aiden-runtime 3.19.5 → 3.19.7

package/workspace-templates/skills/ssllabs/index.ts

@@ -0,0 +1,208 @@
+// skills/ssllabs/index.ts
+// Programmatic handler — comprehensive TLS/SSL analysis via Qualys SSL Labs API v4.
+//
+// Pattern: start scan → long-poll until READY → return normalised results.
+
+import { ApiSkill } from '../../core/apiSkillBase'
+
+// Note: v4 requires an email header; v3 is the public anonymous endpoint.
+const skill = new ApiSkill({
+  name:      'ssllabs',
+  baseUrl:   'https://api.ssllabs.com/api/v3',
+  authType:  'none',
+  rateLimit: { requests: 1, windowMs: 2_000 },   // 1 req/2sec
+  timeout:   30_000,
+  retries:   2,
+})
+
+// ── Output types ──────────────────────────────────────────────
+
+export interface SslProtocol {
+  name:    string   // e.g. "TLS"
+  version: string   // e.g. "1.3"
+}
+
+export interface SslEndpoint {
+  ip:           string
+  grade:        string
+  statusMessage: string
+  protocols:    SslProtocol[]
+  forwardSecrecy: boolean
+}
+
+export interface SslScanResult {
+  host:            string
+  status:          string       // "READY" | "IN_PROGRESS" | "ERROR"
+  grade:           string       // best grade across all endpoints
+  endpoints:       SslEndpoint[]
+  vulnerabilities: string[]     // names of detected vulnerabilities
+  scanUrl:         string       // direct browser link to results
+}
+
+// ── Grade ordering ────────────────────────────────────────────
+
+const GRADE_ORDER = ['A+', 'A', 'A-', 'B', 'C', 'D', 'E', 'F', 'T', 'M']
+
+function bestGrade(grades: string[]): string {
+  let best = ''
+  for (const g of grades) {
+    const gi = GRADE_ORDER.indexOf(g)
+    const bi = GRADE_ORDER.indexOf(best)
+    if (gi >= 0 && (bi < 0 || gi < bi)) best = g
+  }
+  return best || 'N/A'
+}
+
+// ── Vulnerability detection ───────────────────────────────────
+
+function detectVulns(endpointDetails: any): string[] {
+  if (!endpointDetails) return []
+  const d     = endpointDetails
+  const found: string[] = []
+
+  if (d.heartbleed)                             found.push('Heartbleed (CVE-2014-0160)')
+  if (d.poodleSsl)                              found.push('POODLE (SSLv3)')
+  if (d.poodleTls === 2)                        found.push('POODLE (TLS)')
+  if (d.freak)                                  found.push('FREAK')
+  if (d.logjam)                                 found.push('Logjam')
+  if (d.drownVulnerable)                        found.push('DROWN')
+  if (d.ticketbleed === 2)                      found.push('Ticketbleed')
+  if (d.bleichenbacher === 2 || d.bleichenbacher === 3) found.push('ROBOT/Bleichenbacher')
+  if (d.zombiePoodle === 2)                     found.push('Zombie POODLE')
+  if (d.goldenDoodle === 2)                     found.push('GoldenDoodle')
+  if (d.openSSLLuckyMinus20 === 2)              found.push('Lucky MINUS 20')
+
+  return found
+}
+
+// ── Parse raw SSL Labs response ───────────────────────────────
+
+function parseResponse(host: string, raw: any): SslScanResult {
+  const scanUrl = `https://www.ssllabs.com/ssltest/analyze.html?d=${encodeURIComponent(host)}&hideResults=on`
+
+  if (raw.status !== 'READY') {
+    return { host, status: raw.status ?? 'UNKNOWN', grade: 'N/A', endpoints: [], vulnerabilities: [], scanUrl }
+  }
+
+  const endpoints: SslEndpoint[] = (raw.endpoints ?? []).map((ep: any) => ({
+    ip:             ep.ipAddress ?? '',
+    grade:          ep.grade     ?? ep.gradeTrustIgnored ?? 'N/A',
+    statusMessage:  ep.statusMessage ?? '',
+    protocols:      (ep.details?.protocols ?? []).map((p: any) => ({
+      name:    p.name    ?? 'TLS',
+      version: p.version ?? '',
+    })),
+    forwardSecrecy: (ep.details?.forwardSecrecy ?? 0) >= 2,
+  }))
+
+  const allVulns = new Set<string>()
+  for (const ep of (raw.endpoints ?? [])) {
+    for (const v of detectVulns(ep.details)) allVulns.add(v)
+  }
+
+  return {
+    host,
+    status:          'READY',
+    grade:           bestGrade(endpoints.map(e => e.grade)),
+    endpoints,
+    vulnerabilities: [...allVulns],
+    scanUrl,
+  }
+}
+
+// ── Public API ────────────────────────────────────────────────
+
+/**
+ * Return the SSL Labs browser report URL immediately — no waiting.
+ *
+ * Use this when the user just wants a link rather than waiting 60–120s.
+ */
+export function quickScan(host: string): string {
+  const h = host.replace(/^https?:\/\//i, '').replace(/\/.*$/, '')
+  return `https://www.ssllabs.com/ssltest/analyze.html?d=${encodeURIComponent(h)}&hideResults=on&ignoreMismatch=on`
+}
+
+/**
+ * Run a full SSL Labs scan with long-polling.
+ *
+ * Starts a new scan, polls every `pollIntervalMs` until the status is READY,
+ * then returns parsed results. Throws if the scan fails or times out.
+ *
+ * @param host             Domain to scan (e.g. "github.com")
+ * @param options.maxWaitSeconds  Maximum seconds to wait (default 180)
+ * @param options.pollIntervalMs  Milliseconds between polls (default 20000)
+ */
+export async function scan(
+  host: string,
+  options?: { maxWaitSeconds?: number; pollIntervalMs?: number },
+): Promise<SslScanResult> {
+  const maxWait  = (options?.maxWaitSeconds ?? 180) * 1_000
+  const pollMs   = options?.pollIntervalMs  ?? 20_000
+  const cleanHost = host.replace(/^https?:\/\//i, '').replace(/\/.*$/, '')
+  const scanUrl  = quickScan(cleanHost)
+
+  // Start a fresh scan
+  let raw = await skill.get('/analyze', {
+    host:     cleanHost,
+    publish:  'off',
+    startNew: 'on',
+    all:      'done',
+  })
+
+  const start = Date.now()
+
+  // Poll until READY, ERROR, or timeout
+  while (raw.status !== 'READY' && raw.status !== 'ERROR') {
+    if (Date.now() - start >= maxWait) {
+      throw new Error(
+        `SSL Labs scan for "${cleanHost}" timed out after ${options?.maxWaitSeconds ?? 180}s.\n` +
+        `View progress at: ${scanUrl}`,
+      )
+    }
+    await new Promise(r => setTimeout(r, pollMs))
+    raw = await skill.get('/analyze', {
+      host:    cleanHost,
+      publish: 'off',
+      all:     'done',
+    })
+  }
+
+  if (raw.status === 'ERROR') {
+    throw new Error(
+      `SSL Labs scan failed for "${cleanHost}": ${raw.statusMessage ?? 'unknown error'}\n` +
+      `View at: ${scanUrl}`,
+    )
+  }
+
+  return parseResponse(cleanHost, raw)
+}
+
+/** Format an SslScanResult as a human-readable string. */
+export function formatScan(result: SslScanResult): string {
+  if (result.status !== 'READY') {
+    return `SSL Labs scan for ${result.host}: status = ${result.status}\n${result.scanUrl}`
+  }
+
+  const lines = [
+    `Host:    ${result.host}`,
+    `Grade:   ${result.grade}`,
+    '',
+    'Endpoints:',
+    ...result.endpoints.map(ep => {
+      const protos = ep.protocols.map(p => `${p.name} ${p.version}`).join(', ')
+      const fs     = ep.forwardSecrecy ? ' FS' : ''
+      return `  ${ep.ip}  ${ep.grade}${fs}  [${protos || 'no protocol data'}]`
+    }),
+  ]
+
+  if (result.vulnerabilities.length > 0) {
+    lines.push('', '⚠️  Vulnerabilities:')
+    result.vulnerabilities.forEach(v => lines.push(`  • ${v}`))
+  } else {
+    lines.push('', '✅ No known vulnerabilities detected')
+  }
+
+  lines.push('', `Full report: ${result.scanUrl}`)
+
+  return lines.join('\n')
+}

package/workspace-templates/skills/ssllabs/skill.json

@@ -0,0 +1,27 @@
+{
+  "name": "ssllabs",
+  "version": "1.0.0",
+  "description": "Comprehensive TLS/SSL analysis via Qualys SSL Labs — grades cipher suites, certificate chains, protocol versions, and known vulnerabilities",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "ssl",
+    "tls",
+    "certificates",
+    "ssllabs",
+    "qualys",
+    "https",
+    "ciphers",
+    "heartbleed",
+    "poodle",
+    "compliance"
+  ],
+  "created": "2026-04-27T17:11:40.749Z"
+}

package/workspace-templates/skills/stable-diffusion-image-generation/SKILL.md

@@ -0,0 +1,136 @@
+---
+name: stable-diffusion-image-generation
+description: Generate images using Stable Diffusion via HuggingFace Diffusers library locally or via API
+category: creative
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: stable-diffusion, image-generation, ai-art, diffusers, huggingface, text-to-image, sdxl, creative
+---
+
+# Stable Diffusion Image Generation
+
+Generate images from text prompts using Stable Diffusion locally via HuggingFace Diffusers, or via the HuggingFace Inference API for zero-install operation.
+
+## When to Use
+
+- User wants to generate an image from a text description
+- User wants to create concept art, illustrations, or visual mockups
+- User wants to experiment with AI image generation locally
+- User wants to generate multiple variations of an image
+- User wants to use img2img (image-to-image) transformation
+
+## How to Use
+
+### 1. Quick generation via HuggingFace Inference API (no GPU needed)
+
+```python
+import requests, base64, os
+
+def generate_image_api(prompt, output="output.png"):
+  api_url = "https://api-inference.huggingface.co/models/stabilityai/stable-diffusion-xl-base-1.0"
+  headers = {"Authorization": f"Bearer {os.environ['HF_TOKEN']}"}
+  resp    = requests.post(api_url, headers=headers, json={"inputs": prompt}, timeout=120)
+  resp.raise_for_status()
+  with open(output, "wb") as f:
+    f.write(resp.content)
+  print(f"Saved: {output}")
+
+# Set HF_TOKEN in env: huggingface.co/settings/tokens
+generate_image_api("a futuristic city at night, cyberpunk style, neon lights, 8k")
+```
+
+### 2. Local generation with Diffusers (requires GPU or CPU + patience)
+
+```python
+# pip install diffusers transformers accelerate torch
+from diffusers import StableDiffusionXLPipeline
+import torch
+
+pipe = StableDiffusionXLPipeline.from_pretrained(
+  "stabilityai/stable-diffusion-xl-base-1.0",
+  torch_dtype=torch.float16,
+  use_safetensors=True
+)
+pipe = pipe.to("cuda")   # use "cpu" if no GPU (very slow)
+
+image = pipe(
+  prompt="a majestic mountain landscape at golden hour, photorealistic",
+  negative_prompt="blurry, low quality, cartoon",
+  num_inference_steps=30,
+  guidance_scale=7.5,
+  width=1024, height=1024
+).images[0]
+
+image.save("landscape.png")
+print("Saved: landscape.png")
+```
+
+### 3. Generate multiple variations
+
+```python
+images = pipe(
+  prompt="a robot reading a book in a cozy library",
+  num_images_per_prompt=4,
+  num_inference_steps=25,
+).images
+
+for i, img in enumerate(images):
+  img.save(f"variation_{i+1}.png")
+  print(f"Saved variation_{i+1}.png")
+```
+
+### 4. Write effective prompts
+
+Good prompt structure:
+```
+[subject], [style], [setting/background], [lighting], [quality tags]
+
+Examples:
+"a golden retriever puppy, oil painting style, in a sunlit meadow, warm afternoon light, highly detailed"
+"abstract data visualization, dark background, glowing cyan lines, geometric patterns, 4k"
+"portrait of a scientist, dramatic studio lighting, photorealistic, sharp focus, professional headshot"
+```
+
+Useful negative prompt additions:
+```
+"blurry, low quality, watermark, signature, deformed, extra limbs, bad anatomy, poorly drawn"
+```
+
+### 5. CPU-only generation (slower but works without GPU)
+
+```python
+from diffusers import StableDiffusionPipeline
+import torch
+
+pipe = StableDiffusionPipeline.from_pretrained(
+  "runwayml/stable-diffusion-v1-5",
+  torch_dtype=torch.float32
+)
+
+image = pipe(
+  prompt="a simple landscape, watercolor style",
+  num_inference_steps=15,    # fewer steps = faster on CPU
+  width=512, height=512      # smaller size for CPU
+).images[0]
+image.save("output.png")
+```
+
+## Examples
+
+**"Generate an image of a futuristic AI lab"**
+→ Use step 1 (API) if `HF_TOKEN` is set. Prompt: `"futuristic AI research lab, holographic displays, clean aesthetic, cinematic lighting"`.
+
+**"Create 4 variations of a logo concept for a tech startup"**
+→ Use step 3 with a logo-style prompt and `num_images_per_prompt=4`.
+
+**"Generate an image locally without internet"**
+→ Use step 2 (local Diffusers). SDXL needs ~8GB VRAM; for CPU use step 5 with SD v1.5 at 512×512.
+
+## Cautions
+
+- SDXL requires at least 8GB VRAM for float16; use SD v1.5 (step 5) on CPU or low-VRAM GPUs
+- First run downloads model weights (~6-7GB) — this takes time; subsequent runs use cache
+- HuggingFace Inference API free tier has rate limits — set a delay between requests for batch generation
+- Generated images may reflect biases in training data — review outputs before publishing
+- `HF_TOKEN` must be set as an environment variable — never hardcode it in scripts

package/workspace-templates/skills/stable-diffusion-image-generation/skill.json

@@ -0,0 +1,24 @@
+{
+  "name": "stable-diffusion-image-generation",
+  "version": "1.0.0",
+  "description": "Generate images using Stable Diffusion via HuggingFace Diffusers library locally or via API",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "stable-diffusion",
+    "image-generation",
+    "ai-art",
+    "diffusers",
+    "huggingface",
+    "text-to-image",
+    "sdxl",
+    "creative"
+  ],
+  "created": "2026-04-27T17:11:40.763Z"
+}

package/workspace-templates/skills/systematic-debugging/SKILL.md

@@ -0,0 +1,131 @@
+---
+name: systematic-debugging
+description: Four-phase root cause investigation process for diagnosing bugs, errors, and unexpected behavior
+category: developer
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: debugging, root-cause, investigation, bug, error, diagnosis, troubleshooting, logs, testing
+---
+
+# Systematic Debugging
+
+A structured four-phase process for diagnosing software bugs: **Reproduce → Isolate → Hypothesize → Verify**. Prevents guessing and ensures you find the root cause, not just a workaround.
+
+## When to Use
+
+- User reports a bug or unexpected behavior without an obvious cause
+- An error message appears but the source is unclear
+- A fix was applied but the problem persists
+- Tests are failing intermittently (flaky tests)
+- Production behavior differs from local behavior
+
+## How to Use
+
+### Phase 1: Reproduce reliably
+
+A bug you can reproduce consistently is halfway solved.
+
+```
+1. Get the exact error message, stack trace, and environment
+2. Identify exact steps to trigger the bug
+3. Confirm the bug happens in a clean environment (not just local state)
+4. Record: OS, runtime version, dependencies, config values
+5. Try: does it fail on every run, or only sometimes?
+```
+
+If intermittent: add timing, logging, or retry logic to isolate the trigger.
+
+### Phase 2: Isolate the failure
+
+Narrow the failure to the smallest possible unit.
+
+```
+1. Add logging before/after suspected areas to find where state diverges
+2. Binary search through code: comment out half, does it still fail?
+3. Check: when did this last work? (git log, git bisect)
+4. Check: what changed recently? (git diff main, dependency updates)
+5. Reproduce in a minimal test case — strip away all unrelated code
+```
+
+```powershell
+# git bisect to find the breaking commit
+git bisect start
+git bisect bad                  # current commit is broken
+git bisect good v2.0.0          # last known good tag
+# git will checkout commits — test each, then:
+git bisect good   # or
+git bisect bad
+# Repeat until git identifies the culprit commit
+git bisect reset
+```
+
+### Phase 3: Generate hypotheses
+
+Form 2-3 specific, testable hypotheses about the root cause.
+
+```
+Bad hypothesis:  "Something is wrong with the database"
+Good hypothesis: "The connection pool is exhausted under concurrent load
+                  because maxConnections defaults to 5 in test config"
+
+For each hypothesis:
+- What evidence supports it?
+- What evidence would refute it?
+- What one-line change would test it?
+```
+
+Rank by probability and test from most to least likely.
+
+### Phase 4: Verify and fix
+
+Prove the fix, not just that the error goes away.
+
+```
+1. Apply the smallest change that addresses the root cause
+2. Run the original reproduction steps — confirm bug is gone
+3. Run the full test suite — confirm no regressions
+4. Check edge cases: empty input, null values, concurrent access
+5. Write a regression test that would have caught this bug
+```
+
+```python
+# Regression test template
+def test_issue_42_connection_pool_exhaustion():
+  """
+  Regression test: ensure concurrent requests don't exhaust the connection pool.
+  Root cause: maxConnections was not configurable; defaulted to 5 in test.
+  Fixed in commit abc123.
+  """
+  results = run_concurrent_requests(count=20)
+  assert all(r.status_code == 200 for r in results), "Some requests failed under concurrency"
+```
+
+### Debugging cheat sheet
+
+```
+Error: KeyError / undefined           → check input shapes; add null guard
+Error: Off-by-one                     → examine loop bounds and index math
+Error: Works locally, fails in CI     → check env vars, file paths, timing
+Error: Works first run, fails after   → check state mutation, cache, side effects
+Error: Inconsistent / race condition  → check shared mutable state, locks
+Error: Memory leak                    → profile allocations; check event listener cleanup
+```
+
+## Examples
+
+**"My API returns 500 randomly but I can't reproduce it"**
+→ Start at Phase 1 — add structured logging with request IDs. Once patterns emerge, apply Phase 2 binary search.
+
+**"Tests pass locally but fail in GitHub Actions"**
+→ Phase 2: diff the environments (OS, Node version, env vars). Often caused by missing env vars or OS path differences.
+
+**"I fixed the bug but it came back after a week"**
+→ Phase 4: add a regression test and check if the root cause fix addressed the underlying issue or just a symptom.
+
+## Cautions
+
+- Never apply multiple changes at once when debugging — you won't know which one fixed it
+- "Works on my machine" is a Phase 1 failure — always reproduce in the target environment
+- Logs and print statements are powerful — do not underestimate them in favor of complex tooling
+- Document the root cause in the fix commit message so future developers understand why the change was made

package/workspace-templates/skills/systematic-debugging/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "systematic-debugging",
+  "version": "1.0.0",
+  "description": "Four-phase root cause investigation process for diagnosing bugs, errors, and unexpected behavior",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "debugging",
+    "root-cause",
+    "investigation",
+    "bug",
+    "error",
+    "diagnosis",
+    "troubleshooting",
+    "logs",
+    "testing"
+  ],
+  "created": "2026-04-27T17:11:40.778Z"
+}