aiden-runtime 3.19.5 → 3.19.6

package/workspace-templates/skills/p5js/SKILL.md

@@ -0,0 +1,163 @@
+---
+name: p5js
+description: Create generative visual art and interactive sketches using p5.js, rendered as self-contained HTML files
+category: creative
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: p5js, generative-art, creative-coding, canvas, animation, visualization, javascript, interactive
+---
+
+# p5.js Generative Art and Creative Coding
+
+Create generative visual art, animations, and interactive sketches using p5.js. Output is a self-contained HTML file that opens in any browser — no build step required.
+
+## When to Use
+
+- User wants generative or procedural visual art
+- User wants an interactive animation or visualization
+- User wants to visualize data in a creative, non-standard way
+- User wants a screensaver-style animation
+- User wants to experiment with creative coding
+
+## How to Use
+
+### 1. Basic p5.js HTML template
+
+```html
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>p5.js Sketch</title>
+  <style>body { margin: 0; background: #0d1117; overflow: hidden; }</style>
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/p5.js/1.9.0/p5.min.js"></script>
+</head>
+<body>
+<script>
+// Your p5.js sketch code goes here
+
+function setup() {
+  createCanvas(windowWidth, windowHeight);
+  background(13, 17, 23);
+}
+
+function draw() {
+  // Called every frame (~60fps)
+}
+</script>
+</body>
+</html>
+```
+
+### 2. Flowing particles sketch
+
+```javascript
+let particles = [];
+
+function setup() {
+  createCanvas(windowWidth, windowHeight);
+  colorMode(HSB, 360, 100, 100, 100);
+  background(220, 30, 10);
+  for (let i = 0; i < 300; i++) {
+    particles.push({ x: random(width), y: random(height), hue: random(180, 280) });
+  }
+}
+
+function draw() {
+  fill(220, 30, 10, 8);
+  noStroke();
+  rect(0, 0, width, height);
+
+  for (let p of particles) {
+    let angle = noise(p.x * 0.003, p.y * 0.003) * TWO_PI * 4;
+    p.x += cos(angle) * 2;
+    p.y += sin(angle) * 2;
+    if (p.x < 0 || p.x > width || p.y < 0 || p.y > height) {
+      p.x = random(width); p.y = random(height);
+    }
+    stroke(p.hue, 70, 90, 60);
+    strokeWeight(1.5);
+    point(p.x, p.y);
+  }
+}
+```
+
+### 3. Recursive fractal tree
+
+```javascript
+function setup() {
+  createCanvas(800, 600);
+  background(13, 17, 23);
+  stroke(100, 200, 120, 180);
+  translate(width / 2, height);
+  branch(120);
+}
+
+function branch(len) {
+  strokeWeight(map(len, 5, 120, 0.5, 4));
+  line(0, 0, 0, -len);
+  translate(0, -len);
+  if (len > 8) {
+    push(); rotate(0.4);  branch(len * 0.67); pop();
+    push(); rotate(-0.4); branch(len * 0.67); pop();
+  }
+}
+```
+
+### 4. Interactive mouse repulsion
+
+```javascript
+let circles = [];
+
+function setup() {
+  createCanvas(windowWidth, windowHeight);
+  for (let i = 0; i < 100; i++) {
+    circles.push({ x: random(width), y: random(height), vx: 0, vy: 0, r: random(5, 15) });
+  }
+}
+
+function draw() {
+  background(13, 17, 23, 25);
+  for (let c of circles) {
+    let dx = c.x - mouseX, dy = c.y - mouseY;
+    let dist = sqrt(dx*dx + dy*dy);
+    if (dist < 100) { c.vx += dx / dist * 2; c.vy += dy / dist * 2; }
+    c.vx *= 0.95; c.vy *= 0.95;
+    c.x = constrain(c.x + c.vx, 0, width);
+    c.y = constrain(c.y + c.vy, 0, height);
+    fill(180, 100, 220, 180); noStroke();
+    ellipse(c.x, c.y, c.r * 2);
+  }
+}
+```
+
+### 5. Generate and save the sketch file
+
+```python
+template = open("sketch_template.html").read()
+sketch_code = """/* paste sketch code here */"""
+html = template.replace("// Your p5.js sketch code goes here", sketch_code)
+with open("my_sketch.html", "w") as f:
+  f.write(html)
+print("Open my_sketch.html in a browser")
+```
+
+## Examples
+
+**"Create a flowing particle animation with a dark background"**
+→ Use template from step 1, insert sketch code from step 2. Save as `particles.html`.
+
+**"Make an interactive sketch where particles run away from the mouse"**
+→ Use step 4 pasted into the template from step 1.
+
+**"Generate a fractal tree visualization"**
+→ Use step 3 inside the basic template. Adjust branch length and angle for different tree shapes.
+
+## Cautions
+
+- p5.js sketches run in the browser — they cannot access the local filesystem directly
+- The CDN link requires internet access; for offline use, download `p5.min.js` locally
+- Very high particle counts (> 5000) may cause frame rate drops — start with 300-500 particles
+- `windowWidth`/`windowHeight` resize the canvas to fill the browser window — add `windowResized()` handler for responsive sketches
+- For offline-first output, embed the p5.js library inline rather than using the CDN

package/workspace-templates/skills/p5js/skill.json

@@ -0,0 +1,24 @@
+{
+  "name": "p5js",
+  "version": "1.0.0",
+  "description": "Create generative visual art and interactive sketches using p5.js, rendered as self-contained HTML files",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "p5js",
+    "generative-art",
+    "creative-coding",
+    "canvas",
+    "animation",
+    "visualization",
+    "javascript",
+    "interactive"
+  ],
+  "created": "2026-04-27T17:11:40.572Z"
+}

package/workspace-templates/skills/research-paper-writing/SKILL.md

@@ -0,0 +1,158 @@
+---
+name: research-paper-writing
+description: Structured pipeline for writing ML and AI research papers — from literature review to LaTeX submission
+category: research
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: research, paper, writing, latex, ml, ai, academic, arxiv, publication, citation
+---
+
+# Research Paper Writing Pipeline
+
+A structured, step-by-step pipeline for writing ML/AI research papers: from problem framing through literature review, experiment design, writing, and LaTeX formatting for arXiv submission.
+
+## When to Use
+
+- User wants to write or structure an academic research paper
+- User wants help organizing experiments and results for a paper
+- User wants to format a paper in LaTeX for arXiv or a conference
+- User wants to do a literature review on a topic
+- User wants to write an abstract, introduction, or related work section
+
+## How to Use
+
+### Phase 1: Frame the contribution
+
+Define the paper's core claim before writing anything else.
+
+```
+1. One-sentence contribution: "We show that X outperforms Y on Z by doing W"
+2. Key insight: what is non-obvious about your approach?
+3. Research question: what question does the paper answer?
+4. Limitations scope: what is explicitly out of scope?
+```
+
+### Phase 2: Literature review
+
+Use the arXiv skill to find related work, then organize findings:
+
+```
+Search strategy:
+- Start with 2-3 "seed" papers you know are relevant
+- Find papers that cite them (via Semantic Scholar API)
+- Search arXiv for your core keywords + recent date filter
+- Organize into: direct predecessors, concurrent work, tangential work
+
+For each related paper, note:
+- Core method
+- Dataset/benchmark used
+- Key result number
+- How your work differs
+```
+
+```python
+# Semantic Scholar API — find papers citing a known paper
+import requests
+paper_id = "arXiv:2305.17333"
+resp = requests.get(f"https://api.semanticscholar.org/graph/v1/paper/{paper_id}/citations?fields=title,year,authors,externalIds&limit=20")
+for c in resp.json()["data"]:
+  print(c["citingPaper"]["title"])
+```
+
+### Phase 3: Structure the paper
+
+Standard ML/AI paper structure:
+
+```
+Abstract   (150-250 words) — problem, method, key result, significance
+1. Introduction — motivation, gap, contribution, paper overview
+2. Related Work — organize by theme, not chronologically
+3. Method — notation, architecture/algorithm, key design choices
+4. Experiments — datasets, baselines, metrics, implementation details
+5. Results — main table, ablation study, qualitative examples
+6. Discussion — limitations, failure modes, future work
+7. Conclusion — restate contribution, broader impact
+References
+Appendix (optional) — proofs, additional experiments, hyperparameters
+```
+
+### Phase 4: Write in LaTeX
+
+Basic arXiv-ready template:
+
+```latex
+\documentclass[10pt,twocolumn]{article}
+\usepackage{arxiv}       % from https://github.com/kourgeorge/arxiv-style
+\usepackage{amsmath,amssymb,graphicx,booktabs,hyperref}
+
+\title{Your Paper Title}
+\author{Author One \and Author Two}
+\date{\today}
+
+\begin{document}
+\maketitle
+
+\begin{abstract}
+Your abstract here. State the problem, method, key result, and significance in 150--250 words.
+\end{abstract}
+
+\section{Introduction}
+...
+
+\bibliography{refs}
+\bibliographystyle{plain}
+\end{document}
+```
+
+### Phase 5: Tables and figures
+
+```latex
+% Results table with booktabs
+\begin{table}[t]
+\centering
+\caption{Comparison on benchmark dataset.}
+\begin{tabular}{lcc}
+\toprule
+Method & Accuracy & F1 \\
+\midrule
+Baseline   & 72.3 & 71.1 \\
+Prior SOTA & 78.6 & 77.9 \\
+\textbf{Ours} & \textbf{83.2} & \textbf{82.7} \\
+\bottomrule
+\end{tabular}
+\label{tab:results}
+\end{table}
+```
+
+### Phase 6: Compile and check
+
+```powershell
+# Compile LaTeX (requires MiKTeX or TeX Live)
+pdflatex paper.tex
+bibtex paper
+pdflatex paper.tex
+pdflatex paper.tex   # run twice to resolve references
+
+# Check word count
+texcount paper.tex
+```
+
+## Examples
+
+**"Help me write the abstract for my paper on efficient transformers"**
+→ Use Phase 1 to extract the core claim, then write 4 sentences: problem → gap → method → key result.
+
+**"I need to find related papers on sparse attention before writing the related work section"**
+→ Use Phase 2: search arXiv (`cs.LG` + `sparse attention`), use Semantic Scholar to find citing papers.
+
+**"Format my experiment results as a LaTeX table"**
+→ Use Phase 5 with the booktabs template.
+
+## Cautions
+
+- Write the related work section after the method section — you need to know your contribution to characterize prior work accurately
+- Ablation studies are required at top venues (NeurIPS, ICML, ICLR) — plan them during experiment design, not after
+- arXiv LaTeX compilation is strict — avoid non-standard packages; test with `pdflatex` before submitting
+- Never include fabricated citations — use only papers you have actually read
+- Check target venue formatting guidelines — ICML, NeurIPS, and ICLR each have distinct style files

package/workspace-templates/skills/research-paper-writing/skill.json

@@ -0,0 +1,26 @@
+{
+  "name": "research-paper-writing",
+  "version": "1.0.0",
+  "description": "Structured pipeline for writing ML and AI research papers — from literature review to LaTeX submission",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "research",
+    "paper",
+    "writing",
+    "latex",
+    "ml",
+    "ai",
+    "academic",
+    "arxiv",
+    "publication",
+    "citation"
+  ],
+  "created": "2026-04-27T17:11:40.658Z"
+}

package/workspace-templates/skills/securityheaders/SKILL.md

@@ -0,0 +1,99 @@
+---
+name: securityheaders
+description: Audit HTTP security headers for any URL and receive a grade (A+ to F) with specific recommendations for missing headers
+category: security
+version: 1.0.0
+license: Apache-2.0
+origin: aiden
+tags: security, http, headers, csp, hsts, xframe, audit, web, hardening, compliance
+---
+
+# Security Headers — HTTP Header Audit
+
+Check any website for missing or misconfigured HTTP security headers. Returns a grade from A+ to F with a list of which headers are present, which are absent, and why each matters for protection against XSS, clickjacking, MIME sniffing, and data leakage.
+
+**No API key required.** Powered by securityheaders.com.
+
+## When to Use
+
+- Audit a website before a security review or penetration test
+- Verify that a newly deployed application has the correct security headers
+- Check compliance with security baselines (OWASP, NIST, CIS)
+- User asks "check security headers for X", "is example.com missing HSTS?", "grade the headers on my site"
+
+## How to Use
+
+### Check security headers for a URL
+
+```powershell
+$target  = "https://taracod.com"
+$encoded = [Uri]::EscapeDataString($target)
+$url     = "https://securityheaders.com/?q=$encoded&followRedirects=on&hide=on"
+
+$response = Invoke-WebRequest -Uri $url -UseBasicParsing
+# Extract grade from HTML badge
+$grade = if ($response.Content -match 'class="[^"]*reportTitle[^"]*"[^>]*>[\s\S]*?label[^"]*"([^"]+)"') {
+    $Matches[1] -replace 'label[- ]', '' -replace 'success', 'A' -replace 'warning', 'B/C' -replace 'danger', 'D/F'
+} else { 'check manually' }
+
+Write-Host "URL:   $target"
+Write-Host "Grade: $grade"
+Write-Host "Full report: $url"
+```
+
+### Audit headers and list missing ones
+
+```powershell
+$target   = "https://example.com"
+$encoded  = [Uri]::EscapeDataString($target)
+$response = Invoke-WebRequest -Uri "https://securityheaders.com/?q=$encoded&followRedirects=on&hide=on" -UseBasicParsing
+$html     = $response.Content
+
+# Extract missing headers (rows marked as warnings/missing)
+$pattern  = '<div[^>]*class="[^"]*missing[^"]*"[^>]*>([\s\S]*?)<\/div>'
+$missing  = [regex]::Matches($html, $pattern) | ForEach-Object {
+    $_.Groups[1].Value -replace '<[^>]+>', '' -replace '\s+', ' '
+} | Where-Object { $_.Trim() }
+
+Write-Host "Missing headers:"
+$missing | ForEach-Object { Write-Host "  ✗ $($_.Trim())" }
+Write-Host ""
+Write-Host "Report: https://securityheaders.com/?q=$encoded&followRedirects=on"
+```
+
+### Key security headers and what they do
+
+```
+Strict-Transport-Security  → Forces HTTPS; prevents downgrade attacks
+Content-Security-Policy    → Restricts content sources; blocks XSS
+X-Frame-Options            → Prevents clickjacking (deprecated by CSP)
+X-Content-Type-Options     → Blocks MIME-sniffing attacks
+Referrer-Policy            → Controls referrer data leakage
+Permissions-Policy         → Restricts browser feature access (camera, location, etc.)
+```
+
+## Examples
+
+**"Audit security headers for taracod.com"**
+→ Returns grade, lists present and missing headers with fix suggestions.
+
+**"Does github.com have Content-Security-Policy?"**
+→ Check the headers report — CSP row shows value if present.
+
+**"My site is getting an F — what headers am I missing?"**
+→ Audit returns the full missing-headers list with descriptions.
+
+**"Check HSTS on my production domain"**
+→ Look for Strict-Transport-Security in the report — check max-age value.
+
+## Cautions
+
+- `hide=on` prevents results from appearing in the public "recent scans" feed — always use it
+- `followRedirects=on` ensures the final destination URL is scanned, not just the redirect
+- The tool scans what headers are **sent** — not what your server config says it should send
+- Rate-limit: do not hammer the free service; add delays when scanning multiple URLs
+- Grade is based on header presence, not perfect configuration — review values manually
+
+## Requirements
+
+- None — no API key needed

package/workspace-templates/skills/securityheaders/index.ts

@@ -0,0 +1,213 @@
+// skills/securityheaders/index.ts
+// Programmatic handler — HTTP security header audit via securityheaders.com.
+
+import { ApiSkill } from '../../core/apiSkillBase'
+
+const skill = new ApiSkill({
+  name:      'securityheaders',
+  baseUrl:   'https://securityheaders.com',
+  authType:  'none',
+  rateLimit: { requests: 3, windowMs: 1_000 },
+  timeout:   20_000,
+  retries:   2,
+})
+
+// ── Known security headers (for detection) ───────────────────
+
+const KNOWN_HEADERS = [
+  'Strict-Transport-Security',
+  'Content-Security-Policy',
+  'X-Frame-Options',
+  'X-Content-Type-Options',
+  'Referrer-Policy',
+  'Permissions-Policy',
+  'Cross-Origin-Opener-Policy',
+  'Cross-Origin-Embedder-Policy',
+  'Cross-Origin-Resource-Policy',
+  'X-XSS-Protection',            // deprecated but still checked
+  'Expect-CT',                   // deprecated
+]
+
+// ── HTML parsing helpers ──────────────────────────────────────
+
+function stripTags(html: string): string {
+  return html
+    .replace(/<[^>]+>/g, ' ')
+    .replace(/&amp;/g,  '&')
+    .replace(/&lt;/g,   '<')
+    .replace(/&gt;/g,   '>')
+    .replace(/&quot;/g, '"')
+    .replace(/&#39;/g,  "'")
+    .replace(/&nbsp;/g, ' ')
+    .replace(/\s+/g, ' ')
+    .trim()
+}
+
+/**
+ * Extract the grade letter from securityheaders.com HTML.
+ *
+ * The grade appears inside an element like:
+ *   <span class="label label-success">A+</span>
+ *   <span class="label label-warning">C</span>
+ *   <span class="label label-danger">F</span>
+ *
+ * It also appears in the page title:
+ *   <title>Security headers for example.com - Grade: A</title>
+ */
+function extractGrade(html: string): string {
+  // Try page title first — most reliable
+  const titleMatch = html.match(/<title>[^<]*Grade:\s*([A-F][+-]?)/i)
+  if (titleMatch) return titleMatch[1]
+
+  // Try the badge spans
+  const badgeRe = /<span[^>]*class="[^"]*label[^"]*"[^>]*>\s*([A-F][+-]?)\s*<\/span>/gi
+  let m: RegExpExecArray | null
+  const candidates: string[] = []
+  while ((m = badgeRe.exec(html)) !== null) {
+    const g = m[1].trim()
+    if (/^[A-F][+-]?$/.test(g)) candidates.push(g)
+  }
+  if (candidates.length > 0) return candidates[0]
+
+  return 'unknown'
+}
+
+/**
+ * Detect which known security headers are present and which are missing
+ * by scanning the HTML for header name strings near "positive" / "negative" signals.
+ */
+function extractHeaders(html: string): { present: string[]; missing: string[] } {
+  const present: string[] = []
+  const missing: string[] = []
+
+  for (const header of KNOWN_HEADERS) {
+    // Escape for regex
+    const esc = header.replace(/[-]/g, '\\-')
+    const idx = html.search(new RegExp(esc, 'i'))
+    if (idx < 0) continue  // not mentioned at all
+
+    // Look at the surrounding context (up to 400 chars before the header name)
+    // for class indicators like "bad", "warn", "missing", "success", "good"
+    const before = html.slice(Math.max(0, idx - 400), idx)
+    const rowCtx = before.slice(before.lastIndexOf('<tr'))
+
+    if (/class="[^"]*(?:bad|missing|warn|danger)[^"]*"/i.test(rowCtx)) {
+      missing.push(header)
+    } else {
+      present.push(header)
+    }
+  }
+
+  return { present, missing }
+}
+
+// ── Output types ──────────────────────────────────────────────
+
+export interface SecurityHeadersAudit {
+  url:              string
+  grade:            string     // A+ through F, or "unknown"
+  present:          string[]   // headers that were found
+  missing:          string[]   // headers that were absent
+  recommendations:  string[]   // brief fix suggestions for missing headers
+  scanUrl:          string     // link to full report
+  parsed:           boolean    // false if HTML parsing was inconclusive
+}
+
+// Suggested fixes for missing headers
+const RECOMMENDATIONS: Record<string, string> = {
+  'Strict-Transport-Security':    'Add: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload',
+  'Content-Security-Policy':      'Add a Content-Security-Policy header to restrict content sources',
+  'X-Frame-Options':              'Add: X-Frame-Options: SAMEORIGIN (or use CSP frame-ancestors)',
+  'X-Content-Type-Options':       'Add: X-Content-Type-Options: nosniff',
+  'Referrer-Policy':              'Add: Referrer-Policy: strict-origin-when-cross-origin',
+  'Permissions-Policy':           'Add: Permissions-Policy: geolocation=(), camera=(), microphone=()',
+  'Cross-Origin-Opener-Policy':   'Add: Cross-Origin-Opener-Policy: same-origin',
+  'Cross-Origin-Embedder-Policy': 'Add: Cross-Origin-Embedder-Policy: require-corp',
+  'Cross-Origin-Resource-Policy': 'Add: Cross-Origin-Resource-Policy: same-origin',
+}
+
+// ── Public API ────────────────────────────────────────────────
+
+/**
+ * Audit HTTP security headers for a URL.
+ *
+ * Fetches the securityheaders.com report page and parses the grade
+ * and header presence/absence from the HTML.
+ *
+ * @param targetUrl  The URL to audit (e.g. "https://example.com")
+ */
+export async function audit(targetUrl: string): Promise<SecurityHeadersAudit> {
+  const scanUrl = `https://securityheaders.com/?q=${encodeURIComponent(targetUrl)}&followRedirects=on&hide=on`
+
+  let grade    = 'unknown'
+  let present:  string[] = []
+  let missing:  string[] = []
+  let parsed   = false
+
+  try {
+    const html = await skill.get('/', {
+      q:               targetUrl,
+      followRedirects: 'on',
+      hide:            'on',
+    })
+
+    if (typeof html === 'string' && html.length > 500) {
+      grade   = extractGrade(html)
+      const h = extractHeaders(html)
+      present = h.present
+      missing = h.missing
+      parsed  = grade !== 'unknown' || present.length > 0 || missing.length > 0
+    }
+  } catch {
+    // Network error — return URL so user can visit manually
+  }
+
+  const recommendations = missing
+    .map(h => RECOMMENDATIONS[h])
+    .filter(Boolean) as string[]
+
+  return {
+    url:  targetUrl,
+    grade,
+    present,
+    missing,
+    recommendations,
+    scanUrl,
+    parsed,
+  }
+}
+
+/** Format an audit result as a human-readable string. */
+export function formatAudit(result: SecurityHeadersAudit): string {
+  const lines = [
+    `URL:   ${result.url}`,
+    `Grade: ${result.grade}`,
+    '',
+  ]
+
+  if (result.present.length > 0) {
+    lines.push('✅ Present:')
+    result.present.forEach(h => lines.push(`   ${h}`))
+    lines.push('')
+  }
+
+  if (result.missing.length > 0) {
+    lines.push('❌ Missing:')
+    result.missing.forEach(h => lines.push(`   ${h}`))
+    lines.push('')
+  }
+
+  if (result.recommendations.length > 0) {
+    lines.push('Recommendations:')
+    result.recommendations.forEach(r => lines.push(`  • ${r}`))
+    lines.push('')
+  }
+
+  lines.push(`Full report: ${result.scanUrl}`)
+
+  if (!result.parsed) {
+    lines.push('(Note: HTML parsing was inconclusive — view the full report for details)')
+  }
+
+  return lines.join('\n')
+}