npm - @riligar/agents-kit - Versions diffs - 1.7.0 → 1.9.0 - Mend

@riligar/agents-kit 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/.agent/skills/riligar-business-startup-analyst/SKILL.md CHANGED Viewed

@@ -1,8 +1,7 @@
 ---
 name: riligar-business-startup-analyst
-description: Generate comprehensive investor-ready business case document with
-    market, solution, financials, and strategy
-allowed-tools: Read Write Edit Glob Grep Bash WebSearch WebFetch
+type: business
+description: Generate comprehensive investor-ready business case document with market, solution, financials, and strategy. Use when creating business cases for fundraising or strategic planning.
 ---
 # Business Case Generator

package/.agent/skills/riligar-business-startup-financial/SKILL.md CHANGED Viewed

@@ -1,8 +1,7 @@
 ---
 name: riligar-business-startup-financial
-description: Create detailed 3-5 year financial model with revenue, costs, cash
-    flow, and scenarios
-allowed-tools: Read Write Edit Glob Grep Bash WebSearch WebFetch
+type: business
+description: Create detailed 3-5 year financial model with revenue, costs, cash flow, and scenarios. Use when building financial projections for startups or fundraising.
 ---
 # Financial Projections

package/.agent/skills/riligar-business-startup-market/SKILL.md CHANGED Viewed

@@ -1,8 +1,7 @@
 ---
 name: riligar-business-startup-market
-description: Generate comprehensive market opportunity analysis with TAM/SAM/SOM
-    calculations
-allowed-tools: Read Write Edit Glob Grep Bash WebSearch WebFetch
+type: business
+description: Generate comprehensive market opportunity analysis with TAM/SAM/SOM calculations. Use when analyzing market size and opportunity for startups.
 ---
 # Market Opportunity Analysis

package/.agent/skills/riligar-design-system/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-design-system
+type: design
 description: Especialista no Sistema Visual da RiLiGar. Use para: (1) Criação de interfaces web e mobile (Light/Dark Mode), (2) Implementação de componentes UI (Mantine Only), (3) Garantir estética minimalista "Content-First", (4) Aplicar tokens de design via Mantine Theme.
-license: Apache-2.0
 ---
 # RiLiGar Design System Expert

package/.agent/skills/riligar-dev-architecture/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-dev-architecture
+type: development
 description: Architectural decision-making framework. Requirements analysis, trade-off evaluation, ADR documentation. Use when making architecture decisions or analyzing system design.
-allowed-tools: Read, Glob, Grep
 ---
 # Architecture Decision Framework

package/.agent/skills/riligar-dev-auth-elysia/SKILL.md ADDED Viewed

@@ -0,0 +1,80 @@
+---
+name: riligar-dev-auth-elysia
+type: development
+description: 'Comprehensive guide for integrating the Riligar Auth Elysia SDK into backend servers. Use when a user needs to: (1) Set up a backend auth plugin, (2) Configure Elysia with Riligar Secret Key, (3) Protect API routes or groups, (4) Access authenticated user data in handlers, (5) Perform manual JWT verification.'
+---
+# Riligar Auth Elysia Skill
+This skill provides a backend workflow for integrating authentication and permissions using the `@riligar/auth-elysia` SDK.
+## Core Integration Workflow
+### 1. Installation
+Install the backend SDK:
+```bash
+npm install @riligar/auth-elysia
+```
+### 2. Environment Variables
+Set up your Secret Key and URLs in your `.env` file.
+> [!CAUTION]
+> Backend integration requires the **Secret Key** (`sk_...`). Never share this key or include it in client-side code.
+```bash
+# .env
+AUTH_API_URL=https://manager.myauth.click
+AUTH_API_SECRET=sk_live_your_secret_key
+AUTH_JWKS_URL=https://manager.myauth.click/.well-known/jwks.json
+```
+### 3. Plugin Registration
+Add the `authPlugin` to your Elysia instance.
+```typescript
+import { Elysia } from 'elysia'
+import { authPlugin } from '@riligar/auth-elysia'
+const app = new Elysia()
+    .use(
+        authPlugin({
+            apiUrl: process.env.AUTH_API_URL,
+            apiKey: process.env.AUTH_API_SECRET,
+            jwksUrl: process.env.AUTH_JWKS_URL,
+        })
+    )
+    .listen(3000)
+```
+For more patterns, see [server-snippets.ts](assets/server-snippets.ts).
+## Specialized Guides
+- **Context & User Data**: Documentation for `ctx.auth` and `ctx.user`. See [context-and-user.md](references/context-and-user.md).
+- **Route Protection**: How to implement `requireAuth` middleware and guard route groups. See [route-protection.md](references/route-protection.md).
+- **Manual Verification**: Using `verifyToken` for custom JWT handling. See [manual-verification.md](references/manual-verification.md).
+## Common Tasks
+### Protecting a Route Group
+Use `onBeforeHandle` to secure multiple endpoints efficiently.
+```typescript
+app.group('/api/v1', app => app.onBeforeHandle(requireAuth).get('/data', () => ({ ok: true })))
+```
+### Accessing User Profile
+Access the decoded user data directly from the context.
+```typescript
+app.get('/profile', ({ user }) => {
+    return { id: user.id, email: user.email }
+})
+```

package/.agent/skills/riligar-dev-auth-elysia/assets/server-snippets.ts ADDED Viewed

@@ -0,0 +1,45 @@
+// Server Snippets for Elysia
+// 1. Core Server with Auth Plugin
+export const fullServerSetup = `
+import { Elysia } from 'elysia'
+import { authPlugin } from '@riligar/auth-elysia'
+const app = new Elysia()
+    .use(authPlugin({
+        apiUrl: process.env.AUTH_API_URL,   // https://manager.myauth.click
+        apiKey: process.env.AUTH_API_SECRET, // sk_live_...
+        jwksUrl: process.env.AUTH_JWKS_URL, // .well-known/jwks.json
+    }))
+    .get('/public', () => 'Hello World')
+    .get('/private', ({ auth, user }) => {
+        if (!auth.isAuthenticated) return 'Unauthorized'
+        return \`Hello \${user.name}\`
+    })
+    .listen(3000)
+`
+// 2. Auth Middleware
+export const middlewareSnippet = `
+export const requireAuth = ({ auth, set }) => {
+    if (!auth.isAuthenticated) {
+        set.status = 401
+        return { error: 'Unauthorized' }
+    }
+}
+// Usage: app.get('/protected', requireAuth, () => 'Secret Area')
+`
+// 3. User Data access
+export const userAccessSnippet = `
+app.get('/me', ({ auth, user }) => {
+    if (!auth.isAuthenticated) return { error: 'Not logged in' }
+    return {
+        id: user.id,
+        email: user.email,
+        verified: user.emailVerified
+    }
+})
+`

package/.agent/skills/riligar-dev-auth-elysia/references/context-and-user.md ADDED Viewed

@@ -0,0 +1,26 @@
+# Auth Context and User Object
+The `@riligar/auth-elysia` plugin decorates the Elysia context with `auth` and `user` objects.
+## Auth Object (`ctx.auth`)
+Provides metadata about the current request's authentication state.
+| Property               | Type               | Description                                      |
+| :--------------------- | :----------------- | :----------------------------------------------- |
+| `auth.isAuthenticated` | `boolean`          | `true` if a valid JWT was found and verified.    |
+| `auth.token`           | `string \| null`   | The raw JWT token from the Authorization header. |
+| `auth.error`           | `string \| null`   | Error message if verification failed.            |
+| `auth.verify()`        | `Promise<boolean>` | Manually triggers token verification.            |
+## User Object (`ctx.user`)
+Contains the decoded payload from the JWT. Only populated if `isAuthenticated` is `true`.
+| Property             | Type      | Description                                       |
+| :------------------- | :-------- | :------------------------------------------------ |
+| `user.id`            | `string`  | Unique identifier of the user (from `sub` claim). |
+| `user.email`         | `string`  | User's email address.                             |
+| `user.name`          | `string`  | User's display name.                              |
+| `user.emailVerified` | `boolean` | Whether the user's email has been verified.       |
+| `user.metadata`      | `object`  | Custom metadata associated with the user account. |

package/.agent/skills/riligar-dev-auth-elysia/references/manual-verification.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Manual Token Verification
+In some cases, you may need to verify a JWT manually outside of the standard `authPlugin` context (e.g., in a background job, cron, or a custom WebSocket handler).
+## Using `verifyToken`
+The SDK exports a `verifyToken` function that handles the full JWKS verification flow.
+```typescript
+import { verifyToken } from '@riligar/auth-elysia'
+async function customHandler(token: string) {
+    try {
+        const payload = await verifyToken(token, {
+            jwksUrl: process.env.AUTH_JWKS_URL,
+            // optional: issuer, audience verification
+        })
+        console.log('Valid user:', payload.sub)
+        return payload
+    } catch (error) {
+        console.error('Verification failed:', error.message)
+        throw new Error('Unauthorized')
+    }
+}
+```
+## JWKS Caching
+The `verifyToken` function automatically caches the JWKS keys to avoid unnecessary network requests. If you need to force a refresh (e.g., after a key rotation), use `refreshJwks`:
+```typescript
+import { refreshJwks } from '@riligar/auth-elysia'
+await refreshJwks(process.env.AUTH_JWKS_URL)
+```

package/.agent/skills/riligar-dev-auth-elysia/references/route-protection.md ADDED Viewed

@@ -0,0 +1,52 @@
+# Route Protection and Middleware
+Effective patterns for securing your Elysia API routes.
+## Recommended Middleware Pattern
+Create a reusable `requireAuth` helper to enforce authentication on specific endpoints.
+```typescript
+const requireAuth = ({ auth, set }) => {
+    if (!auth.isAuthenticated) {
+        set.status = 401
+        return { error: 'Unauthorized: Missing or invalid token' }
+    }
+}
+```
+## Applying Protection
+### To a single route
+```typescript
+app.get('/me', requireAuth, ({ user }) => {
+    return { name: user.name }
+})
+```
+### To a group of routes
+Use `onBeforeHandle` to protect an entire API section.
+```typescript
+app.group('/api/admin', app =>
+    app
+        .onBeforeHandle(requireAuth)
+        .get('/dashboard', () => ({ stats: '...' }))
+        .post('/settings', () => ({ saved: true }))
+)
+```
+## Permission-Based access (RBAC)
+You can extend the middleware to check for specific roles or permissions.
+```typescript
+const requireAdmin = ({ auth, user, set }) => {
+    if (!auth.isAuthenticated || user.role !== 'admin') {
+        set.status = 403
+        return { error: 'Forbidden' }
+    }
+}
+```

package/.agent/skills/riligar-dev-auth-react/SKILL.md ADDED Viewed

@@ -0,0 +1,86 @@
+---
+name: riligar-dev-auth-react
+type: development
+description: 'Comprehensive guide for integrating the Riligar Auth React SDK into web applications. Use when a user needs to: (1) Set up authentication from scratch, (2) Configure AuthProvider, (3) Implement route protection, (4) Use auth hooks or pre-built UI components, (5) Handle login/signup/profile/magic links in React.'
+---
+# Riligar Auth React Skill
+This skill provides a complete workflow for integrating authentication and permissions using the `@riligar/auth-react` SDK.
+## Core Integration Workflow
+### 1. Installation
+Install the SDK using bun (preferred) or npm:
+```bash
+bun add @riligar/auth-react
+```
+### 2. Environment Variables
+Set up your Public Key in your `.env.local` file.
+> [!IMPORTANT]
+> Always use the **Public Key** (`pk_...`) in the frontend. Never expose your Secret Key.
+```bash
+# .env.local
+VITE_AUTH_API_KEY=pk_live_your_public_key
+```
+### 3. AuthProvider Setup
+Wrap your application (usually in `main.jsx` or `App.jsx`) with the `AuthProvider`.
+```jsx
+import { AuthProvider } from '@riligar/auth-react'
+ReactDOM.createRoot(document.getElementById('root')).render(
+    <AuthProvider apiKey={import.meta.env.VITE_AUTH_API_KEY}>
+        <App />
+    </AuthProvider>
+)
+```
+For more setup patterns, see [setup-snippets.js](assets/setup-snippets.js).
+## Specialized Guides
+- **Hooks & UI Components**: Comprehensive list of `useAuth`, `useSignIn`, and pre-built Mantine components. See [hooks-and-components.md](references/hooks-and-components.md).
+- **Route Protection**: How to use `<Protect />`, `<SignedIn>`, and active route guards. See [route-protection.md](references/route-protection.md).
+- **Core Concepts**: Understanding B2C/B2B models and API key security. See [concepts.md](references/concepts.md).
+## Common Tasks
+### Checking Auth State
+Use `useAuth()` to access user data and authentication status.
+```jsx
+const { user, isAuthenticated, loading } = useAuth()
+```
+### Adding a Login Form
+Simply drop the `<SignIn />` component. Use `variant="modal"` if you want it in a popup.
+```jsx
+<SignIn />
+// or
+<SignIn variant="modal" opened={isOpen} onClose={() => setIsOpen(false)} />
+```
+### Protecting a Dashboard
+Wrap your sub-routes with `<Protect />`.
+```jsx
+<Route element={<Protect redirectTo="/login" />}>
+    <Route
+        path="/dashboard"
+        element={<Dashboard />}
+    />
+</Route>
+```

package/.agent/skills/riligar-dev-auth-react/assets/setup-snippets.js ADDED Viewed

@@ -0,0 +1,52 @@
+// Setup Snippets
+// 1. main.jsx / index.jsx setup
+export const authProviderSetup = `
+import { AuthProvider } from '@riligar/auth-react';
+ReactDOM.createRoot(document.getElementById('root')).render(
+  <React.StrictMode>
+    <AuthProvider apiKey={import.meta.env.VITE_AUTH_API_KEY}>
+      <App />
+    </AuthProvider>
+  </React.StrictMode>
+);
+`
+// 2. Protected Routes setup
+export const protectedRoutesSnippet = `
+import { Protect, SignIn } from '@riligar/auth-react';
+import { BrowserRouter, Routes, Route } from 'react-router-dom';
+function AppRoutes() {
+  return (
+    <BrowserRouter>
+      <Routes>
+        <Route path="/signin" element={<SignIn />} />
+        <Route element={<Protect redirectTo="/signin" />}>
+          <Route path="/" element={<Dashboard />} />
+          <Route path="/profile" element={<Profile />} />
+        </Route>
+      </Routes>
+    </BrowserRouter>
+  );
+}
+`
+// 3. User State hook
+export const useAuthExample = `
+import { useAuth } from '@riligar/auth-react';
+function UserButton() {
+  const { user, isAuthenticated, signOut } = useAuth();
+  if (!isAuthenticated) return null;
+  return (
+    <button onClick={signOut}>
+      Log out {user.name}
+    </button>
+  );
+}
+`

package/.agent/skills/riligar-dev-auth-react/references/concepts.md ADDED Viewed

@@ -0,0 +1,24 @@
+# Concepts and Security
+## Access Models
+Riligar Auth supports two primary access models:
+- **B2C (Business-to-Consumer)**: Individual users access the application directly. Ideal for public-facing apps, e-commerce, and courses.
+- **B2B (Business-to-Business)**: Users belong to organizations or teams. Multi-tenancy is handled at the core level. Ideal for SaaS and team tools.
+## API Keys
+Security is based on key pairs:
+| Key Type       | Prefix   | Environment | Note                                                 |
+| :------------- | :------- | :---------- | :--------------------------------------------------- |
+| **Public Key** | `pk_...` | Frontend    | Safe to expose in the browser.                       |
+| **Secret Key** | `sk_...` | Backend     | **NEVER** expose in the browser or client-side code. |
+## Security Features
+- **JWT Tokens**: Signed and verifiable locally via JWKS.
+- **Zero-Trust**: No credentials stored on your application server.
+- **Protection**: Native rate-limiting and brute-force protection.
+- **Offline Verification**: Public JWKS endpoint allows backend verification without calling the Auth API on every request.

package/.agent/skills/riligar-dev-auth-react/references/hooks-and-components.md ADDED Viewed

@@ -0,0 +1,39 @@
+# Hooks and Components
+## Hooks
+All hooks provide access to authentication state and actions.
+| Hook                 | Description                                                                                        |
+| :------------------- | :------------------------------------------------------------------------------------------------- |
+| `useAuth()`          | Main state: `user`, `isAuthenticated`, `loading`, `error`                                          |
+| `useSignIn()`        | Function: `signIn(email, password)`                                                                |
+| `useSignUp()`        | Function: `signUp(email, password, name)`                                                          |
+| `useSignOut()`       | Function: `signOut()`                                                                              |
+| `useMagicLink()`     | Functions: `sendMagicLink(email)`, `verifyMagicLink(token)`                                        |
+| `usePasswordReset()` | Functions: `forgotPassword(email)`, `resetPassword(token, newPass)`                                |
+| `useUser()`          | Access to `user` object and update methods: `updateProfile()`, `changePassword()`, `changeEmail()` |
+## UI Components
+Pre-built components using the Riligar Design System (Mantine-based).
+| Component               | Description                             | Variants        |
+| :---------------------- | :-------------------------------------- | :-------------- |
+| `<SignIn />`            | Full login form                         | `card`, `modal` |
+| `<SignUp />`            | Registration form                       | `card`, `modal` |
+| `<MagicLink />`         | Magic link request form                 | `card`, `modal` |
+| `<MagicLinkCallback />` | Verification handler (no UI)            | -               |
+| `<ForgotPassword />`    | Password reset request                  | `card`, `modal` |
+| `<ResetPassword />`     | New password setter                     | -               |
+| `<VerifyEmail />`       | Email verification handler              | -               |
+| `<UserProfile />`       | Profile, password, and email management | `card`, `modal` |
+### Variant Props (for Card/Modal)
+| Prop         | Type                | Default  | Description                             |
+| :----------- | :------------------ | :------- | :-------------------------------------- |
+| `variant`    | `'card' \| 'modal'` | `'card'` | Rendering mode.                         |
+| `opened`     | `boolean`           | -        | Visibility for `modal` variant.         |
+| `onClose`    | `function`          | -        | Callback when closing the modal.        |
+| `modalProps` | `object`            | `{}`     | Extra props for the underlying `Modal`. |

package/.agent/skills/riligar-dev-auth-react/references/route-protection.md ADDED Viewed

@@ -0,0 +1,63 @@
+# Route Protection
+## Components
+Use these components to control access to specific parts of your application.
+| Component       | Description                                          |
+| :-------------- | :--------------------------------------------------- |
+| `<Protect />`   | Route guard wrapper for React Router.                |
+| `<SignedIn>`    | Renders children only if user is authenticated.      |
+| `<SignedOut>`   | Renders children only if user is NOT authenticated.  |
+| `<AuthLoading>` | Renders children only while checking authentication. |
+## Usage Patterns
+### Protecting Routes (React Router)
+```jsx
+import { Protect, SignIn } from '@riligar/auth-react'
+import { Routes, Route } from 'react-router-dom'
+;<Routes>
+    <Route
+        path="/login"
+        element={<SignIn />}
+    />
+    <Route element={<Protect redirectTo="/login" />}>
+        <Route
+            path="/dashboard"
+            element={<Dashboard />}
+        />
+        <Route
+            path="/settings"
+            element={<Settings />}
+        />
+    </Route>
+</Routes>
+```
+### Conditional UI Elements
+```jsx
+import { SignedIn, SignedOut, AuthLoading } from '@riligar/auth-react'
+function Header() {
+    return (
+        <header>
+            <AuthLoading>
+                <Spinner />
+            </AuthLoading>
+            <SignedIn>
+                <UserMenu />
+            </SignedIn>
+            <SignedOut>
+                <LoginButton />
+            </SignedOut>
+        </header>
+    )
+}
+```

package/.agent/skills/riligar-dev-autopilot/SKILL.md CHANGED Viewed

@@ -1,10 +1,7 @@
 ---
 name: riligar-dev-autopilot
-description: Automação do ciclo de vida de desenvolvimento: Validação com Bun, Auto-correção, Commit Semântico e Deploy.
-license: Apache-2.0
-metadata:
-    author: riligar
-    version: '1.0'
+type: development
+description: Automação do ciclo de vida de desenvolvimento. Validação com Bun, Auto-correção, Commit Semântico e Deploy. Use para garantir código funcional e entregue em produção.
 ---
 # RiLiGar Dev-Autopilot Expert

package/.agent/skills/riligar-dev-backend/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-name: riligar-dev-api
-description: API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
-allowed-tools: Read, Write, Edit, Glob, Grep
+name: riligar-dev-backend
+type: development
+description: API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination. Use when designing APIs or backend services.
 ---
 # API Patterns

package/.agent/skills/riligar-dev-clean-code/SKILL.md CHANGED Viewed

@@ -1,9 +1,7 @@
 ---
 name: riligar-dev-clean-code
-description: Pragmatic coding standards - concise, direct, no over-engineering, no unnecessary comments (RiLiGar Standard)
-allowed-tools: Read, Write, Edit
-version: 2.1
-priority: CRITICAL
+type: development
+description: Pragmatic coding standards - concise, direct, no over-engineering, no unnecessary comments. CRITICAL skill that defines RiLiGar coding standards. Use when writing or reviewing any code.
 ---
 # Clean Code - Pragmatic AI Coding Standards (RiLiGar)

package/.agent/skills/riligar-dev-code-review/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-dev-code-review
-description: Code review guidelines covering code quality, security, and best practices.
-allowed-tools: Read, Glob, Grep
+type: development
+description: Code review guidelines covering code quality, security, and best practices. Use when reviewing code or creating review checklists.
 ---
 # Code Review Checklist

package/.agent/skills/riligar-dev-database/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-dev-database
-description: Database design principles and decision-making. Schema design, indexing strategy, ORM selection, serverless databases.
-allowed-tools: Read, Write, Edit, Glob, Grep
+type: development
+description: Database design principles and decision-making. Schema design, indexing strategy, ORM selection, serverless databases. Use when designing schemas or optimizing database performance.
 ---
 # Database Design

package/.agent/skills/riligar-dev-frontend/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-name: riligar-dev-react
-description: Modern React patterns and principles. Hooks, composition, performance, TypeScript best practices.
-allowed-tools: Read, Write, Edit, Glob, Grep
+name: riligar-dev-frontend
+type: development
+description: Modern React patterns and principles. Hooks, composition, performance, and JavaScript best practices. Use when building React components, managing state, or implementing UI patterns.
 ---
 # React Patterns

package/.agent/skills/riligar-dev-landing-page/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-dev-landing-page
+type: development
 description: Specialist in High-Conversion Landing Pages using RiLiGar Design System. Use for: (1) Creating marketing/sales pages, (2) Structuring conversion flows (AIDA/PAS), (3) Implementing high-trust components (Hero, Social Proof, Pricing), (4) Writing persuasive copy.
-license: Apache-2.0
 ---
 # RiLiGar Landing Page Architect

package/.agent/skills/riligar-dev-seo/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-dev-seo
-description: Implementação de infraestrutura de SEO técnico seguindo a stack RiLiGar (React, Vite, Bun, Elysia). Use esta skill para configurar sitemaps, robots.txt, meta tags, OpenGraph, dados estruturados (JSON-LD) e URLs canônicas em projetos JavaScript.
-allowed-tools: Read, Glob, Grep, Write, Edit, Bash, WebSearch
+type: development
+description: Implementação de infraestrutura de SEO técnico seguindo a stack RiLiGar (React, Vite, Bun, Elysia). Use para configurar sitemaps, robots.txt, meta tags, OpenGraph, dados estruturados (JSON-LD) e URLs canônicas.
 ---
 # SEO Técnico (RiLiGar Tech Stack)

package/.agent/skills/riligar-dev-stripe/SKILL.md ADDED Viewed

@@ -0,0 +1,152 @@
+---
+name: riligar-dev-stripe
+type: development
+description: Stripe payment integration patterns. Use when implementing payments, subscriptions, webhooks, checkout flows, or billing in Elysia/Bun applications.
+---
+# Stripe Integration Patterns
+> Patterns for integrating Stripe payments in RiLiGar applications.
+---
+## Mandatory Guidelines
+> [!IMPORTANT]
+> All work in this skill MUST adhere to:
+>
+> - @[.agent/skills/riligar-dev-backend] (API Standards)
+> - @[.agent/skills/riligar-dev-clean-code] (Clean Code Standards)
+---
+## 1. Core Concepts
+| Concept | Description |
+| --- | --- |
+| **Customer** | User identity in Stripe |
+| **Product** | What you're selling |
+| **Price** | How much and billing cycle |
+| **Subscription** | Recurring payment |
+| **PaymentIntent** | One-time payment |
+| **Webhook** | Event notifications |
+---
+## 2. Environment Setup
+```bash
+# .env
+STRIPE_SECRET_KEY=sk_live_...
+STRIPE_WEBHOOK_SECRET=whsec_...
+STRIPE_PUBLISHABLE_KEY=pk_live_...
+```
+> [!IMPORTANT]
+> Never expose `STRIPE_SECRET_KEY` in frontend code.
+---
+## 3. Server-Side Patterns (Elysia)
+### Initialize Stripe
+```javascript
+import Stripe from 'stripe'
+const stripe = new Stripe(process.env.STRIPE_SECRET_KEY)
+```
+### Create Checkout Session
+```javascript
+const session = await stripe.checkout.sessions.create({
+    mode: 'subscription',
+    customer_email: user.email,
+    line_items: [{ price: priceId, quantity: 1 }],
+    success_url: `${baseUrl}/success?session_id={CHECKOUT_SESSION_ID}`,
+    cancel_url: `${baseUrl}/cancel`,
+})
+```
+### Webhook Handler
+```javascript
+app.post('/webhook/stripe', async ({ request, set }) => {
+    const sig = request.headers.get('stripe-signature')
+    const body = await request.text()
+    const event = stripe.webhooks.constructEvent(
+        body,
+        sig,
+        process.env.STRIPE_WEBHOOK_SECRET
+    )
+    switch (event.type) {
+        case 'checkout.session.completed':
+            await handleCheckoutComplete(event.data.object)
+            break
+        case 'customer.subscription.updated':
+            await handleSubscriptionUpdate(event.data.object)
+            break
+        case 'customer.subscription.deleted':
+            await handleSubscriptionCancel(event.data.object)
+            break
+    }
+    return { received: true }
+})
+```
+---
+## 4. Essential Webhooks
+| Event | When to Handle |
+| --- | --- |
+| `checkout.session.completed` | Provision access after payment |
+| `customer.subscription.updated` | Plan changes, renewals |
+| `customer.subscription.deleted` | Cancellation |
+| `invoice.payment_failed` | Payment issues |
+| `invoice.paid` | Successful recurring payment |
+---
+## 5. Customer Portal
+```javascript
+const portalSession = await stripe.billingPortal.sessions.create({
+    customer: customerId,
+    return_url: `${baseUrl}/account`,
+})
+```
+---
+## 6. Security Checklist
+- [ ] Verify webhook signatures
+- [ ] Use idempotency keys for retries
+- [ ] Store customer ID in database
+- [ ] Handle edge cases (expired cards, disputes)
+- [ ] Test with Stripe CLI locally
+---
+## 7. Testing
+```bash
+# Install Stripe CLI
+brew install stripe/stripe-cli/stripe
+# Forward webhooks to local server
+stripe listen --forward-to localhost:3000/webhook/stripe
+```
+---
+## Related Skills
+- @[.agent/skills/riligar-dev-backend]
+- @[.agent/skills/riligar-dev-auth-elysia]
+- @[.agent/skills/riligar-tech-stack]

package/.agent/skills/riligar-infrastructure/SKILL.md CHANGED Viewed

@@ -1,10 +1,7 @@
 ---
 name: riligar-infrastructure
+type: infrastructure
 description: Especialista em Infraestrutura da RiLiGar. Use para configurar deployments no Fly.io, DNS e proxying no Cloudflare, e garantir padrões de infraestrutura e deployment.
-license: Apache-2.0
-metadata:
-    author: riligar
-    version: '1.0'
 ---
 # RiLiGar Infrastructure Expert

package/.agent/skills/riligar-marketing-copy/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-marketing-copy
-description: Generate compelling marketing copy using the Elevated Direct Response framework. Use this skill when creating landing pages, headlines, email campaigns, ad copy, CTAs, value propositions, or any persuasive marketing content. Applies contrarian educator tone and direct response principles.
-allowed-tools: Read, Glob, Grep, Write, Edit
+type: marketing
+description: Generate compelling marketing copy using the Elevated Direct Response framework. Use when creating landing pages, headlines, email campaigns, ad copy, CTAs, value propositions, or any persuasive marketing content.
 ---
 # Elevated Direct Response Copywriter

package/.agent/skills/riligar-marketing-email/SKILL.md CHANGED Viewed

@@ -1,6 +1,7 @@
 ---
-name: email-sequence
-description: When the user wants to create or optimize an email sequence, drip campaign, automated email flow, or lifecycle email program. Also use when the user mentions "email sequence," "drip campaign," "nurture sequence," "onboarding emails," "welcome sequence," "re-engagement emails," "email automation," or "lifecycle emails." For in-app onboarding, see onboarding-cro.
+name: riligar-marketing-email
+type: marketing
+description: Email sequence design and optimization. Use when creating drip campaigns, automated flows, nurture sequences, onboarding emails, welcome sequences, re-engagement emails, or lifecycle email programs.
 ---
 # Email Sequence Design

package/.agent/skills/riligar-marketing-seo/SKILL.md CHANGED Viewed

@@ -1,12 +1,7 @@
 ---
 name: riligar-marketing-seo
-description: >
-    Design and evaluate programmatic SEO strategies for creating SEO-driven pages
-    at scale using templates and structured data. Use when the user mentions
-    programmatic SEO, pages at scale, template pages, directory pages, location pages,
-    comparison pages, integration pages, or keyword-pattern page generation.
-    This skill focuses on feasibility, strategy, and page system design—not execution
-    unless explicitly requested.
+type: marketing
+description: Design and evaluate programmatic SEO strategies for creating SEO-driven pages at scale. Use when working with programmatic SEO, template pages, directory pages, location pages, or keyword-pattern page generation.
 ---
 ---

package/.agent/skills/riligar-plan-writing/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: riligar-plan-writing
+type: development
 description: Structured task planning with clear breakdowns, dependencies, and verification criteria. Use when implementing features, refactoring, or any multi-step work.
-allowed-tools: Read, Glob, Grep
 ---
 # Plan Writing

package/.agent/skills/riligar-tech-stack/SKILL.md CHANGED Viewed

@@ -1,10 +1,7 @@
 ---
 name: riligar-tech-stack
+type: development
 description: Especialista na Tech Stack da RiLiGar. Use para criar projetos React/Vite, componentes com Mantine, APIs Bun/Elysia, e garantir padrões de código e estrutura de projetos.
-license: Apache-2.0
-metadata:
-    author: riligar
-    version: '1.0'
 ---
 # RiLiGar Tech Stack Expert

package/.agent/skills/skill-creator/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: skill-creator
-description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
-license: Complete terms in LICENSE.txt
+type: meta
+description: Guide for creating effective skills. Use when creating a new skill or updating an existing skill that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
 ---
 # Skill Creator
@@ -53,6 +53,7 @@ skill-name/
 ├── SKILL.md (required)
 │   ├── YAML frontmatter metadata (required)
 │   │   ├── name: (required)
+│   │   ├── type: (required)
 │   │   └── description: (required)
 │   └── Markdown instructions (required)
 └── Bundled Resources (optional)
@@ -61,11 +62,30 @@ skill-name/
     └── assets/           - Files used in output (templates, icons, fonts, etc.)
 ```
+### Skill Types (Taxonomy)
+Every skill must have a `type` field that categorizes it. This enables organization, filtering, and discovery.
+| Type | Description | Naming Pattern |
+| --- | --- | --- |
+| `development` | Software development skills (frontend, backend, database, architecture, auth, testing) | `riligar-dev-*` |
+| `design` | UI/UX and visual design skills | `riligar-design-*` |
+| `marketing` | Copywriting, email, SEO, and content marketing | `riligar-marketing-*` |
+| `business` | Business analysis, financial modeling, market research | `riligar-business-*` |
+| `infrastructure` | Deployment, DNS, hosting, DevOps | `riligar-infrastructure` |
+| `meta` | Skills about skills (this skill) | `skill-creator` |
+**Naming Convention:**
+- Directory name MUST match the `name` field in frontmatter
+- Use pattern: `riligar-{type}-{specific-name}`
+- Examples: `riligar-dev-frontend`, `riligar-marketing-copy`, `riligar-business-startup-analyst`
 #### SKILL.md (required)
 Every SKILL.md consists of:
-- **Frontmatter** (YAML): Contains `name` and `description` fields. These are the only fields that Claude reads to determine when the skill gets used, thus it is very important to be clear and comprehensive in describing what the skill is, and when it should be used.
+- **Frontmatter** (YAML): Contains `name`, `type`, and `description` fields. These are the only fields that Claude reads to determine when the skill gets used, thus it is very important to be clear and comprehensive in describing what the skill is, and when it should be used.
 - **Body** (Markdown): Instructions and guidance for using the skill. Only loaded AFTER the skill triggers (if at all).
 #### Bundled Resources (optional)
@@ -303,15 +323,26 @@ Any example files and directories not needed for the skill should be deleted. Th
 ##### Frontmatter
-Write the YAML frontmatter with `name` and `description`:
+Write the YAML frontmatter with `name`, `type`, and `description`:
-- `name`: The skill name
+- `name`: The skill name (must match directory name)
+- `type`: The skill category (see Skill Types taxonomy above)
 - `description`: This is the primary triggering mechanism for your skill, and helps Claude understand when to use the skill.
   - Include both what the Skill does and specific triggers/contexts for when to use it.
   - Include all "when to use" information here - Not in the body. The body is only loaded after triggering, so "When to Use This Skill" sections in the body are not helpful to Claude.
   - Example description for a `docx` skill: "Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. Use when Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks"
-Do not include any other fields in YAML frontmatter.
+**Example frontmatter:**
+```yaml
+---
+name: riligar-dev-example
+type: development
+description: Brief description of what the skill does. Use when [specific triggers].
+---
+```
+Do not include any other fields in YAML frontmatter (no `allowed-tools`, `license`, `metadata`, `version`, etc.).
 ##### Body

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@riligar/agents-kit",
-    "version": "1.7.0",
+    "version": "1.9.0",
     "publishConfig": {
         "access": "public"
     },