@rubix0270/arboris 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/package.json +25 -37
  2. package/run.mjs +10 -0
  3. package/dist/cli.mjs +0 -383
  4. package/manifest.json +0 -323
  5. package/prisma/skills/accessibility/SKILL.md +0 -147
  6. package/prisma/skills/agent-architecture-audit/SKILL.md +0 -257
  7. package/prisma/skills/agent-eval/SKILL.md +0 -146
  8. package/prisma/skills/agent-harness-construction/SKILL.md +0 -74
  9. package/prisma/skills/agent-introspection-debugging/SKILL.md +0 -154
  10. package/prisma/skills/agent-payment-x402/SKILL.md +0 -225
  11. package/prisma/skills/agent-self-evaluation/SKILL.md +0 -182
  12. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +0 -87
  13. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +0 -86
  14. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +0 -71
  15. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +0 -64
  16. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +0 -408
  17. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +0 -86
  18. package/prisma/skills/agent-sort/SKILL.md +0 -216
  19. package/prisma/skills/agentic-engineering/SKILL.md +0 -64
  20. package/prisma/skills/agentic-os/SKILL.md +0 -388
  21. package/prisma/skills/ai-first-engineering/SKILL.md +0 -52
  22. package/prisma/skills/ai-regression-testing/SKILL.md +0 -386
  23. package/prisma/skills/android-clean-architecture/SKILL.md +0 -340
  24. package/prisma/skills/angular-developer/SKILL.md +0 -155
  25. package/prisma/skills/angular-developer/references/angular-animations.md +0 -160
  26. package/prisma/skills/angular-developer/references/angular-aria.md +0 -410
  27. package/prisma/skills/angular-developer/references/cli.md +0 -86
  28. package/prisma/skills/angular-developer/references/component-harnesses.md +0 -59
  29. package/prisma/skills/angular-developer/references/component-styling.md +0 -91
  30. package/prisma/skills/angular-developer/references/components.md +0 -117
  31. package/prisma/skills/angular-developer/references/creating-services.md +0 -97
  32. package/prisma/skills/angular-developer/references/data-resolvers.md +0 -69
  33. package/prisma/skills/angular-developer/references/define-routes.md +0 -67
  34. package/prisma/skills/angular-developer/references/defining-providers.md +0 -72
  35. package/prisma/skills/angular-developer/references/di-fundamentals.md +0 -120
  36. package/prisma/skills/angular-developer/references/e2e-testing.md +0 -56
  37. package/prisma/skills/angular-developer/references/effects.md +0 -83
  38. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +0 -43
  39. package/prisma/skills/angular-developer/references/host-elements.md +0 -80
  40. package/prisma/skills/angular-developer/references/injection-context.md +0 -63
  41. package/prisma/skills/angular-developer/references/inputs.md +0 -101
  42. package/prisma/skills/angular-developer/references/linked-signal.md +0 -59
  43. package/prisma/skills/angular-developer/references/loading-strategies.md +0 -61
  44. package/prisma/skills/angular-developer/references/mcp.md +0 -108
  45. package/prisma/skills/angular-developer/references/navigate-to-routes.md +0 -69
  46. package/prisma/skills/angular-developer/references/outputs.md +0 -86
  47. package/prisma/skills/angular-developer/references/reactive-forms.md +0 -122
  48. package/prisma/skills/angular-developer/references/rendering-strategies.md +0 -44
  49. package/prisma/skills/angular-developer/references/resource.md +0 -77
  50. package/prisma/skills/angular-developer/references/route-animations.md +0 -56
  51. package/prisma/skills/angular-developer/references/route-guards.md +0 -52
  52. package/prisma/skills/angular-developer/references/router-lifecycle.md +0 -45
  53. package/prisma/skills/angular-developer/references/router-testing.md +0 -87
  54. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +0 -68
  55. package/prisma/skills/angular-developer/references/signal-forms.md +0 -795
  56. package/prisma/skills/angular-developer/references/signals-overview.md +0 -94
  57. package/prisma/skills/angular-developer/references/tailwind-css.md +0 -69
  58. package/prisma/skills/angular-developer/references/template-driven-forms.md +0 -114
  59. package/prisma/skills/angular-developer/references/testing-fundamentals.md +0 -65
  60. package/prisma/skills/api-connector-builder/SKILL.md +0 -121
  61. package/prisma/skills/api-design/SKILL.md +0 -524
  62. package/prisma/skills/architecture-decision-records/SKILL.md +0 -180
  63. package/prisma/skills/article-writing/SKILL.md +0 -80
  64. package/prisma/skills/automation-audit-ops/SKILL.md +0 -143
  65. package/prisma/skills/autonomous-agent-harness/SKILL.md +0 -274
  66. package/prisma/skills/autonomous-loops/SKILL.md +0 -611
  67. package/prisma/skills/backend-patterns/SKILL.md +0 -562
  68. package/prisma/skills/benchmark/SKILL.md +0 -94
  69. package/prisma/skills/benchmark-methodology/SKILL.md +0 -190
  70. package/prisma/skills/benchmark-optimization-loop/SKILL.md +0 -70
  71. package/prisma/skills/blender-motion-state-inspection/SKILL.md +0 -165
  72. package/prisma/skills/blueprint/SKILL.md +0 -106
  73. package/prisma/skills/brand-discovery/SKILL.md +0 -145
  74. package/prisma/skills/brand-discovery/references/10_purpose-why.md +0 -40
  75. package/prisma/skills/brand-discovery/references/20_positioning.md +0 -44
  76. package/prisma/skills/brand-discovery/references/30_audience-niche.md +0 -52
  77. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +0 -57
  78. package/prisma/skills/brand-discovery/references/50_voice-tone.md +0 -59
  79. package/prisma/skills/brand-discovery/references/60_narrative-story.md +0 -50
  80. package/prisma/skills/brand-discovery/references/70_founder-tension.md +0 -49
  81. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +0 -133
  82. package/prisma/skills/brand-voice/SKILL.md +0 -98
  83. package/prisma/skills/brand-voice/references/voice-profile-schema.md +0 -55
  84. package/prisma/skills/browser-qa/SKILL.md +0 -105
  85. package/prisma/skills/bun-runtime/SKILL.md +0 -85
  86. package/prisma/skills/canary-watch/SKILL.md +0 -108
  87. package/prisma/skills/carrier-relationship-management/SKILL.md +0 -212
  88. package/prisma/skills/cisco-ios-patterns/SKILL.md +0 -164
  89. package/prisma/skills/ck/SKILL.md +0 -148
  90. package/prisma/skills/ck/commands/forget.mjs +0 -44
  91. package/prisma/skills/ck/commands/info.mjs +0 -24
  92. package/prisma/skills/ck/commands/init.mjs +0 -143
  93. package/prisma/skills/ck/commands/list.mjs +0 -40
  94. package/prisma/skills/ck/commands/migrate.mjs +0 -202
  95. package/prisma/skills/ck/commands/resume.mjs +0 -36
  96. package/prisma/skills/ck/commands/save.mjs +0 -210
  97. package/prisma/skills/ck/commands/shared.mjs +0 -387
  98. package/prisma/skills/ck/hooks/session-start.mjs +0 -224
  99. package/prisma/skills/claude-devfleet/SKILL.md +0 -112
  100. package/prisma/skills/click-path-audit/SKILL.md +0 -245
  101. package/prisma/skills/clickhouse-io/SKILL.md +0 -440
  102. package/prisma/skills/code-tour/SKILL.md +0 -254
  103. package/prisma/skills/codebase-onboarding/SKILL.md +0 -234
  104. package/prisma/skills/codehealth-mcp/SKILL.md +0 -167
  105. package/prisma/skills/coding-standards/SKILL.md +0 -551
  106. package/prisma/skills/competitive-platform-analysis/SKILL.md +0 -214
  107. package/prisma/skills/competitive-report-structure/SKILL.md +0 -162
  108. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +0 -300
  109. package/prisma/skills/config-gc/SKILL.md +0 -120
  110. package/prisma/skills/configure-ecc/SKILL.md +0 -385
  111. package/prisma/skills/connections-optimizer/SKILL.md +0 -190
  112. package/prisma/skills/content-engine/SKILL.md +0 -132
  113. package/prisma/skills/content-hash-cache-pattern/SKILL.md +0 -162
  114. package/prisma/skills/context-budget/SKILL.md +0 -136
  115. package/prisma/skills/continuous-agent-loop/SKILL.md +0 -46
  116. package/prisma/skills/continuous-learning/SKILL.md +0 -132
  117. package/prisma/skills/continuous-learning/config.json +0 -18
  118. package/prisma/skills/continuous-learning/evaluate-session.sh +0 -69
  119. package/prisma/skills/continuous-learning-v2/SKILL.md +0 -361
  120. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +0 -359
  121. package/prisma/skills/continuous-learning-v2/agents/observer.md +0 -189
  122. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +0 -150
  123. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +0 -248
  124. package/prisma/skills/continuous-learning-v2/config.json +0 -8
  125. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +0 -585
  126. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +0 -322
  127. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +0 -1956
  128. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +0 -31
  129. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +0 -68
  130. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +0 -1421
  131. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +0 -184
  132. package/prisma/skills/cost-tracking/SKILL.md +0 -97
  133. package/prisma/skills/council/SKILL.md +0 -204
  134. package/prisma/skills/cpp-coding-standards/SKILL.md +0 -724
  135. package/prisma/skills/cpp-testing/SKILL.md +0 -325
  136. package/prisma/skills/crosspost/SKILL.md +0 -112
  137. package/prisma/skills/csharp-testing/SKILL.md +0 -322
  138. package/prisma/skills/customer-billing-ops/SKILL.md +0 -141
  139. package/prisma/skills/customs-trade-compliance/SKILL.md +0 -263
  140. package/prisma/skills/dart-flutter-patterns/SKILL.md +0 -564
  141. package/prisma/skills/dashboard-builder/SKILL.md +0 -109
  142. package/prisma/skills/data-scraper-agent/SKILL.md +0 -765
  143. package/prisma/skills/data-throughput-accelerator/SKILL.md +0 -73
  144. package/prisma/skills/database-migrations/SKILL.md +0 -430
  145. package/prisma/skills/deep-research/SKILL.md +0 -160
  146. package/prisma/skills/defi-amm-security/SKILL.md +0 -167
  147. package/prisma/skills/delivery-gate/SKILL.md +0 -126
  148. package/prisma/skills/delivery-gate/hooks/quality-gate.py +0 -220
  149. package/prisma/skills/deployment-patterns/SKILL.md +0 -428
  150. package/prisma/skills/design-system/SKILL.md +0 -83
  151. package/prisma/skills/django-celery/SKILL.md +0 -458
  152. package/prisma/skills/django-patterns/SKILL.md +0 -735
  153. package/prisma/skills/django-security/SKILL.md +0 -644
  154. package/prisma/skills/django-tdd/SKILL.md +0 -730
  155. package/prisma/skills/django-verification/SKILL.md +0 -470
  156. package/prisma/skills/dmux-workflows/SKILL.md +0 -192
  157. package/prisma/skills/docker-patterns/SKILL.md +0 -365
  158. package/prisma/skills/documentation-lookup/SKILL.md +0 -91
  159. package/prisma/skills/dotnet-patterns/SKILL.md +0 -322
  160. package/prisma/skills/dynamic-workflow-mode/SKILL.md +0 -124
  161. package/prisma/skills/e2e-testing/SKILL.md +0 -327
  162. package/prisma/skills/ecc-guide/SKILL.md +0 -190
  163. package/prisma/skills/ecc-recipes/SKILL.md +0 -149
  164. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +0 -161
  165. package/prisma/skills/email-ops/SKILL.md +0 -122
  166. package/prisma/skills/energy-procurement/SKILL.md +0 -228
  167. package/prisma/skills/enterprise-agent-ops/SKILL.md +0 -51
  168. package/prisma/skills/error-handling/SKILL.md +0 -377
  169. package/prisma/skills/eval-harness/SKILL.md +0 -271
  170. package/prisma/skills/evm-token-decimals/SKILL.md +0 -131
  171. package/prisma/skills/exa-search/SKILL.md +0 -108
  172. package/prisma/skills/fal-ai-media/SKILL.md +0 -289
  173. package/prisma/skills/fastapi-patterns/SKILL.md +0 -514
  174. package/prisma/skills/finance-billing-ops/SKILL.md +0 -128
  175. package/prisma/skills/flox-environments/SKILL.md +0 -497
  176. package/prisma/skills/flutter-dart-code-review/SKILL.md +0 -436
  177. package/prisma/skills/foundation-models-on-device/SKILL.md +0 -243
  178. package/prisma/skills/frontend-a11y/SKILL.md +0 -446
  179. package/prisma/skills/frontend-design-direction/SKILL.md +0 -93
  180. package/prisma/skills/frontend-patterns/SKILL.md +0 -657
  181. package/prisma/skills/frontend-slides/SKILL.md +0 -185
  182. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +0 -330
  183. package/prisma/skills/frontend-slides/animation-patterns.md +0 -122
  184. package/prisma/skills/frontend-slides/html-template.md +0 -419
  185. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +0 -418
  186. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +0 -96
  187. package/prisma/skills/frontend-slides/viewport-base.css +0 -153
  188. package/prisma/skills/fsharp-testing/SKILL.md +0 -281
  189. package/prisma/skills/gan-style-harness/SKILL.md +0 -279
  190. package/prisma/skills/gateguard/SKILL.md +0 -133
  191. package/prisma/skills/generating-python-installer/SKILL.md +0 -820
  192. package/prisma/skills/git-workflow/SKILL.md +0 -716
  193. package/prisma/skills/github-ops/SKILL.md +0 -145
  194. package/prisma/skills/golang-patterns/SKILL.md +0 -675
  195. package/prisma/skills/golang-testing/SKILL.md +0 -721
  196. package/prisma/skills/google-workspace-ops/SKILL.md +0 -96
  197. package/prisma/skills/growth-log/SKILL.md +0 -128
  198. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +0 -246
  199. package/prisma/skills/healthcare-emr-patterns/SKILL.md +0 -160
  200. package/prisma/skills/healthcare-eval-harness/SKILL.md +0 -208
  201. package/prisma/skills/healthcare-phi-compliance/SKILL.md +0 -146
  202. package/prisma/skills/hermes-imports/SKILL.md +0 -89
  203. package/prisma/skills/hexagonal-architecture/SKILL.md +0 -277
  204. package/prisma/skills/hipaa-compliance/SKILL.md +0 -79
  205. package/prisma/skills/homelab-network-readiness/SKILL.md +0 -170
  206. package/prisma/skills/homelab-network-setup/SKILL.md +0 -130
  207. package/prisma/skills/homelab-pihole-dns/SKILL.md +0 -275
  208. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +0 -312
  209. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +0 -306
  210. package/prisma/skills/hookify-rules/SKILL.md +0 -128
  211. package/prisma/skills/inherit-legacy-style/SKILL.md +0 -157
  212. package/prisma/skills/intent-driven-development/SKILL.md +0 -360
  213. package/prisma/skills/inventory-demand-planning/SKILL.md +0 -247
  214. package/prisma/skills/investor-materials/SKILL.md +0 -97
  215. package/prisma/skills/investor-outreach/SKILL.md +0 -92
  216. package/prisma/skills/ios-icon-gen/SKILL.md +0 -158
  217. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +0 -258
  218. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +0 -235
  219. package/prisma/skills/iterative-retrieval/SKILL.md +0 -212
  220. package/prisma/skills/ito-basket-compare/SKILL.md +0 -64
  221. package/prisma/skills/ito-data-atlas-agent/SKILL.md +0 -64
  222. package/prisma/skills/ito-market-intelligence/SKILL.md +0 -61
  223. package/prisma/skills/ito-trade-planner/SKILL.md +0 -68
  224. package/prisma/skills/java-coding-standards/SKILL.md +0 -384
  225. package/prisma/skills/jira-integration/SKILL.md +0 -303
  226. package/prisma/skills/jpa-patterns/SKILL.md +0 -152
  227. package/prisma/skills/knowledge-ops/SKILL.md +0 -155
  228. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +0 -285
  229. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +0 -720
  230. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +0 -690
  231. package/prisma/skills/kotlin-patterns/SKILL.md +0 -712
  232. package/prisma/skills/kotlin-testing/SKILL.md +0 -825
  233. package/prisma/skills/kubernetes-patterns/SKILL.md +0 -756
  234. package/prisma/skills/laravel-patterns/SKILL.md +0 -416
  235. package/prisma/skills/laravel-plugin-discovery/SKILL.md +0 -230
  236. package/prisma/skills/laravel-security/SKILL.md +0 -948
  237. package/prisma/skills/laravel-tdd/SKILL.md +0 -675
  238. package/prisma/skills/laravel-verification/SKILL.md +0 -180
  239. package/prisma/skills/latency-critical-systems/SKILL.md +0 -74
  240. package/prisma/skills/lead-intelligence/SKILL.md +0 -322
  241. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +0 -85
  242. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +0 -75
  243. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +0 -98
  244. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +0 -60
  245. package/prisma/skills/liquid-glass-design/SKILL.md +0 -279
  246. package/prisma/skills/llm-trading-agent-security/SKILL.md +0 -147
  247. package/prisma/skills/logistics-exception-management/SKILL.md +0 -222
  248. package/prisma/skills/loop-design-check/SKILL.md +0 -143
  249. package/prisma/skills/mailtrap-email-integration/SKILL.md +0 -77
  250. package/prisma/skills/make-interfaces-feel-better/SKILL.md +0 -152
  251. package/prisma/skills/manim-video/SKILL.md +0 -90
  252. package/prisma/skills/manim-video/assets/network_graph_scene.py +0 -52
  253. package/prisma/skills/market-research/SKILL.md +0 -76
  254. package/prisma/skills/marketing-campaign/SKILL.md +0 -114
  255. package/prisma/skills/mcp-server-patterns/SKILL.md +0 -70
  256. package/prisma/skills/messages-ops/SKILL.md +0 -105
  257. package/prisma/skills/ml-adoption-playbook/SKILL.md +0 -57
  258. package/prisma/skills/mle-workflow/SKILL.md +0 -347
  259. package/prisma/skills/motion-advanced/SKILL.md +0 -596
  260. package/prisma/skills/motion-foundations/SKILL.md +0 -299
  261. package/prisma/skills/motion-patterns/SKILL.md +0 -434
  262. package/prisma/skills/motion-ui/SKILL.md +0 -576
  263. package/prisma/skills/mysql-patterns/SKILL.md +0 -413
  264. package/prisma/skills/nanoclaw-repl/SKILL.md +0 -34
  265. package/prisma/skills/nestjs-patterns/SKILL.md +0 -231
  266. package/prisma/skills/netmiko-ssh-automation/SKILL.md +0 -174
  267. package/prisma/skills/network-bgp-diagnostics/SKILL.md +0 -168
  268. package/prisma/skills/network-config-validation/SKILL.md +0 -211
  269. package/prisma/skills/network-interface-health/SKILL.md +0 -153
  270. package/prisma/skills/nextjs-turbopack/SKILL.md +0 -58
  271. package/prisma/skills/nodejs-keccak256/SKILL.md +0 -103
  272. package/prisma/skills/nutrient-document-processing/SKILL.md +0 -168
  273. package/prisma/skills/nuxt4-patterns/SKILL.md +0 -101
  274. package/prisma/skills/openclaw-persona-forge/SKILL.md +0 -289
  275. package/prisma/skills/openclaw-persona-forge/gacha.py +0 -224
  276. package/prisma/skills/openclaw-persona-forge/gacha.sh +0 -5
  277. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +0 -124
  278. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +0 -53
  279. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +0 -53
  280. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +0 -48
  281. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +0 -39
  282. package/prisma/skills/openclaw-persona-forge/references/output-template.md +0 -166
  283. package/prisma/skills/opensource-pipeline/SKILL.md +0 -256
  284. package/prisma/skills/orch-add-feature/SKILL.md +0 -45
  285. package/prisma/skills/orch-build-mvp/SKILL.md +0 -49
  286. package/prisma/skills/orch-change-feature/SKILL.md +0 -43
  287. package/prisma/skills/orch-fix-defect/SKILL.md +0 -43
  288. package/prisma/skills/orch-pipeline/SKILL.md +0 -121
  289. package/prisma/skills/orch-refine-code/SKILL.md +0 -44
  290. package/prisma/skills/parallel-execution-optimizer/SKILL.md +0 -73
  291. package/prisma/skills/perl-patterns/SKILL.md +0 -505
  292. package/prisma/skills/perl-security/SKILL.md +0 -504
  293. package/prisma/skills/perl-testing/SKILL.md +0 -476
  294. package/prisma/skills/plan-orchestrate/SKILL.md +0 -263
  295. package/prisma/skills/plankton-code-quality/SKILL.md +0 -237
  296. package/prisma/skills/postgres-patterns/SKILL.md +0 -148
  297. package/prisma/skills/prediction-market-oracle-research/SKILL.md +0 -64
  298. package/prisma/skills/prediction-market-risk-review/SKILL.md +0 -61
  299. package/prisma/skills/prisma-patterns/SKILL.md +0 -401
  300. package/prisma/skills/product-capability/SKILL.md +0 -142
  301. package/prisma/skills/product-lens/SKILL.md +0 -93
  302. package/prisma/skills/production-audit/SKILL.md +0 -207
  303. package/prisma/skills/production-scheduling/SKILL.md +0 -238
  304. package/prisma/skills/project-flow-ops/SKILL.md +0 -112
  305. package/prisma/skills/prompt-optimizer/SKILL.md +0 -398
  306. package/prisma/skills/python-patterns/SKILL.md +0 -751
  307. package/prisma/skills/python-testing/SKILL.md +0 -817
  308. package/prisma/skills/pytorch-patterns/SKILL.md +0 -397
  309. package/prisma/skills/quality-nonconformance/SKILL.md +0 -260
  310. package/prisma/skills/quarkus-patterns/SKILL.md +0 -723
  311. package/prisma/skills/quarkus-security/SKILL.md +0 -468
  312. package/prisma/skills/quarkus-tdd/SKILL.md +0 -812
  313. package/prisma/skills/quarkus-verification/SKILL.md +0 -480
  314. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +0 -68
  315. package/prisma/skills/react-native-patterns/SKILL.md +0 -326
  316. package/prisma/skills/react-patterns/SKILL.md +0 -342
  317. package/prisma/skills/react-performance/SKILL.md +0 -575
  318. package/prisma/skills/react-testing/SKILL.md +0 -424
  319. package/prisma/skills/recsys-pipeline-architect/SKILL.md +0 -115
  320. package/prisma/skills/recursive-decision-ledger/SKILL.md +0 -80
  321. package/prisma/skills/redis-patterns/SKILL.md +0 -404
  322. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +0 -221
  323. package/prisma/skills/remotion-video-creation/SKILL.md +0 -43
  324. package/prisma/skills/remotion-video-creation/rules/3d.md +0 -86
  325. package/prisma/skills/remotion-video-creation/rules/animations.md +0 -29
  326. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +0 -173
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +0 -100
  328. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +0 -108
  329. package/prisma/skills/remotion-video-creation/rules/assets.md +0 -78
  330. package/prisma/skills/remotion-video-creation/rules/audio.md +0 -172
  331. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +0 -104
  332. package/prisma/skills/remotion-video-creation/rules/can-decode.md +0 -75
  333. package/prisma/skills/remotion-video-creation/rules/charts.md +0 -58
  334. package/prisma/skills/remotion-video-creation/rules/compositions.md +0 -146
  335. package/prisma/skills/remotion-video-creation/rules/display-captions.md +0 -126
  336. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +0 -229
  337. package/prisma/skills/remotion-video-creation/rules/fonts.md +0 -152
  338. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +0 -58
  339. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +0 -68
  340. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +0 -58
  341. package/prisma/skills/remotion-video-creation/rules/gifs.md +0 -138
  342. package/prisma/skills/remotion-video-creation/rules/images.md +0 -130
  343. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +0 -67
  344. package/prisma/skills/remotion-video-creation/rules/lottie.md +0 -67
  345. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +0 -34
  346. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +0 -143
  347. package/prisma/skills/remotion-video-creation/rules/sequencing.md +0 -106
  348. package/prisma/skills/remotion-video-creation/rules/tailwind.md +0 -11
  349. package/prisma/skills/remotion-video-creation/rules/text-animations.md +0 -20
  350. package/prisma/skills/remotion-video-creation/rules/timing.md +0 -179
  351. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +0 -19
  352. package/prisma/skills/remotion-video-creation/rules/transitions.md +0 -122
  353. package/prisma/skills/remotion-video-creation/rules/trimming.md +0 -52
  354. package/prisma/skills/remotion-video-creation/rules/videos.md +0 -171
  355. package/prisma/skills/repo-scan/SKILL.md +0 -79
  356. package/prisma/skills/research-ops/SKILL.md +0 -113
  357. package/prisma/skills/returns-reverse-logistics/SKILL.md +0 -240
  358. package/prisma/skills/rules-distill/SKILL.md +0 -265
  359. package/prisma/skills/rules-distill/scripts/scan-rules.sh +0 -58
  360. package/prisma/skills/rules-distill/scripts/scan-skills.sh +0 -129
  361. package/prisma/skills/rust-patterns/SKILL.md +0 -500
  362. package/prisma/skills/rust-testing/SKILL.md +0 -501
  363. package/prisma/skills/safety-guard/SKILL.md +0 -76
  364. package/prisma/skills/santa-method/SKILL.md +0 -307
  365. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +0 -176
  366. package/prisma/skills/scientific-db-uspto-database/SKILL.md +0 -178
  367. package/prisma/skills/scientific-pkg-gget/SKILL.md +0 -167
  368. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +0 -193
  369. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +0 -161
  370. package/prisma/skills/search-first/SKILL.md +0 -183
  371. package/prisma/skills/security-bounty-hunter/SKILL.md +0 -100
  372. package/prisma/skills/security-review/SKILL.md +0 -504
  373. package/prisma/skills/security-review/cloud-infrastructure-security.md +0 -361
  374. package/prisma/skills/security-scan/SKILL.md +0 -166
  375. package/prisma/skills/seo/SKILL.md +0 -155
  376. package/prisma/skills/skill-comply/SKILL.md +0 -59
  377. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +0 -5
  378. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +0 -3
  379. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +0 -44
  380. package/prisma/skills/skill-comply/prompts/classifier.md +0 -24
  381. package/prisma/skills/skill-comply/prompts/scenario_generator.md +0 -62
  382. package/prisma/skills/skill-comply/prompts/spec_generator.md +0 -42
  383. package/prisma/skills/skill-comply/pyproject.toml +0 -15
  384. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  385. package/prisma/skills/skill-comply/scripts/classifier.py +0 -85
  386. package/prisma/skills/skill-comply/scripts/grader.py +0 -124
  387. package/prisma/skills/skill-comply/scripts/parser.py +0 -107
  388. package/prisma/skills/skill-comply/scripts/report.py +0 -170
  389. package/prisma/skills/skill-comply/scripts/run.py +0 -127
  390. package/prisma/skills/skill-comply/scripts/runner.py +0 -194
  391. package/prisma/skills/skill-comply/scripts/scenario_generator.py +0 -70
  392. package/prisma/skills/skill-comply/scripts/spec_generator.py +0 -72
  393. package/prisma/skills/skill-comply/scripts/utils.py +0 -13
  394. package/prisma/skills/skill-comply/tests/test_grader.py +0 -197
  395. package/prisma/skills/skill-comply/tests/test_parser.py +0 -90
  396. package/prisma/skills/skill-comply/tests/test_runner.py +0 -172
  397. package/prisma/skills/skill-scout/SKILL.md +0 -141
  398. package/prisma/skills/skill-stocktake/SKILL.md +0 -195
  399. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +0 -87
  400. package/prisma/skills/skill-stocktake/scripts/save-results.sh +0 -56
  401. package/prisma/skills/skill-stocktake/scripts/scan.sh +0 -170
  402. package/prisma/skills/social-graph-ranker/SKILL.md +0 -155
  403. package/prisma/skills/social-publisher/SKILL.md +0 -130
  404. package/prisma/skills/springboot-patterns/SKILL.md +0 -315
  405. package/prisma/skills/springboot-security/SKILL.md +0 -273
  406. package/prisma/skills/springboot-tdd/SKILL.md +0 -159
  407. package/prisma/skills/springboot-verification/SKILL.md +0 -232
  408. package/prisma/skills/strategic-compact/SKILL.md +0 -136
  409. package/prisma/skills/swift-actor-persistence/SKILL.md +0 -144
  410. package/prisma/skills/swift-concurrency-6-2/SKILL.md +0 -216
  411. package/prisma/skills/swift-protocol-di-testing/SKILL.md +0 -191
  412. package/prisma/skills/swiftui-patterns/SKILL.md +0 -259
  413. package/prisma/skills/taste/SKILL.md +0 -264
  414. package/prisma/skills/taste/references/genre-taxonomy.md +0 -87
  415. package/prisma/skills/tdd-workflow/SKILL.md +0 -583
  416. package/prisma/skills/team-agent-orchestration/SKILL.md +0 -111
  417. package/prisma/skills/team-builder/SKILL.md +0 -169
  418. package/prisma/skills/terminal-ops/SKILL.md +0 -110
  419. package/prisma/skills/tinystruct-patterns/SKILL.md +0 -279
  420. package/prisma/skills/tinystruct-patterns/references/architecture.md +0 -90
  421. package/prisma/skills/tinystruct-patterns/references/data-handling.md +0 -60
  422. package/prisma/skills/tinystruct-patterns/references/database.md +0 -99
  423. package/prisma/skills/tinystruct-patterns/references/routing.md +0 -64
  424. package/prisma/skills/tinystruct-patterns/references/system-usage.md +0 -97
  425. package/prisma/skills/tinystruct-patterns/references/testing.md +0 -72
  426. package/prisma/skills/token-budget-advisor/SKILL.md +0 -134
  427. package/prisma/skills/ui-demo/SKILL.md +0 -466
  428. package/prisma/skills/ui-to-vue/SKILL.md +0 -135
  429. package/prisma/skills/uncloud/SKILL.md +0 -344
  430. package/prisma/skills/unified-notifications-ops/SKILL.md +0 -188
  431. package/prisma/skills/verification-loop/SKILL.md +0 -127
  432. package/prisma/skills/video-editing/SKILL.md +0 -311
  433. package/prisma/skills/videodb/SKILL.md +0 -375
  434. package/prisma/skills/videodb/reference/api-reference.md +0 -550
  435. package/prisma/skills/videodb/reference/capture-reference.md +0 -407
  436. package/prisma/skills/videodb/reference/capture.md +0 -101
  437. package/prisma/skills/videodb/reference/editor.md +0 -443
  438. package/prisma/skills/videodb/reference/generative.md +0 -331
  439. package/prisma/skills/videodb/reference/rtstream-reference.md +0 -564
  440. package/prisma/skills/videodb/reference/rtstream.md +0 -65
  441. package/prisma/skills/videodb/reference/search.md +0 -230
  442. package/prisma/skills/videodb/reference/streaming.md +0 -406
  443. package/prisma/skills/videodb/reference/use-cases.md +0 -118
  444. package/prisma/skills/videodb/scripts/ws_listener.py +0 -282
  445. package/prisma/skills/visa-doc-translate/README.md +0 -86
  446. package/prisma/skills/visa-doc-translate/SKILL.md +0 -117
  447. package/prisma/skills/vite-patterns/SKILL.md +0 -450
  448. package/prisma/skills/vue-patterns/SKILL.md +0 -471
  449. package/prisma/skills/windows-desktop-e2e/SKILL.md +0 -888
  450. package/prisma/skills/workspace-surface-audit/SKILL.md +0 -126
  451. package/prisma/skills/x-api/SKILL.md +0 -235
@@ -1,504 +0,0 @@
1
- ---
2
- name: perl-security
3
- description: Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web security (XSS/SQLi/CSRF), and perlcritic security policies.
4
- metadata:
5
- origin: ECC
6
- ---
7
-
8
- # Perl Security Patterns
9
-
10
- Comprehensive security guidelines for Perl applications covering input validation, injection prevention, and secure coding practices.
11
-
12
- ## When to Activate
13
-
14
- - Handling user input in Perl applications
15
- - Building Perl web applications (CGI, Mojolicious, Dancer2, Catalyst)
16
- - Reviewing Perl code for security vulnerabilities
17
- - Performing file operations with user-supplied paths
18
- - Executing system commands from Perl
19
- - Writing DBI database queries
20
-
21
- ## How It Works
22
-
23
- Start with taint-aware input boundaries, then move outward: validate and untaint inputs, keep filesystem and process execution constrained, and use parameterized DBI queries everywhere. The examples below show the safe defaults this skill expects you to apply before shipping Perl code that touches user input, the shell, or the network.
24
-
25
- ## Taint Mode
26
-
27
- Perl's taint mode (`-T`) tracks data from external sources and prevents it from being used in unsafe operations without explicit validation.
28
-
29
- ### Enabling Taint Mode
30
-
31
- ```perl
32
- #!/usr/bin/perl -T
33
- use v5.36;
34
-
35
- # Tainted: anything from outside the program
36
- my $input = $ARGV[0]; # Tainted
37
- my $env_path = $ENV{PATH}; # Tainted
38
- my $form = <STDIN>; # Tainted
39
- my $query = $ENV{QUERY_STRING}; # Tainted
40
-
41
- # Sanitize PATH early (required in taint mode)
42
- $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin';
43
- delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
44
- ```
45
-
46
- ### Untainting Pattern
47
-
48
- ```perl
49
- use v5.36;
50
-
51
- # Good: Validate and untaint with a specific regex
52
- sub untaint_username($input) {
53
- if ($input =~ /^([a-zA-Z0-9_]{3,30})$/) {
54
- return $1; # $1 is untainted
55
- }
56
- die "Invalid username: must be 3-30 alphanumeric characters\n";
57
- }
58
-
59
- # Good: Validate and untaint a file path
60
- sub untaint_filename($input) {
61
- if ($input =~ m{^([a-zA-Z0-9._-]+)$}) {
62
- return $1;
63
- }
64
- die "Invalid filename: contains unsafe characters\n";
65
- }
66
-
67
- # Bad: Overly permissive untainting (defeats the purpose)
68
- sub bad_untaint($input) {
69
- $input =~ /^(.*)$/s;
70
- return $1; # Accepts ANYTHING — pointless
71
- }
72
- ```
73
-
74
- ## Input Validation
75
-
76
- ### Allowlist Over Blocklist
77
-
78
- ```perl
79
- use v5.36;
80
-
81
- # Good: Allowlist — define exactly what's permitted
82
- sub validate_sort_field($field) {
83
- my %allowed = map { $_ => 1 } qw(name email created_at updated_at);
84
- die "Invalid sort field: $field\n" unless $allowed{$field};
85
- return $field;
86
- }
87
-
88
- # Good: Validate with specific patterns
89
- sub validate_email($email) {
90
- if ($email =~ /^([a-zA-Z0-9._%+-]+\@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})$/) {
91
- return $1;
92
- }
93
- die "Invalid email address\n";
94
- }
95
-
96
- sub validate_integer($input) {
97
- if ($input =~ /^(-?\d{1,10})$/) {
98
- return $1 + 0; # Coerce to number
99
- }
100
- die "Invalid integer\n";
101
- }
102
-
103
- # Bad: Blocklist — always incomplete
104
- sub bad_validate($input) {
105
- die "Invalid" if $input =~ /[<>"';&|]/; # Misses encoded attacks
106
- return $input;
107
- }
108
- ```
109
-
110
- ### Length Constraints
111
-
112
- ```perl
113
- use v5.36;
114
-
115
- sub validate_comment($text) {
116
- die "Comment is required\n" unless length($text) > 0;
117
- die "Comment exceeds 10000 chars\n" if length($text) > 10_000;
118
- return $text;
119
- }
120
- ```
121
-
122
- ## Safe Regular Expressions
123
-
124
- ### ReDoS Prevention
125
-
126
- Catastrophic backtracking occurs with nested quantifiers on overlapping patterns.
127
-
128
- ```perl
129
- use v5.36;
130
-
131
- # Bad: Vulnerable to ReDoS (exponential backtracking)
132
- my $bad_re = qr/^(a+)+$/; # Nested quantifiers
133
- my $bad_re2 = qr/^([a-zA-Z]+)*$/; # Nested quantifiers on class
134
- my $bad_re3 = qr/^(.*?,){10,}$/; # Repeated greedy/lazy combo
135
-
136
- # Good: Rewrite without nesting
137
- my $good_re = qr/^a+$/; # Single quantifier
138
- my $good_re2 = qr/^[a-zA-Z]+$/; # Single quantifier on class
139
-
140
- # Good: Use possessive quantifiers or atomic groups to prevent backtracking
141
- my $safe_re = qr/^[a-zA-Z]++$/; # Possessive (5.10+)
142
- my $safe_re2 = qr/^(?>a+)$/; # Atomic group
143
-
144
- # Good: Enforce timeout on untrusted patterns
145
- use POSIX qw(alarm);
146
- sub safe_match($string, $pattern, $timeout = 2) {
147
- my $matched;
148
- eval {
149
- local $SIG{ALRM} = sub { die "Regex timeout\n" };
150
- alarm($timeout);
151
- $matched = $string =~ $pattern;
152
- alarm(0);
153
- };
154
- alarm(0);
155
- die $@ if $@;
156
- return $matched;
157
- }
158
- ```
159
-
160
- ## Safe File Operations
161
-
162
- ### Three-Argument Open
163
-
164
- ```perl
165
- use v5.36;
166
-
167
- # Good: Three-arg open, lexical filehandle, check return
168
- sub read_file($path) {
169
- open my $fh, '<:encoding(UTF-8)', $path
170
- or die "Cannot open '$path': $!\n";
171
- local $/;
172
- my $content = <$fh>;
173
- close $fh;
174
- return $content;
175
- }
176
-
177
- # Bad: Two-arg open with user data (command injection)
178
- sub bad_read($path) {
179
- open my $fh, $path; # If $path = "|rm -rf /", runs command!
180
- open my $fh, "< $path"; # Shell metacharacter injection
181
- }
182
- ```
183
-
184
- ### TOCTOU Prevention and Path Traversal
185
-
186
- ```perl
187
- use v5.36;
188
- use Fcntl qw(:DEFAULT :flock);
189
- use File::Spec;
190
- use Cwd qw(realpath);
191
-
192
- # Atomic file creation
193
- sub create_file_safe($path) {
194
- sysopen(my $fh, $path, O_WRONLY | O_CREAT | O_EXCL, 0600)
195
- or die "Cannot create '$path': $!\n";
196
- return $fh;
197
- }
198
-
199
- # Validate path stays within allowed directory
200
- sub safe_path($base_dir, $user_path) {
201
- my $real = realpath(File::Spec->catfile($base_dir, $user_path))
202
- // die "Path does not exist\n";
203
- my $base_real = realpath($base_dir)
204
- // die "Base dir does not exist\n";
205
- die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E(?:\/|\z)/;
206
- return $real;
207
- }
208
- ```
209
-
210
- Use `File::Temp` for temporary files (`tempfile(UNLINK => 1)`) and `flock(LOCK_EX)` to prevent race conditions.
211
-
212
- ## Safe Process Execution
213
-
214
- ### List-Form system and exec
215
-
216
- ```perl
217
- use v5.36;
218
-
219
- # Good: List form — no shell interpolation
220
- sub run_command(@cmd) {
221
- system(@cmd) == 0
222
- or die "Command failed: @cmd\n";
223
- }
224
-
225
- run_command('grep', '-r', $user_pattern, '/var/log/app/');
226
-
227
- # Good: Capture output safely with IPC::Run3
228
- use IPC::Run3;
229
- sub capture_output(@cmd) {
230
- my ($stdout, $stderr);
231
- run3(\@cmd, \undef, \$stdout, \$stderr);
232
- if ($?) {
233
- die "Command failed (exit $?): $stderr\n";
234
- }
235
- return $stdout;
236
- }
237
-
238
- # Bad: String form — shell injection!
239
- sub bad_search($pattern) {
240
- system("grep -r '$pattern' /var/log/app/"); # If $pattern = "'; rm -rf / #"
241
- }
242
-
243
- # Bad: Backticks with interpolation
244
- my $output = `ls $user_dir`; # Shell injection risk
245
- ```
246
-
247
- Also use `Capture::Tiny` for capturing stdout/stderr from external commands safely.
248
-
249
- ## SQL Injection Prevention
250
-
251
- ### DBI Placeholders
252
-
253
- ```perl
254
- use v5.36;
255
- use DBI;
256
-
257
- my $dbh = DBI->connect($dsn, $user, $pass, {
258
- RaiseError => 1,
259
- PrintError => 0,
260
- AutoCommit => 1,
261
- });
262
-
263
- # Good: Parameterized queries — always use placeholders
264
- sub find_user($dbh, $email) {
265
- my $sth = $dbh->prepare('SELECT * FROM users WHERE email = ?');
266
- $sth->execute($email);
267
- return $sth->fetchrow_hashref;
268
- }
269
-
270
- sub search_users($dbh, $name, $status) {
271
- my $sth = $dbh->prepare(
272
- 'SELECT * FROM users WHERE name LIKE ? AND status = ? ORDER BY name'
273
- );
274
- $sth->execute("%$name%", $status);
275
- return $sth->fetchall_arrayref({});
276
- }
277
-
278
- # Bad: String interpolation in SQL (SQLi vulnerability!)
279
- sub bad_find($dbh, $email) {
280
- my $sth = $dbh->prepare("SELECT * FROM users WHERE email = '$email'");
281
- # If $email = "' OR 1=1 --", returns all users
282
- $sth->execute;
283
- return $sth->fetchrow_hashref;
284
- }
285
- ```
286
-
287
- ### Dynamic Column Allowlists
288
-
289
- ```perl
290
- use v5.36;
291
-
292
- # Good: Validate column names against an allowlist
293
- sub order_by($dbh, $column, $direction) {
294
- my %allowed_cols = map { $_ => 1 } qw(name email created_at);
295
- my %allowed_dirs = map { $_ => 1 } qw(ASC DESC);
296
-
297
- die "Invalid column: $column\n" unless $allowed_cols{$column};
298
- die "Invalid direction: $direction\n" unless $allowed_dirs{uc $direction};
299
-
300
- my $sth = $dbh->prepare("SELECT * FROM users ORDER BY $column $direction");
301
- $sth->execute;
302
- return $sth->fetchall_arrayref({});
303
- }
304
-
305
- # Bad: Directly interpolating user-chosen column
306
- sub bad_order($dbh, $column) {
307
- $dbh->prepare("SELECT * FROM users ORDER BY $column"); # SQLi!
308
- }
309
- ```
310
-
311
- ### DBIx::Class (ORM Safety)
312
-
313
- ```perl
314
- use v5.36;
315
-
316
- # DBIx::Class generates safe parameterized queries
317
- my @users = $schema->resultset('User')->search({
318
- status => 'active',
319
- email => { -like => '%@example.com' },
320
- }, {
321
- order_by => { -asc => 'name' },
322
- rows => 50,
323
- });
324
- ```
325
-
326
- ## Web Security
327
-
328
- ### XSS Prevention
329
-
330
- ```perl
331
- use v5.36;
332
- use HTML::Entities qw(encode_entities);
333
- use URI::Escape qw(uri_escape_utf8);
334
-
335
- # Good: Encode output for HTML context
336
- sub safe_html($user_input) {
337
- return encode_entities($user_input);
338
- }
339
-
340
- # Good: Encode for URL context
341
- sub safe_url_param($value) {
342
- return uri_escape_utf8($value);
343
- }
344
-
345
- # Good: Encode for JSON context
346
- use JSON::MaybeXS qw(encode_json);
347
- sub safe_json($data) {
348
- return encode_json($data); # Handles escaping
349
- }
350
-
351
- # Template auto-escaping (Mojolicious)
352
- # <%= $user_input %> — auto-escaped (safe)
353
- # <%== $raw_html %> — raw output (dangerous, use only for trusted content)
354
-
355
- # Template auto-escaping (Template Toolkit)
356
- # [% user_input | html %] — explicit HTML encoding
357
-
358
- # Bad: Raw output in HTML
359
- sub bad_html($input) {
360
- print "<div>$input</div>"; # XSS if $input contains <script>
361
- }
362
- ```
363
-
364
- ### CSRF Protection
365
-
366
- ```perl
367
- use v5.36;
368
- use Crypt::URandom qw(urandom);
369
- use MIME::Base64 qw(encode_base64url);
370
-
371
- sub generate_csrf_token() {
372
- return encode_base64url(urandom(32));
373
- }
374
- ```
375
-
376
- Use constant-time comparison when verifying tokens. Most web frameworks (Mojolicious, Dancer2, Catalyst) provide built-in CSRF protection — prefer those over hand-rolled solutions.
377
-
378
- ### Session and Header Security
379
-
380
- ```perl
381
- use v5.36;
382
-
383
- # Mojolicious session + headers
384
- $app->secrets(['long-random-secret-rotated-regularly']);
385
- $app->sessions->secure(1); # HTTPS only
386
- $app->sessions->samesite('Lax');
387
-
388
- $app->hook(after_dispatch => sub ($c) {
389
- $c->res->headers->header('X-Content-Type-Options' => 'nosniff');
390
- $c->res->headers->header('X-Frame-Options' => 'DENY');
391
- $c->res->headers->header('Content-Security-Policy' => "default-src 'self'");
392
- $c->res->headers->header('Strict-Transport-Security' => 'max-age=31536000; includeSubDomains');
393
- });
394
- ```
395
-
396
- ## Output Encoding
397
-
398
- Always encode output for its context: `HTML::Entities::encode_entities()` for HTML, `URI::Escape::uri_escape_utf8()` for URLs, `JSON::MaybeXS::encode_json()` for JSON.
399
-
400
- ## CPAN Module Security
401
-
402
- - **Pin versions** in cpanfile: `requires 'DBI', '== 1.643';`
403
- - **Prefer maintained modules**: Check MetaCPAN for recent releases
404
- - **Minimize dependencies**: Each dependency is an attack surface
405
-
406
- ## Security Tooling
407
-
408
- ### perlcritic Security Policies
409
-
410
- ```ini
411
- # .perlcriticrc — security-focused configuration
412
- severity = 3
413
- theme = security + core
414
-
415
- # Require three-arg open
416
- [InputOutput::RequireThreeArgOpen]
417
- severity = 5
418
-
419
- # Require checked system calls
420
- [InputOutput::RequireCheckedSyscalls]
421
- functions = :builtins
422
- severity = 4
423
-
424
- # Prohibit string eval
425
- [BuiltinFunctions::ProhibitStringyEval]
426
- severity = 5
427
-
428
- # Prohibit backtick operators
429
- [InputOutput::ProhibitBacktickOperators]
430
- severity = 4
431
-
432
- # Require taint checking in CGI
433
- [Modules::RequireTaintChecking]
434
- severity = 5
435
-
436
- # Prohibit two-arg open
437
- [InputOutput::ProhibitTwoArgOpen]
438
- severity = 5
439
-
440
- # Prohibit bare-word filehandles
441
- [InputOutput::ProhibitBarewordFileHandles]
442
- severity = 5
443
- ```
444
-
445
- ### Running perlcritic
446
-
447
- ```bash
448
- # Check a file
449
- perlcritic --severity 3 --theme security lib/MyApp/Handler.pm
450
-
451
- # Check entire project
452
- perlcritic --severity 3 --theme security lib/
453
-
454
- # CI integration
455
- perlcritic --severity 4 --theme security --quiet lib/ || exit 1
456
- ```
457
-
458
- ## Quick Security Checklist
459
-
460
- | Check | What to Verify |
461
- |---|---|
462
- | Taint mode | `-T` flag on CGI/web scripts |
463
- | Input validation | Allowlist patterns, length limits |
464
- | File operations | Three-arg open, path traversal checks |
465
- | Process execution | List-form system, no shell interpolation |
466
- | SQL queries | DBI placeholders, never interpolate |
467
- | HTML output | `encode_entities()`, template auto-escape |
468
- | CSRF tokens | Generated, verified on state-changing requests |
469
- | Session config | Secure, HttpOnly, SameSite cookies |
470
- | HTTP headers | CSP, X-Frame-Options, HSTS |
471
- | Dependencies | Pinned versions, audited modules |
472
- | Regex safety | No nested quantifiers, anchored patterns |
473
- | Error messages | No stack traces or paths leaked to users |
474
-
475
- ## Anti-Patterns
476
-
477
- ```perl
478
- # 1. Two-arg open with user data (command injection)
479
- open my $fh, $user_input; # CRITICAL vulnerability
480
-
481
- # 2. String-form system (shell injection)
482
- system("convert $user_file output.png"); # CRITICAL vulnerability
483
-
484
- # 3. SQL string interpolation
485
- $dbh->do("DELETE FROM users WHERE id = $id"); # SQLi
486
-
487
- # 4. eval with user input (code injection)
488
- eval $user_code; # Remote code execution
489
-
490
- # 5. Trusting $ENV without sanitizing
491
- my $path = $ENV{UPLOAD_DIR}; # Could be manipulated
492
- system("ls $path"); # Double vulnerability
493
-
494
- # 6. Disabling taint without validation
495
- ($input) = $input =~ /(.*)/s; # Lazy untaint — defeats purpose
496
-
497
- # 7. Raw user data in HTML
498
- print "<div>Welcome, $username!</div>"; # XSS
499
-
500
- # 8. Unvalidated redirects
501
- print $cgi->redirect($user_url); # Open redirect
502
- ```
503
-
504
- **Remember**: Perl's flexibility is powerful but requires discipline. Use taint mode for web-facing code, validate all input with allowlists, use DBI placeholders for every query, and encode all output for its context. Defense in depth — never rely on a single layer.