@rubix0270/arboris 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/README.md +151 -0
  2. package/cli/manifest.json +323 -0
  3. package/dist/cli.mjs +376 -0
  4. package/package.json +81 -0
  5. package/prisma/skills/accessibility/SKILL.md +147 -0
  6. package/prisma/skills/agent-architecture-audit/SKILL.md +257 -0
  7. package/prisma/skills/agent-eval/SKILL.md +146 -0
  8. package/prisma/skills/agent-harness-construction/SKILL.md +74 -0
  9. package/prisma/skills/agent-introspection-debugging/SKILL.md +154 -0
  10. package/prisma/skills/agent-payment-x402/SKILL.md +225 -0
  11. package/prisma/skills/agent-self-evaluation/SKILL.md +182 -0
  12. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +87 -0
  13. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +86 -0
  14. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +71 -0
  15. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +64 -0
  16. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +408 -0
  17. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +86 -0
  18. package/prisma/skills/agent-sort/SKILL.md +216 -0
  19. package/prisma/skills/agentic-engineering/SKILL.md +64 -0
  20. package/prisma/skills/agentic-os/SKILL.md +388 -0
  21. package/prisma/skills/ai-first-engineering/SKILL.md +52 -0
  22. package/prisma/skills/ai-regression-testing/SKILL.md +386 -0
  23. package/prisma/skills/android-clean-architecture/SKILL.md +340 -0
  24. package/prisma/skills/angular-developer/SKILL.md +155 -0
  25. package/prisma/skills/angular-developer/references/angular-animations.md +160 -0
  26. package/prisma/skills/angular-developer/references/angular-aria.md +410 -0
  27. package/prisma/skills/angular-developer/references/cli.md +86 -0
  28. package/prisma/skills/angular-developer/references/component-harnesses.md +59 -0
  29. package/prisma/skills/angular-developer/references/component-styling.md +91 -0
  30. package/prisma/skills/angular-developer/references/components.md +117 -0
  31. package/prisma/skills/angular-developer/references/creating-services.md +97 -0
  32. package/prisma/skills/angular-developer/references/data-resolvers.md +69 -0
  33. package/prisma/skills/angular-developer/references/define-routes.md +67 -0
  34. package/prisma/skills/angular-developer/references/defining-providers.md +72 -0
  35. package/prisma/skills/angular-developer/references/di-fundamentals.md +120 -0
  36. package/prisma/skills/angular-developer/references/e2e-testing.md +56 -0
  37. package/prisma/skills/angular-developer/references/effects.md +83 -0
  38. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +43 -0
  39. package/prisma/skills/angular-developer/references/host-elements.md +80 -0
  40. package/prisma/skills/angular-developer/references/injection-context.md +63 -0
  41. package/prisma/skills/angular-developer/references/inputs.md +101 -0
  42. package/prisma/skills/angular-developer/references/linked-signal.md +59 -0
  43. package/prisma/skills/angular-developer/references/loading-strategies.md +61 -0
  44. package/prisma/skills/angular-developer/references/mcp.md +108 -0
  45. package/prisma/skills/angular-developer/references/navigate-to-routes.md +69 -0
  46. package/prisma/skills/angular-developer/references/outputs.md +86 -0
  47. package/prisma/skills/angular-developer/references/reactive-forms.md +122 -0
  48. package/prisma/skills/angular-developer/references/rendering-strategies.md +44 -0
  49. package/prisma/skills/angular-developer/references/resource.md +77 -0
  50. package/prisma/skills/angular-developer/references/route-animations.md +56 -0
  51. package/prisma/skills/angular-developer/references/route-guards.md +52 -0
  52. package/prisma/skills/angular-developer/references/router-lifecycle.md +45 -0
  53. package/prisma/skills/angular-developer/references/router-testing.md +87 -0
  54. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
  55. package/prisma/skills/angular-developer/references/signal-forms.md +795 -0
  56. package/prisma/skills/angular-developer/references/signals-overview.md +94 -0
  57. package/prisma/skills/angular-developer/references/tailwind-css.md +69 -0
  58. package/prisma/skills/angular-developer/references/template-driven-forms.md +114 -0
  59. package/prisma/skills/angular-developer/references/testing-fundamentals.md +65 -0
  60. package/prisma/skills/api-connector-builder/SKILL.md +121 -0
  61. package/prisma/skills/api-design/SKILL.md +524 -0
  62. package/prisma/skills/architecture-decision-records/SKILL.md +180 -0
  63. package/prisma/skills/article-writing/SKILL.md +80 -0
  64. package/prisma/skills/automation-audit-ops/SKILL.md +143 -0
  65. package/prisma/skills/autonomous-agent-harness/SKILL.md +274 -0
  66. package/prisma/skills/autonomous-loops/SKILL.md +611 -0
  67. package/prisma/skills/backend-patterns/SKILL.md +562 -0
  68. package/prisma/skills/benchmark/SKILL.md +94 -0
  69. package/prisma/skills/benchmark-methodology/SKILL.md +190 -0
  70. package/prisma/skills/benchmark-optimization-loop/SKILL.md +70 -0
  71. package/prisma/skills/blender-motion-state-inspection/SKILL.md +165 -0
  72. package/prisma/skills/blueprint/SKILL.md +106 -0
  73. package/prisma/skills/brand-discovery/SKILL.md +145 -0
  74. package/prisma/skills/brand-discovery/references/10_purpose-why.md +40 -0
  75. package/prisma/skills/brand-discovery/references/20_positioning.md +44 -0
  76. package/prisma/skills/brand-discovery/references/30_audience-niche.md +52 -0
  77. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +57 -0
  78. package/prisma/skills/brand-discovery/references/50_voice-tone.md +59 -0
  79. package/prisma/skills/brand-discovery/references/60_narrative-story.md +50 -0
  80. package/prisma/skills/brand-discovery/references/70_founder-tension.md +49 -0
  81. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +133 -0
  82. package/prisma/skills/brand-voice/SKILL.md +98 -0
  83. package/prisma/skills/brand-voice/references/voice-profile-schema.md +55 -0
  84. package/prisma/skills/browser-qa/SKILL.md +105 -0
  85. package/prisma/skills/bun-runtime/SKILL.md +85 -0
  86. package/prisma/skills/canary-watch/SKILL.md +108 -0
  87. package/prisma/skills/carrier-relationship-management/SKILL.md +212 -0
  88. package/prisma/skills/cisco-ios-patterns/SKILL.md +164 -0
  89. package/prisma/skills/ck/SKILL.md +148 -0
  90. package/prisma/skills/ck/commands/forget.mjs +44 -0
  91. package/prisma/skills/ck/commands/info.mjs +24 -0
  92. package/prisma/skills/ck/commands/init.mjs +143 -0
  93. package/prisma/skills/ck/commands/list.mjs +40 -0
  94. package/prisma/skills/ck/commands/migrate.mjs +202 -0
  95. package/prisma/skills/ck/commands/resume.mjs +36 -0
  96. package/prisma/skills/ck/commands/save.mjs +210 -0
  97. package/prisma/skills/ck/commands/shared.mjs +387 -0
  98. package/prisma/skills/ck/hooks/session-start.mjs +224 -0
  99. package/prisma/skills/claude-devfleet/SKILL.md +112 -0
  100. package/prisma/skills/click-path-audit/SKILL.md +245 -0
  101. package/prisma/skills/clickhouse-io/SKILL.md +440 -0
  102. package/prisma/skills/code-tour/SKILL.md +254 -0
  103. package/prisma/skills/codebase-onboarding/SKILL.md +234 -0
  104. package/prisma/skills/codehealth-mcp/SKILL.md +167 -0
  105. package/prisma/skills/coding-standards/SKILL.md +551 -0
  106. package/prisma/skills/competitive-platform-analysis/SKILL.md +214 -0
  107. package/prisma/skills/competitive-report-structure/SKILL.md +162 -0
  108. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +300 -0
  109. package/prisma/skills/config-gc/SKILL.md +120 -0
  110. package/prisma/skills/configure-ecc/SKILL.md +385 -0
  111. package/prisma/skills/connections-optimizer/SKILL.md +190 -0
  112. package/prisma/skills/content-engine/SKILL.md +132 -0
  113. package/prisma/skills/content-hash-cache-pattern/SKILL.md +162 -0
  114. package/prisma/skills/context-budget/SKILL.md +136 -0
  115. package/prisma/skills/continuous-agent-loop/SKILL.md +46 -0
  116. package/prisma/skills/continuous-learning/SKILL.md +132 -0
  117. package/prisma/skills/continuous-learning/config.json +18 -0
  118. package/prisma/skills/continuous-learning/evaluate-session.sh +69 -0
  119. package/prisma/skills/continuous-learning-v2/SKILL.md +361 -0
  120. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +359 -0
  121. package/prisma/skills/continuous-learning-v2/agents/observer.md +189 -0
  122. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
  123. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +248 -0
  124. package/prisma/skills/continuous-learning-v2/config.json +8 -0
  125. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +585 -0
  126. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +322 -0
  127. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +1956 -0
  128. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
  129. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +68 -0
  130. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +1421 -0
  131. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +184 -0
  132. package/prisma/skills/cost-tracking/SKILL.md +97 -0
  133. package/prisma/skills/council/SKILL.md +204 -0
  134. package/prisma/skills/cpp-coding-standards/SKILL.md +724 -0
  135. package/prisma/skills/cpp-testing/SKILL.md +325 -0
  136. package/prisma/skills/crosspost/SKILL.md +112 -0
  137. package/prisma/skills/csharp-testing/SKILL.md +322 -0
  138. package/prisma/skills/customer-billing-ops/SKILL.md +141 -0
  139. package/prisma/skills/customs-trade-compliance/SKILL.md +263 -0
  140. package/prisma/skills/dart-flutter-patterns/SKILL.md +564 -0
  141. package/prisma/skills/dashboard-builder/SKILL.md +109 -0
  142. package/prisma/skills/data-scraper-agent/SKILL.md +765 -0
  143. package/prisma/skills/data-throughput-accelerator/SKILL.md +73 -0
  144. package/prisma/skills/database-migrations/SKILL.md +430 -0
  145. package/prisma/skills/deep-research/SKILL.md +160 -0
  146. package/prisma/skills/defi-amm-security/SKILL.md +167 -0
  147. package/prisma/skills/delivery-gate/SKILL.md +126 -0
  148. package/prisma/skills/delivery-gate/hooks/quality-gate.py +220 -0
  149. package/prisma/skills/deployment-patterns/SKILL.md +428 -0
  150. package/prisma/skills/design-system/SKILL.md +83 -0
  151. package/prisma/skills/django-celery/SKILL.md +458 -0
  152. package/prisma/skills/django-patterns/SKILL.md +735 -0
  153. package/prisma/skills/django-security/SKILL.md +644 -0
  154. package/prisma/skills/django-tdd/SKILL.md +730 -0
  155. package/prisma/skills/django-verification/SKILL.md +470 -0
  156. package/prisma/skills/dmux-workflows/SKILL.md +192 -0
  157. package/prisma/skills/docker-patterns/SKILL.md +365 -0
  158. package/prisma/skills/documentation-lookup/SKILL.md +91 -0
  159. package/prisma/skills/dotnet-patterns/SKILL.md +322 -0
  160. package/prisma/skills/dynamic-workflow-mode/SKILL.md +124 -0
  161. package/prisma/skills/e2e-testing/SKILL.md +327 -0
  162. package/prisma/skills/ecc-guide/SKILL.md +190 -0
  163. package/prisma/skills/ecc-recipes/SKILL.md +149 -0
  164. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +161 -0
  165. package/prisma/skills/email-ops/SKILL.md +122 -0
  166. package/prisma/skills/energy-procurement/SKILL.md +228 -0
  167. package/prisma/skills/enterprise-agent-ops/SKILL.md +51 -0
  168. package/prisma/skills/error-handling/SKILL.md +377 -0
  169. package/prisma/skills/eval-harness/SKILL.md +271 -0
  170. package/prisma/skills/evm-token-decimals/SKILL.md +131 -0
  171. package/prisma/skills/exa-search/SKILL.md +108 -0
  172. package/prisma/skills/fal-ai-media/SKILL.md +289 -0
  173. package/prisma/skills/fastapi-patterns/SKILL.md +514 -0
  174. package/prisma/skills/finance-billing-ops/SKILL.md +128 -0
  175. package/prisma/skills/flox-environments/SKILL.md +497 -0
  176. package/prisma/skills/flutter-dart-code-review/SKILL.md +436 -0
  177. package/prisma/skills/foundation-models-on-device/SKILL.md +243 -0
  178. package/prisma/skills/frontend-a11y/SKILL.md +446 -0
  179. package/prisma/skills/frontend-design-direction/SKILL.md +93 -0
  180. package/prisma/skills/frontend-patterns/SKILL.md +657 -0
  181. package/prisma/skills/frontend-slides/SKILL.md +185 -0
  182. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  183. package/prisma/skills/frontend-slides/animation-patterns.md +122 -0
  184. package/prisma/skills/frontend-slides/html-template.md +419 -0
  185. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +418 -0
  186. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +96 -0
  187. package/prisma/skills/frontend-slides/viewport-base.css +153 -0
  188. package/prisma/skills/fsharp-testing/SKILL.md +281 -0
  189. package/prisma/skills/gan-style-harness/SKILL.md +279 -0
  190. package/prisma/skills/gateguard/SKILL.md +133 -0
  191. package/prisma/skills/generating-python-installer/SKILL.md +820 -0
  192. package/prisma/skills/git-workflow/SKILL.md +716 -0
  193. package/prisma/skills/github-ops/SKILL.md +145 -0
  194. package/prisma/skills/golang-patterns/SKILL.md +675 -0
  195. package/prisma/skills/golang-testing/SKILL.md +721 -0
  196. package/prisma/skills/google-workspace-ops/SKILL.md +96 -0
  197. package/prisma/skills/growth-log/SKILL.md +128 -0
  198. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +246 -0
  199. package/prisma/skills/healthcare-emr-patterns/SKILL.md +160 -0
  200. package/prisma/skills/healthcare-eval-harness/SKILL.md +208 -0
  201. package/prisma/skills/healthcare-phi-compliance/SKILL.md +146 -0
  202. package/prisma/skills/hermes-imports/SKILL.md +89 -0
  203. package/prisma/skills/hexagonal-architecture/SKILL.md +277 -0
  204. package/prisma/skills/hipaa-compliance/SKILL.md +79 -0
  205. package/prisma/skills/homelab-network-readiness/SKILL.md +170 -0
  206. package/prisma/skills/homelab-network-setup/SKILL.md +130 -0
  207. package/prisma/skills/homelab-pihole-dns/SKILL.md +275 -0
  208. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +312 -0
  209. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +306 -0
  210. package/prisma/skills/hookify-rules/SKILL.md +128 -0
  211. package/prisma/skills/inherit-legacy-style/SKILL.md +157 -0
  212. package/prisma/skills/intent-driven-development/SKILL.md +360 -0
  213. package/prisma/skills/inventory-demand-planning/SKILL.md +247 -0
  214. package/prisma/skills/investor-materials/SKILL.md +97 -0
  215. package/prisma/skills/investor-outreach/SKILL.md +92 -0
  216. package/prisma/skills/ios-icon-gen/SKILL.md +158 -0
  217. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
  218. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  219. package/prisma/skills/iterative-retrieval/SKILL.md +212 -0
  220. package/prisma/skills/ito-basket-compare/SKILL.md +64 -0
  221. package/prisma/skills/ito-data-atlas-agent/SKILL.md +64 -0
  222. package/prisma/skills/ito-market-intelligence/SKILL.md +61 -0
  223. package/prisma/skills/ito-trade-planner/SKILL.md +68 -0
  224. package/prisma/skills/java-coding-standards/SKILL.md +384 -0
  225. package/prisma/skills/jira-integration/SKILL.md +303 -0
  226. package/prisma/skills/jpa-patterns/SKILL.md +152 -0
  227. package/prisma/skills/knowledge-ops/SKILL.md +155 -0
  228. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +285 -0
  229. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +720 -0
  230. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +690 -0
  231. package/prisma/skills/kotlin-patterns/SKILL.md +712 -0
  232. package/prisma/skills/kotlin-testing/SKILL.md +825 -0
  233. package/prisma/skills/kubernetes-patterns/SKILL.md +756 -0
  234. package/prisma/skills/laravel-patterns/SKILL.md +416 -0
  235. package/prisma/skills/laravel-plugin-discovery/SKILL.md +230 -0
  236. package/prisma/skills/laravel-security/SKILL.md +948 -0
  237. package/prisma/skills/laravel-tdd/SKILL.md +675 -0
  238. package/prisma/skills/laravel-verification/SKILL.md +180 -0
  239. package/prisma/skills/latency-critical-systems/SKILL.md +74 -0
  240. package/prisma/skills/lead-intelligence/SKILL.md +322 -0
  241. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
  242. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
  243. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
  244. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +60 -0
  245. package/prisma/skills/liquid-glass-design/SKILL.md +279 -0
  246. package/prisma/skills/llm-trading-agent-security/SKILL.md +147 -0
  247. package/prisma/skills/logistics-exception-management/SKILL.md +222 -0
  248. package/prisma/skills/loop-design-check/SKILL.md +143 -0
  249. package/prisma/skills/mailtrap-email-integration/SKILL.md +77 -0
  250. package/prisma/skills/make-interfaces-feel-better/SKILL.md +152 -0
  251. package/prisma/skills/manim-video/SKILL.md +90 -0
  252. package/prisma/skills/manim-video/assets/network_graph_scene.py +52 -0
  253. package/prisma/skills/market-research/SKILL.md +76 -0
  254. package/prisma/skills/marketing-campaign/SKILL.md +114 -0
  255. package/prisma/skills/mcp-server-patterns/SKILL.md +70 -0
  256. package/prisma/skills/messages-ops/SKILL.md +105 -0
  257. package/prisma/skills/ml-adoption-playbook/SKILL.md +57 -0
  258. package/prisma/skills/mle-workflow/SKILL.md +347 -0
  259. package/prisma/skills/motion-advanced/SKILL.md +596 -0
  260. package/prisma/skills/motion-foundations/SKILL.md +299 -0
  261. package/prisma/skills/motion-patterns/SKILL.md +434 -0
  262. package/prisma/skills/motion-ui/SKILL.md +576 -0
  263. package/prisma/skills/mysql-patterns/SKILL.md +413 -0
  264. package/prisma/skills/nanoclaw-repl/SKILL.md +34 -0
  265. package/prisma/skills/nestjs-patterns/SKILL.md +231 -0
  266. package/prisma/skills/netmiko-ssh-automation/SKILL.md +174 -0
  267. package/prisma/skills/network-bgp-diagnostics/SKILL.md +168 -0
  268. package/prisma/skills/network-config-validation/SKILL.md +211 -0
  269. package/prisma/skills/network-interface-health/SKILL.md +153 -0
  270. package/prisma/skills/nextjs-turbopack/SKILL.md +58 -0
  271. package/prisma/skills/nodejs-keccak256/SKILL.md +103 -0
  272. package/prisma/skills/nutrient-document-processing/SKILL.md +168 -0
  273. package/prisma/skills/nuxt4-patterns/SKILL.md +101 -0
  274. package/prisma/skills/openclaw-persona-forge/SKILL.md +289 -0
  275. package/prisma/skills/openclaw-persona-forge/gacha.py +224 -0
  276. package/prisma/skills/openclaw-persona-forge/gacha.sh +5 -0
  277. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
  278. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
  279. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +53 -0
  280. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
  281. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +39 -0
  282. package/prisma/skills/openclaw-persona-forge/references/output-template.md +166 -0
  283. package/prisma/skills/opensource-pipeline/SKILL.md +256 -0
  284. package/prisma/skills/orch-add-feature/SKILL.md +45 -0
  285. package/prisma/skills/orch-build-mvp/SKILL.md +49 -0
  286. package/prisma/skills/orch-change-feature/SKILL.md +43 -0
  287. package/prisma/skills/orch-fix-defect/SKILL.md +43 -0
  288. package/prisma/skills/orch-pipeline/SKILL.md +121 -0
  289. package/prisma/skills/orch-refine-code/SKILL.md +44 -0
  290. package/prisma/skills/parallel-execution-optimizer/SKILL.md +73 -0
  291. package/prisma/skills/perl-patterns/SKILL.md +505 -0
  292. package/prisma/skills/perl-security/SKILL.md +504 -0
  293. package/prisma/skills/perl-testing/SKILL.md +476 -0
  294. package/prisma/skills/plan-orchestrate/SKILL.md +263 -0
  295. package/prisma/skills/plankton-code-quality/SKILL.md +237 -0
  296. package/prisma/skills/postgres-patterns/SKILL.md +148 -0
  297. package/prisma/skills/prediction-market-oracle-research/SKILL.md +64 -0
  298. package/prisma/skills/prediction-market-risk-review/SKILL.md +61 -0
  299. package/prisma/skills/prisma-patterns/SKILL.md +401 -0
  300. package/prisma/skills/product-capability/SKILL.md +142 -0
  301. package/prisma/skills/product-lens/SKILL.md +93 -0
  302. package/prisma/skills/production-audit/SKILL.md +207 -0
  303. package/prisma/skills/production-scheduling/SKILL.md +238 -0
  304. package/prisma/skills/project-flow-ops/SKILL.md +112 -0
  305. package/prisma/skills/prompt-optimizer/SKILL.md +398 -0
  306. package/prisma/skills/python-patterns/SKILL.md +751 -0
  307. package/prisma/skills/python-testing/SKILL.md +817 -0
  308. package/prisma/skills/pytorch-patterns/SKILL.md +397 -0
  309. package/prisma/skills/quality-nonconformance/SKILL.md +260 -0
  310. package/prisma/skills/quarkus-patterns/SKILL.md +723 -0
  311. package/prisma/skills/quarkus-security/SKILL.md +468 -0
  312. package/prisma/skills/quarkus-tdd/SKILL.md +812 -0
  313. package/prisma/skills/quarkus-verification/SKILL.md +480 -0
  314. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +68 -0
  315. package/prisma/skills/react-native-patterns/SKILL.md +326 -0
  316. package/prisma/skills/react-patterns/SKILL.md +342 -0
  317. package/prisma/skills/react-performance/SKILL.md +575 -0
  318. package/prisma/skills/react-testing/SKILL.md +424 -0
  319. package/prisma/skills/recsys-pipeline-architect/SKILL.md +115 -0
  320. package/prisma/skills/recursive-decision-ledger/SKILL.md +80 -0
  321. package/prisma/skills/redis-patterns/SKILL.md +404 -0
  322. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +221 -0
  323. package/prisma/skills/remotion-video-creation/SKILL.md +43 -0
  324. package/prisma/skills/remotion-video-creation/rules/3d.md +86 -0
  325. package/prisma/skills/remotion-video-creation/rules/animations.md +29 -0
  326. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
  328. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
  329. package/prisma/skills/remotion-video-creation/rules/assets.md +78 -0
  330. package/prisma/skills/remotion-video-creation/rules/audio.md +172 -0
  331. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
  332. package/prisma/skills/remotion-video-creation/rules/can-decode.md +75 -0
  333. package/prisma/skills/remotion-video-creation/rules/charts.md +58 -0
  334. package/prisma/skills/remotion-video-creation/rules/compositions.md +146 -0
  335. package/prisma/skills/remotion-video-creation/rules/display-captions.md +126 -0
  336. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +229 -0
  337. package/prisma/skills/remotion-video-creation/rules/fonts.md +152 -0
  338. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
  339. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
  340. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
  341. package/prisma/skills/remotion-video-creation/rules/gifs.md +138 -0
  342. package/prisma/skills/remotion-video-creation/rules/images.md +130 -0
  343. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
  344. package/prisma/skills/remotion-video-creation/rules/lottie.md +67 -0
  345. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
  346. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +143 -0
  347. package/prisma/skills/remotion-video-creation/rules/sequencing.md +106 -0
  348. package/prisma/skills/remotion-video-creation/rules/tailwind.md +11 -0
  349. package/prisma/skills/remotion-video-creation/rules/text-animations.md +20 -0
  350. package/prisma/skills/remotion-video-creation/rules/timing.md +179 -0
  351. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
  352. package/prisma/skills/remotion-video-creation/rules/transitions.md +122 -0
  353. package/prisma/skills/remotion-video-creation/rules/trimming.md +52 -0
  354. package/prisma/skills/remotion-video-creation/rules/videos.md +171 -0
  355. package/prisma/skills/repo-scan/SKILL.md +79 -0
  356. package/prisma/skills/research-ops/SKILL.md +113 -0
  357. package/prisma/skills/returns-reverse-logistics/SKILL.md +240 -0
  358. package/prisma/skills/rules-distill/SKILL.md +265 -0
  359. package/prisma/skills/rules-distill/scripts/scan-rules.sh +58 -0
  360. package/prisma/skills/rules-distill/scripts/scan-skills.sh +129 -0
  361. package/prisma/skills/rust-patterns/SKILL.md +500 -0
  362. package/prisma/skills/rust-testing/SKILL.md +501 -0
  363. package/prisma/skills/safety-guard/SKILL.md +76 -0
  364. package/prisma/skills/santa-method/SKILL.md +307 -0
  365. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +176 -0
  366. package/prisma/skills/scientific-db-uspto-database/SKILL.md +178 -0
  367. package/prisma/skills/scientific-pkg-gget/SKILL.md +167 -0
  368. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +193 -0
  369. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +161 -0
  370. package/prisma/skills/search-first/SKILL.md +183 -0
  371. package/prisma/skills/security-bounty-hunter/SKILL.md +100 -0
  372. package/prisma/skills/security-review/SKILL.md +504 -0
  373. package/prisma/skills/security-review/cloud-infrastructure-security.md +361 -0
  374. package/prisma/skills/security-scan/SKILL.md +166 -0
  375. package/prisma/skills/seo/SKILL.md +155 -0
  376. package/prisma/skills/skill-comply/SKILL.md +59 -0
  377. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +5 -0
  378. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
  379. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +44 -0
  380. package/prisma/skills/skill-comply/prompts/classifier.md +24 -0
  381. package/prisma/skills/skill-comply/prompts/scenario_generator.md +62 -0
  382. package/prisma/skills/skill-comply/prompts/spec_generator.md +42 -0
  383. package/prisma/skills/skill-comply/pyproject.toml +15 -0
  384. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  385. package/prisma/skills/skill-comply/scripts/classifier.py +85 -0
  386. package/prisma/skills/skill-comply/scripts/grader.py +124 -0
  387. package/prisma/skills/skill-comply/scripts/parser.py +107 -0
  388. package/prisma/skills/skill-comply/scripts/report.py +170 -0
  389. package/prisma/skills/skill-comply/scripts/run.py +127 -0
  390. package/prisma/skills/skill-comply/scripts/runner.py +194 -0
  391. package/prisma/skills/skill-comply/scripts/scenario_generator.py +70 -0
  392. package/prisma/skills/skill-comply/scripts/spec_generator.py +72 -0
  393. package/prisma/skills/skill-comply/scripts/utils.py +13 -0
  394. package/prisma/skills/skill-comply/tests/test_grader.py +197 -0
  395. package/prisma/skills/skill-comply/tests/test_parser.py +90 -0
  396. package/prisma/skills/skill-comply/tests/test_runner.py +172 -0
  397. package/prisma/skills/skill-scout/SKILL.md +141 -0
  398. package/prisma/skills/skill-stocktake/SKILL.md +195 -0
  399. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
  400. package/prisma/skills/skill-stocktake/scripts/save-results.sh +56 -0
  401. package/prisma/skills/skill-stocktake/scripts/scan.sh +170 -0
  402. package/prisma/skills/social-graph-ranker/SKILL.md +155 -0
  403. package/prisma/skills/social-publisher/SKILL.md +130 -0
  404. package/prisma/skills/springboot-patterns/SKILL.md +315 -0
  405. package/prisma/skills/springboot-security/SKILL.md +273 -0
  406. package/prisma/skills/springboot-tdd/SKILL.md +159 -0
  407. package/prisma/skills/springboot-verification/SKILL.md +232 -0
  408. package/prisma/skills/strategic-compact/SKILL.md +136 -0
  409. package/prisma/skills/swift-actor-persistence/SKILL.md +144 -0
  410. package/prisma/skills/swift-concurrency-6-2/SKILL.md +216 -0
  411. package/prisma/skills/swift-protocol-di-testing/SKILL.md +191 -0
  412. package/prisma/skills/swiftui-patterns/SKILL.md +259 -0
  413. package/prisma/skills/taste/SKILL.md +264 -0
  414. package/prisma/skills/taste/references/genre-taxonomy.md +87 -0
  415. package/prisma/skills/tdd-workflow/SKILL.md +583 -0
  416. package/prisma/skills/team-agent-orchestration/SKILL.md +111 -0
  417. package/prisma/skills/team-builder/SKILL.md +169 -0
  418. package/prisma/skills/terminal-ops/SKILL.md +110 -0
  419. package/prisma/skills/tinystruct-patterns/SKILL.md +279 -0
  420. package/prisma/skills/tinystruct-patterns/references/architecture.md +90 -0
  421. package/prisma/skills/tinystruct-patterns/references/data-handling.md +60 -0
  422. package/prisma/skills/tinystruct-patterns/references/database.md +99 -0
  423. package/prisma/skills/tinystruct-patterns/references/routing.md +64 -0
  424. package/prisma/skills/tinystruct-patterns/references/system-usage.md +97 -0
  425. package/prisma/skills/tinystruct-patterns/references/testing.md +72 -0
  426. package/prisma/skills/token-budget-advisor/SKILL.md +134 -0
  427. package/prisma/skills/ui-demo/SKILL.md +466 -0
  428. package/prisma/skills/ui-to-vue/SKILL.md +135 -0
  429. package/prisma/skills/uncloud/SKILL.md +344 -0
  430. package/prisma/skills/unified-notifications-ops/SKILL.md +188 -0
  431. package/prisma/skills/verification-loop/SKILL.md +127 -0
  432. package/prisma/skills/video-editing/SKILL.md +311 -0
  433. package/prisma/skills/videodb/SKILL.md +375 -0
  434. package/prisma/skills/videodb/reference/api-reference.md +550 -0
  435. package/prisma/skills/videodb/reference/capture-reference.md +407 -0
  436. package/prisma/skills/videodb/reference/capture.md +101 -0
  437. package/prisma/skills/videodb/reference/editor.md +443 -0
  438. package/prisma/skills/videodb/reference/generative.md +331 -0
  439. package/prisma/skills/videodb/reference/rtstream-reference.md +564 -0
  440. package/prisma/skills/videodb/reference/rtstream.md +65 -0
  441. package/prisma/skills/videodb/reference/search.md +230 -0
  442. package/prisma/skills/videodb/reference/streaming.md +406 -0
  443. package/prisma/skills/videodb/reference/use-cases.md +118 -0
  444. package/prisma/skills/videodb/scripts/ws_listener.py +282 -0
  445. package/prisma/skills/visa-doc-translate/README.md +86 -0
  446. package/prisma/skills/visa-doc-translate/SKILL.md +117 -0
  447. package/prisma/skills/vite-patterns/SKILL.md +450 -0
  448. package/prisma/skills/vue-patterns/SKILL.md +471 -0
  449. package/prisma/skills/windows-desktop-e2e/SKILL.md +888 -0
  450. package/prisma/skills/workspace-surface-audit/SKILL.md +126 -0
  451. package/prisma/skills/x-api/SKILL.md +235 -0
@@ -0,0 +1,468 @@
1
+ ---
2
+ name: quarkus-security
3
+ description: Quarkus Security best practices for authentication, authorization, JWT/OIDC, RBAC, input validation, CSRF, secrets management, and dependency security.
4
+ metadata:
5
+ origin: ECC
6
+ ---
7
+
8
+ # Quarkus Security Review
9
+
10
+ Best practices for securing Quarkus applications with authentication, authorization, and input validation.
11
+
12
+ ## When to Activate
13
+
14
+ - Adding authentication (JWT, OIDC, Basic Auth)
15
+ - Implementing authorization with @RolesAllowed or SecurityIdentity
16
+ - Validating user input (Bean Validation, custom validators)
17
+ - Configuring CORS or security headers
18
+ - Managing secrets (Vault, environment variables, config sources)
19
+ - Adding rate limiting or brute-force protection
20
+ - Scanning dependencies for CVEs
21
+ - Working with MicroProfile JWT or SmallRye JWT
22
+
23
+ ## Authentication
24
+
25
+ ### JWT Authentication
26
+
27
+ ```java
28
+ // Resource protected with JWT
29
+ @Path("/api/protected")
30
+ @Authenticated
31
+ public class ProtectedResource {
32
+
33
+ @Inject
34
+ JsonWebToken jwt;
35
+
36
+ @Inject
37
+ SecurityIdentity securityIdentity;
38
+
39
+ @GET
40
+ public Response getData() {
41
+ String username = jwt.getName();
42
+ Set<String> roles = jwt.getGroups();
43
+ return Response.ok(Map.of(
44
+ "username", username,
45
+ "roles", roles,
46
+ "principal", securityIdentity.getPrincipal().getName()
47
+ )).build();
48
+ }
49
+ }
50
+ ```
51
+
52
+ Configuration (application.properties):
53
+ ```properties
54
+ mp.jwt.verify.publickey.location=publicKey.pem
55
+ mp.jwt.verify.issuer=https://auth.example.com
56
+
57
+ # OIDC
58
+ quarkus.oidc.auth-server-url=https://auth.example.com/realms/myrealm
59
+ quarkus.oidc.client-id=backend-service
60
+ quarkus.oidc.credentials.secret=${OIDC_SECRET}
61
+ ```
62
+
63
+ ### Custom Authentication Filter
64
+
65
+ ```java
66
+ @Provider
67
+ @Priority(Priorities.AUTHENTICATION)
68
+ public class CustomAuthFilter implements ContainerRequestFilter {
69
+
70
+ @Inject
71
+ SecurityIdentity identity;
72
+
73
+ @Override
74
+ public void filter(ContainerRequestContext requestContext) {
75
+ String authHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
76
+
77
+ // Reject immediately if header is absent or malformed
78
+ if (authHeader == null || !authHeader.startsWith("Bearer ")) {
79
+ requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
80
+ return;
81
+ }
82
+
83
+ String token = authHeader.substring(7);
84
+ if (!validateToken(token)) {
85
+ requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
86
+ }
87
+ }
88
+
89
+ private boolean validateToken(String token) {
90
+ // Token validation logic
91
+ return true;
92
+ }
93
+ }
94
+ ```
95
+
96
+ ## Authorization
97
+
98
+ ### Role-Based Access Control
99
+
100
+ ```java
101
+ @Path("/api/admin")
102
+ @RolesAllowed("ADMIN")
103
+ public class AdminResource {
104
+
105
+ @GET
106
+ @Path("/users")
107
+ public List<UserDto> listUsers() {
108
+ return userService.findAll();
109
+ }
110
+
111
+ @DELETE
112
+ @Path("/users/{id}")
113
+ @RolesAllowed({"ADMIN", "SUPER_ADMIN"})
114
+ public Response deleteUser(@PathParam("id") Long id) {
115
+ userService.delete(id);
116
+ return Response.noContent().build();
117
+ }
118
+ }
119
+
120
+ @Path("/api/users")
121
+ public class UserResource {
122
+
123
+ @Inject
124
+ SecurityIdentity securityIdentity;
125
+
126
+ @GET
127
+ @Path("/{id}")
128
+ @RolesAllowed("USER")
129
+ public Response getUser(@PathParam("id") Long id) {
130
+ // Check ownership
131
+ if (!securityIdentity.hasRole("ADMIN") &&
132
+ !isOwner(id, securityIdentity.getPrincipal().getName())) {
133
+ return Response.status(Response.Status.FORBIDDEN).build();
134
+ }
135
+ return Response.ok(userService.findById(id)).build();
136
+ }
137
+
138
+ private boolean isOwner(Long userId, String username) {
139
+ return userService.isOwner(userId, username);
140
+ }
141
+ }
142
+ ```
143
+
144
+ ### Programmatic Security
145
+
146
+ ```java
147
+ @ApplicationScoped
148
+ public class SecurityService {
149
+
150
+ @Inject
151
+ SecurityIdentity securityIdentity;
152
+
153
+ public boolean canAccessResource(Long resourceId) {
154
+ if (securityIdentity.isAnonymous()) {
155
+ return false;
156
+ }
157
+
158
+ if (securityIdentity.hasRole("ADMIN")) {
159
+ return true;
160
+ }
161
+
162
+ String userId = securityIdentity.getPrincipal().getName();
163
+ return resourceRepository.isOwner(resourceId, userId);
164
+ }
165
+ }
166
+ ```
167
+
168
+ ## Input Validation
169
+
170
+ ### Bean Validation
171
+
172
+ ```java
173
+ // BAD: No validation
174
+ @POST
175
+ public Response createUser(UserDto dto) {
176
+ return Response.ok(userService.create(dto)).build();
177
+ }
178
+
179
+ // GOOD: Validated DTO
180
+ public record CreateUserDto(
181
+ @NotBlank @Size(max = 100) String name,
182
+ @NotBlank @Email String email,
183
+ @NotNull @Min(18) @Max(150) Integer age,
184
+ @Pattern(regexp = "^\\+?[1-9]\\d{1,14}$") String phone
185
+ ) {}
186
+
187
+ @POST
188
+ @Path("/users")
189
+ public Response createUser(@Valid CreateUserDto dto) {
190
+ User user = userService.create(dto);
191
+ return Response.status(Response.Status.CREATED).entity(user).build();
192
+ }
193
+ ```
194
+
195
+ ### Custom Validators
196
+
197
+ ```java
198
+ @Target({ElementType.FIELD, ElementType.PARAMETER})
199
+ @Retention(RetentionPolicy.RUNTIME)
200
+ @Constraint(validatedBy = UsernameValidator.class)
201
+ public @interface ValidUsername {
202
+ String message() default "Invalid username format";
203
+ Class<?>[] groups() default {};
204
+ Class<? extends Payload>[] payload() default {};
205
+ }
206
+
207
+ public class UsernameValidator implements ConstraintValidator<ValidUsername, String> {
208
+ @Override
209
+ public boolean isValid(String value, ConstraintValidatorContext context) {
210
+ if (value == null) return false;
211
+ return value.matches("^[a-zA-Z0-9_-]{3,20}$");
212
+ }
213
+ }
214
+
215
+ // Usage
216
+ public record CreateUserDto(
217
+ @ValidUsername String username,
218
+ @NotBlank @Email String email
219
+ ) {}
220
+ ```
221
+
222
+ ## SQL Injection Prevention
223
+
224
+ ### Panache Active Record (Safe by Default)
225
+
226
+ ```java
227
+ // GOOD: Parameterized queries with Panache
228
+ List<User> users = User.list("email = ?1 and active = ?2", email, true);
229
+
230
+ Optional<User> user = User.find("username", username).firstResultOptional();
231
+
232
+ // GOOD: Named parameters
233
+ List<User> users = User.list("email = :email and age > :minAge",
234
+ Parameters.with("email", email).and("minAge", 18));
235
+ ```
236
+
237
+ ### Native Queries (Use Parameters)
238
+
239
+ ```java
240
+ // BAD: String concatenation
241
+ @Query(value = "SELECT * FROM users WHERE name = '" + name + "'", nativeQuery = true)
242
+
243
+ // GOOD: Parameterized native query
244
+ @Entity
245
+ public class User extends PanacheEntity {
246
+ public static List<User> findByEmailNative(String email) {
247
+ return getEntityManager()
248
+ .createNativeQuery("SELECT * FROM users WHERE email = :email", User.class)
249
+ .setParameter("email", email)
250
+ .getResultList();
251
+ }
252
+ }
253
+ ```
254
+
255
+ ## Password Hashing
256
+
257
+ ```java
258
+ @ApplicationScoped
259
+ public class PasswordService {
260
+
261
+ public String hash(String plainPassword) {
262
+ return BcryptUtil.bcryptHash(plainPassword);
263
+ }
264
+
265
+ public boolean verify(String plainPassword, String hashedPassword) {
266
+ return BcryptUtil.matches(plainPassword, hashedPassword);
267
+ }
268
+ }
269
+
270
+ // In service
271
+ @ApplicationScoped
272
+ public class UserService {
273
+ @Inject
274
+ PasswordService passwordService;
275
+
276
+ @Transactional
277
+ public User register(CreateUserDto dto) {
278
+ String hashedPassword = passwordService.hash(dto.password());
279
+ User user = new User();
280
+ user.email = dto.email();
281
+ user.password = hashedPassword;
282
+ user.persist();
283
+ return user;
284
+ }
285
+
286
+ public boolean authenticate(String email, String password) {
287
+ return User.find("email", email)
288
+ .firstResultOptional()
289
+ .map(u -> passwordService.verify(password, u.password))
290
+ .orElse(false);
291
+ }
292
+ }
293
+ ```
294
+
295
+ ## CORS Configuration
296
+
297
+ ```properties
298
+ # application.properties
299
+ quarkus.http.cors=true
300
+ quarkus.http.cors.origins=https://app.example.com,https://admin.example.com
301
+ quarkus.http.cors.methods=GET,POST,PUT,DELETE
302
+ quarkus.http.cors.headers=accept,authorization,content-type,x-requested-with
303
+ quarkus.http.cors.exposed-headers=Content-Disposition
304
+ quarkus.http.cors.access-control-max-age=24H
305
+ quarkus.http.cors.access-control-allow-credentials=true
306
+ ```
307
+
308
+ ## Secrets Management
309
+
310
+ ```properties
311
+ # application.properties - NO SECRETS HERE
312
+
313
+ # Use environment variables
314
+ quarkus.datasource.username=${DB_USER}
315
+ quarkus.datasource.password=${DB_PASSWORD}
316
+ quarkus.oidc.credentials.secret=${OIDC_CLIENT_SECRET}
317
+
318
+ # Or use Vault
319
+ quarkus.vault.url=https://vault.example.com
320
+ quarkus.vault.authentication.kubernetes.role=my-role
321
+ ```
322
+
323
+ ### HashiCorp Vault Integration
324
+
325
+ ```java
326
+ @ApplicationScoped
327
+ public class SecretService {
328
+
329
+ @ConfigProperty(name = "api-key")
330
+ String apiKey; // Fetched from Vault
331
+
332
+ public String getSecret(String key) {
333
+ return ConfigProvider.getConfig().getValue(key, String.class);
334
+ }
335
+ }
336
+ ```
337
+
338
+ ## Rate Limiting
339
+
340
+ **Security Note**: Never use `X-Forwarded-For` directly — clients can spoof it.
341
+ Use the actual remote address from the servlet request, or an authenticated
342
+ identity (API key, JWT subject) when available.
343
+
344
+ ```java
345
+ @ApplicationScoped
346
+ public class RateLimitFilter implements ContainerRequestFilter {
347
+ private final Map<String, RateLimiter> limiters = new ConcurrentHashMap<>();
348
+
349
+ @Inject
350
+ HttpServletRequest servletRequest;
351
+
352
+ @Override
353
+ public void filter(ContainerRequestContext requestContext) {
354
+ String clientId = getClientIdentifier();
355
+ RateLimiter limiter = limiters.computeIfAbsent(clientId,
356
+ k -> RateLimiter.create(100.0)); // 100 requests per second
357
+
358
+ if (!limiter.tryAcquire()) {
359
+ requestContext.abortWith(
360
+ Response.status(429)
361
+ .entity(Map.of("error", "Too many requests"))
362
+ .build()
363
+ );
364
+ }
365
+ }
366
+
367
+ private String getClientIdentifier() {
368
+ // Use the container-provided remote address (not X-Forwarded-For).
369
+ // If behind a trusted proxy, configure quarkus.http.proxy.proxy-address-forwarding=true
370
+ // so getRemoteAddr() returns the real client IP.
371
+ return servletRequest.getRemoteAddr();
372
+ }
373
+ }
374
+ ```
375
+
376
+ ## Security Headers
377
+
378
+ ```java
379
+ @Provider
380
+ public class SecurityHeadersFilter implements ContainerResponseFilter {
381
+
382
+ @Override
383
+ public void filter(ContainerRequestContext request, ContainerResponseContext response) {
384
+ MultivaluedMap<String, Object> headers = response.getHeaders();
385
+
386
+ // Prevent clickjacking
387
+ headers.putSingle("X-Frame-Options", "DENY");
388
+
389
+ // XSS protection
390
+ headers.putSingle("X-Content-Type-Options", "nosniff");
391
+ headers.putSingle("X-XSS-Protection", "1; mode=block");
392
+
393
+ // HSTS
394
+ headers.putSingle("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
395
+
396
+ // CSP — avoid 'unsafe-inline' for script-src as it negates XSS protection;
397
+ // use nonces or hashes instead. 'unsafe-inline' for style-src is acceptable
398
+ // when CSS frameworks require it, but prefer nonces where possible.
399
+ headers.putSingle("Content-Security-Policy",
400
+ "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'");
401
+ }
402
+ }
403
+ ```
404
+
405
+ ## Audit Logging
406
+
407
+ ```java
408
+ @ApplicationScoped
409
+ public class AuditService {
410
+ private static final Logger LOG = Logger.getLogger(AuditService.class);
411
+
412
+ @Inject
413
+ SecurityIdentity securityIdentity;
414
+
415
+ public void logAccess(String resource, String action) {
416
+ String user = securityIdentity.isAnonymous()
417
+ ? "anonymous"
418
+ : securityIdentity.getPrincipal().getName();
419
+
420
+ LOG.infof("AUDIT: user=%s action=%s resource=%s timestamp=%s",
421
+ user, action, resource, Instant.now());
422
+ }
423
+ }
424
+
425
+ // Usage in resource
426
+ @Path("/api/sensitive")
427
+ public class SensitiveResource {
428
+ @Inject
429
+ AuditService auditService;
430
+
431
+ @GET
432
+ @RolesAllowed("ADMIN")
433
+ public Response getData() {
434
+ auditService.logAccess("sensitive-data", "READ");
435
+ return Response.ok(data).build();
436
+ }
437
+ }
438
+ ```
439
+
440
+ ## Dependency Security Scanning
441
+
442
+ ```bash
443
+ # Maven
444
+ mvn org.owasp:dependency-check-maven:check
445
+
446
+ # Gradle
447
+ ./gradlew dependencyCheckAnalyze
448
+
449
+ # Check Quarkus extensions
450
+ quarkus extension list --installable
451
+ ```
452
+
453
+ ## Best Practices
454
+
455
+ - Always use HTTPS in production
456
+ - Enable JWT or OIDC for stateless authentication
457
+ - Use `@RolesAllowed` for declarative authorization
458
+ - Validate all input with Bean Validation
459
+ - Hash passwords with BCrypt (never plaintext)
460
+ - Store secrets in Vault or environment variables
461
+ - Use parameterized queries to prevent SQL injection
462
+ - Add security headers to all responses
463
+ - Implement rate limiting for public endpoints
464
+ - Audit sensitive operations
465
+ - Keep dependencies updated and scan for CVEs
466
+ - Use SecurityIdentity for programmatic checks
467
+ - Set appropriate CORS policies
468
+ - Test authentication and authorization paths