agent-skill-kit 3.9.135
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/global.d.ts +80 -0
- package/.agent/rules/GEMINI.md +210 -0
- package/.agent/rules/autopilot.md +287 -0
- package/.agent/rules/code-rules.md +227 -0
- package/.agent/scripts/audit_workflows.ts +23 -0
- package/.agent/scripts/auto_preview.ts +170 -0
- package/.agent/scripts/checklist.ts +180 -0
- package/.agent/scripts/compile-agents.ts +237 -0
- package/.agent/scripts/fix_skills.ts +49 -0
- package/.agent/scripts/session_manager.ts +222 -0
- package/.agent/scripts/skill-audit.ts +255 -0
- package/.agent/scripts/sync_workflows.ts +54 -0
- package/.agent/scripts/utils/colors.ts +58 -0
- package/.agent/scripts/utils/process-manager.ts +131 -0
- package/.agent/scripts/utils/reporter.ts +192 -0
- package/.agent/scripts/utils/runner.ts +128 -0
- package/.agent/scripts/verify_all.ts +243 -0
- package/.agent/scripts/version-sync.ts +256 -0
- package/.agent/skills/SKILL_INDEX.md +129 -0
- package/.agent/skills/agent-browser/AGENTS.md +728 -0
- package/.agent/skills/agent-browser/SKILL.md +193 -0
- package/.agent/skills/agent-browser/rules/_sections.md +15 -0
- package/.agent/skills/agent-browser/rules/_template.md +32 -0
- package/.agent/skills/agent-browser/rules/engineering-spec.md +528 -0
- package/.agent/skills/agent-browser/scripts/browser_cli.ts +52 -0
- package/.agent/skills/agent-browser/scripts/session_manager.ts +166 -0
- package/.agent/skills/ai-artist/AGENTS.md +1082 -0
- package/.agent/skills/ai-artist/SKILL.md +186 -0
- package/.agent/skills/ai-artist/rules/_sections.md +30 -0
- package/.agent/skills/ai-artist/rules/_template.md +32 -0
- package/.agent/skills/ai-artist/rules/domain-code.md +118 -0
- package/.agent/skills/ai-artist/rules/domain-marketing.md +105 -0
- package/.agent/skills/ai-artist/rules/engineering-spec.md +519 -0
- package/.agent/skills/ai-artist/rules/image-prompts.md +195 -0
- package/.agent/skills/ai-artist/rules/model-syntax.md +115 -0
- package/.agent/skills/ai-artist/scripts/prompt_compiler.ts +72 -0
- package/.agent/skills/ai-artist/templates/image-core.txt +1 -0
- package/.agent/skills/ai-artist/templates/llm-core.txt +6 -0
- package/.agent/skills/api-architect/AGENTS.md +1896 -0
- package/.agent/skills/api-architect/SKILL.md +173 -0
- package/.agent/skills/api-architect/rules/_sections.md +35 -0
- package/.agent/skills/api-architect/rules/_template.md +32 -0
- package/.agent/skills/api-architect/rules/api-style.md +115 -0
- package/.agent/skills/api-architect/rules/auth.md +134 -0
- package/.agent/skills/api-architect/rules/documentation.md +131 -0
- package/.agent/skills/api-architect/rules/engineering-spec.md +505 -0
- package/.agent/skills/api-architect/rules/graphql.md +154 -0
- package/.agent/skills/api-architect/rules/rate-limiting.md +76 -0
- package/.agent/skills/api-architect/rules/response.md +138 -0
- package/.agent/skills/api-architect/rules/rest.md +113 -0
- package/.agent/skills/api-architect/rules/security-testing.md +146 -0
- package/.agent/skills/api-architect/rules/trpc.md +129 -0
- package/.agent/skills/api-architect/rules/versioning.md +100 -0
- package/.agent/skills/api-architect/scripts/api_validator.ts +413 -0
- package/.agent/skills/auth-patterns/AGENTS.md +1830 -0
- package/.agent/skills/auth-patterns/SKILL.md +163 -0
- package/.agent/skills/auth-patterns/rules/_sections.md +30 -0
- package/.agent/skills/auth-patterns/rules/_template.md +32 -0
- package/.agent/skills/auth-patterns/rules/engineering-spec.md +515 -0
- package/.agent/skills/auth-patterns/rules/jwt-deep.md +196 -0
- package/.agent/skills/auth-patterns/rules/mfa.md +174 -0
- package/.agent/skills/auth-patterns/rules/oauth2.md +134 -0
- package/.agent/skills/auth-patterns/rules/passkey.md +243 -0
- package/.agent/skills/auth-patterns/rules/rbac-abac.md +206 -0
- package/.agent/skills/auth-patterns/rules/session.md +183 -0
- package/.agent/skills/auth-patterns/scripts/auth_validator.ts +121 -0
- package/.agent/skills/chrome-devtools/AGENTS.md +952 -0
- package/.agent/skills/chrome-devtools/SKILL.md +160 -0
- package/.agent/skills/chrome-devtools/rules/_sections.md +25 -0
- package/.agent/skills/chrome-devtools/rules/_template.md +32 -0
- package/.agent/skills/chrome-devtools/rules/aria-snapshot.md +95 -0
- package/.agent/skills/chrome-devtools/rules/engineering-spec.md +510 -0
- package/.agent/skills/chrome-devtools/rules/scripts-guide.md +174 -0
- package/.agent/skills/chrome-devtools/scripts/aria-snapshot.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/click.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/console.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/core_cli.ts +79 -0
- package/.agent/skills/chrome-devtools/scripts/evaluate.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/fill.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/navigate.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/network.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/performance.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/screenshot.ts +3 -0
- package/.agent/skills/chrome-devtools/scripts/select-ref.ts +3 -0
- package/.agent/skills/cicd-pipeline/AGENTS.md +809 -0
- package/.agent/skills/cicd-pipeline/SKILL.md +164 -0
- package/.agent/skills/cicd-pipeline/rules/_sections.md +15 -0
- package/.agent/skills/cicd-pipeline/rules/_template.md +32 -0
- package/.agent/skills/cicd-pipeline/rules/engineering-spec.md +477 -0
- package/.agent/skills/cicd-pipeline/scripts/flag-manager.ts +253 -0
- package/.agent/skills/cicd-pipeline/scripts/pipeline_validator.ts +133 -0
- package/.agent/skills/code-constitution/AGENTS.md +597 -0
- package/.agent/skills/code-constitution/CHANGELOG.md +216 -0
- package/.agent/skills/code-constitution/SKILL.md +191 -0
- package/.agent/skills/code-constitution/VERSION +3 -0
- package/.agent/skills/code-constitution/examples/violation-backend-mutation/after.tsx +59 -0
- package/.agent/skills/code-constitution/examples/violation-backend-mutation/before.tsx +42 -0
- package/.agent/skills/code-constitution/examples/violation-backend-mutation/explanation.md +91 -0
- package/.agent/skills/code-constitution/examples/violation-chart-injection/after.tsx +99 -0
- package/.agent/skills/code-constitution/examples/violation-chart-injection/before.tsx +57 -0
- package/.agent/skills/code-constitution/examples/violation-chart-injection/explanation.md +120 -0
- package/.agent/skills/code-constitution/knowledge/lessons-learned.yaml +3 -0
- package/.agent/skills/code-constitution/metadata/precedence.yaml +117 -0
- package/.agent/skills/code-constitution/metadata/scope-map.yaml +156 -0
- package/.agent/skills/code-constitution/proposals/v1.1-change-proposal-template.md +201 -0
- package/.agent/skills/code-constitution/resources/AUTHORITY_MODEL.md +115 -0
- package/.agent/skills/code-constitution/resources/ENFORCEMENT_GUIDE.md +246 -0
- package/.agent/skills/code-constitution/resources/LOAD_ORDER.md +86 -0
- package/.agent/skills/code-constitution/rules/_sections.md +15 -0
- package/.agent/skills/code-constitution/rules/_template.md +32 -0
- package/.agent/skills/code-constitution/rules/constitution/master-constitution.md +210 -0
- package/.agent/skills/code-constitution/rules/doctrines/architecture/architecture-doctrine.md +188 -0
- package/.agent/skills/code-constitution/rules/doctrines/backend/backend-data-engine-doctrine.md +218 -0
- package/.agent/skills/code-constitution/rules/doctrines/commercial/commercial-guardrails-doctrine.md +196 -0
- package/.agent/skills/code-constitution/rules/doctrines/data/data-integrity-doctrine.md +202 -0
- package/.agent/skills/code-constitution/rules/doctrines/frontend/frontend-mobile-doctrine.md +169 -0
- package/.agent/skills/code-constitution/rules/doctrines/frontend/interaction-patterns-doctrine.md +176 -0
- package/.agent/skills/code-constitution/rules/doctrines/learning/learning-engine-doctrine.md +192 -0
- package/.agent/skills/code-constitution/rules/doctrines/performance/performance-doctrine.md +180 -0
- package/.agent/skills/code-constitution/rules/doctrines/review/code-review-doctrine.md +174 -0
- package/.agent/skills/code-constitution/rules/enforcement/agents/agent-enforcement-protocol.md +218 -0
- package/.agent/skills/code-constitution/rules/enforcement/agents/agent-system-prompt.md +196 -0
- package/.agent/skills/code-constitution/rules/enforcement/checklists/backend-api-review-checklist.md +131 -0
- package/.agent/skills/code-constitution/rules/enforcement/checklists/chart-component-review-checklist.md +147 -0
- package/.agent/skills/code-constitution/rules/enforcement/checklists/frontend-review-checklist.md +194 -0
- package/.agent/skills/code-constitution/rules/enforcement/playbooks/doctrine-violation-playbook.md +236 -0
- package/.agent/skills/code-constitution/rules/engineering-spec.md +561 -0
- package/.agent/skills/code-constitution/scripts/audit_pr.ts +219 -0
- package/.agent/skills/code-constitution/scripts/check_boundaries.ts +134 -0
- package/.agent/skills/code-constitution/scripts/learn.ts +202 -0
- package/.agent/skills/code-constitution/scripts/validate_doctrine.ts +287 -0
- package/.agent/skills/code-craft/AGENTS.md +803 -0
- package/.agent/skills/code-craft/SKILL.md +170 -0
- package/.agent/skills/code-craft/rules/_sections.md +20 -0
- package/.agent/skills/code-craft/rules/_template.md +32 -0
- package/.agent/skills/code-craft/rules/engineering-spec.md +447 -0
- package/.agent/skills/code-craft/rules/verification-scripts.md +83 -0
- package/.agent/skills/code-craft/scripts/code_quality_checker.ts +193 -0
- package/.agent/skills/code-review/AGENTS.md +1664 -0
- package/.agent/skills/code-review/SKILL.md +152 -0
- package/.agent/skills/code-review/rules/_sections.md +15 -0
- package/.agent/skills/code-review/rules/_template.md +32 -0
- package/.agent/skills/code-review/rules/engineering-spec.md +466 -0
- package/.agent/skills/code-review/scripts/lint_runner.ts +213 -0
- package/.agent/skills/code-review/scripts/type_coverage.ts +118 -0
- package/.agent/skills/context-engineering/AGENTS.md +499 -0
- package/.agent/skills/context-engineering/SKILL.md +147 -0
- package/.agent/skills/context-engineering/rules/_sections.md +15 -0
- package/.agent/skills/context-engineering/rules/_template.md +32 -0
- package/.agent/skills/context-engineering/rules/engineering-spec.md +463 -0
- package/.agent/skills/context-engineering/scripts/context_analyzer.ts +127 -0
- package/.agent/skills/copywriting/AGENTS.md +501 -0
- package/.agent/skills/copywriting/SKILL.md +188 -0
- package/.agent/skills/copywriting/rules/_sections.md +15 -0
- package/.agent/skills/copywriting/rules/_template.md +32 -0
- package/.agent/skills/copywriting/rules/engineering-spec.md +465 -0
- package/.agent/skills/copywriting/scripts/copy_validator.ts +185 -0
- package/.agent/skills/data-modeler/AGENTS.md +814 -0
- package/.agent/skills/data-modeler/SKILL.md +195 -0
- package/.agent/skills/data-modeler/rules/_sections.md +15 -0
- package/.agent/skills/data-modeler/rules/_template.md +32 -0
- package/.agent/skills/data-modeler/rules/database-selection.md +124 -0
- package/.agent/skills/data-modeler/rules/engineering-spec.md +479 -0
- package/.agent/skills/data-modeler/rules/indexing.md +166 -0
- package/.agent/skills/data-modeler/rules/migrations.md +176 -0
- package/.agent/skills/data-modeler/rules/optimization.md +161 -0
- package/.agent/skills/data-modeler/rules/orm-selection.md +155 -0
- package/.agent/skills/data-modeler/rules/schema-design.md +162 -0
- package/.agent/skills/data-modeler/scripts/schema_validator.ts +357 -0
- package/.agent/skills/debug-pro/AGENTS.md +798 -0
- package/.agent/skills/debug-pro/SKILL.md +193 -0
- package/.agent/skills/debug-pro/defense-in-depth/SKILL.md +148 -0
- package/.agent/skills/debug-pro/root-cause-tracing/SKILL.md +196 -0
- package/.agent/skills/debug-pro/root-cause-tracing/find-polluter.sh +63 -0
- package/.agent/skills/debug-pro/rules/_sections.md +15 -0
- package/.agent/skills/debug-pro/rules/_template.md +32 -0
- package/.agent/skills/debug-pro/rules/engineering-spec.md +491 -0
- package/.agent/skills/debug-pro/scripts/debug_verifier.ts +148 -0
- package/.agent/skills/debug-pro/verification-before-completion/SKILL.md +160 -0
- package/.agent/skills/design-system/AGENTS.md +4216 -0
- package/.agent/skills/design-system/SKILL.md +186 -0
- package/.agent/skills/design-system/rules/_sections.md +65 -0
- package/.agent/skills/design-system/rules/_template.md +32 -0
- package/.agent/skills/design-system/rules/animation-guide.md +355 -0
- package/.agent/skills/design-system/rules/color-system.md +335 -0
- package/.agent/skills/design-system/rules/color-systems.md +133 -0
- package/.agent/skills/design-system/rules/decision-trees.md +442 -0
- package/.agent/skills/design-system/rules/design-extraction.md +152 -0
- package/.agent/skills/design-system/rules/engineering-spec.md +484 -0
- package/.agent/skills/design-system/rules/motion-design.md +161 -0
- package/.agent/skills/design-system/rules/motion-graphics.md +330 -0
- package/.agent/skills/design-system/rules/spatial-composition.md +184 -0
- package/.agent/skills/design-system/rules/typography-system.md +369 -0
- package/.agent/skills/design-system/rules/typography.md +124 -0
- package/.agent/skills/design-system/rules/ux-psychology.md +565 -0
- package/.agent/skills/design-system/rules/visual-effects.md +407 -0
- package/.agent/skills/design-system/scripts/accessibility_checker.ts +292 -0
- package/.agent/skills/design-system/scripts/ux_audit.ts +356 -0
- package/.agent/skills/doc-templates/AGENTS.md +820 -0
- package/.agent/skills/doc-templates/SKILL.md +260 -0
- package/.agent/skills/doc-templates/rules/_sections.md +20 -0
- package/.agent/skills/doc-templates/rules/_template.md +32 -0
- package/.agent/skills/doc-templates/rules/doc.md +355 -0
- package/.agent/skills/doc-templates/rules/engineering-spec.md +422 -0
- package/.agent/skills/doc-templates/scripts/editor-server.ts +162 -0
- package/.agent/skills/doc-templates/scripts/inject_otel.ts +22 -0
- package/.agent/skills/doc-templates/scripts/kanban-server.ts +171 -0
- package/.agent/skills/doc-templates/scripts/markdown-server.ts +185 -0
- package/.agent/skills/e2e-automation/AGENTS.md +882 -0
- package/.agent/skills/e2e-automation/SKILL.md +175 -0
- package/.agent/skills/e2e-automation/rules/_sections.md +20 -0
- package/.agent/skills/e2e-automation/rules/_template.md +32 -0
- package/.agent/skills/e2e-automation/rules/aria-snapshot.md +185 -0
- package/.agent/skills/e2e-automation/rules/engineering-spec.md +501 -0
- package/.agent/skills/e2e-automation/scripts/playwright_runner.ts +208 -0
- package/.agent/skills/execution-reporter/AGENTS.md +419 -0
- package/.agent/skills/execution-reporter/SKILL.md +152 -0
- package/.agent/skills/execution-reporter/rules/_sections.md +15 -0
- package/.agent/skills/execution-reporter/rules/_template.md +32 -0
- package/.agent/skills/execution-reporter/rules/engineering-spec.md +389 -0
- package/.agent/skills/game-development/2d-games/SKILL.md +140 -0
- package/.agent/skills/game-development/3d-games/SKILL.md +156 -0
- package/.agent/skills/game-development/AGENTS.md +783 -0
- package/.agent/skills/game-development/SKILL.md +178 -0
- package/.agent/skills/game-development/game-art/SKILL.md +207 -0
- package/.agent/skills/game-development/game-audio/SKILL.md +211 -0
- package/.agent/skills/game-development/game-design/SKILL.md +151 -0
- package/.agent/skills/game-development/mobile-games/SKILL.md +130 -0
- package/.agent/skills/game-development/multiplayer/SKILL.md +154 -0
- package/.agent/skills/game-development/pc-games/SKILL.md +167 -0
- package/.agent/skills/game-development/rules/_sections.md +15 -0
- package/.agent/skills/game-development/rules/_template.md +32 -0
- package/.agent/skills/game-development/rules/engineering-spec.md +480 -0
- package/.agent/skills/game-development/vr-ar/SKILL.md +144 -0
- package/.agent/skills/game-development/web-games/SKILL.md +173 -0
- package/.agent/skills/git-workflow/AGENTS.md +554 -0
- package/.agent/skills/git-workflow/SKILL.md +181 -0
- package/.agent/skills/git-workflow/rules/_sections.md +15 -0
- package/.agent/skills/git-workflow/rules/_template.md +32 -0
- package/.agent/skills/git-workflow/rules/engineering-spec.md +518 -0
- package/.agent/skills/gitops/AGENTS.md +921 -0
- package/.agent/skills/gitops/SKILL.md +163 -0
- package/.agent/skills/gitops/rules/_sections.md +25 -0
- package/.agent/skills/gitops/rules/_template.md +32 -0
- package/.agent/skills/gitops/rules/argocd-setup.md +148 -0
- package/.agent/skills/gitops/rules/engineering-spec.md +450 -0
- package/.agent/skills/gitops/rules/sync-policies.md +145 -0
- package/.agent/skills/google-adk-python/AGENTS.md +1054 -0
- package/.agent/skills/google-adk-python/SKILL.md +168 -0
- package/.agent/skills/google-adk-python/rules/_sections.md +25 -0
- package/.agent/skills/google-adk-python/rules/_template.md +32 -0
- package/.agent/skills/google-adk-python/rules/deployment.md +138 -0
- package/.agent/skills/google-adk-python/rules/engineering-spec.md +451 -0
- package/.agent/skills/google-adk-python/rules/multi-agent.md +146 -0
- package/.agent/skills/google-adk-python/rules/tools.md +131 -0
- package/.agent/skills/idea-storm/AGENTS.md +995 -0
- package/.agent/skills/idea-storm/SKILL.md +160 -0
- package/.agent/skills/idea-storm/rules/_sections.md +25 -0
- package/.agent/skills/idea-storm/rules/_template.md +32 -0
- package/.agent/skills/idea-storm/rules/architecture-debate.md +122 -0
- package/.agent/skills/idea-storm/rules/dynamic-questioning.md +374 -0
- package/.agent/skills/idea-storm/rules/engineering-spec.md +466 -0
- package/.agent/skills/knowledge-compiler/SKILL.md +320 -0
- package/.agent/skills/knowledge-graph/AGENTS.md +762 -0
- package/.agent/skills/knowledge-graph/SKILL.md +157 -0
- package/.agent/skills/knowledge-graph/rules/_sections.md +15 -0
- package/.agent/skills/knowledge-graph/rules/_template.md +32 -0
- package/.agent/skills/knowledge-graph/rules/engineering-spec.md +439 -0
- package/.agent/skills/knowledge-linter/SKILL.md +217 -0
- package/.agent/skills/lifecycle-orchestrator/AGENTS.md +989 -0
- package/.agent/skills/lifecycle-orchestrator/SKILL.md +169 -0
- package/.agent/skills/lifecycle-orchestrator/rules/_sections.md +15 -0
- package/.agent/skills/lifecycle-orchestrator/rules/_template.md +32 -0
- package/.agent/skills/lifecycle-orchestrator/rules/engineering-spec.md +525 -0
- package/.agent/skills/lifecycle-orchestrator/scripts/state_manager.ts +189 -0
- package/.agent/skills/mcp-builder/AGENTS.md +1653 -0
- package/.agent/skills/mcp-builder/SKILL.md +166 -0
- package/.agent/skills/mcp-builder/rules/_sections.md +40 -0
- package/.agent/skills/mcp-builder/rules/_template.md +32 -0
- package/.agent/skills/mcp-builder/rules/best-practices.md +157 -0
- package/.agent/skills/mcp-builder/rules/design-principles.md +105 -0
- package/.agent/skills/mcp-builder/rules/engineering-spec.md +473 -0
- package/.agent/skills/mcp-builder/rules/evaluation.md +103 -0
- package/.agent/skills/mcp-builder/rules/python-implementation.md +249 -0
- package/.agent/skills/mcp-builder/rules/quickstart.md +111 -0
- package/.agent/skills/mcp-builder/rules/typescript-implementation.md +280 -0
- package/.agent/skills/mcp-management/AGENTS.md +837 -0
- package/.agent/skills/mcp-management/SKILL.md +164 -0
- package/.agent/skills/mcp-management/rules/_sections.md +25 -0
- package/.agent/skills/mcp-management/rules/_template.md +32 -0
- package/.agent/skills/mcp-management/rules/cli-usage.md +146 -0
- package/.agent/skills/mcp-management/rules/engineering-spec.md +501 -0
- package/.agent/skills/mcp-management/rules/protocol.md +159 -0
- package/.agent/skills/media-processing/AGENTS.md +479 -0
- package/.agent/skills/media-processing/SKILL.md +176 -0
- package/.agent/skills/media-processing/rules/_sections.md +15 -0
- package/.agent/skills/media-processing/rules/_template.md +32 -0
- package/.agent/skills/media-processing/rules/engineering-spec.md +452 -0
- package/.agent/skills/media-processing/scripts/convert-video.ts +155 -0
- package/.agent/skills/media-processing/scripts/optimize-image.ts +127 -0
- package/.agent/skills/mobile-design/AGENTS.md +6531 -0
- package/.agent/skills/mobile-design/SKILL.md +165 -0
- package/.agent/skills/mobile-design/rules/_sections.md +45 -0
- package/.agent/skills/mobile-design/rules/_template.md +32 -0
- package/.agent/skills/mobile-design/rules/decision-trees.md +540 -0
- package/.agent/skills/mobile-design/rules/engineering-spec.md +467 -0
- package/.agent/skills/mobile-design/rules/mobile-backend.md +516 -0
- package/.agent/skills/mobile-design/rules/mobile-color-system.md +436 -0
- package/.agent/skills/mobile-design/rules/mobile-debugging.md +146 -0
- package/.agent/skills/mobile-design/rules/mobile-design-thinking.md +381 -0
- package/.agent/skills/mobile-design/rules/mobile-navigation.md +474 -0
- package/.agent/skills/mobile-design/rules/mobile-performance.md +783 -0
- package/.agent/skills/mobile-design/rules/mobile-testing.md +380 -0
- package/.agent/skills/mobile-design/rules/mobile-typography.md +449 -0
- package/.agent/skills/mobile-design/rules/platform-android.md +682 -0
- package/.agent/skills/mobile-design/rules/platform-ios.md +577 -0
- package/.agent/skills/mobile-design/rules/touch-psychology.md +553 -0
- package/.agent/skills/mobile-design/scripts/mobile_audit.ts +309 -0
- package/.agent/skills/mobile-developer/AGENTS.md +904 -0
- package/.agent/skills/mobile-developer/SKILL.md +194 -0
- package/.agent/skills/mobile-developer/rules/_sections.md +75 -0
- package/.agent/skills/mobile-developer/rules/_template.md +32 -0
- package/.agent/skills/mobile-developer/rules/anti-patterns.md +70 -0
- package/.agent/skills/mobile-developer/rules/app-store-optimization.md +319 -0
- package/.agent/skills/mobile-developer/rules/decision-trees.md +545 -0
- package/.agent/skills/mobile-developer/rules/deep-linking.md +441 -0
- package/.agent/skills/mobile-developer/rules/engineering-spec.md +477 -0
- package/.agent/skills/mobile-developer/rules/flutter.md +475 -0
- package/.agent/skills/mobile-developer/rules/mobile-backend.md +516 -0
- package/.agent/skills/mobile-developer/rules/mobile-color-system.md +444 -0
- package/.agent/skills/mobile-developer/rules/mobile-debugging.md +428 -0
- package/.agent/skills/mobile-developer/rules/mobile-design-thinking.md +367 -0
- package/.agent/skills/mobile-developer/rules/mobile-navigation.md +483 -0
- package/.agent/skills/mobile-developer/rules/mobile-performance.md +778 -0
- package/.agent/skills/mobile-developer/rules/mobile-testing.md +382 -0
- package/.agent/skills/mobile-developer/rules/mobile-typography.md +457 -0
- package/.agent/skills/mobile-developer/rules/native.md +572 -0
- package/.agent/skills/mobile-developer/rules/platform-android.md +676 -0
- package/.agent/skills/mobile-developer/rules/platform-ios.md +571 -0
- package/.agent/skills/mobile-developer/rules/push-notifications.md +599 -0
- package/.agent/skills/mobile-developer/rules/react-native.md +422 -0
- package/.agent/skills/mobile-developer/rules/touch-psychology.md +547 -0
- package/.agent/skills/mobile-developer/scripts/mobile_audit.ts +701 -0
- package/.agent/skills/nextjs-pro/AGENTS.md +3932 -0
- package/.agent/skills/nextjs-pro/SKILL.md +171 -0
- package/.agent/skills/nextjs-pro/rules/_sections.md +50 -0
- package/.agent/skills/nextjs-pro/rules/_template.md +32 -0
- package/.agent/skills/nextjs-pro/rules/advanced-event-handler-refs.md +59 -0
- package/.agent/skills/nextjs-pro/rules/advanced-init-once.md +46 -0
- package/.agent/skills/nextjs-pro/rules/advanced-use-latest.md +43 -0
- package/.agent/skills/nextjs-pro/rules/async-api-routes.md +42 -0
- package/.agent/skills/nextjs-pro/rules/async-defer-await.md +84 -0
- package/.agent/skills/nextjs-pro/rules/async-dependencies.md +55 -0
- package/.agent/skills/nextjs-pro/rules/async-parallel.md +32 -0
- package/.agent/skills/nextjs-pro/rules/async-suspense-boundaries.md +103 -0
- package/.agent/skills/nextjs-pro/rules/bundle-barrel-imports.md +63 -0
- package/.agent/skills/nextjs-pro/rules/bundle-conditional.md +35 -0
- package/.agent/skills/nextjs-pro/rules/bundle-defer-third-party.md +53 -0
- package/.agent/skills/nextjs-pro/rules/bundle-dynamic-imports.md +39 -0
- package/.agent/skills/nextjs-pro/rules/bundle-preload.md +54 -0
- package/.agent/skills/nextjs-pro/rules/client-event-listeners.md +78 -0
- package/.agent/skills/nextjs-pro/rules/client-localstorage-schema.md +75 -0
- package/.agent/skills/nextjs-pro/rules/client-passive-event-listeners.md +52 -0
- package/.agent/skills/nextjs-pro/rules/client-swr-dedup.md +60 -0
- package/.agent/skills/nextjs-pro/rules/engineering-spec.md +440 -0
- package/.agent/skills/nextjs-pro/rules/js-batch-dom-css.md +111 -0
- package/.agent/skills/nextjs-pro/rules/js-cache-function-results.md +84 -0
- package/.agent/skills/nextjs-pro/rules/js-cache-property-access.md +32 -0
- package/.agent/skills/nextjs-pro/rules/js-cache-storage.md +74 -0
- package/.agent/skills/nextjs-pro/rules/js-combine-iterations.md +36 -0
- package/.agent/skills/nextjs-pro/rules/js-early-exit.md +54 -0
- package/.agent/skills/nextjs-pro/rules/js-hoist-regexp.md +49 -0
- package/.agent/skills/nextjs-pro/rules/js-index-maps.md +41 -0
- package/.agent/skills/nextjs-pro/rules/js-length-check-first.md +53 -0
- package/.agent/skills/nextjs-pro/rules/js-min-max-loop.md +86 -0
- package/.agent/skills/nextjs-pro/rules/js-set-map-lookups.md +28 -0
- package/.agent/skills/nextjs-pro/rules/js-tosorted-immutable.md +61 -0
- package/.agent/skills/nextjs-pro/rules/rendering-activity.md +30 -0
- package/.agent/skills/nextjs-pro/rules/rendering-animate-svg-wrapper.md +51 -0
- package/.agent/skills/nextjs-pro/rules/rendering-conditional-render.md +44 -0
- package/.agent/skills/nextjs-pro/rules/rendering-content-visibility.md +42 -0
- package/.agent/skills/nextjs-pro/rules/rendering-hoist-jsx.md +50 -0
- package/.agent/skills/nextjs-pro/rules/rendering-hydration-no-flicker.md +86 -0
- package/.agent/skills/nextjs-pro/rules/rendering-hydration-suppress-warning.md +34 -0
- package/.agent/skills/nextjs-pro/rules/rendering-svg-precision.md +32 -0
- package/.agent/skills/nextjs-pro/rules/rendering-usetransition-loading.md +79 -0
- package/.agent/skills/nextjs-pro/rules/rerender-defer-reads.md +43 -0
- package/.agent/skills/nextjs-pro/rules/rerender-dependencies.md +49 -0
- package/.agent/skills/nextjs-pro/rules/rerender-derived-state-no-effect.md +44 -0
- package/.agent/skills/nextjs-pro/rules/rerender-derived-state.md +33 -0
- package/.agent/skills/nextjs-pro/rules/rerender-functional-setstate.md +78 -0
- package/.agent/skills/nextjs-pro/rules/rerender-lazy-state-init.md +62 -0
- package/.agent/skills/nextjs-pro/rules/rerender-memo-with-default-value.md +42 -0
- package/.agent/skills/nextjs-pro/rules/rerender-memo.md +48 -0
- package/.agent/skills/nextjs-pro/rules/rerender-move-effect-to-event.md +49 -0
- package/.agent/skills/nextjs-pro/rules/rerender-simple-expression-in-memo.md +39 -0
- package/.agent/skills/nextjs-pro/rules/rerender-transitions.md +44 -0
- package/.agent/skills/nextjs-pro/rules/rerender-use-ref-transient-values.md +77 -0
- package/.agent/skills/nextjs-pro/rules/schema.json +34 -0
- package/.agent/skills/nextjs-pro/rules/server-after-nonblocking.md +77 -0
- package/.agent/skills/nextjs-pro/rules/server-auth-actions.md +100 -0
- package/.agent/skills/nextjs-pro/rules/server-cache-lru.md +45 -0
- package/.agent/skills/nextjs-pro/rules/server-cache-react.md +80 -0
- package/.agent/skills/nextjs-pro/rules/server-dedup-props.md +69 -0
- package/.agent/skills/nextjs-pro/rules/server-parallel-fetching.md +87 -0
- package/.agent/skills/nextjs-pro/rules/server-serialization.md +42 -0
- package/.agent/skills/nodejs-pro/AGENTS.md +866 -0
- package/.agent/skills/nodejs-pro/SKILL.md +172 -0
- package/.agent/skills/nodejs-pro/rules/_sections.md +50 -0
- package/.agent/skills/nodejs-pro/rules/_template.md +32 -0
- package/.agent/skills/nodejs-pro/rules/architecture-patterns.md +229 -0
- package/.agent/skills/nodejs-pro/rules/async-patterns.md +246 -0
- package/.agent/skills/nodejs-pro/rules/engineering-spec.md +438 -0
- package/.agent/skills/nodejs-pro/rules/error-handling.md +257 -0
- package/.agent/skills/nodejs-pro/rules/framework-selection.md +220 -0
- package/.agent/skills/nodejs-pro/rules/runtime-modules.md +176 -0
- package/.agent/skills/nodejs-pro/rules/testing-strategy.md +266 -0
- package/.agent/skills/nodejs-pro/rules/validation-security.md +205 -0
- package/.agent/skills/observability/AGENTS.md +607 -0
- package/.agent/skills/observability/SKILL.md +178 -0
- package/.agent/skills/observability/rules/_sections.md +15 -0
- package/.agent/skills/observability/rules/_template.md +32 -0
- package/.agent/skills/observability/rules/engineering-spec.md +440 -0
- package/.agent/skills/offensive-sec/AGENTS.md +849 -0
- package/.agent/skills/offensive-sec/SKILL.md +191 -0
- package/.agent/skills/offensive-sec/rules/_sections.md +15 -0
- package/.agent/skills/offensive-sec/rules/_template.md +32 -0
- package/.agent/skills/offensive-sec/rules/engineering-spec.md +470 -0
- package/.agent/skills/perf-optimizer/AGENTS.md +870 -0
- package/.agent/skills/perf-optimizer/SKILL.md +189 -0
- package/.agent/skills/perf-optimizer/rules/_sections.md +15 -0
- package/.agent/skills/perf-optimizer/rules/_template.md +32 -0
- package/.agent/skills/perf-optimizer/rules/backend-patterns.md +312 -0
- package/.agent/skills/perf-optimizer/rules/engineering-spec.md +428 -0
- package/.agent/skills/perf-optimizer/scripts/lighthouse_audit.ts +201 -0
- package/.agent/skills/problem-checker/AGENTS.md +519 -0
- package/.agent/skills/problem-checker/SKILL.md +189 -0
- package/.agent/skills/problem-checker/rules/_sections.md +15 -0
- package/.agent/skills/problem-checker/rules/_template.md +32 -0
- package/.agent/skills/problem-checker/rules/engineering-spec.md +483 -0
- package/.agent/skills/problem-checker/scripts/check_problems.ts +396 -0
- package/.agent/skills/project-planner/AGENTS.md +2698 -0
- package/.agent/skills/project-planner/SKILL.md +166 -0
- package/.agent/skills/project-planner/rules/_sections.md +15 -0
- package/.agent/skills/project-planner/rules/_template.md +32 -0
- package/.agent/skills/project-planner/rules/engineering-spec.md +420 -0
- package/.agent/skills/python-pro/AGENTS.md +1871 -0
- package/.agent/skills/python-pro/SKILL.md +182 -0
- package/.agent/skills/python-pro/rules/_sections.md +50 -0
- package/.agent/skills/python-pro/rules/_template.md +32 -0
- package/.agent/skills/python-pro/rules/async-patterns.md +168 -0
- package/.agent/skills/python-pro/rules/django-patterns.md +194 -0
- package/.agent/skills/python-pro/rules/engineering-spec.md +442 -0
- package/.agent/skills/python-pro/rules/fastapi-patterns.md +179 -0
- package/.agent/skills/python-pro/rules/framework-selection.md +167 -0
- package/.agent/skills/python-pro/rules/project-structure.md +181 -0
- package/.agent/skills/python-pro/rules/testing-patterns.md +212 -0
- package/.agent/skills/python-pro/rules/type-hints.md +159 -0
- package/.agent/skills/react-pro/AGENTS.md +963 -0
- package/.agent/skills/react-pro/SKILL.md +232 -0
- package/.agent/skills/react-pro/rules/_sections.md +40 -0
- package/.agent/skills/react-pro/rules/_template.md +32 -0
- package/.agent/skills/react-pro/rules/component-patterns.md +145 -0
- package/.agent/skills/react-pro/rules/composition-compound.md +82 -0
- package/.agent/skills/react-pro/rules/data-fetching.md +133 -0
- package/.agent/skills/react-pro/rules/engineering-spec.md +453 -0
- package/.agent/skills/react-pro/rules/error-boundary.md +61 -0
- package/.agent/skills/react-pro/rules/file-organization.md +158 -0
- package/.agent/skills/react-pro/rules/hooks-custom.md +61 -0
- package/.agent/skills/react-pro/rules/mui-styling.md +138 -0
- package/.agent/skills/react-pro/rules/patterns.md +24 -0
- package/.agent/skills/react-pro/rules/performance-optimization.md +65 -0
- package/.agent/skills/react-pro/rules/performance.md +137 -0
- package/.agent/skills/react-pro/rules/react19-hooks.md +85 -0
- package/.agent/skills/react-pro/rules/state-management.md +90 -0
- package/.agent/skills/react-pro/rules/testing-patterns.md +52 -0
- package/.agent/skills/registry.json +1251 -0
- package/.agent/skills/security-scanner/AGENTS.md +851 -0
- package/.agent/skills/security-scanner/SKILL.md +182 -0
- package/.agent/skills/security-scanner/rules/_sections.md +15 -0
- package/.agent/skills/security-scanner/rules/_template.md +32 -0
- package/.agent/skills/security-scanner/rules/auth-patterns.md +281 -0
- package/.agent/skills/security-scanner/rules/checklists.md +186 -0
- package/.agent/skills/security-scanner/rules/engineering-spec.md +440 -0
- package/.agent/skills/security-scanner/scripts/security_scan.ts +513 -0
- package/.agent/skills/seo-optimizer/AGENTS.md +839 -0
- package/.agent/skills/seo-optimizer/SKILL.md +180 -0
- package/.agent/skills/seo-optimizer/rules/_sections.md +15 -0
- package/.agent/skills/seo-optimizer/rules/_template.md +32 -0
- package/.agent/skills/seo-optimizer/rules/engineering-spec.md +433 -0
- package/.agent/skills/seo-optimizer/scripts/geo_checker.ts +109 -0
- package/.agent/skills/seo-optimizer/scripts/seo_checker.ts +308 -0
- package/.agent/skills/server-ops/AGENTS.md +643 -0
- package/.agent/skills/server-ops/SKILL.md +194 -0
- package/.agent/skills/server-ops/rules/_sections.md +15 -0
- package/.agent/skills/server-ops/rules/_template.md +32 -0
- package/.agent/skills/server-ops/rules/engineering-spec.md +450 -0
- package/.agent/skills/shell-script/AGENTS.md +499 -0
- package/.agent/skills/shell-script/SKILL.md +205 -0
- package/.agent/skills/shell-script/rules/_sections.md +15 -0
- package/.agent/skills/shell-script/rules/_template.md +32 -0
- package/.agent/skills/shell-script/rules/engineering-spec.md +463 -0
- package/.agent/skills/skill-generator/SKILL.md +147 -0
- package/.agent/skills/smart-router/SKILL.md +95 -0
- package/.agent/skills/studio/AGENTS.md +636 -0
- package/.agent/skills/studio/SKILL.md +178 -0
- package/.agent/skills/studio/data/charts.csv +26 -0
- package/.agent/skills/studio/data/colors.csv +97 -0
- package/.agent/skills/studio/data/icons.csv +101 -0
- package/.agent/skills/studio/data/landing.csv +31 -0
- package/.agent/skills/studio/data/products.csv +97 -0
- package/.agent/skills/studio/data/prompts.csv +24 -0
- package/.agent/skills/studio/data/react-performance.csv +45 -0
- package/.agent/skills/studio/data/stacks/flutter.csv +52 -0
- package/.agent/skills/studio/data/stacks/html-tailwind.csv +56 -0
- package/.agent/skills/studio/data/stacks/jetpack-compose.csv +53 -0
- package/.agent/skills/studio/data/stacks/nextjs.csv +53 -0
- package/.agent/skills/studio/data/stacks/nuxt-ui.csv +51 -0
- package/.agent/skills/studio/data/stacks/nuxtjs.csv +59 -0
- package/.agent/skills/studio/data/stacks/react-native.csv +52 -0
- package/.agent/skills/studio/data/stacks/react.csv +54 -0
- package/.agent/skills/studio/data/stacks/shadcn.csv +61 -0
- package/.agent/skills/studio/data/stacks/svelte.csv +54 -0
- package/.agent/skills/studio/data/stacks/swiftui.csv +51 -0
- package/.agent/skills/studio/data/stacks/vue.csv +50 -0
- package/.agent/skills/studio/data/styles.csv +59 -0
- package/.agent/skills/studio/data/typography.csv +58 -0
- package/.agent/skills/studio/data/ui-reasoning.csv +101 -0
- package/.agent/skills/studio/data/ux-guidelines.csv +100 -0
- package/.agent/skills/studio/data/web-interface.csv +31 -0
- package/.agent/skills/studio/rules/_sections.md +15 -0
- package/.agent/skills/studio/rules/_template.md +32 -0
- package/.agent/skills/studio/rules/engineering-spec.md +455 -0
- package/.agent/skills/studio/scripts/core.ts +345 -0
- package/.agent/skills/studio/scripts/design_system.ts +953 -0
- package/.agent/skills/studio/scripts/search.ts +197 -0
- package/.agent/skills/studio/scripts/types.ts +147 -0
- package/.agent/skills/studio/scripts/utils/component-specs.ts +154 -0
- package/.agent/skills/studio/scripts/utils/config-loader.ts +165 -0
- package/.agent/skills/studio/scripts/utils/css-templates.ts +169 -0
- package/.agent/skills/studio/scripts/utils/css-validator.ts +95 -0
- package/.agent/skills/studio/scripts/utils/csv-loader.ts +52 -0
- package/.agent/skills/studio/scripts/utils/intelligent-overrides.ts +129 -0
- package/.agent/skills/studio/scripts/utils/page-override-formatter.ts +143 -0
- package/.agent/skills/studio/scripts/utils/page-type-detector.ts +124 -0
- package/.agent/skills/studio/scripts/utils/search-cache.ts +165 -0
- package/.agent/skills/studio/scripts/utils/text-utils.ts +44 -0
- package/.agent/skills/system-design/AGENTS.md +597 -0
- package/.agent/skills/system-design/SKILL.md +153 -0
- package/.agent/skills/system-design/rules/_sections.md +15 -0
- package/.agent/skills/system-design/rules/_template.md +32 -0
- package/.agent/skills/system-design/rules/context-discovery.md +117 -0
- package/.agent/skills/system-design/rules/engineering-spec.md +437 -0
- package/.agent/skills/system-design/rules/examples.md +180 -0
- package/.agent/skills/system-design/rules/pattern-selection.md +130 -0
- package/.agent/skills/system-design/rules/patterns-reference.md +110 -0
- package/.agent/skills/system-design/rules/trade-off-analysis.md +169 -0
- package/.agent/skills/tailwind-kit/AGENTS.md +1135 -0
- package/.agent/skills/tailwind-kit/SKILL.md +171 -0
- package/.agent/skills/tailwind-kit/rules/_sections.md +20 -0
- package/.agent/skills/tailwind-kit/rules/_template.md +32 -0
- package/.agent/skills/tailwind-kit/rules/components.md +232 -0
- package/.agent/skills/tailwind-kit/rules/engineering-spec.md +435 -0
- package/.agent/skills/tailwind-kit/rules/responsive.md +221 -0
- package/.agent/skills/tailwind-kit/rules/v4-config.md +72 -0
- package/.agent/skills/test-architect/AGENTS.md +851 -0
- package/.agent/skills/test-architect/SKILL.md +176 -0
- package/.agent/skills/test-architect/rules/_sections.md +15 -0
- package/.agent/skills/test-architect/rules/_template.md +32 -0
- package/.agent/skills/test-architect/rules/engineering-spec.md +434 -0
- package/.agent/skills/test-architect/scripts/test_runner.ts +265 -0
- package/.agent/skills/typescript-expert/AGENTS.md +1045 -0
- package/.agent/skills/typescript-expert/SKILL.md +200 -0
- package/.agent/skills/typescript-expert/rules/_sections.md +20 -0
- package/.agent/skills/typescript-expert/rules/_template.md +32 -0
- package/.agent/skills/typescript-expert/rules/engineering-spec.md +433 -0
- package/.agent/skills/typescript-expert/rules/tsconfig-strict.json +92 -0
- package/.agent/skills/typescript-expert/rules/typescript-cheatsheet.md +407 -0
- package/.agent/skills/typescript-expert/rules/utility-types.ts +264 -0
- package/.agent/skills/typescript-expert/scripts/ts_diagnostic.ts +321 -0
- package/.agent/skills/vercel-deploy/AGENTS.md +490 -0
- package/.agent/skills/vercel-deploy/SKILL.md +175 -0
- package/.agent/skills/vercel-deploy/rules/_sections.md +15 -0
- package/.agent/skills/vercel-deploy/rules/_template.md +32 -0
- package/.agent/skills/vercel-deploy/rules/engineering-spec.md +463 -0
- package/.agent/skills/vercel-deploy/scripts/deploy.sh +310 -0
- package/.agent/workflows/api.md +377 -0
- package/.agent/workflows/autopilot.md +344 -0
- package/.agent/workflows/build.md +338 -0
- package/.agent/workflows/chronicle.md +279 -0
- package/.agent/workflows/cook.md +217 -0
- package/.agent/workflows/diagnose.md +302 -0
- package/.agent/workflows/fix.md +253 -0
- package/.agent/workflows/game.md +329 -0
- package/.agent/workflows/inspect.md +276 -0
- package/.agent/workflows/knowledge.md +212 -0
- package/.agent/workflows/launch.md +345 -0
- package/.agent/workflows/mobile.md +354 -0
- package/.agent/workflows/monitor.md +239 -0
- package/.agent/workflows/optimize.md +269 -0
- package/.agent/workflows/plan.md +278 -0
- package/.agent/workflows/stage.md +286 -0
- package/.agent/workflows/studio.md +276 -0
- package/.agent/workflows/think.md +262 -0
- package/.agent/workflows/validate.md +289 -0
- package/.agentignore +161 -0
- package/.gitattributes +16 -0
- package/CHANGELOG.md +198 -0
- package/LICENSE +40 -0
- package/README.md +173 -0
- package/docs/SKILL_DESIGN_GUIDE.md +561 -0
- package/docs/The-Complete-Guide-to-Building-Skills-for-Claude.md +1207 -0
- package/docs/WORKFLOW_DESIGN_GUIDE.md +325 -0
- package/package.json +33 -0
- package/tsconfig.json +28 -0
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: jwt-deep
|
|
3
|
+
description: JWT signing, rotation, claims, refresh token patterns, JWKS endpoint
|
|
4
|
+
title: "JWT Deep Dive"
|
|
5
|
+
impact: MEDIUM
|
|
6
|
+
impactDescription: "Moderate improvement to quality or maintainability"
|
|
7
|
+
tags: jwt, deep
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# JWT Deep Dive
|
|
11
|
+
|
|
12
|
+
> Token design, signing, rotation, and refresh patterns.
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## JWT Structure
|
|
17
|
+
|
|
18
|
+
```
|
|
19
|
+
Header.Payload.Signature
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
| Part | Contains | Example |
|
|
23
|
+
|------|----------|---------|
|
|
24
|
+
| Header | Algorithm, type | `{"alg": "RS256", "typ": "JWT"}` |
|
|
25
|
+
| Payload | Claims (data) | `{"sub": "user123", "exp": 1700000000}` |
|
|
26
|
+
| Signature | Verification | HMAC or RSA signature |
|
|
27
|
+
|
|
28
|
+
---
|
|
29
|
+
|
|
30
|
+
## Signing Algorithms
|
|
31
|
+
|
|
32
|
+
| Algorithm | Type | Best For |
|
|
33
|
+
|-----------|------|----------|
|
|
34
|
+
| `RS256` | Asymmetric (RSA) | Microservices (verify without secret) |
|
|
35
|
+
| `ES256` | Asymmetric (ECDSA) | Mobile, performance-sensitive |
|
|
36
|
+
| `HS256` | Symmetric (HMAC) | Monolith (single service) |
|
|
37
|
+
| `EdDSA` | Asymmetric (Ed25519) | Modern, fastest asymmetric |
|
|
38
|
+
|
|
39
|
+
> **Rule:** Use asymmetric for distributed systems. Symmetric only for single-service.
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Claims Best Practices
|
|
44
|
+
|
|
45
|
+
### Standard Claims (use these)
|
|
46
|
+
|
|
47
|
+
| Claim | Purpose | Required? |
|
|
48
|
+
|-------|---------|-----------|
|
|
49
|
+
| `sub` | Subject (user ID) | ✅ |
|
|
50
|
+
| `iss` | Issuer | ✅ |
|
|
51
|
+
| `aud` | Audience | ✅ |
|
|
52
|
+
| `exp` | Expiry (Unix timestamp) | ✅ |
|
|
53
|
+
| `iat` | Issued at | ✅ |
|
|
54
|
+
| `jti` | JWT ID (unique) | For revocation |
|
|
55
|
+
|
|
56
|
+
### Custom Claims
|
|
57
|
+
|
|
58
|
+
```typescript
|
|
59
|
+
// ✅ Minimal claims
|
|
60
|
+
{
|
|
61
|
+
sub: "user_abc123",
|
|
62
|
+
role: "admin", // For quick authz checks
|
|
63
|
+
org: "org_xyz", // Multi-tenant
|
|
64
|
+
scope: "read write", // API permissions
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
// ❌ Too much data
|
|
68
|
+
{
|
|
69
|
+
sub: "user_abc123",
|
|
70
|
+
email: "user@example.com", // PII in token
|
|
71
|
+
address: "...", // Never store PII
|
|
72
|
+
fullProfile: {...}, // Token too large
|
|
73
|
+
}
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Access + Refresh Token Pattern
|
|
79
|
+
|
|
80
|
+
```
|
|
81
|
+
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
|
|
82
|
+
│ Client │ │ Auth Server │ │ Resource │
|
|
83
|
+
└──────┬───────┘ └──────┬───────┘ └──────┬───────┘
|
|
84
|
+
│ Login │ │
|
|
85
|
+
│───────────────────>│ │
|
|
86
|
+
│ Access (15min) │ │
|
|
87
|
+
│ + Refresh (7d) │ │
|
|
88
|
+
│<───────────────────│ │
|
|
89
|
+
│ │ │
|
|
90
|
+
│ API call + Access Token │
|
|
91
|
+
│────────────────────────────────────────>│
|
|
92
|
+
│ Response │
|
|
93
|
+
│<────────────────────────────────────────│
|
|
94
|
+
│ │ │
|
|
95
|
+
│ (Access expired) │ │
|
|
96
|
+
│ Refresh request │ │
|
|
97
|
+
│───────────────────>│ │
|
|
98
|
+
│ New Access │ │
|
|
99
|
+
│ + New Refresh │ (rotation!) │
|
|
100
|
+
│<───────────────────│ │
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
### Implementation
|
|
104
|
+
|
|
105
|
+
```typescript
|
|
106
|
+
// Token generation
|
|
107
|
+
function generateTokenPair(userId: string) {
|
|
108
|
+
const accessToken = jwt.sign(
|
|
109
|
+
{ sub: userId, type: 'access' },
|
|
110
|
+
ACCESS_SECRET,
|
|
111
|
+
{ expiresIn: '15m', algorithm: 'RS256' }
|
|
112
|
+
);
|
|
113
|
+
|
|
114
|
+
const refreshToken = jwt.sign(
|
|
115
|
+
{ sub: userId, type: 'refresh', jti: crypto.randomUUID() },
|
|
116
|
+
REFRESH_SECRET,
|
|
117
|
+
{ expiresIn: '7d', algorithm: 'RS256' }
|
|
118
|
+
);
|
|
119
|
+
|
|
120
|
+
return { accessToken, refreshToken };
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
// Refresh endpoint
|
|
124
|
+
async function refreshTokens(oldRefreshToken: string) {
|
|
125
|
+
const payload = jwt.verify(oldRefreshToken, REFRESH_PUBLIC_KEY);
|
|
126
|
+
|
|
127
|
+
// Check if token was already used (rotation detection)
|
|
128
|
+
const isUsed = await redis.get(`used_refresh:${payload.jti}`);
|
|
129
|
+
if (isUsed) {
|
|
130
|
+
// Token reuse detected → compromise! Revoke all user sessions
|
|
131
|
+
await revokeAllSessions(payload.sub);
|
|
132
|
+
throw new SecurityError('Refresh token reuse detected');
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
// Mark old token as used
|
|
136
|
+
await redis.setex(`used_refresh:${payload.jti}`, 7 * 86400, '1');
|
|
137
|
+
|
|
138
|
+
return generateTokenPair(payload.sub);
|
|
139
|
+
}
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
---
|
|
143
|
+
|
|
144
|
+
## Key Rotation
|
|
145
|
+
|
|
146
|
+
### Why Rotate
|
|
147
|
+
|
|
148
|
+
- Limit blast radius of key compromise
|
|
149
|
+
- Compliance requirements (SOC 2, PCI)
|
|
150
|
+
|
|
151
|
+
### JWKS Endpoint Pattern
|
|
152
|
+
|
|
153
|
+
```typescript
|
|
154
|
+
// /.well-known/jwks.json
|
|
155
|
+
{
|
|
156
|
+
"keys": [
|
|
157
|
+
{ "kid": "key-2025-01", "kty": "RSA", "use": "sig", ... }, // Current
|
|
158
|
+
{ "kid": "key-2024-07", "kty": "RSA", "use": "sig", ... } // Previous (grace period)
|
|
159
|
+
]
|
|
160
|
+
}
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
### Rotation Schedule
|
|
164
|
+
|
|
165
|
+
| Environment | Frequency | Grace Period |
|
|
166
|
+
|-------------|-----------|--------------|
|
|
167
|
+
| Production | Every 90 days | 30 days overlap |
|
|
168
|
+
| High security | Every 30 days | 14 days overlap |
|
|
169
|
+
|
|
170
|
+
---
|
|
171
|
+
|
|
172
|
+
## Anti-Patterns
|
|
173
|
+
|
|
174
|
+
| ❌ Don't | ✅ Do |
|
|
175
|
+
|---------|------|
|
|
176
|
+
| Store JWT in localStorage | httpOnly secure cookie |
|
|
177
|
+
| Long-lived access tokens | 15 min max + refresh |
|
|
178
|
+
| Put PII in claims | Minimal claims, lookup from DB |
|
|
179
|
+
| Same key for all environments | Per-env signing keys |
|
|
180
|
+
| Skip `exp` validation | Always check expiry |
|
|
181
|
+
| Trust JWT without signature check | Always verify signature |
|
|
182
|
+
|
|
183
|
+
---
|
|
184
|
+
|
|
185
|
+
## 🔗 Related
|
|
186
|
+
|
|
187
|
+
| File | When to Read |
|
|
188
|
+
|------|-------------|
|
|
189
|
+
| [oauth2.md](oauth2.md) | OAuth2 flows that issue JWTs |
|
|
190
|
+
| [session.md](session.md) | Stateful alternative to JWT |
|
|
191
|
+
| [rbac-abac.md](rbac-abac.md) | Permission claims in JWT |
|
|
192
|
+
| [SKILL.md](../SKILL.md) | Auth strategy decision tree |
|
|
193
|
+
|
|
194
|
+
---
|
|
195
|
+
|
|
196
|
+
⚡ PikaKit v3.9.134
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: mfa
|
|
3
|
+
description: Multi-factor authentication — TOTP setup, backup codes, WebAuthn for MFA, recovery flows
|
|
4
|
+
title: "Multi-Factor Authentication (MFA)"
|
|
5
|
+
impact: MEDIUM
|
|
6
|
+
impactDescription: "Moderate improvement to quality or maintainability"
|
|
7
|
+
tags: mfa
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Multi-Factor Authentication (MFA)
|
|
11
|
+
|
|
12
|
+
> TOTP, WebAuthn, backup codes, and recovery flows.
|
|
13
|
+
> **See also:** `security-scanner/auth-patterns.md` for TOTP code pattern and account lockout.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## MFA Strategy Selection
|
|
18
|
+
|
|
19
|
+
| Method | Security | UX | Best For |
|
|
20
|
+
|--------|----------|-----|---------|
|
|
21
|
+
| TOTP (authenticator app) | ★★★★ | ★★★ | General purpose |
|
|
22
|
+
| WebAuthn / Passkey | ★★★★★ | ★★★★ | Modern apps |
|
|
23
|
+
| SMS OTP | ★★ | ★★★★ | Legacy, low-risk |
|
|
24
|
+
| Email OTP | ★★ | ★★★ | Fallback only |
|
|
25
|
+
| Hardware key (YubiKey) | ★★★★★ | ★★ | High security |
|
|
26
|
+
|
|
27
|
+
> ⚠️ **SMS OTP is vulnerable to SIM swapping.** Avoid for high-value targets.
|
|
28
|
+
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## TOTP Implementation
|
|
32
|
+
|
|
33
|
+
> **Reference:** See `security-scanner/auth-patterns.md` for base TOTP code pattern.
|
|
34
|
+
|
|
35
|
+
### Enhanced Setup Flow
|
|
36
|
+
|
|
37
|
+
```typescript
|
|
38
|
+
import { authenticator } from 'otplib';
|
|
39
|
+
import qrcode from 'qrcode';
|
|
40
|
+
|
|
41
|
+
async function enableMFA(userId: string) {
|
|
42
|
+
// 1. Generate secret
|
|
43
|
+
const secret = authenticator.generateSecret();
|
|
44
|
+
|
|
45
|
+
// 2. Create otpauth URI
|
|
46
|
+
const otpauthUrl = authenticator.keyuri(
|
|
47
|
+
user.email,
|
|
48
|
+
'YourApp',
|
|
49
|
+
secret
|
|
50
|
+
);
|
|
51
|
+
|
|
52
|
+
// 3. Generate QR code
|
|
53
|
+
const qrDataUrl = await qrcode.toDataURL(otpauthUrl);
|
|
54
|
+
|
|
55
|
+
// 4. Store secret (encrypted) — NOT active yet
|
|
56
|
+
await db.user.update({
|
|
57
|
+
where: { id: userId },
|
|
58
|
+
data: { mfaSecret: encrypt(secret), mfaPending: true },
|
|
59
|
+
});
|
|
60
|
+
|
|
61
|
+
// 5. Generate backup codes
|
|
62
|
+
const backupCodes = generateBackupCodes(10);
|
|
63
|
+
await storeBackupCodes(userId, backupCodes);
|
|
64
|
+
|
|
65
|
+
return { qrDataUrl, backupCodes };
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
// 6. Verify first code to activate
|
|
69
|
+
async function confirmMFA(userId: string, code: string) {
|
|
70
|
+
const secret = decrypt(user.mfaSecret);
|
|
71
|
+
const isValid = authenticator.verify({ token: code, secret });
|
|
72
|
+
|
|
73
|
+
if (!isValid) throw new InvalidCodeError();
|
|
74
|
+
|
|
75
|
+
await db.user.update({
|
|
76
|
+
where: { id: userId },
|
|
77
|
+
data: { mfaEnabled: true, mfaPending: false },
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
### Backup Codes
|
|
83
|
+
|
|
84
|
+
```typescript
|
|
85
|
+
function generateBackupCodes(count: number = 10): string[] {
|
|
86
|
+
return Array.from({ length: count }, () =>
|
|
87
|
+
crypto.randomBytes(4).toString('hex') // 8-char codes
|
|
88
|
+
);
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
async function storeBackupCodes(userId: string, codes: string[]) {
|
|
92
|
+
// Hash each code before storing
|
|
93
|
+
const hashed = codes.map(code => ({
|
|
94
|
+
userId,
|
|
95
|
+
codeHash: crypto.createHash('sha256').update(code).digest('hex'),
|
|
96
|
+
used: false,
|
|
97
|
+
}));
|
|
98
|
+
await db.backupCode.createMany({ data: hashed });
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
async function useBackupCode(userId: string, code: string): Promise<boolean> {
|
|
102
|
+
const hash = crypto.createHash('sha256').update(code).digest('hex');
|
|
103
|
+
const result = await db.backupCode.updateMany({
|
|
104
|
+
where: { userId, codeHash: hash, used: false },
|
|
105
|
+
data: { used: true, usedAt: new Date() },
|
|
106
|
+
});
|
|
107
|
+
return result.count > 0;
|
|
108
|
+
}
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
---
|
|
112
|
+
|
|
113
|
+
## WebAuthn / Passkey for MFA
|
|
114
|
+
|
|
115
|
+
```typescript
|
|
116
|
+
import { generateAuthenticationOptions, verifyAuthenticationResponse }
|
|
117
|
+
from '@simplewebauthn/server';
|
|
118
|
+
|
|
119
|
+
// Challenge generation (server)
|
|
120
|
+
const options = await generateAuthenticationOptions({
|
|
121
|
+
rpID: 'example.com',
|
|
122
|
+
allowCredentials: user.credentials.map(c => ({
|
|
123
|
+
id: c.credentialId,
|
|
124
|
+
type: 'public-key',
|
|
125
|
+
})),
|
|
126
|
+
userVerification: 'required',
|
|
127
|
+
});
|
|
128
|
+
|
|
129
|
+
// Verify response (server)
|
|
130
|
+
const verification = await verifyAuthenticationResponse({
|
|
131
|
+
response: clientResponse,
|
|
132
|
+
expectedChallenge: storedChallenge,
|
|
133
|
+
expectedOrigin: 'https://example.com',
|
|
134
|
+
expectedRPID: 'example.com',
|
|
135
|
+
authenticator: storedCredential,
|
|
136
|
+
});
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
---
|
|
140
|
+
|
|
141
|
+
## Recovery Flow
|
|
142
|
+
|
|
143
|
+
```
|
|
144
|
+
User cannot access MFA device?
|
|
145
|
+
├── Has backup codes → Enter backup code
|
|
146
|
+
├── Has recovery email → Email verification + admin review
|
|
147
|
+
├── Has trusted device → Device-based recovery
|
|
148
|
+
└── None of above → Manual identity verification (support)
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
### Recovery Best Practices
|
|
152
|
+
|
|
153
|
+
| Practice | Why |
|
|
154
|
+
|----------|-----|
|
|
155
|
+
| Show backup codes ONCE at setup | Prevent later access |
|
|
156
|
+
| Allow re-generating backup codes | When old ones run out |
|
|
157
|
+
| Log all recovery events | Audit trail |
|
|
158
|
+
| Rate limit recovery attempts | Prevent brute force |
|
|
159
|
+
| Notify on MFA changes | Alert user to compromise |
|
|
160
|
+
|
|
161
|
+
---
|
|
162
|
+
|
|
163
|
+
## 🔗 Related
|
|
164
|
+
|
|
165
|
+
| File | When to Read |
|
|
166
|
+
|------|-------------|
|
|
167
|
+
| [passkey.md](passkey.md) | Passkeys as MFA or passwordless |
|
|
168
|
+
| [jwt-deep.md](jwt-deep.md) | Token lifecycle after MFA |
|
|
169
|
+
| [session.md](session.md) | Session management with MFA |
|
|
170
|
+
| [SKILL.md](../SKILL.md) | Auth strategy decision tree |
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
⚡ PikaKit v3.9.134
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: oauth2
|
|
3
|
+
description: OAuth 2.0 + OpenID Connect flows, PKCE, scopes, provider integration
|
|
4
|
+
title: "OAuth 2.0 & OpenID Connect"
|
|
5
|
+
impact: MEDIUM
|
|
6
|
+
impactDescription: "Moderate improvement to quality or maintainability"
|
|
7
|
+
tags: oauth2
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# OAuth 2.0 & OpenID Connect
|
|
11
|
+
|
|
12
|
+
> Third-party login, SSO, and delegated authorization.
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## OAuth 2.0 Flows
|
|
17
|
+
|
|
18
|
+
### Authorization Code + PKCE (Recommended for SPA/Mobile)
|
|
19
|
+
|
|
20
|
+
```
|
|
21
|
+
1. Client generates code_verifier (random 43-128 chars)
|
|
22
|
+
2. Client creates code_challenge = SHA256(code_verifier)
|
|
23
|
+
3. Redirect to auth server with code_challenge
|
|
24
|
+
4. User authenticates → redirect back with auth code
|
|
25
|
+
5. Client exchanges code + code_verifier for tokens
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
```typescript
|
|
29
|
+
import crypto from 'crypto';
|
|
30
|
+
|
|
31
|
+
// Generate PKCE pair
|
|
32
|
+
const codeVerifier = crypto.randomBytes(32).toString('base64url');
|
|
33
|
+
const codeChallenge = crypto
|
|
34
|
+
.createHash('sha256')
|
|
35
|
+
.update(codeVerifier)
|
|
36
|
+
.digest('base64url');
|
|
37
|
+
|
|
38
|
+
// Authorization URL
|
|
39
|
+
const authUrl = new URL('https://auth.example.com/authorize');
|
|
40
|
+
authUrl.searchParams.set('response_type', 'code');
|
|
41
|
+
authUrl.searchParams.set('client_id', CLIENT_ID);
|
|
42
|
+
authUrl.searchParams.set('redirect_uri', REDIRECT_URI);
|
|
43
|
+
authUrl.searchParams.set('scope', 'openid profile email');
|
|
44
|
+
authUrl.searchParams.set('code_challenge', codeChallenge);
|
|
45
|
+
authUrl.searchParams.set('code_challenge_method', 'S256');
|
|
46
|
+
authUrl.searchParams.set('state', crypto.randomBytes(16).toString('hex'));
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### Flow Selection Guide
|
|
50
|
+
|
|
51
|
+
| Flow | Best For | PKCE? |
|
|
52
|
+
|------|----------|-------|
|
|
53
|
+
| Authorization Code + PKCE | SPA, Mobile, Server | ✅ Always |
|
|
54
|
+
| Client Credentials | Machine-to-machine | N/A |
|
|
55
|
+
| Device Code | TV, CLI, IoT | N/A |
|
|
56
|
+
| ~~Implicit~~ | **DEPRECATED** — never use | ❌ |
|
|
57
|
+
| ~~Password~~ | **DEPRECATED** — never use | ❌ |
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## OpenID Connect (OIDC)
|
|
62
|
+
|
|
63
|
+
OIDC = OAuth 2.0 + Identity Layer
|
|
64
|
+
|
|
65
|
+
### ID Token Claims
|
|
66
|
+
|
|
67
|
+
| Claim | Purpose |
|
|
68
|
+
|-------|---------|
|
|
69
|
+
| `sub` | Unique user identifier |
|
|
70
|
+
| `iss` | Token issuer |
|
|
71
|
+
| `aud` | Intended audience (your client_id) |
|
|
72
|
+
| `exp` | Expiration time |
|
|
73
|
+
| `iat` | Issued at |
|
|
74
|
+
| `nonce` | Replay attack prevention |
|
|
75
|
+
| `email` | User email (with scope) |
|
|
76
|
+
| `name` | User display name (with scope) |
|
|
77
|
+
|
|
78
|
+
### Scopes
|
|
79
|
+
|
|
80
|
+
| Scope | Data Returned |
|
|
81
|
+
|-------|---------------|
|
|
82
|
+
| `openid` | Required — returns `sub` |
|
|
83
|
+
| `profile` | name, picture, locale |
|
|
84
|
+
| `email` | email, email_verified |
|
|
85
|
+
| `offline_access` | Refresh token |
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## Provider Integration
|
|
90
|
+
|
|
91
|
+
### Popular Providers
|
|
92
|
+
|
|
93
|
+
| Provider | Docs | Notes |
|
|
94
|
+
|----------|------|-------|
|
|
95
|
+
| Google | `accounts.google.com` | OIDC compliant |
|
|
96
|
+
| GitHub | `github.com/login/oauth` | OAuth 2.0 only (no OIDC) |
|
|
97
|
+
| Microsoft | `login.microsoftonline.com` | OIDC + Azure AD |
|
|
98
|
+
| Apple | `appleid.apple.com` | Required for iOS apps |
|
|
99
|
+
|
|
100
|
+
### Auth Libraries (Node.js)
|
|
101
|
+
|
|
102
|
+
| Library | Use Case |
|
|
103
|
+
|---------|----------|
|
|
104
|
+
| `next-auth` / `Auth.js` | Next.js integration |
|
|
105
|
+
| `passport` | Express middleware |
|
|
106
|
+
| `arctic` | Lightweight OAuth 2.0 |
|
|
107
|
+
| `lucia` | Session + OAuth (modern) |
|
|
108
|
+
| `better-auth` | Full-featured (2025+) |
|
|
109
|
+
|
|
110
|
+
---
|
|
111
|
+
|
|
112
|
+
## Security Checklist
|
|
113
|
+
|
|
114
|
+
- [ ] Always use PKCE for public clients
|
|
115
|
+
- [ ] Validate `state` parameter to prevent CSRF
|
|
116
|
+
- [ ] Verify ID token signature and claims (`iss`, `aud`, `exp`)
|
|
117
|
+
- [ ] Use `nonce` to prevent replay attacks
|
|
118
|
+
- [ ] Store tokens in httpOnly cookies, not localStorage
|
|
119
|
+
- [ ] Implement token refresh before expiry
|
|
120
|
+
|
|
121
|
+
---
|
|
122
|
+
|
|
123
|
+
## 🔗 Related
|
|
124
|
+
|
|
125
|
+
| File | When to Read |
|
|
126
|
+
|------|-------------|
|
|
127
|
+
| [jwt-deep.md](jwt-deep.md) | Token lifecycle after OAuth login |
|
|
128
|
+
| [session.md](session.md) | Session-based alternative |
|
|
129
|
+
| [passkey.md](passkey.md) | Passwordless alternative |
|
|
130
|
+
| [SKILL.md](../SKILL.md) | Auth strategy decision tree |
|
|
131
|
+
|
|
132
|
+
---
|
|
133
|
+
|
|
134
|
+
⚡ PikaKit v3.9.134
|