agy-superpowers 5.2.2 → 5.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (231) hide show
  1. package/README.md +47 -150
  2. package/package.json +1 -1
  3. package/template/agent/rules/CLAUDE.md +80 -0
  4. package/template/agent/rules/code-styles.md +31 -32
  5. package/template/agent/rules/debug-confirmation-policy.md +2 -0
  6. package/template/agent/rules/file-length-policy.md +2 -0
  7. package/template/agent/rules/git-policy.md +7 -0
  8. package/template/agent/rules/language-matching.md +2 -0
  9. package/template/agent/rules/scratch-scripts.md +39 -0
  10. package/template/agent/rules/superpowers.md +8 -51
  11. package/template/agent/skills/executing-plans/SKILL.md +17 -0
  12. package/template/agent/skills/systematic-debugging/SKILL.md +16 -0
  13. package/template/agent/skills/test-driven-development/SKILL.md +16 -0
  14. package/template/agent/skills/verification-before-completion/SKILL.md +22 -0
  15. package/template/agent/skills/writing-plans/SKILL.md +16 -0
  16. package/template/agent/skills/ai-integrated-product/SKILL.md +0 -57
  17. package/template/agent/skills/analytics-setup/SKILL.md +0 -51
  18. package/template/agent/skills/api-design/SKILL.md +0 -193
  19. package/template/agent/skills/app-store-optimizer/SKILL.md +0 -127
  20. package/template/agent/skills/auth-and-identity/SKILL.md +0 -167
  21. package/template/agent/skills/backend-developer/SKILL.md +0 -148
  22. package/template/agent/skills/bootstrapper-finance/SKILL.md +0 -55
  23. package/template/agent/skills/chrome-extension-developer/SKILL.md +0 -53
  24. package/template/agent/skills/community-manager/SKILL.md +0 -115
  25. package/template/agent/skills/content-marketer/SKILL.md +0 -111
  26. package/template/agent/skills/conversion-optimizer/SKILL.md +0 -142
  27. package/template/agent/skills/cto-architect/SKILL.md +0 -133
  28. package/template/agent/skills/customer-success-manager/SKILL.md +0 -126
  29. package/template/agent/skills/data-analyst/SKILL.md +0 -147
  30. package/template/agent/skills/devops-engineer/SKILL.md +0 -117
  31. package/template/agent/skills/email-infrastructure/SKILL.md +0 -164
  32. package/template/agent/skills/game-design/SKILL.md +0 -194
  33. package/template/agent/skills/game-developer/SKILL.md +0 -175
  34. package/template/agent/skills/growth-hacker/SKILL.md +0 -122
  35. package/template/agent/skills/idea-validator/SKILL.md +0 -55
  36. package/template/agent/skills/indie-legal/SKILL.md +0 -53
  37. package/template/agent/skills/influencer-marketer/SKILL.md +0 -141
  38. package/template/agent/skills/landing-page-builder/SKILL.md +0 -59
  39. package/template/agent/skills/launch-strategist/SKILL.md +0 -62
  40. package/template/agent/skills/market-researcher/SKILL.md +0 -53
  41. package/template/agent/skills/micro-saas-builder/SKILL.md +0 -56
  42. package/template/agent/skills/monetization-strategist/SKILL.md +0 -119
  43. package/template/agent/skills/paid-acquisition-specialist/SKILL.md +0 -119
  44. package/template/agent/skills/pricing-psychologist/SKILL.md +0 -58
  45. package/template/agent/skills/real-time-features/SKILL.md +0 -194
  46. package/template/agent/skills/retention-specialist/SKILL.md +0 -123
  47. package/template/agent/skills/rust-developer/SKILL.md +0 -281
  48. package/template/agent/skills/rust-developer/references/rust-rules/_sections.md +0 -231
  49. package/template/agent/skills/rust-developer/references/rust-rules/anti-clone-excessive.md +0 -124
  50. package/template/agent/skills/rust-developer/references/rust-rules/anti-collect-intermediate.md +0 -131
  51. package/template/agent/skills/rust-developer/references/rust-rules/anti-empty-catch.md +0 -132
  52. package/template/agent/skills/rust-developer/references/rust-rules/anti-expect-lazy.md +0 -95
  53. package/template/agent/skills/rust-developer/references/rust-rules/anti-format-hot-path.md +0 -141
  54. package/template/agent/skills/rust-developer/references/rust-rules/anti-index-over-iter.md +0 -125
  55. package/template/agent/skills/rust-developer/references/rust-rules/anti-lock-across-await.md +0 -127
  56. package/template/agent/skills/rust-developer/references/rust-rules/anti-over-abstraction.md +0 -120
  57. package/template/agent/skills/rust-developer/references/rust-rules/anti-panic-expected.md +0 -131
  58. package/template/agent/skills/rust-developer/references/rust-rules/anti-premature-optimize.md +0 -156
  59. package/template/agent/skills/rust-developer/references/rust-rules/anti-string-for-str.md +0 -122
  60. package/template/agent/skills/rust-developer/references/rust-rules/anti-stringly-typed.md +0 -167
  61. package/template/agent/skills/rust-developer/references/rust-rules/anti-type-erasure.md +0 -134
  62. package/template/agent/skills/rust-developer/references/rust-rules/anti-unwrap-abuse.md +0 -143
  63. package/template/agent/skills/rust-developer/references/rust-rules/anti-vec-for-slice.md +0 -121
  64. package/template/agent/skills/rust-developer/references/rust-rules/api-builder-must-use.md +0 -143
  65. package/template/agent/skills/rust-developer/references/rust-rules/api-builder-pattern.md +0 -187
  66. package/template/agent/skills/rust-developer/references/rust-rules/api-common-traits.md +0 -165
  67. package/template/agent/skills/rust-developer/references/rust-rules/api-default-impl.md +0 -177
  68. package/template/agent/skills/rust-developer/references/rust-rules/api-extension-trait.md +0 -163
  69. package/template/agent/skills/rust-developer/references/rust-rules/api-from-not-into.md +0 -146
  70. package/template/agent/skills/rust-developer/references/rust-rules/api-impl-asref.md +0 -142
  71. package/template/agent/skills/rust-developer/references/rust-rules/api-impl-into.md +0 -160
  72. package/template/agent/skills/rust-developer/references/rust-rules/api-must-use.md +0 -125
  73. package/template/agent/skills/rust-developer/references/rust-rules/api-newtype-safety.md +0 -162
  74. package/template/agent/skills/rust-developer/references/rust-rules/api-non-exhaustive.md +0 -177
  75. package/template/agent/skills/rust-developer/references/rust-rules/api-parse-dont-validate.md +0 -184
  76. package/template/agent/skills/rust-developer/references/rust-rules/api-sealed-trait.md +0 -168
  77. package/template/agent/skills/rust-developer/references/rust-rules/api-serde-optional.md +0 -182
  78. package/template/agent/skills/rust-developer/references/rust-rules/api-typestate.md +0 -199
  79. package/template/agent/skills/rust-developer/references/rust-rules/async-bounded-channel.md +0 -175
  80. package/template/agent/skills/rust-developer/references/rust-rules/async-broadcast-pubsub.md +0 -185
  81. package/template/agent/skills/rust-developer/references/rust-rules/async-cancellation-token.md +0 -203
  82. package/template/agent/skills/rust-developer/references/rust-rules/async-clone-before-await.md +0 -171
  83. package/template/agent/skills/rust-developer/references/rust-rules/async-join-parallel.md +0 -158
  84. package/template/agent/skills/rust-developer/references/rust-rules/async-joinset-structured.md +0 -195
  85. package/template/agent/skills/rust-developer/references/rust-rules/async-mpsc-queue.md +0 -171
  86. package/template/agent/skills/rust-developer/references/rust-rules/async-no-lock-await.md +0 -156
  87. package/template/agent/skills/rust-developer/references/rust-rules/async-oneshot-response.md +0 -191
  88. package/template/agent/skills/rust-developer/references/rust-rules/async-select-racing.md +0 -198
  89. package/template/agent/skills/rust-developer/references/rust-rules/async-spawn-blocking.md +0 -154
  90. package/template/agent/skills/rust-developer/references/rust-rules/async-tokio-fs.md +0 -167
  91. package/template/agent/skills/rust-developer/references/rust-rules/async-tokio-runtime.md +0 -169
  92. package/template/agent/skills/rust-developer/references/rust-rules/async-try-join.md +0 -172
  93. package/template/agent/skills/rust-developer/references/rust-rules/async-watch-latest.md +0 -189
  94. package/template/agent/skills/rust-developer/references/rust-rules/doc-all-public.md +0 -113
  95. package/template/agent/skills/rust-developer/references/rust-rules/doc-cargo-metadata.md +0 -147
  96. package/template/agent/skills/rust-developer/references/rust-rules/doc-errors-section.md +0 -122
  97. package/template/agent/skills/rust-developer/references/rust-rules/doc-examples-section.md +0 -161
  98. package/template/agent/skills/rust-developer/references/rust-rules/doc-hidden-setup.md +0 -149
  99. package/template/agent/skills/rust-developer/references/rust-rules/doc-intra-links.md +0 -138
  100. package/template/agent/skills/rust-developer/references/rust-rules/doc-link-types.md +0 -169
  101. package/template/agent/skills/rust-developer/references/rust-rules/doc-module-inner.md +0 -116
  102. package/template/agent/skills/rust-developer/references/rust-rules/doc-panics-section.md +0 -128
  103. package/template/agent/skills/rust-developer/references/rust-rules/doc-question-mark.md +0 -136
  104. package/template/agent/skills/rust-developer/references/rust-rules/doc-safety-section.md +0 -131
  105. package/template/agent/skills/rust-developer/references/rust-rules/err-anyhow-app.md +0 -179
  106. package/template/agent/skills/rust-developer/references/rust-rules/err-context-chain.md +0 -144
  107. package/template/agent/skills/rust-developer/references/rust-rules/err-custom-type.md +0 -152
  108. package/template/agent/skills/rust-developer/references/rust-rules/err-doc-errors.md +0 -145
  109. package/template/agent/skills/rust-developer/references/rust-rules/err-expect-bugs-only.md +0 -133
  110. package/template/agent/skills/rust-developer/references/rust-rules/err-from-impl.md +0 -152
  111. package/template/agent/skills/rust-developer/references/rust-rules/err-lowercase-msg.md +0 -124
  112. package/template/agent/skills/rust-developer/references/rust-rules/err-no-unwrap-prod.md +0 -115
  113. package/template/agent/skills/rust-developer/references/rust-rules/err-question-mark.md +0 -151
  114. package/template/agent/skills/rust-developer/references/rust-rules/err-result-over-panic.md +0 -130
  115. package/template/agent/skills/rust-developer/references/rust-rules/err-source-chain.md +0 -155
  116. package/template/agent/skills/rust-developer/references/rust-rules/err-thiserror-lib.md +0 -171
  117. package/template/agent/skills/rust-developer/references/rust-rules/lint-cargo-metadata.md +0 -138
  118. package/template/agent/skills/rust-developer/references/rust-rules/lint-deny-correctness.md +0 -107
  119. package/template/agent/skills/rust-developer/references/rust-rules/lint-missing-docs.md +0 -154
  120. package/template/agent/skills/rust-developer/references/rust-rules/lint-pedantic-selective.md +0 -118
  121. package/template/agent/skills/rust-developer/references/rust-rules/lint-rustfmt-check.md +0 -157
  122. package/template/agent/skills/rust-developer/references/rust-rules/lint-unsafe-doc.md +0 -133
  123. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-complexity.md +0 -131
  124. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-perf.md +0 -136
  125. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-style.md +0 -135
  126. package/template/agent/skills/rust-developer/references/rust-rules/lint-warn-suspicious.md +0 -122
  127. package/template/agent/skills/rust-developer/references/rust-rules/lint-workspace-lints.md +0 -172
  128. package/template/agent/skills/rust-developer/references/rust-rules/mem-arena-allocator.md +0 -168
  129. package/template/agent/skills/rust-developer/references/rust-rules/mem-arrayvec.md +0 -142
  130. package/template/agent/skills/rust-developer/references/rust-rules/mem-assert-type-size.md +0 -168
  131. package/template/agent/skills/rust-developer/references/rust-rules/mem-avoid-format.md +0 -147
  132. package/template/agent/skills/rust-developer/references/rust-rules/mem-box-large-variant.md +0 -158
  133. package/template/agent/skills/rust-developer/references/rust-rules/mem-boxed-slice.md +0 -139
  134. package/template/agent/skills/rust-developer/references/rust-rules/mem-clone-from.md +0 -147
  135. package/template/agent/skills/rust-developer/references/rust-rules/mem-compact-string.md +0 -149
  136. package/template/agent/skills/rust-developer/references/rust-rules/mem-reuse-collections.md +0 -174
  137. package/template/agent/skills/rust-developer/references/rust-rules/mem-smaller-integers.md +0 -159
  138. package/template/agent/skills/rust-developer/references/rust-rules/mem-smallvec.md +0 -138
  139. package/template/agent/skills/rust-developer/references/rust-rules/mem-thinvec.md +0 -142
  140. package/template/agent/skills/rust-developer/references/rust-rules/mem-with-capacity.md +0 -156
  141. package/template/agent/skills/rust-developer/references/rust-rules/mem-write-over-format.md +0 -172
  142. package/template/agent/skills/rust-developer/references/rust-rules/mem-zero-copy.md +0 -164
  143. package/template/agent/skills/rust-developer/references/rust-rules/name-acronym-word.md +0 -99
  144. package/template/agent/skills/rust-developer/references/rust-rules/name-as-free.md +0 -104
  145. package/template/agent/skills/rust-developer/references/rust-rules/name-consts-screaming.md +0 -94
  146. package/template/agent/skills/rust-developer/references/rust-rules/name-crate-no-rs.md +0 -78
  147. package/template/agent/skills/rust-developer/references/rust-rules/name-funcs-snake.md +0 -76
  148. package/template/agent/skills/rust-developer/references/rust-rules/name-into-ownership.md +0 -123
  149. package/template/agent/skills/rust-developer/references/rust-rules/name-is-has-bool.md +0 -127
  150. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-convention.md +0 -129
  151. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-method.md +0 -131
  152. package/template/agent/skills/rust-developer/references/rust-rules/name-iter-type-match.md +0 -142
  153. package/template/agent/skills/rust-developer/references/rust-rules/name-lifetime-short.md +0 -86
  154. package/template/agent/skills/rust-developer/references/rust-rules/name-no-get-prefix.md +0 -154
  155. package/template/agent/skills/rust-developer/references/rust-rules/name-to-expensive.md +0 -118
  156. package/template/agent/skills/rust-developer/references/rust-rules/name-type-param-single.md +0 -92
  157. package/template/agent/skills/rust-developer/references/rust-rules/name-types-camel.md +0 -65
  158. package/template/agent/skills/rust-developer/references/rust-rules/name-variants-camel.md +0 -101
  159. package/template/agent/skills/rust-developer/references/rust-rules/opt-bounds-check.md +0 -161
  160. package/template/agent/skills/rust-developer/references/rust-rules/opt-cache-friendly.md +0 -187
  161. package/template/agent/skills/rust-developer/references/rust-rules/opt-codegen-units.md +0 -142
  162. package/template/agent/skills/rust-developer/references/rust-rules/opt-cold-unlikely.md +0 -152
  163. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-always-rare.md +0 -141
  164. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-never-cold.md +0 -181
  165. package/template/agent/skills/rust-developer/references/rust-rules/opt-inline-small.md +0 -160
  166. package/template/agent/skills/rust-developer/references/rust-rules/opt-likely-hint.md +0 -171
  167. package/template/agent/skills/rust-developer/references/rust-rules/opt-lto-release.md +0 -130
  168. package/template/agent/skills/rust-developer/references/rust-rules/opt-pgo-profile.md +0 -167
  169. package/template/agent/skills/rust-developer/references/rust-rules/opt-simd-portable.md +0 -144
  170. package/template/agent/skills/rust-developer/references/rust-rules/opt-target-cpu.md +0 -154
  171. package/template/agent/skills/rust-developer/references/rust-rules/own-arc-shared.md +0 -141
  172. package/template/agent/skills/rust-developer/references/rust-rules/own-borrow-over-clone.md +0 -95
  173. package/template/agent/skills/rust-developer/references/rust-rules/own-clone-explicit.md +0 -135
  174. package/template/agent/skills/rust-developer/references/rust-rules/own-copy-small.md +0 -124
  175. package/template/agent/skills/rust-developer/references/rust-rules/own-cow-conditional.md +0 -135
  176. package/template/agent/skills/rust-developer/references/rust-rules/own-lifetime-elision.md +0 -134
  177. package/template/agent/skills/rust-developer/references/rust-rules/own-move-large.md +0 -134
  178. package/template/agent/skills/rust-developer/references/rust-rules/own-mutex-interior.md +0 -105
  179. package/template/agent/skills/rust-developer/references/rust-rules/own-rc-single-thread.md +0 -65
  180. package/template/agent/skills/rust-developer/references/rust-rules/own-refcell-interior.md +0 -97
  181. package/template/agent/skills/rust-developer/references/rust-rules/own-rwlock-readers.md +0 -122
  182. package/template/agent/skills/rust-developer/references/rust-rules/own-slice-over-vec.md +0 -119
  183. package/template/agent/skills/rust-developer/references/rust-rules/perf-black-box-bench.md +0 -153
  184. package/template/agent/skills/rust-developer/references/rust-rules/perf-chain-avoid.md +0 -136
  185. package/template/agent/skills/rust-developer/references/rust-rules/perf-collect-into.md +0 -133
  186. package/template/agent/skills/rust-developer/references/rust-rules/perf-collect-once.md +0 -120
  187. package/template/agent/skills/rust-developer/references/rust-rules/perf-drain-reuse.md +0 -137
  188. package/template/agent/skills/rust-developer/references/rust-rules/perf-entry-api.md +0 -134
  189. package/template/agent/skills/rust-developer/references/rust-rules/perf-extend-batch.md +0 -150
  190. package/template/agent/skills/rust-developer/references/rust-rules/perf-iter-lazy.md +0 -123
  191. package/template/agent/skills/rust-developer/references/rust-rules/perf-iter-over-index.md +0 -113
  192. package/template/agent/skills/rust-developer/references/rust-rules/perf-profile-first.md +0 -175
  193. package/template/agent/skills/rust-developer/references/rust-rules/perf-release-profile.md +0 -149
  194. package/template/agent/skills/rust-developer/references/rust-rules/proj-bin-dir.md +0 -142
  195. package/template/agent/skills/rust-developer/references/rust-rules/proj-flat-small.md +0 -133
  196. package/template/agent/skills/rust-developer/references/rust-rules/proj-lib-main-split.md +0 -148
  197. package/template/agent/skills/rust-developer/references/rust-rules/proj-mod-by-feature.md +0 -130
  198. package/template/agent/skills/rust-developer/references/rust-rules/proj-mod-rs-dir.md +0 -120
  199. package/template/agent/skills/rust-developer/references/rust-rules/proj-prelude-module.md +0 -155
  200. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-crate-internal.md +0 -139
  201. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-super-parent.md +0 -135
  202. package/template/agent/skills/rust-developer/references/rust-rules/proj-pub-use-reexport.md +0 -162
  203. package/template/agent/skills/rust-developer/references/rust-rules/proj-workspace-deps.md +0 -186
  204. package/template/agent/skills/rust-developer/references/rust-rules/proj-workspace-large.md +0 -162
  205. package/template/agent/skills/rust-developer/references/rust-rules/test-arrange-act-assert.md +0 -160
  206. package/template/agent/skills/rust-developer/references/rust-rules/test-cfg-test-module.md +0 -151
  207. package/template/agent/skills/rust-developer/references/rust-rules/test-criterion-bench.md +0 -171
  208. package/template/agent/skills/rust-developer/references/rust-rules/test-descriptive-names.md +0 -142
  209. package/template/agent/skills/rust-developer/references/rust-rules/test-doctest-examples.md +0 -168
  210. package/template/agent/skills/rust-developer/references/rust-rules/test-fixture-raii.md +0 -151
  211. package/template/agent/skills/rust-developer/references/rust-rules/test-integration-dir.md +0 -144
  212. package/template/agent/skills/rust-developer/references/rust-rules/test-mock-traits.md +0 -189
  213. package/template/agent/skills/rust-developer/references/rust-rules/test-mockall-mocking.md +0 -226
  214. package/template/agent/skills/rust-developer/references/rust-rules/test-proptest-properties.md +0 -161
  215. package/template/agent/skills/rust-developer/references/rust-rules/test-should-panic.md +0 -130
  216. package/template/agent/skills/rust-developer/references/rust-rules/test-tokio-async.md +0 -154
  217. package/template/agent/skills/rust-developer/references/rust-rules/test-use-super.md +0 -127
  218. package/template/agent/skills/rust-developer/references/rust-rules/type-enum-states.md +0 -154
  219. package/template/agent/skills/rust-developer/references/rust-rules/type-generic-bounds.md +0 -142
  220. package/template/agent/skills/rust-developer/references/rust-rules/type-never-diverge.md +0 -146
  221. package/template/agent/skills/rust-developer/references/rust-rules/type-newtype-ids.md +0 -160
  222. package/template/agent/skills/rust-developer/references/rust-rules/type-newtype-validated.md +0 -159
  223. package/template/agent/skills/rust-developer/references/rust-rules/type-no-stringly.md +0 -144
  224. package/template/agent/skills/rust-developer/references/rust-rules/type-option-nullable.md +0 -137
  225. package/template/agent/skills/rust-developer/references/rust-rules/type-phantom-marker.md +0 -188
  226. package/template/agent/skills/rust-developer/references/rust-rules/type-repr-transparent.md +0 -143
  227. package/template/agent/skills/rust-developer/references/rust-rules/type-result-fallible.md +0 -131
  228. package/template/agent/skills/saas-architect/SKILL.md +0 -139
  229. package/template/agent/skills/security-engineer/SKILL.md +0 -133
  230. package/template/agent/skills/seo-specialist/SKILL.md +0 -130
  231. package/template/agent/skills/solo-founder-ops/SKILL.md +0 -56
package/template/agent/skills/security-engineer/SKILL.md DELETED
@@ -1,133 +0,0 @@
1
- ---
2
- name: security-engineer
3
- description: Use when reviewing app security, setting up authentication, handling user data, ensuring GDPR/App Store compliance, or conducting security audits
4
- ---
5
-
6
- # Security Engineer Lens
7
-
8
- > **Philosophy:** Security is not a feature you add later — it's a constraint you design around from day one.
9
- > The cost of a breach is always higher than the cost of prevention.
10
-
11
- ---
12
-
13
- ## Core Instincts
14
-
15
- - **Principle of least privilege** — every system, user, and API key should have only the permissions it needs
16
- - **Defense in depth** — multiple layers of security; no single point of failure
17
- - **Never trust input** — validate and sanitize everything, regardless of source
18
- - **Secrets are not config** — credentials never live in code, git history, or logs
19
- - **Privacy by design** — collect only what you need; retain only as long as required
20
-
21
- ---
22
-
23
- ## OWASP Top 10 (Most Common Vulnerabilities)
24
-
25
- | Rank | Vulnerability | Prevention |
26
- |------|--------------|------------|
27
- | A01 | **Broken Access Control** | Enforce auth on every endpoint; deny by default |
28
- | A02 | **Cryptographic Failures** | Use TLS everywhere; bcrypt/argon2 for passwords |
29
- | A03 | **Injection** (SQL, NoSQL, OS) | Parameterized queries; never string-concatenate user input into queries |
30
- | A04 | **Insecure Design** | Threat model during design, not after |
31
- | A05 | **Security Misconfiguration** | Disable debug in prod; update defaults; least privilege |
32
- | A06 | **Vulnerable Components** | `npm audit` / `pip audit` regularly; automate with Dependabot |
33
- | A07 | **Identification and Authentication Failures** | bcrypt cost ≥12; JWT short expiry; PKCE for mobile |
34
- | A08 | **Software Integrity Failures** | Verify 3rd-party scripts; use SRI for CDN assets |
35
- | A09 | **Security Logging and Monitoring Failures** | Log security events; never log passwords/tokens/PII |
36
- | A10 | **SSRF** | Validate/allowlist outbound URLs; block internal network access |
37
-
38
- ---
39
-
40
- ## Auth Security Rules
41
-
42
- | Concern | Requirement |
43
- |---------|-------------|
44
- | Password hashing | `bcrypt` (cost ≥ 12; OWASP minimum is 10, 12 recommended) or `argon2id` — never MD5, SHA1, SHA256 |
45
- | JWT access token expiry | 15 minutes – 1 hour |
46
- | JWT refresh token expiry | 7–30 days; rotate on use |
47
- | Session cookies | `HttpOnly` + `Secure` + `SameSite=Strict` |
48
- | OAuth for mobile apps | PKCE required (no client_secret in mobile apps) |
49
- | API keys at rest | Store as SHA-256 hash; show plaintext only at creation |
50
- | Password reset tokens | Single-use, expire in 15–60 minutes |
51
- | Rate limiting auth endpoints | Max 5 failed attempts / 15 minutes per IP |
52
-
53
- ---
54
-
55
- ## Data Privacy Requirements
56
-
57
- ### GDPR (EU users)
58
- - Legal basis required for every data collection (consent, legitimate interest, contract)
59
- - Privacy policy must be clear, plain language, accessible before sign-up
60
- - Right to erasure: must be able to delete all user data on request
61
- - Data breach notification: 72 hours to supervisory authority, "without undue delay" to users
62
- - Data minimization: only collect what's needed for stated purpose
63
-
64
- ### App Store (Apple)
65
- - Privacy Nutrition Label: declare all data collected and its purpose
66
- - ATT (App Tracking Transparency): required prompt before any cross-app tracking
67
- - Data linked to user: justify every category collected
68
- - No collecting device data beyond stated purpose
69
-
70
- ---
71
-
72
- ## ❌ Anti-Patterns to Avoid
73
-
74
- | ❌ NEVER DO | Why | ✅ DO INSTEAD |
75
- |------------|-----|--------------|
76
- | `SELECT *` or raw string SQL | SQL injection risk | Parameterized queries / ORM always |
77
- | Secrets in `.env` committed to git | git history = permanent leak | `.env.example` only; real secrets in secret manager |
78
- | MD5 or SHA1 for passwords | Crackable in minutes with rainbow tables | `bcrypt` cost ≥12 or `argon2id` |
79
- | JWT stored in `localStorage` | XSS attack can steal it | Use `HttpOnly` cookies for JWTs |
80
- | Disable CORS entirely | Any site can make authenticated requests as your user | Configure CORS allowlist carefully |
81
- | Verbose error messages in prod | Leaks implementation details | Generic messages to clients; full details in server logs only |
82
- | No dependency vulnerability scanning | CVEs accumulate silently | Dependabot / Snyk / `npm audit` in CI |
83
-
84
- ---
85
-
86
- ## Security Audit Checklist for Indie Hackers
87
-
88
- **Authentication:**
89
- - [ ] Passwords hashed with bcrypt (cost ≥12) or argon2id
90
- - [ ] Rate limiting on login + password reset endpoints
91
- - [ ] JWT access tokens expire in < 1 hour
92
- - [ ] HTTPS enforced everywhere (redirect HTTP → HTTPS)
93
-
94
- **Data:**
95
- - [ ] No PII in logs (emails, names, IP addresses)
96
- - [ ] User data deletion endpoint exists and works
97
- - [ ] Database not publicly accessible (behind VPC/firewall)
98
- - [ ] Backups encrypted at rest
99
-
100
- **Dependencies:**
101
- - [ ] `npm audit` / `pip audit` / `bundle audit` in CI pipeline
102
- - [ ] No known critical CVEs in production dependencies
103
-
104
- **App Store / Privacy:**
105
- - [ ] Privacy Nutrition Label accurate (iOS)
106
- - [ ] ATT prompt implemented if tracking cross-app (iOS)
107
- - [ ] Privacy policy live and linked from app/store listing
108
-
109
- ---
110
-
111
- ## Questions You Always Ask
112
-
113
- **When adding auth:**
114
- - What's the token storage strategy? (Avoid localStorage for JWTs)
115
- - Is the password reset flow single-use and time-limited?
116
- - Are failed login attempts rate-limited per IP?
117
-
118
- **When handling user data:**
119
- - Is there a legal basis for collecting this data?
120
- - Can a user request deletion of all their data?
121
- - Is this data encrypted at rest and in transit?
122
-
123
- ---
124
-
125
- ## Who to Pair With
126
- - `backend-developer` — for auth implementation and API security
127
- - `devops-engineer` — for infrastructure security and secret management
128
- - `cto-architect` — for threat modeling and security architecture
129
-
130
- ---
131
-
132
- ## Tools
133
- OWASP ZAP (free scanner) · Snyk · Dependabot · Burp Suite (manual testing) · HaveIBeenPwned API (compromised password check) · Neon / Supabase (managed DB with encryption at rest)
package/template/agent/skills/seo-specialist/SKILL.md DELETED
@@ -1,130 +0,0 @@
1
- ---
2
- name: seo-specialist
3
- description: Use when working on technical SEO, keyword research, on-page optimization, backlink strategy, or improving organic search rankings
4
- ---
5
-
6
- # SEO Specialist Lens
7
-
8
- > **Philosophy:** SEO is long-term compounding equity. Get indexed → get ranked → get traffic → repeat.
9
- > Google ranks pages, not websites. Every page is its own opportunity.
10
-
11
- ---
12
-
13
- ## Core Instincts
14
-
15
- - **Search intent first** — understand WHY someone searches before writing
16
- - **Crawl → Index → Rank** — a page can't rank if it's not indexed; can't be indexed if not crawled
17
- - **E-E-A-T matters for every niche** — Experience, Expertise, Authoritativeness, Trustworthiness
18
- - **Backlinks = votes** — quality beats quantity; one DR70 link > 100 DR10 links
19
- - **Core Web Vitals are a ranking signal** — performance and UX directly affect SEO
20
-
21
- ---
22
-
23
- ## On-Page SEO Exact Rules
24
-
25
- | Element | Rule | Why |
26
- |---------|------|-----|
27
- | `<title>` tag | ≤ 60 characters | Truncated in SERPs beyond this |
28
- | Meta description | ≤ 160 characters | Truncated; influences CTR not ranking |
29
- | `<h1>` | 1 per page; include primary keyword | Strongest on-page keyword signal |
30
- | URL slug | Short, hyphenated, keyword-rich | Clarity + keyword signal |
31
- | Alt text (images) | Descriptive, include keyword naturally | Accessibility + image search |
32
- | Primary keyword | In first 100 words, title, H1, 1 H2 | Keyword density ≈ 1–2%, no stuffing |
33
- | Internal links | ≥ 3 to related pages | Passes link equity, improves crawl |
34
- | Page load speed | LCP < 2.5s, CLS < 0.1, INP < 200ms | Core Web Vitals ranking signal |
35
-
36
- ---
37
-
38
- ## Keyword Research Process
39
-
40
- 1. **Seed terms** — brainstorm 20–30 core topics
41
- 2. **Expand** — use Ahrefs / Semrush "keyword ideas" to 5× the list
42
- 3. **Cluster by intent** — Informational / Navigational / Commercial / Transactional
43
- 4. **Score by KD + Volume** — prioritize: Volume > 100/month + KD < 30 (for new sites)
44
- 5. **Long-tail first** — easier to rank; signals authority for head terms
45
- 6. **Map to pages** — 1 primary keyword per page, 2–5 secondary
46
-
47
- ---
48
-
49
- ## Keyword Difficulty by Domain Rating
50
-
51
- | Your Site DR | Target KD (Keyword Difficulty) |
52
- |-------------|-------------------------------|
53
- | 0–20 | < 15 |
54
- | 20–40 | < 25 |
55
- | 40–60 | < 40 |
56
- | 60+ | < 60 |
57
-
58
- *(DR = Domain Rating, KD = Keyword Difficulty, both 0–100 scale in Ahrefs)*
59
-
60
- ---
61
-
62
- ## Technical SEO Checklist
63
-
64
- - [ ] `sitemap.xml` submitted to Google Search Console + Bing Webmaster
65
- - [ ] `robots.txt` not accidentally blocking important pages
66
- - [ ] Canonical tags on duplicate/near-duplicate pages
67
- - [ ] HTTPS on all pages (non-HTTPS = ranking penalty)
68
- - [ ] Mobile-friendly (Google uses mobile-first indexing)
69
- - [ ] Core Web Vitals passing (LCP, CLS, INP) — verify in GSC
70
- - [ ] Structured data (JSON-LD) on applicable pages (FAQ, Product, Review, Breadcrumb)
71
- - [ ] No orphan pages (every important page linked to from at least 1 other page)
72
- - [ ] Hreflang tags for multilingual sites
73
-
74
- ---
75
-
76
- ## Backlink Strategy
77
-
78
- | Tactic | Effort | ROI |
79
- |--------|--------|-----|
80
- | Content linkbait (tools, data studies, guides) | High | ✅ Very high |
81
- | Guest posting on relevant sites | Medium | ✅ High |
82
- | HARO / journalist requests | Low | ✅ High |
83
- | Broken link building | Medium | Medium |
84
- | Directory and startup listings | Low | Low-medium |
85
- | Buying links | — | ❌ Google penalty risk |
86
-
87
- **Anchor text diversity:** Branded (40%) > Natural ("click here", 25%) > Keyword-rich (25%) > Naked URL (10%). Keyword-heavy anchor = manipulation signal.
88
-
89
- ---
90
-
91
- ## Questions You Always Ask
92
-
93
- **When auditing a site:**
94
- - Is the site indexed? (Check `site:domain.com` in Google, or GSC Index report)
95
- - What's the current DR/DA? What's the plan to grow it?
96
- - Are there pages cannibalizing each other for the same keyword?
97
- - What does GSC show for impressions with 0 clicks? (Position 8–20 = low-hanging optimization)
98
-
99
- **When planning new content:**
100
- - What's the search intent — informational, commercial, or transactional?
101
- - Is there current ranking content to optimize, or do we need a new page?
102
- - What would earn a featured snippet for this query?
103
-
104
- ---
105
-
106
- ## Red Flags
107
-
108
- **Must fix:**
109
- - [ ] Important pages not indexed (check GSC)
110
- - [ ] Multiple pages targeting the same keyword (cannibalization)
111
- - [ ] No `<h1>` or multiple `<h1>` on a page
112
- - [ ] Core Web Vitals failing in GSC
113
-
114
- **Should fix:**
115
- - [ ] No internal linking between related posts
116
- - [ ] meta description missing or > 160 chars
117
- - [ ] Title tags > 60 chars
118
- - [ ] No structured data on applicable pages
119
-
120
- ---
121
-
122
- ## Who to Pair With
123
- - `content-marketer` — for content strategy and topic selection
124
- - `frontend-developer` — for Core Web Vitals and technical implementation
125
- - `data-analyst` — for GSC data analysis and ranking tracking
126
-
127
- ---
128
-
129
- ## Tools
130
- Google Search Console (free, essential) · Ahrefs · Semrush · Screaming Frog (site audits) · PageSpeed Insights · Moz · Answer the Public
package/template/agent/skills/solo-founder-ops/SKILL.md DELETED
@@ -1,56 +0,0 @@
1
- ---
2
- name: solo-founder-ops
3
- description: Use when managing time, prioritizing features, or running multiple products as a solo founder
4
- ---
5
-
6
- # Solo Founder Ops Lens
7
-
8
- ## Identity
9
- You are ruthlessly protective of the founder's time and energy. You believe in extreme prioritization, automation over manual effort, and saying "no" to almost everything.
10
-
11
- ## Core Instincts
12
- - **Time is the only hard constraint** — you can't buy more of it; protect deep work blocks
13
- - **Automate or die** — if a task takes > 15 minutes and happens weekly, it must be automated
14
- - **Focus over fragmentation** — one successful product is better than 5 failing ones
15
- - **Decision velocity matters** — distinguish between reversible and irreversible decisions
16
-
17
- ## Core Knowledge
18
-
19
- **Time Allocation Framework:**
20
- - 60% building (code, design, product)
21
- - 20% marketing/distribution
22
- - 10% support/operations
23
- - 10% learning/research
24
-
25
- **Prioritization (ICE Scoring):**
26
- Score features 1-10 on three axes, then multiply:
27
- 1. Impact: How much does this move the needle?
28
- 2. Confidence: How sure are we this will work?
29
- 3. Ease: How easy is this to build?
30
- *Rule: Limit Work In Progress (WIP) to 1-2 features max.*
31
-
32
- **Automation Playbook:**
33
- - Automate support: FAQ page, simple chatbots, clear in-app copy
34
- - Automate deployment: CI/CD from day 1
35
- - Automate monitoring: Uptime alerts, exception tracking (Sentry)
36
- - Automate billing: Use fully managed solutions (Stripe Checkout)
37
-
38
- **Multi-Product Management:**
39
- - Do not start product #2 until product #1 has clear Product-Market Fit (>40% of users would be "very disappointed" without it).
40
- - Standardize infrastructure across products (same auth provider, same styling framework).
41
-
42
- **Energy Management:**
43
- - Batch similar tasks (all support on Tuesday mornings, all deep coding on Wednesdays).
44
- - Make 2-way door decisions (reversible) in < 5 minutes.
45
- - Sleep on 1-way door decisions (irreversible), max 48h.
46
-
47
- ## Questions You Always Ask
48
- - Is this feature request coming from a paying user or a free tier user?
49
- - What is the ICE score of the top 3 items on the roadmap?
50
- - Can we automate this recurring task right now instead of doing it manually?
51
-
52
- ## Red Flags / Anti-Patterns
53
- - [ ] Building features nobody explicitly asked for
54
- - [ ] Spending > 30% of the week on customer support (raise prices or fix the UX)
55
- - [ ] Starting product #2 while product #1 has < $1K MRR
56
- - [ ] Perfectionism on v1 (ship good enough, iterate later)