arboris-cli 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/dist/cli.mjs +382 -0
  2. package/manifest.json +323 -0
  3. package/package.json +22 -10
  4. package/prisma/skills/accessibility/SKILL.md +147 -0
  5. package/prisma/skills/agent-architecture-audit/SKILL.md +257 -0
  6. package/prisma/skills/agent-eval/SKILL.md +146 -0
  7. package/prisma/skills/agent-harness-construction/SKILL.md +74 -0
  8. package/prisma/skills/agent-introspection-debugging/SKILL.md +154 -0
  9. package/prisma/skills/agent-payment-x402/SKILL.md +225 -0
  10. package/prisma/skills/agent-self-evaluation/SKILL.md +182 -0
  11. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +87 -0
  12. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +86 -0
  13. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +71 -0
  14. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +64 -0
  15. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +408 -0
  16. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +86 -0
  17. package/prisma/skills/agent-sort/SKILL.md +216 -0
  18. package/prisma/skills/agentic-engineering/SKILL.md +64 -0
  19. package/prisma/skills/agentic-os/SKILL.md +388 -0
  20. package/prisma/skills/ai-first-engineering/SKILL.md +52 -0
  21. package/prisma/skills/ai-regression-testing/SKILL.md +386 -0
  22. package/prisma/skills/android-clean-architecture/SKILL.md +340 -0
  23. package/prisma/skills/angular-developer/SKILL.md +155 -0
  24. package/prisma/skills/angular-developer/references/angular-animations.md +160 -0
  25. package/prisma/skills/angular-developer/references/angular-aria.md +410 -0
  26. package/prisma/skills/angular-developer/references/cli.md +86 -0
  27. package/prisma/skills/angular-developer/references/component-harnesses.md +59 -0
  28. package/prisma/skills/angular-developer/references/component-styling.md +91 -0
  29. package/prisma/skills/angular-developer/references/components.md +117 -0
  30. package/prisma/skills/angular-developer/references/creating-services.md +97 -0
  31. package/prisma/skills/angular-developer/references/data-resolvers.md +69 -0
  32. package/prisma/skills/angular-developer/references/define-routes.md +67 -0
  33. package/prisma/skills/angular-developer/references/defining-providers.md +72 -0
  34. package/prisma/skills/angular-developer/references/di-fundamentals.md +120 -0
  35. package/prisma/skills/angular-developer/references/e2e-testing.md +56 -0
  36. package/prisma/skills/angular-developer/references/effects.md +83 -0
  37. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +43 -0
  38. package/prisma/skills/angular-developer/references/host-elements.md +80 -0
  39. package/prisma/skills/angular-developer/references/injection-context.md +63 -0
  40. package/prisma/skills/angular-developer/references/inputs.md +101 -0
  41. package/prisma/skills/angular-developer/references/linked-signal.md +59 -0
  42. package/prisma/skills/angular-developer/references/loading-strategies.md +61 -0
  43. package/prisma/skills/angular-developer/references/mcp.md +108 -0
  44. package/prisma/skills/angular-developer/references/navigate-to-routes.md +69 -0
  45. package/prisma/skills/angular-developer/references/outputs.md +86 -0
  46. package/prisma/skills/angular-developer/references/reactive-forms.md +122 -0
  47. package/prisma/skills/angular-developer/references/rendering-strategies.md +44 -0
  48. package/prisma/skills/angular-developer/references/resource.md +77 -0
  49. package/prisma/skills/angular-developer/references/route-animations.md +56 -0
  50. package/prisma/skills/angular-developer/references/route-guards.md +52 -0
  51. package/prisma/skills/angular-developer/references/router-lifecycle.md +45 -0
  52. package/prisma/skills/angular-developer/references/router-testing.md +87 -0
  53. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
  54. package/prisma/skills/angular-developer/references/signal-forms.md +795 -0
  55. package/prisma/skills/angular-developer/references/signals-overview.md +94 -0
  56. package/prisma/skills/angular-developer/references/tailwind-css.md +69 -0
  57. package/prisma/skills/angular-developer/references/template-driven-forms.md +114 -0
  58. package/prisma/skills/angular-developer/references/testing-fundamentals.md +65 -0
  59. package/prisma/skills/api-connector-builder/SKILL.md +121 -0
  60. package/prisma/skills/api-design/SKILL.md +524 -0
  61. package/prisma/skills/architecture-decision-records/SKILL.md +180 -0
  62. package/prisma/skills/article-writing/SKILL.md +80 -0
  63. package/prisma/skills/automation-audit-ops/SKILL.md +143 -0
  64. package/prisma/skills/autonomous-agent-harness/SKILL.md +274 -0
  65. package/prisma/skills/autonomous-loops/SKILL.md +611 -0
  66. package/prisma/skills/backend-patterns/SKILL.md +562 -0
  67. package/prisma/skills/benchmark/SKILL.md +94 -0
  68. package/prisma/skills/benchmark-methodology/SKILL.md +190 -0
  69. package/prisma/skills/benchmark-optimization-loop/SKILL.md +70 -0
  70. package/prisma/skills/blender-motion-state-inspection/SKILL.md +165 -0
  71. package/prisma/skills/blueprint/SKILL.md +106 -0
  72. package/prisma/skills/brand-discovery/SKILL.md +145 -0
  73. package/prisma/skills/brand-discovery/references/10_purpose-why.md +40 -0
  74. package/prisma/skills/brand-discovery/references/20_positioning.md +44 -0
  75. package/prisma/skills/brand-discovery/references/30_audience-niche.md +52 -0
  76. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +57 -0
  77. package/prisma/skills/brand-discovery/references/50_voice-tone.md +59 -0
  78. package/prisma/skills/brand-discovery/references/60_narrative-story.md +50 -0
  79. package/prisma/skills/brand-discovery/references/70_founder-tension.md +49 -0
  80. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +133 -0
  81. package/prisma/skills/brand-voice/SKILL.md +98 -0
  82. package/prisma/skills/brand-voice/references/voice-profile-schema.md +55 -0
  83. package/prisma/skills/browser-qa/SKILL.md +105 -0
  84. package/prisma/skills/bun-runtime/SKILL.md +85 -0
  85. package/prisma/skills/canary-watch/SKILL.md +108 -0
  86. package/prisma/skills/carrier-relationship-management/SKILL.md +212 -0
  87. package/prisma/skills/cisco-ios-patterns/SKILL.md +164 -0
  88. package/prisma/skills/ck/SKILL.md +148 -0
  89. package/prisma/skills/ck/commands/forget.mjs +44 -0
  90. package/prisma/skills/ck/commands/info.mjs +24 -0
  91. package/prisma/skills/ck/commands/init.mjs +143 -0
  92. package/prisma/skills/ck/commands/list.mjs +40 -0
  93. package/prisma/skills/ck/commands/migrate.mjs +202 -0
  94. package/prisma/skills/ck/commands/resume.mjs +36 -0
  95. package/prisma/skills/ck/commands/save.mjs +210 -0
  96. package/prisma/skills/ck/commands/shared.mjs +387 -0
  97. package/prisma/skills/ck/hooks/session-start.mjs +224 -0
  98. package/prisma/skills/claude-devfleet/SKILL.md +112 -0
  99. package/prisma/skills/click-path-audit/SKILL.md +245 -0
  100. package/prisma/skills/clickhouse-io/SKILL.md +440 -0
  101. package/prisma/skills/code-tour/SKILL.md +254 -0
  102. package/prisma/skills/codebase-onboarding/SKILL.md +234 -0
  103. package/prisma/skills/codehealth-mcp/SKILL.md +167 -0
  104. package/prisma/skills/coding-standards/SKILL.md +551 -0
  105. package/prisma/skills/competitive-platform-analysis/SKILL.md +214 -0
  106. package/prisma/skills/competitive-report-structure/SKILL.md +162 -0
  107. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +300 -0
  108. package/prisma/skills/config-gc/SKILL.md +120 -0
  109. package/prisma/skills/configure-ecc/SKILL.md +385 -0
  110. package/prisma/skills/connections-optimizer/SKILL.md +190 -0
  111. package/prisma/skills/content-engine/SKILL.md +132 -0
  112. package/prisma/skills/content-hash-cache-pattern/SKILL.md +162 -0
  113. package/prisma/skills/context-budget/SKILL.md +136 -0
  114. package/prisma/skills/continuous-agent-loop/SKILL.md +46 -0
  115. package/prisma/skills/continuous-learning/SKILL.md +132 -0
  116. package/prisma/skills/continuous-learning/config.json +18 -0
  117. package/prisma/skills/continuous-learning/evaluate-session.sh +69 -0
  118. package/prisma/skills/continuous-learning-v2/SKILL.md +361 -0
  119. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +359 -0
  120. package/prisma/skills/continuous-learning-v2/agents/observer.md +189 -0
  121. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
  122. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +248 -0
  123. package/prisma/skills/continuous-learning-v2/config.json +8 -0
  124. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +585 -0
  125. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +322 -0
  126. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +1956 -0
  127. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
  128. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +68 -0
  129. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +1421 -0
  130. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +184 -0
  131. package/prisma/skills/cost-tracking/SKILL.md +97 -0
  132. package/prisma/skills/council/SKILL.md +204 -0
  133. package/prisma/skills/cpp-coding-standards/SKILL.md +724 -0
  134. package/prisma/skills/cpp-testing/SKILL.md +325 -0
  135. package/prisma/skills/crosspost/SKILL.md +112 -0
  136. package/prisma/skills/csharp-testing/SKILL.md +322 -0
  137. package/prisma/skills/customer-billing-ops/SKILL.md +141 -0
  138. package/prisma/skills/customs-trade-compliance/SKILL.md +263 -0
  139. package/prisma/skills/dart-flutter-patterns/SKILL.md +564 -0
  140. package/prisma/skills/dashboard-builder/SKILL.md +109 -0
  141. package/prisma/skills/data-scraper-agent/SKILL.md +765 -0
  142. package/prisma/skills/data-throughput-accelerator/SKILL.md +73 -0
  143. package/prisma/skills/database-migrations/SKILL.md +430 -0
  144. package/prisma/skills/deep-research/SKILL.md +160 -0
  145. package/prisma/skills/defi-amm-security/SKILL.md +167 -0
  146. package/prisma/skills/delivery-gate/SKILL.md +126 -0
  147. package/prisma/skills/delivery-gate/hooks/quality-gate.py +220 -0
  148. package/prisma/skills/deployment-patterns/SKILL.md +428 -0
  149. package/prisma/skills/design-system/SKILL.md +83 -0
  150. package/prisma/skills/django-celery/SKILL.md +458 -0
  151. package/prisma/skills/django-patterns/SKILL.md +735 -0
  152. package/prisma/skills/django-security/SKILL.md +644 -0
  153. package/prisma/skills/django-tdd/SKILL.md +730 -0
  154. package/prisma/skills/django-verification/SKILL.md +470 -0
  155. package/prisma/skills/dmux-workflows/SKILL.md +192 -0
  156. package/prisma/skills/docker-patterns/SKILL.md +365 -0
  157. package/prisma/skills/documentation-lookup/SKILL.md +91 -0
  158. package/prisma/skills/dotnet-patterns/SKILL.md +322 -0
  159. package/prisma/skills/dynamic-workflow-mode/SKILL.md +124 -0
  160. package/prisma/skills/e2e-testing/SKILL.md +327 -0
  161. package/prisma/skills/ecc-guide/SKILL.md +190 -0
  162. package/prisma/skills/ecc-recipes/SKILL.md +149 -0
  163. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +161 -0
  164. package/prisma/skills/email-ops/SKILL.md +122 -0
  165. package/prisma/skills/energy-procurement/SKILL.md +228 -0
  166. package/prisma/skills/enterprise-agent-ops/SKILL.md +51 -0
  167. package/prisma/skills/error-handling/SKILL.md +377 -0
  168. package/prisma/skills/eval-harness/SKILL.md +271 -0
  169. package/prisma/skills/evm-token-decimals/SKILL.md +131 -0
  170. package/prisma/skills/exa-search/SKILL.md +108 -0
  171. package/prisma/skills/fal-ai-media/SKILL.md +289 -0
  172. package/prisma/skills/fastapi-patterns/SKILL.md +514 -0
  173. package/prisma/skills/finance-billing-ops/SKILL.md +128 -0
  174. package/prisma/skills/flox-environments/SKILL.md +497 -0
  175. package/prisma/skills/flutter-dart-code-review/SKILL.md +436 -0
  176. package/prisma/skills/foundation-models-on-device/SKILL.md +243 -0
  177. package/prisma/skills/frontend-a11y/SKILL.md +446 -0
  178. package/prisma/skills/frontend-design-direction/SKILL.md +93 -0
  179. package/prisma/skills/frontend-patterns/SKILL.md +657 -0
  180. package/prisma/skills/frontend-slides/SKILL.md +185 -0
  181. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  182. package/prisma/skills/frontend-slides/animation-patterns.md +122 -0
  183. package/prisma/skills/frontend-slides/html-template.md +419 -0
  184. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +418 -0
  185. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +96 -0
  186. package/prisma/skills/frontend-slides/viewport-base.css +153 -0
  187. package/prisma/skills/fsharp-testing/SKILL.md +281 -0
  188. package/prisma/skills/gan-style-harness/SKILL.md +279 -0
  189. package/prisma/skills/gateguard/SKILL.md +133 -0
  190. package/prisma/skills/generating-python-installer/SKILL.md +820 -0
  191. package/prisma/skills/git-workflow/SKILL.md +716 -0
  192. package/prisma/skills/github-ops/SKILL.md +145 -0
  193. package/prisma/skills/golang-patterns/SKILL.md +675 -0
  194. package/prisma/skills/golang-testing/SKILL.md +721 -0
  195. package/prisma/skills/google-workspace-ops/SKILL.md +96 -0
  196. package/prisma/skills/growth-log/SKILL.md +128 -0
  197. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +246 -0
  198. package/prisma/skills/healthcare-emr-patterns/SKILL.md +160 -0
  199. package/prisma/skills/healthcare-eval-harness/SKILL.md +208 -0
  200. package/prisma/skills/healthcare-phi-compliance/SKILL.md +146 -0
  201. package/prisma/skills/hermes-imports/SKILL.md +89 -0
  202. package/prisma/skills/hexagonal-architecture/SKILL.md +277 -0
  203. package/prisma/skills/hipaa-compliance/SKILL.md +79 -0
  204. package/prisma/skills/homelab-network-readiness/SKILL.md +170 -0
  205. package/prisma/skills/homelab-network-setup/SKILL.md +130 -0
  206. package/prisma/skills/homelab-pihole-dns/SKILL.md +275 -0
  207. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +312 -0
  208. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +306 -0
  209. package/prisma/skills/hookify-rules/SKILL.md +128 -0
  210. package/prisma/skills/inherit-legacy-style/SKILL.md +157 -0
  211. package/prisma/skills/intent-driven-development/SKILL.md +360 -0
  212. package/prisma/skills/inventory-demand-planning/SKILL.md +247 -0
  213. package/prisma/skills/investor-materials/SKILL.md +97 -0
  214. package/prisma/skills/investor-outreach/SKILL.md +92 -0
  215. package/prisma/skills/ios-icon-gen/SKILL.md +158 -0
  216. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
  217. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  218. package/prisma/skills/iterative-retrieval/SKILL.md +212 -0
  219. package/prisma/skills/ito-basket-compare/SKILL.md +64 -0
  220. package/prisma/skills/ito-data-atlas-agent/SKILL.md +64 -0
  221. package/prisma/skills/ito-market-intelligence/SKILL.md +61 -0
  222. package/prisma/skills/ito-trade-planner/SKILL.md +68 -0
  223. package/prisma/skills/java-coding-standards/SKILL.md +384 -0
  224. package/prisma/skills/jira-integration/SKILL.md +303 -0
  225. package/prisma/skills/jpa-patterns/SKILL.md +152 -0
  226. package/prisma/skills/knowledge-ops/SKILL.md +155 -0
  227. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +285 -0
  228. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +720 -0
  229. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +690 -0
  230. package/prisma/skills/kotlin-patterns/SKILL.md +712 -0
  231. package/prisma/skills/kotlin-testing/SKILL.md +825 -0
  232. package/prisma/skills/kubernetes-patterns/SKILL.md +756 -0
  233. package/prisma/skills/laravel-patterns/SKILL.md +416 -0
  234. package/prisma/skills/laravel-plugin-discovery/SKILL.md +230 -0
  235. package/prisma/skills/laravel-security/SKILL.md +948 -0
  236. package/prisma/skills/laravel-tdd/SKILL.md +675 -0
  237. package/prisma/skills/laravel-verification/SKILL.md +180 -0
  238. package/prisma/skills/latency-critical-systems/SKILL.md +74 -0
  239. package/prisma/skills/lead-intelligence/SKILL.md +322 -0
  240. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
  241. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
  242. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
  243. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +60 -0
  244. package/prisma/skills/liquid-glass-design/SKILL.md +279 -0
  245. package/prisma/skills/llm-trading-agent-security/SKILL.md +147 -0
  246. package/prisma/skills/logistics-exception-management/SKILL.md +222 -0
  247. package/prisma/skills/loop-design-check/SKILL.md +143 -0
  248. package/prisma/skills/mailtrap-email-integration/SKILL.md +77 -0
  249. package/prisma/skills/make-interfaces-feel-better/SKILL.md +152 -0
  250. package/prisma/skills/manim-video/SKILL.md +90 -0
  251. package/prisma/skills/manim-video/assets/network_graph_scene.py +52 -0
  252. package/prisma/skills/market-research/SKILL.md +76 -0
  253. package/prisma/skills/marketing-campaign/SKILL.md +114 -0
  254. package/prisma/skills/mcp-server-patterns/SKILL.md +70 -0
  255. package/prisma/skills/messages-ops/SKILL.md +105 -0
  256. package/prisma/skills/ml-adoption-playbook/SKILL.md +57 -0
  257. package/prisma/skills/mle-workflow/SKILL.md +347 -0
  258. package/prisma/skills/motion-advanced/SKILL.md +596 -0
  259. package/prisma/skills/motion-foundations/SKILL.md +299 -0
  260. package/prisma/skills/motion-patterns/SKILL.md +434 -0
  261. package/prisma/skills/motion-ui/SKILL.md +576 -0
  262. package/prisma/skills/mysql-patterns/SKILL.md +413 -0
  263. package/prisma/skills/nanoclaw-repl/SKILL.md +34 -0
  264. package/prisma/skills/nestjs-patterns/SKILL.md +231 -0
  265. package/prisma/skills/netmiko-ssh-automation/SKILL.md +174 -0
  266. package/prisma/skills/network-bgp-diagnostics/SKILL.md +168 -0
  267. package/prisma/skills/network-config-validation/SKILL.md +211 -0
  268. package/prisma/skills/network-interface-health/SKILL.md +153 -0
  269. package/prisma/skills/nextjs-turbopack/SKILL.md +58 -0
  270. package/prisma/skills/nodejs-keccak256/SKILL.md +103 -0
  271. package/prisma/skills/nutrient-document-processing/SKILL.md +168 -0
  272. package/prisma/skills/nuxt4-patterns/SKILL.md +101 -0
  273. package/prisma/skills/openclaw-persona-forge/SKILL.md +289 -0
  274. package/prisma/skills/openclaw-persona-forge/gacha.py +224 -0
  275. package/prisma/skills/openclaw-persona-forge/gacha.sh +5 -0
  276. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
  277. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
  278. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +53 -0
  279. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
  280. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +39 -0
  281. package/prisma/skills/openclaw-persona-forge/references/output-template.md +166 -0
  282. package/prisma/skills/opensource-pipeline/SKILL.md +256 -0
  283. package/prisma/skills/orch-add-feature/SKILL.md +45 -0
  284. package/prisma/skills/orch-build-mvp/SKILL.md +49 -0
  285. package/prisma/skills/orch-change-feature/SKILL.md +43 -0
  286. package/prisma/skills/orch-fix-defect/SKILL.md +43 -0
  287. package/prisma/skills/orch-pipeline/SKILL.md +121 -0
  288. package/prisma/skills/orch-refine-code/SKILL.md +44 -0
  289. package/prisma/skills/parallel-execution-optimizer/SKILL.md +73 -0
  290. package/prisma/skills/perl-patterns/SKILL.md +505 -0
  291. package/prisma/skills/perl-security/SKILL.md +504 -0
  292. package/prisma/skills/perl-testing/SKILL.md +476 -0
  293. package/prisma/skills/plan-orchestrate/SKILL.md +263 -0
  294. package/prisma/skills/plankton-code-quality/SKILL.md +237 -0
  295. package/prisma/skills/postgres-patterns/SKILL.md +148 -0
  296. package/prisma/skills/prediction-market-oracle-research/SKILL.md +64 -0
  297. package/prisma/skills/prediction-market-risk-review/SKILL.md +61 -0
  298. package/prisma/skills/prisma-patterns/SKILL.md +401 -0
  299. package/prisma/skills/product-capability/SKILL.md +142 -0
  300. package/prisma/skills/product-lens/SKILL.md +93 -0
  301. package/prisma/skills/production-audit/SKILL.md +207 -0
  302. package/prisma/skills/production-scheduling/SKILL.md +238 -0
  303. package/prisma/skills/project-flow-ops/SKILL.md +112 -0
  304. package/prisma/skills/prompt-optimizer/SKILL.md +398 -0
  305. package/prisma/skills/python-patterns/SKILL.md +751 -0
  306. package/prisma/skills/python-testing/SKILL.md +817 -0
  307. package/prisma/skills/pytorch-patterns/SKILL.md +397 -0
  308. package/prisma/skills/quality-nonconformance/SKILL.md +260 -0
  309. package/prisma/skills/quarkus-patterns/SKILL.md +723 -0
  310. package/prisma/skills/quarkus-security/SKILL.md +468 -0
  311. package/prisma/skills/quarkus-tdd/SKILL.md +812 -0
  312. package/prisma/skills/quarkus-verification/SKILL.md +480 -0
  313. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +68 -0
  314. package/prisma/skills/react-native-patterns/SKILL.md +326 -0
  315. package/prisma/skills/react-patterns/SKILL.md +342 -0
  316. package/prisma/skills/react-performance/SKILL.md +575 -0
  317. package/prisma/skills/react-testing/SKILL.md +424 -0
  318. package/prisma/skills/recsys-pipeline-architect/SKILL.md +115 -0
  319. package/prisma/skills/recursive-decision-ledger/SKILL.md +80 -0
  320. package/prisma/skills/redis-patterns/SKILL.md +404 -0
  321. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +221 -0
  322. package/prisma/skills/remotion-video-creation/SKILL.md +43 -0
  323. package/prisma/skills/remotion-video-creation/rules/3d.md +86 -0
  324. package/prisma/skills/remotion-video-creation/rules/animations.md +29 -0
  325. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
  326. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
  328. package/prisma/skills/remotion-video-creation/rules/assets.md +78 -0
  329. package/prisma/skills/remotion-video-creation/rules/audio.md +172 -0
  330. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
  331. package/prisma/skills/remotion-video-creation/rules/can-decode.md +75 -0
  332. package/prisma/skills/remotion-video-creation/rules/charts.md +58 -0
  333. package/prisma/skills/remotion-video-creation/rules/compositions.md +146 -0
  334. package/prisma/skills/remotion-video-creation/rules/display-captions.md +126 -0
  335. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +229 -0
  336. package/prisma/skills/remotion-video-creation/rules/fonts.md +152 -0
  337. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
  338. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
  339. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
  340. package/prisma/skills/remotion-video-creation/rules/gifs.md +138 -0
  341. package/prisma/skills/remotion-video-creation/rules/images.md +130 -0
  342. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
  343. package/prisma/skills/remotion-video-creation/rules/lottie.md +67 -0
  344. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
  345. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +143 -0
  346. package/prisma/skills/remotion-video-creation/rules/sequencing.md +106 -0
  347. package/prisma/skills/remotion-video-creation/rules/tailwind.md +11 -0
  348. package/prisma/skills/remotion-video-creation/rules/text-animations.md +20 -0
  349. package/prisma/skills/remotion-video-creation/rules/timing.md +179 -0
  350. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
  351. package/prisma/skills/remotion-video-creation/rules/transitions.md +122 -0
  352. package/prisma/skills/remotion-video-creation/rules/trimming.md +52 -0
  353. package/prisma/skills/remotion-video-creation/rules/videos.md +171 -0
  354. package/prisma/skills/repo-scan/SKILL.md +79 -0
  355. package/prisma/skills/research-ops/SKILL.md +113 -0
  356. package/prisma/skills/returns-reverse-logistics/SKILL.md +240 -0
  357. package/prisma/skills/rules-distill/SKILL.md +265 -0
  358. package/prisma/skills/rules-distill/scripts/scan-rules.sh +58 -0
  359. package/prisma/skills/rules-distill/scripts/scan-skills.sh +129 -0
  360. package/prisma/skills/rust-patterns/SKILL.md +500 -0
  361. package/prisma/skills/rust-testing/SKILL.md +501 -0
  362. package/prisma/skills/safety-guard/SKILL.md +76 -0
  363. package/prisma/skills/santa-method/SKILL.md +307 -0
  364. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +176 -0
  365. package/prisma/skills/scientific-db-uspto-database/SKILL.md +178 -0
  366. package/prisma/skills/scientific-pkg-gget/SKILL.md +167 -0
  367. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +193 -0
  368. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +161 -0
  369. package/prisma/skills/search-first/SKILL.md +183 -0
  370. package/prisma/skills/security-bounty-hunter/SKILL.md +100 -0
  371. package/prisma/skills/security-review/SKILL.md +504 -0
  372. package/prisma/skills/security-review/cloud-infrastructure-security.md +361 -0
  373. package/prisma/skills/security-scan/SKILL.md +166 -0
  374. package/prisma/skills/seo/SKILL.md +155 -0
  375. package/prisma/skills/skill-comply/SKILL.md +59 -0
  376. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +5 -0
  377. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
  378. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +44 -0
  379. package/prisma/skills/skill-comply/prompts/classifier.md +24 -0
  380. package/prisma/skills/skill-comply/prompts/scenario_generator.md +62 -0
  381. package/prisma/skills/skill-comply/prompts/spec_generator.md +42 -0
  382. package/prisma/skills/skill-comply/pyproject.toml +15 -0
  383. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  384. package/prisma/skills/skill-comply/scripts/classifier.py +85 -0
  385. package/prisma/skills/skill-comply/scripts/grader.py +124 -0
  386. package/prisma/skills/skill-comply/scripts/parser.py +107 -0
  387. package/prisma/skills/skill-comply/scripts/report.py +170 -0
  388. package/prisma/skills/skill-comply/scripts/run.py +127 -0
  389. package/prisma/skills/skill-comply/scripts/runner.py +194 -0
  390. package/prisma/skills/skill-comply/scripts/scenario_generator.py +70 -0
  391. package/prisma/skills/skill-comply/scripts/spec_generator.py +72 -0
  392. package/prisma/skills/skill-comply/scripts/utils.py +13 -0
  393. package/prisma/skills/skill-comply/tests/test_grader.py +197 -0
  394. package/prisma/skills/skill-comply/tests/test_parser.py +90 -0
  395. package/prisma/skills/skill-comply/tests/test_runner.py +172 -0
  396. package/prisma/skills/skill-scout/SKILL.md +141 -0
  397. package/prisma/skills/skill-stocktake/SKILL.md +195 -0
  398. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
  399. package/prisma/skills/skill-stocktake/scripts/save-results.sh +56 -0
  400. package/prisma/skills/skill-stocktake/scripts/scan.sh +170 -0
  401. package/prisma/skills/social-graph-ranker/SKILL.md +155 -0
  402. package/prisma/skills/social-publisher/SKILL.md +130 -0
  403. package/prisma/skills/springboot-patterns/SKILL.md +315 -0
  404. package/prisma/skills/springboot-security/SKILL.md +273 -0
  405. package/prisma/skills/springboot-tdd/SKILL.md +159 -0
  406. package/prisma/skills/springboot-verification/SKILL.md +232 -0
  407. package/prisma/skills/strategic-compact/SKILL.md +136 -0
  408. package/prisma/skills/swift-actor-persistence/SKILL.md +144 -0
  409. package/prisma/skills/swift-concurrency-6-2/SKILL.md +216 -0
  410. package/prisma/skills/swift-protocol-di-testing/SKILL.md +191 -0
  411. package/prisma/skills/swiftui-patterns/SKILL.md +259 -0
  412. package/prisma/skills/taste/SKILL.md +264 -0
  413. package/prisma/skills/taste/references/genre-taxonomy.md +87 -0
  414. package/prisma/skills/tdd-workflow/SKILL.md +583 -0
  415. package/prisma/skills/team-agent-orchestration/SKILL.md +111 -0
  416. package/prisma/skills/team-builder/SKILL.md +169 -0
  417. package/prisma/skills/terminal-ops/SKILL.md +110 -0
  418. package/prisma/skills/tinystruct-patterns/SKILL.md +279 -0
  419. package/prisma/skills/tinystruct-patterns/references/architecture.md +90 -0
  420. package/prisma/skills/tinystruct-patterns/references/data-handling.md +60 -0
  421. package/prisma/skills/tinystruct-patterns/references/database.md +99 -0
  422. package/prisma/skills/tinystruct-patterns/references/routing.md +64 -0
  423. package/prisma/skills/tinystruct-patterns/references/system-usage.md +97 -0
  424. package/prisma/skills/tinystruct-patterns/references/testing.md +72 -0
  425. package/prisma/skills/token-budget-advisor/SKILL.md +134 -0
  426. package/prisma/skills/ui-demo/SKILL.md +466 -0
  427. package/prisma/skills/ui-to-vue/SKILL.md +135 -0
  428. package/prisma/skills/uncloud/SKILL.md +344 -0
  429. package/prisma/skills/unified-notifications-ops/SKILL.md +188 -0
  430. package/prisma/skills/verification-loop/SKILL.md +127 -0
  431. package/prisma/skills/video-editing/SKILL.md +311 -0
  432. package/prisma/skills/videodb/SKILL.md +375 -0
  433. package/prisma/skills/videodb/reference/api-reference.md +550 -0
  434. package/prisma/skills/videodb/reference/capture-reference.md +407 -0
  435. package/prisma/skills/videodb/reference/capture.md +101 -0
  436. package/prisma/skills/videodb/reference/editor.md +443 -0
  437. package/prisma/skills/videodb/reference/generative.md +331 -0
  438. package/prisma/skills/videodb/reference/rtstream-reference.md +564 -0
  439. package/prisma/skills/videodb/reference/rtstream.md +65 -0
  440. package/prisma/skills/videodb/reference/search.md +230 -0
  441. package/prisma/skills/videodb/reference/streaming.md +406 -0
  442. package/prisma/skills/videodb/reference/use-cases.md +118 -0
  443. package/prisma/skills/videodb/scripts/ws_listener.py +282 -0
  444. package/prisma/skills/visa-doc-translate/README.md +86 -0
  445. package/prisma/skills/visa-doc-translate/SKILL.md +117 -0
  446. package/prisma/skills/vite-patterns/SKILL.md +450 -0
  447. package/prisma/skills/vue-patterns/SKILL.md +471 -0
  448. package/prisma/skills/windows-desktop-e2e/SKILL.md +888 -0
  449. package/prisma/skills/workspace-surface-audit/SKILL.md +126 -0
  450. package/prisma/skills/x-api/SKILL.md +235 -0
  451. package/run.mjs +0 -10
@@ -0,0 +1,130 @@
1
+ ---
2
+ name: social-publisher
3
+ description: Agent-driven scheduling and publishing of social media posts across 13 platforms via SocialClaw. Use when the user wants to publish to X, LinkedIn, Instagram, Facebook Pages, TikTok, Discord, Telegram, YouTube, Reddit, WordPress, or Pinterest — or when managing campaigns, uploading media, or monitoring post delivery status.
4
+ metadata:
5
+ origin: community
6
+ ---
7
+
8
+ # Social Publisher (SocialClaw)
9
+
10
+ Connects Claude Code to [SocialClaw](https://getsocialclaw.com) for agent-driven social media publishing across 13 platforms through a single workspace API key.
11
+
12
+ ## When to Activate
13
+
14
+ - publish content to X, LinkedIn, Instagram, TikTok, or other platforms
15
+ - schedule a post campaign across multiple platforms at once
16
+ - upload media for use in social posts
17
+ - validate a post schedule before going live
18
+ - monitor publishing run status and delivery analytics
19
+
20
+ ## Setup
21
+
22
+ ```bash
23
+ # Required: workspace API key from https://getsocialclaw.com/dashboard
24
+ export SC_API_KEY="<workspace-key>"
25
+
26
+ # Verify access
27
+ printf 'header = "Authorization: Bearer %s"\n' "$SC_API_KEY" |
28
+ curl -sS -K - https://getsocialclaw.com/v1/keys/validate
29
+
30
+ # Install CLI (optional but recommended)
31
+ npm install -g socialclaw@0.1.12
32
+ socialclaw login --api-key <workspace-key>
33
+ ```
34
+
35
+ ## Core Workflow
36
+
37
+ ### 1. List connected accounts
38
+ ```bash
39
+ socialclaw accounts list --json
40
+ ```
41
+
42
+ If not connected:
43
+ ```bash
44
+ socialclaw accounts connect --provider x --open
45
+ socialclaw accounts connect --provider linkedin --open
46
+ ```
47
+
48
+ ### 2. Upload media (optional)
49
+ ```bash
50
+ socialclaw assets upload --file ./image.png --json
51
+ # → { "asset_id": "..." }
52
+ ```
53
+
54
+ ### 3. Build schedule.json
55
+ ```json
56
+ {
57
+ "posts": [
58
+ {
59
+ "provider": "x",
60
+ "account_id": "<account-id>",
61
+ "text": "Post text here",
62
+ "scheduled_at": "2026-06-01T10:00:00Z"
63
+ }
64
+ ]
65
+ }
66
+ ```
67
+
68
+ ### Optional X/Twitter evidence packet
69
+
70
+ Before building an X schedule, collect a source packet when the campaign depends on live audience signals rather than the draft alone.
71
+
72
+ For OpenClaw users who have already approved TweetClaw in their dependency policy, use the pinned package as a separate evidence source:
73
+
74
+ ```bash
75
+ openclaw plugins install npm:@xquik/tweetclaw@1.6.31
76
+ ```
77
+
78
+ Use it for public tweet search, reply search, follower export, user lookup, media review, monitors, or giveaway evidence. Keep the output as research input for `schedule.json`; SocialClaw remains responsible for validation, scheduling, publishing, and delivery status. Store TweetClaw credentials in its plugin config, not in `SC_API_KEY`, schedule files, or campaign assets. Do not install it as a default ECC or SocialClaw dependency.
79
+
80
+ ### 4. Validate before publishing
81
+ ```bash
82
+ socialclaw validate -f schedule.json --json
83
+ ```
84
+
85
+ ### 5. Publish
86
+ ```bash
87
+ socialclaw apply -f schedule.json --json
88
+ # → { "run_id": "..." }
89
+ ```
90
+
91
+ ### 6. Monitor
92
+ ```bash
93
+ socialclaw status --run-id <run-id> --json
94
+ socialclaw posts list --json
95
+ ```
96
+
97
+ ## Supported Providers
98
+
99
+ | Provider | Key |
100
+ |----------|-----|
101
+ | X (Twitter) | `x` |
102
+ | LinkedIn profile | `linkedin` |
103
+ | LinkedIn page | `linkedin_page` |
104
+ | Instagram Business | `instagram_business` |
105
+ | Instagram standalone | `instagram` |
106
+ | Facebook Page | `facebook` |
107
+ | TikTok | `tiktok` |
108
+ | YouTube | `youtube` |
109
+ | Reddit | `reddit` |
110
+ | WordPress | `wordpress` |
111
+ | Discord | `discord` |
112
+ | Telegram | `telegram` |
113
+ | Pinterest | `pinterest` |
114
+
115
+ ## Security
116
+
117
+ - Outbound requests go to `getsocialclaw.com` only
118
+ - Provider OAuth is in the SocialClaw dashboard — no per-provider secrets exposed to the agent
119
+ - `SC_API_KEY` is a workspace-scoped key
120
+
121
+ ## Related Skills
122
+
123
+ - `x-api` — direct X/Twitter API operations
124
+ - `social-graph-ranker` — network analysis for outreach targeting
125
+ - `TweetClaw` - optional approved OpenClaw X/Twitter source evidence before SocialClaw scheduling
126
+
127
+ ## Source
128
+
129
+ - npm: `npm install -g socialclaw@0.1.12`
130
+ - Dashboard: [SocialClaw dashboard](https://getsocialclaw.com/dashboard)
@@ -0,0 +1,315 @@
1
+ ---
2
+ name: springboot-patterns
3
+ description: Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
4
+ metadata:
5
+ origin: ECC
6
+ ---
7
+
8
+ # Spring Boot Development Patterns
9
+
10
+ Spring Boot architecture and API patterns for scalable, production-grade services.
11
+
12
+ ## When to Activate
13
+
14
+ - Building REST APIs with Spring MVC or WebFlux
15
+ - Structuring controller → service → repository layers
16
+ - Configuring Spring Data JPA, caching, or async processing
17
+ - Adding validation, exception handling, or pagination
18
+ - Setting up profiles for dev/staging/production environments
19
+ - Implementing event-driven patterns with Spring Events or Kafka
20
+
21
+ ## REST API Structure
22
+
23
+ ```java
24
+ @RestController
25
+ @RequestMapping("/api/markets")
26
+ @Validated
27
+ class MarketController {
28
+ private final MarketService marketService;
29
+
30
+ MarketController(MarketService marketService) {
31
+ this.marketService = marketService;
32
+ }
33
+
34
+ @GetMapping
35
+ ResponseEntity<Page<MarketResponse>> list(
36
+ @RequestParam(defaultValue = "0") int page,
37
+ @RequestParam(defaultValue = "20") int size) {
38
+ Page<Market> markets = marketService.list(PageRequest.of(page, size));
39
+ return ResponseEntity.ok(markets.map(MarketResponse::from));
40
+ }
41
+
42
+ @PostMapping
43
+ ResponseEntity<MarketResponse> create(@Valid @RequestBody CreateMarketRequest request) {
44
+ Market market = marketService.create(request);
45
+ return ResponseEntity.status(HttpStatus.CREATED).body(MarketResponse.from(market));
46
+ }
47
+ }
48
+ ```
49
+
50
+ ## Repository Pattern (Spring Data JPA)
51
+
52
+ ```java
53
+ public interface MarketRepository extends JpaRepository<MarketEntity, Long> {
54
+ @Query("select m from MarketEntity m where m.status = :status order by m.volume desc")
55
+ List<MarketEntity> findActive(@Param("status") MarketStatus status, Pageable pageable);
56
+ }
57
+ ```
58
+
59
+ ## Service Layer with Transactions
60
+
61
+ ```java
62
+ @Service
63
+ public class MarketService {
64
+ private final MarketRepository repo;
65
+
66
+ public MarketService(MarketRepository repo) {
67
+ this.repo = repo;
68
+ }
69
+
70
+ @Transactional
71
+ public Market create(CreateMarketRequest request) {
72
+ MarketEntity entity = MarketEntity.from(request);
73
+ MarketEntity saved = repo.save(entity);
74
+ return Market.from(saved);
75
+ }
76
+ }
77
+ ```
78
+
79
+ ## DTOs and Validation
80
+
81
+ ```java
82
+ public record CreateMarketRequest(
83
+ @NotBlank @Size(max = 200) String name,
84
+ @NotBlank @Size(max = 2000) String description,
85
+ @NotNull @FutureOrPresent Instant endDate,
86
+ @NotEmpty List<@NotBlank String> categories) {}
87
+
88
+ public record MarketResponse(Long id, String name, MarketStatus status) {
89
+ static MarketResponse from(Market market) {
90
+ return new MarketResponse(market.id(), market.name(), market.status());
91
+ }
92
+ }
93
+ ```
94
+
95
+ ## Exception Handling
96
+
97
+ ```java
98
+ @ControllerAdvice
99
+ class GlobalExceptionHandler {
100
+ @ExceptionHandler(MethodArgumentNotValidException.class)
101
+ ResponseEntity<ApiError> handleValidation(MethodArgumentNotValidException ex) {
102
+ String message = ex.getBindingResult().getFieldErrors().stream()
103
+ .map(e -> e.getField() + ": " + e.getDefaultMessage())
104
+ .collect(Collectors.joining(", "));
105
+ return ResponseEntity.badRequest().body(ApiError.validation(message));
106
+ }
107
+
108
+ @ExceptionHandler(AccessDeniedException.class)
109
+ ResponseEntity<ApiError> handleAccessDenied() {
110
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).body(ApiError.of("Forbidden"));
111
+ }
112
+
113
+ @ExceptionHandler(Exception.class)
114
+ ResponseEntity<ApiError> handleGeneric(Exception ex) {
115
+ // Log unexpected errors with stack traces
116
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
117
+ .body(ApiError.of("Internal server error"));
118
+ }
119
+ }
120
+ ```
121
+
122
+ ## Caching
123
+
124
+ Requires `@EnableCaching` on a configuration class.
125
+
126
+ ```java
127
+ @Service
128
+ public class MarketCacheService {
129
+ private final MarketRepository repo;
130
+
131
+ public MarketCacheService(MarketRepository repo) {
132
+ this.repo = repo;
133
+ }
134
+
135
+ @Cacheable(value = "market", key = "#id")
136
+ public Market getById(Long id) {
137
+ return repo.findById(id)
138
+ .map(Market::from)
139
+ .orElseThrow(() -> new EntityNotFoundException("Market not found"));
140
+ }
141
+
142
+ @CacheEvict(value = "market", key = "#id")
143
+ public void evict(Long id) {}
144
+ }
145
+ ```
146
+
147
+ ## Async Processing
148
+
149
+ Requires `@EnableAsync` on a configuration class.
150
+
151
+ ```java
152
+ @Service
153
+ public class NotificationService {
154
+ @Async
155
+ public CompletableFuture<Void> sendAsync(Notification notification) {
156
+ // send email/SMS
157
+ return CompletableFuture.completedFuture(null);
158
+ }
159
+ }
160
+ ```
161
+
162
+ ## Logging (SLF4J)
163
+
164
+ ```java
165
+ @Service
166
+ public class ReportService {
167
+ private static final Logger log = LoggerFactory.getLogger(ReportService.class);
168
+
169
+ public Report generate(Long marketId) {
170
+ log.info("generate_report marketId={}", marketId);
171
+ try {
172
+ // logic
173
+ } catch (Exception ex) {
174
+ log.error("generate_report_failed marketId={}", marketId, ex);
175
+ throw ex;
176
+ }
177
+ return new Report();
178
+ }
179
+ }
180
+ ```
181
+
182
+ ## Middleware / Filters
183
+
184
+ ```java
185
+ @Component
186
+ public class RequestLoggingFilter extends OncePerRequestFilter {
187
+ private static final Logger log = LoggerFactory.getLogger(RequestLoggingFilter.class);
188
+
189
+ @Override
190
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
191
+ FilterChain filterChain) throws ServletException, IOException {
192
+ long start = System.currentTimeMillis();
193
+ try {
194
+ filterChain.doFilter(request, response);
195
+ } finally {
196
+ long duration = System.currentTimeMillis() - start;
197
+ log.info("req method={} uri={} status={} durationMs={}",
198
+ request.getMethod(), request.getRequestURI(), response.getStatus(), duration);
199
+ }
200
+ }
201
+ }
202
+ ```
203
+
204
+ ## Pagination and Sorting
205
+
206
+ ```java
207
+ PageRequest page = PageRequest.of(pageNumber, pageSize, Sort.by("createdAt").descending());
208
+ Page<Market> results = marketService.list(page);
209
+ ```
210
+
211
+ ## Error-Resilient External Calls
212
+
213
+ ```java
214
+ public <T> T withRetry(Supplier<T> supplier, int maxRetries) {
215
+ int attempts = 0;
216
+ while (true) {
217
+ try {
218
+ return supplier.get();
219
+ } catch (Exception ex) {
220
+ attempts++;
221
+ if (attempts >= maxRetries) {
222
+ throw ex;
223
+ }
224
+ try {
225
+ Thread.sleep((long) Math.pow(2, attempts) * 100L);
226
+ } catch (InterruptedException ie) {
227
+ Thread.currentThread().interrupt();
228
+ throw ex;
229
+ }
230
+ }
231
+ }
232
+ }
233
+ ```
234
+
235
+ ## Rate Limiting (Filter + Bucket4j)
236
+
237
+ **Security Note**: The `X-Forwarded-For` header is untrusted by default because clients can spoof it.
238
+ Only use forwarded headers when:
239
+ 1. Your app is behind a trusted reverse proxy (nginx, AWS ALB, etc.)
240
+ 2. You have registered `ForwardedHeaderFilter` as a bean
241
+ 3. You have configured `server.forward-headers-strategy=NATIVE` or `FRAMEWORK` in application properties
242
+ 4. Your proxy is configured to overwrite (not append to) the `X-Forwarded-For` header
243
+
244
+ When `ForwardedHeaderFilter` is properly configured, `request.getRemoteAddr()` will automatically
245
+ return the correct client IP from the forwarded headers. Without this configuration, use
246
+ `request.getRemoteAddr()` directly—it returns the immediate connection IP, which is the only
247
+ trustworthy value.
248
+
249
+ ```java
250
+ @Component
251
+ public class RateLimitFilter extends OncePerRequestFilter {
252
+ private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();
253
+
254
+ /*
255
+ * SECURITY: This filter uses request.getRemoteAddr() to identify clients for rate limiting.
256
+ *
257
+ * If your application is behind a reverse proxy (nginx, AWS ALB, etc.), you MUST configure
258
+ * Spring to handle forwarded headers properly for accurate client IP detection:
259
+ *
260
+ * 1. Set server.forward-headers-strategy=NATIVE (for cloud platforms) or FRAMEWORK in
261
+ * application.properties/yaml
262
+ * 2. If using FRAMEWORK strategy, register ForwardedHeaderFilter:
263
+ *
264
+ * @Bean
265
+ * ForwardedHeaderFilter forwardedHeaderFilter() {
266
+ * return new ForwardedHeaderFilter();
267
+ * }
268
+ *
269
+ * 3. Ensure your proxy overwrites (not appends) the X-Forwarded-For header to prevent spoofing
270
+ * 4. Configure server.tomcat.remoteip.trusted-proxies or equivalent for your container
271
+ *
272
+ * Without this configuration, request.getRemoteAddr() returns the proxy IP, not the client IP.
273
+ * Do NOT read X-Forwarded-For directly—it is trivially spoofable without trusted proxy handling.
274
+ */
275
+ @Override
276
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
277
+ FilterChain filterChain) throws ServletException, IOException {
278
+ // Use getRemoteAddr() which returns the correct client IP when ForwardedHeaderFilter
279
+ // is configured, or the direct connection IP otherwise. Never trust X-Forwarded-For
280
+ // headers directly without proper proxy configuration.
281
+ String clientIp = request.getRemoteAddr();
282
+
283
+ Bucket bucket = buckets.computeIfAbsent(clientIp,
284
+ k -> Bucket.builder()
285
+ .addLimit(Bandwidth.classic(100, Refill.greedy(100, Duration.ofMinutes(1))))
286
+ .build());
287
+
288
+ if (bucket.tryConsume(1)) {
289
+ filterChain.doFilter(request, response);
290
+ } else {
291
+ response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
292
+ }
293
+ }
294
+ }
295
+ ```
296
+
297
+ ## Background Jobs
298
+
299
+ Use Spring’s `@Scheduled` or integrate with queues (e.g., Kafka, SQS, RabbitMQ). Keep handlers idempotent and observable.
300
+
301
+ ## Observability
302
+
303
+ - Structured logging (JSON) via Logback encoder
304
+ - Metrics: Micrometer + Prometheus/OTel
305
+ - Tracing: Micrometer Tracing with OpenTelemetry or Brave backend
306
+
307
+ ## Production Defaults
308
+
309
+ - Prefer constructor injection, avoid field injection
310
+ - Enable `spring.mvc.problemdetails.enabled=true` for RFC 7807 errors (Spring Boot 3+)
311
+ - Configure HikariCP pool sizes for workload, set timeouts
312
+ - Use `@Transactional(readOnly = true)` for queries
313
+ - Enforce null-safety via `@NonNull` and `Optional` where appropriate
314
+
315
+ **Remember**: Keep controllers thin, services focused, repositories simple, and errors handled centrally. Optimize for maintainability and testability.
@@ -0,0 +1,273 @@
1
+ ---
2
+ name: springboot-security
3
+ description: Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
4
+ metadata:
5
+ origin: ECC
6
+ ---
7
+
8
+ # Spring Boot Security Review
9
+
10
+ Use when adding auth, handling input, creating endpoints, or dealing with secrets.
11
+
12
+ ## When to Activate
13
+
14
+ - Adding authentication (JWT, OAuth2, session-based)
15
+ - Implementing authorization (@PreAuthorize, role-based access)
16
+ - Validating user input (Bean Validation, custom validators)
17
+ - Configuring CORS, CSRF, or security headers
18
+ - Managing secrets (Vault, environment variables)
19
+ - Adding rate limiting or brute-force protection
20
+ - Scanning dependencies for CVEs
21
+
22
+ ## Authentication
23
+
24
+ - Prefer stateless JWT or opaque tokens with revocation list
25
+ - Use `httpOnly`, `Secure`, `SameSite=Strict` cookies for sessions
26
+ - Validate tokens with `OncePerRequestFilter` or resource server
27
+
28
+ ```java
29
+ @Component
30
+ public class JwtAuthFilter extends OncePerRequestFilter {
31
+ private final JwtService jwtService;
32
+
33
+ public JwtAuthFilter(JwtService jwtService) {
34
+ this.jwtService = jwtService;
35
+ }
36
+
37
+ @Override
38
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
39
+ FilterChain chain) throws ServletException, IOException {
40
+ String header = request.getHeader(HttpHeaders.AUTHORIZATION);
41
+ if (header != null && header.startsWith("Bearer ")) {
42
+ String token = header.substring(7);
43
+ Authentication auth = jwtService.authenticate(token);
44
+ SecurityContextHolder.getContext().setAuthentication(auth);
45
+ }
46
+ chain.doFilter(request, response);
47
+ }
48
+ }
49
+ ```
50
+
51
+ ## Authorization
52
+
53
+ - Enable method security: `@EnableMethodSecurity`
54
+ - Use `@PreAuthorize("hasRole('ADMIN')")` or `@PreAuthorize("@authz.canEdit(#id)")`
55
+ - Deny by default; expose only required scopes
56
+
57
+ ```java
58
+ @RestController
59
+ @RequestMapping("/api/admin")
60
+ public class AdminController {
61
+
62
+ @PreAuthorize("hasRole('ADMIN')")
63
+ @GetMapping("/users")
64
+ public List<UserDto> listUsers() {
65
+ return userService.findAll();
66
+ }
67
+
68
+ @PreAuthorize("@authz.isOwner(#id, authentication)")
69
+ @DeleteMapping("/users/{id}")
70
+ public ResponseEntity<Void> deleteUser(@PathVariable Long id) {
71
+ userService.delete(id);
72
+ return ResponseEntity.noContent().build();
73
+ }
74
+ }
75
+ ```
76
+
77
+ ## Input Validation
78
+
79
+ - Use Bean Validation with `@Valid` on controllers
80
+ - Apply constraints on DTOs: `@NotBlank`, `@Email`, `@Size`, custom validators
81
+ - Sanitize any HTML with a whitelist before rendering
82
+
83
+ ```java
84
+ // BAD: No validation
85
+ @PostMapping("/users")
86
+ public User createUser(@RequestBody UserDto dto) {
87
+ return userService.create(dto);
88
+ }
89
+
90
+ // GOOD: Validated DTO
91
+ public record CreateUserDto(
92
+ @NotBlank @Size(max = 100) String name,
93
+ @NotBlank @Email String email,
94
+ @NotNull @Min(0) @Max(150) Integer age
95
+ ) {}
96
+
97
+ @PostMapping("/users")
98
+ public ResponseEntity<UserDto> createUser(@Valid @RequestBody CreateUserDto dto) {
99
+ return ResponseEntity.status(HttpStatus.CREATED)
100
+ .body(userService.create(dto));
101
+ }
102
+ ```
103
+
104
+ ## SQL Injection Prevention
105
+
106
+ - Use Spring Data repositories or parameterized queries
107
+ - For native queries, use `:param` bindings; never concatenate strings
108
+
109
+ ```java
110
+ // BAD: String concatenation in native query
111
+ @Query(value = "SELECT * FROM users WHERE name = '" + name + "'", nativeQuery = true)
112
+
113
+ // GOOD: Parameterized native query
114
+ @Query(value = "SELECT * FROM users WHERE name = :name", nativeQuery = true)
115
+ List<User> findByName(@Param("name") String name);
116
+
117
+ // GOOD: Spring Data derived query (auto-parameterized)
118
+ List<User> findByEmailAndActiveTrue(String email);
119
+ ```
120
+
121
+ ## Password Encoding
122
+
123
+ - Always hash passwords with BCrypt or Argon2 — never store plaintext
124
+ - Use `PasswordEncoder` bean, not manual hashing
125
+
126
+ ```java
127
+ @Bean
128
+ public PasswordEncoder passwordEncoder() {
129
+ return new BCryptPasswordEncoder(12); // cost factor 12
130
+ }
131
+
132
+ // In service
133
+ public User register(CreateUserDto dto) {
134
+ String hashedPassword = passwordEncoder.encode(dto.password());
135
+ return userRepository.save(new User(dto.email(), hashedPassword));
136
+ }
137
+ ```
138
+
139
+ ## CSRF Protection
140
+
141
+ - For browser session apps, keep CSRF enabled; include token in forms/headers
142
+ - For pure APIs with Bearer tokens, disable CSRF and rely on stateless auth
143
+
144
+ ```java
145
+ http
146
+ .csrf(csrf -> csrf.disable())
147
+ .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
148
+ ```
149
+
150
+ ## Secrets Management
151
+
152
+ - No secrets in source; load from env or vault
153
+ - Keep `application.yml` free of credentials; use placeholders
154
+ - Rotate tokens and DB credentials regularly
155
+
156
+ ```yaml
157
+ # BAD: Hardcoded in application.yml
158
+ spring:
159
+ datasource:
160
+ password: mySecretPassword123
161
+
162
+ # GOOD: Environment variable placeholder
163
+ spring:
164
+ datasource:
165
+ password: ${DB_PASSWORD}
166
+
167
+ # GOOD: Spring Cloud Vault integration
168
+ spring:
169
+ cloud:
170
+ vault:
171
+ uri: https://vault.example.com
172
+ token: ${VAULT_TOKEN}
173
+ ```
174
+
175
+ ## Security Headers
176
+
177
+ ```java
178
+ http
179
+ .headers(headers -> headers
180
+ .contentSecurityPolicy(csp -> csp
181
+ .policyDirectives("default-src 'self'"))
182
+ .frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
183
+ .xssProtection(Customizer.withDefaults())
184
+ .referrerPolicy(rp -> rp.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.NO_REFERRER)));
185
+ ```
186
+
187
+ ## CORS Configuration
188
+
189
+ - Configure CORS at the security filter level, not per-controller
190
+ - Restrict allowed origins — never use `*` in production
191
+
192
+ ```java
193
+ @Bean
194
+ public CorsConfigurationSource corsConfigurationSource() {
195
+ CorsConfiguration config = new CorsConfiguration();
196
+ config.setAllowedOrigins(List.of("https://app.example.com"));
197
+ config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE"));
198
+ config.setAllowedHeaders(List.of("Authorization", "Content-Type"));
199
+ config.setAllowCredentials(true);
200
+ config.setMaxAge(3600L);
201
+
202
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
203
+ source.registerCorsConfiguration("/api/**", config);
204
+ return source;
205
+ }
206
+
207
+ // In SecurityFilterChain:
208
+ http.cors(cors -> cors.configurationSource(corsConfigurationSource()));
209
+ ```
210
+
211
+ ## Rate Limiting
212
+
213
+ - Apply Bucket4j or gateway-level limits on expensive endpoints
214
+ - Log and alert on bursts; return 429 with retry hints
215
+
216
+ ```java
217
+ // Using Bucket4j for per-endpoint rate limiting
218
+ @Component
219
+ public class RateLimitFilter extends OncePerRequestFilter {
220
+ private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();
221
+
222
+ private Bucket createBucket() {
223
+ return Bucket.builder()
224
+ .addLimit(Bandwidth.classic(100, Refill.intervally(100, Duration.ofMinutes(1))))
225
+ .build();
226
+ }
227
+
228
+ @Override
229
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
230
+ FilterChain chain) throws ServletException, IOException {
231
+ String clientIp = request.getRemoteAddr();
232
+ Bucket bucket = buckets.computeIfAbsent(clientIp, k -> createBucket());
233
+
234
+ if (bucket.tryConsume(1)) {
235
+ chain.doFilter(request, response);
236
+ } else {
237
+ response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
238
+ response.getWriter().write("{\"error\": \"Rate limit exceeded\"}");
239
+ }
240
+ }
241
+ }
242
+ ```
243
+
244
+ ## Dependency Security
245
+
246
+ - Run OWASP Dependency Check / Snyk in CI
247
+ - Keep Spring Boot and Spring Security on supported versions
248
+ - Fail builds on known CVEs
249
+
250
+ ## Logging and PII
251
+
252
+ - Never log secrets, tokens, passwords, or full PAN data
253
+ - Redact sensitive fields; use structured JSON logging
254
+
255
+ ## File Uploads
256
+
257
+ - Validate size, content type, and extension
258
+ - Store outside web root; scan if required
259
+
260
+ ## Checklist Before Release
261
+
262
+ - [ ] Auth tokens validated and expired correctly
263
+ - [ ] Authorization guards on every sensitive path
264
+ - [ ] All inputs validated and sanitized
265
+ - [ ] No string-concatenated SQL
266
+ - [ ] CSRF posture correct for app type
267
+ - [ ] Secrets externalized; none committed
268
+ - [ ] Security headers configured
269
+ - [ ] Rate limiting on APIs
270
+ - [ ] Dependencies scanned and up to date
271
+ - [ ] Logs free of sensitive data
272
+
273
+ **Remember**: Deny by default, validate inputs, least privilege, and secure-by-configuration first.