npm - aidevops - Versions diffs - 2.52.1 - Mend

aidevops 2.52.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/.agent/AGENTS.md +614 -0
package/.agent/accounts.md +65 -0
package/.agent/aidevops/add-new-mcp-to-aidevops.md +456 -0
package/.agent/aidevops/api-integrations.md +335 -0
package/.agent/aidevops/architecture.md +510 -0
package/.agent/aidevops/configs.md +274 -0
package/.agent/aidevops/docs.md +244 -0
package/.agent/aidevops/extension.md +311 -0
package/.agent/aidevops/mcp-integrations.md +340 -0
package/.agent/aidevops/mcp-troubleshooting.md +162 -0
package/.agent/aidevops/memory-patterns.md +172 -0
package/.agent/aidevops/providers.md +217 -0
package/.agent/aidevops/recommendations.md +321 -0
package/.agent/aidevops/requirements.md +301 -0
package/.agent/aidevops/resources.md +214 -0
package/.agent/aidevops/security-requirements.md +174 -0
package/.agent/aidevops/security.md +350 -0
package/.agent/aidevops/service-links.md +400 -0
package/.agent/aidevops/services.md +357 -0
package/.agent/aidevops/setup.md +153 -0
package/.agent/aidevops/troubleshooting.md +389 -0
package/.agent/aidevops.md +124 -0
package/.agent/build-plus.md +244 -0
package/.agent/content/guidelines.md +109 -0
package/.agent/content.md +87 -0
package/.agent/health.md +59 -0
package/.agent/legal.md +59 -0
package/.agent/loop-state/full-loop.local.md +16 -0
package/.agent/loop-state/ralph-loop.local.md +10 -0
package/.agent/marketing.md +440 -0
package/.agent/memory/README.md +260 -0
package/.agent/onboarding.md +796 -0
package/.agent/plan-plus.md +245 -0
package/.agent/research.md +100 -0
package/.agent/sales.md +333 -0
package/.agent/scripts/101domains-helper.sh +701 -0
package/.agent/scripts/add-missing-returns.sh +140 -0
package/.agent/scripts/agent-browser-helper.sh +311 -0
package/.agent/scripts/agno-setup.sh +712 -0
package/.agent/scripts/ahrefs-mcp-wrapper.js +168 -0
package/.agent/scripts/aidevops-update-check.sh +71 -0
package/.agent/scripts/ampcode-cli.sh +522 -0
package/.agent/scripts/auto-version-bump.sh +156 -0
package/.agent/scripts/autogen-helper.sh +512 -0
package/.agent/scripts/beads-sync-helper.sh +596 -0
package/.agent/scripts/closte-helper.sh +5 -0
package/.agent/scripts/cloudron-helper.sh +321 -0
package/.agent/scripts/codacy-cli-chunked.sh +581 -0
package/.agent/scripts/codacy-cli.sh +442 -0
package/.agent/scripts/code-audit-helper.sh +5 -0
package/.agent/scripts/coderabbit-cli.sh +417 -0
package/.agent/scripts/coderabbit-pro-analysis.sh +238 -0
package/.agent/scripts/commands/code-simplifier.md +86 -0
package/.agent/scripts/commands/full-loop.md +246 -0
package/.agent/scripts/commands/postflight-loop.md +103 -0
package/.agent/scripts/commands/recall.md +182 -0
package/.agent/scripts/commands/remember.md +132 -0
package/.agent/scripts/commands/save-todo.md +175 -0
package/.agent/scripts/commands/session-review.md +154 -0
package/.agent/scripts/comprehensive-quality-fix.sh +106 -0
package/.agent/scripts/context-builder-helper.sh +522 -0
package/.agent/scripts/coolify-cli-helper.sh +674 -0
package/.agent/scripts/coolify-helper.sh +380 -0
package/.agent/scripts/crawl4ai-examples.sh +401 -0
package/.agent/scripts/crawl4ai-helper.sh +1078 -0
package/.agent/scripts/crewai-helper.sh +681 -0
package/.agent/scripts/dev-browser-helper.sh +513 -0
package/.agent/scripts/dns-helper.sh +396 -0
package/.agent/scripts/domain-research-helper.sh +917 -0
package/.agent/scripts/dspy-helper.sh +285 -0
package/.agent/scripts/dspyground-helper.sh +291 -0
package/.agent/scripts/eeat-score-helper.sh +1242 -0
package/.agent/scripts/efficient-return-fix.sh +92 -0
package/.agent/scripts/extract-opencode-prompts.sh +128 -0
package/.agent/scripts/find-missing-returns.sh +113 -0
package/.agent/scripts/fix-auth-headers.sh +104 -0
package/.agent/scripts/fix-common-strings.sh +254 -0
package/.agent/scripts/fix-content-type.sh +100 -0
package/.agent/scripts/fix-error-messages.sh +130 -0
package/.agent/scripts/fix-misplaced-returns.sh +74 -0
package/.agent/scripts/fix-remaining-literals.sh +152 -0
package/.agent/scripts/fix-return-statements.sh +41 -0
package/.agent/scripts/fix-s131-default-cases.sh +249 -0
package/.agent/scripts/fix-sc2155-simple.sh +102 -0
package/.agent/scripts/fix-shellcheck-critical.sh +187 -0
package/.agent/scripts/fix-string-literals.sh +273 -0
package/.agent/scripts/full-loop-helper.sh +773 -0
package/.agent/scripts/generate-opencode-agents.sh +497 -0
package/.agent/scripts/generate-opencode-commands.sh +1629 -0
package/.agent/scripts/generate-skills.sh +366 -0
package/.agent/scripts/git-platforms-helper.sh +640 -0
package/.agent/scripts/gitea-cli-helper.sh +743 -0
package/.agent/scripts/github-cli-helper.sh +702 -0
package/.agent/scripts/gitlab-cli-helper.sh +682 -0
package/.agent/scripts/gsc-add-user-helper.sh +325 -0
package/.agent/scripts/gsc-sitemap-helper.sh +678 -0
package/.agent/scripts/hetzner-helper.sh +485 -0
package/.agent/scripts/hostinger-helper.sh +229 -0
package/.agent/scripts/keyword-research-helper.sh +1815 -0
package/.agent/scripts/langflow-helper.sh +544 -0
package/.agent/scripts/linkedin-automation.py +241 -0
package/.agent/scripts/linter-manager.sh +599 -0
package/.agent/scripts/linters-local.sh +434 -0
package/.agent/scripts/list-keys-helper.sh +488 -0
package/.agent/scripts/local-browser-automation.py +339 -0
package/.agent/scripts/localhost-helper.sh +744 -0
package/.agent/scripts/loop-common.sh +806 -0
package/.agent/scripts/mainwp-helper.sh +728 -0
package/.agent/scripts/markdown-formatter.sh +338 -0
package/.agent/scripts/markdown-lint-fix.sh +311 -0
package/.agent/scripts/mass-fix-returns.sh +58 -0
package/.agent/scripts/mcp-diagnose.sh +167 -0
package/.agent/scripts/mcp-inspector-helper.sh +449 -0
package/.agent/scripts/memory-helper.sh +650 -0
package/.agent/scripts/monitor-code-review.sh +255 -0
package/.agent/scripts/onboarding-helper.sh +706 -0
package/.agent/scripts/opencode-github-setup-helper.sh +797 -0
package/.agent/scripts/opencode-test-helper.sh +213 -0
package/.agent/scripts/pagespeed-helper.sh +464 -0
package/.agent/scripts/pandoc-helper.sh +362 -0
package/.agent/scripts/postflight-check.sh +555 -0
package/.agent/scripts/pre-commit-hook.sh +259 -0
package/.agent/scripts/pre-edit-check.sh +169 -0
package/.agent/scripts/qlty-cli.sh +356 -0
package/.agent/scripts/quality-cli-manager.sh +525 -0
package/.agent/scripts/quality-feedback-helper.sh +462 -0
package/.agent/scripts/quality-fix.sh +263 -0
package/.agent/scripts/quality-loop-helper.sh +1108 -0
package/.agent/scripts/ralph-loop-helper.sh +836 -0
package/.agent/scripts/ralph-upstream-check.sh +341 -0
package/.agent/scripts/secretlint-helper.sh +847 -0
package/.agent/scripts/servers-helper.sh +241 -0
package/.agent/scripts/ses-helper.sh +619 -0
package/.agent/scripts/session-review-helper.sh +404 -0
package/.agent/scripts/setup-linters-wizard.sh +379 -0
package/.agent/scripts/setup-local-api-keys.sh +330 -0
package/.agent/scripts/setup-mcp-integrations.sh +472 -0
package/.agent/scripts/shared-constants.sh +246 -0
package/.agent/scripts/site-crawler-helper.sh +1487 -0
package/.agent/scripts/snyk-helper.sh +940 -0
package/.agent/scripts/sonarcloud-autofix.sh +193 -0
package/.agent/scripts/sonarcloud-cli.sh +191 -0
package/.agent/scripts/sonarscanner-cli.sh +455 -0
package/.agent/scripts/spaceship-helper.sh +747 -0
package/.agent/scripts/stagehand-helper.sh +321 -0
package/.agent/scripts/stagehand-python-helper.sh +321 -0
package/.agent/scripts/stagehand-python-setup.sh +441 -0
package/.agent/scripts/stagehand-setup.sh +439 -0
package/.agent/scripts/system-cleanup.sh +340 -0
package/.agent/scripts/terminal-title-helper.sh +388 -0
package/.agent/scripts/terminal-title-setup.sh +549 -0
package/.agent/scripts/test-stagehand-both-integration.sh +317 -0
package/.agent/scripts/test-stagehand-integration.sh +309 -0
package/.agent/scripts/test-stagehand-python-integration.sh +341 -0
package/.agent/scripts/todo-ready.sh +263 -0
package/.agent/scripts/tool-version-check.sh +362 -0
package/.agent/scripts/toon-helper.sh +469 -0
package/.agent/scripts/twilio-helper.sh +917 -0
package/.agent/scripts/updown-helper.sh +279 -0
package/.agent/scripts/validate-mcp-integrations.sh +250 -0
package/.agent/scripts/validate-version-consistency.sh +131 -0
package/.agent/scripts/vaultwarden-helper.sh +597 -0
package/.agent/scripts/vercel-cli-helper.sh +816 -0
package/.agent/scripts/verify-mirrors.sh +169 -0
package/.agent/scripts/version-manager.sh +831 -0
package/.agent/scripts/webhosting-helper.sh +471 -0
package/.agent/scripts/webhosting-verify.sh +238 -0
package/.agent/scripts/wordpress-mcp-helper.sh +508 -0
package/.agent/scripts/worktree-helper.sh +595 -0
package/.agent/scripts/worktree-sessions.sh +577 -0
package/.agent/seo/dataforseo.md +215 -0
package/.agent/seo/domain-research.md +532 -0
package/.agent/seo/eeat-score.md +659 -0
package/.agent/seo/google-search-console.md +366 -0
package/.agent/seo/gsc-sitemaps.md +282 -0
package/.agent/seo/keyword-research.md +521 -0
package/.agent/seo/serper.md +278 -0
package/.agent/seo/site-crawler.md +387 -0
package/.agent/seo.md +236 -0
package/.agent/services/accounting/quickfile.md +159 -0
package/.agent/services/communications/telfon.md +470 -0
package/.agent/services/communications/twilio.md +569 -0
package/.agent/services/crm/fluentcrm.md +449 -0
package/.agent/services/email/ses.md +399 -0
package/.agent/services/hosting/101domains.md +378 -0
package/.agent/services/hosting/closte.md +177 -0
package/.agent/services/hosting/cloudflare.md +251 -0
package/.agent/services/hosting/cloudron.md +478 -0
package/.agent/services/hosting/dns-providers.md +335 -0
package/.agent/services/hosting/domain-purchasing.md +344 -0
package/.agent/services/hosting/hetzner.md +327 -0
package/.agent/services/hosting/hostinger.md +287 -0
package/.agent/services/hosting/localhost.md +419 -0
package/.agent/services/hosting/spaceship.md +353 -0
package/.agent/services/hosting/webhosting.md +330 -0
package/.agent/social-media.md +69 -0
package/.agent/templates/plans-template.md +114 -0
package/.agent/templates/prd-template.md +129 -0
package/.agent/templates/tasks-template.md +108 -0
package/.agent/templates/todo-template.md +89 -0
package/.agent/tools/ai-assistants/agno.md +471 -0
package/.agent/tools/ai-assistants/capsolver.md +326 -0
package/.agent/tools/ai-assistants/configuration.md +221 -0
package/.agent/tools/ai-assistants/overview.md +209 -0
package/.agent/tools/ai-assistants/status.md +171 -0
package/.agent/tools/ai-assistants/windsurf.md +193 -0
package/.agent/tools/ai-orchestration/autogen.md +406 -0
package/.agent/tools/ai-orchestration/crewai.md +445 -0
package/.agent/tools/ai-orchestration/langflow.md +405 -0
package/.agent/tools/ai-orchestration/openprose.md +487 -0
package/.agent/tools/ai-orchestration/overview.md +362 -0
package/.agent/tools/ai-orchestration/packaging.md +647 -0
package/.agent/tools/browser/agent-browser.md +464 -0
package/.agent/tools/browser/browser-automation.md +400 -0
package/.agent/tools/browser/chrome-devtools.md +282 -0
package/.agent/tools/browser/crawl4ai-integration.md +422 -0
package/.agent/tools/browser/crawl4ai-resources.md +277 -0
package/.agent/tools/browser/crawl4ai-usage.md +416 -0
package/.agent/tools/browser/crawl4ai.md +585 -0
package/.agent/tools/browser/dev-browser.md +341 -0
package/.agent/tools/browser/pagespeed.md +260 -0
package/.agent/tools/browser/playwright.md +266 -0
package/.agent/tools/browser/playwriter.md +310 -0
package/.agent/tools/browser/stagehand-examples.md +456 -0
package/.agent/tools/browser/stagehand-python.md +483 -0
package/.agent/tools/browser/stagehand.md +421 -0
package/.agent/tools/build-agent/agent-review.md +224 -0
package/.agent/tools/build-agent/build-agent.md +784 -0
package/.agent/tools/build-mcp/aidevops-plugin.md +476 -0
package/.agent/tools/build-mcp/api-wrapper.md +445 -0
package/.agent/tools/build-mcp/build-mcp.md +240 -0
package/.agent/tools/build-mcp/deployment.md +401 -0
package/.agent/tools/build-mcp/server-patterns.md +632 -0
package/.agent/tools/build-mcp/transports.md +366 -0
package/.agent/tools/code-review/auditing.md +383 -0
package/.agent/tools/code-review/automation.md +219 -0
package/.agent/tools/code-review/best-practices.md +203 -0
package/.agent/tools/code-review/codacy.md +151 -0
package/.agent/tools/code-review/code-simplifier.md +174 -0
package/.agent/tools/code-review/code-standards.md +309 -0
package/.agent/tools/code-review/coderabbit.md +101 -0
package/.agent/tools/code-review/management.md +155 -0
package/.agent/tools/code-review/qlty.md +248 -0
package/.agent/tools/code-review/secretlint.md +565 -0
package/.agent/tools/code-review/setup.md +250 -0
package/.agent/tools/code-review/snyk.md +563 -0
package/.agent/tools/code-review/tools.md +230 -0
package/.agent/tools/content/summarize.md +353 -0
package/.agent/tools/context/augment-context-engine.md +468 -0
package/.agent/tools/context/context-builder-agent.md +76 -0
package/.agent/tools/context/context-builder.md +375 -0
package/.agent/tools/context/context7.md +371 -0
package/.agent/tools/context/dspy.md +302 -0
package/.agent/tools/context/dspyground.md +374 -0
package/.agent/tools/context/llm-tldr.md +219 -0
package/.agent/tools/context/osgrep.md +488 -0
package/.agent/tools/context/prompt-optimization.md +338 -0
package/.agent/tools/context/toon.md +292 -0
package/.agent/tools/conversion/pandoc.md +304 -0
package/.agent/tools/credentials/api-key-management.md +154 -0
package/.agent/tools/credentials/api-key-setup.md +224 -0
package/.agent/tools/credentials/environment-variables.md +180 -0
package/.agent/tools/credentials/vaultwarden.md +382 -0
package/.agent/tools/data-extraction/outscraper.md +974 -0
package/.agent/tools/deployment/coolify-cli.md +388 -0
package/.agent/tools/deployment/coolify-setup.md +353 -0
package/.agent/tools/deployment/coolify.md +345 -0
package/.agent/tools/deployment/vercel.md +390 -0
package/.agent/tools/git/authentication.md +132 -0
package/.agent/tools/git/gitea-cli.md +193 -0
package/.agent/tools/git/github-actions.md +207 -0
package/.agent/tools/git/github-cli.md +223 -0
package/.agent/tools/git/gitlab-cli.md +190 -0
package/.agent/tools/git/opencode-github-security.md +350 -0
package/.agent/tools/git/opencode-github.md +328 -0
package/.agent/tools/git/opencode-gitlab.md +252 -0
package/.agent/tools/git/security.md +196 -0
package/.agent/tools/git.md +207 -0
package/.agent/tools/opencode/oh-my-opencode.md +375 -0
package/.agent/tools/opencode/opencode-anthropic-auth.md +446 -0
package/.agent/tools/opencode/opencode.md +651 -0
package/.agent/tools/social-media/bird.md +437 -0
package/.agent/tools/task-management/beads.md +336 -0
package/.agent/tools/terminal/terminal-title.md +251 -0
package/.agent/tools/ui/shadcn.md +196 -0
package/.agent/tools/ui/ui-skills.md +115 -0
package/.agent/tools/wordpress/localwp.md +311 -0
package/.agent/tools/wordpress/mainwp.md +391 -0
package/.agent/tools/wordpress/scf.md +527 -0
package/.agent/tools/wordpress/wp-admin.md +729 -0
package/.agent/tools/wordpress/wp-dev.md +940 -0
package/.agent/tools/wordpress/wp-preferred.md +398 -0
package/.agent/tools/wordpress.md +95 -0
package/.agent/workflows/branch/bugfix.md +63 -0
package/.agent/workflows/branch/chore.md +95 -0
package/.agent/workflows/branch/experiment.md +115 -0
package/.agent/workflows/branch/feature.md +59 -0
package/.agent/workflows/branch/hotfix.md +98 -0
package/.agent/workflows/branch/refactor.md +92 -0
package/.agent/workflows/branch/release.md +96 -0
package/.agent/workflows/branch.md +347 -0
package/.agent/workflows/bug-fixing.md +267 -0
package/.agent/workflows/changelog.md +129 -0
package/.agent/workflows/code-audit-remote.md +279 -0
package/.agent/workflows/conversation-starter.md +69 -0
package/.agent/workflows/error-feedback.md +578 -0
package/.agent/workflows/feature-development.md +355 -0
package/.agent/workflows/git-workflow.md +702 -0
package/.agent/workflows/multi-repo-workspace.md +268 -0
package/.agent/workflows/plans.md +709 -0
package/.agent/workflows/postflight.md +604 -0
package/.agent/workflows/pr.md +571 -0
package/.agent/workflows/preflight.md +278 -0
package/.agent/workflows/ralph-loop.md +773 -0
package/.agent/workflows/release.md +498 -0
package/.agent/workflows/session-manager.md +254 -0
package/.agent/workflows/session-review.md +311 -0
package/.agent/workflows/sql-migrations.md +631 -0
package/.agent/workflows/version-bump.md +283 -0
package/.agent/workflows/wiki-update.md +333 -0
package/.agent/workflows/worktree.md +477 -0
package/LICENSE +21 -0
package/README.md +1446 -0
package/VERSION +1 -0
package/aidevops.sh +1746 -0
package/bin/aidevops +21 -0
package/package.json +75 -0
package/scripts/npm-postinstall.js +60 -0
package/setup.sh +2366 -0

package/.agent/aidevops/security.md ADDED Viewed

@@ -0,0 +1,350 @@
+---
+description: Security best practices for AI DevOps
+mode: subagent
+tools:
+  read: true
+  write: false
+  edit: false
+  bash: false
+  glob: true
+  grep: true
+  webfetch: false
+---
+# Security Best Practices
+<!-- AI-CONTEXT-START -->
+## Quick Reference
+**Credential Rules**:
+- NEVER commit API tokens to git
+- Store in `~/.config/aidevops/mcp-env.sh` (600 permissions)
+- Rotate tokens quarterly
+- Use least-privilege principle
+**SSH Security**:
+- Use Ed25519 keys: `ssh-keygen -t ed25519`
+- Permissions: 600 (private), 644 (public), 700 (~/.ssh/)
+- Protect with passphrases
+**File Permissions**:
+- Config files: 600
+- Scripts: 755
+- SSH keys: 600 (private), 644 (public)
+**Script Security**:
+- `scripts/` - Shared, committed (use placeholders for secrets)
+- `scripts-private/` - Local only, gitignored (real credentials OK)
+**Incident Response**: Disable creds → Block IPs → Isolate systems → Investigate → Rotate all creds → Patch
+**Security Checklist**: MFA on cloud accounts, regular token rotation, audit SSH keys, monitor logs
+<!-- AI-CONTEXT-END -->
+This document outlines security best practices for the AI Assistant Server Access Framework.
+## 🔐 **Credential Management**
+### API Tokens
+- **Never commit API tokens to version control**
+- Store tokens in separate configuration files
+- Add config files to `.gitignore`
+- Use environment variables for CI/CD
+- Rotate tokens regularly (quarterly recommended)
+- Use least-privilege principle for API permissions
+### SSH Keys
+- **Use Ed25519 keys** (modern, secure, fast)
+- Generate unique keys per environment if needed
+- Protect private keys with passphrases
+- Set proper file permissions (600 for private keys, 644 for public keys)
+- Regular key rotation and audit
+### Password Files
+- Store SSH passwords in separate files (never in scripts)
+- Set restrictive permissions (600)
+- Consider using SSH keys instead of passwords when possible
+## 🔑 **SSH Security**
+### Key Management Best Practices
+```bash
+# Generate secure Ed25519 key
+ssh-keygen -t ed25519 -C "your-email@domain.com"
+# Set proper permissions
+chmod 600 ~/.ssh/id_ed25519
+chmod 644 ~/.ssh/id_ed25519.pub
+# Add passphrase protection
+ssh-keygen -p -f ~/.ssh/id_ed25519
+```
+### SSH Configuration Security
+```bash
+# ~/.ssh/config security settings
+Host *
+    # Disable password authentication when keys are available
+    PasswordAuthentication no
+    # Use only secure key exchange algorithms
+    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512
+    # Use only secure ciphers
+    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
+    # Use only secure MAC algorithms
+    MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
+    # Disable X11 forwarding by default
+    ForwardX11 no
+    # Connection timeout
+    ConnectTimeout 10
+```
+### Server Hardening
+- Disable root login where possible
+- Use non-standard SSH ports
+- Implement fail2ban or similar
+- Regular security updates
+- Monitor SSH logs
+## 🛡️ **Access Control**
+### Principle of Least Privilege
+- Grant minimum necessary permissions
+- Use separate API tokens per project/environment
+- Implement role-based access control
+- Regular access reviews and cleanup
+### Network Security
+- Use VPNs or bastion hosts for sensitive environments
+- Implement IP whitelisting where possible
+- Use private networks for internal communication
+- Monitor network traffic
+### Multi-Factor Authentication
+- Enable MFA on all cloud provider accounts
+- Use hardware security keys when available
+- Implement time-based OTP for API access
+## 📊 **Monitoring and Auditing**
+### Access Logging
+```bash
+# Enable SSH logging
+# Add to /etc/ssh/sshd_config
+LogLevel VERBOSE
+# Monitor SSH access
+tail -f /var/log/auth.log | grep ssh
+```
+### API Usage Monitoring
+- Monitor API rate limits and usage
+- Set up alerts for unusual activity
+- Regular audit of API token usage
+- Log all API calls in production
+### Security Scanning
+```bash
+# Regular security scans
+nmap -sS -O target-server
+# SSH security audit
+ssh-audit target-server
+# SSL/TLS testing
+testssl.sh target-server
+```
+## 🚨 **Incident Response**
+### Compromise Detection
+- Monitor for unauthorized SSH connections
+- Watch for unusual API activity
+- Set up alerts for failed authentication attempts
+- Regular review of server logs
+### Response Procedures
+1. **Immediate Actions**
+   - Disable compromised credentials
+   - Block suspicious IP addresses
+   - Isolate affected systems
+2. **Investigation**
+   - Analyze logs for attack vectors
+   - Identify scope of compromise
+   - Document findings
+3. **Recovery**
+   - Rotate all potentially compromised credentials
+   - Update and patch systems
+   - Restore from clean backups if necessary
+4. **Prevention**
+   - Implement additional security measures
+   - Update security procedures
+   - Conduct security training
+## 🔒 **File Permissions**
+### Recommended Permissions
+```bash
+# Configuration files
+chmod 600 configs/.*.json
+# SSH keys
+chmod 600 ~/.ssh/id_*
+chmod 644 ~/.ssh/id_*.pub
+chmod 600 ~/.ssh/config
+chmod 700 ~/.ssh/
+# Password files
+chmod 600 ~/.ssh/*_password
+# Scripts
+chmod 755 *.sh
+chmod 755 .agent/scripts/*.sh
+chmod 755 ssh/*.sh
+```
+### Git Security
+```bash
+# .gitignore for security
+echo "configs/.*.json" >> .gitignore
+echo "*.password" >> .gitignore
+echo ".env" >> .gitignore
+echo "*.key" >> .gitignore
+echo "*.pem" >> .gitignore
+```
+## Script Security
+### Directory Structure
+```text
+.agent/
+├── scripts/              # Shared (committed to Git)
+│   └── [helper].sh       # Use placeholders: YOUR_API_KEY_HERE
+└── scripts-private/      # Private (gitignored, never committed)
+    └── [custom].sh       # Real credentials OK here
+```
+### Guidelines
+**Shared scripts (`scripts/`):**
+- Use placeholders: `readonly API_TOKEN="YOUR_API_TOKEN_HERE"`
+- Load from secure storage: `api_key=$(.agent/scripts/setup-local-api-keys.sh get service)`
+- Never hardcode actual credentials
+**Private scripts (`scripts-private/`):**
+- Safe for real API keys (gitignored)
+- Create from templates in `scripts/`
+- Never share outside secure channels
+### Verification
+```bash
+# Verify private scripts are gitignored
+git status --ignored | grep scripts-private
+# Should show: .agent/scripts-private/ (ignored)
+```
+## 🌐 **Network Security**
+### VPN and Bastion Hosts
+- Use VPN for accessing production systems
+- Implement bastion hosts for multi-hop access
+- Restrict direct internet access to servers
+### Firewall Rules
+```bash
+# Basic iptables rules
+iptables -A INPUT -p tcp --dport 22 -s trusted-ip -j ACCEPT
+iptables -A INPUT -p tcp --dport 22 -j DROP
+```
+### SSL/TLS
+- Use TLS 1.2 or higher for all API communications
+- Implement certificate pinning where possible
+- Regular certificate rotation
+## 📋 **Security Checklist**
+### Initial Setup
+- [ ] Generate secure SSH keys with passphrases
+- [ ] Set proper file permissions on all sensitive files
+- [ ] Configure secure SSH client settings
+- [ ] Add sensitive files to .gitignore
+- [ ] Enable MFA on all cloud accounts
+### Regular Maintenance
+- [ ] Rotate API tokens quarterly
+- [ ] Audit SSH keys and remove unused ones
+- [ ] Review and update access permissions
+- [ ] Monitor logs for suspicious activity
+- [ ] Update and patch all systems
+### Emergency Procedures
+- [ ] Document incident response procedures
+- [ ] Test backup and recovery processes
+- [ ] Maintain emergency contact information
+- [ ] Regular security drills and training
+## 🔍 **Security Tools**
+### Recommended Tools
+```bash
+# SSH security audit
+ssh-audit server-ip
+# Network scanning
+nmap -sS -sV target
+# SSL/TLS testing
+testssl.sh target
+# File integrity monitoring
+aide --init
+aide --check
+# Log analysis
+fail2ban-client status
+```
+### Automation
+- Implement automated security scanning
+- Set up log monitoring and alerting
+- Use configuration management for consistent security settings
+- Regular automated backups with encryption
+---
+**Remember: Security is an ongoing process, not a one-time setup. Regular reviews and updates are essential for maintaining a secure infrastructure.**