@rubix0270/arboris 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/package.json +8 -20
  2. package/run.mjs +10 -0
  3. package/dist/cli.mjs +0 -383
  4. package/manifest.json +0 -323
  5. package/prisma/skills/accessibility/SKILL.md +0 -147
  6. package/prisma/skills/agent-architecture-audit/SKILL.md +0 -257
  7. package/prisma/skills/agent-eval/SKILL.md +0 -146
  8. package/prisma/skills/agent-harness-construction/SKILL.md +0 -74
  9. package/prisma/skills/agent-introspection-debugging/SKILL.md +0 -154
  10. package/prisma/skills/agent-payment-x402/SKILL.md +0 -225
  11. package/prisma/skills/agent-self-evaluation/SKILL.md +0 -182
  12. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +0 -87
  13. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +0 -86
  14. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +0 -71
  15. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +0 -64
  16. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +0 -408
  17. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +0 -86
  18. package/prisma/skills/agent-sort/SKILL.md +0 -216
  19. package/prisma/skills/agentic-engineering/SKILL.md +0 -64
  20. package/prisma/skills/agentic-os/SKILL.md +0 -388
  21. package/prisma/skills/ai-first-engineering/SKILL.md +0 -52
  22. package/prisma/skills/ai-regression-testing/SKILL.md +0 -386
  23. package/prisma/skills/android-clean-architecture/SKILL.md +0 -340
  24. package/prisma/skills/angular-developer/SKILL.md +0 -155
  25. package/prisma/skills/angular-developer/references/angular-animations.md +0 -160
  26. package/prisma/skills/angular-developer/references/angular-aria.md +0 -410
  27. package/prisma/skills/angular-developer/references/cli.md +0 -86
  28. package/prisma/skills/angular-developer/references/component-harnesses.md +0 -59
  29. package/prisma/skills/angular-developer/references/component-styling.md +0 -91
  30. package/prisma/skills/angular-developer/references/components.md +0 -117
  31. package/prisma/skills/angular-developer/references/creating-services.md +0 -97
  32. package/prisma/skills/angular-developer/references/data-resolvers.md +0 -69
  33. package/prisma/skills/angular-developer/references/define-routes.md +0 -67
  34. package/prisma/skills/angular-developer/references/defining-providers.md +0 -72
  35. package/prisma/skills/angular-developer/references/di-fundamentals.md +0 -120
  36. package/prisma/skills/angular-developer/references/e2e-testing.md +0 -56
  37. package/prisma/skills/angular-developer/references/effects.md +0 -83
  38. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +0 -43
  39. package/prisma/skills/angular-developer/references/host-elements.md +0 -80
  40. package/prisma/skills/angular-developer/references/injection-context.md +0 -63
  41. package/prisma/skills/angular-developer/references/inputs.md +0 -101
  42. package/prisma/skills/angular-developer/references/linked-signal.md +0 -59
  43. package/prisma/skills/angular-developer/references/loading-strategies.md +0 -61
  44. package/prisma/skills/angular-developer/references/mcp.md +0 -108
  45. package/prisma/skills/angular-developer/references/navigate-to-routes.md +0 -69
  46. package/prisma/skills/angular-developer/references/outputs.md +0 -86
  47. package/prisma/skills/angular-developer/references/reactive-forms.md +0 -122
  48. package/prisma/skills/angular-developer/references/rendering-strategies.md +0 -44
  49. package/prisma/skills/angular-developer/references/resource.md +0 -77
  50. package/prisma/skills/angular-developer/references/route-animations.md +0 -56
  51. package/prisma/skills/angular-developer/references/route-guards.md +0 -52
  52. package/prisma/skills/angular-developer/references/router-lifecycle.md +0 -45
  53. package/prisma/skills/angular-developer/references/router-testing.md +0 -87
  54. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +0 -68
  55. package/prisma/skills/angular-developer/references/signal-forms.md +0 -795
  56. package/prisma/skills/angular-developer/references/signals-overview.md +0 -94
  57. package/prisma/skills/angular-developer/references/tailwind-css.md +0 -69
  58. package/prisma/skills/angular-developer/references/template-driven-forms.md +0 -114
  59. package/prisma/skills/angular-developer/references/testing-fundamentals.md +0 -65
  60. package/prisma/skills/api-connector-builder/SKILL.md +0 -121
  61. package/prisma/skills/api-design/SKILL.md +0 -524
  62. package/prisma/skills/architecture-decision-records/SKILL.md +0 -180
  63. package/prisma/skills/article-writing/SKILL.md +0 -80
  64. package/prisma/skills/automation-audit-ops/SKILL.md +0 -143
  65. package/prisma/skills/autonomous-agent-harness/SKILL.md +0 -274
  66. package/prisma/skills/autonomous-loops/SKILL.md +0 -611
  67. package/prisma/skills/backend-patterns/SKILL.md +0 -562
  68. package/prisma/skills/benchmark/SKILL.md +0 -94
  69. package/prisma/skills/benchmark-methodology/SKILL.md +0 -190
  70. package/prisma/skills/benchmark-optimization-loop/SKILL.md +0 -70
  71. package/prisma/skills/blender-motion-state-inspection/SKILL.md +0 -165
  72. package/prisma/skills/blueprint/SKILL.md +0 -106
  73. package/prisma/skills/brand-discovery/SKILL.md +0 -145
  74. package/prisma/skills/brand-discovery/references/10_purpose-why.md +0 -40
  75. package/prisma/skills/brand-discovery/references/20_positioning.md +0 -44
  76. package/prisma/skills/brand-discovery/references/30_audience-niche.md +0 -52
  77. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +0 -57
  78. package/prisma/skills/brand-discovery/references/50_voice-tone.md +0 -59
  79. package/prisma/skills/brand-discovery/references/60_narrative-story.md +0 -50
  80. package/prisma/skills/brand-discovery/references/70_founder-tension.md +0 -49
  81. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +0 -133
  82. package/prisma/skills/brand-voice/SKILL.md +0 -98
  83. package/prisma/skills/brand-voice/references/voice-profile-schema.md +0 -55
  84. package/prisma/skills/browser-qa/SKILL.md +0 -105
  85. package/prisma/skills/bun-runtime/SKILL.md +0 -85
  86. package/prisma/skills/canary-watch/SKILL.md +0 -108
  87. package/prisma/skills/carrier-relationship-management/SKILL.md +0 -212
  88. package/prisma/skills/cisco-ios-patterns/SKILL.md +0 -164
  89. package/prisma/skills/ck/SKILL.md +0 -148
  90. package/prisma/skills/ck/commands/forget.mjs +0 -44
  91. package/prisma/skills/ck/commands/info.mjs +0 -24
  92. package/prisma/skills/ck/commands/init.mjs +0 -143
  93. package/prisma/skills/ck/commands/list.mjs +0 -40
  94. package/prisma/skills/ck/commands/migrate.mjs +0 -202
  95. package/prisma/skills/ck/commands/resume.mjs +0 -36
  96. package/prisma/skills/ck/commands/save.mjs +0 -210
  97. package/prisma/skills/ck/commands/shared.mjs +0 -387
  98. package/prisma/skills/ck/hooks/session-start.mjs +0 -224
  99. package/prisma/skills/claude-devfleet/SKILL.md +0 -112
  100. package/prisma/skills/click-path-audit/SKILL.md +0 -245
  101. package/prisma/skills/clickhouse-io/SKILL.md +0 -440
  102. package/prisma/skills/code-tour/SKILL.md +0 -254
  103. package/prisma/skills/codebase-onboarding/SKILL.md +0 -234
  104. package/prisma/skills/codehealth-mcp/SKILL.md +0 -167
  105. package/prisma/skills/coding-standards/SKILL.md +0 -551
  106. package/prisma/skills/competitive-platform-analysis/SKILL.md +0 -214
  107. package/prisma/skills/competitive-report-structure/SKILL.md +0 -162
  108. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +0 -300
  109. package/prisma/skills/config-gc/SKILL.md +0 -120
  110. package/prisma/skills/configure-ecc/SKILL.md +0 -385
  111. package/prisma/skills/connections-optimizer/SKILL.md +0 -190
  112. package/prisma/skills/content-engine/SKILL.md +0 -132
  113. package/prisma/skills/content-hash-cache-pattern/SKILL.md +0 -162
  114. package/prisma/skills/context-budget/SKILL.md +0 -136
  115. package/prisma/skills/continuous-agent-loop/SKILL.md +0 -46
  116. package/prisma/skills/continuous-learning/SKILL.md +0 -132
  117. package/prisma/skills/continuous-learning/config.json +0 -18
  118. package/prisma/skills/continuous-learning/evaluate-session.sh +0 -69
  119. package/prisma/skills/continuous-learning-v2/SKILL.md +0 -361
  120. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +0 -359
  121. package/prisma/skills/continuous-learning-v2/agents/observer.md +0 -189
  122. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +0 -150
  123. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +0 -248
  124. package/prisma/skills/continuous-learning-v2/config.json +0 -8
  125. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +0 -585
  126. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +0 -322
  127. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +0 -1956
  128. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +0 -31
  129. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +0 -68
  130. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +0 -1421
  131. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +0 -184
  132. package/prisma/skills/cost-tracking/SKILL.md +0 -97
  133. package/prisma/skills/council/SKILL.md +0 -204
  134. package/prisma/skills/cpp-coding-standards/SKILL.md +0 -724
  135. package/prisma/skills/cpp-testing/SKILL.md +0 -325
  136. package/prisma/skills/crosspost/SKILL.md +0 -112
  137. package/prisma/skills/csharp-testing/SKILL.md +0 -322
  138. package/prisma/skills/customer-billing-ops/SKILL.md +0 -141
  139. package/prisma/skills/customs-trade-compliance/SKILL.md +0 -263
  140. package/prisma/skills/dart-flutter-patterns/SKILL.md +0 -564
  141. package/prisma/skills/dashboard-builder/SKILL.md +0 -109
  142. package/prisma/skills/data-scraper-agent/SKILL.md +0 -765
  143. package/prisma/skills/data-throughput-accelerator/SKILL.md +0 -73
  144. package/prisma/skills/database-migrations/SKILL.md +0 -430
  145. package/prisma/skills/deep-research/SKILL.md +0 -160
  146. package/prisma/skills/defi-amm-security/SKILL.md +0 -167
  147. package/prisma/skills/delivery-gate/SKILL.md +0 -126
  148. package/prisma/skills/delivery-gate/hooks/quality-gate.py +0 -220
  149. package/prisma/skills/deployment-patterns/SKILL.md +0 -428
  150. package/prisma/skills/design-system/SKILL.md +0 -83
  151. package/prisma/skills/django-celery/SKILL.md +0 -458
  152. package/prisma/skills/django-patterns/SKILL.md +0 -735
  153. package/prisma/skills/django-security/SKILL.md +0 -644
  154. package/prisma/skills/django-tdd/SKILL.md +0 -730
  155. package/prisma/skills/django-verification/SKILL.md +0 -470
  156. package/prisma/skills/dmux-workflows/SKILL.md +0 -192
  157. package/prisma/skills/docker-patterns/SKILL.md +0 -365
  158. package/prisma/skills/documentation-lookup/SKILL.md +0 -91
  159. package/prisma/skills/dotnet-patterns/SKILL.md +0 -322
  160. package/prisma/skills/dynamic-workflow-mode/SKILL.md +0 -124
  161. package/prisma/skills/e2e-testing/SKILL.md +0 -327
  162. package/prisma/skills/ecc-guide/SKILL.md +0 -190
  163. package/prisma/skills/ecc-recipes/SKILL.md +0 -149
  164. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +0 -161
  165. package/prisma/skills/email-ops/SKILL.md +0 -122
  166. package/prisma/skills/energy-procurement/SKILL.md +0 -228
  167. package/prisma/skills/enterprise-agent-ops/SKILL.md +0 -51
  168. package/prisma/skills/error-handling/SKILL.md +0 -377
  169. package/prisma/skills/eval-harness/SKILL.md +0 -271
  170. package/prisma/skills/evm-token-decimals/SKILL.md +0 -131
  171. package/prisma/skills/exa-search/SKILL.md +0 -108
  172. package/prisma/skills/fal-ai-media/SKILL.md +0 -289
  173. package/prisma/skills/fastapi-patterns/SKILL.md +0 -514
  174. package/prisma/skills/finance-billing-ops/SKILL.md +0 -128
  175. package/prisma/skills/flox-environments/SKILL.md +0 -497
  176. package/prisma/skills/flutter-dart-code-review/SKILL.md +0 -436
  177. package/prisma/skills/foundation-models-on-device/SKILL.md +0 -243
  178. package/prisma/skills/frontend-a11y/SKILL.md +0 -446
  179. package/prisma/skills/frontend-design-direction/SKILL.md +0 -93
  180. package/prisma/skills/frontend-patterns/SKILL.md +0 -657
  181. package/prisma/skills/frontend-slides/SKILL.md +0 -185
  182. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +0 -330
  183. package/prisma/skills/frontend-slides/animation-patterns.md +0 -122
  184. package/prisma/skills/frontend-slides/html-template.md +0 -419
  185. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +0 -418
  186. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +0 -96
  187. package/prisma/skills/frontend-slides/viewport-base.css +0 -153
  188. package/prisma/skills/fsharp-testing/SKILL.md +0 -281
  189. package/prisma/skills/gan-style-harness/SKILL.md +0 -279
  190. package/prisma/skills/gateguard/SKILL.md +0 -133
  191. package/prisma/skills/generating-python-installer/SKILL.md +0 -820
  192. package/prisma/skills/git-workflow/SKILL.md +0 -716
  193. package/prisma/skills/github-ops/SKILL.md +0 -145
  194. package/prisma/skills/golang-patterns/SKILL.md +0 -675
  195. package/prisma/skills/golang-testing/SKILL.md +0 -721
  196. package/prisma/skills/google-workspace-ops/SKILL.md +0 -96
  197. package/prisma/skills/growth-log/SKILL.md +0 -128
  198. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +0 -246
  199. package/prisma/skills/healthcare-emr-patterns/SKILL.md +0 -160
  200. package/prisma/skills/healthcare-eval-harness/SKILL.md +0 -208
  201. package/prisma/skills/healthcare-phi-compliance/SKILL.md +0 -146
  202. package/prisma/skills/hermes-imports/SKILL.md +0 -89
  203. package/prisma/skills/hexagonal-architecture/SKILL.md +0 -277
  204. package/prisma/skills/hipaa-compliance/SKILL.md +0 -79
  205. package/prisma/skills/homelab-network-readiness/SKILL.md +0 -170
  206. package/prisma/skills/homelab-network-setup/SKILL.md +0 -130
  207. package/prisma/skills/homelab-pihole-dns/SKILL.md +0 -275
  208. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +0 -312
  209. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +0 -306
  210. package/prisma/skills/hookify-rules/SKILL.md +0 -128
  211. package/prisma/skills/inherit-legacy-style/SKILL.md +0 -157
  212. package/prisma/skills/intent-driven-development/SKILL.md +0 -360
  213. package/prisma/skills/inventory-demand-planning/SKILL.md +0 -247
  214. package/prisma/skills/investor-materials/SKILL.md +0 -97
  215. package/prisma/skills/investor-outreach/SKILL.md +0 -92
  216. package/prisma/skills/ios-icon-gen/SKILL.md +0 -158
  217. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +0 -258
  218. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +0 -235
  219. package/prisma/skills/iterative-retrieval/SKILL.md +0 -212
  220. package/prisma/skills/ito-basket-compare/SKILL.md +0 -64
  221. package/prisma/skills/ito-data-atlas-agent/SKILL.md +0 -64
  222. package/prisma/skills/ito-market-intelligence/SKILL.md +0 -61
  223. package/prisma/skills/ito-trade-planner/SKILL.md +0 -68
  224. package/prisma/skills/java-coding-standards/SKILL.md +0 -384
  225. package/prisma/skills/jira-integration/SKILL.md +0 -303
  226. package/prisma/skills/jpa-patterns/SKILL.md +0 -152
  227. package/prisma/skills/knowledge-ops/SKILL.md +0 -155
  228. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +0 -285
  229. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +0 -720
  230. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +0 -690
  231. package/prisma/skills/kotlin-patterns/SKILL.md +0 -712
  232. package/prisma/skills/kotlin-testing/SKILL.md +0 -825
  233. package/prisma/skills/kubernetes-patterns/SKILL.md +0 -756
  234. package/prisma/skills/laravel-patterns/SKILL.md +0 -416
  235. package/prisma/skills/laravel-plugin-discovery/SKILL.md +0 -230
  236. package/prisma/skills/laravel-security/SKILL.md +0 -948
  237. package/prisma/skills/laravel-tdd/SKILL.md +0 -675
  238. package/prisma/skills/laravel-verification/SKILL.md +0 -180
  239. package/prisma/skills/latency-critical-systems/SKILL.md +0 -74
  240. package/prisma/skills/lead-intelligence/SKILL.md +0 -322
  241. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +0 -85
  242. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +0 -75
  243. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +0 -98
  244. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +0 -60
  245. package/prisma/skills/liquid-glass-design/SKILL.md +0 -279
  246. package/prisma/skills/llm-trading-agent-security/SKILL.md +0 -147
  247. package/prisma/skills/logistics-exception-management/SKILL.md +0 -222
  248. package/prisma/skills/loop-design-check/SKILL.md +0 -143
  249. package/prisma/skills/mailtrap-email-integration/SKILL.md +0 -77
  250. package/prisma/skills/make-interfaces-feel-better/SKILL.md +0 -152
  251. package/prisma/skills/manim-video/SKILL.md +0 -90
  252. package/prisma/skills/manim-video/assets/network_graph_scene.py +0 -52
  253. package/prisma/skills/market-research/SKILL.md +0 -76
  254. package/prisma/skills/marketing-campaign/SKILL.md +0 -114
  255. package/prisma/skills/mcp-server-patterns/SKILL.md +0 -70
  256. package/prisma/skills/messages-ops/SKILL.md +0 -105
  257. package/prisma/skills/ml-adoption-playbook/SKILL.md +0 -57
  258. package/prisma/skills/mle-workflow/SKILL.md +0 -347
  259. package/prisma/skills/motion-advanced/SKILL.md +0 -596
  260. package/prisma/skills/motion-foundations/SKILL.md +0 -299
  261. package/prisma/skills/motion-patterns/SKILL.md +0 -434
  262. package/prisma/skills/motion-ui/SKILL.md +0 -576
  263. package/prisma/skills/mysql-patterns/SKILL.md +0 -413
  264. package/prisma/skills/nanoclaw-repl/SKILL.md +0 -34
  265. package/prisma/skills/nestjs-patterns/SKILL.md +0 -231
  266. package/prisma/skills/netmiko-ssh-automation/SKILL.md +0 -174
  267. package/prisma/skills/network-bgp-diagnostics/SKILL.md +0 -168
  268. package/prisma/skills/network-config-validation/SKILL.md +0 -211
  269. package/prisma/skills/network-interface-health/SKILL.md +0 -153
  270. package/prisma/skills/nextjs-turbopack/SKILL.md +0 -58
  271. package/prisma/skills/nodejs-keccak256/SKILL.md +0 -103
  272. package/prisma/skills/nutrient-document-processing/SKILL.md +0 -168
  273. package/prisma/skills/nuxt4-patterns/SKILL.md +0 -101
  274. package/prisma/skills/openclaw-persona-forge/SKILL.md +0 -289
  275. package/prisma/skills/openclaw-persona-forge/gacha.py +0 -224
  276. package/prisma/skills/openclaw-persona-forge/gacha.sh +0 -5
  277. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +0 -124
  278. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +0 -53
  279. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +0 -53
  280. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +0 -48
  281. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +0 -39
  282. package/prisma/skills/openclaw-persona-forge/references/output-template.md +0 -166
  283. package/prisma/skills/opensource-pipeline/SKILL.md +0 -256
  284. package/prisma/skills/orch-add-feature/SKILL.md +0 -45
  285. package/prisma/skills/orch-build-mvp/SKILL.md +0 -49
  286. package/prisma/skills/orch-change-feature/SKILL.md +0 -43
  287. package/prisma/skills/orch-fix-defect/SKILL.md +0 -43
  288. package/prisma/skills/orch-pipeline/SKILL.md +0 -121
  289. package/prisma/skills/orch-refine-code/SKILL.md +0 -44
  290. package/prisma/skills/parallel-execution-optimizer/SKILL.md +0 -73
  291. package/prisma/skills/perl-patterns/SKILL.md +0 -505
  292. package/prisma/skills/perl-security/SKILL.md +0 -504
  293. package/prisma/skills/perl-testing/SKILL.md +0 -476
  294. package/prisma/skills/plan-orchestrate/SKILL.md +0 -263
  295. package/prisma/skills/plankton-code-quality/SKILL.md +0 -237
  296. package/prisma/skills/postgres-patterns/SKILL.md +0 -148
  297. package/prisma/skills/prediction-market-oracle-research/SKILL.md +0 -64
  298. package/prisma/skills/prediction-market-risk-review/SKILL.md +0 -61
  299. package/prisma/skills/prisma-patterns/SKILL.md +0 -401
  300. package/prisma/skills/product-capability/SKILL.md +0 -142
  301. package/prisma/skills/product-lens/SKILL.md +0 -93
  302. package/prisma/skills/production-audit/SKILL.md +0 -207
  303. package/prisma/skills/production-scheduling/SKILL.md +0 -238
  304. package/prisma/skills/project-flow-ops/SKILL.md +0 -112
  305. package/prisma/skills/prompt-optimizer/SKILL.md +0 -398
  306. package/prisma/skills/python-patterns/SKILL.md +0 -751
  307. package/prisma/skills/python-testing/SKILL.md +0 -817
  308. package/prisma/skills/pytorch-patterns/SKILL.md +0 -397
  309. package/prisma/skills/quality-nonconformance/SKILL.md +0 -260
  310. package/prisma/skills/quarkus-patterns/SKILL.md +0 -723
  311. package/prisma/skills/quarkus-security/SKILL.md +0 -468
  312. package/prisma/skills/quarkus-tdd/SKILL.md +0 -812
  313. package/prisma/skills/quarkus-verification/SKILL.md +0 -480
  314. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +0 -68
  315. package/prisma/skills/react-native-patterns/SKILL.md +0 -326
  316. package/prisma/skills/react-patterns/SKILL.md +0 -342
  317. package/prisma/skills/react-performance/SKILL.md +0 -575
  318. package/prisma/skills/react-testing/SKILL.md +0 -424
  319. package/prisma/skills/recsys-pipeline-architect/SKILL.md +0 -115
  320. package/prisma/skills/recursive-decision-ledger/SKILL.md +0 -80
  321. package/prisma/skills/redis-patterns/SKILL.md +0 -404
  322. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +0 -221
  323. package/prisma/skills/remotion-video-creation/SKILL.md +0 -43
  324. package/prisma/skills/remotion-video-creation/rules/3d.md +0 -86
  325. package/prisma/skills/remotion-video-creation/rules/animations.md +0 -29
  326. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +0 -173
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +0 -100
  328. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +0 -108
  329. package/prisma/skills/remotion-video-creation/rules/assets.md +0 -78
  330. package/prisma/skills/remotion-video-creation/rules/audio.md +0 -172
  331. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +0 -104
  332. package/prisma/skills/remotion-video-creation/rules/can-decode.md +0 -75
  333. package/prisma/skills/remotion-video-creation/rules/charts.md +0 -58
  334. package/prisma/skills/remotion-video-creation/rules/compositions.md +0 -146
  335. package/prisma/skills/remotion-video-creation/rules/display-captions.md +0 -126
  336. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +0 -229
  337. package/prisma/skills/remotion-video-creation/rules/fonts.md +0 -152
  338. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +0 -58
  339. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +0 -68
  340. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +0 -58
  341. package/prisma/skills/remotion-video-creation/rules/gifs.md +0 -138
  342. package/prisma/skills/remotion-video-creation/rules/images.md +0 -130
  343. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +0 -67
  344. package/prisma/skills/remotion-video-creation/rules/lottie.md +0 -67
  345. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +0 -34
  346. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +0 -143
  347. package/prisma/skills/remotion-video-creation/rules/sequencing.md +0 -106
  348. package/prisma/skills/remotion-video-creation/rules/tailwind.md +0 -11
  349. package/prisma/skills/remotion-video-creation/rules/text-animations.md +0 -20
  350. package/prisma/skills/remotion-video-creation/rules/timing.md +0 -179
  351. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +0 -19
  352. package/prisma/skills/remotion-video-creation/rules/transitions.md +0 -122
  353. package/prisma/skills/remotion-video-creation/rules/trimming.md +0 -52
  354. package/prisma/skills/remotion-video-creation/rules/videos.md +0 -171
  355. package/prisma/skills/repo-scan/SKILL.md +0 -79
  356. package/prisma/skills/research-ops/SKILL.md +0 -113
  357. package/prisma/skills/returns-reverse-logistics/SKILL.md +0 -240
  358. package/prisma/skills/rules-distill/SKILL.md +0 -265
  359. package/prisma/skills/rules-distill/scripts/scan-rules.sh +0 -58
  360. package/prisma/skills/rules-distill/scripts/scan-skills.sh +0 -129
  361. package/prisma/skills/rust-patterns/SKILL.md +0 -500
  362. package/prisma/skills/rust-testing/SKILL.md +0 -501
  363. package/prisma/skills/safety-guard/SKILL.md +0 -76
  364. package/prisma/skills/santa-method/SKILL.md +0 -307
  365. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +0 -176
  366. package/prisma/skills/scientific-db-uspto-database/SKILL.md +0 -178
  367. package/prisma/skills/scientific-pkg-gget/SKILL.md +0 -167
  368. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +0 -193
  369. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +0 -161
  370. package/prisma/skills/search-first/SKILL.md +0 -183
  371. package/prisma/skills/security-bounty-hunter/SKILL.md +0 -100
  372. package/prisma/skills/security-review/SKILL.md +0 -504
  373. package/prisma/skills/security-review/cloud-infrastructure-security.md +0 -361
  374. package/prisma/skills/security-scan/SKILL.md +0 -166
  375. package/prisma/skills/seo/SKILL.md +0 -155
  376. package/prisma/skills/skill-comply/SKILL.md +0 -59
  377. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +0 -5
  378. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +0 -3
  379. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +0 -44
  380. package/prisma/skills/skill-comply/prompts/classifier.md +0 -24
  381. package/prisma/skills/skill-comply/prompts/scenario_generator.md +0 -62
  382. package/prisma/skills/skill-comply/prompts/spec_generator.md +0 -42
  383. package/prisma/skills/skill-comply/pyproject.toml +0 -15
  384. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  385. package/prisma/skills/skill-comply/scripts/classifier.py +0 -85
  386. package/prisma/skills/skill-comply/scripts/grader.py +0 -124
  387. package/prisma/skills/skill-comply/scripts/parser.py +0 -107
  388. package/prisma/skills/skill-comply/scripts/report.py +0 -170
  389. package/prisma/skills/skill-comply/scripts/run.py +0 -127
  390. package/prisma/skills/skill-comply/scripts/runner.py +0 -194
  391. package/prisma/skills/skill-comply/scripts/scenario_generator.py +0 -70
  392. package/prisma/skills/skill-comply/scripts/spec_generator.py +0 -72
  393. package/prisma/skills/skill-comply/scripts/utils.py +0 -13
  394. package/prisma/skills/skill-comply/tests/test_grader.py +0 -197
  395. package/prisma/skills/skill-comply/tests/test_parser.py +0 -90
  396. package/prisma/skills/skill-comply/tests/test_runner.py +0 -172
  397. package/prisma/skills/skill-scout/SKILL.md +0 -141
  398. package/prisma/skills/skill-stocktake/SKILL.md +0 -195
  399. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +0 -87
  400. package/prisma/skills/skill-stocktake/scripts/save-results.sh +0 -56
  401. package/prisma/skills/skill-stocktake/scripts/scan.sh +0 -170
  402. package/prisma/skills/social-graph-ranker/SKILL.md +0 -155
  403. package/prisma/skills/social-publisher/SKILL.md +0 -130
  404. package/prisma/skills/springboot-patterns/SKILL.md +0 -315
  405. package/prisma/skills/springboot-security/SKILL.md +0 -273
  406. package/prisma/skills/springboot-tdd/SKILL.md +0 -159
  407. package/prisma/skills/springboot-verification/SKILL.md +0 -232
  408. package/prisma/skills/strategic-compact/SKILL.md +0 -136
  409. package/prisma/skills/swift-actor-persistence/SKILL.md +0 -144
  410. package/prisma/skills/swift-concurrency-6-2/SKILL.md +0 -216
  411. package/prisma/skills/swift-protocol-di-testing/SKILL.md +0 -191
  412. package/prisma/skills/swiftui-patterns/SKILL.md +0 -259
  413. package/prisma/skills/taste/SKILL.md +0 -264
  414. package/prisma/skills/taste/references/genre-taxonomy.md +0 -87
  415. package/prisma/skills/tdd-workflow/SKILL.md +0 -583
  416. package/prisma/skills/team-agent-orchestration/SKILL.md +0 -111
  417. package/prisma/skills/team-builder/SKILL.md +0 -169
  418. package/prisma/skills/terminal-ops/SKILL.md +0 -110
  419. package/prisma/skills/tinystruct-patterns/SKILL.md +0 -279
  420. package/prisma/skills/tinystruct-patterns/references/architecture.md +0 -90
  421. package/prisma/skills/tinystruct-patterns/references/data-handling.md +0 -60
  422. package/prisma/skills/tinystruct-patterns/references/database.md +0 -99
  423. package/prisma/skills/tinystruct-patterns/references/routing.md +0 -64
  424. package/prisma/skills/tinystruct-patterns/references/system-usage.md +0 -97
  425. package/prisma/skills/tinystruct-patterns/references/testing.md +0 -72
  426. package/prisma/skills/token-budget-advisor/SKILL.md +0 -134
  427. package/prisma/skills/ui-demo/SKILL.md +0 -466
  428. package/prisma/skills/ui-to-vue/SKILL.md +0 -135
  429. package/prisma/skills/uncloud/SKILL.md +0 -344
  430. package/prisma/skills/unified-notifications-ops/SKILL.md +0 -188
  431. package/prisma/skills/verification-loop/SKILL.md +0 -127
  432. package/prisma/skills/video-editing/SKILL.md +0 -311
  433. package/prisma/skills/videodb/SKILL.md +0 -375
  434. package/prisma/skills/videodb/reference/api-reference.md +0 -550
  435. package/prisma/skills/videodb/reference/capture-reference.md +0 -407
  436. package/prisma/skills/videodb/reference/capture.md +0 -101
  437. package/prisma/skills/videodb/reference/editor.md +0 -443
  438. package/prisma/skills/videodb/reference/generative.md +0 -331
  439. package/prisma/skills/videodb/reference/rtstream-reference.md +0 -564
  440. package/prisma/skills/videodb/reference/rtstream.md +0 -65
  441. package/prisma/skills/videodb/reference/search.md +0 -230
  442. package/prisma/skills/videodb/reference/streaming.md +0 -406
  443. package/prisma/skills/videodb/reference/use-cases.md +0 -118
  444. package/prisma/skills/videodb/scripts/ws_listener.py +0 -282
  445. package/prisma/skills/visa-doc-translate/README.md +0 -86
  446. package/prisma/skills/visa-doc-translate/SKILL.md +0 -117
  447. package/prisma/skills/vite-patterns/SKILL.md +0 -450
  448. package/prisma/skills/vue-patterns/SKILL.md +0 -471
  449. package/prisma/skills/windows-desktop-e2e/SKILL.md +0 -888
  450. package/prisma/skills/workspace-surface-audit/SKILL.md +0 -126
  451. package/prisma/skills/x-api/SKILL.md +0 -235
@@ -1,100 +0,0 @@
1
- ---
2
- name: security-bounty-hunter
3
- description: Hunt for exploitable, bounty-worthy security issues in repositories. Focuses on remotely reachable vulnerabilities that qualify for real reports instead of noisy local-only findings.
4
- metadata:
5
- origin: ECC direct-port adaptation
6
- version: "1.0.0"
7
- ---
8
-
9
- # Security Bounty Hunter
10
-
11
- Use this when the goal is practical vulnerability discovery for responsible disclosure or bounty submission, not a broad best-practices review.
12
-
13
- ## When to Use
14
-
15
- - Scanning a repository for exploitable vulnerabilities
16
- - Preparing a Huntr, HackerOne, or similar bounty submission
17
- - Triage where the question is "does this actually pay?" rather than "is this theoretically unsafe?"
18
-
19
- ## How It Works
20
-
21
- Bias toward remotely reachable, user-controlled attack paths and throw away patterns that platforms routinely reject as informative or out of scope.
22
-
23
- ## In-Scope Patterns
24
-
25
- These are the kinds of issues that consistently matter:
26
-
27
- | Pattern | CWE | Typical impact |
28
- | --- | --- | --- |
29
- | SSRF through user-controlled URLs | CWE-918 | internal network access, cloud metadata theft |
30
- | Auth bypass in middleware or API guards | CWE-287 | unauthorized account or data access |
31
- | Remote deserialization or upload-to-RCE paths | CWE-502 | code execution |
32
- | SQL injection in reachable endpoints | CWE-89 | data exfiltration, auth bypass, data destruction |
33
- | Command injection in request handlers | CWE-78 | code execution |
34
- | Path traversal in file-serving paths | CWE-22 | arbitrary file read or write |
35
- | Auto-triggered XSS | CWE-79 | session theft, admin compromise |
36
-
37
- ## Skip These
38
-
39
- These are usually low-signal or out of bounty scope unless the program says otherwise:
40
-
41
- - Local-only `pickle.loads`, `torch.load`, or equivalent with no remote path
42
- - `eval()` or `exec()` in CLI-only tooling
43
- - `shell=True` on fully hardcoded commands
44
- - Missing security headers by themselves
45
- - Generic rate-limiting complaints without exploit impact
46
- - Self-XSS requiring the victim to paste code manually
47
- - CI/CD injection that is not part of the target program scope
48
- - Demo, example, or test-only code
49
-
50
- ## Workflow
51
-
52
- 1. Check scope first: program rules, SECURITY.md, disclosure channel, and exclusions.
53
- 2. Find real entrypoints: HTTP handlers, uploads, background jobs, webhooks, parsers, and integration endpoints.
54
- 3. Run static tooling where it helps, but treat it as triage input only.
55
- 4. Read the real code path end to end.
56
- 5. Prove user control reaches a meaningful sink.
57
- 6. Confirm exploitability and impact with the smallest safe PoC possible.
58
- 7. Check for duplicates before drafting a report.
59
-
60
- ## Example Triage Loop
61
-
62
- ```bash
63
- semgrep --config=auto --severity=ERROR --severity=WARNING --json
64
- ```
65
-
66
- Then manually filter:
67
-
68
- - drop tests, demos, fixtures, vendored code
69
- - drop local-only or non-reachable paths
70
- - keep only findings with a clear network or user-controlled route
71
-
72
- ## Report Structure
73
-
74
- ```markdown
75
- ## Description
76
- [What the vulnerability is and why it matters]
77
-
78
- ## Vulnerable Code
79
- [File path, line range, and a small snippet]
80
-
81
- ## Proof of Concept
82
- [Minimal working request or script]
83
-
84
- ## Impact
85
- [What the attacker can achieve]
86
-
87
- ## Affected Version
88
- [Version, commit, or deployment target tested]
89
- ```
90
-
91
- ## Quality Gate
92
-
93
- Before submitting:
94
-
95
- - The code path is reachable from a real user or network boundary
96
- - The input is genuinely user-controlled
97
- - The sink is meaningful and exploitable
98
- - The PoC works
99
- - The issue is not already covered by an advisory, CVE, or open ticket
100
- - The target is actually in scope for the bounty program
@@ -1,504 +0,0 @@
1
- ---
2
- name: security-review
3
- description: Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
4
- metadata:
5
- origin: ECC
6
- ---
7
-
8
- # Security Review Skill
9
-
10
- This skill ensures all code follows security best practices and identifies potential vulnerabilities.
11
-
12
- ## When to Activate
13
-
14
- - Implementing authentication or authorization
15
- - Handling user input or file uploads
16
- - Creating new API endpoints
17
- - Working with secrets or credentials
18
- - Implementing payment features
19
- - Storing or transmitting sensitive data
20
- - Integrating third-party APIs
21
-
22
- ## Security Checklist
23
-
24
- ### 1. Secrets Management
25
-
26
- #### FAIL: NEVER Do This
27
- ```typescript
28
- const apiKey = "sk-proj-xxxxx" // Hardcoded secret
29
- const dbPassword = "password123" // In source code
30
- ```
31
-
32
- #### PASS: ALWAYS Do This
33
- ```typescript
34
- const apiKey = process.env.OPENAI_API_KEY
35
- const dbUrl = process.env.DATABASE_URL
36
-
37
- // Verify secrets exist
38
- if (!apiKey) {
39
- throw new Error('OPENAI_API_KEY not configured')
40
- }
41
- ```
42
-
43
- #### Verification Steps
44
- - [ ] No hardcoded API keys, tokens, or passwords
45
- - [ ] All secrets in environment variables
46
- - [ ] `.env.local` in .gitignore
47
- - [ ] No secrets in git history
48
- - [ ] Production secrets in hosting platform (Vercel, Railway)
49
-
50
- ### 2. Input Validation
51
-
52
- #### Always Validate User Input
53
- ```typescript
54
- import { z } from 'zod'
55
-
56
- // Define validation schema
57
- const CreateUserSchema = z.object({
58
- email: z.string().email(),
59
- name: z.string().min(1).max(100),
60
- age: z.number().int().min(0).max(150)
61
- })
62
-
63
- // Validate before processing
64
- export async function createUser(input: unknown) {
65
- try {
66
- const validated = CreateUserSchema.parse(input)
67
- return await db.users.create(validated)
68
- } catch (error) {
69
- if (error instanceof z.ZodError) {
70
- return { success: false, errors: error.issues }
71
- }
72
- throw error
73
- }
74
- }
75
- ```
76
-
77
- #### File Upload Validation
78
- ```typescript
79
- function validateFileUpload(file: File) {
80
- // Size check (5MB max)
81
- const maxSize = 5 * 1024 * 1024
82
- if (file.size > maxSize) {
83
- throw new Error('File too large (max 5MB)')
84
- }
85
-
86
- // Type check
87
- const allowedTypes = ['image/jpeg', 'image/png', 'image/gif']
88
- if (!allowedTypes.includes(file.type)) {
89
- throw new Error('Invalid file type')
90
- }
91
-
92
- // Extension check
93
- const allowedExtensions = ['.jpg', '.jpeg', '.png', '.gif']
94
- const extension = file.name.toLowerCase().match(/\.[^.]+$/)?.[0]
95
- if (!extension || !allowedExtensions.includes(extension)) {
96
- throw new Error('Invalid file extension')
97
- }
98
-
99
- return true
100
- }
101
- ```
102
-
103
- #### Verification Steps
104
- - [ ] All user inputs validated with schemas
105
- - [ ] File uploads restricted (size, type, extension)
106
- - [ ] No direct use of user input in queries
107
- - [ ] Whitelist validation (not blacklist)
108
- - [ ] Error messages don't leak sensitive info
109
-
110
- ### 3. SQL Injection Prevention
111
-
112
- #### FAIL: NEVER Concatenate SQL
113
- ```typescript
114
- // DANGEROUS - SQL Injection vulnerability
115
- const query = `SELECT * FROM users WHERE email = '${userEmail}'`
116
- await db.query(query)
117
- ```
118
-
119
- #### PASS: ALWAYS Use Parameterized Queries
120
- ```typescript
121
- // Safe - parameterized query
122
- const { data } = await supabase
123
- .from('users')
124
- .select('*')
125
- .eq('email', userEmail)
126
-
127
- // Or with raw SQL
128
- await db.query(
129
- 'SELECT * FROM users WHERE email = $1',
130
- [userEmail]
131
- )
132
- ```
133
-
134
- #### Verification Steps
135
- - [ ] All database queries use parameterized queries
136
- - [ ] No string concatenation in SQL
137
- - [ ] ORM/query builder used correctly
138
- - [ ] Supabase queries properly sanitized
139
-
140
- ### 4. Authentication & Authorization
141
-
142
- #### JWT Token Handling
143
- ```typescript
144
- // FAIL: WRONG: localStorage (vulnerable to XSS)
145
- localStorage.setItem('token', token)
146
-
147
- // PASS: CORRECT: httpOnly cookies
148
- res.setHeader('Set-Cookie',
149
- `token=${token}; HttpOnly; Secure; SameSite=Strict; Max-Age=3600`)
150
- ```
151
-
152
- #### Authorization Checks
153
- ```typescript
154
- export async function deleteUser(userId: string, requesterId: string) {
155
- // ALWAYS verify authorization first
156
- const requester = await db.users.findUnique({
157
- where: { id: requesterId }
158
- })
159
-
160
- if (requester.role !== 'admin') {
161
- return NextResponse.json(
162
- { error: 'Unauthorized' },
163
- { status: 403 }
164
- )
165
- }
166
-
167
- // Proceed with deletion
168
- await db.users.delete({ where: { id: userId } })
169
- }
170
- ```
171
-
172
- #### Row Level Security (Supabase)
173
- ```sql
174
- -- Enable RLS on all tables
175
- ALTER TABLE users ENABLE ROW LEVEL SECURITY;
176
-
177
- -- Users can only view their own data
178
- CREATE POLICY "Users view own data"
179
- ON users FOR SELECT
180
- USING (auth.uid() = id);
181
-
182
- -- Users can only update their own data
183
- CREATE POLICY "Users update own data"
184
- ON users FOR UPDATE
185
- USING (auth.uid() = id);
186
- ```
187
-
188
- #### Verification Steps
189
- - [ ] Tokens stored in httpOnly cookies (not localStorage)
190
- - [ ] Authorization checks before sensitive operations
191
- - [ ] Row Level Security enabled in Supabase
192
- - [ ] Role-based access control implemented
193
- - [ ] Session management secure
194
-
195
- ### 5. XSS Prevention
196
-
197
- #### Sanitize HTML
198
- ```typescript
199
- import DOMPurify from 'isomorphic-dompurify'
200
-
201
- // ALWAYS sanitize user-provided HTML
202
- function renderUserContent(html: string) {
203
- const clean = DOMPurify.sanitize(html, {
204
- ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'p'],
205
- ALLOWED_ATTR: []
206
- })
207
- return <div dangerouslySetInnerHTML={{ __html: clean }} />
208
- }
209
- ```
210
-
211
- #### Content Security Policy
212
-
213
- Start strict and loosen only with a documented removal plan. Do not default to
214
- `'unsafe-inline'` or `'unsafe-eval'`; they neutralize much of CSP's protection
215
- and should be treated as temporary compatibility debt.
216
-
217
- ```typescript
218
- // next.config.js
219
- const securityHeaders = [
220
- {
221
- key: 'Content-Security-Policy',
222
- value: `
223
- default-src 'self';
224
- base-uri 'self';
225
- object-src 'none';
226
- frame-ancestors 'none';
227
- script-src 'self';
228
- style-src 'self';
229
- img-src 'self' data: https:;
230
- font-src 'self';
231
- connect-src 'self' https://api.example.com;
232
- `.replace(/\s{2,}/g, ' ').trim()
233
- }
234
- ]
235
- ```
236
-
237
- #### Verification Steps
238
- - [ ] User-provided HTML sanitized
239
- - [ ] CSP headers configured
240
- - [ ] No unvalidated dynamic content rendering
241
- - [ ] React's built-in XSS protection used
242
-
243
- ### 6. CSRF Protection
244
-
245
- #### CSRF Tokens
246
- ```typescript
247
- import { csrf } from '@/lib/csrf'
248
-
249
- export async function POST(request: Request) {
250
- const token = request.headers.get('X-CSRF-Token')
251
-
252
- if (!csrf.verify(token)) {
253
- return NextResponse.json(
254
- { error: 'Invalid CSRF token' },
255
- { status: 403 }
256
- )
257
- }
258
-
259
- // Process request
260
- }
261
- ```
262
-
263
- #### SameSite Cookies
264
- ```typescript
265
- res.setHeader('Set-Cookie',
266
- `session=${sessionId}; HttpOnly; Secure; SameSite=Strict`)
267
- ```
268
-
269
- #### Verification Steps
270
- - [ ] CSRF tokens on state-changing operations
271
- - [ ] SameSite=Strict on all cookies
272
- - [ ] Double-submit cookie pattern implemented
273
-
274
- ### 7. Rate Limiting
275
-
276
- #### API Rate Limiting
277
- ```typescript
278
- import rateLimit from 'express-rate-limit'
279
-
280
- const limiter = rateLimit({
281
- windowMs: 15 * 60 * 1000, // 15 minutes
282
- max: 100, // 100 requests per window
283
- message: 'Too many requests'
284
- })
285
-
286
- // Apply to routes
287
- app.use('/api/', limiter)
288
- ```
289
-
290
- #### Expensive Operations
291
- ```typescript
292
- // Aggressive rate limiting for searches
293
- const searchLimiter = rateLimit({
294
- windowMs: 60 * 1000, // 1 minute
295
- max: 10, // 10 requests per minute
296
- message: 'Too many search requests'
297
- })
298
-
299
- app.use('/api/search', searchLimiter)
300
- ```
301
-
302
- #### Verification Steps
303
- - [ ] Rate limiting on all API endpoints
304
- - [ ] Stricter limits on expensive operations
305
- - [ ] IP-based rate limiting
306
- - [ ] User-based rate limiting (authenticated)
307
-
308
- ### 8. Sensitive Data Exposure
309
-
310
- #### Logging
311
- ```typescript
312
- // FAIL: WRONG: Logging sensitive data
313
- console.log('User login:', { email, password })
314
- console.log('Payment:', { cardNumber, cvv })
315
-
316
- // PASS: CORRECT: Redact sensitive data
317
- console.log('User login:', { email, userId })
318
- console.log('Payment:', { last4: card.last4, userId })
319
- ```
320
-
321
- #### Error Messages
322
- ```typescript
323
- // FAIL: WRONG: Exposing internal details
324
- catch (error) {
325
- return NextResponse.json(
326
- { error: error.message, stack: error.stack },
327
- { status: 500 }
328
- )
329
- }
330
-
331
- // PASS: CORRECT: Generic error messages
332
- catch (error) {
333
- console.error('Internal error:', error)
334
- return NextResponse.json(
335
- { error: 'An error occurred. Please try again.' },
336
- { status: 500 }
337
- )
338
- }
339
- ```
340
-
341
- #### Verification Steps
342
- - [ ] No passwords, tokens, or secrets in logs
343
- - [ ] Error messages generic for users
344
- - [ ] Detailed errors only in server logs
345
- - [ ] No stack traces exposed to users
346
-
347
- ### 9. Blockchain Security (Solana)
348
-
349
- #### Wallet Verification
350
- ```typescript
351
- import { verify } from '@solana/web3.js'
352
-
353
- async function verifyWalletOwnership(
354
- publicKey: string,
355
- signature: string,
356
- message: string
357
- ) {
358
- try {
359
- const isValid = verify(
360
- Buffer.from(message),
361
- Buffer.from(signature, 'base64'),
362
- Buffer.from(publicKey, 'base64')
363
- )
364
- return isValid
365
- } catch (error) {
366
- return false
367
- }
368
- }
369
- ```
370
-
371
- #### Transaction Verification
372
- ```typescript
373
- async function verifyTransaction(transaction: Transaction) {
374
- // Verify recipient
375
- if (transaction.to !== expectedRecipient) {
376
- throw new Error('Invalid recipient')
377
- }
378
-
379
- // Verify amount
380
- if (transaction.amount > maxAmount) {
381
- throw new Error('Amount exceeds limit')
382
- }
383
-
384
- // Verify user has sufficient balance
385
- const balance = await getBalance(transaction.from)
386
- if (balance < transaction.amount) {
387
- throw new Error('Insufficient balance')
388
- }
389
-
390
- return true
391
- }
392
- ```
393
-
394
- #### Verification Steps
395
- - [ ] Wallet signatures verified
396
- - [ ] Transaction details validated
397
- - [ ] Balance checks before transactions
398
- - [ ] No blind transaction signing
399
-
400
- ### 10. Dependency Security
401
-
402
- #### Regular Updates
403
- ```bash
404
- # Check for vulnerabilities
405
- npm audit
406
-
407
- # Fix automatically fixable issues
408
- npm audit fix
409
-
410
- # Update dependencies
411
- npm update
412
-
413
- # Check for outdated packages
414
- npm outdated
415
- ```
416
-
417
- #### Lock Files
418
- ```bash
419
- # ALWAYS commit lock files
420
- git add package-lock.json
421
-
422
- # Use in CI/CD for reproducible builds
423
- npm ci # Instead of npm install
424
- ```
425
-
426
- #### Verification Steps
427
- - [ ] Dependencies up to date
428
- - [ ] No known vulnerabilities (npm audit clean)
429
- - [ ] Lock files committed
430
- - [ ] Dependabot enabled on GitHub
431
- - [ ] Regular security updates
432
-
433
- ## Security Testing
434
-
435
- ### Automated Security Tests
436
- ```typescript
437
- // Test authentication
438
- test('requires authentication', async () => {
439
- const response = await fetch('/api/protected')
440
- expect(response.status).toBe(401)
441
- })
442
-
443
- // Test authorization
444
- test('requires admin role', async () => {
445
- const response = await fetch('/api/admin', {
446
- headers: { Authorization: `Bearer ${userToken}` }
447
- })
448
- expect(response.status).toBe(403)
449
- })
450
-
451
- // Test input validation
452
- test('rejects invalid input', async () => {
453
- const response = await fetch('/api/users', {
454
- method: 'POST',
455
- body: JSON.stringify({ email: 'not-an-email' })
456
- })
457
- expect(response.status).toBe(400)
458
- })
459
-
460
- // Test rate limiting
461
- test('enforces rate limits', async () => {
462
- const requests = Array(101).fill(null).map(() =>
463
- fetch('/api/endpoint')
464
- )
465
-
466
- const responses = await Promise.all(requests)
467
- const tooManyRequests = responses.filter(r => r.status === 429)
468
-
469
- expect(tooManyRequests.length).toBeGreaterThan(0)
470
- })
471
- ```
472
-
473
- ## Pre-Deployment Security Checklist
474
-
475
- Before ANY production deployment:
476
-
477
- - [ ] **Secrets**: No hardcoded secrets, all in env vars
478
- - [ ] **Input Validation**: All user inputs validated
479
- - [ ] **SQL Injection**: All queries parameterized
480
- - [ ] **XSS**: User content sanitized
481
- - [ ] **CSRF**: Protection enabled
482
- - [ ] **Authentication**: Proper token handling
483
- - [ ] **Authorization**: Role checks in place
484
- - [ ] **Rate Limiting**: Enabled on all endpoints
485
- - [ ] **HTTPS**: Enforced in production
486
- - [ ] **Security Headers**: CSP, X-Frame-Options configured
487
- - [ ] **Error Handling**: No sensitive data in errors
488
- - [ ] **Logging**: No sensitive data logged
489
- - [ ] **Dependencies**: Up to date, no vulnerabilities
490
- - [ ] **Row Level Security**: Enabled in Supabase
491
- - [ ] **CORS**: Properly configured
492
- - [ ] **File Uploads**: Validated (size, type)
493
- - [ ] **Wallet Signatures**: Verified (if blockchain)
494
-
495
- ## Resources
496
-
497
- - [OWASP Top 10](https://owasp.org/www-project-top-ten/)
498
- - [Next.js Security](https://nextjs.org/docs/security)
499
- - [Supabase Security](https://supabase.com/docs/guides/auth)
500
- - [Web Security Academy](https://portswigger.net/web-security)
501
-
502
- ---
503
-
504
- **Remember**: Security is not optional. One vulnerability can compromise the entire platform. When in doubt, err on the side of caution.