@thierrynakoa/fire-flow 10.0.0

package/commands/fire-search.md

@@ -0,0 +1,330 @@
+---
+name: power-search
+description: Search the skills library for patterns, solutions, and best practices
+arguments:
+  - name: query
+    description: Search keywords, category name, or tag to find relevant skills
+    required: true
+    type: string
+triggers:
+  - "search skills"
+  - "find skill"
+  - "skill for"
+  - "pattern for"
+---
+
+# /fire-search - Skills Library Search
+
+Search across 172 skills in 15 categories to find proven solutions and patterns.
+
+## Purpose
+
+Find relevant skills from the Dominion Flow skills library to:
+- Apply proven patterns to current tasks
+- Avoid reinventing solutions
+- Learn from past project successes
+- Speed up development with tested approaches
+
+## Arguments
+
+| Argument | Required | Description |
+|----------|----------|-------------|
+| `query` | Yes | Search term: keyword, category, tag, or problem description |
+
+## Usage Examples
+
+```bash
+# Search by keyword
+/fire-search "database performance"
+/fire-search "authentication"
+/fire-search "pagination"
+
+# Search by category
+/fire-search "category:security"
+/fire-search "category:api-patterns"
+
+# Search by tag
+/fire-search "tag:prisma"
+/fire-search "tag:react"
+
+# Search by problem description
+/fire-search "slow queries taking too long"
+/fire-search "how to handle API errors"
+```
+
+## Process
+
+<step number="1">
+### Parse Search Query
+
+Analyze the query to determine search type:
+- **Keyword search**: Match against skill names, descriptions, and content
+- **Category filter**: `category:X` searches within specific category
+- **Tag filter**: `tag:X` searches by skill tags
+- **Problem description**: Natural language matching against problem/solution sections
+
+```
+Query: "{query}"
+Type: [keyword | category | tag | problem]
+```
+</step>
+
+<step number="2">
+### Search Skills Library
+
+Search across all skill files in:
+- `~/.claude/plugins/dominion-flow/skills-library/`
+
+Categories to search (15 total):
+1. `database-solutions/` - Database patterns, queries, optimization
+2. `api-patterns/` - REST, GraphQL, versioning, error handling
+3. `security/` - Auth, validation, encryption, OWASP
+4. `performance/` - Caching, optimization, bundle size
+5. `frontend/` - React, Vue, state management, CSS
+6. `testing/` - Unit, integration, E2E, mocking
+7. `infrastructure/` - Docker, CI/CD, deployment
+8. `form-solutions/` - Validation, multi-step, file uploads
+9. `ecommerce/` - Payments, cart, inventory
+10. `video-media/` - Streaming, processing, uploads
+11. `document-processing/` - PDF, parsing, generation
+12. `integrations/` - Third-party APIs, webhooks
+13. `automation/` - Scripts, scheduled tasks, workflows
+14. `patterns-standards/` - Design patterns, code standards
+15. `methodology/` - Process, planning, review patterns
+
+Match criteria:
+- Skill name contains query terms
+- Description contains query terms
+- Tags include query terms
+- Problem section matches query
+- Solution section matches query
+</step>
+
+<step number="3">
+### Rank Results
+
+Score matches by relevance:
+- **Exact name match**: +100 points
+- **Name contains term**: +50 points
+- **Tag match**: +40 points
+- **Description match**: +30 points
+- **Problem section match**: +25 points
+- **Solution section match**: +20 points
+- **Content match**: +10 points
+
+Additional scoring factors:
+- **Usage frequency**: +5 points per application in current project
+- **Recency**: +10 points if applied in last 7 days
+- **Success rate**: +15 points if >90% success rate
+
+Return top 10 results, sorted by score.
+</step>
+
+<step number="4">
+### Display Results
+
+Format output with skill details and recommendations.
+</step>
+
+## Output Format
+
+```
+=============================================================
+                    SKILLS SEARCH RESULTS
+=============================================================
+
+Query: "{query}"
+Found: X matching skills
+
+-------------------------------------------------------------
+TOP MATCHES
+-------------------------------------------------------------
+
+1. [{category}] {skill-name}
+   Score: {score} | Tags: {tags}
+
+   Problem: {brief problem description}
+   Solution: {brief solution summary}
+
+   Usage: Applied {N} times | Success: {rate}%
+
+   View: /fire-search --detail {category}/{skill-name}
+
+-------------------------------------------------------------
+
+2. [{category}] {skill-name}
+   ...
+
+-------------------------------------------------------------
+RECOMMENDATIONS
+-------------------------------------------------------------
+
+Based on your query "{query}", consider:
+
+- **Start with**: {top-skill-name}
+  Best match for immediate application. Addresses {reason}.
+
+- **Also relevant**: {second-skill-name}
+  Useful if you need {specific scenario}.
+
+- **Related patterns**: {related-skills}
+  Often used together with the above.
+
+-------------------------------------------------------------
+QUICK ACTIONS
+-------------------------------------------------------------
+
+[1] View skill detail:   /fire-search --detail {skill}
+[2] Apply to plan:       Add to skills_to_apply in BLUEPRINT.md
+[3] See more results:    /fire-search "{query}" --limit 20
+[4] Search different:    /fire-search "{alternative-query}"
+
+=============================================================
+```
+
+## Advanced Options
+
+| Option | Description |
+|--------|-------------|
+| `--detail {skill}` | Show full skill document |
+| `--category {name}` | Filter by category |
+| `--tag {tag}` | Filter by tag |
+| `--scope {scope}` | Filter by scope: `general`, `project`, or `all` (default) (v7.0) |
+| `--limit {N}` | Number of results (default: 10) |
+| `--json` | Output as JSON for integrations |
+| `--applied` | Show only skills applied in current project |
+| `--unused` | Show skills never applied (discover new patterns) |
+
+### Scope Filter (v7.0 — SkillRL + SKILL.md)
+
+> **Research basis:** SkillRL (Dec 2025) + SKILL.md (Feb 2026) + Odyssey (IJCAI 2025) —
+> Hierarchical skill banks that separate general from task-specific skills improve
+> retrieval precision by reducing noise from irrelevant project-specific patterns.
+
+```
+--scope options:
+  general    — Search only _general/ skills (cross-project patterns)
+  project    — Search only project-matching skills (detected from cwd)
+  all        — Search everything (default, current behavior)
+
+Auto-detection: If inside a project directory, default to --scope project
+with _general/ always included. Explicit --scope all for full search.
+```
+
+**Directory structure:**
+```
+skills-library/
+├── _general/          ← Cross-project skills (v7.0)
+│   ├── debugging/
+│   ├── testing/
+│   ├── api-patterns/
+│   └── patterns-standards/
+├── database-solutions/
+├── security/
+├── frontend/
+└── [project-specific categories]
+```
+
+General skills are always included regardless of scope.
+
+## Detailed View Output
+
+When using `--detail`:
+
+```
+=============================================================
+SKILL: {category}/{skill-name}
+=============================================================
+
+Version: {version}
+Last Updated: {date}
+Contributors: {list}
+Tags: {tags}
+Difficulty: {easy|medium|hard}
+
+-------------------------------------------------------------
+PROBLEM
+-------------------------------------------------------------
+
+{Full problem description from skill file}
+
+-------------------------------------------------------------
+SOLUTION PATTERN
+-------------------------------------------------------------
+
+{Full solution pattern with explanation}
+
+-------------------------------------------------------------
+CODE EXAMPLE
+-------------------------------------------------------------
+
+// Before (problematic)
+{code showing the problem}
+
+// After (solution)
+{code showing the fix}
+
+-------------------------------------------------------------
+WHEN TO USE
+-------------------------------------------------------------
+
+- {scenario 1}
+- {scenario 2}
+- {scenario 3}
+
+-------------------------------------------------------------
+WHEN NOT TO USE
+-------------------------------------------------------------
+
+- {anti-pattern 1}
+- {anti-pattern 2}
+
+-------------------------------------------------------------
+RELATED SKILLS
+-------------------------------------------------------------
+
+- {related-skill-1} - {brief description}
+- {related-skill-2} - {brief description}
+
+-------------------------------------------------------------
+REFERENCES
+-------------------------------------------------------------
+
+- {external link 1}
+- {external link 2}
+
+-------------------------------------------------------------
+USAGE IN THIS PROJECT
+-------------------------------------------------------------
+
+Applied: {N} times
+Phases: {list of phases where applied}
+Success Rate: {rate}%
+Last Used: {date}
+
+=============================================================
+```
+
+## Integration with Planning
+
+When you find a relevant skill, add it to your plan:
+
+```yaml
+# In BLUEPRINT.md frontmatter
+skills_to_apply:
+  - "database-solutions/n-plus-1"
+  - "api-patterns/pagination"
+```
+
+The fire-executor will:
+1. Load these skills before execution
+2. Apply patterns from skills to implementation
+3. Document skill application in RECORD.md
+4. Update SKILLS-INDEX.md with usage
+
+## Related Commands
+
+- `/fire-contribute` - Add a new skill to the library
+- `/fire-skills-sync` - Sync with global skills library
+- `/fire-skills-history` - View skill version history
+- `/fire-analytics` - See skills usage analytics

package/commands/fire-security-audit-repo.md

@@ -0,0 +1,293 @@
+---
+name: fire-security-audit-repo
+description: Security audit a GitHub repo before installing as a skill or plugin
+arguments:
+  - name: repo
+    description: GitHub repo URL or owner/name (e.g., nicobailon/visual-explainer)
+    required: true
+    type: string
+  - name: install-as
+    description: Where to install if clean (skill, plugin, or skip)
+    required: false
+    type: string
+    default: "skill"
+triggers:
+  - "audit repo"
+  - "check repo"
+  - "install skill from github"
+  - "security scan repo"
+---
+
+# /fire-security-audit-repo — Pre-Install Security Audit
+
+> Audit any GitHub repo for security threats before installing it as a Claude Code skill or plugin.
+
+---
+
+## Purpose
+
+Prevent supply chain attacks by running a 6-layer security audit on any GitHub repository before it enters the agent's trusted execution environment. This is the **pre-download and pre-use** gate.
+
+---
+
+## Process
+
+### Step 1: Pre-Download Intelligence
+
+Before cloning, gather repo metadata:
+
+```bash
+# Parse repo from URL or owner/name format
+REPO="{owner}/{name}"
+
+# Gather intelligence
+gh repo view $REPO --json stargazersCount,forkCount,createdAt,updatedAt,licenseInfo,description,isArchived
+gh api repos/$REPO/commits?per_page=5 --jq '.[].commit.message'
+gh api users/{owner} --jq '{login, created_at, public_repos, followers}'
+```
+
+**Display pre-download report:**
+
+```
++------------------------------------------------------------------------------+
+| FIRE SECURITY AUDIT — PRE-DOWNLOAD                                           |
++------------------------------------------------------------------------------+
+|                                                                              |
+|  Repo: {owner}/{name}                                                        |
+|  Description: {description}                                                  |
+|  Stars: {N}  Forks: {N}  License: {license}                                |
+|  Created: {date}  Last updated: {date}                                      |
+|  Owner: {login} ({public_repos} repos, {followers} followers, since {date}) |
+|                                                                              |
+|  Recent commits:                                                             |
+|    - {message 1}                                                             |
+|    - {message 2}                                                             |
+|    - {message 3}                                                             |
+|                                                                              |
++------------------------------------------------------------------------------+
+```
+
+**Red flag checks:**
+
+| Check | Threshold | Result |
+|-------|-----------|--------|
+| Repo age | > 30 days | {PASS/WARN} |
+| Stars | > 10 | {PASS/WARN} |
+| Owner account age | > 90 days | {PASS/WARN} |
+| Owner other repos | > 3 | {PASS/WARN} |
+| License present | Yes | {PASS/WARN} |
+| Not archived | True | {PASS/FAIL} |
+
+**If 3+ red flags → WARN user before cloning:**
+
+```
+Use AskUserQuestion:
+  header: "Risk"
+  question: "This repo has {N} red flags: {list}. Clone for deep audit anyway?"
+  options:
+    - "Yes, audit anyway" - Proceed with clone + full audit
+    - "No, skip" - Abort installation
+```
+
+### Step 2: Clone to Temp Directory
+
+```bash
+cd /tmp && git clone https://github.com/{owner}/{name}.git {name}-security-review
+```
+
+**NEVER clone directly to the install location.**
+
+### Step 3: Layer 1 — Credential Scan
+
+```bash
+bash ~/.claude/hooks/credential-filter.sh --dir /tmp/{name}-security-review/
+```
+
+| Result | Action |
+|--------|--------|
+| Exit 0 | CLEAN — proceed |
+| Exit 1 | BLOCKED — show findings, abort |
+
+### Step 4: Layer 2 — Prompt Injection Scan
+
+Search ALL text files for prompt injection patterns:
+
+```bash
+# Instruction override patterns
+grep -rnEi 'ignore.*(previous|above|prior).*(instruction|prompt|rule)' /tmp/{name}-security-review/ --include='*.md' --include='*.txt' --include='*.json' --include='*.yaml' --include='*.yml'
+
+# Role manipulation
+grep -rnEi '(you are now|act as|new role|forget everything|override|bypass|disregard)' /tmp/{name}-security-review/ --include='*.md' --include='*.txt'
+
+# System prompt extraction
+grep -rnEi '(system prompt|show me your|repeat your|reveal your|print your).*(instructions|prompt|rules)' /tmp/{name}-security-review/ --include='*.md' --include='*.txt'
+
+# Special tokens
+grep -rnE '<\|im_start\|>|<\|im_end\|>|\[INST\]|\[\/INST\]' /tmp/{name}-security-review/
+```
+
+Also scan for invisible Unicode:
+
+```bash
+# Zero-width characters
+grep -rP '[\x{200B}\x{200C}\x{200D}\x{FEFF}\x{2060}]' /tmp/{name}-security-review/ --include='*.md' --include='*.txt'
+```
+
+### Step 5: Layer 3 — Exfiltration Detection
+
+```bash
+# Network calls in scripts
+grep -rnE '(fetch\(|XMLHttpRequest|WebSocket|navigator\.sendBeacon|\.ajax\()' /tmp/{name}-security-review/ --include='*.js' --include='*.ts' --include='*.html'
+
+# Shell network commands
+grep -rnE '(curl |wget |nc |ncat )' /tmp/{name}-security-review/ --include='*.sh' --include='*.md'
+
+# Cookie/storage access
+grep -rnE '(document\.cookie|localStorage\.|sessionStorage\.)' /tmp/{name}-security-review/ --include='*.js' --include='*.html'
+```
+
+**Allowlist CDN domains:** jsdelivr.net, cdnjs.cloudflare.com, unpkg.com, fonts.googleapis.com, fonts.gstatic.com
+
+Any URL NOT on the allowlist → flag for review.
+
+### Step 6: Layer 4 — Tool Poisoning
+
+```bash
+# Destructive operations
+grep -rnE '(rm -rf|sudo |chmod 777|eval\(|exec\()' /tmp/{name}-security-review/
+
+# Credential file access
+grep -rnE '(\.env|\.ssh|\.aws|credentials|\.gnupg|\.netrc)' /tmp/{name}-security-review/ --include='*.md' --include='*.sh' --include='*.js'
+
+# Process spawning
+grep -rnE '(child_process|os\.system|subprocess|spawn\()' /tmp/{name}-security-review/ --include='*.js' --include='*.ts' --include='*.py'
+```
+
+### Step 7: Layer 5 — Hidden Content
+
+```bash
+# Base64 payloads (>100 chars, exclude image data URIs)
+grep -rnE '[A-Za-z0-9+/]{100,}={0,2}' /tmp/{name}-security-review/ --include='*.md' --include='*.json' | grep -v 'data:image'
+
+# Obfuscation
+grep -rnE '(atob|btoa|String\.fromCharCode|unescape|decodeURI)' /tmp/{name}-security-review/ --include='*.js' --include='*.html'
+```
+
+### Step 8: Layer 6 — CDN Dependency Pinning
+
+For each external script/CSS URL found in HTML files:
+
+| URL Pattern | Verdict |
+|-------------|---------|
+| `@3.2.2` (exact) | GOOD |
+| `@11` (major only) | ADVISORY |
+| No version | WARNING |
+| Unknown CDN | RED FLAG |
+
+### Step 9: Compile Audit Report
+
+```
++------------------------------------------------------------------------------+
+| FIRE SECURITY AUDIT — RESULTS                                                |
++------------------------------------------------------------------------------+
+|                                                                              |
+|  Repo: {owner}/{name}                                                        |
+|  Files scanned: {N}                                                          |
+|                                                                              |
+|  Layer 1: Credentials      ... {CLEAN | BLOCKED}                            |
+|  Layer 2: Prompt Injection  ... {CLEAN | FOUND {N}}                         |
+|  Layer 3: Exfiltration      ... {CLEAN | FOUND {N}}                         |
+|  Layer 4: Tool Poisoning    ... {CLEAN | FOUND {N}}                         |
+|  Layer 5: Hidden Content    ... {CLEAN | FOUND {N}}                         |
+|  Layer 6: CDN Pinning       ... {GOOD | ADVISORY {N} | WARNING {N}}        |
+|                                                                              |
+|  OVERALL VERDICT: {CLEAN | ADVISORY | SUSPICIOUS | BLOCKED}                |
+|                                                                              |
++------------------------------------------------------------------------------+
+```
+
+### Step 10: Install or Reject
+
+**If CLEAN or ADVISORY:**
+
+```bash
+# Install as skill
+cp -r /tmp/{name}-security-review/ ~/.claude/skills/{name}/
+rm -rf ~/.claude/skills/{name}/.git
+
+# Run credential filter one more time on installed location
+bash ~/.claude/hooks/credential-filter.sh --dir ~/.claude/skills/{name}/
+```
+
+**If SUSPICIOUS:**
+
+```
+Use AskUserQuestion:
+  header: "Suspicious"
+  question: "{N} suspicious findings. Review details and decide?"
+  options:
+    - "Show findings" - Display all flagged items with file:line context
+    - "Install anyway" - Accept risk
+    - "Abort" - Do not install
+```
+
+**If BLOCKED:**
+
+```
+INSTALLATION BLOCKED
+
+{N} security threats detected:
+  {finding 1}
+  {finding 2}
+  ...
+
+This repo will NOT be installed.
+```
+
+### Step 11: Log Audit Result
+
+Write audit log to `~/.claude/audit-log/{name}-{date}.md`:
+
+```markdown
+# Security Audit: {owner}/{name}
+**Date:** {YYYY-MM-DD}
+**Verdict:** {CLEAN|ADVISORY|SUSPICIOUS|BLOCKED}
+**Installed:** {yes/no}
+**Location:** {install path or "not installed"}
+
+## Pre-Download
+- Stars: {N}, Forks: {N}, Age: {days}
+- Owner: {login}, Repos: {N}, Followers: {N}
+
+## Layer Results
+{summary of each layer}
+
+## Findings
+{detailed findings if any}
+```
+
+### Step 12: Cleanup
+
+```bash
+rm -rf /tmp/{name}-security-review
+```
+
+---
+
+## Success Criteria
+
+- [ ] Pre-download intelligence gathered and red flags evaluated
+- [ ] All 6 layers executed
+- [ ] Findings reported with file:line context
+- [ ] Verdict is one of: CLEAN, ADVISORY, SUSPICIOUS, BLOCKED
+- [ ] Audit log written
+- [ ] Temp directory cleaned up
+- [ ] If installed: credential filter passed on installed copy
+
+---
+
+## References
+
+- **Skill:** `security/GITHUB_REPO_SECURITY_AUDIT.md`
+- **Depends on:** `~/.claude/hooks/credential-filter.sh`
+- **Related:** `/fire-add-new-skill` (Step 4.6 credential gate)