agim-cli 1.2.147 → 1.2.149
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +158 -0
- package/dist/core/skills/builtin/ECC_LICENSE +21 -0
- package/dist/core/skills/builtin/ECC_NOTICE.md +28 -0
- package/dist/core/skills/builtin/accessibility/SKILL.md +146 -0
- package/dist/core/skills/builtin/agent-eval/SKILL.md +145 -0
- package/dist/core/skills/builtin/agent-harness-construction/SKILL.md +73 -0
- package/dist/core/skills/builtin/agent-introspection-debugging/SKILL.md +153 -0
- package/dist/core/skills/builtin/agentic-engineering/SKILL.md +63 -0
- package/dist/core/skills/builtin/ai-first-engineering/SKILL.md +51 -0
- package/dist/core/skills/builtin/ai-regression-testing/SKILL.md +385 -0
- package/dist/core/skills/builtin/android-clean-architecture/SKILL.md +339 -0
- package/dist/core/skills/builtin/angular-developer/SKILL.md +154 -0
- package/dist/core/skills/builtin/angular-developer/references/angular-animations.md +160 -0
- package/dist/core/skills/builtin/angular-developer/references/angular-aria.md +410 -0
- package/dist/core/skills/builtin/angular-developer/references/cli.md +86 -0
- package/dist/core/skills/builtin/angular-developer/references/component-harnesses.md +59 -0
- package/dist/core/skills/builtin/angular-developer/references/component-styling.md +91 -0
- package/dist/core/skills/builtin/angular-developer/references/components.md +117 -0
- package/dist/core/skills/builtin/angular-developer/references/creating-services.md +97 -0
- package/dist/core/skills/builtin/angular-developer/references/data-resolvers.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/define-routes.md +67 -0
- package/dist/core/skills/builtin/angular-developer/references/defining-providers.md +72 -0
- package/dist/core/skills/builtin/angular-developer/references/di-fundamentals.md +120 -0
- package/dist/core/skills/builtin/angular-developer/references/e2e-testing.md +56 -0
- package/dist/core/skills/builtin/angular-developer/references/effects.md +83 -0
- package/dist/core/skills/builtin/angular-developer/references/hierarchical-injectors.md +43 -0
- package/dist/core/skills/builtin/angular-developer/references/host-elements.md +80 -0
- package/dist/core/skills/builtin/angular-developer/references/injection-context.md +63 -0
- package/dist/core/skills/builtin/angular-developer/references/inputs.md +101 -0
- package/dist/core/skills/builtin/angular-developer/references/linked-signal.md +59 -0
- package/dist/core/skills/builtin/angular-developer/references/loading-strategies.md +61 -0
- package/dist/core/skills/builtin/angular-developer/references/mcp.md +108 -0
- package/dist/core/skills/builtin/angular-developer/references/navigate-to-routes.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/outputs.md +86 -0
- package/dist/core/skills/builtin/angular-developer/references/reactive-forms.md +122 -0
- package/dist/core/skills/builtin/angular-developer/references/rendering-strategies.md +44 -0
- package/dist/core/skills/builtin/angular-developer/references/resource.md +77 -0
- package/dist/core/skills/builtin/angular-developer/references/route-animations.md +56 -0
- package/dist/core/skills/builtin/angular-developer/references/route-guards.md +52 -0
- package/dist/core/skills/builtin/angular-developer/references/router-lifecycle.md +45 -0
- package/dist/core/skills/builtin/angular-developer/references/router-testing.md +87 -0
- package/dist/core/skills/builtin/angular-developer/references/show-routes-with-outlets.md +68 -0
- package/dist/core/skills/builtin/angular-developer/references/signal-forms.md +795 -0
- package/dist/core/skills/builtin/angular-developer/references/signals-overview.md +94 -0
- package/dist/core/skills/builtin/angular-developer/references/tailwind-css.md +69 -0
- package/dist/core/skills/builtin/angular-developer/references/template-driven-forms.md +114 -0
- package/dist/core/skills/builtin/angular-developer/references/testing-fundamentals.md +65 -0
- package/dist/core/skills/builtin/api-connector-builder/SKILL.md +120 -0
- package/dist/core/skills/builtin/api-design/SKILL.md +523 -0
- package/dist/core/skills/builtin/architecture-decision-records/SKILL.md +179 -0
- package/dist/core/skills/builtin/article-writing/SKILL.md +79 -0
- package/dist/core/skills/builtin/automation-audit-ops/SKILL.md +142 -0
- package/dist/core/skills/builtin/autonomous-agent-harness/SKILL.md +273 -0
- package/dist/core/skills/builtin/autonomous-loops/SKILL.md +610 -0
- package/dist/core/skills/builtin/backend-patterns/SKILL.md +561 -0
- package/dist/core/skills/builtin/benchmark/SKILL.md +93 -0
- package/dist/core/skills/builtin/benchmark-optimization-loop/SKILL.md +69 -0
- package/dist/core/skills/builtin/blueprint/SKILL.md +105 -0
- package/dist/core/skills/builtin/browser-qa/SKILL.md +87 -0
- package/dist/core/skills/builtin/bun-runtime/SKILL.md +84 -0
- package/dist/core/skills/builtin/cisco-ios-patterns/SKILL.md +163 -0
- package/dist/core/skills/builtin/claude-devfleet/SKILL.md +111 -0
- package/dist/core/skills/builtin/click-path-audit/SKILL.md +244 -0
- package/dist/core/skills/builtin/clickhouse-io/SKILL.md +439 -0
- package/dist/core/skills/builtin/code-tour/SKILL.md +236 -0
- package/dist/core/skills/builtin/codebase-onboarding/SKILL.md +233 -0
- package/dist/core/skills/builtin/codehealth-mcp/SKILL.md +166 -0
- package/dist/core/skills/builtin/coding-standards/SKILL.md +550 -0
- package/dist/core/skills/builtin/compose-multiplatform-patterns/SKILL.md +299 -0
- package/dist/core/skills/builtin/config-gc/SKILL.md +119 -0
- package/dist/core/skills/builtin/content-engine/SKILL.md +131 -0
- package/dist/core/skills/builtin/content-hash-cache-pattern/SKILL.md +161 -0
- package/dist/core/skills/builtin/context-budget/SKILL.md +135 -0
- package/dist/core/skills/builtin/continuous-agent-loop/SKILL.md +45 -0
- package/dist/core/skills/builtin/continuous-learning/SKILL.md +131 -0
- package/dist/core/skills/builtin/continuous-learning/config.json +18 -0
- package/dist/core/skills/builtin/continuous-learning/evaluate-session.sh +69 -0
- package/dist/core/skills/builtin/continuous-learning-v2/SKILL.md +360 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/observer-loop.sh +335 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/observer.md +198 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/session-guardian.sh +150 -0
- package/dist/core/skills/builtin/continuous-learning-v2/agents/start-observer.sh +248 -0
- package/dist/core/skills/builtin/continuous-learning-v2/config.json +8 -0
- package/dist/core/skills/builtin/continuous-learning-v2/hooks/observe.sh +498 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/detect-project.sh +322 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/instinct-cli.py +1914 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/migrate-homunculus.sh +62 -0
- package/dist/core/skills/builtin/continuous-learning-v2/scripts/test_parse_instinct.py +1045 -0
- package/dist/core/skills/builtin/cost-aware-llm-pipeline/SKILL.md +183 -0
- package/dist/core/skills/builtin/cost-tracking/SKILL.md +147 -0
- package/dist/core/skills/builtin/council/SKILL.md +203 -0
- package/dist/core/skills/builtin/cpp-coding-standards/SKILL.md +723 -0
- package/dist/core/skills/builtin/cpp-testing/SKILL.md +324 -0
- package/dist/core/skills/builtin/crosspost/SKILL.md +111 -0
- package/dist/core/skills/builtin/csharp-testing/SKILL.md +321 -0
- package/dist/core/skills/builtin/customs-trade-compliance/SKILL.md +263 -0
- package/dist/core/skills/builtin/dart-flutter-patterns/SKILL.md +563 -0
- package/dist/core/skills/builtin/dashboard-builder/SKILL.md +108 -0
- package/dist/core/skills/builtin/data-scraper-agent/SKILL.md +764 -0
- package/dist/core/skills/builtin/data-throughput-accelerator/SKILL.md +72 -0
- package/dist/core/skills/builtin/database-migrations/SKILL.md +429 -0
- package/dist/core/skills/builtin/deep-research/SKILL.md +159 -0
- package/dist/core/skills/builtin/defi-amm-security/SKILL.md +166 -0
- package/dist/core/skills/builtin/deployment-patterns/SKILL.md +427 -0
- package/dist/core/skills/builtin/design-system/SKILL.md +82 -0
- package/dist/core/skills/builtin/django-celery/SKILL.md +457 -0
- package/dist/core/skills/builtin/django-patterns/SKILL.md +734 -0
- package/dist/core/skills/builtin/django-security/SKILL.md +593 -0
- package/dist/core/skills/builtin/django-tdd/SKILL.md +729 -0
- package/dist/core/skills/builtin/django-verification/SKILL.md +469 -0
- package/dist/core/skills/builtin/dmux-workflows/SKILL.md +191 -0
- package/dist/core/skills/builtin/docker-patterns/SKILL.md +364 -0
- package/dist/core/skills/builtin/documentation-lookup/SKILL.md +90 -0
- package/dist/core/skills/builtin/dotnet-patterns/SKILL.md +321 -0
- package/dist/core/skills/builtin/dynamic-workflow-mode/SKILL.md +123 -0
- package/dist/core/skills/builtin/e2e-testing/SKILL.md +326 -0
- package/dist/core/skills/builtin/email-ops/SKILL.md +121 -0
- package/dist/core/skills/builtin/energy-procurement/SKILL.md +228 -0
- package/dist/core/skills/builtin/enterprise-agent-ops/SKILL.md +50 -0
- package/dist/core/skills/builtin/error-handling/SKILL.md +376 -0
- package/dist/core/skills/builtin/eval-harness/SKILL.md +270 -0
- package/dist/core/skills/builtin/evm-token-decimals/SKILL.md +130 -0
- package/dist/core/skills/builtin/exa-search/SKILL.md +107 -0
- package/dist/core/skills/builtin/fal-ai-media/SKILL.md +288 -0
- package/dist/core/skills/builtin/fastapi-patterns/SKILL.md +513 -0
- package/dist/core/skills/builtin/finance-billing-ops/SKILL.md +127 -0
- package/dist/core/skills/builtin/flox-environments/SKILL.md +496 -0
- package/dist/core/skills/builtin/flutter-dart-code-review/SKILL.md +435 -0
- package/dist/core/skills/builtin/foundation-models-on-device/SKILL.md +243 -0
- package/dist/core/skills/builtin/frontend-a11y/SKILL.md +445 -0
- package/dist/core/skills/builtin/frontend-design-direction/SKILL.md +92 -0
- package/dist/core/skills/builtin/frontend-patterns/SKILL.md +656 -0
- package/dist/core/skills/builtin/frontend-slides/SKILL.md +184 -0
- package/dist/core/skills/builtin/frontend-slides/STYLE_PRESETS.md +330 -0
- package/dist/core/skills/builtin/frontend-slides/animation-patterns.md +122 -0
- package/dist/core/skills/builtin/frontend-slides/html-template.md +419 -0
- package/dist/core/skills/builtin/frontend-slides/scripts/export-pdf.sh +418 -0
- package/dist/core/skills/builtin/frontend-slides/scripts/extract-pptx.py +96 -0
- package/dist/core/skills/builtin/frontend-slides/viewport-base.css +153 -0
- package/dist/core/skills/builtin/fsharp-testing/SKILL.md +280 -0
- package/dist/core/skills/builtin/gan-style-harness/SKILL.md +278 -0
- package/dist/core/skills/builtin/gateguard/SKILL.md +132 -0
- package/dist/core/skills/builtin/git-workflow/SKILL.md +715 -0
- package/dist/core/skills/builtin/github-ops/SKILL.md +144 -0
- package/dist/core/skills/builtin/golang-patterns/SKILL.md +674 -0
- package/dist/core/skills/builtin/golang-testing/SKILL.md +720 -0
- package/dist/core/skills/builtin/healthcare-cdss-patterns/SKILL.md +245 -0
- package/dist/core/skills/builtin/healthcare-emr-patterns/SKILL.md +159 -0
- package/dist/core/skills/builtin/healthcare-eval-harness/SKILL.md +207 -0
- package/dist/core/skills/builtin/healthcare-phi-compliance/SKILL.md +145 -0
- package/dist/core/skills/builtin/hermes-imports/SKILL.md +88 -0
- package/dist/core/skills/builtin/hexagonal-architecture/SKILL.md +276 -0
- package/dist/core/skills/builtin/hipaa-compliance/SKILL.md +78 -0
- package/dist/core/skills/builtin/hookify-rules/SKILL.md +128 -0
- package/dist/core/skills/builtin/inherit-legacy-style/SKILL.md +156 -0
- package/dist/core/skills/builtin/intent-driven-development/SKILL.md +360 -0
- package/dist/core/skills/builtin/inventory-demand-planning/SKILL.md +247 -0
- package/dist/core/skills/builtin/ios-icon-gen/SKILL.md +157 -0
- package/dist/core/skills/builtin/ios-icon-gen/scripts/generate_icons.swift +258 -0
- package/dist/core/skills/builtin/ios-icon-gen/scripts/iconify_gen.sh +235 -0
- package/dist/core/skills/builtin/iterative-retrieval/SKILL.md +211 -0
- package/dist/core/skills/builtin/java-coding-standards/SKILL.md +383 -0
- package/dist/core/skills/builtin/jira-integration/SKILL.md +302 -0
- package/dist/core/skills/builtin/jpa-patterns/SKILL.md +151 -0
- package/dist/core/skills/builtin/knowledge-ops/SKILL.md +154 -0
- package/dist/core/skills/builtin/kotlin-coroutines-flows/SKILL.md +284 -0
- package/dist/core/skills/builtin/kotlin-exposed-patterns/SKILL.md +719 -0
- package/dist/core/skills/builtin/kotlin-ktor-patterns/SKILL.md +689 -0
- package/dist/core/skills/builtin/kotlin-patterns/SKILL.md +711 -0
- package/dist/core/skills/builtin/kotlin-testing/SKILL.md +824 -0
- package/dist/core/skills/builtin/kubernetes-patterns/SKILL.md +755 -0
- package/dist/core/skills/builtin/laravel-patterns/SKILL.md +415 -0
- package/dist/core/skills/builtin/laravel-plugin-discovery/SKILL.md +229 -0
- package/dist/core/skills/builtin/laravel-security/SKILL.md +947 -0
- package/dist/core/skills/builtin/laravel-tdd/SKILL.md +674 -0
- package/dist/core/skills/builtin/laravel-verification/SKILL.md +179 -0
- package/dist/core/skills/builtin/latency-critical-systems/SKILL.md +73 -0
- package/dist/core/skills/builtin/lead-intelligence/SKILL.md +321 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/enrichment-agent.md +85 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/mutual-mapper.md +75 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/outreach-drafter.md +98 -0
- package/dist/core/skills/builtin/lead-intelligence/agents/signal-scorer.md +60 -0
- package/dist/core/skills/builtin/liquid-glass-design/SKILL.md +279 -0
- package/dist/core/skills/builtin/llm-trading-agent-security/SKILL.md +146 -0
- package/dist/core/skills/builtin/logistics-exception-management/SKILL.md +222 -0
- package/dist/core/skills/builtin/make-interfaces-feel-better/SKILL.md +151 -0
- package/dist/core/skills/builtin/market-research/SKILL.md +75 -0
- package/dist/core/skills/builtin/marketing-campaign/SKILL.md +113 -0
- package/dist/core/skills/builtin/mcp-server-patterns/SKILL.md +69 -0
- package/dist/core/skills/builtin/messages-ops/SKILL.md +104 -0
- package/dist/core/skills/builtin/mle-workflow/SKILL.md +346 -0
- package/dist/core/skills/builtin/motion-advanced/SKILL.md +596 -0
- package/dist/core/skills/builtin/motion-foundations/SKILL.md +299 -0
- package/dist/core/skills/builtin/motion-patterns/SKILL.md +434 -0
- package/dist/core/skills/builtin/motion-ui/SKILL.md +575 -0
- package/dist/core/skills/builtin/mysql-patterns/SKILL.md +412 -0
- package/dist/core/skills/builtin/nanoclaw-repl/SKILL.md +33 -0
- package/dist/core/skills/builtin/nestjs-patterns/SKILL.md +230 -0
- package/dist/core/skills/builtin/netmiko-ssh-automation/SKILL.md +173 -0
- package/dist/core/skills/builtin/network-bgp-diagnostics/SKILL.md +167 -0
- package/dist/core/skills/builtin/network-config-validation/SKILL.md +210 -0
- package/dist/core/skills/builtin/network-interface-health/SKILL.md +152 -0
- package/dist/core/skills/builtin/nextjs-turbopack/SKILL.md +57 -0
- package/dist/core/skills/builtin/nodejs-keccak256/SKILL.md +102 -0
- package/dist/core/skills/builtin/nutrient-document-processing/SKILL.md +167 -0
- package/dist/core/skills/builtin/nuxt4-patterns/SKILL.md +100 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/SKILL.md +288 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/gacha.py +224 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/gacha.sh +5 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/avatar-style.md +124 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/boundary-rules.md +53 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/error-handling.md +53 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/identity-tension.md +48 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/naming-system.md +39 -0
- package/dist/core/skills/builtin/openclaw-persona-forge/references/output-template.md +166 -0
- package/dist/core/skills/builtin/opensource-pipeline/SKILL.md +255 -0
- package/dist/core/skills/builtin/orch-add-feature/SKILL.md +44 -0
- package/dist/core/skills/builtin/orch-build-mvp/SKILL.md +48 -0
- package/dist/core/skills/builtin/orch-change-feature/SKILL.md +42 -0
- package/dist/core/skills/builtin/orch-fix-defect/SKILL.md +42 -0
- package/dist/core/skills/builtin/orch-pipeline/SKILL.md +120 -0
- package/dist/core/skills/builtin/orch-refine-code/SKILL.md +43 -0
- package/dist/core/skills/builtin/parallel-execution-optimizer/SKILL.md +72 -0
- package/dist/core/skills/builtin/perl-patterns/SKILL.md +504 -0
- package/dist/core/skills/builtin/perl-security/SKILL.md +503 -0
- package/dist/core/skills/builtin/perl-testing/SKILL.md +475 -0
- package/dist/core/skills/builtin/plan-orchestrate/SKILL.md +262 -0
- package/dist/core/skills/builtin/plankton-code-quality/SKILL.md +236 -0
- package/dist/core/skills/builtin/postgres-patterns/SKILL.md +147 -0
- package/dist/core/skills/builtin/prediction-market-oracle-research/SKILL.md +63 -0
- package/dist/core/skills/builtin/prediction-market-risk-review/SKILL.md +60 -0
- package/dist/core/skills/builtin/prisma-patterns/SKILL.md +371 -0
- package/dist/core/skills/builtin/product-capability/SKILL.md +141 -0
- package/dist/core/skills/builtin/product-lens/SKILL.md +92 -0
- package/dist/core/skills/builtin/production-audit/SKILL.md +206 -0
- package/dist/core/skills/builtin/production-scheduling/SKILL.md +238 -0
- package/dist/core/skills/builtin/prompt-optimizer/SKILL.md +398 -0
- package/dist/core/skills/builtin/python-patterns/SKILL.md +750 -0
- package/dist/core/skills/builtin/python-testing/SKILL.md +816 -0
- package/dist/core/skills/builtin/pytorch-patterns/SKILL.md +396 -0
- package/dist/core/skills/builtin/quality-nonconformance/SKILL.md +260 -0
- package/dist/core/skills/builtin/quarkus-patterns/SKILL.md +722 -0
- package/dist/core/skills/builtin/quarkus-security/SKILL.md +467 -0
- package/dist/core/skills/builtin/quarkus-tdd/SKILL.md +811 -0
- package/dist/core/skills/builtin/quarkus-verification/SKILL.md +479 -0
- package/dist/core/skills/builtin/ralphinho-rfc-pipeline/SKILL.md +67 -0
- package/dist/core/skills/builtin/react-patterns/SKILL.md +341 -0
- package/dist/core/skills/builtin/react-performance/SKILL.md +574 -0
- package/dist/core/skills/builtin/react-testing/SKILL.md +423 -0
- package/dist/core/skills/builtin/recsys-pipeline-architect/SKILL.md +114 -0
- package/dist/core/skills/builtin/recursive-decision-ledger/SKILL.md +79 -0
- package/dist/core/skills/builtin/redis-patterns/SKILL.md +403 -0
- package/dist/core/skills/builtin/regex-vs-llm-structured-text/SKILL.md +220 -0
- package/dist/core/skills/builtin/repo-scan/SKILL.md +78 -0
- package/dist/core/skills/builtin/research-ops/SKILL.md +112 -0
- package/dist/core/skills/builtin/returns-reverse-logistics/SKILL.md +240 -0
- package/dist/core/skills/builtin/rules-distill/SKILL.md +264 -0
- package/dist/core/skills/builtin/rules-distill/scripts/scan-rules.sh +58 -0
- package/dist/core/skills/builtin/rules-distill/scripts/scan-skills.sh +129 -0
- package/dist/core/skills/builtin/rust-patterns/SKILL.md +499 -0
- package/dist/core/skills/builtin/rust-testing/SKILL.md +500 -0
- package/dist/core/skills/builtin/safety-guard/SKILL.md +75 -0
- package/dist/core/skills/builtin/santa-method/SKILL.md +306 -0
- package/dist/core/skills/builtin/scientific-db-pubmed-database/SKILL.md +175 -0
- package/dist/core/skills/builtin/scientific-db-uspto-database/SKILL.md +177 -0
- package/dist/core/skills/builtin/scientific-pkg-gget/SKILL.md +166 -0
- package/dist/core/skills/builtin/scientific-thinking-literature-review/SKILL.md +192 -0
- package/dist/core/skills/builtin/scientific-thinking-scholar-evaluation/SKILL.md +160 -0
- package/dist/core/skills/builtin/search-first/SKILL.md +182 -0
- package/dist/core/skills/builtin/security-bounty-hunter/SKILL.md +99 -0
- package/dist/core/skills/builtin/security-review/SKILL.md +503 -0
- package/dist/core/skills/builtin/security-review/cloud-infrastructure-security.md +361 -0
- package/dist/core/skills/builtin/security-scan/SKILL.md +165 -0
- package/dist/core/skills/builtin/seo/SKILL.md +154 -0
- package/dist/core/skills/builtin/skill-comply/SKILL.md +58 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/compliant_trace.jsonl +5 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
- package/dist/core/skills/builtin/skill-comply/fixtures/tdd_spec.yaml +44 -0
- package/dist/core/skills/builtin/skill-comply/prompts/classifier.md +24 -0
- package/dist/core/skills/builtin/skill-comply/prompts/scenario_generator.md +62 -0
- package/dist/core/skills/builtin/skill-comply/prompts/spec_generator.md +42 -0
- package/dist/core/skills/builtin/skill-comply/pyproject.toml +15 -0
- package/dist/core/skills/builtin/skill-comply/scripts/__init__.py +0 -0
- package/dist/core/skills/builtin/skill-comply/scripts/classifier.py +85 -0
- package/dist/core/skills/builtin/skill-comply/scripts/grader.py +124 -0
- package/dist/core/skills/builtin/skill-comply/scripts/parser.py +107 -0
- package/dist/core/skills/builtin/skill-comply/scripts/report.py +170 -0
- package/dist/core/skills/builtin/skill-comply/scripts/run.py +127 -0
- package/dist/core/skills/builtin/skill-comply/scripts/runner.py +186 -0
- package/dist/core/skills/builtin/skill-comply/scripts/scenario_generator.py +70 -0
- package/dist/core/skills/builtin/skill-comply/scripts/spec_generator.py +72 -0
- package/dist/core/skills/builtin/skill-comply/scripts/utils.py +13 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_grader.py +197 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_parser.py +90 -0
- package/dist/core/skills/builtin/skill-comply/tests/test_runner.py +172 -0
- package/dist/core/skills/builtin/skill-scout/SKILL.md +140 -0
- package/dist/core/skills/builtin/skill-stocktake/SKILL.md +194 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/quick-diff.sh +87 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/save-results.sh +56 -0
- package/dist/core/skills/builtin/skill-stocktake/scripts/scan.sh +170 -0
- package/dist/core/skills/builtin/springboot-patterns/SKILL.md +314 -0
- package/dist/core/skills/builtin/springboot-security/SKILL.md +272 -0
- package/dist/core/skills/builtin/springboot-tdd/SKILL.md +158 -0
- package/dist/core/skills/builtin/springboot-verification/SKILL.md +231 -0
- package/dist/core/skills/builtin/strategic-compact/SKILL.md +135 -0
- package/dist/core/skills/builtin/swift-actor-persistence/SKILL.md +143 -0
- package/dist/core/skills/builtin/swift-concurrency-6-2/SKILL.md +216 -0
- package/dist/core/skills/builtin/swift-protocol-di-testing/SKILL.md +190 -0
- package/dist/core/skills/builtin/swiftui-patterns/SKILL.md +259 -0
- package/dist/core/skills/builtin/tdd-workflow/SKILL.md +463 -0
- package/dist/core/skills/builtin/team-agent-orchestration/SKILL.md +110 -0
- package/dist/core/skills/builtin/team-builder/SKILL.md +168 -0
- package/dist/core/skills/builtin/terminal-ops/SKILL.md +109 -0
- package/dist/core/skills/builtin/tinystruct-patterns/SKILL.md +203 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/architecture.md +90 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/data-handling.md +60 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/database.md +99 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/routing.md +64 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/system-usage.md +97 -0
- package/dist/core/skills/builtin/tinystruct-patterns/references/testing.md +72 -0
- package/dist/core/skills/builtin/token-budget-advisor/SKILL.md +133 -0
- package/dist/core/skills/builtin/ui-demo/SKILL.md +465 -0
- package/dist/core/skills/builtin/ui-to-vue/SKILL.md +134 -0
- package/dist/core/skills/builtin/uncloud/SKILL.md +343 -0
- package/dist/core/skills/builtin/unified-notifications-ops/SKILL.md +187 -0
- package/dist/core/skills/builtin/verification-loop/SKILL.md +126 -0
- package/dist/core/skills/builtin/video-editing/SKILL.md +310 -0
- package/dist/core/skills/builtin/videodb/SKILL.md +374 -0
- package/dist/core/skills/builtin/videodb/reference/api-reference.md +550 -0
- package/dist/core/skills/builtin/videodb/reference/capture-reference.md +407 -0
- package/dist/core/skills/builtin/videodb/reference/capture.md +101 -0
- package/dist/core/skills/builtin/videodb/reference/editor.md +443 -0
- package/dist/core/skills/builtin/videodb/reference/generative.md +331 -0
- package/dist/core/skills/builtin/videodb/reference/rtstream-reference.md +564 -0
- package/dist/core/skills/builtin/videodb/reference/rtstream.md +65 -0
- package/dist/core/skills/builtin/videodb/reference/search.md +230 -0
- package/dist/core/skills/builtin/videodb/reference/streaming.md +406 -0
- package/dist/core/skills/builtin/videodb/reference/use-cases.md +118 -0
- package/dist/core/skills/builtin/videodb/scripts/ws_listener.py +282 -0
- package/dist/core/skills/builtin/visa-doc-translate/README.md +86 -0
- package/dist/core/skills/builtin/visa-doc-translate/SKILL.md +117 -0
- package/dist/core/skills/builtin/vite-patterns/SKILL.md +449 -0
- package/dist/core/skills/builtin/windows-desktop-e2e/SKILL.md +887 -0
- package/dist/core/skills/builtin/x-api/SKILL.md +234 -0
- package/dist/core/skills/loader.d.ts +23 -12
- package/dist/core/skills/loader.d.ts.map +1 -1
- package/dist/core/skills/loader.js +105 -2
- package/dist/core/skills/loader.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: healthcare-phi-compliance
|
|
3
|
+
description: [ECC] Protected Health Information (PHI) and Personally Identifiable Information (PII) compliance patterns for healthcare applications. Covers data classification, access control, audit trails, encryption, and common leak vectors.
|
|
4
|
+
origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel
|
|
5
|
+
version: "1.0.0"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Healthcare PHI/PII Compliance Patterns
|
|
9
|
+
|
|
10
|
+
Patterns for protecting patient data, clinician data, and financial data in healthcare applications. Applicable to HIPAA (US), DISHA (India), GDPR (EU), and general healthcare data protection.
|
|
11
|
+
|
|
12
|
+
## When to Use
|
|
13
|
+
|
|
14
|
+
- Building any feature that touches patient records
|
|
15
|
+
- Implementing access control or authentication for clinical systems
|
|
16
|
+
- Designing database schemas for healthcare data
|
|
17
|
+
- Building APIs that return patient or clinician data
|
|
18
|
+
- Implementing audit trails or logging
|
|
19
|
+
- Reviewing code for data exposure vulnerabilities
|
|
20
|
+
- Setting up Row-Level Security (RLS) for multi-tenant healthcare systems
|
|
21
|
+
|
|
22
|
+
## How It Works
|
|
23
|
+
|
|
24
|
+
Healthcare data protection operates on three layers: **classification** (what is sensitive), **access control** (who can see it), and **audit** (who did see it).
|
|
25
|
+
|
|
26
|
+
### Data Classification
|
|
27
|
+
|
|
28
|
+
**PHI (Protected Health Information)** — any data that can identify a patient AND relates to their health: patient name, date of birth, address, phone, email, national ID numbers (SSN, Aadhaar, NHS number), medical record numbers, diagnoses, medications, lab results, imaging, insurance policy and claim details, appointment and admission records, or any combination of the above.
|
|
29
|
+
|
|
30
|
+
**PII (Non-patient-sensitive data)** in healthcare systems: clinician/staff personal details, doctor fee structures and payout amounts, employee salary and bank details, vendor payment information.
|
|
31
|
+
|
|
32
|
+
### Access Control: Row-Level Security
|
|
33
|
+
|
|
34
|
+
```sql
|
|
35
|
+
ALTER TABLE patients ENABLE ROW LEVEL SECURITY;
|
|
36
|
+
|
|
37
|
+
-- Scope access by facility
|
|
38
|
+
CREATE POLICY "staff_read_own_facility"
|
|
39
|
+
ON patients FOR SELECT TO authenticated
|
|
40
|
+
USING (facility_id IN (
|
|
41
|
+
SELECT facility_id FROM staff_assignments
|
|
42
|
+
WHERE user_id = auth.uid() AND role IN ('doctor','nurse','lab_tech','admin')
|
|
43
|
+
));
|
|
44
|
+
|
|
45
|
+
-- Audit log: insert-only (tamper-proof)
|
|
46
|
+
CREATE POLICY "audit_insert_only" ON audit_log FOR INSERT
|
|
47
|
+
TO authenticated WITH CHECK (user_id = auth.uid());
|
|
48
|
+
CREATE POLICY "audit_no_modify" ON audit_log FOR UPDATE USING (false);
|
|
49
|
+
CREATE POLICY "audit_no_delete" ON audit_log FOR DELETE USING (false);
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
### Audit Trail
|
|
53
|
+
|
|
54
|
+
Every PHI access or modification must be logged:
|
|
55
|
+
|
|
56
|
+
```typescript
|
|
57
|
+
interface AuditEntry {
|
|
58
|
+
timestamp: string;
|
|
59
|
+
user_id: string;
|
|
60
|
+
patient_id: string;
|
|
61
|
+
action: 'create' | 'read' | 'update' | 'delete' | 'print' | 'export';
|
|
62
|
+
resource_type: string;
|
|
63
|
+
resource_id: string;
|
|
64
|
+
changes?: { before: object; after: object };
|
|
65
|
+
ip_address: string;
|
|
66
|
+
session_id: string;
|
|
67
|
+
}
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
### Common Leak Vectors
|
|
71
|
+
|
|
72
|
+
**Error messages:** Never include patient-identifying data in error messages thrown to the client. Log details server-side only.
|
|
73
|
+
|
|
74
|
+
**Console output:** Never log full patient objects. Use opaque internal record IDs (UUIDs) — not medical record numbers, national IDs, or names.
|
|
75
|
+
|
|
76
|
+
**URL parameters:** Never put patient-identifying data in query strings or path segments that could appear in logs or browser history. Use opaque UUIDs only.
|
|
77
|
+
|
|
78
|
+
**Browser storage:** Never store PHI in localStorage or sessionStorage. Keep PHI in memory only, fetch on demand.
|
|
79
|
+
|
|
80
|
+
**Service role keys:** Never use the service_role key in client-side code. Always use the anon/publishable key and let RLS enforce access.
|
|
81
|
+
|
|
82
|
+
**Logs and monitoring:** Never log full patient records. Use opaque record IDs only (not medical record numbers). Sanitize stack traces before sending to error tracking services.
|
|
83
|
+
|
|
84
|
+
### Database Schema Tagging
|
|
85
|
+
|
|
86
|
+
Mark PHI/PII columns at the schema level:
|
|
87
|
+
|
|
88
|
+
```sql
|
|
89
|
+
COMMENT ON COLUMN patients.name IS 'PHI: patient_name';
|
|
90
|
+
COMMENT ON COLUMN patients.dob IS 'PHI: date_of_birth';
|
|
91
|
+
COMMENT ON COLUMN patients.aadhaar IS 'PHI: national_id';
|
|
92
|
+
COMMENT ON COLUMN doctor_payouts.amount IS 'PII: financial';
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
### Deployment Checklist
|
|
96
|
+
|
|
97
|
+
Before every deployment:
|
|
98
|
+
- No PHI in error messages or stack traces
|
|
99
|
+
- No PHI in console.log/console.error
|
|
100
|
+
- No PHI in URL parameters
|
|
101
|
+
- No PHI in browser storage
|
|
102
|
+
- No service_role key in client code
|
|
103
|
+
- RLS enabled on all PHI/PII tables
|
|
104
|
+
- Audit trail for all data modifications
|
|
105
|
+
- Session timeout configured
|
|
106
|
+
- API authentication on all PHI endpoints
|
|
107
|
+
- Cross-facility data isolation verified
|
|
108
|
+
|
|
109
|
+
## Examples
|
|
110
|
+
|
|
111
|
+
### Example 1: Safe vs Unsafe Error Handling
|
|
112
|
+
|
|
113
|
+
```typescript
|
|
114
|
+
// BAD — leaks PHI in error
|
|
115
|
+
throw new Error(`Patient ${patient.name} not found in ${patient.facility}`);
|
|
116
|
+
|
|
117
|
+
// GOOD — generic error, details logged server-side with opaque IDs only
|
|
118
|
+
logger.error('Patient lookup failed', { recordId: patient.id, facilityId });
|
|
119
|
+
throw new Error('Record not found');
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### Example 2: RLS Policy for Multi-Facility Isolation
|
|
123
|
+
|
|
124
|
+
```sql
|
|
125
|
+
-- Doctor at Facility A cannot see Facility B patients
|
|
126
|
+
CREATE POLICY "facility_isolation"
|
|
127
|
+
ON patients FOR SELECT TO authenticated
|
|
128
|
+
USING (facility_id IN (
|
|
129
|
+
SELECT facility_id FROM staff_assignments WHERE user_id = auth.uid()
|
|
130
|
+
));
|
|
131
|
+
|
|
132
|
+
-- Test: login as doctor-facility-a, query facility-b patients
|
|
133
|
+
-- Expected: 0 rows returned
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
### Example 3: Safe Logging
|
|
137
|
+
|
|
138
|
+
```typescript
|
|
139
|
+
// BAD — logs identifiable patient data
|
|
140
|
+
console.log('Processing patient:', patient);
|
|
141
|
+
|
|
142
|
+
// GOOD — logs only opaque internal record ID
|
|
143
|
+
console.log('Processing record:', patient.id);
|
|
144
|
+
// Note: even patient.id should be an opaque UUID, not a medical record number
|
|
145
|
+
```
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hermes-imports
|
|
3
|
+
description: [ECC] Convert local Hermes operator workflows into sanitized ECC skills and release-pack artifacts. Use when preparing a Hermes workflow for public ECC reuse without leaking private workspace state, credentials, or local-only paths.
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Hermes Imports
|
|
8
|
+
|
|
9
|
+
Use this skill when turning a repeated Hermes workflow into something safe to ship in ECC.
|
|
10
|
+
|
|
11
|
+
Hermes is the operator shell. ECC is the reusable workflow layer. Imports should move stable patterns from Hermes into ECC without moving private state.
|
|
12
|
+
|
|
13
|
+
## When To Use
|
|
14
|
+
|
|
15
|
+
- A Hermes workflow has repeated enough times to become reusable.
|
|
16
|
+
- A local operator prompt should become a public ECC skill.
|
|
17
|
+
- A launch, content, research, or engineering workflow needs sanitized handoff docs.
|
|
18
|
+
- A workflow mentions local paths, credentials, personal datasets, or private account names that must be removed before publication.
|
|
19
|
+
|
|
20
|
+
## Import Rules
|
|
21
|
+
|
|
22
|
+
- Convert local paths to repo-relative paths or placeholders.
|
|
23
|
+
- Replace live account names with role labels such as `operator`, `default profile`, or `workspace owner`.
|
|
24
|
+
- Describe credential requirements by provider name only.
|
|
25
|
+
- Keep examples narrow and operational.
|
|
26
|
+
- Do not ship raw workspace exports, tokens, OAuth files, health data, CRM data, or finance data.
|
|
27
|
+
- If the workflow requires private state to make sense, keep it local.
|
|
28
|
+
|
|
29
|
+
## Sanitization Checklist
|
|
30
|
+
|
|
31
|
+
Before committing an imported workflow, scan for:
|
|
32
|
+
|
|
33
|
+
- absolute paths such as `/Users/...`
|
|
34
|
+
- `~/.hermes` paths unless the doc is explicitly explaining local setup
|
|
35
|
+
- API keys, tokens, cookies, OAuth files, or bearer strings
|
|
36
|
+
- phone numbers, private email addresses, and personal contact graphs
|
|
37
|
+
- client names, family names, or account names that are not already public
|
|
38
|
+
- revenue, health, or CRM details
|
|
39
|
+
- raw logs that include tool output from private systems
|
|
40
|
+
|
|
41
|
+
## Conversion Pattern
|
|
42
|
+
|
|
43
|
+
1. Identify the repeatable operator loop.
|
|
44
|
+
2. Strip private inputs and outputs.
|
|
45
|
+
3. Rewrite local paths as repo-relative examples.
|
|
46
|
+
4. Turn one-off instructions into a `When To Use` section and a short process.
|
|
47
|
+
5. Add concrete output requirements.
|
|
48
|
+
6. Run a secret and local-path scan before opening a PR.
|
|
49
|
+
|
|
50
|
+
## Example: Launch Handoff
|
|
51
|
+
|
|
52
|
+
Local Hermes prompt:
|
|
53
|
+
|
|
54
|
+
```text
|
|
55
|
+
Read my local workspace files and finalize launch copy.
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
ECC-safe version:
|
|
59
|
+
|
|
60
|
+
```text
|
|
61
|
+
Use the public release pack under docs/releases/<version>/.
|
|
62
|
+
Return one X thread, one LinkedIn post, one recording checklist, and the missing assets list.
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## Example: Quiet-Hours Operator Job
|
|
66
|
+
|
|
67
|
+
Local Hermes job:
|
|
68
|
+
|
|
69
|
+
```text
|
|
70
|
+
Run my private inbox, finance, and content checks overnight.
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
ECC-safe version:
|
|
74
|
+
|
|
75
|
+
```text
|
|
76
|
+
Describe the scheduler policy, the quiet-hours window, the escalation rules, and the categories of checks. Do not include private data sources or credentials.
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Output Contract
|
|
80
|
+
|
|
81
|
+
Return:
|
|
82
|
+
|
|
83
|
+
- candidate ECC skill name
|
|
84
|
+
- sanitized workflow summary
|
|
85
|
+
- required public inputs
|
|
86
|
+
- private inputs removed
|
|
87
|
+
- remaining risks
|
|
88
|
+
- files that should be created or updated
|
|
@@ -0,0 +1,276 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hexagonal-architecture
|
|
3
|
+
description: [ECC] Design, implement, and refactor Ports & Adapters systems with clear domain boundaries, dependency inversion, and testable use-case orchestration across TypeScript, Java, Kotlin, and Go services.
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Hexagonal Architecture
|
|
8
|
+
|
|
9
|
+
Hexagonal architecture (Ports and Adapters) keeps business logic independent from frameworks, transport, and persistence details. The core app depends on abstract ports, and adapters implement those ports at the edges.
|
|
10
|
+
|
|
11
|
+
## When to Use
|
|
12
|
+
|
|
13
|
+
- Building new features where long-term maintainability and testability matter.
|
|
14
|
+
- Refactoring layered or framework-heavy code where domain logic is mixed with I/O concerns.
|
|
15
|
+
- Supporting multiple interfaces for the same use case (HTTP, CLI, queue workers, cron jobs).
|
|
16
|
+
- Replacing infrastructure (database, external APIs, message bus) without rewriting business rules.
|
|
17
|
+
|
|
18
|
+
Use this skill when the request involves boundaries, domain-centric design, refactoring tightly coupled services, or decoupling application logic from specific libraries.
|
|
19
|
+
|
|
20
|
+
## Core Concepts
|
|
21
|
+
|
|
22
|
+
- **Domain model**: Business rules and entities/value objects. No framework imports.
|
|
23
|
+
- **Use cases (application layer)**: Orchestrate domain behavior and workflow steps.
|
|
24
|
+
- **Inbound ports**: Contracts describing what the application can do (commands/queries/use-case interfaces).
|
|
25
|
+
- **Outbound ports**: Contracts for dependencies the application needs (repositories, gateways, event publishers, clock, UUID, etc.).
|
|
26
|
+
- **Adapters**: Infrastructure and delivery implementations of ports (HTTP controllers, DB repositories, queue consumers, SDK wrappers).
|
|
27
|
+
- **Composition root**: Single wiring location where concrete adapters are bound to use cases.
|
|
28
|
+
|
|
29
|
+
Outbound port interfaces usually live in the application layer (or in domain only when the abstraction is truly domain-level), while infrastructure adapters implement them.
|
|
30
|
+
|
|
31
|
+
Dependency direction is always inward:
|
|
32
|
+
|
|
33
|
+
- Adapters -> application/domain
|
|
34
|
+
- Application -> port interfaces (inbound/outbound contracts)
|
|
35
|
+
- Domain -> domain-only abstractions (no framework or infrastructure dependencies)
|
|
36
|
+
- Domain -> nothing external
|
|
37
|
+
|
|
38
|
+
## How It Works
|
|
39
|
+
|
|
40
|
+
### Step 1: Model a use case boundary
|
|
41
|
+
|
|
42
|
+
Define a single use case with a clear input and output DTO. Keep transport details (Express `req`, GraphQL `context`, job payload wrappers) outside this boundary.
|
|
43
|
+
|
|
44
|
+
### Step 2: Define outbound ports first
|
|
45
|
+
|
|
46
|
+
Identify every side effect as a port:
|
|
47
|
+
|
|
48
|
+
- persistence (`UserRepositoryPort`)
|
|
49
|
+
- external calls (`BillingGatewayPort`)
|
|
50
|
+
- cross-cutting (`LoggerPort`, `ClockPort`)
|
|
51
|
+
|
|
52
|
+
Ports should model capabilities, not technologies.
|
|
53
|
+
|
|
54
|
+
### Step 3: Implement the use case with pure orchestration
|
|
55
|
+
|
|
56
|
+
Use case class/function receives ports via constructor/arguments. It validates application-level invariants, coordinates domain rules, and returns plain data structures.
|
|
57
|
+
|
|
58
|
+
### Step 4: Build adapters at the edge
|
|
59
|
+
|
|
60
|
+
- Inbound adapter converts protocol input to use-case input.
|
|
61
|
+
- Outbound adapter maps app contracts to concrete APIs/ORM/query builders.
|
|
62
|
+
- Mapping stays in adapters, not inside use cases.
|
|
63
|
+
|
|
64
|
+
### Step 5: Wire everything in a composition root
|
|
65
|
+
|
|
66
|
+
Instantiate adapters, then inject them into use cases. Keep this wiring centralized to avoid hidden service-locator behavior.
|
|
67
|
+
|
|
68
|
+
### Step 6: Test per boundary
|
|
69
|
+
|
|
70
|
+
- Unit test use cases with fake ports.
|
|
71
|
+
- Integration test adapters with real infra dependencies.
|
|
72
|
+
- E2E test user-facing flows through inbound adapters.
|
|
73
|
+
|
|
74
|
+
## Architecture Diagram
|
|
75
|
+
|
|
76
|
+
```mermaid
|
|
77
|
+
flowchart LR
|
|
78
|
+
Client["Client (HTTP/CLI/Worker)"] --> InboundAdapter["Inbound Adapter"]
|
|
79
|
+
InboundAdapter -->|"calls"| UseCase["UseCase (Application Layer)"]
|
|
80
|
+
UseCase -->|"uses"| OutboundPort["OutboundPort (Interface)"]
|
|
81
|
+
OutboundAdapter["Outbound Adapter"] -->|"implements"| OutboundPort
|
|
82
|
+
OutboundAdapter --> ExternalSystem["DB/API/Queue"]
|
|
83
|
+
UseCase --> DomainModel["DomainModel"]
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
## Suggested Module Layout
|
|
87
|
+
|
|
88
|
+
Use feature-first organization with explicit boundaries:
|
|
89
|
+
|
|
90
|
+
```text
|
|
91
|
+
src/
|
|
92
|
+
features/
|
|
93
|
+
orders/
|
|
94
|
+
domain/
|
|
95
|
+
Order.ts
|
|
96
|
+
OrderPolicy.ts
|
|
97
|
+
application/
|
|
98
|
+
ports/
|
|
99
|
+
inbound/
|
|
100
|
+
CreateOrder.ts
|
|
101
|
+
outbound/
|
|
102
|
+
OrderRepositoryPort.ts
|
|
103
|
+
PaymentGatewayPort.ts
|
|
104
|
+
use-cases/
|
|
105
|
+
CreateOrderUseCase.ts
|
|
106
|
+
adapters/
|
|
107
|
+
inbound/
|
|
108
|
+
http/
|
|
109
|
+
createOrderRoute.ts
|
|
110
|
+
outbound/
|
|
111
|
+
postgres/
|
|
112
|
+
PostgresOrderRepository.ts
|
|
113
|
+
stripe/
|
|
114
|
+
StripePaymentGateway.ts
|
|
115
|
+
composition/
|
|
116
|
+
ordersContainer.ts
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
## TypeScript Example
|
|
120
|
+
|
|
121
|
+
### Port definitions
|
|
122
|
+
|
|
123
|
+
```typescript
|
|
124
|
+
export interface OrderRepositoryPort {
|
|
125
|
+
save(order: Order): Promise<void>;
|
|
126
|
+
findById(orderId: string): Promise<Order | null>;
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
export interface PaymentGatewayPort {
|
|
130
|
+
authorize(input: { orderId: string; amountCents: number }): Promise<{ authorizationId: string }>;
|
|
131
|
+
}
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Use case
|
|
135
|
+
|
|
136
|
+
```typescript
|
|
137
|
+
type CreateOrderInput = {
|
|
138
|
+
orderId: string;
|
|
139
|
+
amountCents: number;
|
|
140
|
+
};
|
|
141
|
+
|
|
142
|
+
type CreateOrderOutput = {
|
|
143
|
+
orderId: string;
|
|
144
|
+
authorizationId: string;
|
|
145
|
+
};
|
|
146
|
+
|
|
147
|
+
export class CreateOrderUseCase {
|
|
148
|
+
constructor(
|
|
149
|
+
private readonly orderRepository: OrderRepositoryPort,
|
|
150
|
+
private readonly paymentGateway: PaymentGatewayPort
|
|
151
|
+
) {}
|
|
152
|
+
|
|
153
|
+
async execute(input: CreateOrderInput): Promise<CreateOrderOutput> {
|
|
154
|
+
const order = Order.create({ id: input.orderId, amountCents: input.amountCents });
|
|
155
|
+
|
|
156
|
+
const auth = await this.paymentGateway.authorize({
|
|
157
|
+
orderId: order.id,
|
|
158
|
+
amountCents: order.amountCents,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
// markAuthorized returns a new Order instance; it does not mutate in place.
|
|
162
|
+
const authorizedOrder = order.markAuthorized(auth.authorizationId);
|
|
163
|
+
await this.orderRepository.save(authorizedOrder);
|
|
164
|
+
|
|
165
|
+
return {
|
|
166
|
+
orderId: order.id,
|
|
167
|
+
authorizationId: auth.authorizationId,
|
|
168
|
+
};
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
### Outbound adapter
|
|
174
|
+
|
|
175
|
+
```typescript
|
|
176
|
+
export class PostgresOrderRepository implements OrderRepositoryPort {
|
|
177
|
+
constructor(private readonly db: SqlClient) {}
|
|
178
|
+
|
|
179
|
+
async save(order: Order): Promise<void> {
|
|
180
|
+
await this.db.query(
|
|
181
|
+
"insert into orders (id, amount_cents, status, authorization_id) values ($1, $2, $3, $4)",
|
|
182
|
+
[order.id, order.amountCents, order.status, order.authorizationId]
|
|
183
|
+
);
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
async findById(orderId: string): Promise<Order | null> {
|
|
187
|
+
const row = await this.db.oneOrNone("select * from orders where id = $1", [orderId]);
|
|
188
|
+
return row ? Order.rehydrate(row) : null;
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
### Composition root
|
|
194
|
+
|
|
195
|
+
```typescript
|
|
196
|
+
export const buildCreateOrderUseCase = (deps: { db: SqlClient; stripe: StripeClient }) => {
|
|
197
|
+
const orderRepository = new PostgresOrderRepository(deps.db);
|
|
198
|
+
const paymentGateway = new StripePaymentGateway(deps.stripe);
|
|
199
|
+
|
|
200
|
+
return new CreateOrderUseCase(orderRepository, paymentGateway);
|
|
201
|
+
};
|
|
202
|
+
```
|
|
203
|
+
|
|
204
|
+
## Multi-Language Mapping
|
|
205
|
+
|
|
206
|
+
Use the same boundary rules across ecosystems; only syntax and wiring style change.
|
|
207
|
+
|
|
208
|
+
- **TypeScript/JavaScript**
|
|
209
|
+
- Ports: `application/ports/*` as interfaces/types.
|
|
210
|
+
- Use cases: classes/functions with constructor/argument injection.
|
|
211
|
+
- Adapters: `adapters/inbound/*`, `adapters/outbound/*`.
|
|
212
|
+
- Composition: explicit factory/container module (no hidden globals).
|
|
213
|
+
- **Java**
|
|
214
|
+
- Packages: `domain`, `application.port.in`, `application.port.out`, `application.usecase`, `adapter.in`, `adapter.out`.
|
|
215
|
+
- Ports: interfaces in `application.port.*`.
|
|
216
|
+
- Use cases: plain classes (Spring `@Service` is optional, not required).
|
|
217
|
+
- Composition: Spring config or manual wiring class; keep wiring out of domain/use-case classes.
|
|
218
|
+
- **Kotlin**
|
|
219
|
+
- Modules/packages mirror the Java split (`domain`, `application.port`, `application.usecase`, `adapter`).
|
|
220
|
+
- Ports: Kotlin interfaces.
|
|
221
|
+
- Use cases: classes with constructor injection (Koin/Dagger/Spring/manual).
|
|
222
|
+
- Composition: module definitions or dedicated composition functions; avoid service locator patterns.
|
|
223
|
+
- **Go**
|
|
224
|
+
- Packages: `internal/<feature>/domain`, `application`, `ports`, `adapters/inbound`, `adapters/outbound`.
|
|
225
|
+
- Ports: small interfaces owned by the consuming application package.
|
|
226
|
+
- Use cases: structs with interface fields plus explicit `New...` constructors.
|
|
227
|
+
- Composition: wire in `cmd/<app>/main.go` (or dedicated wiring package), keep constructors explicit.
|
|
228
|
+
|
|
229
|
+
## Anti-Patterns to Avoid
|
|
230
|
+
|
|
231
|
+
- Domain entities importing ORM models, web framework types, or SDK clients.
|
|
232
|
+
- Use cases reading directly from `req`, `res`, or queue metadata.
|
|
233
|
+
- Returning database rows directly from use cases without domain/application mapping.
|
|
234
|
+
- Letting adapters call each other directly instead of flowing through use-case ports.
|
|
235
|
+
- Spreading dependency wiring across many files with hidden global singletons.
|
|
236
|
+
|
|
237
|
+
## Migration Playbook
|
|
238
|
+
|
|
239
|
+
1. Pick one vertical slice (single endpoint/job) with frequent change pain.
|
|
240
|
+
2. Extract a use-case boundary with explicit input/output types.
|
|
241
|
+
3. Introduce outbound ports around existing infrastructure calls.
|
|
242
|
+
4. Move orchestration logic from controllers/services into the use case.
|
|
243
|
+
5. Keep old adapters, but make them delegate to the new use case.
|
|
244
|
+
6. Add tests around the new boundary (unit + adapter integration).
|
|
245
|
+
7. Repeat slice-by-slice; avoid full rewrites.
|
|
246
|
+
|
|
247
|
+
### Refactoring Existing Systems
|
|
248
|
+
|
|
249
|
+
- **Strangler approach**: keep current endpoints, route one use case at a time through new ports/adapters.
|
|
250
|
+
- **No big-bang rewrites**: migrate per feature slice and preserve behavior with characterization tests.
|
|
251
|
+
- **Facade first**: wrap legacy services behind outbound ports before replacing internals.
|
|
252
|
+
- **Composition freeze**: centralize wiring early so new dependencies do not leak into domain/use-case layers.
|
|
253
|
+
- **Slice selection rule**: prioritize high-churn, low-blast-radius flows first.
|
|
254
|
+
- **Rollback path**: keep a reversible toggle or route switch per migrated slice until production behavior is verified.
|
|
255
|
+
|
|
256
|
+
## Testing Guidance (Same Hexagonal Boundaries)
|
|
257
|
+
|
|
258
|
+
- **Domain tests**: test entities/value objects as pure business rules (no mocks, no framework setup).
|
|
259
|
+
- **Use-case unit tests**: test orchestration with fakes/stubs for outbound ports; assert business outcomes and port interactions.
|
|
260
|
+
- **Outbound adapter contract tests**: define shared contract suites at port level and run them against each adapter implementation.
|
|
261
|
+
- **Inbound adapter tests**: verify protocol mapping (HTTP/CLI/queue payload to use-case input and output/error mapping back to protocol).
|
|
262
|
+
- **Adapter integration tests**: run against real infrastructure (DB/API/queue) for serialization, schema/query behavior, retries, and timeouts.
|
|
263
|
+
- **End-to-end tests**: cover critical user journeys through inbound adapter -> use case -> outbound adapter.
|
|
264
|
+
- **Refactor safety**: add characterization tests before extraction; keep them until new boundary behavior is stable and equivalent.
|
|
265
|
+
|
|
266
|
+
## Best Practices Checklist
|
|
267
|
+
|
|
268
|
+
- Domain and use-case layers import only internal types and ports.
|
|
269
|
+
- Every external dependency is represented by an outbound port.
|
|
270
|
+
- Validation occurs at boundaries (inbound adapter + use-case invariants).
|
|
271
|
+
- Use immutable transformations (return new values/entities instead of mutating shared state).
|
|
272
|
+
- Errors are translated across boundaries (infra errors -> application/domain errors).
|
|
273
|
+
- Composition root is explicit and easy to audit.
|
|
274
|
+
- Use cases are testable with simple in-memory fakes for ports.
|
|
275
|
+
- Refactoring starts from one vertical slice with behavior-preserving tests.
|
|
276
|
+
- Language/framework specifics stay in adapters, never in domain rules.
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hipaa-compliance
|
|
3
|
+
description: [ECC] HIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handling, covered entities, BAAs, breach posture, or US healthcare compliance requirements.
|
|
4
|
+
origin: ECC direct-port adaptation
|
|
5
|
+
version: "1.0.0"
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# HIPAA Compliance
|
|
9
|
+
|
|
10
|
+
Use this as the HIPAA-specific entrypoint when a task is clearly about US healthcare compliance. This skill intentionally stays thin and canonical:
|
|
11
|
+
|
|
12
|
+
- `healthcare-phi-compliance` remains the primary implementation skill for PHI/PII handling, data classification, audit logging, encryption, and leak prevention.
|
|
13
|
+
- `healthcare-reviewer` remains the specialized reviewer when code, architecture, or product behavior needs a healthcare-aware second pass.
|
|
14
|
+
- `security-review` still applies for general auth, input-handling, secrets, API, and deployment hardening.
|
|
15
|
+
|
|
16
|
+
## When to Use
|
|
17
|
+
|
|
18
|
+
- The request explicitly mentions HIPAA, PHI, covered entities, business associates, or BAAs
|
|
19
|
+
- Building or reviewing US healthcare software that stores, processes, exports, or transmits PHI
|
|
20
|
+
- Assessing whether logging, analytics, LLM prompts, storage, or support workflows create HIPAA exposure
|
|
21
|
+
- Designing patient-facing or clinician-facing systems where minimum necessary access and auditability matter
|
|
22
|
+
|
|
23
|
+
## How It Works
|
|
24
|
+
|
|
25
|
+
Treat HIPAA as an overlay on top of the broader healthcare privacy skill:
|
|
26
|
+
|
|
27
|
+
1. Start with `healthcare-phi-compliance` for the concrete implementation rules.
|
|
28
|
+
2. Apply HIPAA-specific decision gates:
|
|
29
|
+
- Is this data PHI?
|
|
30
|
+
- Is this actor a covered entity or business associate?
|
|
31
|
+
- Does a vendor or model provider require a BAA before touching the data?
|
|
32
|
+
- Is access limited to the minimum necessary scope?
|
|
33
|
+
- Are read/write/export events auditable?
|
|
34
|
+
3. Escalate to `healthcare-reviewer` if the task affects patient safety, clinical workflows, or regulated production architecture.
|
|
35
|
+
|
|
36
|
+
## HIPAA-Specific Guardrails
|
|
37
|
+
|
|
38
|
+
- Never place PHI in logs, analytics events, crash reports, prompts, or client-visible error strings.
|
|
39
|
+
- Never expose PHI in URLs, browser storage, screenshots, or copied example payloads.
|
|
40
|
+
- Require authenticated access, scoped authorization, and audit trails for PHI reads and writes.
|
|
41
|
+
- Treat third-party SaaS, observability, support tooling, and LLM providers as blocked-by-default until BAA status and data boundaries are clear.
|
|
42
|
+
- Follow minimum necessary access: the right user should only see the smallest PHI slice needed for the task.
|
|
43
|
+
- Prefer opaque internal IDs over names, MRNs, phone numbers, addresses, or other identifiers.
|
|
44
|
+
|
|
45
|
+
## Examples
|
|
46
|
+
|
|
47
|
+
### Example 1: Product request framed as HIPAA
|
|
48
|
+
|
|
49
|
+
User request:
|
|
50
|
+
|
|
51
|
+
> Add AI-generated visit summaries to our clinician dashboard. We serve US clinics and need to stay HIPAA compliant.
|
|
52
|
+
|
|
53
|
+
Response pattern:
|
|
54
|
+
|
|
55
|
+
- Activate `hipaa-compliance`
|
|
56
|
+
- Use `healthcare-phi-compliance` to review PHI movement, logging, storage, and prompt boundaries
|
|
57
|
+
- Verify whether the summarization provider is covered by a BAA before any PHI is sent
|
|
58
|
+
- Escalate to `healthcare-reviewer` if the summaries influence clinical decisions
|
|
59
|
+
|
|
60
|
+
### Example 2: Vendor/tooling decision
|
|
61
|
+
|
|
62
|
+
User request:
|
|
63
|
+
|
|
64
|
+
> Can we send support transcripts and patient messages into our analytics stack?
|
|
65
|
+
|
|
66
|
+
Response pattern:
|
|
67
|
+
|
|
68
|
+
- Assume those messages may contain PHI
|
|
69
|
+
- Block the design unless the analytics vendor is approved for HIPAA-bound workloads and the data path is minimized
|
|
70
|
+
- Require redaction or a non-PHI event model when possible
|
|
71
|
+
|
|
72
|
+
## Related Skills
|
|
73
|
+
|
|
74
|
+
- `healthcare-phi-compliance`
|
|
75
|
+
- `healthcare-reviewer`
|
|
76
|
+
- `healthcare-emr-patterns`
|
|
77
|
+
- `healthcare-eval-harness`
|
|
78
|
+
- `security-review`
|