aiden-runtime 3.19.5 → 3.19.7

package/workspace-templates/skills/cveapi/index.ts

@@ -0,0 +1,249 @@
+// skills/cveapi/index.ts
+// Programmatic handler — CVE lookup via MITRE CVE API with NVD fallback.
+
+import { ApiSkill } from '../../core/apiSkillBase'
+
+// Primary: MITRE CVE API (cveawg.mitre.org)
+const mitre = new ApiSkill({
+  name:      'cveapi-mitre',
+  baseUrl:   'https://cveawg.mitre.org/api',
+  authType:  'none',
+  rateLimit: { requests: 10, windowMs: 1_000 },
+  timeout:   20_000,
+  retries:   2,
+})
+
+// Fallback: NVD (nvd.nist.gov) — optional API key for higher rate limits
+function makeNvd(): ApiSkill {
+  const nvdKey = process.env['NVD_API_KEY']
+  if (nvdKey) {
+    return new ApiSkill({
+      name:       'cveapi-nvd',
+      baseUrl:    'https://services.nvd.nist.gov/rest/json',
+      authType:   'header',
+      authHeader: 'apiKey',
+      apiKey:     nvdKey,
+      rateLimit:  { requests: 50, windowMs: 30_000 },
+      timeout:    25_000,
+      retries:    2,
+    })
+  }
+  return new ApiSkill({
+    name:      'cveapi-nvd',
+    baseUrl:   'https://services.nvd.nist.gov/rest/json',
+    authType:  'none',
+    rateLimit: { requests: 5, windowMs: 30_000 },
+    timeout:   25_000,
+    retries:   2,
+  })
+}
+
+// ── Normalised output shape ───────────────────────────────────
+
+export interface CveReport {
+  id:            string
+  state:         string
+  description:   string
+  severity:      string       // CRITICAL / HIGH / MEDIUM / LOW / NONE / UNKNOWN
+  cvssScore:     number | null
+  cvssVector:    string
+  publishedDate: string
+  references:    string[]
+  affected:      string[]     // "vendor product version" strings
+  source:        'mitre' | 'nvd'
+}
+
+// ── MITRE parser ──────────────────────────────────────────────
+
+/** Extract CVSS score from a metrics array (cna or adp). */
+function extractCvss(metrics: any[]): { score: number | null; vector: string; severity: string } {
+  for (const metric of (metrics ?? [])) {
+    // Prefer cvssV3_1, then cvssV3_0, then cvssV2_0
+    for (const key of ['cvssV3_1', 'cvssV3_0', 'cvssV2_0']) {
+      if (metric[key]) {
+        const m = metric[key]
+        return {
+          score:    m.baseScore     ?? null,
+          vector:   m.vectorString  ?? '',
+          severity: m.baseSeverity  ?? 'UNKNOWN',
+        }
+      }
+    }
+    // Also catch any key that starts with cvssV3 (future proofing)
+    for (const key of Object.keys(metric)) {
+      if (key.startsWith('cvssV3')) {
+        const m = metric[key]
+        return {
+          score:    m.baseScore    ?? null,
+          vector:   m.vectorString ?? '',
+          severity: m.baseSeverity ?? 'UNKNOWN',
+        }
+      }
+    }
+  }
+  return { score: null, vector: '', severity: 'UNKNOWN' }
+}
+
+function parseMitre(raw: any): CveReport {
+  const meta  = raw.cveMetadata     ?? {}
+  const cna   = raw.containers?.cna ?? {}
+  const adps  = raw.containers?.adp ?? []   // Additional Data Providers (e.g. NIST)
+
+  const description =
+    (cna.descriptions ?? []).find((d: any) => d.lang === 'en')?.value ?? ''
+
+  // Try CNA metrics first; fall back to any ADP that has CVSS
+  let cvssScore:  number | null = null
+  let cvssVector = ''
+  let severity   = 'UNKNOWN'
+
+  const cnaResult = extractCvss(cna.metrics ?? [])
+  if (cnaResult.score !== null) {
+    cvssScore  = cnaResult.score
+    cvssVector = cnaResult.vector
+    severity   = cnaResult.severity
+  } else {
+    for (const adp of adps) {
+      const adpResult = extractCvss(adp.metrics ?? [])
+      if (adpResult.score !== null) {
+        cvssScore  = adpResult.score
+        cvssVector = adpResult.vector
+        severity   = adpResult.severity
+        break
+      }
+    }
+  }
+
+  const references = (cna.references ?? [])
+    .map((r: any) => r.url as string)
+    .filter(Boolean)
+    .slice(0, 10)
+
+  const affected: string[] = []
+  for (const aff of (cna.affected ?? [])) {
+    const vendor  = aff.vendor  ?? ''
+    const product = aff.product ?? ''
+    for (const ver of (aff.versions ?? [])) {
+      if (ver.status === 'affected') {
+        affected.push(`${vendor} ${product} ${ver.version}`.trim())
+      }
+    }
+    if ((aff.versions ?? []).length === 0 && (vendor || product)) {
+      affected.push(`${vendor} ${product}`.trim())
+    }
+  }
+
+  return {
+    id:            meta.cveId         ?? '',
+    state:         meta.state         ?? '',
+    description,
+    severity,
+    cvssScore,
+    cvssVector,
+    publishedDate: meta.datePublished ?? '',
+    references,
+    affected:      [...new Set(affected)].slice(0, 20),
+    source:        'mitre',
+  }
+}
+
+// ── NVD parser ────────────────────────────────────────────────
+
+function parseNvd(raw: any): CveReport {
+  const cve     = raw.vulnerabilities?.[0]?.cve ?? {}
+  const metrics = cve.metrics                   ?? {}
+
+  const description =
+    (cve.descriptions ?? []).find((d: any) => d.lang === 'en')?.value ?? ''
+
+  let cvssScore:  number | null = null
+  let cvssVector = ''
+  let severity   = 'UNKNOWN'
+
+  // Prefer V3.1, then V3.0, then V2.0
+  const v31 = metrics.cvssMetricV31?.[0]?.cvssData
+  const v30 = metrics.cvssMetricV30?.[0]?.cvssData
+  const v2  = metrics.cvssMetricV2?.[0]?.cvssData
+
+  const chosen = v31 ?? v30 ?? v2
+  if (chosen) {
+    cvssScore  = chosen.baseScore    ?? null
+    cvssVector = chosen.vectorString ?? ''
+    severity   = chosen.baseSeverity ?? (v2 ? (chosen.baseScore >= 7 ? 'HIGH' : chosen.baseScore >= 4 ? 'MEDIUM' : 'LOW') : 'UNKNOWN')
+  }
+
+  const references = (cve.references ?? [])
+    .map((r: any) => r.url as string)
+    .filter(Boolean)
+    .slice(0, 10)
+
+  return {
+    id:            cve.id          ?? '',
+    state:         cve.vulnStatus  ?? '',
+    description,
+    severity,
+    cvssScore,
+    cvssVector,
+    publishedDate: cve.published   ?? '',
+    references,
+    affected:      [],   // NVD configuration data is complex — omit for brevity
+    source:        'nvd',
+  }
+}
+
+// ── Public API ────────────────────────────────────────────────
+
+/**
+ * Look up a CVE by ID (e.g. "CVE-2021-44228").
+ *
+ * Tries MITRE CVE API first; falls back to NVD if that fails.
+ * Returns a normalised CveReport regardless of source.
+ */
+export async function lookupCve(cveId: string): Promise<CveReport> {
+  const id = cveId.trim().toUpperCase()
+
+  // Validate format
+  if (!/^CVE-\d{4}-\d{4,}$/i.test(id)) {
+    throw new Error(`Invalid CVE ID format: "${cveId}". Expected CVE-YYYY-NNNNN`)
+  }
+
+  // Try MITRE first
+  try {
+    const raw = await mitre.get(`/cve/${encodeURIComponent(id)}`)
+    return parseMitre(raw)
+  } catch (mitreErr: any) {
+    // Fall through to NVD on any error
+  }
+
+  // NVD fallback
+  const nvd = makeNvd()
+  const raw = await nvd.get('/cves/2.0', { cveId: id })
+  return parseNvd(raw)
+}
+
+/** Format a CveReport as a human-readable summary string. */
+export function formatCve(report: CveReport): string {
+  const scoreStr = report.cvssScore !== null ? String(report.cvssScore) : 'N/A'
+  const lines = [
+    `CVE ID:      ${report.id}`,
+    `Severity:    ${report.severity} (CVSS ${scoreStr})`,
+    `State:       ${report.state}`,
+    `Published:   ${report.publishedDate}`,
+    `Source:      ${report.source.toUpperCase()}`,
+    '',
+    `Description: ${report.description}`,
+  ]
+
+  if (report.affected.length > 0) {
+    lines.push('', 'Affected:')
+    report.affected.slice(0, 5).forEach(a => lines.push(`  • ${a}`))
+    if (report.affected.length > 5) lines.push(`  … and ${report.affected.length - 5} more`)
+  }
+
+  if (report.references.length > 0) {
+    lines.push('', 'References:')
+    report.references.slice(0, 5).forEach(r => lines.push(`  ${r}`))
+  }
+
+  return lines.join('\n')
+}

package/workspace-templates/skills/cveapi/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "cveapi",
+  "version": "1.0.0",
+  "description": "Look up CVE vulnerability details by ID via MITRE CVE API with NVD fallback — severity, CVSS score, affected products, and references",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "cve",
+    "vulnerability",
+    "nvd",
+    "mitre",
+    "cvss",
+    "patch",
+    "incident-response",
+    "compliance"
+  ],
+  "created": "2026-04-27T17:11:39.429Z"
+}

package/workspace-templates/skills/docker-management/SKILL.md

@@ -0,0 +1,156 @@
+---
+name: docker-management
+description: Manage Docker containers, images, volumes, and networks via the Docker CLI and Dockerode API
+category: developer
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: docker, containers, images, volumes, networks, compose, dockerode, devops, deployment
+---
+
+# Docker Container Management
+
+Manage Docker containers, images, volumes, and networks using the Docker CLI or Dockerode (Node.js Docker API client already in DevOS).
+
+## When to Use
+
+- User wants to list running or stopped containers
+- User wants to start, stop, or restart a container
+- User wants to pull, build, or remove Docker images
+- User wants to view container logs
+- User wants to inspect container resource usage
+
+## How to Use
+
+### 1. List containers
+
+```powershell
+# Running containers
+docker ps
+
+# All containers including stopped
+docker ps -a --format "table {{.Names}}\t{{.Status}}\t{{.Image}}\t{{.Ports}}"
+```
+
+### 2. Start, stop, and restart containers
+
+```powershell
+docker start  my-container
+docker stop   my-container
+docker restart my-container
+
+# Stop all running containers
+docker stop $(docker ps -q)
+```
+
+### 3. View container logs
+
+```powershell
+# Last 100 lines
+docker logs my-container --tail 100
+
+# Follow live output
+docker logs my-container --follow --tail 50
+```
+
+### 4. Manage images
+
+```powershell
+# List images
+docker images
+
+# Pull latest image
+docker pull nginx:latest
+
+# Remove image
+docker rmi nginx:latest
+
+# Build from Dockerfile in current directory
+docker build -t my-app:v1 .
+```
+
+### 5. Container resource usage
+
+```powershell
+# Live resource stats (CPU, memory, network)
+docker stats --no-stream
+
+# Inspect a specific container
+docker inspect my-container | python -m json.tool
+```
+
+### 6. Manage volumes and networks
+
+```powershell
+# List volumes
+docker volume ls
+
+# List networks
+docker network ls
+
+# Remove unused volumes (reclaim disk)
+docker volume prune -f
+
+# Remove stopped containers, unused images, and networks
+docker system prune -f
+```
+
+### 7. Execute commands inside a container
+
+```powershell
+# Interactive shell
+docker exec -it my-container /bin/bash
+
+# Run a single command
+docker exec my-container cat /etc/nginx/nginx.conf
+```
+
+### 8. Docker Compose operations
+
+```powershell
+# Start all services defined in docker-compose.yml
+docker compose up -d
+
+# View logs for all services
+docker compose logs -f
+
+# Stop and remove containers
+docker compose down
+
+# Rebuild and restart a specific service
+docker compose up -d --build api
+```
+
+### 9. Use Dockerode API (Node.js)
+
+```javascript
+// Already available in DevOS dependencies
+const Dockerode = require('dockerode')
+const docker    = new Dockerode()
+
+const containers = await docker.listContainers({ all: true })
+containers.forEach(c => console.log(c.Names[0], c.State, c.Image))
+
+const container = docker.getContainer('my-container')
+await container.restart()
+console.log('Restarted')
+```
+
+## Examples
+
+**"Show me all running containers and their ports"**
+→ Use step 1 with `docker ps` and the format string.
+
+**"The nginx container seems slow — show me its CPU and memory usage"**
+→ Use step 5 with `docker stats --no-stream` filtered to the nginx container.
+
+**"Rebuild and restart the API service after my code change"**
+→ Use step 8: `docker compose up -d --build api`.
+
+## Cautions
+
+- `docker system prune` removes ALL stopped containers, unused images, and networks — confirm with the user first
+- `docker stop $(docker ps -q)` stops ALL running containers — confirm which containers to stop
+- Bind mounts expose host filesystem paths to containers — check paths before mounting
+- For production deployments, prefer `docker compose` or Kubernetes over direct `docker run` commands
+- Container logs can grow very large — use `--tail` to limit output for inspection

package/workspace-templates/skills/docker-management/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "docker-management",
+  "version": "1.0.0",
+  "description": "Manage Docker containers, images, volumes, and networks via the Docker CLI and Dockerode API",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "docker",
+    "containers",
+    "images",
+    "volumes",
+    "networks",
+    "compose",
+    "dockerode",
+    "devops",
+    "deployment"
+  ],
+  "created": "2026-04-27T17:11:39.484Z"
+}

package/workspace-templates/skills/excalidraw/SKILL.md

@@ -0,0 +1,148 @@
+---
+name: excalidraw
+description: Create hand-drawn style diagrams and sketches in Excalidraw JSON format for architecture, flowcharts, and system design
+category: productivity
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: excalidraw, diagram, architecture, flowchart, sketch, visualization, json, drawing, design
+---
+
+# Excalidraw Diagram Creation
+
+Generate Excalidraw scene files (`.excalidraw`) by writing JSON that the Excalidraw app can open directly. Ideal for architecture diagrams, flowcharts, mind maps, and system design sketches in the characteristic hand-drawn style.
+
+## When to Use
+
+- User wants a system architecture or component diagram
+- User wants a flowchart or decision tree
+- User wants a sequence or interaction diagram
+- User wants a mind map or concept map
+- User wants any visual sketch they can open and edit in Excalidraw
+
+## How to Use
+
+### 1. Understand the Excalidraw JSON schema
+
+An Excalidraw file is a JSON object with this top-level structure:
+
+```json
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [],
+  "appState": { "viewBackgroundColor": "#ffffff" },
+  "files": {}
+}
+```
+
+Each element in `"elements"` is a shape with a common set of fields:
+
+```json
+{
+  "id": "unique-id",
+  "type": "rectangle",
+  "x": 100, "y": 100,
+  "width": 200, "height": 80,
+  "angle": 0,
+  "strokeColor": "#1e1e1e",
+  "backgroundColor": "#a5d8ff",
+  "fillStyle": "hachure",
+  "strokeWidth": 2,
+  "roughness": 1,
+  "opacity": 100
+}
+```
+
+Common element types: `rectangle`, `ellipse`, `diamond`, `arrow`, `line`, `text`, `freedraw`.
+
+### 2. Add text labels
+
+Use a `text` element positioned over or near shapes:
+
+```json
+{
+  "id": "txt-1",
+  "type": "text",
+  "x": 130, "y": 130,
+  "width": 140, "height": 25,
+  "text": "Web Server",
+  "fontSize": 16,
+  "fontFamily": 1,
+  "textAlign": "center",
+  "verticalAlign": "middle"
+}
+```
+
+### 3. Connect shapes with arrows
+
+```json
+{
+  "id": "arrow-1",
+  "type": "arrow",
+  "x": 300, "y": 140,
+  "width": 100, "height": 0,
+  "points": [[0, 0], [100, 0]],
+  "startArrowhead": null,
+  "endArrowhead": "arrow",
+  "strokeColor": "#1e1e1e",
+  "strokeWidth": 2,
+  "roughness": 1
+}
+```
+
+### 4. Generate and save the file
+
+```python
+import json, uuid
+
+def make_rect(x, y, w, h, label, bg="#a5d8ff"):
+  eid = str(uuid.uuid4())[:8]
+  return [
+    { "id": eid, "type": "rectangle", "x": x, "y": y, "width": w, "height": h,
+      "angle": 0, "strokeColor": "#1e1e1e", "backgroundColor": bg,
+      "fillStyle": "hachure", "strokeWidth": 2, "roughness": 1, "opacity": 100 },
+    { "id": eid+"t", "type": "text", "x": x+10, "y": y+(h//2)-10,
+      "width": w-20, "height": 20, "text": label, "fontSize": 16,
+      "fontFamily": 1, "textAlign": "center", "verticalAlign": "middle",
+      "strokeColor": "#1e1e1e", "opacity": 100 }
+  ]
+
+elements = []
+elements += make_rect(100, 100, 160, 60, "Browser", "#ffd43b")
+elements += make_rect(350, 100, 160, 60, "API Server", "#a5d8ff")
+elements += make_rect(600, 100, 160, 60, "Database", "#b2f2bb")
+
+scene = { "type": "excalidraw", "version": 2, "source": "https://excalidraw.com",
+          "elements": elements, "appState": { "viewBackgroundColor": "#ffffff" }, "files": {} }
+
+with open("architecture.excalidraw", "w") as f:
+  json.dump(scene, f, indent=2)
+print("Saved architecture.excalidraw — open in https://excalidraw.com")
+```
+
+### 5. Open the file
+
+The user can open the `.excalidraw` file by:
+- Dragging it into https://excalidraw.com in a browser
+- Opening it via File → Open in the Excalidraw desktop app
+
+## Examples
+
+**"Draw a simple 3-tier web architecture diagram"**
+→ Use step 4 to generate three rectangles (Browser → API Server → Database) with connecting arrows. Save as `architecture.excalidraw`.
+
+**"Create a flowchart for a login process"**
+→ Use rectangles for steps, diamonds for decisions, arrows for flow. Generate JSON and save.
+
+**"Make a mind map about machine learning concepts"**
+→ Place a central ellipse, surround with connected sub-topic ellipses using short arrows.
+
+## Cautions
+
+- All coordinates are in pixels — plan layout with approximate x/y offsets before generating
+- Excalidraw IDs must be unique per element — always use `uuid.uuid4()` or similar
+- The `roughness` property (0–2) controls the hand-drawn effect: 0=clean, 1=normal, 2=very rough
+- Very large diagrams (> 200 elements) may be slow to render in the browser
+- Excalidraw JSON format may evolve — use `"version": 2` which is the stable current format

package/workspace-templates/skills/excalidraw/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "excalidraw",
+  "version": "1.0.0",
+  "description": "Create hand-drawn style diagrams and sketches in Excalidraw JSON format for architecture, flowcharts, and system design",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "excalidraw",
+    "diagram",
+    "architecture",
+    "flowchart",
+    "sketch",
+    "visualization",
+    "json",
+    "drawing",
+    "design"
+  ],
+  "created": "2026-04-27T17:11:39.517Z"
+}