antigravity-ai-kit 2.1.0

package/.agent/skills/security-practices/SKILL.md

@@ -0,0 +1,140 @@
+---
+name: security-practices
+description: Application security best practices and vulnerability prevention
+triggers: [context, security, auth, vulnerability]
+---
+
+# Security Practices Skill
+
+> **Purpose**: Apply security best practices to protect applications
+
+---
+
+## Overview
+
+This skill provides security guidelines following OWASP standards and industry best practices.
+
+---
+
+## Authentication
+
+### Password Security
+
+```typescript
+// ✅ Use bcrypt with cost factor 12
+import bcrypt from "bcrypt";
+
+const SALT_ROUNDS = 12;
+
+async function hashPassword(password: string): Promise<string> {
+  return bcrypt.hash(password, SALT_ROUNDS);
+}
+
+async function verifyPassword(
+  password: string,
+  hash: string,
+): Promise<boolean> {
+  return bcrypt.compare(password, hash);
+}
+```
+
+### JWT Best Practices
+
+```typescript
+// Short-lived access tokens
+const accessToken = jwt.sign(payload, SECRET, { expiresIn: "15m" });
+
+// Longer-lived refresh tokens (stored securely)
+const refreshToken = jwt.sign({ userId }, REFRESH_SECRET, { expiresIn: "7d" });
+```
+
+---
+
+## Input Validation
+
+### Never Trust User Input
+
+```typescript
+// ❌ SQL Injection vulnerable
+const query = `SELECT * FROM users WHERE id = ${userId}`;
+
+// ✅ Parameterized query
+const user = await prisma.user.findUnique({ where: { id: userId } });
+```
+
+### Sanitize Output
+
+```typescript
+// ❌ XSS vulnerable
+element.innerHTML = userInput;
+
+// ✅ Escape HTML
+import DOMPurify from "dompurify";
+element.innerHTML = DOMPurify.sanitize(userInput);
+```
+
+---
+
+## OWASP Top 10 Checklist
+
+| Risk                     | Mitigation                           |
+| :----------------------- | :----------------------------------- |
+| **Injection**            | Parameterized queries, ORMs          |
+| **Broken Auth**          | Strong passwords, MFA, rate limiting |
+| **Sensitive Data**       | Encryption at rest/transit, HTTPS    |
+| **XXE**                  | Disable XML external entities        |
+| **Broken Access**        | Verify permissions on every request  |
+| **Misconfig**            | Security headers, remove defaults    |
+| **XSS**                  | Sanitize output, CSP headers         |
+| **Insecure Deserialize** | Validate input types                 |
+| **Components**           | Keep dependencies updated            |
+| **Logging**              | Log security events, monitor         |
+
+---
+
+## Security Headers
+
+```typescript
+// Express/NestJS helmet middleware
+app.use(helmet());
+
+// Or manually:
+res.setHeader("X-Content-Type-Options", "nosniff");
+res.setHeader("X-Frame-Options", "DENY");
+res.setHeader("X-XSS-Protection", "1; mode=block");
+res.setHeader(
+  "Strict-Transport-Security",
+  "max-age=31536000; includeSubDomains",
+);
+res.setHeader("Content-Security-Policy", "default-src 'self'");
+```
+
+---
+
+## Secrets Management
+
+```bash
+# ❌ Never commit secrets
+# .env file with API_KEY=sk-1234...
+
+# ✅ Use environment variables
+export API_KEY=$(vault read secret/api-key)
+
+# ✅ Use secret managers
+# AWS Secrets Manager, HashiCorp Vault, etc.
+```
+
+---
+
+## Quick Reference
+
+| Practice     | Implementation        |
+| :----------- | :-------------------- |
+| Passwords    | bcrypt, Argon2        |
+| Tokens       | Short-lived JWT       |
+| SQL          | Parameterized queries |
+| XSS          | Sanitize, CSP         |
+| HTTPS        | TLS 1.3, HSTS         |
+| Secrets      | Environment, vaults   |
+| Dependencies | npm audit, Snyk       |
+| Logging      | Audit trail, no PII   |

package/.agent/skills/strategic-compact/SKILL.md

@@ -0,0 +1,62 @@
+---
+name: strategic-compact
+description: Context window management with strategic compaction
+triggers: [context-warning, manual]
+---
+
+# Strategic Compact Skill
+
+> **Purpose**: Manage context window efficiently while preserving important information
+
+---
+
+## Overview
+
+As conversations grow, context window limits require strategic compaction. This skill ensures important context is preserved while freeing space for new work.
+
+---
+
+## Workflow
+
+### 1. Assess Context
+
+Evaluate current context usage:
+
+- How much context is used?
+- What is the oldest content?
+- What is most important?
+
+### 2. Prioritize
+
+Rank content by importance:
+
+| Priority | Content Type               |
+| :------- | :------------------------- |
+| CRITICAL | Active code being modified |
+| HIGH     | Current task context       |
+| MEDIUM   | Related code for reference |
+| LOW      | Completed discussions      |
+
+### 3. Compact
+
+Summarize or remove low-priority content:
+
+- Summarize completed tasks
+- Remove verbose output
+- Keep code snippets, remove explanations
+
+### 4. Persist
+
+Save important context externally:
+
+- Update `session-state.json`
+- Document decisions in `decisions/`
+- Create checkpoints
+
+---
+
+## Integration
+
+- Triggered at context warning threshold
+- Can be invoked with `/compact`
+- Preserves session continuity

package/.agent/skills/testing-patterns/SKILL.md

@@ -0,0 +1,141 @@
+---
+name: testing-patterns
+description: Testing strategies and patterns for quality assurance
+triggers: [context, test, tdd, jest, vitest]
+---
+
+# Testing Patterns Skill
+
+> **Purpose**: Apply professional testing strategies for quality assurance
+
+---
+
+## Overview
+
+This skill provides comprehensive testing patterns for unit, integration, and end-to-end testing.
+
+---
+
+## Testing Pyramid
+
+```
+        /\
+       /E2E\         ← Few, slow, expensive
+      /──────\
+     /Integra-\      ← Some, medium speed
+    / tion     \
+   /────────────\
+  /    Unit      \   ← Many, fast, cheap
+ /────────────────\
+```
+
+---
+
+## Unit Testing
+
+### AAA Pattern (Arrange-Act-Assert)
+
+```typescript
+describe("UserService", () => {
+  it("should create a user with valid data", async () => {
+    // Arrange
+    const userData = { email: "test@example.com", name: "Test" };
+    const mockRepository = {
+      create: jest.fn().mockResolvedValue({ id: "1", ...userData }),
+    };
+    const service = new UserService(mockRepository);
+
+    // Act
+    const result = await service.createUser(userData);
+
+    // Assert
+    expect(result.id).toBe("1");
+    expect(result.email).toBe("test@example.com");
+    expect(mockRepository.create).toHaveBeenCalledWith(userData);
+  });
+});
+```
+
+### Test Naming
+
+```typescript
+// Pattern: should_[expected]_when_[condition]
+it('should throw ValidationError when email is invalid', () => { ... });
+it('should return empty array when no users exist', () => { ... });
+it('should hash password when creating user', () => { ... });
+```
+
+---
+
+## Integration Testing
+
+```typescript
+describe("POST /api/users", () => {
+  beforeAll(async () => {
+    await setupTestDatabase();
+  });
+
+  afterAll(async () => {
+    await teardownTestDatabase();
+  });
+
+  it("should create user and return 201", async () => {
+    const response = await request(app)
+      .post("/api/users")
+      .send({ email: "test@example.com", password: "SecurePass123!" })
+      .expect(201);
+
+    expect(response.body.data.email).toBe("test@example.com");
+  });
+});
+```
+
+---
+
+## Mocking
+
+### Mock Functions
+
+```typescript
+const mockSendEmail = jest.fn().mockResolvedValue({ sent: true });
+```
+
+### Mock Modules
+
+```typescript
+jest.mock("./emailService", () => ({
+  sendEmail: jest.fn().mockResolvedValue({ sent: true }),
+}));
+```
+
+### Spy Functions
+
+```typescript
+const spy = jest.spyOn(userService, "validate");
+await userService.createUser(data);
+expect(spy).toHaveBeenCalled();
+```
+
+---
+
+## Coverage Targets
+
+| Metric     | Target |
+| :--------- | :----- |
+| Lines      | ≥80%   |
+| Branches   | ≥75%   |
+| Functions  | ≥80%   |
+| Statements | ≥80%   |
+
+---
+
+## Quick Reference
+
+| Pattern         | Usage                 |
+| :-------------- | :-------------------- |
+| AAA             | All unit tests        |
+| Given-When-Then | BDD style             |
+| Mocking         | Isolate dependencies  |
+| Fixtures        | Reusable test data    |
+| Factories       | Generate test objects |
+| Snapshot        | UI components         |

package/.agent/skills/typescript-expert/SKILL.md

@@ -0,0 +1,160 @@
+---
+name: typescript-expert
+description: Advanced TypeScript patterns and best practices
+triggers: [context, typescript, types, generics]
+---
+
+# TypeScript Expert Skill
+
+> **Purpose**: Apply advanced TypeScript patterns for type-safe code
+
+---
+
+## Overview
+
+This skill provides advanced TypeScript techniques for building robust, type-safe applications.
+
+---
+
+## Utility Types
+
+### Built-in Utilities
+
+```typescript
+// Partial - all properties optional
+type UpdateUser = Partial<User>;
+
+// Required - all properties required
+type CompleteUser = Required<User>;
+
+// Pick - select specific properties
+type UserCredentials = Pick<User, "email" | "password">;
+
+// Omit - exclude specific properties
+type PublicUser = Omit<User, "password" | "hashedToken">;
+
+// Record - key-value mapping
+type UserRoles = Record<string, Role>;
+```
+
+---
+
+## Generics
+
+### Basic Generic
+
+```typescript
+function identity<T>(value: T): T {
+  return value;
+}
+```
+
+### Constrained Generic
+
+```typescript
+function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] {
+  return obj[key];
+}
+```
+
+### Generic Class
+
+```typescript
+class Repository<T extends { id: string }> {
+  async findById(id: string): Promise<T | null> { ... }
+  async save(entity: T): Promise<T> { ... }
+}
+```
+
+---
+
+## Type Guards
+
+### typeof Guard
+
+```typescript
+function process(value: string | number) {
+  if (typeof value === "string") {
+    return value.toUpperCase();
+  }
+  return value * 2;
+}
+```
+
+### instanceof Guard
+
+```typescript
+function handleError(error: Error | string) {
+  if (error instanceof ValidationError) {
+    return { code: "VALIDATION", message: error.message };
+  }
+  return { code: "UNKNOWN", message: String(error) };
+}
+```
+
+### Custom Guard
+
+```typescript
+interface User {
+  type: "user";
+  name: string;
+}
+interface Admin {
+  type: "admin";
+  name: string;
+  permissions: string[];
+}
+
+function isAdmin(person: User | Admin): person is Admin {
+  return person.type === "admin";
+}
+```
+
+---
+
+## Discriminated Unions
+
+```typescript
+type Result<T> = { success: true; data: T } | { success: false; error: string };
+
+function handleResult<T>(result: Result<T>) {
+  if (result.success) {
+    console.log(result.data); // TypeScript knows data exists
+  } else {
+    console.error(result.error); // TypeScript knows error exists
+  }
+}
+```
+
+---
+
+## Mapped Types
+
+```typescript
+type Readonly<T> = {
+  readonly [P in keyof T]: T[P];
+};
+
+type Optional<T> = {
+  [P in keyof T]?: T[P];
+};
+
+type Nullable<T> = {
+  [P in keyof T]: T[P] | null;
+};
+```
+
+---
+
+## Quick Reference
+
+| Pattern          | Usage                 |
+| :--------------- | :-------------------- |
+| `Partial<T>`     | Optional updates      |
+| `Required<T>`    | Strict validation     |
+| `Pick<T, K>`     | Select properties     |
+| `Omit<T, K>`     | Exclude properties    |
+| `Record<K, V>`   | Key-value maps        |
+| `Extract<T, U>`  | Filter union types    |
+| `Exclude<T, U>`  | Exclude union types   |
+| `NonNullable<T>` | Remove null/undefined |

package/.agent/skills/verification-loop/SKILL.md

@@ -0,0 +1,89 @@
+---
+name: verification-loop
+description: Comprehensive verification running all quality gates
+triggers: [manual, pre-commit]
+---
+
+# Verification Loop Skill
+
+> **Purpose**: Continuous quality assurance through automated verification
+
+---
+
+## Overview
+
+The verification loop runs all quality gates to ensure code meets professional standards before committing or deploying.
+
+---
+
+## Workflow
+
+### 1. Build Check
+
+```bash
+npm run build
+```
+
+**Pass Criteria**: Exit code 0, no TypeScript errors
+
+### 2. Lint Check
+
+```bash
+npm run lint
+```
+
+**Pass Criteria**: No errors (warnings acceptable)
+
+### 3. Type Check
+
+```bash
+npx tsc --noEmit
+```
+
+**Pass Criteria**: Zero type errors
+
+### 4. Unit Tests
+
+```bash
+npm run test
+```
+
+**Pass Criteria**: All tests pass
+
+### 5. Coverage Check
+
+```bash
+npm run test:coverage
+```
+
+**Pass Criteria**: ≥80% coverage
+
+### 6. Security Scan
+
+```bash
+npm audit --audit-level=high
+```
+
+**Pass Criteria**: No high/critical vulnerabilities
+
+---
+
+## Configuration
+
+```json
+{
+  "verification": {
+    "coverageThreshold": 80,
+    "allowWarnings": true,
+    "securityLevel": "high"
+  }
+}
+```
+
+---
+
+## Integration
+
+- Invoked by `/verify` command
+- Can be used as pre-commit hook
+- Reports to Code Reviewer agent