agentbrew 0.1.0 → 0.2.0

package/dist/catalog.yaml

@@ -0,0 +1,561 @@
+# Catalog: best-in-class agent skills, MCP servers, rules, and sources
+# Based on research in docs/catalog-research.md (March 2026)
+# recommended: true = Tier 1 (every developer benefits)
+# recommended: false = Tier 2/3 (strong or specialized)
+
+skills:
+  # ── Tier 1: Always Recommend ──────────────────────────────────
+
+  - name: find-skills
+    description: "#1 on skills.sh — discover and install skills from the community"
+    source: vercel-labs/skills
+    category: meta
+    recommended: true
+
+  - name: debug
+    description: "Structured debugging — reproduce → isolate → hypothesize → fix → verify. Includes test failure grouping strategy."
+    source: built-in
+    category: development
+    recommended: true
+
+  - name: plan
+    description: "Feature decomposition into specs, tasks, and incremental chunks. JIRA integration, chunk templates, TASKS.md guidance."
+    source: built-in
+    category: planning
+    recommended: true
+
+  - name: commit
+    description: "Conventional commits with full pre-commit pipeline (tests, tsc, prettier, eslint). Multi-agent safety, 72-char headers."
+    source: built-in
+    category: git
+    recommended: true
+
+  - name: review
+    description: "Code review checklist — correctness, domain logic, quality, testing, performance, security. Structured feedback with concrete fixes."
+    source: built-in
+    category: git
+    recommended: true
+
+  - name: taste
+    description: "Premium UI design — 10 sections, 244 rules. Overrides LLM visual biases, enforces metric-based design, bans 100 AI tells."
+    source: built-in
+    category: design
+    recommended: true
+
+  - name: react-best-practices
+    description: "40+ rules across 8 categories from Vercel Engineering, impact-prioritized"
+    source: vercel-labs/agent-skills
+    category: development
+    recommended: true
+
+  - name: web-design-guidelines
+    description: "100+ UI/UX rules — accessibility, responsive design, performance, visual consistency"
+    source: vercel-labs/agent-skills
+    category: design
+    recommended: true
+
+  - name: frontend-design
+    description: "Anthropic's official design guidance — Chrome DevRel-quality"
+    source: anthropics/skills
+    category: design
+    recommended: true
+
+  - name: mcp-builder
+    description: "Guide for building MCP servers in Python and TypeScript"
+    source: anthropics/skills
+    category: development
+    recommended: true
+
+  - name: skill-creator
+    description: "Creates new agent skills following the agentskills.io specification"
+    source: built-in
+    category: meta
+    recommended: true
+
+  - name: next-task
+    description: "Pick and work on the next task from TASKS.md — autonomous coding loop with claim/complete lifecycle."
+    source: tasksmd/tasks.md
+    category: task-management
+    recommended: true
+
+  - name: agent-browser
+    description: "Browser automation CLI — navigate, snapshot, interact, screenshot, diff, auth. Replaces Playwright MCP."
+    source: vercel-labs/agent-browser
+    category: browser
+    recommended: true
+
+  - name: project-audit
+    description: "Deep audit across four lenses: no-brainer fixes, stability gaps, dependency modernization, documentation drift."
+    source: built-in
+    category: quality
+    recommended: true
+
+  - name: refactor
+    description: "Safe refactoring workflow: tests first, small incremental steps, verify after each change. Restructures without behavior change."
+    source: built-in
+    category: development
+    recommended: true
+
+  # ── Tier 2: Strong Recommendation ─────────────────────────────
+
+  - name: pr
+    description: "Creates draft PRs with conventional commit titles, JIRA links. Includes 'pr iterate' — rebase, lint, test, push workflow."
+    source: built-in
+    category: git
+    recommended: false
+
+  - name: pr-fix
+    description: "Reviews and fixes a PR branch in multiple passes: critique, cross-file consistency, verify, lint, push."
+    source: built-in
+    category: git
+    recommended: false
+
+  - name: pr-comments
+    description: "Resolves PR review comments — fetches, parses, groups by file, fixes, and verifies."
+    source: built-in
+    category: git
+    recommended: false
+
+  - name: composition-patterns
+    description: "React compound components, state lifting, dependency injection patterns"
+    source: built-in
+    category: development
+    recommended: false
+
+  - name: fix-styles
+    description: "Fixes visual styles by iterating with Storybook screenshots and Playwright snapshots. CSS, styled-components, layout."
+    source: built-in
+    category: design
+    recommended: false
+
+  - name: screenshot
+    description: "Takes screenshots via Playwright MCP or storybook-screenshot CLI. Auto-detects Storybook, dev servers, route definitions."
+    source: built-in
+    category: browser
+    recommended: false
+
+  - name: actionbook
+    description: "Pre-verified browser action manuals with DOM selectors — 10x faster site automation. Complements agent-browser with per-site knowledge."
+    source: actionbook/actionbook
+    category: browser
+    recommended: false
+
+  - name: doc-check
+    description: "Reviews documents (RFCs, READMEs, design docs) for structure, terminology, code-prose alignment, and contradictions."
+    source: built-in
+    category: writing
+    recommended: false
+
+  - name: rfc
+    description: "Writes RFC documents following 9-section structure with POC branch workflow. Google Docs compatible."
+    source: built-in
+    category: writing
+    recommended: false
+
+  - name: rfc-iterate
+    description: "Iterates on existing RFC + POC branch: syncs doc with code, critically reviews, tightens writing, verifies builds."
+    source: built-in
+    category: writing
+    recommended: false
+
+  - name: rfc-review
+    description: "Processes RFC feedback from Google Docs comments — summarizes by theme, proposes edits, applies after confirmation."
+    source: built-in
+    category: writing
+    recommended: false
+
+  - name: jira
+    description: "Creates Jira issues from PRDs/requirements. Story/Task types, priority mapping, epic linking, batch creation."
+    source: built-in
+    category: planning
+    recommended: false
+
+  - name: jira-task
+    description: "End-to-end Jira ticket lifecycle: research → branch → plan → implement (TDD) → validate → commit → PR."
+    source: built-in
+    category: planning
+    recommended: false
+
+  - name: github-actions-debugging
+    description: "Debugs failing GitHub Actions — identifies failure patterns, reproduces locally, applies minimal fixes."
+    source: built-in
+    category: development
+    recommended: false
+
+  - name: cursor-bg
+    description: "Delegates long-running tasks to Cursor background agent (tmux + cursor agent). Runs autonomously."
+    source: built-in
+    category: meta
+    recommended: false
+
+  - name: research-url
+    description: "Deep-researches a product URL and updates competitive docs, memory, task queue, and agent config."
+    source: built-in
+    category: meta
+    recommended: false
+
+  - name: markdown-for-gdoc
+    description: "Rules for writing markdown that renders correctly in Google Docs. Tables, code blocks, headings, diagrams."
+    source: built-in
+    category: writing
+    recommended: false
+
+  - name: webapp-testing
+    description: "Playwright-based testing toolkit from Anthropic"
+    source: anthropics/skills
+    category: testing
+    recommended: false
+
+  - name: shadcn
+    description: "Official shadcn/ui skill for component usage and patterns"
+    source: shadcn/ui
+    category: design
+    recommended: false
+
+  - name: next-best-practices
+    description: "Next.js best practices from Vercel"
+    source: vercel-labs/next-skills
+    category: development
+    recommended: false
+
+  # ── Tier 3: Specialized ────────────────────────────────────────
+
+  - name: postgres-best-practices
+    description: "8 categories of Postgres optimization from Supabase"
+    source: supabase/agent-skills
+    category: database
+    recommended: false
+
+  - name: playwright-best-practices
+    description: "Advanced Playwright patterns for heavy test suites"
+    source: currents-dev/playwright-best-practices-skill
+    category: testing
+    recommended: false
+
+  - name: react-native-guidelines
+    description: "16 rules across 7 sections for React Native projects"
+    source: vercel-labs/agent-skills
+    category: mobile
+    recommended: false
+
+  - name: sync-agent-config
+    description: "Syncs all agent rules, memories, skills, and config across tools (Windsurf, Cursor, Claude Code)."
+    source: built-in
+    category: meta
+    recommended: false
+
+  - name: dotfiles-development
+    description: "How to work with the chezmoi-powered dotfiles repo — conventions, file modes, testing, committing."
+    source: expertnetwrk-portal/dotfiles
+    category: dotfiles
+    recommended: false
+
+  - name: dotfiles-new-module
+    description: "Create a new doctor module — check types, checks.yaml format, severity assignment, testing."
+    source: expertnetwrk-portal/dotfiles
+    category: dotfiles
+    recommended: false
+
+  - name: dotfiles-doctor-debug
+    description: "Debug and fix dotfiles-doctor check failures — common patterns, overrides, fix flow."
+    source: expertnetwrk-portal/dotfiles
+    category: dotfiles
+    recommended: false
+
+  - name: remotion-best-practices
+    description: "#5 on skills.sh (147K installs). Programmatic video creation with Remotion."
+    source: remotion-dev/skills
+    category: creative
+    recommended: false
+
+  - name: subagent-driven-development
+    description: "Dispatch parallel sub-agents for independent tasks. Multi-agent orchestration pattern."
+    source: obra/superpowers
+    category: workflow
+    recommended: false
+
+  - name: executing-plans
+    description: "Execute plan files step by step with verification between stages."
+    source: obra/superpowers
+    category: workflow
+    recommended: false
+
+  - name: search
+    description: "Web search via Tavily API — real-time lookups, content extraction, site mapping."
+    source: tavily-ai/skills
+    category: utility
+    recommended: false
+
+  - name: static-analysis
+    description: "Trail of Bits — Semgrep + CodeQL security scanning with parallel rulesets, SARIF output, cross-file taint tracking."
+    source: trailofbits/skills
+    category: security
+    recommended: false
+
+  - name: supply-chain-risk-auditor
+    description: "Trail of Bits — dependency and supply chain security auditing for open-source risk assessment."
+    source: trailofbits/skills
+    category: security
+    recommended: false
+
+  - name: property-based-testing
+    description: "Trail of Bits — fuzzing and property-based testing for finding edge cases and invariant violations."
+    source: trailofbits/skills
+    category: security
+    recommended: false
+
+  - name: security-best-practices
+    description: "Security auditing patterns — dependency scanning, auth review, OWASP checks."
+    source: community
+    category: security
+    recommended: false
+
+  - name: better-auth-best-practices
+    description: "Authentication patterns with better-auth — sessions, OAuth, MFA, rate limiting."
+    source: community
+    category: security
+    recommended: false
+
+  # ── Orchestration (Bosun) ────────────────────────────────────────
+
+  - name: bosun
+    description: "Delegate tasks to Bosun orchestrator for autonomous multi-persona execution (research → plan → implement → test → review → PR)."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: pipeline-ops
+    description: "Inspect, triage, and manage Bosun pipelines — check health, retry failures, merge ready PRs, clean up stale artifacts."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: rescue-pipeline
+    description: "Rescue failed Bosun pipelines by salvaging code from worktrees, rebasing, fixing conflicts/tests, and creating PRs."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: inspect-and-heal-pipelines
+    description: "Diagnose pipeline failures, stale state, and drift — then implement permanent self-healing fixes in the orchestrator code."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-researcher
+    description: "Orchestrator persona: distinguished research lead who gathers all context before anyone plans. Explores codebase and asks targeted questions."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-alternatives-analyst
+    description: "Orchestrator persona: reuse-first alternatives analysis. Compares extending existing code, third-party libraries, and building from scratch."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-manager
+    description: "Orchestrator persona: decomposes research brief into a plan with acceptance criteria. Decides which personas are needed."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-developer
+    description: "Orchestrator persona: implements code changes based on the plan. Writes clean, tested, production-ready code."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-qa-engineer
+    description: "Orchestrator persona: tests implementation thoroughly — unit tests, integration tests, browser verification, and UX evaluation."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-reviewer
+    description: "Orchestrator persona: reviews the complete diff for code quality, patterns, maintainability, and security. Writes the PR description."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-user
+    description: "Orchestrator persona: critical end-user who tests from a specific user type's perspective. Very opinionated and hard to please."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-pipeline-runner
+    description: "Run an AI engineering team pipeline interactively inside your current session with multiple specialized perspectives."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-agent-improver
+    description: "Reads self-improvement notes from completed pipelines and applies targeted edits to persona SKILL.md files."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-growth-hacker
+    description: "Orchestrator persona (optional): adoption strategy — distribution channels, README conversion, growth loops, 30-day launch plan."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-indie-hacker
+    description: "Orchestrator persona (optional): thinks like a solo founder. Researches competing products and shapes task for end-user value."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+  - name: orchestrator-strategist
+    description: "Orchestrator persona: decomposes project goals into milestone-based roadmaps, evaluates progress, and replans when metrics drift."
+    source: bosun-orchestrator/bosun
+    category: orchestration
+    recommended: false
+
+mcp_servers:
+  # ── Recommended ─────────────────────────────────────────────────
+
+  - name: context7
+    description: Live documentation lookup — always up-to-date library docs
+    command: npx
+    args: ["-y", "@context7/mcp@latest"]
+    category: docs
+    recommended: true
+
+  - name: playwright
+    description: "Browser automation — navigate, click, fill forms, screenshot, test. 11.6k★."
+    command: npx
+    args: ["-y", "@playwright/mcp@latest"]
+    category: browser
+    recommended: true
+
+  # ── Development ────────────────────────────────────────────────
+
+  - name: github
+    description: "GitHub API — PRs, issues, repos, commits, branches. 15.2k★."
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "${GITHUB_TOKEN}"
+    category: development
+    recommended: false
+
+  - name: filesystem
+    description: Sandboxed file read/write with security controls
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "${HOME}"]
+    category: development
+    recommended: false
+
+  - name: sentry
+    description: "Error tracking and performance monitoring — issues, events, releases. 173★."
+    command: npx
+    args: ["-y", "@sentry/mcp-server"]
+    env:
+      SENTRY_AUTH_TOKEN: "${SENTRY_AUTH_TOKEN}"
+    category: observability
+    recommended: false
+
+  # ── Data & Database ────────────────────────────────────────────
+
+  - name: postgres
+    description: Direct Postgres database access — natural-language SQL queries, schema exploration
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-postgres"]
+    category: database
+    recommended: false
+
+  # ── Search & Research ──────────────────────────────────────────
+
+  - name: brave-search
+    description: "Privacy-first web search — current results without tracking"
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-brave-search"]
+    env:
+      BRAVE_API_KEY: "${BRAVE_API_KEY}"
+    category: search
+    recommended: false
+
+  # ── Productivity ───────────────────────────────────────────────
+
+  - name: notion
+    description: "Read/write Notion pages, databases, and docs. Official server."
+    command: npx
+    args: ["-y", "@notionhq/notion-mcp-server"]
+    env:
+      OPENAPI_MCP_HEADERS: '{"Authorization": "Bearer ${NOTION_API_KEY}", "Notion-Version": "2022-06-28"}'
+    category: productivity
+    recommended: false
+
+  # ── Task Management ───────────────────────────────────────────
+
+  - name: tasks-mcp
+    description: "Read/write TASKS.md files — list, pick, claim, complete, add tasks. Spec-compliant task queue for agents."
+    command: npx
+    args: ["-y", "tasks-mcp"]
+    category: task-management
+    recommended: true
+
+  # ── Reasoning ──────────────────────────────────────────────────
+
+  - name: sequential-thinking
+    description: Step-by-step reasoning for complex problem solving
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-sequential-thinking"]
+    category: reasoning
+    recommended: false
+
+  - name: memory
+    description: "Persistent knowledge graph memory for agents — entities, relations, observations"
+    command: npx
+    args: ["-y", "@modelcontextprotocol/server-memory"]
+    category: reasoning
+    recommended: false
+
+rules:
+  - name: conventional-commits
+    description: Enforce conventional commit format
+    category: git
+    recommended: true
+    content: |
+      Use conventional commits: feat:, fix:, docs:, refactor:, test:, chore:
+      Header must be ≤72 characters.
+      Include ticket number at end when available.
+
+  - name: test-before-commit
+    description: Always run tests before committing
+    category: testing
+    recommended: true
+    content: |
+      Run tests before every commit.
+      Write a failing test first (red/green TDD).
+      Never delete or weaken existing tests without explicit direction.
+
+  - name: minimal-changes
+    description: Prefer minimal, focused edits
+    category: code-quality
+    recommended: true
+    content: |
+      Prefer minimal, focused edits over large rewrites.
+      Address root cause instead of symptoms.
+      Avoid over-engineering — use single-line changes when sufficient.
+
+  - name: tasks-md-spec
+    description: "Follow the tasks.md spec (tasks.md) when reading or writing TASKS.md files"
+    category: task-management
+    recommended: true
+    content: |
+      TASKS.md files must follow the tasks.md spec (https://tasks.md):
+      - First line: `# Tasks`
+      - Priority sections: `## P0`, `## P1`, `## P2`, `## P3` (in order)
+      - Tasks use checkbox format: `- [ ] Task description`
+      - Metadata uses bold labels indented under the task:
+        `**ID**:`, `**Tags**:`, `**Details**:`, `**Files**:`, `**Acceptance**:`, `**Blocked by**:`
+      - Completed tasks are removed entirely (not marked [x]). History lives in git log.
+      - Claim tasks by appending (@agent-id) to the task line.
+      - Sub-tasks use nested `- [ ]` / `- [x]` under the parent.
+      - IDs are kebab-case and unique across all TASKS.md files in the repo.
+      - Validate with: `npx tasks-lint TASKS.md` (or `npx tasks-lint --fix TASKS.md` to auto-fix)
+      - Local: `node ~/apps/tasks.md/packages/lint/dist/cli.js TASKS.md`