@ruaruababa/vibe-kit 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (462) hide show
  1. package/CATALOG.md +317 -0
  2. package/README.md +121 -0
  3. package/aliases.json +65 -0
  4. package/bin/vibe.js +2 -0
  5. package/bundles.json +265 -0
  6. package/catalog.json +1560 -0
  7. package/dist/antigravity-skills/bin/cli.js +438 -0
  8. package/dist/antigravity-skills/lib/skill-utils.js +158 -0
  9. package/dist/antigravity-skills/scripts/build-catalog.js +305 -0
  10. package/dist/antigravity-skills/scripts/normalize-frontmatter.js +144 -0
  11. package/dist/antigravity-skills/scripts/validate-skills.js +230 -0
  12. package/dist/bin/vibe.js +2 -0
  13. package/dist/dist/src/cli/index.js +26 -0
  14. package/dist/lib/skill-utils.js +158 -0
  15. package/dist/scripts/build-catalog.js +50 -0
  16. package/dist/scripts/normalize-frontmatter.js +144 -0
  17. package/dist/scripts/validate-skills.js +56 -0
  18. package/dist/src/cli/index.js +146 -0
  19. package/dist/src/types/index.js +13 -0
  20. package/dist/src/utils/fs.js +1 -0
  21. package/package.json +43 -0
  22. package/skills/accessibility-compliance-accessibility-audit/SKILL.md +42 -0
  23. package/skills/accessibility-compliance-accessibility-audit/resources/implementation-playbook.md +502 -0
  24. package/skills/agent-orchestration-improve-agent/SKILL.md +349 -0
  25. package/skills/agent-orchestration-multi-agent-optimize/SKILL.md +239 -0
  26. package/skills/agent-orchestrator/SKILL.md +24 -0
  27. package/skills/ai-engineer/SKILL.md +171 -0
  28. package/skills/airflow-dag-patterns/SKILL.md +41 -0
  29. package/skills/airflow-dag-patterns/resources/implementation-playbook.md +509 -0
  30. package/skills/angular-migration/SKILL.md +428 -0
  31. package/skills/anti-reversing-techniques/SKILL.md +42 -0
  32. package/skills/anti-reversing-techniques/resources/implementation-playbook.md +539 -0
  33. package/skills/api-design-principles/SKILL.md +37 -0
  34. package/skills/api-design-principles/assets/api-design-checklist.md +155 -0
  35. package/skills/api-design-principles/assets/rest-api-template.py +182 -0
  36. package/skills/api-design-principles/references/graphql-schema-design.md +583 -0
  37. package/skills/api-design-principles/references/rest-best-practices.md +408 -0
  38. package/skills/api-design-principles/resources/implementation-playbook.md +513 -0
  39. package/skills/api-documenter/SKILL.md +184 -0
  40. package/skills/api-testing-observability-api-mock/SKILL.md +46 -0
  41. package/skills/api-testing-observability-api-mock/resources/implementation-playbook.md +1327 -0
  42. package/skills/application-performance-performance-optimization/SKILL.md +154 -0
  43. package/skills/architect-review/SKILL.md +174 -0
  44. package/skills/architecture-decision-records/SKILL.md +441 -0
  45. package/skills/architecture-patterns/SKILL.md +37 -0
  46. package/skills/architecture-patterns/resources/implementation-playbook.md +479 -0
  47. package/skills/arm-cortex-expert/SKILL.md +306 -0
  48. package/skills/async-python-patterns/SKILL.md +39 -0
  49. package/skills/async-python-patterns/resources/implementation-playbook.md +678 -0
  50. package/skills/attack-tree-construction/SKILL.md +38 -0
  51. package/skills/attack-tree-construction/resources/implementation-playbook.md +671 -0
  52. package/skills/auth-implementation-patterns/SKILL.md +39 -0
  53. package/skills/auth-implementation-patterns/resources/implementation-playbook.md +618 -0
  54. package/skills/backend-architect/SKILL.md +333 -0
  55. package/skills/backend-development-feature-development/SKILL.md +180 -0
  56. package/skills/backend-security-coder/SKILL.md +156 -0
  57. package/skills/backtesting-frameworks/SKILL.md +39 -0
  58. package/skills/backtesting-frameworks/resources/implementation-playbook.md +647 -0
  59. package/skills/bash-defensive-patterns/SKILL.md +43 -0
  60. package/skills/bash-defensive-patterns/resources/implementation-playbook.md +517 -0
  61. package/skills/bash-pro/SKILL.md +310 -0
  62. package/skills/bats-testing-patterns/SKILL.md +34 -0
  63. package/skills/bats-testing-patterns/resources/implementation-playbook.md +614 -0
  64. package/skills/bazel-build-optimization/SKILL.md +397 -0
  65. package/skills/billing-automation/SKILL.md +42 -0
  66. package/skills/billing-automation/resources/implementation-playbook.md +544 -0
  67. package/skills/binary-analysis-patterns/SKILL.md +450 -0
  68. package/skills/blockchain-developer/SKILL.md +208 -0
  69. package/skills/business-analyst/SKILL.md +182 -0
  70. package/skills/c-pro/SKILL.md +56 -0
  71. package/skills/c4-architecture-c4-architecture/SKILL.md +389 -0
  72. package/skills/c4-code/SKILL.md +244 -0
  73. package/skills/c4-component/SKILL.md +153 -0
  74. package/skills/c4-container/SKILL.md +171 -0
  75. package/skills/c4-context/SKILL.md +150 -0
  76. package/skills/changelog-automation/SKILL.md +38 -0
  77. package/skills/changelog-automation/resources/implementation-playbook.md +538 -0
  78. package/skills/cicd-automation-workflow-automate/SKILL.md +51 -0
  79. package/skills/cicd-automation-workflow-automate/resources/implementation-playbook.md +1333 -0
  80. package/skills/clean-markdown/SKILL.md +23 -0
  81. package/skills/cloud-architect/SKILL.md +135 -0
  82. package/skills/code-documentation-code-explain/SKILL.md +46 -0
  83. package/skills/code-documentation-code-explain/resources/implementation-playbook.md +802 -0
  84. package/skills/code-documentation-doc-generate/SKILL.md +48 -0
  85. package/skills/code-documentation-doc-generate/resources/implementation-playbook.md +640 -0
  86. package/skills/code-refactoring-context-restore/SKILL.md +179 -0
  87. package/skills/code-refactoring-refactor-clean/SKILL.md +51 -0
  88. package/skills/code-refactoring-refactor-clean/resources/implementation-playbook.md +879 -0
  89. package/skills/code-refactoring-tech-debt/SKILL.md +386 -0
  90. package/skills/code-review-ai-ai-review/SKILL.md +450 -0
  91. package/skills/code-review-excellence/SKILL.md +40 -0
  92. package/skills/code-review-excellence/resources/implementation-playbook.md +515 -0
  93. package/skills/code-reviewer/SKILL.md +178 -0
  94. package/skills/codebase-cleanup-deps-audit/SKILL.md +51 -0
  95. package/skills/codebase-cleanup-deps-audit/resources/implementation-playbook.md +766 -0
  96. package/skills/codebase-cleanup-refactor-clean/SKILL.md +51 -0
  97. package/skills/codebase-cleanup-refactor-clean/resources/implementation-playbook.md +879 -0
  98. package/skills/codebase-cleanup-tech-debt/SKILL.md +386 -0
  99. package/skills/competitive-landscape/SKILL.md +34 -0
  100. package/skills/competitive-landscape/resources/implementation-playbook.md +494 -0
  101. package/skills/comprehensive-review-full-review/SKILL.md +146 -0
  102. package/skills/comprehensive-review-pr-enhance/SKILL.md +46 -0
  103. package/skills/comprehensive-review-pr-enhance/resources/implementation-playbook.md +691 -0
  104. package/skills/conductor-implement/SKILL.md +388 -0
  105. package/skills/conductor-manage/SKILL.md +39 -0
  106. package/skills/conductor-manage/resources/implementation-playbook.md +1120 -0
  107. package/skills/conductor-new-track/SKILL.md +433 -0
  108. package/skills/conductor-revert/SKILL.md +372 -0
  109. package/skills/conductor-setup/SKILL.md +426 -0
  110. package/skills/conductor-status/SKILL.md +338 -0
  111. package/skills/conductor-validator/SKILL.md +62 -0
  112. package/skills/content-marketer/SKILL.md +170 -0
  113. package/skills/context-driven-development/SKILL.md +400 -0
  114. package/skills/context-management-context-restore/SKILL.md +179 -0
  115. package/skills/context-management-context-save/SKILL.md +177 -0
  116. package/skills/context-manager/SKILL.md +185 -0
  117. package/skills/cost-optimization/SKILL.md +286 -0
  118. package/skills/cpp-pro/SKILL.md +59 -0
  119. package/skills/cqrs-implementation/SKILL.md +35 -0
  120. package/skills/cqrs-implementation/resources/implementation-playbook.md +540 -0
  121. package/skills/csharp-pro/SKILL.md +59 -0
  122. package/skills/customer-support/SKILL.md +170 -0
  123. package/skills/data-engineer/SKILL.md +224 -0
  124. package/skills/data-engineering-data-driven-feature/SKILL.md +182 -0
  125. package/skills/data-engineering-data-pipeline/SKILL.md +201 -0
  126. package/skills/data-quality-frameworks/SKILL.md +40 -0
  127. package/skills/data-quality-frameworks/resources/implementation-playbook.md +573 -0
  128. package/skills/data-scientist/SKILL.md +199 -0
  129. package/skills/data-storytelling/SKILL.md +465 -0
  130. package/skills/database-admin/SKILL.md +165 -0
  131. package/skills/database-architect/SKILL.md +268 -0
  132. package/skills/database-cloud-optimization-cost-optimize/SKILL.md +44 -0
  133. package/skills/database-cloud-optimization-cost-optimize/resources/implementation-playbook.md +1441 -0
  134. package/skills/database-migration/SKILL.md +436 -0
  135. package/skills/database-migrations-migration-observability/SKILL.md +420 -0
  136. package/skills/database-migrations-sql-migrations/SKILL.md +53 -0
  137. package/skills/database-migrations-sql-migrations/resources/implementation-playbook.md +499 -0
  138. package/skills/database-optimizer/SKILL.md +167 -0
  139. package/skills/dbt-transformation-patterns/SKILL.md +34 -0
  140. package/skills/dbt-transformation-patterns/resources/implementation-playbook.md +547 -0
  141. package/skills/debugger/SKILL.md +49 -0
  142. package/skills/debugging-strategies/SKILL.md +34 -0
  143. package/skills/debugging-strategies/resources/implementation-playbook.md +511 -0
  144. package/skills/debugging-toolkit-smart-debug/SKILL.md +197 -0
  145. package/skills/defi-protocol-templates/SKILL.md +466 -0
  146. package/skills/dependency-management-deps-audit/SKILL.md +44 -0
  147. package/skills/dependency-management-deps-audit/resources/implementation-playbook.md +766 -0
  148. package/skills/dependency-upgrade/SKILL.md +421 -0
  149. package/skills/deployment-engineer/SKILL.md +170 -0
  150. package/skills/deployment-pipeline-design/SKILL.md +371 -0
  151. package/skills/deployment-validation-config-validate/SKILL.md +496 -0
  152. package/skills/devops-troubleshooter/SKILL.md +161 -0
  153. package/skills/distributed-debugging-debug-trace/SKILL.md +44 -0
  154. package/skills/distributed-debugging-debug-trace/resources/implementation-playbook.md +1307 -0
  155. package/skills/distributed-tracing/SKILL.md +450 -0
  156. package/skills/django-pro/SKILL.md +180 -0
  157. package/skills/docs-architect/SKILL.md +98 -0
  158. package/skills/documentation-generation-doc-generate/SKILL.md +48 -0
  159. package/skills/documentation-generation-doc-generate/resources/implementation-playbook.md +640 -0
  160. package/skills/dotnet-architect/SKILL.md +197 -0
  161. package/skills/dotnet-backend-patterns/SKILL.md +37 -0
  162. package/skills/dotnet-backend-patterns/assets/repository-template.cs +523 -0
  163. package/skills/dotnet-backend-patterns/assets/service-template.cs +336 -0
  164. package/skills/dotnet-backend-patterns/references/dapper-patterns.md +544 -0
  165. package/skills/dotnet-backend-patterns/references/ef-core-best-practices.md +355 -0
  166. package/skills/dotnet-backend-patterns/resources/implementation-playbook.md +799 -0
  167. package/skills/dummy-skill/SKILL.md +5 -0
  168. package/skills/dx-optimizer/SKILL.md +83 -0
  169. package/skills/e2e-testing-patterns/SKILL.md +41 -0
  170. package/skills/e2e-testing-patterns/resources/implementation-playbook.md +531 -0
  171. package/skills/elixir-pro/SKILL.md +59 -0
  172. package/skills/embedding-strategies/SKILL.md +491 -0
  173. package/skills/employment-contract-templates/SKILL.md +39 -0
  174. package/skills/employment-contract-templates/resources/implementation-playbook.md +493 -0
  175. package/skills/error-debugging-error-analysis/SKILL.md +47 -0
  176. package/skills/error-debugging-error-analysis/resources/implementation-playbook.md +1143 -0
  177. package/skills/error-debugging-error-trace/SKILL.md +43 -0
  178. package/skills/error-debugging-error-trace/resources/implementation-playbook.md +1361 -0
  179. package/skills/error-debugging-multi-agent-review/SKILL.md +216 -0
  180. package/skills/error-detective/SKILL.md +53 -0
  181. package/skills/error-diagnostics-error-analysis/SKILL.md +47 -0
  182. package/skills/error-diagnostics-error-analysis/resources/implementation-playbook.md +1143 -0
  183. package/skills/error-diagnostics-error-trace/SKILL.md +48 -0
  184. package/skills/error-diagnostics-error-trace/resources/implementation-playbook.md +1371 -0
  185. package/skills/error-diagnostics-smart-debug/SKILL.md +197 -0
  186. package/skills/error-handling-patterns/SKILL.md +35 -0
  187. package/skills/error-handling-patterns/resources/implementation-playbook.md +635 -0
  188. package/skills/event-sourcing-architect/SKILL.md +58 -0
  189. package/skills/event-store-design/SKILL.md +449 -0
  190. package/skills/fastapi-pro/SKILL.md +192 -0
  191. package/skills/fastapi-templates/SKILL.md +32 -0
  192. package/skills/fastapi-templates/resources/implementation-playbook.md +566 -0
  193. package/skills/final-test/SKILL.md +5 -0
  194. package/skills/firmware-analyst/SKILL.md +320 -0
  195. package/skills/flutter-expert/SKILL.md +200 -0
  196. package/skills/framework-migration-code-migrate/SKILL.md +48 -0
  197. package/skills/framework-migration-code-migrate/resources/implementation-playbook.md +1052 -0
  198. package/skills/framework-migration-deps-upgrade/SKILL.md +48 -0
  199. package/skills/framework-migration-deps-upgrade/resources/implementation-playbook.md +755 -0
  200. package/skills/framework-migration-legacy-modernize/SKILL.md +132 -0
  201. package/skills/frontend-developer/SKILL.md +171 -0
  202. package/skills/frontend-mobile-development-component-scaffold/SKILL.md +403 -0
  203. package/skills/frontend-mobile-security-xss-scan/SKILL.md +322 -0
  204. package/skills/frontend-security-coder/SKILL.md +170 -0
  205. package/skills/full-stack-orchestration-full-stack-feature/SKILL.md +135 -0
  206. package/skills/gdpr-data-handling/SKILL.md +33 -0
  207. package/skills/gdpr-data-handling/resources/implementation-playbook.md +615 -0
  208. package/skills/git-advanced-workflows/SKILL.md +412 -0
  209. package/skills/git-pr-workflows-git-workflow/SKILL.md +140 -0
  210. package/skills/git-pr-workflows-onboard/SKILL.md +416 -0
  211. package/skills/git-pr-workflows-pr-enhance/SKILL.md +48 -0
  212. package/skills/git-pr-workflows-pr-enhance/resources/implementation-playbook.md +701 -0
  213. package/skills/github-actions-templates/SKILL.md +345 -0
  214. package/skills/gitlab-ci-patterns/SKILL.md +283 -0
  215. package/skills/gitops-workflow/SKILL.md +303 -0
  216. package/skills/gitops-workflow/references/argocd-setup.md +134 -0
  217. package/skills/gitops-workflow/references/sync-policies.md +131 -0
  218. package/skills/go-concurrency-patterns/SKILL.md +33 -0
  219. package/skills/go-concurrency-patterns/resources/implementation-playbook.md +654 -0
  220. package/skills/godot-gdscript-patterns/SKILL.md +33 -0
  221. package/skills/godot-gdscript-patterns/resources/implementation-playbook.md +804 -0
  222. package/skills/golang-pro/SKILL.md +179 -0
  223. package/skills/grafana-dashboards/SKILL.md +381 -0
  224. package/skills/graphql-architect/SKILL.md +182 -0
  225. package/skills/haskell-pro/SKILL.md +56 -0
  226. package/skills/helm-chart-scaffolding/SKILL.md +34 -0
  227. package/skills/helm-chart-scaffolding/assets/Chart.yaml.template +42 -0
  228. package/skills/helm-chart-scaffolding/assets/values.yaml.template +185 -0
  229. package/skills/helm-chart-scaffolding/references/chart-structure.md +500 -0
  230. package/skills/helm-chart-scaffolding/resources/implementation-playbook.md +543 -0
  231. package/skills/helm-chart-scaffolding/scripts/validate-chart.sh +244 -0
  232. package/skills/hr-pro/SKILL.md +126 -0
  233. package/skills/hybrid-cloud-architect/SKILL.md +168 -0
  234. package/skills/hybrid-cloud-networking/SKILL.md +238 -0
  235. package/skills/hybrid-search-implementation/SKILL.md +32 -0
  236. package/skills/hybrid-search-implementation/resources/implementation-playbook.md +567 -0
  237. package/skills/incident-responder/SKILL.md +213 -0
  238. package/skills/incident-response-incident-response/SKILL.md +168 -0
  239. package/skills/incident-response-smart-fix/SKILL.md +29 -0
  240. package/skills/incident-response-smart-fix/resources/implementation-playbook.md +838 -0
  241. package/skills/incident-runbook-templates/SKILL.md +395 -0
  242. package/skills/ios-developer/SKILL.md +219 -0
  243. package/skills/istio-traffic-management/SKILL.md +337 -0
  244. package/skills/java-pro/SKILL.md +177 -0
  245. package/skills/javascript-pro/SKILL.md +57 -0
  246. package/skills/javascript-testing-patterns/SKILL.md +35 -0
  247. package/skills/javascript-testing-patterns/resources/implementation-playbook.md +1024 -0
  248. package/skills/javascript-typescript-typescript-scaffold/SKILL.md +361 -0
  249. package/skills/julia-pro/SKILL.md +209 -0
  250. package/skills/k8s-manifest-generator/SKILL.md +35 -0
  251. package/skills/k8s-manifest-generator/assets/configmap-template.yaml +296 -0
  252. package/skills/k8s-manifest-generator/assets/deployment-template.yaml +203 -0
  253. package/skills/k8s-manifest-generator/assets/service-template.yaml +171 -0
  254. package/skills/k8s-manifest-generator/references/deployment-spec.md +753 -0
  255. package/skills/k8s-manifest-generator/references/service-spec.md +724 -0
  256. package/skills/k8s-manifest-generator/resources/implementation-playbook.md +510 -0
  257. package/skills/k8s-security-policies/SKILL.md +346 -0
  258. package/skills/k8s-security-policies/assets/network-policy-template.yaml +177 -0
  259. package/skills/k8s-security-policies/references/rbac-patterns.md +187 -0
  260. package/skills/kpi-dashboard-design/SKILL.md +440 -0
  261. package/skills/kubernetes-architect/SKILL.md +170 -0
  262. package/skills/langchain-architecture/SKILL.md +350 -0
  263. package/skills/legacy-modernizer/SKILL.md +53 -0
  264. package/skills/legal-advisor/SKILL.md +70 -0
  265. package/skills/linkerd-patterns/SKILL.md +321 -0
  266. package/skills/llm-application-dev-ai-assistant/SKILL.md +35 -0
  267. package/skills/llm-application-dev-ai-assistant/resources/implementation-playbook.md +1236 -0
  268. package/skills/llm-application-dev-langchain-agent/SKILL.md +246 -0
  269. package/skills/llm-application-dev-prompt-optimize/SKILL.md +37 -0
  270. package/skills/llm-application-dev-prompt-optimize/resources/implementation-playbook.md +591 -0
  271. package/skills/llm-evaluation/SKILL.md +483 -0
  272. package/skills/machine-learning-ops-ml-pipeline/SKILL.md +314 -0
  273. package/skills/malware-analyst/SKILL.md +247 -0
  274. package/skills/market-sizing-analysis/SKILL.md +425 -0
  275. package/skills/market-sizing-analysis/examples/saas-market-sizing.md +349 -0
  276. package/skills/market-sizing-analysis/references/data-sources.md +360 -0
  277. package/skills/memory-forensics/SKILL.md +491 -0
  278. package/skills/memory-safety-patterns/SKILL.md +33 -0
  279. package/skills/memory-safety-patterns/resources/implementation-playbook.md +603 -0
  280. package/skills/mermaid-expert/SKILL.md +59 -0
  281. package/skills/microservices-patterns/SKILL.md +35 -0
  282. package/skills/microservices-patterns/resources/implementation-playbook.md +607 -0
  283. package/skills/minecraft-bukkit-pro/SKILL.md +126 -0
  284. package/skills/ml-engineer/SKILL.md +168 -0
  285. package/skills/ml-pipeline-workflow/SKILL.md +257 -0
  286. package/skills/mlops-engineer/SKILL.md +219 -0
  287. package/skills/mobile-developer/SKILL.md +205 -0
  288. package/skills/mobile-security-coder/SKILL.md +184 -0
  289. package/skills/modern-javascript-patterns/SKILL.md +35 -0
  290. package/skills/modern-javascript-patterns/resources/implementation-playbook.md +910 -0
  291. package/skills/monorepo-architect/SKILL.md +61 -0
  292. package/skills/monorepo-management/SKILL.md +35 -0
  293. package/skills/monorepo-management/resources/implementation-playbook.md +621 -0
  294. package/skills/mtls-configuration/SKILL.md +359 -0
  295. package/skills/multi-cloud-architecture/SKILL.md +189 -0
  296. package/skills/multi-platform-apps-multi-platform/SKILL.md +203 -0
  297. package/skills/network-engineer/SKILL.md +169 -0
  298. package/skills/nextjs-app-router-patterns/SKILL.md +33 -0
  299. package/skills/nextjs-app-router-patterns/resources/implementation-playbook.md +543 -0
  300. package/skills/nft-standards/SKILL.md +395 -0
  301. package/skills/node-expert/SKILL.md +23 -0
  302. package/skills/nodejs-backend-patterns/SKILL.md +35 -0
  303. package/skills/nodejs-backend-patterns/resources/implementation-playbook.md +1019 -0
  304. package/skills/nx-workspace-patterns/SKILL.md +464 -0
  305. package/skills/observability-engineer/SKILL.md +237 -0
  306. package/skills/observability-monitoring-monitor-setup/SKILL.md +48 -0
  307. package/skills/observability-monitoring-monitor-setup/resources/implementation-playbook.md +505 -0
  308. package/skills/observability-monitoring-slo-implement/SKILL.md +43 -0
  309. package/skills/observability-monitoring-slo-implement/resources/implementation-playbook.md +1077 -0
  310. package/skills/on-call-handoff-patterns/SKILL.md +453 -0
  311. package/skills/openapi-spec-generation/SKILL.md +33 -0
  312. package/skills/openapi-spec-generation/resources/implementation-playbook.md +1027 -0
  313. package/skills/payment-integration/SKILL.md +77 -0
  314. package/skills/paypal-integration/SKILL.md +479 -0
  315. package/skills/pci-compliance/SKILL.md +478 -0
  316. package/skills/performance-engineer/SKILL.md +180 -0
  317. package/skills/performance-testing-review-ai-review/SKILL.md +450 -0
  318. package/skills/performance-testing-review-multi-agent-review/SKILL.md +216 -0
  319. package/skills/php-pro/SKILL.md +63 -0
  320. package/skills/posix-shell-pro/SKILL.md +304 -0
  321. package/skills/postgresql/SKILL.md +230 -0
  322. package/skills/postmortem-writing/SKILL.md +386 -0
  323. package/skills/projection-patterns/SKILL.md +33 -0
  324. package/skills/projection-patterns/resources/implementation-playbook.md +501 -0
  325. package/skills/prometheus-configuration/SKILL.md +404 -0
  326. package/skills/prompt-engineer/SKILL.md +272 -0
  327. package/skills/prompt-engineering-patterns/SKILL.md +213 -0
  328. package/skills/prompt-engineering-patterns/assets/few-shot-examples.json +106 -0
  329. package/skills/prompt-engineering-patterns/assets/prompt-template-library.md +246 -0
  330. package/skills/prompt-engineering-patterns/references/chain-of-thought.md +399 -0
  331. package/skills/prompt-engineering-patterns/references/few-shot-learning.md +369 -0
  332. package/skills/prompt-engineering-patterns/references/prompt-optimization.md +414 -0
  333. package/skills/prompt-engineering-patterns/references/prompt-templates.md +470 -0
  334. package/skills/prompt-engineering-patterns/references/system-prompts.md +189 -0
  335. package/skills/prompt-engineering-patterns/scripts/optimize-prompt.py +279 -0
  336. package/skills/protocol-reverse-engineering/SKILL.md +29 -0
  337. package/skills/protocol-reverse-engineering/resources/implementation-playbook.md +509 -0
  338. package/skills/python-development-python-scaffold/SKILL.md +331 -0
  339. package/skills/python-packaging/SKILL.md +36 -0
  340. package/skills/python-packaging/resources/implementation-playbook.md +869 -0
  341. package/skills/python-performance-optimization/SKILL.md +36 -0
  342. package/skills/python-performance-optimization/resources/implementation-playbook.md +868 -0
  343. package/skills/python-pro/SKILL.md +158 -0
  344. package/skills/python-testing-patterns/SKILL.md +37 -0
  345. package/skills/python-testing-patterns/resources/implementation-playbook.md +906 -0
  346. package/skills/quant-analyst/SKILL.md +53 -0
  347. package/skills/rag-implementation/SKILL.md +421 -0
  348. package/skills/react-modernization/SKILL.md +34 -0
  349. package/skills/react-modernization/resources/implementation-playbook.md +512 -0
  350. package/skills/react-native-architecture/SKILL.md +33 -0
  351. package/skills/react-native-architecture/resources/implementation-playbook.md +670 -0
  352. package/skills/react-state-management/SKILL.md +441 -0
  353. package/skills/reference-builder/SKILL.md +188 -0
  354. package/skills/reverse-engineer/SKILL.md +173 -0
  355. package/skills/risk-manager/SKILL.md +61 -0
  356. package/skills/risk-metrics-calculation/SKILL.md +33 -0
  357. package/skills/risk-metrics-calculation/resources/implementation-playbook.md +554 -0
  358. package/skills/ruby-pro/SKILL.md +56 -0
  359. package/skills/rust-async-patterns/SKILL.md +33 -0
  360. package/skills/rust-async-patterns/resources/implementation-playbook.md +516 -0
  361. package/skills/rust-pro/SKILL.md +178 -0
  362. package/skills/saga-orchestration/SKILL.md +496 -0
  363. package/skills/sales-automator/SKILL.md +55 -0
  364. package/skills/sast-configuration/SKILL.md +212 -0
  365. package/skills/scala-pro/SKILL.md +82 -0
  366. package/skills/screen-reader-testing/SKILL.md +33 -0
  367. package/skills/screen-reader-testing/resources/implementation-playbook.md +544 -0
  368. package/skills/search-specialist/SKILL.md +80 -0
  369. package/skills/secrets-management/SKILL.md +364 -0
  370. package/skills/security-auditor/SKILL.md +169 -0
  371. package/skills/security-compliance-compliance-check/SKILL.md +55 -0
  372. package/skills/security-compliance-compliance-check/resources/implementation-playbook.md +963 -0
  373. package/skills/security-requirement-extraction/SKILL.md +33 -0
  374. package/skills/security-requirement-extraction/resources/implementation-playbook.md +676 -0
  375. package/skills/security-scanning-security-dependencies/SKILL.md +43 -0
  376. package/skills/security-scanning-security-dependencies/resources/implementation-playbook.md +544 -0
  377. package/skills/security-scanning-security-hardening/SKILL.md +147 -0
  378. package/skills/security-scanning-security-sast/SKILL.md +495 -0
  379. package/skills/seo-authority-builder/SKILL.md +136 -0
  380. package/skills/seo-cannibalization-detector/SKILL.md +123 -0
  381. package/skills/seo-content-auditor/SKILL.md +83 -0
  382. package/skills/seo-content-planner/SKILL.md +108 -0
  383. package/skills/seo-content-refresher/SKILL.md +118 -0
  384. package/skills/seo-content-writer/SKILL.md +96 -0
  385. package/skills/seo-keyword-strategist/SKILL.md +95 -0
  386. package/skills/seo-meta-optimizer/SKILL.md +92 -0
  387. package/skills/seo-snippet-hunter/SKILL.md +114 -0
  388. package/skills/seo-structure-architect/SKILL.md +108 -0
  389. package/skills/service-mesh-expert/SKILL.md +58 -0
  390. package/skills/service-mesh-observability/SKILL.md +395 -0
  391. package/skills/shellcheck-configuration/SKILL.md +466 -0
  392. package/skills/similarity-search-patterns/SKILL.md +33 -0
  393. package/skills/similarity-search-patterns/resources/implementation-playbook.md +557 -0
  394. package/skills/slo-implementation/SKILL.md +341 -0
  395. package/skills/solidity-security/SKILL.md +34 -0
  396. package/skills/solidity-security/resources/implementation-playbook.md +524 -0
  397. package/skills/spark-optimization/SKILL.md +427 -0
  398. package/skills/sql-optimization-patterns/SKILL.md +35 -0
  399. package/skills/sql-optimization-patterns/resources/implementation-playbook.md +504 -0
  400. package/skills/sql-pro/SKILL.md +173 -0
  401. package/skills/startup-analyst/SKILL.md +328 -0
  402. package/skills/startup-business-analyst-business-case/SKILL.md +487 -0
  403. package/skills/startup-business-analyst-financial-projections/SKILL.md +353 -0
  404. package/skills/startup-business-analyst-market-opportunity/SKILL.md +240 -0
  405. package/skills/startup-financial-modeling/SKILL.md +467 -0
  406. package/skills/startup-metrics-framework/SKILL.md +34 -0
  407. package/skills/startup-metrics-framework/resources/implementation-playbook.md +500 -0
  408. package/skills/stride-analysis-patterns/SKILL.md +33 -0
  409. package/skills/stride-analysis-patterns/resources/implementation-playbook.md +655 -0
  410. package/skills/stripe-integration/SKILL.md +454 -0
  411. package/skills/systems-programming-rust-project/SKILL.md +440 -0
  412. package/skills/tailwind-design-system/SKILL.md +33 -0
  413. package/skills/tailwind-design-system/resources/implementation-playbook.md +665 -0
  414. package/skills/tdd-orchestrator/SKILL.md +205 -0
  415. package/skills/tdd-workflows-tdd-cycle/SKILL.md +221 -0
  416. package/skills/tdd-workflows-tdd-green/SKILL.md +73 -0
  417. package/skills/tdd-workflows-tdd-green/resources/implementation-playbook.md +870 -0
  418. package/skills/tdd-workflows-tdd-red/SKILL.md +164 -0
  419. package/skills/tdd-workflows-tdd-refactor/SKILL.md +187 -0
  420. package/skills/team-collaboration-issue/SKILL.md +37 -0
  421. package/skills/team-collaboration-issue/resources/implementation-playbook.md +640 -0
  422. package/skills/team-collaboration-standup-notes/SKILL.md +44 -0
  423. package/skills/team-collaboration-standup-notes/resources/implementation-playbook.md +768 -0
  424. package/skills/team-composition-analysis/SKILL.md +413 -0
  425. package/skills/temporal-python-pro/SKILL.md +370 -0
  426. package/skills/temporal-python-testing/SKILL.md +170 -0
  427. package/skills/temporal-python-testing/resources/integration-testing.md +455 -0
  428. package/skills/temporal-python-testing/resources/local-setup.md +553 -0
  429. package/skills/temporal-python-testing/resources/replay-testing.md +462 -0
  430. package/skills/temporal-python-testing/resources/unit-testing.md +328 -0
  431. package/skills/terraform-module-library/SKILL.md +261 -0
  432. package/skills/terraform-module-library/references/aws-modules.md +63 -0
  433. package/skills/terraform-specialist/SKILL.md +166 -0
  434. package/skills/test-automator/SKILL.md +224 -0
  435. package/skills/threat-mitigation-mapping/SKILL.md +33 -0
  436. package/skills/threat-mitigation-mapping/resources/implementation-playbook.md +744 -0
  437. package/skills/threat-modeling-expert/SKILL.md +60 -0
  438. package/skills/track-management/SKILL.md +38 -0
  439. package/skills/track-management/resources/implementation-playbook.md +591 -0
  440. package/skills/turborepo-caching/SKILL.md +419 -0
  441. package/skills/tutorial-engineer/SKILL.md +139 -0
  442. package/skills/typescript-advanced-types/SKILL.md +35 -0
  443. package/skills/typescript-advanced-types/resources/implementation-playbook.md +716 -0
  444. package/skills/typescript-pro/SKILL.md +55 -0
  445. package/skills/ui-minimal/SKILL.md +23 -0
  446. package/skills/ui-ux-designer/SKILL.md +209 -0
  447. package/skills/ui-visual-validator/SKILL.md +214 -0
  448. package/skills/unit-testing-test-generate/SKILL.md +319 -0
  449. package/skills/unity-developer/SKILL.md +230 -0
  450. package/skills/unity-ecs-patterns/SKILL.md +33 -0
  451. package/skills/unity-ecs-patterns/resources/implementation-playbook.md +625 -0
  452. package/skills/uv-package-manager/SKILL.md +37 -0
  453. package/skills/uv-package-manager/resources/implementation-playbook.md +830 -0
  454. package/skills/vector-database-engineer/SKILL.md +60 -0
  455. package/skills/vector-index-tuning/SKILL.md +42 -0
  456. package/skills/vector-index-tuning/resources/implementation-playbook.md +507 -0
  457. package/skills/wcag-audit-patterns/SKILL.md +41 -0
  458. package/skills/wcag-audit-patterns/resources/implementation-playbook.md +541 -0
  459. package/skills/web3-testing/SKILL.md +427 -0
  460. package/skills/workflow-orchestration-patterns/SKILL.md +333 -0
  461. package/skills/workflow-patterns/SKILL.md +38 -0
  462. package/skills/workflow-patterns/resources/implementation-playbook.md +621 -0
package/skills/auth-implementation-patterns/resources/implementation-playbook.md ADDED
@@ -0,0 +1,618 @@
1
+ # Authentication and Authorization Implementation Patterns Implementation Playbook
2
+
3
+ This file contains detailed patterns, checklists, and code samples referenced by the skill.
4
+
5
+ ## Core Concepts
6
+
7
+ ### 1. Authentication vs Authorization
8
+
9
+ **Authentication (AuthN)**: Who are you?
10
+ - Verifying identity (username/password, OAuth, biometrics)
11
+ - Issuing credentials (sessions, tokens)
12
+ - Managing login/logout
13
+
14
+ **Authorization (AuthZ)**: What can you do?
15
+ - Permission checking
16
+ - Role-based access control (RBAC)
17
+ - Resource ownership validation
18
+ - Policy enforcement
19
+
20
+ ### 2. Authentication Strategies
21
+
22
+ **Session-Based:**
23
+ - Server stores session state
24
+ - Session ID in cookie
25
+ - Traditional, simple, stateful
26
+
27
+ **Token-Based (JWT):**
28
+ - Stateless, self-contained
29
+ - Scales horizontally
30
+ - Can store claims
31
+
32
+ **OAuth2/OpenID Connect:**
33
+ - Delegate authentication
34
+ - Social login (Google, GitHub)
35
+ - Enterprise SSO
36
+
37
+ ## JWT Authentication
38
+
39
+ ### Pattern 1: JWT Implementation
40
+
41
+ ```typescript
42
+ // JWT structure: header.payload.signature
43
+ import jwt from 'jsonwebtoken';
44
+ import { Request, Response, NextFunction } from 'express';
45
+
46
+ interface JWTPayload {
47
+ userId: string;
48
+ email: string;
49
+ role: string;
50
+ iat: number;
51
+ exp: number;
52
+ }
53
+
54
+ // Generate JWT
55
+ function generateTokens(userId: string, email: string, role: string) {
56
+ const accessToken = jwt.sign(
57
+ { userId, email, role },
58
+ process.env.JWT_SECRET!,
59
+ { expiresIn: '15m' } // Short-lived
60
+ );
61
+
62
+ const refreshToken = jwt.sign(
63
+ { userId },
64
+ process.env.JWT_REFRESH_SECRET!,
65
+ { expiresIn: '7d' } // Long-lived
66
+ );
67
+
68
+ return { accessToken, refreshToken };
69
+ }
70
+
71
+ // Verify JWT
72
+ function verifyToken(token: string): JWTPayload {
73
+ try {
74
+ return jwt.verify(token, process.env.JWT_SECRET!) as JWTPayload;
75
+ } catch (error) {
76
+ if (error instanceof jwt.TokenExpiredError) {
77
+ throw new Error('Token expired');
78
+ }
79
+ if (error instanceof jwt.JsonWebTokenError) {
80
+ throw new Error('Invalid token');
81
+ }
82
+ throw error;
83
+ }
84
+ }
85
+
86
+ // Middleware
87
+ function authenticate(req: Request, res: Response, next: NextFunction) {
88
+ const authHeader = req.headers.authorization;
89
+ if (!authHeader?.startsWith('Bearer ')) {
90
+ return res.status(401).json({ error: 'No token provided' });
91
+ }
92
+
93
+ const token = authHeader.substring(7);
94
+ try {
95
+ const payload = verifyToken(token);
96
+ req.user = payload; // Attach user to request
97
+ next();
98
+ } catch (error) {
99
+ return res.status(401).json({ error: 'Invalid token' });
100
+ }
101
+ }
102
+
103
+ // Usage
104
+ app.get('/api/profile', authenticate, (req, res) => {
105
+ res.json({ user: req.user });
106
+ });
107
+ ```
108
+
109
+ ### Pattern 2: Refresh Token Flow
110
+
111
+ ```typescript
112
+ interface StoredRefreshToken {
113
+ token: string;
114
+ userId: string;
115
+ expiresAt: Date;
116
+ createdAt: Date;
117
+ }
118
+
119
+ class RefreshTokenService {
120
+ // Store refresh token in database
121
+ async storeRefreshToken(userId: string, refreshToken: string) {
122
+ const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
123
+ await db.refreshTokens.create({
124
+ token: await hash(refreshToken), // Hash before storing
125
+ userId,
126
+ expiresAt,
127
+ });
128
+ }
129
+
130
+ // Refresh access token
131
+ async refreshAccessToken(refreshToken: string) {
132
+ // Verify refresh token
133
+ let payload;
134
+ try {
135
+ payload = jwt.verify(
136
+ refreshToken,
137
+ process.env.JWT_REFRESH_SECRET!
138
+ ) as { userId: string };
139
+ } catch {
140
+ throw new Error('Invalid refresh token');
141
+ }
142
+
143
+ // Check if token exists in database
144
+ const storedToken = await db.refreshTokens.findOne({
145
+ where: {
146
+ token: await hash(refreshToken),
147
+ userId: payload.userId,
148
+ expiresAt: { $gt: new Date() },
149
+ },
150
+ });
151
+
152
+ if (!storedToken) {
153
+ throw new Error('Refresh token not found or expired');
154
+ }
155
+
156
+ // Get user
157
+ const user = await db.users.findById(payload.userId);
158
+ if (!user) {
159
+ throw new Error('User not found');
160
+ }
161
+
162
+ // Generate new access token
163
+ const accessToken = jwt.sign(
164
+ { userId: user.id, email: user.email, role: user.role },
165
+ process.env.JWT_SECRET!,
166
+ { expiresIn: '15m' }
167
+ );
168
+
169
+ return { accessToken };
170
+ }
171
+
172
+ // Revoke refresh token (logout)
173
+ async revokeRefreshToken(refreshToken: string) {
174
+ await db.refreshTokens.deleteOne({
175
+ token: await hash(refreshToken),
176
+ });
177
+ }
178
+
179
+ // Revoke all user tokens (logout all devices)
180
+ async revokeAllUserTokens(userId: string) {
181
+ await db.refreshTokens.deleteMany({ userId });
182
+ }
183
+ }
184
+
185
+ // API endpoints
186
+ app.post('/api/auth/refresh', async (req, res) => {
187
+ const { refreshToken } = req.body;
188
+ try {
189
+ const { accessToken } = await refreshTokenService
190
+ .refreshAccessToken(refreshToken);
191
+ res.json({ accessToken });
192
+ } catch (error) {
193
+ res.status(401).json({ error: 'Invalid refresh token' });
194
+ }
195
+ });
196
+
197
+ app.post('/api/auth/logout', authenticate, async (req, res) => {
198
+ const { refreshToken } = req.body;
199
+ await refreshTokenService.revokeRefreshToken(refreshToken);
200
+ res.json({ message: 'Logged out successfully' });
201
+ });
202
+ ```
203
+
204
+ ## Session-Based Authentication
205
+
206
+ ### Pattern 1: Express Session
207
+
208
+ ```typescript
209
+ import session from 'express-session';
210
+ import RedisStore from 'connect-redis';
211
+ import { createClient } from 'redis';
212
+
213
+ // Setup Redis for session storage
214
+ const redisClient = createClient({
215
+ url: process.env.REDIS_URL,
216
+ });
217
+ await redisClient.connect();
218
+
219
+ app.use(
220
+ session({
221
+ store: new RedisStore({ client: redisClient }),
222
+ secret: process.env.SESSION_SECRET!,
223
+ resave: false,
224
+ saveUninitialized: false,
225
+ cookie: {
226
+ secure: process.env.NODE_ENV === 'production', // HTTPS only
227
+ httpOnly: true, // No JavaScript access
228
+ maxAge: 24 * 60 * 60 * 1000, // 24 hours
229
+ sameSite: 'strict', // CSRF protection
230
+ },
231
+ })
232
+ );
233
+
234
+ // Login
235
+ app.post('/api/auth/login', async (req, res) => {
236
+ const { email, password } = req.body;
237
+
238
+ const user = await db.users.findOne({ email });
239
+ if (!user || !(await verifyPassword(password, user.passwordHash))) {
240
+ return res.status(401).json({ error: 'Invalid credentials' });
241
+ }
242
+
243
+ // Store user in session
244
+ req.session.userId = user.id;
245
+ req.session.role = user.role;
246
+
247
+ res.json({ user: { id: user.id, email: user.email, role: user.role } });
248
+ });
249
+
250
+ // Session middleware
251
+ function requireAuth(req: Request, res: Response, next: NextFunction) {
252
+ if (!req.session.userId) {
253
+ return res.status(401).json({ error: 'Not authenticated' });
254
+ }
255
+ next();
256
+ }
257
+
258
+ // Protected route
259
+ app.get('/api/profile', requireAuth, async (req, res) => {
260
+ const user = await db.users.findById(req.session.userId);
261
+ res.json({ user });
262
+ });
263
+
264
+ // Logout
265
+ app.post('/api/auth/logout', (req, res) => {
266
+ req.session.destroy((err) => {
267
+ if (err) {
268
+ return res.status(500).json({ error: 'Logout failed' });
269
+ }
270
+ res.clearCookie('connect.sid');
271
+ res.json({ message: 'Logged out successfully' });
272
+ });
273
+ });
274
+ ```
275
+
276
+ ## OAuth2 / Social Login
277
+
278
+ ### Pattern 1: OAuth2 with Passport.js
279
+
280
+ ```typescript
281
+ import passport from 'passport';
282
+ import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
283
+ import { Strategy as GitHubStrategy } from 'passport-github2';
284
+
285
+ // Google OAuth
286
+ passport.use(
287
+ new GoogleStrategy(
288
+ {
289
+ clientID: process.env.GOOGLE_CLIENT_ID!,
290
+ clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
291
+ callbackURL: '/api/auth/google/callback',
292
+ },
293
+ async (accessToken, refreshToken, profile, done) => {
294
+ try {
295
+ // Find or create user
296
+ let user = await db.users.findOne({
297
+ googleId: profile.id,
298
+ });
299
+
300
+ if (!user) {
301
+ user = await db.users.create({
302
+ googleId: profile.id,
303
+ email: profile.emails?.[0]?.value,
304
+ name: profile.displayName,
305
+ avatar: profile.photos?.[0]?.value,
306
+ });
307
+ }
308
+
309
+ return done(null, user);
310
+ } catch (error) {
311
+ return done(error, undefined);
312
+ }
313
+ }
314
+ )
315
+ );
316
+
317
+ // Routes
318
+ app.get('/api/auth/google', passport.authenticate('google', {
319
+ scope: ['profile', 'email'],
320
+ }));
321
+
322
+ app.get(
323
+ '/api/auth/google/callback',
324
+ passport.authenticate('google', { session: false }),
325
+ (req, res) => {
326
+ // Generate JWT
327
+ const tokens = generateTokens(req.user.id, req.user.email, req.user.role);
328
+ // Redirect to frontend with token
329
+ res.redirect(`${process.env.FRONTEND_URL}/auth/callback?token=${tokens.accessToken}`);
330
+ }
331
+ );
332
+ ```
333
+
334
+ ## Authorization Patterns
335
+
336
+ ### Pattern 1: Role-Based Access Control (RBAC)
337
+
338
+ ```typescript
339
+ enum Role {
340
+ USER = 'user',
341
+ MODERATOR = 'moderator',
342
+ ADMIN = 'admin',
343
+ }
344
+
345
+ const roleHierarchy: Record<Role, Role[]> = {
346
+ [Role.ADMIN]: [Role.ADMIN, Role.MODERATOR, Role.USER],
347
+ [Role.MODERATOR]: [Role.MODERATOR, Role.USER],
348
+ [Role.USER]: [Role.USER],
349
+ };
350
+
351
+ function hasRole(userRole: Role, requiredRole: Role): boolean {
352
+ return roleHierarchy[userRole].includes(requiredRole);
353
+ }
354
+
355
+ // Middleware
356
+ function requireRole(...roles: Role[]) {
357
+ return (req: Request, res: Response, next: NextFunction) => {
358
+ if (!req.user) {
359
+ return res.status(401).json({ error: 'Not authenticated' });
360
+ }
361
+
362
+ if (!roles.some(role => hasRole(req.user.role, role))) {
363
+ return res.status(403).json({ error: 'Insufficient permissions' });
364
+ }
365
+
366
+ next();
367
+ };
368
+ }
369
+
370
+ // Usage
371
+ app.delete('/api/users/:id',
372
+ authenticate,
373
+ requireRole(Role.ADMIN),
374
+ async (req, res) => {
375
+ // Only admins can delete users
376
+ await db.users.delete(req.params.id);
377
+ res.json({ message: 'User deleted' });
378
+ }
379
+ );
380
+ ```
381
+
382
+ ### Pattern 2: Permission-Based Access Control
383
+
384
+ ```typescript
385
+ enum Permission {
386
+ READ_USERS = 'read:users',
387
+ WRITE_USERS = 'write:users',
388
+ DELETE_USERS = 'delete:users',
389
+ READ_POSTS = 'read:posts',
390
+ WRITE_POSTS = 'write:posts',
391
+ }
392
+
393
+ const rolePermissions: Record<Role, Permission[]> = {
394
+ [Role.USER]: [Permission.READ_POSTS, Permission.WRITE_POSTS],
395
+ [Role.MODERATOR]: [
396
+ Permission.READ_POSTS,
397
+ Permission.WRITE_POSTS,
398
+ Permission.READ_USERS,
399
+ ],
400
+ [Role.ADMIN]: Object.values(Permission),
401
+ };
402
+
403
+ function hasPermission(userRole: Role, permission: Permission): boolean {
404
+ return rolePermissions[userRole]?.includes(permission) ?? false;
405
+ }
406
+
407
+ function requirePermission(...permissions: Permission[]) {
408
+ return (req: Request, res: Response, next: NextFunction) => {
409
+ if (!req.user) {
410
+ return res.status(401).json({ error: 'Not authenticated' });
411
+ }
412
+
413
+ const hasAllPermissions = permissions.every(permission =>
414
+ hasPermission(req.user.role, permission)
415
+ );
416
+
417
+ if (!hasAllPermissions) {
418
+ return res.status(403).json({ error: 'Insufficient permissions' });
419
+ }
420
+
421
+ next();
422
+ };
423
+ }
424
+
425
+ // Usage
426
+ app.get('/api/users',
427
+ authenticate,
428
+ requirePermission(Permission.READ_USERS),
429
+ async (req, res) => {
430
+ const users = await db.users.findAll();
431
+ res.json({ users });
432
+ }
433
+ );
434
+ ```
435
+
436
+ ### Pattern 3: Resource Ownership
437
+
438
+ ```typescript
439
+ // Check if user owns resource
440
+ async function requireOwnership(
441
+ resourceType: 'post' | 'comment',
442
+ resourceIdParam: string = 'id'
443
+ ) {
444
+ return async (req: Request, res: Response, next: NextFunction) => {
445
+ if (!req.user) {
446
+ return res.status(401).json({ error: 'Not authenticated' });
447
+ }
448
+
449
+ const resourceId = req.params[resourceIdParam];
450
+
451
+ // Admins can access anything
452
+ if (req.user.role === Role.ADMIN) {
453
+ return next();
454
+ }
455
+
456
+ // Check ownership
457
+ let resource;
458
+ if (resourceType === 'post') {
459
+ resource = await db.posts.findById(resourceId);
460
+ } else if (resourceType === 'comment') {
461
+ resource = await db.comments.findById(resourceId);
462
+ }
463
+
464
+ if (!resource) {
465
+ return res.status(404).json({ error: 'Resource not found' });
466
+ }
467
+
468
+ if (resource.userId !== req.user.userId) {
469
+ return res.status(403).json({ error: 'Not authorized' });
470
+ }
471
+
472
+ next();
473
+ };
474
+ }
475
+
476
+ // Usage
477
+ app.put('/api/posts/:id',
478
+ authenticate,
479
+ requireOwnership('post'),
480
+ async (req, res) => {
481
+ // User can only update their own posts
482
+ const post = await db.posts.update(req.params.id, req.body);
483
+ res.json({ post });
484
+ }
485
+ );
486
+ ```
487
+
488
+ ## Security Best Practices
489
+
490
+ ### Pattern 1: Password Security
491
+
492
+ ```typescript
493
+ import bcrypt from 'bcrypt';
494
+ import { z } from 'zod';
495
+
496
+ // Password validation schema
497
+ const passwordSchema = z.string()
498
+ .min(12, 'Password must be at least 12 characters')
499
+ .regex(/[A-Z]/, 'Password must contain uppercase letter')
500
+ .regex(/[a-z]/, 'Password must contain lowercase letter')
501
+ .regex(/[0-9]/, 'Password must contain number')
502
+ .regex(/[^A-Za-z0-9]/, 'Password must contain special character');
503
+
504
+ // Hash password
505
+ async function hashPassword(password: string): Promise<string> {
506
+ const saltRounds = 12; // 2^12 iterations
507
+ return bcrypt.hash(password, saltRounds);
508
+ }
509
+
510
+ // Verify password
511
+ async function verifyPassword(
512
+ password: string,
513
+ hash: string
514
+ ): Promise<boolean> {
515
+ return bcrypt.compare(password, hash);
516
+ }
517
+
518
+ // Registration with password validation
519
+ app.post('/api/auth/register', async (req, res) => {
520
+ try {
521
+ const { email, password } = req.body;
522
+
523
+ // Validate password
524
+ passwordSchema.parse(password);
525
+
526
+ // Check if user exists
527
+ const existingUser = await db.users.findOne({ email });
528
+ if (existingUser) {
529
+ return res.status(400).json({ error: 'Email already registered' });
530
+ }
531
+
532
+ // Hash password
533
+ const passwordHash = await hashPassword(password);
534
+
535
+ // Create user
536
+ const user = await db.users.create({
537
+ email,
538
+ passwordHash,
539
+ });
540
+
541
+ // Generate tokens
542
+ const tokens = generateTokens(user.id, user.email, user.role);
543
+
544
+ res.status(201).json({
545
+ user: { id: user.id, email: user.email },
546
+ ...tokens,
547
+ });
548
+ } catch (error) {
549
+ if (error instanceof z.ZodError) {
550
+ return res.status(400).json({ error: error.errors[0].message });
551
+ }
552
+ res.status(500).json({ error: 'Registration failed' });
553
+ }
554
+ });
555
+ ```
556
+
557
+ ### Pattern 2: Rate Limiting
558
+
559
+ ```typescript
560
+ import rateLimit from 'express-rate-limit';
561
+ import RedisStore from 'rate-limit-redis';
562
+
563
+ // Login rate limiter
564
+ const loginLimiter = rateLimit({
565
+ store: new RedisStore({ client: redisClient }),
566
+ windowMs: 15 * 60 * 1000, // 15 minutes
567
+ max: 5, // 5 attempts
568
+ message: 'Too many login attempts, please try again later',
569
+ standardHeaders: true,
570
+ legacyHeaders: false,
571
+ });
572
+
573
+ // API rate limiter
574
+ const apiLimiter = rateLimit({
575
+ windowMs: 60 * 1000, // 1 minute
576
+ max: 100, // 100 requests per minute
577
+ standardHeaders: true,
578
+ });
579
+
580
+ // Apply to routes
581
+ app.post('/api/auth/login', loginLimiter, async (req, res) => {
582
+ // Login logic
583
+ });
584
+
585
+ app.use('/api/', apiLimiter);
586
+ ```
587
+
588
+ ## Best Practices
589
+
590
+ 1. **Never Store Plain Passwords**: Always hash with bcrypt/argon2
591
+ 2. **Use HTTPS**: Encrypt data in transit
592
+ 3. **Short-Lived Access Tokens**: 15-30 minutes max
593
+ 4. **Secure Cookies**: httpOnly, secure, sameSite flags
594
+ 5. **Validate All Input**: Email format, password strength
595
+ 6. **Rate Limit Auth Endpoints**: Prevent brute force attacks
596
+ 7. **Implement CSRF Protection**: For session-based auth
597
+ 8. **Rotate Secrets Regularly**: JWT secrets, session secrets
598
+ 9. **Log Security Events**: Login attempts, failed auth
599
+ 10. **Use MFA When Possible**: Extra security layer
600
+
601
+ ## Common Pitfalls
602
+
603
+ - **Weak Passwords**: Enforce strong password policies
604
+ - **JWT in localStorage**: Vulnerable to XSS, use httpOnly cookies
605
+ - **No Token Expiration**: Tokens should expire
606
+ - **Client-Side Auth Checks Only**: Always validate server-side
607
+ - **Insecure Password Reset**: Use secure tokens with expiration
608
+ - **No Rate Limiting**: Vulnerable to brute force
609
+ - **Trusting Client Data**: Always validate on server
610
+
611
+ ## Resources
612
+
613
+ - **references/jwt-best-practices.md**: JWT implementation guide
614
+ - **references/oauth2-flows.md**: OAuth2 flow diagrams and examples
615
+ - **references/session-security.md**: Secure session management
616
+ - **assets/auth-security-checklist.md**: Security review checklist
617
+ - **assets/password-policy-template.md**: Password requirements template
618
+ - **scripts/token-validator.ts**: JWT validation utility