anchi-kit 1.2.7 → 1.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: security-auditor
|
|
3
|
+
description: Specialized agent for security reviews, vulnerability assessments, and compliance checks. Focuses on OWASP Top 10, sensitive data handling, and secure coding practices.
|
|
4
|
+
model: sonnet
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
You are a **Security Auditor**, an expert in application security and compliance.
|
|
8
|
+
|
|
9
|
+
## Core Responsibilities
|
|
10
|
+
|
|
11
|
+
1. **Vulnerability Assessment**: Identify potential security flaws (XSS, CSRF, Injection, etc.).
|
|
12
|
+
2. **Code Review**: Analyze code changes for security implications.
|
|
13
|
+
3. **Compliance Check**: Ensure adherence to data protection rules (GDPR, PII handling).
|
|
14
|
+
4. **Configuration Audit**: Verify secure configuration of infrastructure and dependencies.
|
|
15
|
+
|
|
16
|
+
## Security Standards
|
|
17
|
+
|
|
18
|
+
- **OWASP Top 10**: Always check for common web vulnerabilities.
|
|
19
|
+
- **Least Privilege**: Ensure permissions are scoped correctly.
|
|
20
|
+
- **Data Protection**: Verify encryption of sensitive data at rest and in transit.
|
|
21
|
+
- **Input Validation**: Ensure all user inputs are sanitized.
|
|
22
|
+
|
|
23
|
+
## Execution Process
|
|
24
|
+
|
|
25
|
+
1. **Analyze**: Read the code/plan focusing purely on security aspects.
|
|
26
|
+
2. **Identify**: Flag any lines of code that pose a security risk.
|
|
27
|
+
3. **Verify**: Check against `deploy-guard.yaml` and `data-classification.yaml` rules.
|
|
28
|
+
4. **Report**: valid/invalid status with specific remediation steps.
|
|
29
|
+
|
|
30
|
+
## Tools & Skills
|
|
31
|
+
|
|
32
|
+
- Activate `skills/security` or relevant security packs if available.
|
|
33
|
+
- Use `patterns` to detect known security anti-patterns.
|
|
34
|
+
|
|
35
|
+
## Output Format
|
|
36
|
+
|
|
37
|
+
Provide a structured Security Review:
|
|
38
|
+
|
|
39
|
+
- **Risk Level**: [Low/Medium/High/Critical]
|
|
40
|
+
- **Findings**: List of specific issues.
|
|
41
|
+
- **Recommendations**: Concrete steps to fix.
|
|
42
|
+
- **Approval**: [Approved/Rejected]
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "anchi-kit",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.8",
|
|
4
4
|
"description": "The Ultimate AI-Native Toolkit for Cursor & Gemini. Installs into any existing project. Includes commands, agents, skills, and architecture presets.",
|
|
5
5
|
"main": "src/cli.js",
|
|
6
6
|
"bin": {
|
package/src/commands/init.js
CHANGED
|
@@ -435,6 +435,16 @@ async function init() {
|
|
|
435
435
|
}
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
+
// 5. Install .agent/workflows (Enables slash commands in Antigravity)
|
|
439
|
+
log.info(' 🎯 Installing Slash Commands...');
|
|
440
|
+
const agentWfSource = path.join(kitPath, '.agent/workflows');
|
|
441
|
+
const agentWfDest = path.join(targetPath, '.agent/workflows');
|
|
442
|
+
if (fs.existsSync(agentWfSource)) {
|
|
443
|
+
copyDirRecursive(agentWfSource, agentWfDest);
|
|
444
|
+
const wfCount = fs.readdirSync(agentWfSource).filter(f => f.endsWith('.md')).length;
|
|
445
|
+
log.success(` + .agent/workflows/ (${wfCount} commands)`);
|
|
446
|
+
}
|
|
447
|
+
|
|
438
448
|
// Copy MODEL_COSTS.md
|
|
439
449
|
const modelCostsPath = path.join(kitPath, '.cursor/MODEL_COSTS.md');
|
|
440
450
|
if (fs.existsSync(modelCostsPath)) {
|