agim-cli 1.2.144 → 1.2.148
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +159 -0
- package/dist/cli-ui/setup-llm.d.ts.map +1 -1
- package/dist/cli-ui/setup-llm.js +3 -1
- package/dist/cli-ui/setup-llm.js.map +1 -1
- package/dist/core/circuit-breaker.d.ts +28 -0
- package/dist/core/circuit-breaker.d.ts.map +1 -1
- package/dist/core/circuit-breaker.js +45 -0
- package/dist/core/circuit-breaker.js.map +1 -1
- package/dist/core/intent.d.ts.map +1 -1
- package/dist/core/intent.js +3 -1
- package/dist/core/intent.js.map +1 -1
- package/dist/core/llm/agent-loop.d.ts +9 -1
- package/dist/core/llm/agent-loop.d.ts.map +1 -1
- package/dist/core/llm/agent-loop.js +80 -1
- package/dist/core/llm/agent-loop.js.map +1 -1
- package/dist/core/llm/anthropic-provider.d.ts.map +1 -1
- package/dist/core/llm/anthropic-provider.js +18 -4
- package/dist/core/llm/anthropic-provider.js.map +1 -1
- package/dist/core/llm/hallucination-detector.d.ts +33 -0
- package/dist/core/llm/hallucination-detector.d.ts.map +1 -0
- package/dist/core/llm/hallucination-detector.js +103 -0
- package/dist/core/llm/hallucination-detector.js.map +1 -0
- package/dist/core/llm/imhub-dispatcher.d.ts.map +1 -1
- package/dist/core/llm/imhub-dispatcher.js +7 -0
- package/dist/core/llm/imhub-dispatcher.js.map +1 -1
- package/dist/core/llm/provider-base.d.ts +9 -0
- package/dist/core/llm/provider-base.d.ts.map +1 -1
- package/dist/core/llm/provider-base.js.map +1 -1
- package/dist/core/memory-distill.d.ts.map +1 -1
- package/dist/core/memory-distill.js +18 -3
- package/dist/core/memory-distill.js.map +1 -1
- package/dist/core/memory.d.ts +14 -0
- package/dist/core/memory.d.ts.map +1 -1
- package/dist/core/memory.js +39 -0
- package/dist/core/memory.js.map +1 -1
- package/dist/core/message-sink.d.ts +6 -0
- package/dist/core/message-sink.d.ts.map +1 -1
- package/dist/core/message-sink.js +18 -3
- package/dist/core/message-sink.js.map +1 -1
- package/dist/core/outbox.d.ts +30 -2
- package/dist/core/outbox.d.ts.map +1 -1
- package/dist/core/outbox.js +102 -10
- package/dist/core/outbox.js.map +1 -1
- package/dist/core/reminders.d.ts.map +1 -1
- package/dist/core/reminders.js +11 -1
- package/dist/core/reminders.js.map +1 -1
- package/dist/core/router.d.ts.map +1 -1
- package/dist/core/router.js +16 -4
- package/dist/core/router.js.map +1 -1
- package/dist/core/schedule.d.ts +18 -0
- package/dist/core/schedule.d.ts.map +1 -1
- package/dist/core/schedule.js +80 -17
- package/dist/core/schedule.js.map +1 -1
- package/dist/core/sensitive-paths.d.ts.map +1 -1
- package/dist/core/sensitive-paths.js +53 -9
- package/dist/core/sensitive-paths.js.map +1 -1
- package/dist/core/skills/builtin/ECC_LICENSE +21 -0
- package/dist/core/skills/builtin/ECC_NOTICE.md +22 -0
- package/dist/core/skills/builtin/accessibility/SKILL.md +146 -0
- package/dist/core/skills/builtin/agent-eval/SKILL.md +145 -0
- package/dist/core/skills/builtin/agent-harness-construction/SKILL.md +73 -0
- package/dist/core/skills/builtin/agent-introspection-debugging/SKILL.md +153 -0
- package/dist/core/skills/builtin/agentic-engineering/SKILL.md +63 -0
- package/dist/core/skills/builtin/ai-first-engineering/SKILL.md +51 -0
- package/dist/core/skills/builtin/ai-regression-testing/SKILL.md +385 -0
- package/dist/core/skills/builtin/android-clean-architecture/SKILL.md +339 -0
- package/dist/core/skills/builtin/angular-developer/SKILL.md +154 -0
- package/dist/core/skills/builtin/angular-developer/references/angular-animations.md +160 -0
- package/dist/core/skills/builtin/angular-developer/references/angular-aria.md +410 -0
- package/dist/core/skills/builtin/angular-developer/references/cli.md +86 -0
- package/dist/core/skills/builtin/angular-developer/references/component-harnesses.md +59 -0
- package/dist/core/skills/builtin/angular-developer/references/component-styling.md +91 -0
- package/dist/core/skills/builtin/angular-developer/references/components.md +117 -0
- package/dist/core/skills/builtin/angular-developer/references/creating-services.md +97 -0
- package/dist/core/skills/builtin/angular-developer/references/data-resolvers.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/define-routes.md +67 -0
- package/dist/core/skills/builtin/angular-developer/references/defining-providers.md +72 -0
- package/dist/core/skills/builtin/angular-developer/references/di-fundamentals.md +120 -0
- package/dist/core/skills/builtin/angular-developer/references/e2e-testing.md +56 -0
- package/dist/core/skills/builtin/angular-developer/references/effects.md +83 -0
- package/dist/core/skills/builtin/angular-developer/references/hierarchical-injectors.md +43 -0
- package/dist/core/skills/builtin/angular-developer/references/host-elements.md +80 -0
- package/dist/core/skills/builtin/angular-developer/references/injection-context.md +63 -0
- package/dist/core/skills/builtin/angular-developer/references/inputs.md +101 -0
- package/dist/core/skills/builtin/angular-developer/references/linked-signal.md +59 -0
- package/dist/core/skills/builtin/angular-developer/references/loading-strategies.md +61 -0
- package/dist/core/skills/builtin/angular-developer/references/mcp.md +108 -0
- package/dist/core/skills/builtin/angular-developer/references/navigate-to-routes.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/outputs.md +86 -0
- package/dist/core/skills/builtin/angular-developer/references/reactive-forms.md +122 -0
- package/dist/core/skills/builtin/angular-developer/references/rendering-strategies.md +44 -0
- package/dist/core/skills/builtin/angular-developer/references/resource.md +77 -0
- package/dist/core/skills/builtin/angular-developer/references/route-animations.md +56 -0
- package/dist/core/skills/builtin/angular-developer/references/route-guards.md +52 -0
- package/dist/core/skills/builtin/angular-developer/references/router-lifecycle.md +45 -0
- package/dist/core/skills/builtin/angular-developer/references/router-testing.md +87 -0
- package/dist/core/skills/builtin/angular-developer/references/show-routes-with-outlets.md +68 -0
- package/dist/core/skills/builtin/angular-developer/references/signal-forms.md +795 -0
- package/dist/core/skills/builtin/angular-developer/references/signals-overview.md +94 -0
- package/dist/core/skills/builtin/angular-developer/references/tailwind-css.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/template-driven-forms.md +114 -0
- package/dist/core/skills/builtin/angular-developer/references/testing-fundamentals.md +65 -0
- package/dist/core/skills/builtin/api-connector-builder/SKILL.md +120 -0
- package/dist/core/skills/builtin/api-design/SKILL.md +523 -0
- package/dist/core/skills/builtin/architecture-decision-records/SKILL.md +179 -0
- package/dist/core/skills/builtin/article-writing/SKILL.md +79 -0
- package/dist/core/skills/builtin/automation-audit-ops/SKILL.md +142 -0
- package/dist/core/skills/builtin/autonomous-agent-harness/SKILL.md +273 -0
- package/dist/core/skills/builtin/autonomous-loops/SKILL.md +610 -0
- package/dist/core/skills/builtin/backend-patterns/SKILL.md +561 -0
- package/dist/core/skills/builtin/benchmark/SKILL.md +93 -0
- package/dist/core/skills/builtin/benchmark-optimization-loop/SKILL.md +69 -0
- package/dist/core/skills/builtin/blueprint/SKILL.md +105 -0
- package/dist/core/skills/builtin/browser-qa/SKILL.md +87 -0
- package/dist/core/skills/builtin/bun-runtime/SKILL.md +84 -0
- package/dist/core/skills/builtin/cisco-ios-patterns/SKILL.md +163 -0
- package/dist/core/skills/builtin/claude-devfleet/SKILL.md +111 -0
- package/dist/core/skills/builtin/click-path-audit/SKILL.md +244 -0
- package/dist/core/skills/builtin/clickhouse-io/SKILL.md +439 -0
- package/dist/core/skills/builtin/code-tour/SKILL.md +236 -0
- package/dist/core/skills/builtin/codebase-onboarding/SKILL.md +233 -0
- package/dist/core/skills/builtin/codehealth-mcp/SKILL.md +166 -0
- package/dist/core/skills/builtin/coding-standards/SKILL.md +550 -0
- package/dist/core/skills/builtin/compose-multiplatform-patterns/SKILL.md +299 -0
- package/dist/core/skills/builtin/config-gc/SKILL.md +119 -0
- package/dist/core/skills/builtin/content-hash-cache-pattern/SKILL.md +161 -0
- package/dist/core/skills/builtin/context-budget/SKILL.md +135 -0
- package/dist/core/skills/builtin/continuous-agent-loop/SKILL.md +45 -0
- package/dist/core/skills/builtin/continuous-learning/SKILL.md +131 -0
- package/dist/core/skills/builtin/continuous-learning/config.json +18 -0
- package/dist/core/skills/builtin/continuous-learning/evaluate-session.sh +69 -0
- package/dist/core/skills/builtin/continuous-learning-v2/SKILL.md +360 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/observer-loop.sh +335 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/observer.md +198 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/session-guardian.sh +150 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/start-observer.sh +248 -0
- package/dist/core/skills/builtin/continuous-learning-v2/config.json +8 -0
- package/dist/core/skills/builtin/continuous-learning-v2/hooks/observe.sh +498 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/detect-project.sh +322 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/instinct-cli.py +1914 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/migrate-homunculus.sh +62 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/test_parse_instinct.py +1045 -0
- package/dist/core/skills/builtin/cost-aware-llm-pipeline/SKILL.md +183 -0
- package/dist/core/skills/builtin/cost-tracking/SKILL.md +147 -0
- package/dist/core/skills/builtin/council/SKILL.md +203 -0
- package/dist/core/skills/builtin/cpp-coding-standards/SKILL.md +723 -0
- package/dist/core/skills/builtin/cpp-testing/SKILL.md +324 -0
- package/dist/core/skills/builtin/crosspost/SKILL.md +111 -0
- package/dist/core/skills/builtin/csharp-testing/SKILL.md +321 -0
- package/dist/core/skills/builtin/customs-trade-compliance/SKILL.md +263 -0
- package/dist/core/skills/builtin/dart-flutter-patterns/SKILL.md +563 -0
- package/dist/core/skills/builtin/dashboard-builder/SKILL.md +108 -0
- package/dist/core/skills/builtin/data-scraper-agent/SKILL.md +764 -0
- package/dist/core/skills/builtin/data-throughput-accelerator/SKILL.md +72 -0
- package/dist/core/skills/builtin/database-migrations/SKILL.md +429 -0
- package/dist/core/skills/builtin/deep-research/SKILL.md +159 -0
- package/dist/core/skills/builtin/defi-amm-security/SKILL.md +166 -0
- package/dist/core/skills/builtin/deployment-patterns/SKILL.md +427 -0
- package/dist/core/skills/builtin/design-system/SKILL.md +82 -0
- package/dist/core/skills/builtin/django-celery/SKILL.md +457 -0
- package/dist/core/skills/builtin/django-patterns/SKILL.md +734 -0
- package/dist/core/skills/builtin/django-security/SKILL.md +593 -0
- package/dist/core/skills/builtin/django-tdd/SKILL.md +729 -0
- package/dist/core/skills/builtin/django-verification/SKILL.md +469 -0
- package/dist/core/skills/builtin/dmux-workflows/SKILL.md +191 -0
- package/dist/core/skills/builtin/docker-patterns/SKILL.md +364 -0
- package/dist/core/skills/builtin/documentation-lookup/SKILL.md +90 -0
- package/dist/core/skills/builtin/dotnet-patterns/SKILL.md +321 -0
- package/dist/core/skills/builtin/dynamic-workflow-mode/SKILL.md +123 -0
- package/dist/core/skills/builtin/e2e-testing/SKILL.md +326 -0
- package/dist/core/skills/builtin/email-ops/SKILL.md +121 -0
- package/dist/core/skills/builtin/energy-procurement/SKILL.md +228 -0
- package/dist/core/skills/builtin/enterprise-agent-ops/SKILL.md +50 -0
- package/dist/core/skills/builtin/error-handling/SKILL.md +376 -0
- package/dist/core/skills/builtin/eval-harness/SKILL.md +270 -0
- package/dist/core/skills/builtin/evm-token-decimals/SKILL.md +130 -0
- package/dist/core/skills/builtin/exa-search/SKILL.md +107 -0
- package/dist/core/skills/builtin/fal-ai-media/SKILL.md +288 -0
- package/dist/core/skills/builtin/fastapi-patterns/SKILL.md +513 -0
- package/dist/core/skills/builtin/finance-billing-ops/SKILL.md +127 -0
- package/dist/core/skills/builtin/flox-environments/SKILL.md +496 -0
- package/dist/core/skills/builtin/flutter-dart-code-review/SKILL.md +435 -0
- package/dist/core/skills/builtin/foundation-models-on-device/SKILL.md +243 -0
- package/dist/core/skills/builtin/frontend-a11y/SKILL.md +445 -0
- package/dist/core/skills/builtin/frontend-design-direction/SKILL.md +92 -0
- package/dist/core/skills/builtin/frontend-patterns/SKILL.md +656 -0
- package/dist/core/skills/builtin/frontend-slides/SKILL.md +184 -0
- package/dist/core/skills/builtin/frontend-slides/STYLE_PRESETS.md +330 -0
- package/dist/core/skills/builtin/frontend-slides/animation-patterns.md +122 -0
- package/dist/core/skills/builtin/frontend-slides/html-template.md +419 -0
- package/dist/core/skills/builtin/frontend-slides/scripts/export-pdf.sh +418 -0
- package/dist/core/skills/builtin/frontend-slides/scripts/extract-pptx.py +96 -0
- package/dist/core/skills/builtin/frontend-slides/viewport-base.css +153 -0
- package/dist/core/skills/builtin/fsharp-testing/SKILL.md +280 -0
- package/dist/core/skills/builtin/gan-style-harness/SKILL.md +278 -0
- package/dist/core/skills/builtin/gateguard/SKILL.md +132 -0
- package/dist/core/skills/builtin/git-workflow/SKILL.md +715 -0
- package/dist/core/skills/builtin/github-ops/SKILL.md +144 -0
- package/dist/core/skills/builtin/golang-patterns/SKILL.md +674 -0
- package/dist/core/skills/builtin/golang-testing/SKILL.md +720 -0
- package/dist/core/skills/builtin/healthcare-cdss-patterns/SKILL.md +245 -0
- package/dist/core/skills/builtin/healthcare-emr-patterns/SKILL.md +159 -0
- package/dist/core/skills/builtin/healthcare-eval-harness/SKILL.md +207 -0
- package/dist/core/skills/builtin/healthcare-phi-compliance/SKILL.md +145 -0
- package/dist/core/skills/builtin/hermes-imports/SKILL.md +88 -0
- package/dist/core/skills/builtin/hexagonal-architecture/SKILL.md +276 -0
- package/dist/core/skills/builtin/hipaa-compliance/SKILL.md +78 -0
- package/dist/core/skills/builtin/hookify-rules/SKILL.md +128 -0
- package/dist/core/skills/builtin/inherit-legacy-style/SKILL.md +156 -0
- package/dist/core/skills/builtin/intent-driven-development/SKILL.md +360 -0
- package/dist/core/skills/builtin/inventory-demand-planning/SKILL.md +247 -0
- package/dist/core/skills/builtin/ios-icon-gen/SKILL.md +157 -0
- package/dist/core/skills/builtin/ios-icon-gen/scripts/generate_icons.swift +258 -0
- package/dist/core/skills/builtin/ios-icon-gen/scripts/iconify_gen.sh +235 -0
- package/dist/core/skills/builtin/iterative-retrieval/SKILL.md +211 -0
- package/dist/core/skills/builtin/java-coding-standards/SKILL.md +383 -0
- package/dist/core/skills/builtin/jira-integration/SKILL.md +302 -0
- package/dist/core/skills/builtin/jpa-patterns/SKILL.md +151 -0
- package/dist/core/skills/builtin/knowledge-ops/SKILL.md +154 -0
- package/dist/core/skills/builtin/kotlin-coroutines-flows/SKILL.md +284 -0
- package/dist/core/skills/builtin/kotlin-exposed-patterns/SKILL.md +719 -0
- package/dist/core/skills/builtin/kotlin-ktor-patterns/SKILL.md +689 -0
- package/dist/core/skills/builtin/kotlin-patterns/SKILL.md +711 -0
- package/dist/core/skills/builtin/kotlin-testing/SKILL.md +824 -0
- package/dist/core/skills/builtin/kubernetes-patterns/SKILL.md +755 -0
- package/dist/core/skills/builtin/laravel-patterns/SKILL.md +415 -0
- package/dist/core/skills/builtin/laravel-plugin-discovery/SKILL.md +229 -0
- package/dist/core/skills/builtin/laravel-security/SKILL.md +947 -0
- package/dist/core/skills/builtin/laravel-tdd/SKILL.md +674 -0
- package/dist/core/skills/builtin/laravel-verification/SKILL.md +179 -0
- package/dist/core/skills/builtin/latency-critical-systems/SKILL.md +73 -0
- package/dist/core/skills/builtin/lead-intelligence/SKILL.md +321 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/enrichment-agent.md +85 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/mutual-mapper.md +75 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/outreach-drafter.md +98 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/signal-scorer.md +60 -0
- package/dist/core/skills/builtin/liquid-glass-design/SKILL.md +279 -0
- package/dist/core/skills/builtin/llm-trading-agent-security/SKILL.md +146 -0
- package/dist/core/skills/builtin/logistics-exception-management/SKILL.md +222 -0
- package/dist/core/skills/builtin/make-interfaces-feel-better/SKILL.md +151 -0
- package/dist/core/skills/builtin/market-research/SKILL.md +75 -0
- package/dist/core/skills/builtin/marketing-campaign/SKILL.md +113 -0
- package/dist/core/skills/builtin/mcp-server-patterns/SKILL.md +69 -0
- package/dist/core/skills/builtin/messages-ops/SKILL.md +104 -0
- package/dist/core/skills/builtin/mle-workflow/SKILL.md +346 -0
- package/dist/core/skills/builtin/motion-advanced/SKILL.md +596 -0
- package/dist/core/skills/builtin/motion-foundations/SKILL.md +299 -0
- package/dist/core/skills/builtin/motion-patterns/SKILL.md +434 -0
- package/dist/core/skills/builtin/motion-ui/SKILL.md +575 -0
- package/dist/core/skills/builtin/mysql-patterns/SKILL.md +412 -0
- package/dist/core/skills/builtin/nanoclaw-repl/SKILL.md +33 -0
- package/dist/core/skills/builtin/nestjs-patterns/SKILL.md +230 -0
- package/dist/core/skills/builtin/netmiko-ssh-automation/SKILL.md +173 -0
- package/dist/core/skills/builtin/network-bgp-diagnostics/SKILL.md +167 -0
- package/dist/core/skills/builtin/network-config-validation/SKILL.md +210 -0
- package/dist/core/skills/builtin/network-interface-health/SKILL.md +152 -0
- package/dist/core/skills/builtin/nextjs-turbopack/SKILL.md +57 -0
- package/dist/core/skills/builtin/nodejs-keccak256/SKILL.md +102 -0
- package/dist/core/skills/builtin/nutrient-document-processing/SKILL.md +167 -0
- package/dist/core/skills/builtin/nuxt4-patterns/SKILL.md +100 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/SKILL.md +288 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/gacha.py +224 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/gacha.sh +5 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/avatar-style.md +124 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/boundary-rules.md +53 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/error-handling.md +53 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/identity-tension.md +48 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/naming-system.md +39 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/output-template.md +166 -0
- package/dist/core/skills/builtin/opensource-pipeline/SKILL.md +255 -0
- package/dist/core/skills/builtin/orch-add-feature/SKILL.md +44 -0
- package/dist/core/skills/builtin/orch-build-mvp/SKILL.md +48 -0
- package/dist/core/skills/builtin/orch-change-feature/SKILL.md +42 -0
- package/dist/core/skills/builtin/orch-fix-defect/SKILL.md +42 -0
- package/dist/core/skills/builtin/orch-pipeline/SKILL.md +120 -0
- package/dist/core/skills/builtin/orch-refine-code/SKILL.md +43 -0
- package/dist/core/skills/builtin/parallel-execution-optimizer/SKILL.md +72 -0
- package/dist/core/skills/builtin/perl-patterns/SKILL.md +504 -0
- package/dist/core/skills/builtin/perl-security/SKILL.md +503 -0
- package/dist/core/skills/builtin/perl-testing/SKILL.md +475 -0
- package/dist/core/skills/builtin/plan-orchestrate/SKILL.md +262 -0
- package/dist/core/skills/builtin/plankton-code-quality/SKILL.md +236 -0
- package/dist/core/skills/builtin/postgres-patterns/SKILL.md +147 -0
- package/dist/core/skills/builtin/prediction-market-oracle-research/SKILL.md +63 -0
- package/dist/core/skills/builtin/prediction-market-risk-review/SKILL.md +60 -0
- package/dist/core/skills/builtin/prisma-patterns/SKILL.md +371 -0
- package/dist/core/skills/builtin/product-capability/SKILL.md +141 -0
- package/dist/core/skills/builtin/product-lens/SKILL.md +92 -0
- package/dist/core/skills/builtin/production-audit/SKILL.md +206 -0
- package/dist/core/skills/builtin/production-scheduling/SKILL.md +238 -0
- package/dist/core/skills/builtin/prompt-optimizer/SKILL.md +398 -0
- package/dist/core/skills/builtin/python-patterns/SKILL.md +750 -0
- package/dist/core/skills/builtin/python-testing/SKILL.md +816 -0
- package/dist/core/skills/builtin/pytorch-patterns/SKILL.md +396 -0
- package/dist/core/skills/builtin/quality-nonconformance/SKILL.md +260 -0
- package/dist/core/skills/builtin/quarkus-patterns/SKILL.md +722 -0
- package/dist/core/skills/builtin/quarkus-security/SKILL.md +467 -0
- package/dist/core/skills/builtin/quarkus-tdd/SKILL.md +811 -0
- package/dist/core/skills/builtin/quarkus-verification/SKILL.md +479 -0
- package/dist/core/skills/builtin/ralphinho-rfc-pipeline/SKILL.md +67 -0
- package/dist/core/skills/builtin/react-patterns/SKILL.md +341 -0
- package/dist/core/skills/builtin/react-performance/SKILL.md +574 -0
- package/dist/core/skills/builtin/react-testing/SKILL.md +423 -0
- package/dist/core/skills/builtin/recsys-pipeline-architect/SKILL.md +114 -0
- package/dist/core/skills/builtin/recursive-decision-ledger/SKILL.md +79 -0
- package/dist/core/skills/builtin/redis-patterns/SKILL.md +403 -0
- package/dist/core/skills/builtin/regex-vs-llm-structured-text/SKILL.md +220 -0
- package/dist/core/skills/builtin/repo-scan/SKILL.md +78 -0
- package/dist/core/skills/builtin/research-ops/SKILL.md +112 -0
- package/dist/core/skills/builtin/returns-reverse-logistics/SKILL.md +240 -0
- package/dist/core/skills/builtin/rules-distill/SKILL.md +264 -0
- package/dist/core/skills/builtin/rules-distill/scripts/scan-rules.sh +58 -0
- package/dist/core/skills/builtin/rules-distill/scripts/scan-skills.sh +129 -0
- package/dist/core/skills/builtin/rust-patterns/SKILL.md +499 -0
- package/dist/core/skills/builtin/rust-testing/SKILL.md +500 -0
- package/dist/core/skills/builtin/safety-guard/SKILL.md +75 -0
- package/dist/core/skills/builtin/santa-method/SKILL.md +306 -0
- package/dist/core/skills/builtin/scientific-db-pubmed-database/SKILL.md +175 -0
- package/dist/core/skills/builtin/scientific-db-uspto-database/SKILL.md +177 -0
- package/dist/core/skills/builtin/scientific-pkg-gget/SKILL.md +166 -0
- package/dist/core/skills/builtin/scientific-thinking-literature-review/SKILL.md +192 -0
- package/dist/core/skills/builtin/scientific-thinking-scholar-evaluation/SKILL.md +160 -0
- package/dist/core/skills/builtin/search-first/SKILL.md +182 -0
- package/dist/core/skills/builtin/security-bounty-hunter/SKILL.md +99 -0
- package/dist/core/skills/builtin/security-review/SKILL.md +503 -0
- package/dist/core/skills/builtin/security-review/cloud-infrastructure-security.md +361 -0
- package/dist/core/skills/builtin/security-scan/SKILL.md +165 -0
- package/dist/core/skills/builtin/seo/SKILL.md +154 -0
- package/dist/core/skills/builtin/skill-comply/SKILL.md +58 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/compliant_trace.jsonl +5 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/tdd_spec.yaml +44 -0
- package/dist/core/skills/builtin/skill-comply/prompts/classifier.md +24 -0
- package/dist/core/skills/builtin/skill-comply/prompts/scenario_generator.md +62 -0
- package/dist/core/skills/builtin/skill-comply/prompts/spec_generator.md +42 -0
- package/dist/core/skills/builtin/skill-comply/pyproject.toml +15 -0
- package/dist/core/skills/builtin/skill-comply/scripts/__init__.py +0 -0
- package/dist/core/skills/builtin/skill-comply/scripts/classifier.py +85 -0
- package/dist/core/skills/builtin/skill-comply/scripts/grader.py +124 -0
- package/dist/core/skills/builtin/skill-comply/scripts/parser.py +107 -0
- package/dist/core/skills/builtin/skill-comply/scripts/report.py +170 -0
- package/dist/core/skills/builtin/skill-comply/scripts/run.py +127 -0
- package/dist/core/skills/builtin/skill-comply/scripts/runner.py +186 -0
- package/dist/core/skills/builtin/skill-comply/scripts/scenario_generator.py +70 -0
- package/dist/core/skills/builtin/skill-comply/scripts/spec_generator.py +72 -0
- package/dist/core/skills/builtin/skill-comply/scripts/utils.py +13 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_grader.py +197 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_parser.py +90 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_runner.py +172 -0
- package/dist/core/skills/builtin/skill-scout/SKILL.md +140 -0
- package/dist/core/skills/builtin/skill-stocktake/SKILL.md +194 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/quick-diff.sh +87 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/save-results.sh +56 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/scan.sh +170 -0
- package/dist/core/skills/builtin/springboot-patterns/SKILL.md +314 -0
- package/dist/core/skills/builtin/springboot-security/SKILL.md +272 -0
- package/dist/core/skills/builtin/springboot-tdd/SKILL.md +158 -0
- package/dist/core/skills/builtin/springboot-verification/SKILL.md +231 -0
- package/dist/core/skills/builtin/strategic-compact/SKILL.md +135 -0
- package/dist/core/skills/builtin/swift-actor-persistence/SKILL.md +143 -0
- package/dist/core/skills/builtin/swift-concurrency-6-2/SKILL.md +216 -0
- package/dist/core/skills/builtin/swift-protocol-di-testing/SKILL.md +190 -0
- package/dist/core/skills/builtin/swiftui-patterns/SKILL.md +259 -0
- package/dist/core/skills/builtin/tdd-workflow/SKILL.md +463 -0
- package/dist/core/skills/builtin/team-agent-orchestration/SKILL.md +110 -0
- package/dist/core/skills/builtin/team-builder/SKILL.md +168 -0
- package/dist/core/skills/builtin/terminal-ops/SKILL.md +109 -0
- package/dist/core/skills/builtin/tinystruct-patterns/SKILL.md +203 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/architecture.md +90 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/data-handling.md +60 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/database.md +99 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/routing.md +64 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/system-usage.md +97 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/testing.md +72 -0
- package/dist/core/skills/builtin/token-budget-advisor/SKILL.md +133 -0
- package/dist/core/skills/builtin/ui-demo/SKILL.md +465 -0
- package/dist/core/skills/builtin/ui-to-vue/SKILL.md +134 -0
- package/dist/core/skills/builtin/uncloud/SKILL.md +343 -0
- package/dist/core/skills/builtin/unified-notifications-ops/SKILL.md +187 -0
- package/dist/core/skills/builtin/verification-loop/SKILL.md +126 -0
- package/dist/core/skills/builtin/video-editing/SKILL.md +310 -0
- package/dist/core/skills/builtin/videodb/SKILL.md +374 -0
- package/dist/core/skills/builtin/videodb/reference/api-reference.md +550 -0
- package/dist/core/skills/builtin/videodb/reference/capture-reference.md +407 -0
- package/dist/core/skills/builtin/videodb/reference/capture.md +101 -0
- package/dist/core/skills/builtin/videodb/reference/editor.md +443 -0
- package/dist/core/skills/builtin/videodb/reference/generative.md +331 -0
- package/dist/core/skills/builtin/videodb/reference/rtstream-reference.md +564 -0
- package/dist/core/skills/builtin/videodb/reference/rtstream.md +65 -0
- package/dist/core/skills/builtin/videodb/reference/search.md +230 -0
- package/dist/core/skills/builtin/videodb/reference/streaming.md +406 -0
- package/dist/core/skills/builtin/videodb/reference/use-cases.md +118 -0
- package/dist/core/skills/builtin/videodb/scripts/ws_listener.py +282 -0
- package/dist/core/skills/builtin/visa-doc-translate/README.md +86 -0
- package/dist/core/skills/builtin/visa-doc-translate/SKILL.md +117 -0
- package/dist/core/skills/builtin/vite-patterns/SKILL.md +449 -0
- package/dist/core/skills/builtin/windows-desktop-e2e/SKILL.md +887 -0
- package/dist/core/skills/builtin/x-api/SKILL.md +234 -0
- package/dist/core/skills/loader.js +11 -0
- package/dist/core/skills/loader.js.map +1 -1
- package/dist/core/types.d.ts +6 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/plugins/agents/native/index.d.ts +47 -8
- package/dist/plugins/agents/native/index.d.ts.map +1 -1
- package/dist/plugins/agents/native/index.js +253 -102
- package/dist/plugins/agents/native/index.js.map +1 -1
- package/dist/plugins/agents/native/tool-registry.d.ts +33 -0
- package/dist/plugins/agents/native/tool-registry.d.ts.map +1 -0
- package/dist/plugins/agents/native/tool-registry.js +82 -0
- package/dist/plugins/agents/native/tool-registry.js.map +1 -0
- package/dist/plugins/messengers/dingtalk/dingtalk-client.d.ts.map +1 -1
- package/dist/plugins/messengers/dingtalk/dingtalk-client.js +11 -11
- package/dist/plugins/messengers/dingtalk/dingtalk-client.js.map +1 -1
- package/dist/plugins/messengers/feishu/feishu-adapter.d.ts.map +1 -1
- package/dist/plugins/messengers/feishu/feishu-adapter.js +9 -5
- package/dist/plugins/messengers/feishu/feishu-adapter.js.map +1 -1
- package/dist/plugins/messengers/wechat/ilink-adapter.d.ts.map +1 -1
- package/dist/plugins/messengers/wechat/ilink-adapter.js +11 -1
- package/dist/plugins/messengers/wechat/ilink-adapter.js.map +1 -1
- package/dist/web/public/assets/{a2a-DczMMkbl.js → a2a-Cll3P4QN.js} +2 -2
- package/dist/web/public/assets/{a2a-DczMMkbl.js.map → a2a-Cll3P4QN.js.map} +1 -1
- package/dist/web/public/assets/{activity-cbLHkzca.js → activity-B7T7YFlD.js} +2 -2
- package/dist/web/public/assets/{activity-cbLHkzca.js.map → activity-B7T7YFlD.js.map} +1 -1
- package/dist/web/public/assets/{admins-C-YsGMj7.js → admins-CN7P018S.js} +2 -2
- package/dist/web/public/assets/{admins-C-YsGMj7.js.map → admins-CN7P018S.js.map} +1 -1
- package/dist/web/public/assets/{agents-BWfov_1-.js → agents-Bqgq7GBF.js} +2 -2
- package/dist/web/public/assets/{agents-BWfov_1-.js.map → agents-Bqgq7GBF.js.map} +1 -1
- package/dist/web/public/assets/{approvals-HSssmXKS.js → approvals-C8IUJQ_A.js} +2 -2
- package/dist/web/public/assets/{approvals-HSssmXKS.js.map → approvals-C8IUJQ_A.js.map} +1 -1
- package/dist/web/public/assets/{arrow-down-BXvC8Al2.js → arrow-down-SLWKqtDc.js} +2 -2
- package/dist/web/public/assets/{arrow-down-BXvC8Al2.js.map → arrow-down-SLWKqtDc.js.map} +1 -1
- package/dist/web/public/assets/{arrow-up-63xELY5Q.js → arrow-up-BOADc9ce.js} +2 -2
- package/dist/web/public/assets/{arrow-up-63xELY5Q.js.map → arrow-up-BOADc9ce.js.map} +1 -1
- package/dist/web/public/assets/{asks-COLEFOvK.js → asks-C-j-DypC.js} +2 -2
- package/dist/web/public/assets/{asks-COLEFOvK.js.map → asks-C-j-DypC.js.map} +1 -1
- package/dist/web/public/assets/{audit-D4ZEiZub.js → audit-DQb-RuXh.js} +2 -2
- package/dist/web/public/assets/{audit-D4ZEiZub.js.map → audit-DQb-RuXh.js.map} +1 -1
- package/dist/web/public/assets/{bell-Cg2Bvv06.js → bell-CV88-ul6.js} +2 -2
- package/dist/web/public/assets/{bell-Cg2Bvv06.js.map → bell-CV88-ul6.js.map} +1 -1
- package/dist/web/public/assets/{bgjobs-CEjCzwtd.js → bgjobs-CDrK0d-W.js} +2 -2
- package/dist/web/public/assets/{bgjobs-CEjCzwtd.js.map → bgjobs-CDrK0d-W.js.map} +1 -1
- package/dist/web/public/assets/{brain-euvl6F6C.js → brain-B7HtSOQU.js} +2 -2
- package/dist/web/public/assets/{brain-euvl6F6C.js.map → brain-B7HtSOQU.js.map} +1 -1
- package/dist/web/public/assets/{briefcase-DPWLbCnA.js → briefcase-mdzuIa__.js} +2 -2
- package/dist/web/public/assets/{briefcase-DPWLbCnA.js.map → briefcase-mdzuIa__.js.map} +1 -1
- package/dist/web/public/assets/{browser-ponyfill-BUutOaRz.js → browser-ponyfill-DBWdeCTC.js} +2 -2
- package/dist/web/public/assets/{browser-ponyfill-BUutOaRz.js.map → browser-ponyfill-DBWdeCTC.js.map} +1 -1
- package/dist/web/public/assets/{chat-Dz9kfaxH.js → chat-CSjtY2rN.js} +3 -3
- package/dist/web/public/assets/{chat-Dz9kfaxH.js.map → chat-CSjtY2rN.js.map} +1 -1
- package/dist/web/public/assets/{chevron-left-BeIh5thq.js → chevron-left-uSfPn636.js} +2 -2
- package/dist/web/public/assets/{chevron-left-BeIh5thq.js.map → chevron-left-uSfPn636.js.map} +1 -1
- package/dist/web/public/assets/{chevron-right-uP_l9MMb.js → chevron-right-CtelqacW.js} +2 -2
- package/dist/web/public/assets/{chevron-right-uP_l9MMb.js.map → chevron-right-CtelqacW.js.map} +1 -1
- package/dist/web/public/assets/{circle-check-CewnjFgv.js → circle-check-8dbL-u7O.js} +2 -2
- package/dist/web/public/assets/{circle-check-CewnjFgv.js.map → circle-check-8dbL-u7O.js.map} +1 -1
- package/dist/web/public/assets/{circle-check-big-C2RTc48c.js → circle-check-big-D8-svk9a.js} +2 -2
- package/dist/web/public/assets/{circle-check-big-C2RTc48c.js.map → circle-check-big-D8-svk9a.js.map} +1 -1
- package/dist/web/public/assets/{circle-x-Ccg1HyV-.js → circle-x-rUxzIz5P.js} +2 -2
- package/dist/web/public/assets/{circle-x-Ccg1HyV-.js.map → circle-x-rUxzIz5P.js.map} +1 -1
- package/dist/web/public/assets/{clock-qxbYSynv.js → clock-CG5dlBGB.js} +2 -2
- package/dist/web/public/assets/{clock-qxbYSynv.js.map → clock-CG5dlBGB.js.map} +1 -1
- package/dist/web/public/assets/{confirm-dialog-DmJq4Td9.js → confirm-dialog-DlUsSur3.js} +2 -2
- package/dist/web/public/assets/{confirm-dialog-DmJq4Td9.js.map → confirm-dialog-DlUsSur3.js.map} +1 -1
- package/dist/web/public/assets/{copy-DxSHRdbc.js → copy-DnC76wFT.js} +2 -2
- package/dist/web/public/assets/{copy-DxSHRdbc.js.map → copy-DnC76wFT.js.map} +1 -1
- package/dist/web/public/assets/{data-table-S7rIjwdO.js → data-table-DswkWUfG.js} +2 -2
- package/dist/web/public/assets/{data-table-S7rIjwdO.js.map → data-table-DswkWUfG.js.map} +1 -1
- package/dist/web/public/assets/dialog-Ceo4YuXy.js +6 -0
- package/dist/web/public/assets/dialog-Ceo4YuXy.js.map +1 -0
- package/dist/web/public/assets/{download-OhsGtnO-.js → download-DF-46tS4.js} +2 -2
- package/dist/web/public/assets/{download-OhsGtnO-.js.map → download-DF-46tS4.js.map} +1 -1
- package/dist/web/public/assets/{email-C1-HxWLF.js → email-CZee26-_.js} +3 -3
- package/dist/web/public/assets/{email-C1-HxWLF.js.map → email-CZee26-_.js.map} +1 -1
- package/dist/web/public/assets/{empty-state-C-qjOHyu.js → empty-state-D9Hi0Atm.js} +2 -2
- package/dist/web/public/assets/{empty-state-C-qjOHyu.js.map → empty-state-D9Hi0Atm.js.map} +1 -1
- package/dist/web/public/assets/{external-link-DRVp9-lb.js → external-link-D64iZa9P.js} +2 -2
- package/dist/web/public/assets/{external-link-DRVp9-lb.js.map → external-link-D64iZa9P.js.map} +1 -1
- package/dist/web/public/assets/{eye-CFhg5BTa.js → eye-sY6WZb7D.js} +2 -2
- package/dist/web/public/assets/{eye-CFhg5BTa.js.map → eye-sY6WZb7D.js.map} +1 -1
- package/dist/web/public/assets/{facts-CGaLWhzi.js → facts-B7bGGwvi.js} +2 -2
- package/dist/web/public/assets/{facts-CGaLWhzi.js.map → facts-B7bGGwvi.js.map} +1 -1
- package/dist/web/public/assets/{goals-C-dJANmn.js → goals-BfQbsvZv.js} +2 -2
- package/dist/web/public/assets/{goals-C-dJANmn.js.map → goals-BfQbsvZv.js.map} +1 -1
- package/dist/web/public/assets/{health-CWcti5h3.js → health-Ba_mY0Ts.js} +2 -2
- package/dist/web/public/assets/{health-CWcti5h3.js.map → health-Ba_mY0Ts.js.map} +1 -1
- package/dist/web/public/assets/{heart-pulse-DmGhKR2W.js → heart-pulse-BjikOVwU.js} +2 -2
- package/dist/web/public/assets/{heart-pulse-DmGhKR2W.js.map → heart-pulse-BjikOVwU.js.map} +1 -1
- package/dist/web/public/assets/{heartbeat-kLoGBNCo.js → heartbeat-BM8LlPes.js} +2 -2
- package/dist/web/public/assets/{heartbeat-kLoGBNCo.js.map → heartbeat-BM8LlPes.js.map} +1 -1
- package/dist/web/public/assets/{hot-BITDoax1.js → hot-BtuLL6n8.js} +2 -2
- package/dist/web/public/assets/{hot-BITDoax1.js.map → hot-BtuLL6n8.js.map} +1 -1
- package/dist/web/public/assets/index-DEWFfW_Z.js +199 -0
- package/dist/web/public/assets/index-DEWFfW_Z.js.map +1 -0
- package/dist/web/public/assets/{installed-Co9WrtQ7.js → installed-Xr8p31ij.js} +2 -2
- package/dist/web/public/assets/{installed-Co9WrtQ7.js.map → installed-Xr8p31ij.js.map} +1 -1
- package/dist/web/public/assets/{jobs-hdHhBEvi.js → jobs-Ddy81Udm.js} +2 -2
- package/dist/web/public/assets/{jobs-hdHhBEvi.js.map → jobs-Ddy81Udm.js.map} +1 -1
- package/dist/web/public/assets/{layout-CQtbOBag.js → layout-BL74fT-L.js} +2 -2
- package/dist/web/public/assets/{layout-CQtbOBag.js.map → layout-BL74fT-L.js.map} +1 -1
- package/dist/web/public/assets/{layout-bDMXIKIR.js → layout-Bn2qUxcK.js} +2 -2
- package/dist/web/public/assets/{layout-bDMXIKIR.js.map → layout-Bn2qUxcK.js.map} +1 -1
- package/dist/web/public/assets/{layout-BMXC1Uh1.js → layout-Bp4SAA8_.js} +2 -2
- package/dist/web/public/assets/{layout-BMXC1Uh1.js.map → layout-Bp4SAA8_.js.map} +1 -1
- package/dist/web/public/assets/{layout-CysVsySh.js → layout-CZ9pGnW8.js} +2 -2
- package/dist/web/public/assets/{layout-CysVsySh.js.map → layout-CZ9pGnW8.js.map} +1 -1
- package/dist/web/public/assets/{layout-CyBGneZ9.js → layout-pasFRkKV.js} +2 -2
- package/dist/web/public/assets/{layout-CyBGneZ9.js.map → layout-pasFRkKV.js.map} +1 -1
- package/dist/web/public/assets/llm-yp7b5xxL.js +7 -0
- package/dist/web/public/assets/llm-yp7b5xxL.js.map +1 -0
- package/dist/web/public/assets/{loader-circle-9VUMGitw.js → loader-circle-Bbw4pEyE.js} +2 -2
- package/dist/web/public/assets/{loader-circle-9VUMGitw.js.map → loader-circle-Bbw4pEyE.js.map} +1 -1
- package/dist/web/public/assets/{map-pin-BXYvvHry.js → map-pin-DIXHUQgM.js} +2 -2
- package/dist/web/public/assets/{map-pin-BXYvvHry.js.map → map-pin-DIXHUQgM.js.map} +1 -1
- package/dist/web/public/assets/{mcp-BgLdlwSn.js → mcp-DyaljIM_.js} +2 -2
- package/dist/web/public/assets/{mcp-BgLdlwSn.js.map → mcp-DyaljIM_.js.map} +1 -1
- package/dist/web/public/assets/memos-Dkoc157i.js +12 -0
- package/dist/web/public/assets/memos-Dkoc157i.js.map +1 -0
- package/dist/web/public/assets/{messengers-7Phqea62.js → messengers-CcyGDeUI.js} +2 -2
- package/dist/web/public/assets/{messengers-7Phqea62.js.map → messengers-CcyGDeUI.js.map} +1 -1
- package/dist/web/public/assets/{mobile-CV5b6D2W.js → mobile-DqzIv4Xb.js} +2 -2
- package/dist/web/public/assets/{mobile-CV5b6D2W.js.map → mobile-DqzIv4Xb.js.map} +1 -1
- package/dist/web/public/assets/{native-agent-QvIa6LjE.js → native-agent-BQ7WaRGK.js} +2 -2
- package/dist/web/public/assets/{native-agent-QvIa6LjE.js.map → native-agent-BQ7WaRGK.js.map} +1 -1
- package/dist/web/public/assets/{network-BXhEjGhE.js → network-B_yUFAqC.js} +2 -2
- package/dist/web/public/assets/{network-BXhEjGhE.js.map → network-B_yUFAqC.js.map} +1 -1
- package/dist/web/public/assets/{outbox-DHQL7TQb.js → outbox-l8aVOZqO.js} +2 -2
- package/dist/web/public/assets/{outbox-DHQL7TQb.js.map → outbox-l8aVOZqO.js.map} +1 -1
- package/dist/web/public/assets/{pagination-VKuPb1Ot.js → pagination-BAKRGKa9.js} +2 -2
- package/dist/web/public/assets/{pagination-VKuPb1Ot.js.map → pagination-BAKRGKa9.js.map} +1 -1
- package/dist/web/public/assets/{persona-CWug2GLR.js → persona-D3VL9Rg1.js} +2 -2
- package/dist/web/public/assets/{persona-CWug2GLR.js.map → persona-D3VL9Rg1.js.map} +1 -1
- package/dist/web/public/assets/{plans-CZoEs5SY.js → plans-BBB5e9my.js} +2 -2
- package/dist/web/public/assets/{plans-CZoEs5SY.js.map → plans-BBB5e9my.js.map} +1 -1
- package/dist/web/public/assets/{play-CfSn5Vdl.js → play-7-Wd369f.js} +2 -2
- package/dist/web/public/assets/{play-CfSn5Vdl.js.map → play-7-Wd369f.js.map} +1 -1
- package/dist/web/public/assets/{plus-Z8l4CiqJ.js → plus-B0sfZy-j.js} +2 -2
- package/dist/web/public/assets/{plus-Z8l4CiqJ.js.map → plus-B0sfZy-j.js.map} +1 -1
- package/dist/web/public/assets/{policy-CutDSEPW.js → policy-BM1WRXH0.js} +2 -2
- package/dist/web/public/assets/{policy-CutDSEPW.js.map → policy-BM1WRXH0.js.map} +1 -1
- package/dist/web/public/assets/{qr-code-DgU5aiM6.js → qr-code-DcKs5fi3.js} +2 -2
- package/dist/web/public/assets/{qr-code-DgU5aiM6.js.map → qr-code-DcKs5fi3.js.map} +1 -1
- package/dist/web/public/assets/{react-Cb2sDjhD.js → react-DlP5eolq.js} +2 -2
- package/dist/web/public/assets/{react-Cb2sDjhD.js.map → react-DlP5eolq.js.map} +1 -1
- package/dist/web/public/assets/{refresh-ccw-D2CWiyU_.js → refresh-ccw-uNKeBeRl.js} +2 -2
- package/dist/web/public/assets/{refresh-ccw-D2CWiyU_.js.map → refresh-ccw-uNKeBeRl.js.map} +1 -1
- package/dist/web/public/assets/{reminders-Cb6Izedg.js → reminders-DHM8K0_O.js} +2 -2
- package/dist/web/public/assets/{reminders-Cb6Izedg.js.map → reminders-DHM8K0_O.js.map} +1 -1
- package/dist/web/public/assets/{save-DB0BDYTs.js → save-qwJa5_SA.js} +2 -2
- package/dist/web/public/assets/{save-DB0BDYTs.js.map → save-qwJa5_SA.js.map} +1 -1
- package/dist/web/public/assets/{schedules-8mSjE14D.js → schedules-Bcd0wbT4.js} +2 -2
- package/dist/web/public/assets/{schedules-8mSjE14D.js.map → schedules-Bcd0wbT4.js.map} +1 -1
- package/dist/web/public/assets/{search-Con69NhG.js → search-BUlzNWrj.js} +2 -2
- package/dist/web/public/assets/{search-Con69NhG.js.map → search-BUlzNWrj.js.map} +1 -1
- package/dist/web/public/assets/{search-B4fHilZ0.js → search-i1tP2maJ.js} +2 -2
- package/dist/web/public/assets/{search-B4fHilZ0.js.map → search-i1tP2maJ.js.map} +1 -1
- package/dist/web/public/assets/{security-BTe3zUg8.js → security-DgJyTT4g.js} +2 -2
- package/dist/web/public/assets/{security-BTe3zUg8.js.map → security-DgJyTT4g.js.map} +1 -1
- package/dist/web/public/assets/{service-C7SqcwfL.js → service-A0Hzear0.js} +2 -2
- package/dist/web/public/assets/{service-C7SqcwfL.js.map → service-A0Hzear0.js.map} +1 -1
- package/dist/web/public/assets/{shield-alert-CKFVsGgI.js → shield-alert-DrnN6fz_.js} +2 -2
- package/dist/web/public/assets/{shield-alert-CKFVsGgI.js.map → shield-alert-DrnN6fz_.js.map} +1 -1
- package/dist/web/public/assets/{status-badge-BSkpyN4D.js → status-badge-Ryzf96Pl.js} +2 -2
- package/dist/web/public/assets/{status-badge-BSkpyN4D.js.map → status-badge-Ryzf96Pl.js.map} +1 -1
- package/dist/web/public/assets/{subtasks-Bel-I1Sk.js → subtasks-Bzh3o3EF.js} +2 -2
- package/dist/web/public/assets/{subtasks-Bel-I1Sk.js.map → subtasks-Bzh3o3EF.js.map} +1 -1
- package/dist/web/public/assets/{table-CPn1MRcy.js → table-BbAOSyc8.js} +2 -2
- package/dist/web/public/assets/{table-CPn1MRcy.js.map → table-BbAOSyc8.js.map} +1 -1
- package/dist/web/public/assets/{topn-Ba3RjcK1.js → topn-DkhYw-Gp.js} +2 -2
- package/dist/web/public/assets/{topn-Ba3RjcK1.js.map → topn-DkhYw-Gp.js.map} +1 -1
- package/dist/web/public/assets/{trash-2-Dfov8aHD.js → trash-2-CA0cLpnU.js} +2 -2
- package/dist/web/public/assets/{trash-2-Dfov8aHD.js.map → trash-2-CA0cLpnU.js.map} +1 -1
- package/dist/web/public/assets/{use-background-tasks-BQrEeUwY.js → use-background-tasks-B64YjlA8.js} +2 -2
- package/dist/web/public/assets/{use-background-tasks-BQrEeUwY.js.map → use-background-tasks-B64YjlA8.js.map} +1 -1
- package/dist/web/public/assets/{use-event-stream-DgGpGKop.js → use-event-stream-I1lMFEfh.js} +2 -2
- package/dist/web/public/assets/{use-event-stream-DgGpGKop.js.map → use-event-stream-I1lMFEfh.js.map} +1 -1
- package/dist/web/public/assets/{use-llm-admin-DYekqogG.js → use-llm-admin-DY2axI4D.js} +2 -2
- package/dist/web/public/assets/{use-llm-admin-DYekqogG.js.map → use-llm-admin-DY2axI4D.js.map} +1 -1
- package/dist/web/public/assets/{use-memory-DbJ4pP2Z.js → use-memory-BYEjVWbU.js} +2 -2
- package/dist/web/public/assets/{use-memory-DbJ4pP2Z.js.map → use-memory-BYEjVWbU.js.map} +1 -1
- package/dist/web/public/assets/{use-observability-C2M6WZ9W.js → use-observability-Coj02yDo.js} +2 -2
- package/dist/web/public/assets/{use-observability-C2M6WZ9W.js.map → use-observability-Coj02yDo.js.map} +1 -1
- package/dist/web/public/assets/{use-settings-DMdaoWsB.js → use-settings-i1MhlkyC.js} +2 -2
- package/dist/web/public/assets/{use-settings-DMdaoWsB.js.map → use-settings-i1MhlkyC.js.map} +1 -1
- package/dist/web/public/assets/{use-workspace-BHG7h3jQ.js → use-workspace-DgEM35PY.js} +2 -2
- package/dist/web/public/assets/{use-workspace-BHG7h3jQ.js.map → use-workspace-DgEM35PY.js.map} +1 -1
- package/dist/web/public/assets/{useQuery-PdiC7-sY.js → useQuery-CY2iazjN.js} +2 -2
- package/dist/web/public/assets/{useQuery-PdiC7-sY.js.map → useQuery-CY2iazjN.js.map} +1 -1
- package/dist/web/public/assets/{vector-DnZM3OXU.js → vector-Ic76u2hY.js} +2 -2
- package/dist/web/public/assets/{vector-DnZM3OXU.js.map → vector-Ic76u2hY.js.map} +1 -1
- package/dist/web/public/assets/{viewer-Dz6k0YKp.js → viewer-BXbUN1Rl.js} +2 -2
- package/dist/web/public/assets/{viewer-Dz6k0YKp.js.map → viewer-BXbUN1Rl.js.map} +1 -1
- package/dist/web/public/assets/{workspace-BnXrWS3j.js → workspace-CUg0JPn6.js} +3 -3
- package/dist/web/public/assets/{workspace-BnXrWS3j.js.map → workspace-CUg0JPn6.js.map} +1 -1
- package/dist/web/public/assets/{workspaces-CSS_UBEi.js → workspaces-C-wb5FQj.js} +2 -2
- package/dist/web/public/assets/{workspaces-CSS_UBEi.js.map → workspaces-C-wb5FQj.js.map} +1 -1
- package/dist/web/public/assets/{x-DG-JKVw_.js → x-D1iSuoqg.js} +2 -2
- package/dist/web/public/assets/{x-DG-JKVw_.js.map → x-D1iSuoqg.js.map} +1 -1
- package/dist/web/public/index.html +2 -2
- package/dist/web/server.d.ts.map +1 -1
- package/dist/web/server.js +6 -0
- package/dist/web/server.js.map +1 -1
- package/package.json +1 -1
- package/dist/web/public/assets/dialog-bAIDaO-6.js +0 -6
- package/dist/web/public/assets/dialog-bAIDaO-6.js.map +0 -1
- package/dist/web/public/assets/index-O0BQoyzo.js +0 -199
- package/dist/web/public/assets/index-O0BQoyzo.js.map +0 -1
- package/dist/web/public/assets/llm-CPIRNQU2.js +0 -7
- package/dist/web/public/assets/llm-CPIRNQU2.js.map +0 -1
- package/dist/web/public/assets/memos-CfneX9DH.js +0 -12
- package/dist/web/public/assets/memos-CfneX9DH.js.map +0 -1
|
@@ -0,0 +1,593 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: django-security
|
|
3
|
+
description: [ECC] Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Django Security Best Practices
|
|
8
|
+
|
|
9
|
+
Comprehensive security guidelines for Django applications to protect against common vulnerabilities.
|
|
10
|
+
|
|
11
|
+
## When to Activate
|
|
12
|
+
|
|
13
|
+
- Setting up Django authentication and authorization
|
|
14
|
+
- Implementing user permissions and roles
|
|
15
|
+
- Configuring production security settings
|
|
16
|
+
- Reviewing Django application for security issues
|
|
17
|
+
- Deploying Django applications to production
|
|
18
|
+
|
|
19
|
+
## Core Security Settings
|
|
20
|
+
|
|
21
|
+
### Production Settings Configuration
|
|
22
|
+
|
|
23
|
+
```python
|
|
24
|
+
# settings/production.py
|
|
25
|
+
import os
|
|
26
|
+
|
|
27
|
+
DEBUG = False # CRITICAL: Never use True in production
|
|
28
|
+
|
|
29
|
+
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')
|
|
30
|
+
|
|
31
|
+
# Security headers
|
|
32
|
+
SECURE_SSL_REDIRECT = True
|
|
33
|
+
SESSION_COOKIE_SECURE = True
|
|
34
|
+
CSRF_COOKIE_SECURE = True
|
|
35
|
+
SECURE_HSTS_SECONDS = 31536000 # 1 year
|
|
36
|
+
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
|
37
|
+
SECURE_HSTS_PRELOAD = True
|
|
38
|
+
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
39
|
+
SECURE_BROWSER_XSS_FILTER = True
|
|
40
|
+
X_FRAME_OPTIONS = 'DENY'
|
|
41
|
+
|
|
42
|
+
# HTTPS and Cookies
|
|
43
|
+
SESSION_COOKIE_HTTPONLY = True
|
|
44
|
+
CSRF_COOKIE_HTTPONLY = True
|
|
45
|
+
SESSION_COOKIE_SAMESITE = 'Lax'
|
|
46
|
+
CSRF_COOKIE_SAMESITE = 'Lax'
|
|
47
|
+
|
|
48
|
+
# Secret key (must be set via environment variable)
|
|
49
|
+
SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
|
|
50
|
+
if not SECRET_KEY:
|
|
51
|
+
raise ImproperlyConfigured('DJANGO_SECRET_KEY environment variable is required')
|
|
52
|
+
|
|
53
|
+
# Password validation
|
|
54
|
+
AUTH_PASSWORD_VALIDATORS = [
|
|
55
|
+
{
|
|
56
|
+
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
|
60
|
+
'OPTIONS': {
|
|
61
|
+
'min_length': 12,
|
|
62
|
+
}
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
|
69
|
+
},
|
|
70
|
+
]
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
## Authentication
|
|
74
|
+
|
|
75
|
+
### Custom User Model
|
|
76
|
+
|
|
77
|
+
```python
|
|
78
|
+
# apps/users/models.py
|
|
79
|
+
from django.contrib.auth.models import AbstractUser
|
|
80
|
+
from django.db import models
|
|
81
|
+
|
|
82
|
+
class User(AbstractUser):
|
|
83
|
+
"""Custom user model for better security."""
|
|
84
|
+
|
|
85
|
+
email = models.EmailField(unique=True)
|
|
86
|
+
phone = models.CharField(max_length=20, blank=True)
|
|
87
|
+
|
|
88
|
+
USERNAME_FIELD = 'email' # Use email as username
|
|
89
|
+
REQUIRED_FIELDS = ['username']
|
|
90
|
+
|
|
91
|
+
class Meta:
|
|
92
|
+
db_table = 'users'
|
|
93
|
+
verbose_name = 'User'
|
|
94
|
+
verbose_name_plural = 'Users'
|
|
95
|
+
|
|
96
|
+
def __str__(self):
|
|
97
|
+
return self.email
|
|
98
|
+
|
|
99
|
+
# settings/base.py
|
|
100
|
+
AUTH_USER_MODEL = 'users.User'
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
### Password Hashing
|
|
104
|
+
|
|
105
|
+
```python
|
|
106
|
+
# Django uses PBKDF2 by default. For stronger security:
|
|
107
|
+
PASSWORD_HASHERS = [
|
|
108
|
+
'django.contrib.auth.hashers.Argon2PasswordHasher',
|
|
109
|
+
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
|
|
110
|
+
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
|
|
111
|
+
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
|
|
112
|
+
]
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
### Session Management
|
|
116
|
+
|
|
117
|
+
```python
|
|
118
|
+
# Session configuration
|
|
119
|
+
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' # Or 'db'
|
|
120
|
+
SESSION_CACHE_ALIAS = 'default'
|
|
121
|
+
SESSION_COOKIE_AGE = 3600 * 24 * 7 # 1 week
|
|
122
|
+
SESSION_SAVE_EVERY_REQUEST = False
|
|
123
|
+
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Better UX, but less secure
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
## Authorization
|
|
127
|
+
|
|
128
|
+
### Permissions
|
|
129
|
+
|
|
130
|
+
```python
|
|
131
|
+
# models.py
|
|
132
|
+
from django.db import models
|
|
133
|
+
from django.contrib.auth.models import Permission
|
|
134
|
+
|
|
135
|
+
class Post(models.Model):
|
|
136
|
+
title = models.CharField(max_length=200)
|
|
137
|
+
content = models.TextField()
|
|
138
|
+
author = models.ForeignKey(User, on_delete=models.CASCADE)
|
|
139
|
+
|
|
140
|
+
class Meta:
|
|
141
|
+
permissions = [
|
|
142
|
+
('can_publish', 'Can publish posts'),
|
|
143
|
+
('can_edit_others', 'Can edit posts of others'),
|
|
144
|
+
]
|
|
145
|
+
|
|
146
|
+
def user_can_edit(self, user):
|
|
147
|
+
"""Check if user can edit this post."""
|
|
148
|
+
return self.author == user or user.has_perm('app.can_edit_others')
|
|
149
|
+
|
|
150
|
+
# views.py
|
|
151
|
+
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
|
|
152
|
+
from django.views.generic import UpdateView
|
|
153
|
+
|
|
154
|
+
class PostUpdateView(LoginRequiredMixin, PermissionRequiredMixin, UpdateView):
|
|
155
|
+
model = Post
|
|
156
|
+
permission_required = 'app.can_edit_others'
|
|
157
|
+
raise_exception = True # Return 403 instead of redirect
|
|
158
|
+
|
|
159
|
+
def get_queryset(self):
|
|
160
|
+
"""Only allow users to edit their own posts."""
|
|
161
|
+
return Post.objects.filter(author=self.request.user)
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
### Custom Permissions
|
|
165
|
+
|
|
166
|
+
```python
|
|
167
|
+
# permissions.py
|
|
168
|
+
from rest_framework import permissions
|
|
169
|
+
|
|
170
|
+
class IsOwnerOrReadOnly(permissions.BasePermission):
|
|
171
|
+
"""Allow only owners to edit objects."""
|
|
172
|
+
|
|
173
|
+
def has_object_permission(self, request, view, obj):
|
|
174
|
+
# Read permissions allowed for any request
|
|
175
|
+
if request.method in permissions.SAFE_METHODS:
|
|
176
|
+
return True
|
|
177
|
+
|
|
178
|
+
# Write permissions only for owner
|
|
179
|
+
return obj.author == request.user
|
|
180
|
+
|
|
181
|
+
class IsAdminOrReadOnly(permissions.BasePermission):
|
|
182
|
+
"""Allow admins to do anything, others read-only."""
|
|
183
|
+
|
|
184
|
+
def has_permission(self, request, view):
|
|
185
|
+
if request.method in permissions.SAFE_METHODS:
|
|
186
|
+
return True
|
|
187
|
+
return request.user and request.user.is_staff
|
|
188
|
+
|
|
189
|
+
class IsVerifiedUser(permissions.BasePermission):
|
|
190
|
+
"""Allow only verified users."""
|
|
191
|
+
|
|
192
|
+
def has_permission(self, request, view):
|
|
193
|
+
return request.user and request.user.is_authenticated and request.user.is_verified
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
### Role-Based Access Control (RBAC)
|
|
197
|
+
|
|
198
|
+
```python
|
|
199
|
+
# models.py
|
|
200
|
+
from django.contrib.auth.models import AbstractUser, Group
|
|
201
|
+
|
|
202
|
+
class User(AbstractUser):
|
|
203
|
+
ROLE_CHOICES = [
|
|
204
|
+
('admin', 'Administrator'),
|
|
205
|
+
('moderator', 'Moderator'),
|
|
206
|
+
('user', 'Regular User'),
|
|
207
|
+
]
|
|
208
|
+
role = models.CharField(max_length=20, choices=ROLE_CHOICES, default='user')
|
|
209
|
+
|
|
210
|
+
def is_admin(self):
|
|
211
|
+
return self.role == 'admin' or self.is_superuser
|
|
212
|
+
|
|
213
|
+
def is_moderator(self):
|
|
214
|
+
return self.role in ['admin', 'moderator']
|
|
215
|
+
|
|
216
|
+
# Mixins
|
|
217
|
+
class AdminRequiredMixin:
|
|
218
|
+
"""Mixin to require admin role."""
|
|
219
|
+
|
|
220
|
+
def dispatch(self, request, *args, **kwargs):
|
|
221
|
+
if not request.user.is_authenticated or not request.user.is_admin():
|
|
222
|
+
from django.core.exceptions import PermissionDenied
|
|
223
|
+
raise PermissionDenied
|
|
224
|
+
return super().dispatch(request, *args, **kwargs)
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
## SQL Injection Prevention
|
|
228
|
+
|
|
229
|
+
### Django ORM Protection
|
|
230
|
+
|
|
231
|
+
```python
|
|
232
|
+
# GOOD: Django ORM automatically escapes parameters
|
|
233
|
+
def get_user(username):
|
|
234
|
+
return User.objects.get(username=username) # Safe
|
|
235
|
+
|
|
236
|
+
# GOOD: Using parameters with raw()
|
|
237
|
+
def search_users(query):
|
|
238
|
+
return User.objects.raw('SELECT * FROM users WHERE username = %s', [query])
|
|
239
|
+
|
|
240
|
+
# BAD: Never directly interpolate user input
|
|
241
|
+
def get_user_bad(username):
|
|
242
|
+
return User.objects.raw(f'SELECT * FROM users WHERE username = {username}') # VULNERABLE!
|
|
243
|
+
|
|
244
|
+
# GOOD: Using filter with proper escaping
|
|
245
|
+
def get_users_by_email(email):
|
|
246
|
+
return User.objects.filter(email__iexact=email) # Safe
|
|
247
|
+
|
|
248
|
+
# GOOD: Using Q objects for complex queries
|
|
249
|
+
from django.db.models import Q
|
|
250
|
+
def search_users_complex(query):
|
|
251
|
+
return User.objects.filter(
|
|
252
|
+
Q(username__icontains=query) |
|
|
253
|
+
Q(email__icontains=query)
|
|
254
|
+
) # Safe
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
### Extra Security with raw()
|
|
258
|
+
|
|
259
|
+
```python
|
|
260
|
+
# If you must use raw SQL, always use parameters
|
|
261
|
+
User.objects.raw(
|
|
262
|
+
'SELECT * FROM users WHERE email = %s AND status = %s',
|
|
263
|
+
[user_input_email, status]
|
|
264
|
+
)
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
## XSS Prevention
|
|
268
|
+
|
|
269
|
+
### Template Escaping
|
|
270
|
+
|
|
271
|
+
```django
|
|
272
|
+
{# Django auto-escapes variables by default - SAFE #}
|
|
273
|
+
{{ user_input }} {# Escaped HTML #}
|
|
274
|
+
|
|
275
|
+
{# Explicitly mark safe only for trusted content #}
|
|
276
|
+
{{ trusted_html|safe }} {# Not escaped #}
|
|
277
|
+
|
|
278
|
+
{# Use template filters for safe HTML #}
|
|
279
|
+
{{ user_input|escape }} {# Same as default #}
|
|
280
|
+
{{ user_input|striptags }} {# Remove all HTML tags #}
|
|
281
|
+
|
|
282
|
+
{# JavaScript escaping #}
|
|
283
|
+
<script>
|
|
284
|
+
var username = {{ username|escapejs }};
|
|
285
|
+
</script>
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
### Safe String Handling
|
|
289
|
+
|
|
290
|
+
```python
|
|
291
|
+
from django.utils.safestring import mark_safe
|
|
292
|
+
from django.utils.html import escape
|
|
293
|
+
|
|
294
|
+
# BAD: Never mark user input as safe without escaping
|
|
295
|
+
def render_bad(user_input):
|
|
296
|
+
return mark_safe(user_input) # VULNERABLE!
|
|
297
|
+
|
|
298
|
+
# GOOD: Escape first, then mark safe
|
|
299
|
+
def render_good(user_input):
|
|
300
|
+
return mark_safe(escape(user_input))
|
|
301
|
+
|
|
302
|
+
# GOOD: Use format_html for HTML with variables
|
|
303
|
+
from django.utils.html import format_html
|
|
304
|
+
|
|
305
|
+
def greet_user(username):
|
|
306
|
+
return format_html('<span class="user">{}</span>', escape(username))
|
|
307
|
+
```
|
|
308
|
+
|
|
309
|
+
### HTTP Headers
|
|
310
|
+
|
|
311
|
+
```python
|
|
312
|
+
# settings.py
|
|
313
|
+
SECURE_CONTENT_TYPE_NOSNIFF = True # Prevent MIME sniffing
|
|
314
|
+
SECURE_BROWSER_XSS_FILTER = True # Enable XSS filter
|
|
315
|
+
X_FRAME_OPTIONS = 'DENY' # Prevent clickjacking
|
|
316
|
+
|
|
317
|
+
# Custom middleware
|
|
318
|
+
from django.conf import settings
|
|
319
|
+
|
|
320
|
+
class SecurityHeaderMiddleware:
|
|
321
|
+
def __init__(self, get_response):
|
|
322
|
+
self.get_response = get_response
|
|
323
|
+
|
|
324
|
+
def __call__(self, request):
|
|
325
|
+
response = self.get_response(request)
|
|
326
|
+
response['X-Content-Type-Options'] = 'nosniff'
|
|
327
|
+
response['X-Frame-Options'] = 'DENY'
|
|
328
|
+
response['X-XSS-Protection'] = '1; mode=block'
|
|
329
|
+
response['Content-Security-Policy'] = "default-src 'self'"
|
|
330
|
+
return response
|
|
331
|
+
```
|
|
332
|
+
|
|
333
|
+
## CSRF Protection
|
|
334
|
+
|
|
335
|
+
### Default CSRF Protection
|
|
336
|
+
|
|
337
|
+
```python
|
|
338
|
+
# settings.py - CSRF is enabled by default
|
|
339
|
+
CSRF_COOKIE_SECURE = True # Only send over HTTPS
|
|
340
|
+
CSRF_COOKIE_HTTPONLY = True # Prevent JavaScript access
|
|
341
|
+
CSRF_COOKIE_SAMESITE = 'Lax' # Prevent CSRF in some cases
|
|
342
|
+
CSRF_TRUSTED_ORIGINS = ['https://example.com'] # Trusted domains
|
|
343
|
+
|
|
344
|
+
# Template usage
|
|
345
|
+
<form method="post">
|
|
346
|
+
{% csrf_token %}
|
|
347
|
+
{{ form.as_p }}
|
|
348
|
+
<button type="submit">Submit</button>
|
|
349
|
+
</form>
|
|
350
|
+
|
|
351
|
+
# AJAX requests
|
|
352
|
+
function getCookie(name) {
|
|
353
|
+
let cookieValue = null;
|
|
354
|
+
if (document.cookie && document.cookie !== '') {
|
|
355
|
+
const cookies = document.cookie.split(';');
|
|
356
|
+
for (let i = 0; i < cookies.length; i++) {
|
|
357
|
+
const cookie = cookies[i].trim();
|
|
358
|
+
if (cookie.substring(0, name.length + 1) === (name + '=')) {
|
|
359
|
+
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
|
|
360
|
+
break;
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
return cookieValue;
|
|
365
|
+
}
|
|
366
|
+
|
|
367
|
+
fetch('/api/endpoint/', {
|
|
368
|
+
method: 'POST',
|
|
369
|
+
headers: {
|
|
370
|
+
'X-CSRFToken': getCookie('csrftoken'),
|
|
371
|
+
'Content-Type': 'application/json',
|
|
372
|
+
},
|
|
373
|
+
body: JSON.stringify(data)
|
|
374
|
+
});
|
|
375
|
+
```
|
|
376
|
+
|
|
377
|
+
### Exempting Views (Use Carefully)
|
|
378
|
+
|
|
379
|
+
```python
|
|
380
|
+
from django.views.decorators.csrf import csrf_exempt
|
|
381
|
+
|
|
382
|
+
@csrf_exempt # Only use when absolutely necessary!
|
|
383
|
+
def webhook_view(request):
|
|
384
|
+
# Webhook from external service
|
|
385
|
+
pass
|
|
386
|
+
```
|
|
387
|
+
|
|
388
|
+
## File Upload Security
|
|
389
|
+
|
|
390
|
+
### File Validation
|
|
391
|
+
|
|
392
|
+
```python
|
|
393
|
+
import os
|
|
394
|
+
from django.core.exceptions import ValidationError
|
|
395
|
+
|
|
396
|
+
def validate_file_extension(value):
|
|
397
|
+
"""Validate file extension."""
|
|
398
|
+
ext = os.path.splitext(value.name)[1]
|
|
399
|
+
valid_extensions = ['.jpg', '.jpeg', '.png', '.gif', '.pdf']
|
|
400
|
+
if not ext.lower() in valid_extensions:
|
|
401
|
+
raise ValidationError('Unsupported file extension.')
|
|
402
|
+
|
|
403
|
+
def validate_file_size(value):
|
|
404
|
+
"""Validate file size (max 5MB)."""
|
|
405
|
+
filesize = value.size
|
|
406
|
+
if filesize > 5 * 1024 * 1024:
|
|
407
|
+
raise ValidationError('File too large. Max size is 5MB.')
|
|
408
|
+
|
|
409
|
+
# models.py
|
|
410
|
+
class Document(models.Model):
|
|
411
|
+
file = models.FileField(
|
|
412
|
+
upload_to='documents/',
|
|
413
|
+
validators=[validate_file_extension, validate_file_size]
|
|
414
|
+
)
|
|
415
|
+
```
|
|
416
|
+
|
|
417
|
+
### Secure File Storage
|
|
418
|
+
|
|
419
|
+
```python
|
|
420
|
+
# settings.py
|
|
421
|
+
MEDIA_ROOT = '/var/www/media/'
|
|
422
|
+
MEDIA_URL = '/media/'
|
|
423
|
+
|
|
424
|
+
# Use a separate domain for media in production
|
|
425
|
+
MEDIA_DOMAIN = 'https://media.example.com'
|
|
426
|
+
|
|
427
|
+
# Don't serve user uploads directly
|
|
428
|
+
# Use whitenoise or a CDN for static files
|
|
429
|
+
# Use a separate server or S3 for media files
|
|
430
|
+
```
|
|
431
|
+
|
|
432
|
+
## API Security
|
|
433
|
+
|
|
434
|
+
### Rate Limiting
|
|
435
|
+
|
|
436
|
+
```python
|
|
437
|
+
# settings.py
|
|
438
|
+
REST_FRAMEWORK = {
|
|
439
|
+
'DEFAULT_THROTTLE_CLASSES': [
|
|
440
|
+
'rest_framework.throttling.AnonRateThrottle',
|
|
441
|
+
'rest_framework.throttling.UserRateThrottle'
|
|
442
|
+
],
|
|
443
|
+
'DEFAULT_THROTTLE_RATES': {
|
|
444
|
+
'anon': '100/day',
|
|
445
|
+
'user': '1000/day',
|
|
446
|
+
'upload': '10/hour',
|
|
447
|
+
}
|
|
448
|
+
}
|
|
449
|
+
|
|
450
|
+
# Custom throttle
|
|
451
|
+
from rest_framework.throttling import UserRateThrottle
|
|
452
|
+
|
|
453
|
+
class BurstRateThrottle(UserRateThrottle):
|
|
454
|
+
scope = 'burst'
|
|
455
|
+
rate = '60/min'
|
|
456
|
+
|
|
457
|
+
class SustainedRateThrottle(UserRateThrottle):
|
|
458
|
+
scope = 'sustained'
|
|
459
|
+
rate = '1000/day'
|
|
460
|
+
```
|
|
461
|
+
|
|
462
|
+
### Authentication for APIs
|
|
463
|
+
|
|
464
|
+
```python
|
|
465
|
+
# settings.py
|
|
466
|
+
REST_FRAMEWORK = {
|
|
467
|
+
'DEFAULT_AUTHENTICATION_CLASSES': [
|
|
468
|
+
'rest_framework.authentication.TokenAuthentication',
|
|
469
|
+
'rest_framework.authentication.SessionAuthentication',
|
|
470
|
+
'rest_framework_simplejwt.authentication.JWTAuthentication',
|
|
471
|
+
],
|
|
472
|
+
'DEFAULT_PERMISSION_CLASSES': [
|
|
473
|
+
'rest_framework.permissions.IsAuthenticated',
|
|
474
|
+
],
|
|
475
|
+
}
|
|
476
|
+
|
|
477
|
+
# views.py
|
|
478
|
+
from rest_framework.decorators import api_view, permission_classes
|
|
479
|
+
from rest_framework.permissions import IsAuthenticated
|
|
480
|
+
|
|
481
|
+
@api_view(['GET', 'POST'])
|
|
482
|
+
@permission_classes([IsAuthenticated])
|
|
483
|
+
def protected_view(request):
|
|
484
|
+
return Response({'message': 'You are authenticated'})
|
|
485
|
+
```
|
|
486
|
+
|
|
487
|
+
## Security Headers
|
|
488
|
+
|
|
489
|
+
### Content Security Policy
|
|
490
|
+
|
|
491
|
+
```python
|
|
492
|
+
# settings.py
|
|
493
|
+
CSP_DEFAULT_SRC = "'self'"
|
|
494
|
+
CSP_SCRIPT_SRC = "'self' https://cdn.example.com"
|
|
495
|
+
CSP_STYLE_SRC = "'self' 'unsafe-inline'"
|
|
496
|
+
CSP_IMG_SRC = "'self' data: https:"
|
|
497
|
+
CSP_CONNECT_SRC = "'self' https://api.example.com"
|
|
498
|
+
|
|
499
|
+
# Middleware
|
|
500
|
+
class CSPMiddleware:
|
|
501
|
+
def __init__(self, get_response):
|
|
502
|
+
self.get_response = get_response
|
|
503
|
+
|
|
504
|
+
def __call__(self, request):
|
|
505
|
+
response = self.get_response(request)
|
|
506
|
+
response['Content-Security-Policy'] = (
|
|
507
|
+
f"default-src {CSP_DEFAULT_SRC}; "
|
|
508
|
+
f"script-src {CSP_SCRIPT_SRC}; "
|
|
509
|
+
f"style-src {CSP_STYLE_SRC}; "
|
|
510
|
+
f"img-src {CSP_IMG_SRC}; "
|
|
511
|
+
f"connect-src {CSP_CONNECT_SRC}"
|
|
512
|
+
)
|
|
513
|
+
return response
|
|
514
|
+
```
|
|
515
|
+
|
|
516
|
+
## Environment Variables
|
|
517
|
+
|
|
518
|
+
### Managing Secrets
|
|
519
|
+
|
|
520
|
+
```python
|
|
521
|
+
# Use python-decouple or django-environ
|
|
522
|
+
import environ
|
|
523
|
+
|
|
524
|
+
env = environ.Env(
|
|
525
|
+
# set casting, default value
|
|
526
|
+
DEBUG=(bool, False)
|
|
527
|
+
)
|
|
528
|
+
|
|
529
|
+
# reading .env file
|
|
530
|
+
environ.Env.read_env()
|
|
531
|
+
|
|
532
|
+
SECRET_KEY = env('DJANGO_SECRET_KEY')
|
|
533
|
+
DATABASE_URL = env('DATABASE_URL')
|
|
534
|
+
ALLOWED_HOSTS = env.list('ALLOWED_HOSTS')
|
|
535
|
+
|
|
536
|
+
# .env file (never commit this)
|
|
537
|
+
DEBUG=False
|
|
538
|
+
SECRET_KEY=your-secret-key-here
|
|
539
|
+
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
|
|
540
|
+
ALLOWED_HOSTS=example.com,www.example.com
|
|
541
|
+
```
|
|
542
|
+
|
|
543
|
+
## Logging Security Events
|
|
544
|
+
|
|
545
|
+
```python
|
|
546
|
+
# settings.py
|
|
547
|
+
LOGGING = {
|
|
548
|
+
'version': 1,
|
|
549
|
+
'disable_existing_loggers': False,
|
|
550
|
+
'handlers': {
|
|
551
|
+
'file': {
|
|
552
|
+
'level': 'WARNING',
|
|
553
|
+
'class': 'logging.FileHandler',
|
|
554
|
+
'filename': '/var/log/django/security.log',
|
|
555
|
+
},
|
|
556
|
+
'console': {
|
|
557
|
+
'level': 'INFO',
|
|
558
|
+
'class': 'logging.StreamHandler',
|
|
559
|
+
},
|
|
560
|
+
},
|
|
561
|
+
'loggers': {
|
|
562
|
+
'django.security': {
|
|
563
|
+
'handlers': ['file', 'console'],
|
|
564
|
+
'level': 'WARNING',
|
|
565
|
+
'propagate': True,
|
|
566
|
+
},
|
|
567
|
+
'django.request': {
|
|
568
|
+
'handlers': ['file'],
|
|
569
|
+
'level': 'ERROR',
|
|
570
|
+
'propagate': False,
|
|
571
|
+
},
|
|
572
|
+
},
|
|
573
|
+
}
|
|
574
|
+
```
|
|
575
|
+
|
|
576
|
+
## Quick Security Checklist
|
|
577
|
+
|
|
578
|
+
| Check | Description |
|
|
579
|
+
|-------|-------------|
|
|
580
|
+
| `DEBUG = False` | Never run with DEBUG in production |
|
|
581
|
+
| HTTPS only | Force SSL, secure cookies |
|
|
582
|
+
| Strong secrets | Use environment variables for SECRET_KEY |
|
|
583
|
+
| Password validation | Enable all password validators |
|
|
584
|
+
| CSRF protection | Enabled by default, don't disable |
|
|
585
|
+
| XSS prevention | Django auto-escapes, don't use `|safe` with user input |
|
|
586
|
+
| SQL injection | Use ORM, never concatenate strings in queries |
|
|
587
|
+
| File uploads | Validate file type and size |
|
|
588
|
+
| Rate limiting | Throttle API endpoints |
|
|
589
|
+
| Security headers | CSP, X-Frame-Options, HSTS |
|
|
590
|
+
| Logging | Log security events |
|
|
591
|
+
| Updates | Keep Django and dependencies updated |
|
|
592
|
+
|
|
593
|
+
Remember: Security is a process, not a product. Regularly review and update your security practices.
|