@synapta/skills 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (354) hide show
  1. package/dist/index.js +11 -4
  2. package/package.json +3 -4
  3. package/skills/ATTRIBUTION.md +80 -0
  4. package/skills/accessibility-audit/SKILL.md +325 -0
  5. package/skills/accessibility-audit/reference/wcag-checklist.md +103 -0
  6. package/skills/apns-notifier/SKILL.md +86 -0
  7. package/skills/approval-policy-enforcer/SKILL.md +66 -0
  8. package/skills/apps-sdk-builder/LICENSE.txt +201 -0
  9. package/skills/apps-sdk-builder/SKILL.md +328 -0
  10. package/skills/apps-sdk-builder/agents/openai.yaml +13 -0
  11. package/skills/apps-sdk-builder/references/app-archetypes.md +132 -0
  12. package/skills/apps-sdk-builder/references/apps-sdk-docs-workflow.md +135 -0
  13. package/skills/apps-sdk-builder/references/interactive-state-sync-patterns.md +113 -0
  14. package/skills/apps-sdk-builder/references/repo-contract-and-validation.md +93 -0
  15. package/skills/apps-sdk-builder/references/search-fetch-standard.md +67 -0
  16. package/skills/apps-sdk-builder/references/upstream-example-workflow.md +79 -0
  17. package/skills/apps-sdk-builder/references/window-openai-patterns.md +79 -0
  18. package/skills/apps-sdk-builder/scripts/scaffold_node_ext_apps.mjs +606 -0
  19. package/skills/architecture-selector/SKILL.md +64 -0
  20. package/skills/backlog-planner/SKILL.md +68 -0
  21. package/skills/carplay-entitlement-checker/SKILL.md +82 -0
  22. package/skills/concept-deepener/SKILL.md +86 -0
  23. package/skills/concept-discovery/SKILL.md +517 -0
  24. package/skills/concept-discovery/assets/sample-analysis.json +81 -0
  25. package/skills/concept-discovery/expected_outputs/sample-enum-dictionary.md +25 -0
  26. package/skills/concept-discovery/expected_outputs/sample-page-user-list.md +83 -0
  27. package/skills/concept-discovery/expected_outputs/sample-prd-readme.md +43 -0
  28. package/skills/concept-discovery/references/framework-patterns.md +228 -0
  29. package/skills/concept-discovery/references/prd-quality-checklist.md +65 -0
  30. package/skills/concept-discovery/scripts/codebase_analyzer.py +732 -0
  31. package/skills/concept-discovery/scripts/prd_scaffolder.py +435 -0
  32. package/skills/dast-zap/SKILL.md +453 -0
  33. package/skills/dast-zap/assets/.gitkeep +9 -0
  34. package/skills/dast-zap/assets/github_action.yml +207 -0
  35. package/skills/dast-zap/assets/gitlab_ci.yml +226 -0
  36. package/skills/dast-zap/assets/zap_automation.yaml +196 -0
  37. package/skills/dast-zap/assets/zap_context.xml +192 -0
  38. package/skills/dast-zap/references/EXAMPLE.md +40 -0
  39. package/skills/dast-zap/references/api_testing_guide.md +475 -0
  40. package/skills/dast-zap/references/authentication_guide.md +431 -0
  41. package/skills/dast-zap/references/false_positive_handling.md +427 -0
  42. package/skills/dast-zap/references/owasp_mapping.md +255 -0
  43. package/skills/dep-sbom-scan/SKILL.md +466 -0
  44. package/skills/deploy-cloudflare/SKILL.md +930 -0
  45. package/skills/deploy-docker/SKILL.md +55 -0
  46. package/skills/deploy-fly/SKILL.md +228 -0
  47. package/skills/deploy-k8s/SKILL.md +108 -0
  48. package/skills/deploy-k8s/assets/logo.png +0 -0
  49. package/skills/deploy-k8s/docs/README.md +29 -0
  50. package/skills/deploy-k8s/docs/SUMMARY.md +56 -0
  51. package/skills/deploy-k8s/docs/advanced/token-efficiency.md +61 -0
  52. package/skills/deploy-k8s/docs/architecture/multi-tenancy.md +96 -0
  53. package/skills/deploy-k8s/docs/architecture/storage-and-state.md +102 -0
  54. package/skills/deploy-k8s/docs/architecture/workload-patterns.md +87 -0
  55. package/skills/deploy-k8s/docs/book.json +16 -0
  56. package/skills/deploy-k8s/docs/community/changelog.md +34 -0
  57. package/skills/deploy-k8s/docs/community/contributing.md +67 -0
  58. package/skills/deploy-k8s/docs/core-concepts/failure-modes.md +153 -0
  59. package/skills/deploy-k8s/docs/core-concepts/philosophy.md +83 -0
  60. package/skills/deploy-k8s/docs/core-concepts/workflow.md +124 -0
  61. package/skills/deploy-k8s/docs/examples/bad-patterns.md +47 -0
  62. package/skills/deploy-k8s/docs/examples/do-dont-checklist.md +37 -0
  63. package/skills/deploy-k8s/docs/examples/good-patterns.md +49 -0
  64. package/skills/deploy-k8s/docs/failure-modes/api-drift.md +104 -0
  65. package/skills/deploy-k8s/docs/failure-modes/fragile-rollouts.md +99 -0
  66. package/skills/deploy-k8s/docs/failure-modes/insecure-workload-defaults.md +80 -0
  67. package/skills/deploy-k8s/docs/failure-modes/network-exposure.md +98 -0
  68. package/skills/deploy-k8s/docs/failure-modes/privilege-sprawl.md +91 -0
  69. package/skills/deploy-k8s/docs/failure-modes/resource-starvation.md +85 -0
  70. package/skills/deploy-k8s/docs/getting-started/installation.md +152 -0
  71. package/skills/deploy-k8s/docs/getting-started/quick-start.md +115 -0
  72. package/skills/deploy-k8s/docs/guides/helm-patterns.md +71 -0
  73. package/skills/deploy-k8s/docs/guides/kustomize-patterns.md +65 -0
  74. package/skills/deploy-k8s/docs/guides/observability.md +67 -0
  75. package/skills/deploy-k8s/docs/guides/security-hardening.md +59 -0
  76. package/skills/deploy-k8s/docs/guides/validation-and-policy.md +66 -0
  77. package/skills/deploy-k8s/docs/integrations/mcp-integration.md +52 -0
  78. package/skills/deploy-k8s/docs/package-lock.json +2892 -0
  79. package/skills/deploy-k8s/docs/package.json +13 -0
  80. package/skills/deploy-k8s/references/api-drift.md +298 -0
  81. package/skills/deploy-k8s/references/conditional/aks-patterns.md +70 -0
  82. package/skills/deploy-k8s/references/conditional/eks-patterns.md +79 -0
  83. package/skills/deploy-k8s/references/conditional/gitops-controllers.md +71 -0
  84. package/skills/deploy-k8s/references/conditional/gke-patterns.md +74 -0
  85. package/skills/deploy-k8s/references/conditional/observability-stacks.md +80 -0
  86. package/skills/deploy-k8s/references/conditional/openshift-patterns.md +67 -0
  87. package/skills/deploy-k8s/references/daemonset-operator-patterns.md +155 -0
  88. package/skills/deploy-k8s/references/deployment-patterns.md +146 -0
  89. package/skills/deploy-k8s/references/do-dont-patterns.md +87 -0
  90. package/skills/deploy-k8s/references/examples-bad.md +282 -0
  91. package/skills/deploy-k8s/references/examples-good.md +440 -0
  92. package/skills/deploy-k8s/references/fragile-rollouts.md +303 -0
  93. package/skills/deploy-k8s/references/helm-patterns.md +203 -0
  94. package/skills/deploy-k8s/references/insecure-workload-defaults.md +300 -0
  95. package/skills/deploy-k8s/references/job-patterns.md +120 -0
  96. package/skills/deploy-k8s/references/kustomize-patterns.md +239 -0
  97. package/skills/deploy-k8s/references/multi-tenancy.md +343 -0
  98. package/skills/deploy-k8s/references/network-exposure.md +481 -0
  99. package/skills/deploy-k8s/references/observability.md +302 -0
  100. package/skills/deploy-k8s/references/privilege-sprawl.md +273 -0
  101. package/skills/deploy-k8s/references/resource-starvation.md +374 -0
  102. package/skills/deploy-k8s/references/security-hardening.md +209 -0
  103. package/skills/deploy-k8s/references/stateful-patterns.md +130 -0
  104. package/skills/deploy-k8s/references/storage-and-state.md +330 -0
  105. package/skills/deploy-k8s/references/validation-and-policy.md +242 -0
  106. package/skills/deploy-railway/SKILL.md +235 -0
  107. package/skills/deploy-railway/references/analyze-db-mongo.md +84 -0
  108. package/skills/deploy-railway/references/analyze-db-mysql.md +254 -0
  109. package/skills/deploy-railway/references/analyze-db-postgres.md +479 -0
  110. package/skills/deploy-railway/references/analyze-db-redis.md +208 -0
  111. package/skills/deploy-railway/references/analyze-db.md +344 -0
  112. package/skills/deploy-railway/references/configure.md +309 -0
  113. package/skills/deploy-railway/references/deploy.md +195 -0
  114. package/skills/deploy-railway/references/operate.md +214 -0
  115. package/skills/deploy-railway/references/request.md +248 -0
  116. package/skills/deploy-railway/references/setup.md +312 -0
  117. package/skills/deploy-railway/scripts/analyze-mongo.py +1549 -0
  118. package/skills/deploy-railway/scripts/analyze-mysql.py +1195 -0
  119. package/skills/deploy-railway/scripts/analyze-postgres.py +3058 -0
  120. package/skills/deploy-railway/scripts/analyze-redis.py +1090 -0
  121. package/skills/deploy-railway/scripts/dal.py +671 -0
  122. package/skills/deploy-railway/scripts/enable-pg-stats.py +170 -0
  123. package/skills/deploy-railway/scripts/pg-extensions.py +370 -0
  124. package/skills/deploy-railway/scripts/railway-api.sh +52 -0
  125. package/skills/deploy-ssh/SKILL.md +91 -0
  126. package/skills/deploy-vercel/SKILL.md +304 -0
  127. package/skills/deploy-vercel/resources/deploy-codex.sh +301 -0
  128. package/skills/deploy-vercel/resources/deploy.sh +301 -0
  129. package/skills/docs-runbooks/SKILL.md +399 -0
  130. package/skills/drive-status-renderer/SKILL.md +62 -0
  131. package/skills/iac-scan/SKILL.md +680 -0
  132. package/skills/iac-scan/assets/.gitkeep +9 -0
  133. package/skills/iac-scan/assets/checkov_config.yaml +94 -0
  134. package/skills/iac-scan/assets/github_actions.yml +199 -0
  135. package/skills/iac-scan/assets/gitlab_ci.yml +218 -0
  136. package/skills/iac-scan/assets/pre_commit_config.yaml +92 -0
  137. package/skills/iac-scan/references/EXAMPLE.md +40 -0
  138. package/skills/iac-scan/references/compliance_mapping.md +237 -0
  139. package/skills/iac-scan/references/custom_policies.md +460 -0
  140. package/skills/iac-scan/references/suppression_guide.md +431 -0
  141. package/skills/incident-briefing/SKILL.md +66 -0
  142. package/skills/incident-triage/SKILL.md +481 -0
  143. package/{LICENSE → skills/mcp-builder/LICENSE.txt} +15 -14
  144. package/skills/mcp-builder/SKILL.md +244 -0
  145. package/skills/mcp-builder/reference/evaluation.md +602 -0
  146. package/skills/mcp-builder/reference/mcp_best_practices.md +249 -0
  147. package/skills/mcp-builder/reference/node_mcp_server.md +970 -0
  148. package/skills/mcp-builder/reference/python_mcp_server.md +719 -0
  149. package/skills/mcp-builder/scripts/connections.py +151 -0
  150. package/skills/mcp-builder/scripts/evaluation.py +373 -0
  151. package/skills/mcp-builder/scripts/example_evaluation.xml +22 -0
  152. package/skills/mcp-builder/scripts/requirements.txt +2 -0
  153. package/skills/mobile-pairing/SKILL.md +52 -0
  154. package/skills/ops-sre/SKILL.md +297 -0
  155. package/skills/playwright-qa/LICENSE.txt +201 -0
  156. package/skills/playwright-qa/NOTICE.txt +14 -0
  157. package/skills/playwright-qa/SKILL.md +156 -0
  158. package/skills/playwright-qa/agents/openai.yaml +6 -0
  159. package/skills/playwright-qa/assets/playwright-small.svg +3 -0
  160. package/skills/playwright-qa/assets/playwright.png +0 -0
  161. package/skills/playwright-qa/references/cli.md +116 -0
  162. package/skills/playwright-qa/references/workflows.md +95 -0
  163. package/skills/playwright-qa/scripts/playwright_cli.sh +25 -0
  164. package/skills/release-publish/SKILL.md +85 -0
  165. package/skills/repo-bootstrap/SKILL.md +92 -0
  166. package/skills/repo-bootstrap/assets/example-workflows/validate-agents.yml +89 -0
  167. package/skills/repo-bootstrap/assets/root-thin.md +141 -0
  168. package/skills/repo-bootstrap/assets/root-verbose.md +149 -0
  169. package/skills/repo-bootstrap/assets/scoped/backend-go.md +107 -0
  170. package/skills/repo-bootstrap/assets/scoped/backend-php.md +94 -0
  171. package/skills/repo-bootstrap/assets/scoped/backend-python.md +84 -0
  172. package/skills/repo-bootstrap/assets/scoped/backend-typescript.md +89 -0
  173. package/skills/repo-bootstrap/assets/scoped/claude-code-skill.md +101 -0
  174. package/skills/repo-bootstrap/assets/scoped/cli.md +83 -0
  175. package/skills/repo-bootstrap/assets/scoped/concourse.md +196 -0
  176. package/skills/repo-bootstrap/assets/scoped/ddev.md +68 -0
  177. package/skills/repo-bootstrap/assets/scoped/docker.md +160 -0
  178. package/skills/repo-bootstrap/assets/scoped/documentation.md +98 -0
  179. package/skills/repo-bootstrap/assets/scoped/examples.md +96 -0
  180. package/skills/repo-bootstrap/assets/scoped/frontend-typescript.md +88 -0
  181. package/skills/repo-bootstrap/assets/scoped/github-actions.md +174 -0
  182. package/skills/repo-bootstrap/assets/scoped/gitlab-ci.md +174 -0
  183. package/skills/repo-bootstrap/assets/scoped/oro-bundle.md +209 -0
  184. package/skills/repo-bootstrap/assets/scoped/oro-project.md +170 -0
  185. package/skills/repo-bootstrap/assets/scoped/python-modern.md +170 -0
  186. package/skills/repo-bootstrap/assets/scoped/resources.md +96 -0
  187. package/skills/repo-bootstrap/assets/scoped/skill-repo.md +139 -0
  188. package/skills/repo-bootstrap/assets/scoped/symfony.md +168 -0
  189. package/skills/repo-bootstrap/assets/scoped/testing.md +87 -0
  190. package/skills/repo-bootstrap/assets/scoped/typo3-docs.md +103 -0
  191. package/skills/repo-bootstrap/assets/scoped/typo3-extension.md +133 -0
  192. package/skills/repo-bootstrap/assets/scoped/typo3-project.md +137 -0
  193. package/skills/repo-bootstrap/assets/scoped/typo3-testing.md +80 -0
  194. package/skills/repo-bootstrap/checkpoints.yaml +279 -0
  195. package/skills/repo-bootstrap/evals/evals.json +385 -0
  196. package/skills/repo-bootstrap/references/ai-contribution-guidelines.md +63 -0
  197. package/skills/repo-bootstrap/references/ai-tool-compatibility.md +223 -0
  198. package/skills/repo-bootstrap/references/directory-coverage.md +82 -0
  199. package/skills/repo-bootstrap/references/examples/coding-agent-cli/AGENTS.md +70 -0
  200. package/skills/repo-bootstrap/references/examples/coding-agent-cli/go.mod +3 -0
  201. package/skills/repo-bootstrap/references/examples/coding-agent-cli/scripts-AGENTS.md +389 -0
  202. package/skills/repo-bootstrap/references/examples/express-api-ts/.env.example +13 -0
  203. package/skills/repo-bootstrap/references/examples/express-api-ts/AGENTS.md +91 -0
  204. package/skills/repo-bootstrap/references/examples/express-api-ts/package.json +33 -0
  205. package/skills/repo-bootstrap/references/examples/express-api-ts/pnpm-lock.yaml +3 -0
  206. package/skills/repo-bootstrap/references/examples/express-api-ts/src/AGENTS.md +91 -0
  207. package/skills/repo-bootstrap/references/examples/express-api-ts/src/config.ts +28 -0
  208. package/skills/repo-bootstrap/references/examples/express-api-ts/src/controllers/userController.ts +74 -0
  209. package/skills/repo-bootstrap/references/examples/express-api-ts/src/index.ts +26 -0
  210. package/skills/repo-bootstrap/references/examples/express-api-ts/src/middleware/errorHandler.ts +45 -0
  211. package/skills/repo-bootstrap/references/examples/express-api-ts/src/middleware/requestLogger.ts +18 -0
  212. package/skills/repo-bootstrap/references/examples/express-api-ts/src/routes/health.ts +18 -0
  213. package/skills/repo-bootstrap/references/examples/express-api-ts/src/routes/users.ts +13 -0
  214. package/skills/repo-bootstrap/references/examples/express-api-ts/src/utils/errors.ts +40 -0
  215. package/skills/repo-bootstrap/references/examples/express-api-ts/src/utils/logger.ts +14 -0
  216. package/skills/repo-bootstrap/references/examples/express-api-ts/tsconfig.json +24 -0
  217. package/skills/repo-bootstrap/references/examples/fastapi-app/.env.example +19 -0
  218. package/skills/repo-bootstrap/references/examples/fastapi-app/AGENTS.md +92 -0
  219. package/skills/repo-bootstrap/references/examples/fastapi-app/pyproject.toml +88 -0
  220. package/skills/repo-bootstrap/references/examples/fastapi-app/src/AGENTS.md +85 -0
  221. package/skills/repo-bootstrap/references/examples/fastapi-app/src/__init__.py +3 -0
  222. package/skills/repo-bootstrap/references/examples/fastapi-app/src/config.py +49 -0
  223. package/skills/repo-bootstrap/references/examples/fastapi-app/src/main.py +66 -0
  224. package/skills/repo-bootstrap/references/examples/fastapi-app/src/models/__init__.py +13 -0
  225. package/skills/repo-bootstrap/references/examples/fastapi-app/src/models/item.py +43 -0
  226. package/skills/repo-bootstrap/references/examples/fastapi-app/src/models/user.py +40 -0
  227. package/skills/repo-bootstrap/references/examples/fastapi-app/src/routes/__init__.py +5 -0
  228. package/skills/repo-bootstrap/references/examples/fastapi-app/src/routes/health.py +20 -0
  229. package/skills/repo-bootstrap/references/examples/fastapi-app/src/routes/items.py +61 -0
  230. package/skills/repo-bootstrap/references/examples/fastapi-app/src/routes/users.py +55 -0
  231. package/skills/repo-bootstrap/references/examples/fastapi-app/src/services/__init__.py +6 -0
  232. package/skills/repo-bootstrap/references/examples/fastapi-app/src/services/item_service.py +77 -0
  233. package/skills/repo-bootstrap/references/examples/fastapi-app/src/services/user_service.py +69 -0
  234. package/skills/repo-bootstrap/references/examples/fastapi-app/uv.lock +4 -0
  235. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/.scopes +3 -0
  236. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/AGENTS.md +86 -0
  237. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/admin/package.json +20 -0
  238. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/admin/src/App.tsx +5 -0
  239. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/cmd/api/main.go +7 -0
  240. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/go.mod +2 -0
  241. package/skills/repo-bootstrap/references/examples/go-api-with-react-admin/main.go +7 -0
  242. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/.scopes +3 -0
  243. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/AGENTS.md +89 -0
  244. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/go.mod +2 -0
  245. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/AGENTS.md +90 -0
  246. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/package.json +17 -0
  247. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/src/App.tsx +1 -0
  248. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/src/Button.tsx +1 -0
  249. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/src/Footer.tsx +1 -0
  250. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/src/Header.tsx +1 -0
  251. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/internal/web/src/Sidebar.tsx +1 -0
  252. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/main.go +7 -0
  253. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/package-lock.json +0 -0
  254. package/skills/repo-bootstrap/references/examples/go-with-internal-web-tsx/package.json +12 -0
  255. package/skills/repo-bootstrap/references/examples/ldap-selfservice/AGENTS.md +70 -0
  256. package/skills/repo-bootstrap/references/examples/ldap-selfservice/go.mod +3 -0
  257. package/skills/repo-bootstrap/references/examples/ldap-selfservice/internal-AGENTS.md +371 -0
  258. package/skills/repo-bootstrap/references/examples/ldap-selfservice/internal-web-AGENTS.md +448 -0
  259. package/skills/repo-bootstrap/references/examples/php-with-frontend/.scopes +3 -0
  260. package/skills/repo-bootstrap/references/examples/php-with-frontend/AGENTS.md +91 -0
  261. package/skills/repo-bootstrap/references/examples/php-with-frontend/composer.json +8 -0
  262. package/skills/repo-bootstrap/references/examples/php-with-frontend/package.json +15 -0
  263. package/skills/repo-bootstrap/references/examples/php-with-frontend/pnpm-lock.yaml +0 -0
  264. package/skills/repo-bootstrap/references/examples/php-with-frontend/src/Controller.php +3 -0
  265. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/AGENTS.md +92 -0
  266. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/package.json +26 -0
  267. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/src/App.tsx +3 -0
  268. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/src/Button.tsx +10 -0
  269. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/src/Footer.tsx +9 -0
  270. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/src/Header.tsx +9 -0
  271. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/src/main.tsx +3 -0
  272. package/skills/repo-bootstrap/references/examples/php-with-frontend/web/tsconfig.json +13 -0
  273. package/skills/repo-bootstrap/references/examples/pnpm-workspace/AGENTS.md +75 -0
  274. package/skills/repo-bootstrap/references/examples/pnpm-workspace/package.json +7 -0
  275. package/skills/repo-bootstrap/references/examples/pnpm-workspace/packages/web/package.json +11 -0
  276. package/skills/repo-bootstrap/references/examples/pnpm-workspace/packages/web/src/index.ts +11 -0
  277. package/skills/repo-bootstrap/references/examples/pnpm-workspace/pnpm-lock.yaml +42 -0
  278. package/skills/repo-bootstrap/references/examples/pnpm-workspace/pnpm-workspace.yaml +2 -0
  279. package/skills/repo-bootstrap/references/examples/simple-ldap-go/AGENTS.md +70 -0
  280. package/skills/repo-bootstrap/references/examples/simple-ldap-go/examples-AGENTS.md +45 -0
  281. package/skills/repo-bootstrap/references/examples/simple-ldap-go/go.mod +3 -0
  282. package/skills/repo-bootstrap/references/examples/t3x-rte-ckeditor-image/AGENTS.md +70 -0
  283. package/skills/repo-bootstrap/references/examples/t3x-rte-ckeditor-image/Classes-AGENTS.md +392 -0
  284. package/skills/repo-bootstrap/references/examples/t3x-rte-ckeditor-image/composer.json +8 -0
  285. package/skills/repo-bootstrap/references/feedback-memory-schema.md +135 -0
  286. package/skills/repo-bootstrap/references/git-hooks-setup.md +79 -0
  287. package/skills/repo-bootstrap/references/output-structure.md +124 -0
  288. package/skills/repo-bootstrap/references/scripts-guide.md +175 -0
  289. package/skills/repo-bootstrap/references/verification-guide.md +137 -0
  290. package/skills/repo-bootstrap/scripts/analyze-git-history.sh +315 -0
  291. package/skills/repo-bootstrap/scripts/check-freshness.sh +230 -0
  292. package/skills/repo-bootstrap/scripts/detect-golden-samples.sh +161 -0
  293. package/skills/repo-bootstrap/scripts/detect-heuristics.sh +93 -0
  294. package/skills/repo-bootstrap/scripts/detect-project.sh +486 -0
  295. package/skills/repo-bootstrap/scripts/detect-scopes.sh +330 -0
  296. package/skills/repo-bootstrap/scripts/detect-utilities.sh +133 -0
  297. package/skills/repo-bootstrap/scripts/extract-adrs.sh +194 -0
  298. package/skills/repo-bootstrap/scripts/extract-agent-configs.sh +331 -0
  299. package/skills/repo-bootstrap/scripts/extract-architecture-rules.sh +522 -0
  300. package/skills/repo-bootstrap/scripts/extract-ci-commands.sh +385 -0
  301. package/skills/repo-bootstrap/scripts/extract-ci-rules.sh +384 -0
  302. package/skills/repo-bootstrap/scripts/extract-commands.sh +358 -0
  303. package/skills/repo-bootstrap/scripts/extract-documentation.sh +308 -0
  304. package/skills/repo-bootstrap/scripts/extract-github-rulesets.sh +96 -0
  305. package/skills/repo-bootstrap/scripts/extract-github-settings.sh +88 -0
  306. package/skills/repo-bootstrap/scripts/extract-ide-settings.sh +228 -0
  307. package/skills/repo-bootstrap/scripts/extract-platform-files.sh +290 -0
  308. package/skills/repo-bootstrap/scripts/extract-quality-configs.sh +442 -0
  309. package/skills/repo-bootstrap/scripts/generate-agents.sh +2424 -0
  310. package/skills/repo-bootstrap/scripts/generate-file-map.sh +153 -0
  311. package/skills/repo-bootstrap/scripts/lib/config-root.sh +211 -0
  312. package/skills/repo-bootstrap/scripts/lib/summary.sh +244 -0
  313. package/skills/repo-bootstrap/scripts/lib/template.sh +397 -0
  314. package/skills/repo-bootstrap/scripts/validate-structure.sh +324 -0
  315. package/skills/repo-bootstrap/scripts/verify-commands.sh +615 -0
  316. package/skills/repo-bootstrap/scripts/verify-content.sh +302 -0
  317. package/skills/schema-api-contracts/SKILL.md +56 -0
  318. package/skills/secret-hygiene/SKILL.md +511 -0
  319. package/skills/secret-hygiene/assets/.gitkeep +9 -0
  320. package/skills/secret-hygiene/assets/config-balanced.toml +81 -0
  321. package/skills/secret-hygiene/assets/config-custom.toml +178 -0
  322. package/skills/secret-hygiene/assets/config-strict.toml +48 -0
  323. package/skills/secret-hygiene/assets/github-action.yml +181 -0
  324. package/skills/secret-hygiene/assets/gitlab-ci.yml +257 -0
  325. package/skills/secret-hygiene/assets/precommit-config.yaml +70 -0
  326. package/skills/secret-hygiene/references/EXAMPLE.md +40 -0
  327. package/skills/secret-hygiene/references/compliance_mapping.md +538 -0
  328. package/skills/secret-hygiene/references/detection_rules.md +276 -0
  329. package/skills/secret-hygiene/references/false_positives.md +598 -0
  330. package/skills/secret-hygiene/references/remediation_guide.md +530 -0
  331. package/skills/stack-selector/SKILL.md +56 -0
  332. package/skills/telegram-control/SKILL.md +110 -0
  333. package/skills/telegram-control/references/architecture.md +184 -0
  334. package/skills/telegram-control/references/convex.md +173 -0
  335. package/skills/telegram-control/references/error_handling.md +212 -0
  336. package/skills/telegram-control/references/initial_setup.md +165 -0
  337. package/skills/telegram-control/references/telegram_api.md +156 -0
  338. package/skills/telegram-control/scripts/cancel_message.ts +53 -0
  339. package/skills/telegram-control/scripts/list_scheduled.ts +103 -0
  340. package/skills/telegram-control/scripts/logger.ts +121 -0
  341. package/skills/telegram-control/scripts/proxy-util.ts +11 -0
  342. package/skills/telegram-control/scripts/schedule_message.ts +216 -0
  343. package/skills/telegram-control/scripts/send_message.ts +115 -0
  344. package/skills/telegram-control/scripts/setup.ts +185 -0
  345. package/skills/telegram-control/scripts/types.ts +75 -0
  346. package/skills/telegram-control/scripts/view_history.ts +74 -0
  347. package/skills/test-strategy/SKILL.md +352 -0
  348. package/skills/threat-model/SKILL.md +303 -0
  349. package/skills/threat-model/examples/example-output.md +196 -0
  350. package/skills/threat-model/template.md +96 -0
  351. package/skills/ts-lint/SKILL.md +80 -0
  352. package/skills/ui-flow/SKILL.md +668 -0
  353. package/skills/voice-command-router/SKILL.md +51 -0
  354. package/skills/widget-live-activity-sync/SKILL.md +66 -0
package/skills/secret-hygiene/references/detection_rules.md ADDED
@@ -0,0 +1,276 @@
1
+ # Gitleaks Detection Rules Reference
2
+
3
+ Comprehensive reference of built-in Gitleaks detection rules with CWE mappings and remediation guidance.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Cloud Provider Credentials](#cloud-provider-credentials)
8
+ - [Version Control Systems](#version-control-systems)
9
+ - [API Keys and Tokens](#api-keys-and-tokens)
10
+ - [Database Credentials](#database-credentials)
11
+ - [Private Keys](#private-keys)
12
+ - [Generic Patterns](#generic-patterns)
13
+
14
+ ## Cloud Provider Credentials
15
+
16
+ ### AWS Access Key ID
17
+ - **Rule ID**: `aws-access-token`
18
+ - **Pattern**: `AKIA[0-9A-Z]{16}`
19
+ - **CWE**: CWE-798 (Use of Hard-coded Credentials)
20
+ - **Severity**: HIGH
21
+ - **Description**: AWS Access Key ID for programmatic access
22
+ - **Remediation**: Rotate via AWS IAM console, use AWS Secrets Manager or IAM roles
23
+
24
+ ### AWS Secret Access Key
25
+ - **Rule ID**: `aws-secret-key`
26
+ - **Pattern**: `(?i)aws(.{0,20})?[\'\"][0-9a-zA-Z\/+]{40}[\'\"]`
27
+ - **CWE**: CWE-798
28
+ - **Severity**: CRITICAL
29
+ - **Description**: AWS Secret Access Key paired with Access Key ID
30
+ - **Remediation**: Immediate rotation required, review CloudTrail logs for unauthorized access
31
+
32
+ ### GCP API Key
33
+ - **Rule ID**: `gcp-api-key`
34
+ - **Pattern**: `AIza[0-9A-Za-z\\-_]{35}`
35
+ - **CWE**: CWE-798
36
+ - **Severity**: HIGH
37
+ - **Description**: Google Cloud Platform API key
38
+ - **Remediation**: Delete and regenerate in GCP Console, review API usage logs
39
+
40
+ ### GCP Service Account
41
+ - **Rule ID**: `gcp-service-account`
42
+ - **Pattern**: `\"type\": \"service_account\"`
43
+ - **CWE**: CWE-798
44
+ - **Severity**: CRITICAL
45
+ - **Description**: GCP service account JSON key file
46
+ - **Remediation**: Delete service account key, use Workload Identity where possible
47
+
48
+ ### Azure Storage Account Key
49
+ - **Rule ID**: `azure-storage-key`
50
+ - **Pattern**: `(?i)azure.*[\'\"][0-9a-zA-Z\/+]{88}[\'\"]`
51
+ - **CWE**: CWE-798
52
+ - **Severity**: CRITICAL
53
+ - **Description**: Azure Storage Account access key
54
+ - **Remediation**: Regenerate keys in Azure Portal, use Azure Key Vault
55
+
56
+ ### Digital Ocean Token
57
+ - **Rule ID**: `digitalocean-token`
58
+ - **Pattern**: `dop_v1_[a-f0-9]{64}`
59
+ - **CWE**: CWE-798
60
+ - **Severity**: HIGH
61
+ - **Description**: Digital Ocean personal access token
62
+ - **Remediation**: Revoke token in Digital Ocean console, create new token
63
+
64
+ ## Version Control Systems
65
+
66
+ ### GitHub Personal Access Token
67
+ - **Rule ID**: `github-pat`
68
+ - **Pattern**: `ghp_[0-9a-zA-Z]{36}`
69
+ - **CWE**: CWE-798
70
+ - **Severity**: HIGH
71
+ - **Description**: GitHub personal access token (classic)
72
+ - **Remediation**: Revoke in GitHub Settings > Developer settings, review audit log
73
+
74
+ ### GitHub OAuth Token
75
+ - **Rule ID**: `github-oauth`
76
+ - **Pattern**: `gho_[0-9a-zA-Z]{36}`
77
+ - **CWE**: CWE-798
78
+ - **Severity**: HIGH
79
+ - **Description**: GitHub OAuth access token
80
+ - **Remediation**: Revoke OAuth app authorization, regenerate token
81
+
82
+ ### GitHub Fine-Grained Token
83
+ - **Rule ID**: `github-fine-grained-pat`
84
+ - **Pattern**: `github_pat_[0-9a-zA-Z]{22}_[0-9a-zA-Z]{59}`
85
+ - **CWE**: CWE-798
86
+ - **Severity**: HIGH
87
+ - **Description**: GitHub fine-grained personal access token
88
+ - **Remediation**: Revoke in GitHub Settings, review resource access scope
89
+
90
+ ### GitLab Personal Access Token
91
+ - **Rule ID**: `gitlab-pat`
92
+ - **Pattern**: `glpat-[0-9a-zA-Z\\-_]{20}`
93
+ - **CWE**: CWE-798
94
+ - **Severity**: HIGH
95
+ - **Description**: GitLab personal access token
96
+ - **Remediation**: Revoke in GitLab User Settings > Access Tokens
97
+
98
+ ### Bitbucket App Password
99
+ - **Rule ID**: `bitbucket-app-password`
100
+ - **Pattern**: `(?i)bitbucket.*[\'\"][0-9a-zA-Z]{16}[\'\"]`
101
+ - **CWE**: CWE-798
102
+ - **Severity**: HIGH
103
+ - **Description**: Bitbucket app-specific password
104
+ - **Remediation**: Revoke in Bitbucket Personal Settings > App passwords
105
+
106
+ ## API Keys and Tokens
107
+
108
+ ### Stripe API Key
109
+ - **Rule ID**: `stripe-api-key`
110
+ - **Pattern**: `(?i)(sk|pk)_(test|live)_[0-9a-zA-Z]{24,}`
111
+ - **CWE**: CWE-798
112
+ - **Severity**: CRITICAL (live), HIGH (test)
113
+ - **Description**: Stripe API secret or publishable key
114
+ - **Remediation**: Roll keys in Stripe Dashboard, review payment transactions
115
+
116
+ ### Twilio API Key
117
+ - **Rule ID**: `twilio-api-key`
118
+ - **Pattern**: `SK[0-9a-fA-F]{32}`
119
+ - **CWE**: CWE-798
120
+ - **Severity**: HIGH
121
+ - **Description**: Twilio API key
122
+ - **Remediation**: Delete key in Twilio Console, create new key
123
+
124
+ ### SendGrid API Key
125
+ - **Rule ID**: `sendgrid-api-key`
126
+ - **Pattern**: `SG\\.[0-9A-Za-z\\-_]{22}\\.[0-9A-Za-z\\-_]{43}`
127
+ - **CWE**: CWE-798
128
+ - **Severity**: HIGH
129
+ - **Description**: SendGrid API key
130
+ - **Remediation**: Delete in SendGrid Settings > API Keys, update applications
131
+
132
+ ### Slack Token
133
+ - **Rule ID**: `slack-token`
134
+ - **Pattern**: `xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24,}`
135
+ - **CWE**: CWE-798
136
+ - **Severity**: HIGH
137
+ - **Description**: Slack bot, app, or user token
138
+ - **Remediation**: Regenerate in Slack App Settings, rotate token
139
+
140
+ ### Slack Webhook
141
+ - **Rule ID**: `slack-webhook`
142
+ - **Pattern**: `https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]+/B[a-zA-Z0-9_]+/[a-zA-Z0-9_]+`
143
+ - **CWE**: CWE-798
144
+ - **Severity**: MEDIUM
145
+ - **Description**: Slack incoming webhook URL
146
+ - **Remediation**: Regenerate webhook in Slack App Settings
147
+
148
+ ### npm Token
149
+ - **Rule ID**: `npm-access-token`
150
+ - **Pattern**: `npm_[0-9a-zA-Z]{36}`
151
+ - **CWE**: CWE-798
152
+ - **Severity**: HIGH
153
+ - **Description**: npm access token
154
+ - **Remediation**: Revoke in npm Account Settings, check package publish history
155
+
156
+ ### PyPI Token
157
+ - **Rule ID**: `pypi-upload-token`
158
+ - **Pattern**: `pypi-AgEIcHlwaS5vcmc[0-9A-Za-z\\-_]{50,}`
159
+ - **CWE**: CWE-798
160
+ - **Severity**: HIGH
161
+ - **Description**: PyPI upload token
162
+ - **Remediation**: Delete token in PyPI Account Settings, verify package uploads
163
+
164
+ ## Database Credentials
165
+
166
+ ### PostgreSQL Connection String
167
+ - **Rule ID**: `postgres-connection-string`
168
+ - **Pattern**: `postgres(ql)?://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9.-]+:[0-9]+/[a-zA-Z0-9_-]+`
169
+ - **CWE**: CWE-798
170
+ - **Severity**: CRITICAL
171
+ - **Description**: PostgreSQL database connection string with embedded credentials
172
+ - **Remediation**: Change database password, use connection string from environment variables
173
+
174
+ ### MySQL Connection String
175
+ - **Rule ID**: `mysql-connection-string`
176
+ - **Pattern**: `mysql://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9.-]+:[0-9]+/[a-zA-Z0-9_-]+`
177
+ - **CWE**: CWE-259
178
+ - **Severity**: CRITICAL
179
+ - **Description**: MySQL database connection string with embedded credentials
180
+ - **Remediation**: Rotate database password immediately, review access logs
181
+
182
+ ### MongoDB Connection String
183
+ - **Rule ID**: `mongodb-connection-string`
184
+ - **Pattern**: `mongodb(\+srv)?://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9.-]+`
185
+ - **CWE**: CWE-798
186
+ - **Severity**: CRITICAL
187
+ - **Description**: MongoDB connection string with credentials
188
+ - **Remediation**: Change MongoDB user password, enable IP whitelisting
189
+
190
+ ### Redis URL
191
+ - **Rule ID**: `redis-url`
192
+ - **Pattern**: `redis://:[a-zA-Z0-9]+@[a-zA-Z0-9.-]+:[0-9]+`
193
+ - **CWE**: CWE-798
194
+ - **Severity**: HIGH
195
+ - **Description**: Redis connection URL with password
196
+ - **Remediation**: Change Redis password via CONFIG SET, use ACLs
197
+
198
+ ## Private Keys
199
+
200
+ ### RSA Private Key
201
+ - **Rule ID**: `rsa-private-key`
202
+ - **Pattern**: `-----BEGIN RSA PRIVATE KEY-----`
203
+ - **CWE**: CWE-321 (Use of Hard-coded Cryptographic Key)
204
+ - **Severity**: CRITICAL
205
+ - **Description**: RSA private key in PEM format
206
+ - **Remediation**: Generate new key pair, revoke associated certificates, audit access
207
+
208
+ ### SSH Private Key
209
+ - **Rule ID**: `ssh-private-key`
210
+ - **Pattern**: `-----BEGIN (EC|DSA|OPENSSH) PRIVATE KEY-----`
211
+ - **CWE**: CWE-321
212
+ - **Severity**: CRITICAL
213
+ - **Description**: SSH private key
214
+ - **Remediation**: Remove from authorized_keys on all servers, generate new key
215
+
216
+ ### PGP Private Key
217
+ - **Rule ID**: `pgp-private-key`
218
+ - **Pattern**: `-----BEGIN PGP PRIVATE KEY BLOCK-----`
219
+ - **CWE**: CWE-321
220
+ - **Severity**: CRITICAL
221
+ - **Description**: PGP/GPG private key
222
+ - **Remediation**: Revoke key on keyservers, generate new key pair
223
+
224
+ ### JWT Token
225
+ - **Rule ID**: `jwt`
226
+ - **Pattern**: `eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}`
227
+ - **CWE**: CWE-798
228
+ - **Severity**: HIGH
229
+ - **Description**: JSON Web Token (may contain sensitive claims)
230
+ - **Remediation**: Invalidate token, check token expiration, rotate signing secret
231
+
232
+ ## Generic Patterns
233
+
234
+ ### Generic API Key
235
+ - **Rule ID**: `generic-api-key`
236
+ - **Pattern**: `(?i)(api_key|apikey|api-key)[\s]*[=:][\s]*[\'\"]?[a-zA-Z0-9]{32,}[\'\"]?`
237
+ - **CWE**: CWE-798
238
+ - **Severity**: MEDIUM
239
+ - **Description**: Generic API key pattern
240
+ - **Remediation**: Rotate credential based on service documentation
241
+
242
+ ### Generic Secret
243
+ - **Rule ID**: `generic-secret`
244
+ - **Pattern**: `(?i)(secret|password|passwd|pwd)[\s]*[=:][\s]*[\'\"]?[a-zA-Z0-9!@#$%^&*]{16,}[\'\"]?`
245
+ - **CWE**: CWE-259
246
+ - **Severity**: MEDIUM
247
+ - **Description**: Generic secret or password pattern
248
+ - **Remediation**: Move to environment variable or secret management system
249
+
250
+ ### High Entropy String
251
+ - **Rule ID**: `high-entropy`
252
+ - **Pattern**: `[a-zA-Z0-9]{32,}`
253
+ - **Entropy**: 4.5+
254
+ - **CWE**: CWE-798
255
+ - **Severity**: LOW (requires validation)
256
+ - **Description**: High-entropy string that may be a credential
257
+ - **Remediation**: Validate if actual secret, rotate if necessary
258
+
259
+ ## Usage in Configuration
260
+
261
+ Add these rule IDs to your `.gitleaks.toml` allowlist if needed:
262
+
263
+ ```toml
264
+ [allowlist]
265
+ description = "Allow specific rules in test files"
266
+ paths = ['''test/''']
267
+ rules = ["generic-api-key", "generic-secret"]
268
+ ```
269
+
270
+ ## CWE Reference
271
+
272
+ - **CWE-798**: Use of Hard-coded Credentials
273
+ - **CWE-259**: Use of Hard-coded Password
274
+ - **CWE-321**: Use of Hard-coded Cryptographic Key
275
+ - **CWE-522**: Insufficiently Protected Credentials
276
+ - **CWE-257**: Storing Passwords in a Recoverable Format