agy-superpowers 5.2.1 → 5.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (233) hide show
  1. package/README.md +47 -150
  2. package/package.json +1 -1
  3. package/template/agent/patches/skills-patches.md +23 -0
  4. package/template/agent/rules/scratch-scripts.md +37 -0
  5. package/template/agent/rules/superpowers.md +6 -50
  6. package/template/agent/skills/brainstorming/SKILL.md +4 -3
  7. package/template/agent/skills/brainstorming/visual-companion.md +2 -3
  8. package/template/agent/skills/finishing-a-development-branch/SKILL.md +11 -16
  9. package/template/agent/skills/subagent-driven-development/SKILL.md +16 -0
  10. package/template/agent/skills/subagent-driven-development/implementer-prompt.md +4 -3
  11. package/template/agent/skills/using-git-worktrees/SKILL.md +3 -2
  12. package/template/agent/skills/using-superpowers/SKILL.md +8 -6
  13. package/template/agent/skills/using-superpowers/references/copilot-tools.md +52 -0
  14. package/template/agent/skills/writing-plans/SKILL.md +5 -3
  15. package/template/agent/skills/writing-skills/SKILL.md +1 -1
  16. package/template/agent/superpowers-version.json +2 -2
  17. package/template/agent/tmp/agent-config-backup.yml +9 -0
  18. package/template/agent/skills/ai-integrated-product/SKILL.md +0 -57
  19. package/template/agent/skills/analytics-setup/SKILL.md +0 -51
  20. package/template/agent/skills/api-design/SKILL.md +0 -193
  21. package/template/agent/skills/app-store-optimizer/SKILL.md +0 -127
  22. package/template/agent/skills/auth-and-identity/SKILL.md +0 -167
  23. package/template/agent/skills/backend-developer/SKILL.md +0 -148
  24. package/template/agent/skills/bootstrapper-finance/SKILL.md +0 -55
  25. package/template/agent/skills/chrome-extension-developer/SKILL.md +0 -53
  26. package/template/agent/skills/community-manager/SKILL.md +0 -115
  27. package/template/agent/skills/content-marketer/SKILL.md +0 -111
  28. package/template/agent/skills/conversion-optimizer/SKILL.md +0 -142
  29. package/template/agent/skills/cto-architect/SKILL.md +0 -133
  30. package/template/agent/skills/customer-success-manager/SKILL.md +0 -126
  31. package/template/agent/skills/data-analyst/SKILL.md +0 -147
  32. package/template/agent/skills/devops-engineer/SKILL.md +0 -117
  33. package/template/agent/skills/email-infrastructure/SKILL.md +0 -164
  34. package/template/agent/skills/game-design/SKILL.md +0 -194
  35. package/template/agent/skills/game-developer/SKILL.md +0 -175
  36. package/template/agent/skills/growth-hacker/SKILL.md +0 -122
  37. package/template/agent/skills/idea-validator/SKILL.md +0 -55
  38. package/template/agent/skills/indie-legal/SKILL.md +0 -53
  39. package/template/agent/skills/influencer-marketer/SKILL.md +0 -141
  40. package/template/agent/skills/landing-page-builder/SKILL.md +0 -59
  41. package/template/agent/skills/launch-strategist/SKILL.md +0 -62
  42. package/template/agent/skills/market-researcher/SKILL.md +0 -53
  43. package/template/agent/skills/micro-saas-builder/SKILL.md +0 -56
  44. package/template/agent/skills/monetization-strategist/SKILL.md +0 -119
  45. package/template/agent/skills/paid-acquisition-specialist/SKILL.md +0 -119
  46. package/template/agent/skills/pricing-psychologist/SKILL.md +0 -58
  47. package/template/agent/skills/real-time-features/SKILL.md +0 -194
  48. package/template/agent/skills/retention-specialist/SKILL.md +0 -123
  49. package/template/agent/skills/rust-developer/SKILL.md +0 -281
  50. package/template/agent/skills/rust-developer/references/rust-rules/_sections.md +0 -231
  51. package/template/agent/skills/rust-developer/references/rust-rules/anti-clone-excessive.md +0 -124
  52. package/template/agent/skills/rust-developer/references/rust-rules/anti-collect-intermediate.md +0 -131
  53. package/template/agent/skills/rust-developer/references/rust-rules/anti-empty-catch.md +0 -132
  54. package/template/agent/skills/rust-developer/references/rust-rules/anti-expect-lazy.md +0 -95
  55. package/template/agent/skills/rust-developer/references/rust-rules/anti-format-hot-path.md +0 -141
  56. package/template/agent/skills/rust-developer/references/rust-rules/anti-index-over-iter.md +0 -125
  57. package/template/agent/skills/rust-developer/references/rust-rules/anti-lock-across-await.md +0 -127
  58. package/template/agent/skills/rust-developer/references/rust-rules/anti-over-abstraction.md +0 -120
  59. package/template/agent/skills/rust-developer/references/rust-rules/anti-panic-expected.md +0 -131
  60. package/template/agent/skills/rust-developer/references/rust-rules/anti-premature-optimize.md +0 -156
  61. package/template/agent/skills/rust-developer/references/rust-rules/anti-string-for-str.md +0 -122
  62. package/template/agent/skills/rust-developer/references/rust-rules/anti-stringly-typed.md +0 -167
  63. package/template/agent/skills/rust-developer/references/rust-rules/anti-type-erasure.md +0 -134
  64. package/template/agent/skills/rust-developer/references/rust-rules/anti-unwrap-abuse.md +0 -143
  65. package/template/agent/skills/rust-developer/references/rust-rules/anti-vec-for-slice.md +0 -121
  66. package/template/agent/skills/rust-developer/references/rust-rules/api-builder-must-use.md +0 -143
  67. package/template/agent/skills/rust-developer/references/rust-rules/api-builder-pattern.md +0 -187
  68. package/template/agent/skills/rust-developer/references/rust-rules/api-common-traits.md +0 -165
  69. package/template/agent/skills/rust-developer/references/rust-rules/api-default-impl.md +0 -177
  70. package/template/agent/skills/rust-developer/references/rust-rules/api-extension-trait.md +0 -163
  71. package/template/agent/skills/rust-developer/references/rust-rules/api-from-not-into.md +0 -146
  72. package/template/agent/skills/rust-developer/references/rust-rules/api-impl-asref.md +0 -142
  73. package/template/agent/skills/rust-developer/references/rust-rules/api-impl-into.md +0 -160
  74. package/template/agent/skills/rust-developer/references/rust-rules/api-must-use.md +0 -125
  75. package/template/agent/skills/rust-developer/references/rust-rules/api-newtype-safety.md +0 -162
  76. package/template/agent/skills/rust-developer/references/rust-rules/api-non-exhaustive.md +0 -177
  77. package/template/agent/skills/rust-developer/references/rust-rules/api-parse-dont-validate.md +0 -184
  78. package/template/agent/skills/rust-developer/references/rust-rules/api-sealed-trait.md +0 -168
  79. package/template/agent/skills/rust-developer/references/rust-rules/api-serde-optional.md +0 -182
  80. package/template/agent/skills/rust-developer/references/rust-rules/api-typestate.md +0 -199
  81. package/template/agent/skills/rust-developer/references/rust-rules/async-bounded-channel.md +0 -175
  82. package/template/agent/skills/rust-developer/references/rust-rules/async-broadcast-pubsub.md +0 -185
  83. package/template/agent/skills/rust-developer/references/rust-rules/async-cancellation-token.md +0 -203
  84. package/template/agent/skills/rust-developer/references/rust-rules/async-clone-before-await.md +0 -171
  85. package/template/agent/skills/rust-developer/references/rust-rules/async-join-parallel.md +0 -158
  86. package/template/agent/skills/rust-developer/references/rust-rules/async-joinset-structured.md +0 -195
  87. package/template/agent/skills/rust-developer/references/rust-rules/async-mpsc-queue.md +0 -171
  88. package/template/agent/skills/rust-developer/references/rust-rules/async-no-lock-await.md +0 -156
  89. package/template/agent/skills/rust-developer/references/rust-rules/async-oneshot-response.md +0 -191
  90. package/template/agent/skills/rust-developer/references/rust-rules/async-select-racing.md +0 -198
  91. package/template/agent/skills/rust-developer/references/rust-rules/async-spawn-blocking.md +0 -154
  92. package/template/agent/skills/rust-developer/references/rust-rules/async-tokio-fs.md +0 -167
  93. package/template/agent/skills/rust-developer/references/rust-rules/async-tokio-runtime.md +0 -169
  94. package/template/agent/skills/rust-developer/references/rust-rules/async-try-join.md +0 -172
  95. package/template/agent/skills/rust-developer/references/rust-rules/async-watch-latest.md +0 -189
  96. package/template/agent/skills/rust-developer/references/rust-rules/doc-all-public.md +0 -113
  97. package/template/agent/skills/rust-developer/references/rust-rules/doc-cargo-metadata.md +0 -147
  98. package/template/agent/skills/rust-developer/references/rust-rules/doc-errors-section.md +0 -122
  99. package/template/agent/skills/rust-developer/references/rust-rules/doc-examples-section.md +0 -161
  100. package/template/agent/skills/rust-developer/references/rust-rules/doc-hidden-setup.md +0 -149
  101. package/template/agent/skills/rust-developer/references/rust-rules/doc-intra-links.md +0 -138
  102. package/template/agent/skills/rust-developer/references/rust-rules/doc-link-types.md +0 -169
  103. package/template/agent/skills/rust-developer/references/rust-rules/doc-module-inner.md +0 -116
  104. package/template/agent/skills/rust-developer/references/rust-rules/doc-panics-section.md +0 -128
  105. package/template/agent/skills/rust-developer/references/rust-rules/doc-question-mark.md +0 -136
  106. package/template/agent/skills/rust-developer/references/rust-rules/doc-safety-section.md +0 -131
  107. package/template/agent/skills/rust-developer/references/rust-rules/err-anyhow-app.md +0 -179
  108. package/template/agent/skills/rust-developer/references/rust-rules/err-context-chain.md +0 -144
  109. package/template/agent/skills/rust-developer/references/rust-rules/err-custom-type.md +0 -152
  110. package/template/agent/skills/rust-developer/references/rust-rules/err-doc-errors.md +0 -145
  111. package/template/agent/skills/rust-developer/references/rust-rules/err-expect-bugs-only.md +0 -133
  112. package/template/agent/skills/rust-developer/references/rust-rules/err-from-impl.md +0 -152
  113. package/template/agent/skills/rust-developer/references/rust-rules/err-lowercase-msg.md +0 -124
  114. package/template/agent/skills/rust-developer/references/rust-rules/err-no-unwrap-prod.md +0 -115
  115. package/template/agent/skills/rust-developer/references/rust-rules/err-question-mark.md +0 -151
  116. package/template/agent/skills/rust-developer/references/rust-rules/err-result-over-panic.md +0 -130
  117. package/template/agent/skills/rust-developer/references/rust-rules/err-source-chain.md +0 -155
  118. package/template/agent/skills/rust-developer/references/rust-rules/err-thiserror-lib.md +0 -171
  119. package/template/agent/skills/rust-developer/references/rust-rules/lint-cargo-metadata.md +0 -138
  120. package/template/agent/skills/rust-developer/references/rust-rules/lint-deny-correctness.md +0 -107
  121. package/template/agent/skills/rust-developer/references/rust-rules/lint-missing-docs.md +0 -154
  122. package/template/agent/skills/rust-developer/references/rust-rules/lint-pedantic-selective.md +0 -118
  123. package/template/agent/skills/rust-developer/references/rust-rules/lint-rustfmt-check.md +0 -157
  124. package/template/agent/skills/rust-developer/references/rust-rules/lint-unsafe-doc.md +0 -133
  125. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-complexity.md +0 -131
  126. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-perf.md +0 -136
  127. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-style.md +0 -135
  128. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-suspicious.md +0 -122
  129. package/template/agent/skills/rust-developer/references/rust-rules/lint-workspace-lints.md +0 -172
  130. package/template/agent/skills/rust-developer/references/rust-rules/mem-arena-allocator.md +0 -168
  131. package/template/agent/skills/rust-developer/references/rust-rules/mem-arrayvec.md +0 -142
  132. package/template/agent/skills/rust-developer/references/rust-rules/mem-assert-type-size.md +0 -168
  133. package/template/agent/skills/rust-developer/references/rust-rules/mem-avoid-format.md +0 -147
  134. package/template/agent/skills/rust-developer/references/rust-rules/mem-box-large-variant.md +0 -158
  135. package/template/agent/skills/rust-developer/references/rust-rules/mem-boxed-slice.md +0 -139
  136. package/template/agent/skills/rust-developer/references/rust-rules/mem-clone-from.md +0 -147
  137. package/template/agent/skills/rust-developer/references/rust-rules/mem-compact-string.md +0 -149
  138. package/template/agent/skills/rust-developer/references/rust-rules/mem-reuse-collections.md +0 -174
  139. package/template/agent/skills/rust-developer/references/rust-rules/mem-smaller-integers.md +0 -159
  140. package/template/agent/skills/rust-developer/references/rust-rules/mem-smallvec.md +0 -138
  141. package/template/agent/skills/rust-developer/references/rust-rules/mem-thinvec.md +0 -142
  142. package/template/agent/skills/rust-developer/references/rust-rules/mem-with-capacity.md +0 -156
  143. package/template/agent/skills/rust-developer/references/rust-rules/mem-write-over-format.md +0 -172
  144. package/template/agent/skills/rust-developer/references/rust-rules/mem-zero-copy.md +0 -164
  145. package/template/agent/skills/rust-developer/references/rust-rules/name-acronym-word.md +0 -99
  146. package/template/agent/skills/rust-developer/references/rust-rules/name-as-free.md +0 -104
  147. package/template/agent/skills/rust-developer/references/rust-rules/name-consts-screaming.md +0 -94
  148. package/template/agent/skills/rust-developer/references/rust-rules/name-crate-no-rs.md +0 -78
  149. package/template/agent/skills/rust-developer/references/rust-rules/name-funcs-snake.md +0 -76
  150. package/template/agent/skills/rust-developer/references/rust-rules/name-into-ownership.md +0 -123
  151. package/template/agent/skills/rust-developer/references/rust-rules/name-is-has-bool.md +0 -127
  152. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-convention.md +0 -129
  153. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-method.md +0 -131
  154. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-type-match.md +0 -142
  155. package/template/agent/skills/rust-developer/references/rust-rules/name-lifetime-short.md +0 -86
  156. package/template/agent/skills/rust-developer/references/rust-rules/name-no-get-prefix.md +0 -154
  157. package/template/agent/skills/rust-developer/references/rust-rules/name-to-expensive.md +0 -118
  158. package/template/agent/skills/rust-developer/references/rust-rules/name-type-param-single.md +0 -92
  159. package/template/agent/skills/rust-developer/references/rust-rules/name-types-camel.md +0 -65
  160. package/template/agent/skills/rust-developer/references/rust-rules/name-variants-camel.md +0 -101
  161. package/template/agent/skills/rust-developer/references/rust-rules/opt-bounds-check.md +0 -161
  162. package/template/agent/skills/rust-developer/references/rust-rules/opt-cache-friendly.md +0 -187
  163. package/template/agent/skills/rust-developer/references/rust-rules/opt-codegen-units.md +0 -142
  164. package/template/agent/skills/rust-developer/references/rust-rules/opt-cold-unlikely.md +0 -152
  165. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-always-rare.md +0 -141
  166. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-never-cold.md +0 -181
  167. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-small.md +0 -160
  168. package/template/agent/skills/rust-developer/references/rust-rules/opt-likely-hint.md +0 -171
  169. package/template/agent/skills/rust-developer/references/rust-rules/opt-lto-release.md +0 -130
  170. package/template/agent/skills/rust-developer/references/rust-rules/opt-pgo-profile.md +0 -167
  171. package/template/agent/skills/rust-developer/references/rust-rules/opt-simd-portable.md +0 -144
  172. package/template/agent/skills/rust-developer/references/rust-rules/opt-target-cpu.md +0 -154
  173. package/template/agent/skills/rust-developer/references/rust-rules/own-arc-shared.md +0 -141
  174. package/template/agent/skills/rust-developer/references/rust-rules/own-borrow-over-clone.md +0 -95
  175. package/template/agent/skills/rust-developer/references/rust-rules/own-clone-explicit.md +0 -135
  176. package/template/agent/skills/rust-developer/references/rust-rules/own-copy-small.md +0 -124
  177. package/template/agent/skills/rust-developer/references/rust-rules/own-cow-conditional.md +0 -135
  178. package/template/agent/skills/rust-developer/references/rust-rules/own-lifetime-elision.md +0 -134
  179. package/template/agent/skills/rust-developer/references/rust-rules/own-move-large.md +0 -134
  180. package/template/agent/skills/rust-developer/references/rust-rules/own-mutex-interior.md +0 -105
  181. package/template/agent/skills/rust-developer/references/rust-rules/own-rc-single-thread.md +0 -65
  182. package/template/agent/skills/rust-developer/references/rust-rules/own-refcell-interior.md +0 -97
  183. package/template/agent/skills/rust-developer/references/rust-rules/own-rwlock-readers.md +0 -122
  184. package/template/agent/skills/rust-developer/references/rust-rules/own-slice-over-vec.md +0 -119
  185. package/template/agent/skills/rust-developer/references/rust-rules/perf-black-box-bench.md +0 -153
  186. package/template/agent/skills/rust-developer/references/rust-rules/perf-chain-avoid.md +0 -136
  187. package/template/agent/skills/rust-developer/references/rust-rules/perf-collect-into.md +0 -133
  188. package/template/agent/skills/rust-developer/references/rust-rules/perf-collect-once.md +0 -120
  189. package/template/agent/skills/rust-developer/references/rust-rules/perf-drain-reuse.md +0 -137
  190. package/template/agent/skills/rust-developer/references/rust-rules/perf-entry-api.md +0 -134
  191. package/template/agent/skills/rust-developer/references/rust-rules/perf-extend-batch.md +0 -150
  192. package/template/agent/skills/rust-developer/references/rust-rules/perf-iter-lazy.md +0 -123
  193. package/template/agent/skills/rust-developer/references/rust-rules/perf-iter-over-index.md +0 -113
  194. package/template/agent/skills/rust-developer/references/rust-rules/perf-profile-first.md +0 -175
  195. package/template/agent/skills/rust-developer/references/rust-rules/perf-release-profile.md +0 -149
  196. package/template/agent/skills/rust-developer/references/rust-rules/proj-bin-dir.md +0 -142
  197. package/template/agent/skills/rust-developer/references/rust-rules/proj-flat-small.md +0 -133
  198. package/template/agent/skills/rust-developer/references/rust-rules/proj-lib-main-split.md +0 -148
  199. package/template/agent/skills/rust-developer/references/rust-rules/proj-mod-by-feature.md +0 -130
  200. package/template/agent/skills/rust-developer/references/rust-rules/proj-mod-rs-dir.md +0 -120
  201. package/template/agent/skills/rust-developer/references/rust-rules/proj-prelude-module.md +0 -155
  202. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-crate-internal.md +0 -139
  203. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-super-parent.md +0 -135
  204. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-use-reexport.md +0 -162
  205. package/template/agent/skills/rust-developer/references/rust-rules/proj-workspace-deps.md +0 -186
  206. package/template/agent/skills/rust-developer/references/rust-rules/proj-workspace-large.md +0 -162
  207. package/template/agent/skills/rust-developer/references/rust-rules/test-arrange-act-assert.md +0 -160
  208. package/template/agent/skills/rust-developer/references/rust-rules/test-cfg-test-module.md +0 -151
  209. package/template/agent/skills/rust-developer/references/rust-rules/test-criterion-bench.md +0 -171
  210. package/template/agent/skills/rust-developer/references/rust-rules/test-descriptive-names.md +0 -142
  211. package/template/agent/skills/rust-developer/references/rust-rules/test-doctest-examples.md +0 -168
  212. package/template/agent/skills/rust-developer/references/rust-rules/test-fixture-raii.md +0 -151
  213. package/template/agent/skills/rust-developer/references/rust-rules/test-integration-dir.md +0 -144
  214. package/template/agent/skills/rust-developer/references/rust-rules/test-mock-traits.md +0 -189
  215. package/template/agent/skills/rust-developer/references/rust-rules/test-mockall-mocking.md +0 -226
  216. package/template/agent/skills/rust-developer/references/rust-rules/test-proptest-properties.md +0 -161
  217. package/template/agent/skills/rust-developer/references/rust-rules/test-should-panic.md +0 -130
  218. package/template/agent/skills/rust-developer/references/rust-rules/test-tokio-async.md +0 -154
  219. package/template/agent/skills/rust-developer/references/rust-rules/test-use-super.md +0 -127
  220. package/template/agent/skills/rust-developer/references/rust-rules/type-enum-states.md +0 -154
  221. package/template/agent/skills/rust-developer/references/rust-rules/type-generic-bounds.md +0 -142
  222. package/template/agent/skills/rust-developer/references/rust-rules/type-never-diverge.md +0 -146
  223. package/template/agent/skills/rust-developer/references/rust-rules/type-newtype-ids.md +0 -160
  224. package/template/agent/skills/rust-developer/references/rust-rules/type-newtype-validated.md +0 -159
  225. package/template/agent/skills/rust-developer/references/rust-rules/type-no-stringly.md +0 -144
  226. package/template/agent/skills/rust-developer/references/rust-rules/type-option-nullable.md +0 -137
  227. package/template/agent/skills/rust-developer/references/rust-rules/type-phantom-marker.md +0 -188
  228. package/template/agent/skills/rust-developer/references/rust-rules/type-repr-transparent.md +0 -143
  229. package/template/agent/skills/rust-developer/references/rust-rules/type-result-fallible.md +0 -131
  230. package/template/agent/skills/saas-architect/SKILL.md +0 -139
  231. package/template/agent/skills/security-engineer/SKILL.md +0 -133
  232. package/template/agent/skills/seo-specialist/SKILL.md +0 -130
  233. package/template/agent/skills/solo-founder-ops/SKILL.md +0 -56
package/template/agent/skills/security-engineer/SKILL.md DELETED
@@ -1,133 +0,0 @@
1
- ---
2
- name: security-engineer
3
- description: Use when reviewing app security, setting up authentication, handling user data, ensuring GDPR/App Store compliance, or conducting security audits
4
- ---
5
-
6
- # Security Engineer Lens
7
-
8
- > **Philosophy:** Security is not a feature you add later — it's a constraint you design around from day one.
9
- > The cost of a breach is always higher than the cost of prevention.
10
-
11
- ---
12
-
13
- ## Core Instincts
14
-
15
- - **Principle of least privilege** — every system, user, and API key should have only the permissions it needs
16
- - **Defense in depth** — multiple layers of security; no single point of failure
17
- - **Never trust input** — validate and sanitize everything, regardless of source
18
- - **Secrets are not config** — credentials never live in code, git history, or logs
19
- - **Privacy by design** — collect only what you need; retain only as long as required
20
-
21
- ---
22
-
23
- ## OWASP Top 10 (Most Common Vulnerabilities)
24
-
25
- | Rank | Vulnerability | Prevention |
26
- |------|--------------|------------|
27
- | A01 | **Broken Access Control** | Enforce auth on every endpoint; deny by default |
28
- | A02 | **Cryptographic Failures** | Use TLS everywhere; bcrypt/argon2 for passwords |
29
- | A03 | **Injection** (SQL, NoSQL, OS) | Parameterized queries; never string-concatenate user input into queries |
30
- | A04 | **Insecure Design** | Threat model during design, not after |
31
- | A05 | **Security Misconfiguration** | Disable debug in prod; update defaults; least privilege |
32
- | A06 | **Vulnerable Components** | `npm audit` / `pip audit` regularly; automate with Dependabot |
33
- | A07 | **Identification and Authentication Failures** | bcrypt cost ≥12; JWT short expiry; PKCE for mobile |
34
- | A08 | **Software Integrity Failures** | Verify 3rd-party scripts; use SRI for CDN assets |
35
- | A09 | **Security Logging and Monitoring Failures** | Log security events; never log passwords/tokens/PII |
36
- | A10 | **SSRF** | Validate/allowlist outbound URLs; block internal network access |
37
-
38
- ---
39
-
40
- ## Auth Security Rules
41
-
42
- | Concern | Requirement |
43
- |---------|-------------|
44
- | Password hashing | `bcrypt` (cost ≥ 12; OWASP minimum is 10, 12 recommended) or `argon2id` — never MD5, SHA1, SHA256 |
45
- | JWT access token expiry | 15 minutes – 1 hour |
46
- | JWT refresh token expiry | 7–30 days; rotate on use |
47
- | Session cookies | `HttpOnly` + `Secure` + `SameSite=Strict` |
48
- | OAuth for mobile apps | PKCE required (no client_secret in mobile apps) |
49
- | API keys at rest | Store as SHA-256 hash; show plaintext only at creation |
50
- | Password reset tokens | Single-use, expire in 15–60 minutes |
51
- | Rate limiting auth endpoints | Max 5 failed attempts / 15 minutes per IP |
52
-
53
- ---
54
-
55
- ## Data Privacy Requirements
56
-
57
- ### GDPR (EU users)
58
- - Legal basis required for every data collection (consent, legitimate interest, contract)
59
- - Privacy policy must be clear, plain language, accessible before sign-up
60
- - Right to erasure: must be able to delete all user data on request
61
- - Data breach notification: 72 hours to supervisory authority, "without undue delay" to users
62
- - Data minimization: only collect what's needed for stated purpose
63
-
64
- ### App Store (Apple)
65
- - Privacy Nutrition Label: declare all data collected and its purpose
66
- - ATT (App Tracking Transparency): required prompt before any cross-app tracking
67
- - Data linked to user: justify every category collected
68
- - No collecting device data beyond stated purpose
69
-
70
- ---
71
-
72
- ## ❌ Anti-Patterns to Avoid
73
-
74
- | ❌ NEVER DO | Why | ✅ DO INSTEAD |
75
- |------------|-----|--------------|
76
- | `SELECT *` or raw string SQL | SQL injection risk | Parameterized queries / ORM always |
77
- | Secrets in `.env` committed to git | git history = permanent leak | `.env.example` only; real secrets in secret manager |
78
- | MD5 or SHA1 for passwords | Crackable in minutes with rainbow tables | `bcrypt` cost ≥12 or `argon2id` |
79
- | JWT stored in `localStorage` | XSS attack can steal it | Use `HttpOnly` cookies for JWTs |
80
- | Disable CORS entirely | Any site can make authenticated requests as your user | Configure CORS allowlist carefully |
81
- | Verbose error messages in prod | Leaks implementation details | Generic messages to clients; full details in server logs only |
82
- | No dependency vulnerability scanning | CVEs accumulate silently | Dependabot / Snyk / `npm audit` in CI |
83
-
84
- ---
85
-
86
- ## Security Audit Checklist for Indie Hackers
87
-
88
- **Authentication:**
89
- - [ ] Passwords hashed with bcrypt (cost ≥12) or argon2id
90
- - [ ] Rate limiting on login + password reset endpoints
91
- - [ ] JWT access tokens expire in < 1 hour
92
- - [ ] HTTPS enforced everywhere (redirect HTTP → HTTPS)
93
-
94
- **Data:**
95
- - [ ] No PII in logs (emails, names, IP addresses)
96
- - [ ] User data deletion endpoint exists and works
97
- - [ ] Database not publicly accessible (behind VPC/firewall)
98
- - [ ] Backups encrypted at rest
99
-
100
- **Dependencies:**
101
- - [ ] `npm audit` / `pip audit` / `bundle audit` in CI pipeline
102
- - [ ] No known critical CVEs in production dependencies
103
-
104
- **App Store / Privacy:**
105
- - [ ] Privacy Nutrition Label accurate (iOS)
106
- - [ ] ATT prompt implemented if tracking cross-app (iOS)
107
- - [ ] Privacy policy live and linked from app/store listing
108
-
109
- ---
110
-
111
- ## Questions You Always Ask
112
-
113
- **When adding auth:**
114
- - What's the token storage strategy? (Avoid localStorage for JWTs)
115
- - Is the password reset flow single-use and time-limited?
116
- - Are failed login attempts rate-limited per IP?
117
-
118
- **When handling user data:**
119
- - Is there a legal basis for collecting this data?
120
- - Can a user request deletion of all their data?
121
- - Is this data encrypted at rest and in transit?
122
-
123
- ---
124
-
125
- ## Who to Pair With
126
- - `backend-developer` — for auth implementation and API security
127
- - `devops-engineer` — for infrastructure security and secret management
128
- - `cto-architect` — for threat modeling and security architecture
129
-
130
- ---
131
-
132
- ## Tools
133
- OWASP ZAP (free scanner) · Snyk · Dependabot · Burp Suite (manual testing) · HaveIBeenPwned API (compromised password check) · Neon / Supabase (managed DB with encryption at rest)
package/template/agent/skills/seo-specialist/SKILL.md DELETED
@@ -1,130 +0,0 @@
1
- ---
2
- name: seo-specialist
3
- description: Use when working on technical SEO, keyword research, on-page optimization, backlink strategy, or improving organic search rankings
4
- ---
5
-
6
- # SEO Specialist Lens
7
-
8
- > **Philosophy:** SEO is long-term compounding equity. Get indexed → get ranked → get traffic → repeat.
9
- > Google ranks pages, not websites. Every page is its own opportunity.
10
-
11
- ---
12
-
13
- ## Core Instincts
14
-
15
- - **Search intent first** — understand WHY someone searches before writing
16
- - **Crawl → Index → Rank** — a page can't rank if it's not indexed; can't be indexed if not crawled
17
- - **E-E-A-T matters for every niche** — Experience, Expertise, Authoritativeness, Trustworthiness
18
- - **Backlinks = votes** — quality beats quantity; one DR70 link > 100 DR10 links
19
- - **Core Web Vitals are a ranking signal** — performance and UX directly affect SEO
20
-
21
- ---
22
-
23
- ## On-Page SEO Exact Rules
24
-
25
- | Element | Rule | Why |
26
- |---------|------|-----|
27
- | `<title>` tag | ≤ 60 characters | Truncated in SERPs beyond this |
28
- | Meta description | ≤ 160 characters | Truncated; influences CTR not ranking |
29
- | `<h1>` | 1 per page; include primary keyword | Strongest on-page keyword signal |
30
- | URL slug | Short, hyphenated, keyword-rich | Clarity + keyword signal |
31
- | Alt text (images) | Descriptive, include keyword naturally | Accessibility + image search |
32
- | Primary keyword | In first 100 words, title, H1, 1 H2 | Keyword density ≈ 1–2%, no stuffing |
33
- | Internal links | ≥ 3 to related pages | Passes link equity, improves crawl |
34
- | Page load speed | LCP < 2.5s, CLS < 0.1, INP < 200ms | Core Web Vitals ranking signal |
35
-
36
- ---
37
-
38
- ## Keyword Research Process
39
-
40
- 1. **Seed terms** — brainstorm 20–30 core topics
41
- 2. **Expand** — use Ahrefs / Semrush "keyword ideas" to 5× the list
42
- 3. **Cluster by intent** — Informational / Navigational / Commercial / Transactional
43
- 4. **Score by KD + Volume** — prioritize: Volume > 100/month + KD < 30 (for new sites)
44
- 5. **Long-tail first** — easier to rank; signals authority for head terms
45
- 6. **Map to pages** — 1 primary keyword per page, 2–5 secondary
46
-
47
- ---
48
-
49
- ## Keyword Difficulty by Domain Rating
50
-
51
- | Your Site DR | Target KD (Keyword Difficulty) |
52
- |-------------|-------------------------------|
53
- | 0–20 | < 15 |
54
- | 20–40 | < 25 |
55
- | 40–60 | < 40 |
56
- | 60+ | < 60 |
57
-
58
- *(DR = Domain Rating, KD = Keyword Difficulty, both 0–100 scale in Ahrefs)*
59
-
60
- ---
61
-
62
- ## Technical SEO Checklist
63
-
64
- - [ ] `sitemap.xml` submitted to Google Search Console + Bing Webmaster
65
- - [ ] `robots.txt` not accidentally blocking important pages
66
- - [ ] Canonical tags on duplicate/near-duplicate pages
67
- - [ ] HTTPS on all pages (non-HTTPS = ranking penalty)
68
- - [ ] Mobile-friendly (Google uses mobile-first indexing)
69
- - [ ] Core Web Vitals passing (LCP, CLS, INP) — verify in GSC
70
- - [ ] Structured data (JSON-LD) on applicable pages (FAQ, Product, Review, Breadcrumb)
71
- - [ ] No orphan pages (every important page linked to from at least 1 other page)
72
- - [ ] Hreflang tags for multilingual sites
73
-
74
- ---
75
-
76
- ## Backlink Strategy
77
-
78
- | Tactic | Effort | ROI |
79
- |--------|--------|-----|
80
- | Content linkbait (tools, data studies, guides) | High | ✅ Very high |
81
- | Guest posting on relevant sites | Medium | ✅ High |
82
- | HARO / journalist requests | Low | ✅ High |
83
- | Broken link building | Medium | Medium |
84
- | Directory and startup listings | Low | Low-medium |
85
- | Buying links | — | ❌ Google penalty risk |
86
-
87
- **Anchor text diversity:** Branded (40%) > Natural ("click here", 25%) > Keyword-rich (25%) > Naked URL (10%). Keyword-heavy anchor = manipulation signal.
88
-
89
- ---
90
-
91
- ## Questions You Always Ask
92
-
93
- **When auditing a site:**
94
- - Is the site indexed? (Check `site:domain.com` in Google, or GSC Index report)
95
- - What's the current DR/DA? What's the plan to grow it?
96
- - Are there pages cannibalizing each other for the same keyword?
97
- - What does GSC show for impressions with 0 clicks? (Position 8–20 = low-hanging optimization)
98
-
99
- **When planning new content:**
100
- - What's the search intent — informational, commercial, or transactional?
101
- - Is there current ranking content to optimize, or do we need a new page?
102
- - What would earn a featured snippet for this query?
103
-
104
- ---
105
-
106
- ## Red Flags
107
-
108
- **Must fix:**
109
- - [ ] Important pages not indexed (check GSC)
110
- - [ ] Multiple pages targeting the same keyword (cannibalization)
111
- - [ ] No `<h1>` or multiple `<h1>` on a page
112
- - [ ] Core Web Vitals failing in GSC
113
-
114
- **Should fix:**
115
- - [ ] No internal linking between related posts
116
- - [ ] meta description missing or > 160 chars
117
- - [ ] Title tags > 60 chars
118
- - [ ] No structured data on applicable pages
119
-
120
- ---
121
-
122
- ## Who to Pair With
123
- - `content-marketer` — for content strategy and topic selection
124
- - `frontend-developer` — for Core Web Vitals and technical implementation
125
- - `data-analyst` — for GSC data analysis and ranking tracking
126
-
127
- ---
128
-
129
- ## Tools
130
- Google Search Console (free, essential) · Ahrefs · Semrush · Screaming Frog (site audits) · PageSpeed Insights · Moz · Answer the Public
package/template/agent/skills/solo-founder-ops/SKILL.md DELETED
@@ -1,56 +0,0 @@
1
- ---
2
- name: solo-founder-ops
3
- description: Use when managing time, prioritizing features, or running multiple products as a solo founder
4
- ---
5
-
6
- # Solo Founder Ops Lens
7
-
8
- ## Identity
9
- You are ruthlessly protective of the founder's time and energy. You believe in extreme prioritization, automation over manual effort, and saying "no" to almost everything.
10
-
11
- ## Core Instincts
12
- - **Time is the only hard constraint** — you can't buy more of it; protect deep work blocks
13
- - **Automate or die** — if a task takes > 15 minutes and happens weekly, it must be automated
14
- - **Focus over fragmentation** — one successful product is better than 5 failing ones
15
- - **Decision velocity matters** — distinguish between reversible and irreversible decisions
16
-
17
- ## Core Knowledge
18
-
19
- **Time Allocation Framework:**
20
- - 60% building (code, design, product)
21
- - 20% marketing/distribution
22
- - 10% support/operations
23
- - 10% learning/research
24
-
25
- **Prioritization (ICE Scoring):**
26
- Score features 1-10 on three axes, then multiply:
27
- 1. Impact: How much does this move the needle?
28
- 2. Confidence: How sure are we this will work?
29
- 3. Ease: How easy is this to build?
30
- *Rule: Limit Work In Progress (WIP) to 1-2 features max.*
31
-
32
- **Automation Playbook:**
33
- - Automate support: FAQ page, simple chatbots, clear in-app copy
34
- - Automate deployment: CI/CD from day 1
35
- - Automate monitoring: Uptime alerts, exception tracking (Sentry)
36
- - Automate billing: Use fully managed solutions (Stripe Checkout)
37
-
38
- **Multi-Product Management:**
39
- - Do not start product #2 until product #1 has clear Product-Market Fit (>40% of users would be "very disappointed" without it).
40
- - Standardize infrastructure across products (same auth provider, same styling framework).
41
-
42
- **Energy Management:**
43
- - Batch similar tasks (all support on Tuesday mornings, all deep coding on Wednesdays).
44
- - Make 2-way door decisions (reversible) in < 5 minutes.
45
- - Sleep on 1-way door decisions (irreversible), max 48h.
46
-
47
- ## Questions You Always Ask
48
- - Is this feature request coming from a paying user or a free tier user?
49
- - What is the ICE score of the top 3 items on the roadmap?
50
- - Can we automate this recurring task right now instead of doing it manually?
51
-
52
- ## Red Flags / Anti-Patterns
53
- - [ ] Building features nobody explicitly asked for
54
- - [ ] Spending > 30% of the week on customer support (raise prices or fix the UX)
55
- - [ ] Starting product #2 while product #1 has < $1K MRR
56
- - [ ] Perfectionism on v1 (ship good enough, iterate later)