obligatorio?
+- [ ] ¿Hay protección contra brute force?
+- [ ] ¿Las contraseñas se hashean correctamente? (bcrypt, argon2)
+### Autorización
+- [ ] ¿Cada endpoint verifica permisos?
+- [ ] ¿Se aplica principio de menor privilegio?
+- [ ] ¿Hay separación de roles?
+- [ ] ¿Se valida acceso a recursos por owner?
+### Input Validation
+- [ ] ¿Todos los inputs se validan?
+- [ ] ¿Se usa Pydantic/class-validator?
+- [ ] ¿Se sanitizan inputs de texto?
+- [ ] ¿Hay límites de tamaño?
+- [ ] ¿Se rechaza content-type inesperado?
+### SQL Injection
+- [ ] ¿Se usan queries parametrizadas?
+- [ ] ¿No hay concatenación de strings en SQL?
+- [ ] ¿Se usa ORM correctamente?
+### XSS/Injection
+- [ ] ¿Se escapan outputs en HTML?
+- [ ] ¿Se usa CSP headers?
+- [ ] ¿No hay eval() o exec() con user input?
+### Secrets
+- [ ] ¿No hay credenciales en código?
+- [ ] ¿Se usan variables de entorno?
+- [ ] ¿Los secrets no aparecen en logs?
+- [ ] ¿.env está en .gitignore?
+### Logging
+- [ ] ¿Se loguean eventos de seguridad?
+- [ ] ¿No se loguean datos sensibles?
+- [ ] ¿Hay audit trail para acciones críticas?
+### Headers de Seguridad
+- [ ] X-Content-Type-Options: nosniff
+- [ ] X-Frame-Options: DENY
+- [ ] X-XSS-Protection: 1; mode=block
+- [ ] Strict-Transport-Security
+- [ ] Content-Security-Policy
+### Rate Limiting
+- [ ] ¿Hay límite de requests?
+- [ ] ¿Se limitan operaciones costosas?
+- [ ] ¿Hay protección contra DDoS?
+### Dependencias
+- [ ] ¿Dependencias actualizadas?
+- [ ] ¿No hay vulnerabilidades conocidas?
+- [ ] ¿Se usa lockfile?
+---
+## Paso 3: Herramientas de Análisis
+### Análisis Estático
+```bash
+# Python - Bandit
+pip install bandit
+bandit -r app/
+# Python - Safety (dependencias)
+pip install safety
+safety check
+# Node - npm audit
+npm audit
+# Docker - Trivy
+trivy image myapp:latest
+```
+### Búsqueda de Patrones
+```bash
+# Buscar secrets hardcodeados
+grep -rn "password\s*=" --include="*.py" .
+grep -rn "api_key\s*=" --include="*.py" .
+grep -rn "secret" --include="*.py" .
+# Buscar SQL inseguro
+grep -rn "execute(" --include="*.py" .
+grep -rn "f\"SELECT" --include="*.py" .
+# Buscar eval/exec
+grep -rn "eval(" --include="*.py" .
+grep -rn "exec(" --include="*.py" .
+```
+---
+## Paso 4: Documentar Findings
+### Template de Finding
+```markdown
+## [SEV-{severity}] {Título del finding}
+### Descripción
+{Qué es el problema}
+### Ubicación
+- Archivo: `path/to/file.py`
+- Línea: {línea}
+- Código:
+```python
+{código vulnerable}
+```
+### Impacto
+{Qué podría pasar si se explota}
+### CVSS Score (opcional)
+{Calcular score si aplica}
+### Recomendación
+{Cómo arreglarlo}
+### Código Corregido
+```python
+{código seguro}
+```
+### Referencias
+- [OWASP Reference](link)
+- [CWE Reference](link)
+```
+### Severidades
+| Severidad | Descripción | Acción |
+|-----------|-------------|--------|
+| CRITICAL | Explotable remotamente, impacto total | Fix inmediato, bloquear merge |
+| HIGH | Explotable, impacto significativo | Fix antes de deploy |
+| MEDIUM | Requiere condiciones, impacto parcial | Fix en próximo sprint |
+| LOW | Difícil explotar, impacto menor | Backlog |
+| INFO | Mejora recomendada | Considerar |
+---
+## Paso 5: Crear Reporte
+### Template de Reporte
+```markdown
+# Security Review Report
+## Información General
+| Campo | Valor |
+|-------|-------|
+| Fecha | {fecha} |
+| Revisor | {nombre} |
+| Alcance | {qué se revisó} |
+| Riesgo General | {Bajo/Medio/Alto/Crítico} |
+## Resumen Ejecutivo
+{1-2 párrafos resumiendo estado general}
+## Estadísticas
+| Severidad | Cantidad |
+|-----------|----------|
+| Critical | {n} |
+| High | {n} |
+| Medium | {n} |
+| Low | {n} |
+| Info | {n} |
+## Findings
+### Critical & High Priority
+{Listar findings críticos y altos}
+### Medium Priority
+{Listar findings medios}
+### Low Priority & Info
+{Listar o resumir}
+## Recomendaciones
+1. {Recomendación 1}
+2. {Recomendación 2}
+3. {Recomendación 3}
+## Próximos Pasos
+- [ ] Fix critical findings
+- [ ] Fix high findings
+- [ ] Schedule follow-up review
+## Aprobación
+| Rol | Nombre | Fecha | Estado |
+|-----|--------|-------|--------|
+| Security Analyst | | | |
+| Tech Lead | | | |
+```
+---
+## Paso 6: Seguimiento
+### Tracking de Remediation
+- [ ] Crear issues para cada finding
+- [ ] Asignar prioridades
+- [ ] Programar re-review
+- [ ] Verificar fixes aplicados
+- [ ] Actualizar documentación
+### Re-review
+Después de fixes:
+- [ ] Verificar que cada finding está resuelto
+- [ ] No se introdujeron nuevos issues
+- [ ] Tests de seguridad pasan
+- [ ] Aprobar para merge/deploy
+---
+## Checklist Final
+- [ ] Todos los findings documentados
+- [ ] Severidades asignadas
+- [ ] Recomendaciones claras
+- [ ] Reporte generado
+- [ ] Issues creados para tracking
+- [ ] Stakeholders notificados
+- [ ] Re-review programado