arboris-cli 1.0.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (451) hide show
  1. package/dist/cli.mjs +420 -0
  2. package/manifest.json +602 -0
  3. package/package.json +22 -10
  4. package/prisma/skills/accessibility/SKILL.md +147 -0
  5. package/prisma/skills/agent-architecture-audit/SKILL.md +257 -0
  6. package/prisma/skills/agent-eval/SKILL.md +146 -0
  7. package/prisma/skills/agent-harness-construction/SKILL.md +74 -0
  8. package/prisma/skills/agent-introspection-debugging/SKILL.md +154 -0
  9. package/prisma/skills/agent-payment-x402/SKILL.md +225 -0
  10. package/prisma/skills/agent-self-evaluation/SKILL.md +182 -0
  11. package/prisma/skills/agent-self-evaluation/examples/high-score-example.md +87 -0
  12. package/prisma/skills/agent-self-evaluation/examples/low-score-example.md +86 -0
  13. package/prisma/skills/agent-self-evaluation/references/evaluation-criteria.md +71 -0
  14. package/prisma/skills/agent-self-evaluation/references/hook-integration.md +64 -0
  15. package/prisma/skills/agent-self-evaluation/scripts/evaluate.py +408 -0
  16. package/prisma/skills/agent-self-evaluation/templates/evaluation-report.md +86 -0
  17. package/prisma/skills/agent-sort/SKILL.md +216 -0
  18. package/prisma/skills/agentic-engineering/SKILL.md +64 -0
  19. package/prisma/skills/agentic-os/SKILL.md +388 -0
  20. package/prisma/skills/ai-first-engineering/SKILL.md +52 -0
  21. package/prisma/skills/ai-regression-testing/SKILL.md +386 -0
  22. package/prisma/skills/android-clean-architecture/SKILL.md +340 -0
  23. package/prisma/skills/angular-developer/SKILL.md +155 -0
  24. package/prisma/skills/angular-developer/references/angular-animations.md +160 -0
  25. package/prisma/skills/angular-developer/references/angular-aria.md +410 -0
  26. package/prisma/skills/angular-developer/references/cli.md +86 -0
  27. package/prisma/skills/angular-developer/references/component-harnesses.md +59 -0
  28. package/prisma/skills/angular-developer/references/component-styling.md +91 -0
  29. package/prisma/skills/angular-developer/references/components.md +117 -0
  30. package/prisma/skills/angular-developer/references/creating-services.md +97 -0
  31. package/prisma/skills/angular-developer/references/data-resolvers.md +69 -0
  32. package/prisma/skills/angular-developer/references/define-routes.md +67 -0
  33. package/prisma/skills/angular-developer/references/defining-providers.md +72 -0
  34. package/prisma/skills/angular-developer/references/di-fundamentals.md +120 -0
  35. package/prisma/skills/angular-developer/references/e2e-testing.md +56 -0
  36. package/prisma/skills/angular-developer/references/effects.md +83 -0
  37. package/prisma/skills/angular-developer/references/hierarchical-injectors.md +43 -0
  38. package/prisma/skills/angular-developer/references/host-elements.md +80 -0
  39. package/prisma/skills/angular-developer/references/injection-context.md +63 -0
  40. package/prisma/skills/angular-developer/references/inputs.md +101 -0
  41. package/prisma/skills/angular-developer/references/linked-signal.md +59 -0
  42. package/prisma/skills/angular-developer/references/loading-strategies.md +61 -0
  43. package/prisma/skills/angular-developer/references/mcp.md +108 -0
  44. package/prisma/skills/angular-developer/references/navigate-to-routes.md +69 -0
  45. package/prisma/skills/angular-developer/references/outputs.md +86 -0
  46. package/prisma/skills/angular-developer/references/reactive-forms.md +122 -0
  47. package/prisma/skills/angular-developer/references/rendering-strategies.md +44 -0
  48. package/prisma/skills/angular-developer/references/resource.md +77 -0
  49. package/prisma/skills/angular-developer/references/route-animations.md +56 -0
  50. package/prisma/skills/angular-developer/references/route-guards.md +52 -0
  51. package/prisma/skills/angular-developer/references/router-lifecycle.md +45 -0
  52. package/prisma/skills/angular-developer/references/router-testing.md +87 -0
  53. package/prisma/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
  54. package/prisma/skills/angular-developer/references/signal-forms.md +795 -0
  55. package/prisma/skills/angular-developer/references/signals-overview.md +94 -0
  56. package/prisma/skills/angular-developer/references/tailwind-css.md +69 -0
  57. package/prisma/skills/angular-developer/references/template-driven-forms.md +114 -0
  58. package/prisma/skills/angular-developer/references/testing-fundamentals.md +65 -0
  59. package/prisma/skills/api-connector-builder/SKILL.md +121 -0
  60. package/prisma/skills/api-design/SKILL.md +524 -0
  61. package/prisma/skills/architecture-decision-records/SKILL.md +180 -0
  62. package/prisma/skills/article-writing/SKILL.md +80 -0
  63. package/prisma/skills/automation-audit-ops/SKILL.md +143 -0
  64. package/prisma/skills/autonomous-agent-harness/SKILL.md +274 -0
  65. package/prisma/skills/autonomous-loops/SKILL.md +611 -0
  66. package/prisma/skills/backend-patterns/SKILL.md +562 -0
  67. package/prisma/skills/benchmark/SKILL.md +94 -0
  68. package/prisma/skills/benchmark-methodology/SKILL.md +190 -0
  69. package/prisma/skills/benchmark-optimization-loop/SKILL.md +70 -0
  70. package/prisma/skills/blender-motion-state-inspection/SKILL.md +165 -0
  71. package/prisma/skills/blueprint/SKILL.md +106 -0
  72. package/prisma/skills/brand-discovery/SKILL.md +145 -0
  73. package/prisma/skills/brand-discovery/references/10_purpose-why.md +40 -0
  74. package/prisma/skills/brand-discovery/references/20_positioning.md +44 -0
  75. package/prisma/skills/brand-discovery/references/30_audience-niche.md +52 -0
  76. package/prisma/skills/brand-discovery/references/40_personality-archetype.md +57 -0
  77. package/prisma/skills/brand-discovery/references/50_voice-tone.md +59 -0
  78. package/prisma/skills/brand-discovery/references/60_narrative-story.md +50 -0
  79. package/prisma/skills/brand-discovery/references/70_founder-tension.md +49 -0
  80. package/prisma/skills/brand-discovery/references/90_SYNTHESIS.md +133 -0
  81. package/prisma/skills/brand-voice/SKILL.md +98 -0
  82. package/prisma/skills/brand-voice/references/voice-profile-schema.md +55 -0
  83. package/prisma/skills/browser-qa/SKILL.md +105 -0
  84. package/prisma/skills/bun-runtime/SKILL.md +85 -0
  85. package/prisma/skills/canary-watch/SKILL.md +108 -0
  86. package/prisma/skills/carrier-relationship-management/SKILL.md +212 -0
  87. package/prisma/skills/cisco-ios-patterns/SKILL.md +164 -0
  88. package/prisma/skills/ck/SKILL.md +148 -0
  89. package/prisma/skills/ck/commands/forget.mjs +44 -0
  90. package/prisma/skills/ck/commands/info.mjs +24 -0
  91. package/prisma/skills/ck/commands/init.mjs +143 -0
  92. package/prisma/skills/ck/commands/list.mjs +40 -0
  93. package/prisma/skills/ck/commands/migrate.mjs +202 -0
  94. package/prisma/skills/ck/commands/resume.mjs +36 -0
  95. package/prisma/skills/ck/commands/save.mjs +210 -0
  96. package/prisma/skills/ck/commands/shared.mjs +387 -0
  97. package/prisma/skills/ck/hooks/session-start.mjs +224 -0
  98. package/prisma/skills/claude-devfleet/SKILL.md +112 -0
  99. package/prisma/skills/click-path-audit/SKILL.md +245 -0
  100. package/prisma/skills/clickhouse-io/SKILL.md +440 -0
  101. package/prisma/skills/code-tour/SKILL.md +254 -0
  102. package/prisma/skills/codebase-onboarding/SKILL.md +234 -0
  103. package/prisma/skills/codehealth-mcp/SKILL.md +167 -0
  104. package/prisma/skills/coding-standards/SKILL.md +551 -0
  105. package/prisma/skills/competitive-platform-analysis/SKILL.md +214 -0
  106. package/prisma/skills/competitive-report-structure/SKILL.md +162 -0
  107. package/prisma/skills/compose-multiplatform-patterns/SKILL.md +300 -0
  108. package/prisma/skills/config-gc/SKILL.md +120 -0
  109. package/prisma/skills/configure-ecc/SKILL.md +385 -0
  110. package/prisma/skills/connections-optimizer/SKILL.md +190 -0
  111. package/prisma/skills/content-engine/SKILL.md +132 -0
  112. package/prisma/skills/content-hash-cache-pattern/SKILL.md +162 -0
  113. package/prisma/skills/context-budget/SKILL.md +136 -0
  114. package/prisma/skills/continuous-agent-loop/SKILL.md +46 -0
  115. package/prisma/skills/continuous-learning/SKILL.md +132 -0
  116. package/prisma/skills/continuous-learning/config.json +18 -0
  117. package/prisma/skills/continuous-learning/evaluate-session.sh +69 -0
  118. package/prisma/skills/continuous-learning-v2/SKILL.md +361 -0
  119. package/prisma/skills/continuous-learning-v2/agents/observer-loop.sh +359 -0
  120. package/prisma/skills/continuous-learning-v2/agents/observer.md +189 -0
  121. package/prisma/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
  122. package/prisma/skills/continuous-learning-v2/agents/start-observer.sh +248 -0
  123. package/prisma/skills/continuous-learning-v2/config.json +8 -0
  124. package/prisma/skills/continuous-learning-v2/hooks/observe.sh +585 -0
  125. package/prisma/skills/continuous-learning-v2/scripts/detect-project.sh +322 -0
  126. package/prisma/skills/continuous-learning-v2/scripts/instinct-cli.py +1956 -0
  127. package/prisma/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
  128. package/prisma/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +68 -0
  129. package/prisma/skills/continuous-learning-v2/scripts/test_parse_instinct.py +1421 -0
  130. package/prisma/skills/cost-aware-llm-pipeline/SKILL.md +184 -0
  131. package/prisma/skills/cost-tracking/SKILL.md +97 -0
  132. package/prisma/skills/council/SKILL.md +204 -0
  133. package/prisma/skills/cpp-coding-standards/SKILL.md +724 -0
  134. package/prisma/skills/cpp-testing/SKILL.md +325 -0
  135. package/prisma/skills/crosspost/SKILL.md +112 -0
  136. package/prisma/skills/csharp-testing/SKILL.md +322 -0
  137. package/prisma/skills/customer-billing-ops/SKILL.md +141 -0
  138. package/prisma/skills/customs-trade-compliance/SKILL.md +263 -0
  139. package/prisma/skills/dart-flutter-patterns/SKILL.md +564 -0
  140. package/prisma/skills/dashboard-builder/SKILL.md +109 -0
  141. package/prisma/skills/data-scraper-agent/SKILL.md +765 -0
  142. package/prisma/skills/data-throughput-accelerator/SKILL.md +73 -0
  143. package/prisma/skills/database-migrations/SKILL.md +430 -0
  144. package/prisma/skills/deep-research/SKILL.md +160 -0
  145. package/prisma/skills/defi-amm-security/SKILL.md +167 -0
  146. package/prisma/skills/delivery-gate/SKILL.md +126 -0
  147. package/prisma/skills/delivery-gate/hooks/quality-gate.py +220 -0
  148. package/prisma/skills/deployment-patterns/SKILL.md +428 -0
  149. package/prisma/skills/design-system/SKILL.md +83 -0
  150. package/prisma/skills/django-celery/SKILL.md +458 -0
  151. package/prisma/skills/django-patterns/SKILL.md +735 -0
  152. package/prisma/skills/django-security/SKILL.md +644 -0
  153. package/prisma/skills/django-tdd/SKILL.md +730 -0
  154. package/prisma/skills/django-verification/SKILL.md +470 -0
  155. package/prisma/skills/dmux-workflows/SKILL.md +192 -0
  156. package/prisma/skills/docker-patterns/SKILL.md +365 -0
  157. package/prisma/skills/documentation-lookup/SKILL.md +91 -0
  158. package/prisma/skills/dotnet-patterns/SKILL.md +322 -0
  159. package/prisma/skills/dynamic-workflow-mode/SKILL.md +124 -0
  160. package/prisma/skills/e2e-testing/SKILL.md +327 -0
  161. package/prisma/skills/ecc-guide/SKILL.md +190 -0
  162. package/prisma/skills/ecc-recipes/SKILL.md +149 -0
  163. package/prisma/skills/ecc-tools-cost-audit/SKILL.md +161 -0
  164. package/prisma/skills/email-ops/SKILL.md +122 -0
  165. package/prisma/skills/energy-procurement/SKILL.md +228 -0
  166. package/prisma/skills/enterprise-agent-ops/SKILL.md +51 -0
  167. package/prisma/skills/error-handling/SKILL.md +377 -0
  168. package/prisma/skills/eval-harness/SKILL.md +271 -0
  169. package/prisma/skills/evm-token-decimals/SKILL.md +131 -0
  170. package/prisma/skills/exa-search/SKILL.md +108 -0
  171. package/prisma/skills/fal-ai-media/SKILL.md +289 -0
  172. package/prisma/skills/fastapi-patterns/SKILL.md +514 -0
  173. package/prisma/skills/finance-billing-ops/SKILL.md +128 -0
  174. package/prisma/skills/flox-environments/SKILL.md +497 -0
  175. package/prisma/skills/flutter-dart-code-review/SKILL.md +436 -0
  176. package/prisma/skills/foundation-models-on-device/SKILL.md +243 -0
  177. package/prisma/skills/frontend-a11y/SKILL.md +446 -0
  178. package/prisma/skills/frontend-design-direction/SKILL.md +93 -0
  179. package/prisma/skills/frontend-patterns/SKILL.md +657 -0
  180. package/prisma/skills/frontend-slides/SKILL.md +185 -0
  181. package/prisma/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  182. package/prisma/skills/frontend-slides/animation-patterns.md +122 -0
  183. package/prisma/skills/frontend-slides/html-template.md +419 -0
  184. package/prisma/skills/frontend-slides/scripts/export-pdf.sh +418 -0
  185. package/prisma/skills/frontend-slides/scripts/extract-pptx.py +96 -0
  186. package/prisma/skills/frontend-slides/viewport-base.css +153 -0
  187. package/prisma/skills/fsharp-testing/SKILL.md +281 -0
  188. package/prisma/skills/gan-style-harness/SKILL.md +279 -0
  189. package/prisma/skills/gateguard/SKILL.md +133 -0
  190. package/prisma/skills/generating-python-installer/SKILL.md +820 -0
  191. package/prisma/skills/git-workflow/SKILL.md +716 -0
  192. package/prisma/skills/github-ops/SKILL.md +145 -0
  193. package/prisma/skills/golang-patterns/SKILL.md +675 -0
  194. package/prisma/skills/golang-testing/SKILL.md +721 -0
  195. package/prisma/skills/google-workspace-ops/SKILL.md +96 -0
  196. package/prisma/skills/growth-log/SKILL.md +128 -0
  197. package/prisma/skills/healthcare-cdss-patterns/SKILL.md +246 -0
  198. package/prisma/skills/healthcare-emr-patterns/SKILL.md +160 -0
  199. package/prisma/skills/healthcare-eval-harness/SKILL.md +208 -0
  200. package/prisma/skills/healthcare-phi-compliance/SKILL.md +146 -0
  201. package/prisma/skills/hermes-imports/SKILL.md +89 -0
  202. package/prisma/skills/hexagonal-architecture/SKILL.md +277 -0
  203. package/prisma/skills/hipaa-compliance/SKILL.md +79 -0
  204. package/prisma/skills/homelab-network-readiness/SKILL.md +170 -0
  205. package/prisma/skills/homelab-network-setup/SKILL.md +130 -0
  206. package/prisma/skills/homelab-pihole-dns/SKILL.md +275 -0
  207. package/prisma/skills/homelab-vlan-segmentation/SKILL.md +312 -0
  208. package/prisma/skills/homelab-wireguard-vpn/SKILL.md +306 -0
  209. package/prisma/skills/hookify-rules/SKILL.md +128 -0
  210. package/prisma/skills/inherit-legacy-style/SKILL.md +157 -0
  211. package/prisma/skills/intent-driven-development/SKILL.md +360 -0
  212. package/prisma/skills/inventory-demand-planning/SKILL.md +247 -0
  213. package/prisma/skills/investor-materials/SKILL.md +97 -0
  214. package/prisma/skills/investor-outreach/SKILL.md +92 -0
  215. package/prisma/skills/ios-icon-gen/SKILL.md +158 -0
  216. package/prisma/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
  217. package/prisma/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  218. package/prisma/skills/iterative-retrieval/SKILL.md +212 -0
  219. package/prisma/skills/ito-basket-compare/SKILL.md +64 -0
  220. package/prisma/skills/ito-data-atlas-agent/SKILL.md +64 -0
  221. package/prisma/skills/ito-market-intelligence/SKILL.md +61 -0
  222. package/prisma/skills/ito-trade-planner/SKILL.md +68 -0
  223. package/prisma/skills/java-coding-standards/SKILL.md +384 -0
  224. package/prisma/skills/jira-integration/SKILL.md +303 -0
  225. package/prisma/skills/jpa-patterns/SKILL.md +152 -0
  226. package/prisma/skills/knowledge-ops/SKILL.md +155 -0
  227. package/prisma/skills/kotlin-coroutines-flows/SKILL.md +285 -0
  228. package/prisma/skills/kotlin-exposed-patterns/SKILL.md +720 -0
  229. package/prisma/skills/kotlin-ktor-patterns/SKILL.md +690 -0
  230. package/prisma/skills/kotlin-patterns/SKILL.md +712 -0
  231. package/prisma/skills/kotlin-testing/SKILL.md +825 -0
  232. package/prisma/skills/kubernetes-patterns/SKILL.md +756 -0
  233. package/prisma/skills/laravel-patterns/SKILL.md +416 -0
  234. package/prisma/skills/laravel-plugin-discovery/SKILL.md +230 -0
  235. package/prisma/skills/laravel-security/SKILL.md +948 -0
  236. package/prisma/skills/laravel-tdd/SKILL.md +675 -0
  237. package/prisma/skills/laravel-verification/SKILL.md +180 -0
  238. package/prisma/skills/latency-critical-systems/SKILL.md +74 -0
  239. package/prisma/skills/lead-intelligence/SKILL.md +322 -0
  240. package/prisma/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
  241. package/prisma/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
  242. package/prisma/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
  243. package/prisma/skills/lead-intelligence/agents/signal-scorer.md +60 -0
  244. package/prisma/skills/liquid-glass-design/SKILL.md +279 -0
  245. package/prisma/skills/llm-trading-agent-security/SKILL.md +147 -0
  246. package/prisma/skills/logistics-exception-management/SKILL.md +222 -0
  247. package/prisma/skills/loop-design-check/SKILL.md +143 -0
  248. package/prisma/skills/mailtrap-email-integration/SKILL.md +77 -0
  249. package/prisma/skills/make-interfaces-feel-better/SKILL.md +152 -0
  250. package/prisma/skills/manim-video/SKILL.md +90 -0
  251. package/prisma/skills/manim-video/assets/network_graph_scene.py +52 -0
  252. package/prisma/skills/market-research/SKILL.md +76 -0
  253. package/prisma/skills/marketing-campaign/SKILL.md +114 -0
  254. package/prisma/skills/mcp-server-patterns/SKILL.md +70 -0
  255. package/prisma/skills/messages-ops/SKILL.md +105 -0
  256. package/prisma/skills/ml-adoption-playbook/SKILL.md +57 -0
  257. package/prisma/skills/mle-workflow/SKILL.md +347 -0
  258. package/prisma/skills/motion-advanced/SKILL.md +596 -0
  259. package/prisma/skills/motion-foundations/SKILL.md +299 -0
  260. package/prisma/skills/motion-patterns/SKILL.md +434 -0
  261. package/prisma/skills/motion-ui/SKILL.md +576 -0
  262. package/prisma/skills/mysql-patterns/SKILL.md +413 -0
  263. package/prisma/skills/nanoclaw-repl/SKILL.md +34 -0
  264. package/prisma/skills/nestjs-patterns/SKILL.md +231 -0
  265. package/prisma/skills/netmiko-ssh-automation/SKILL.md +174 -0
  266. package/prisma/skills/network-bgp-diagnostics/SKILL.md +168 -0
  267. package/prisma/skills/network-config-validation/SKILL.md +211 -0
  268. package/prisma/skills/network-interface-health/SKILL.md +153 -0
  269. package/prisma/skills/nextjs-turbopack/SKILL.md +58 -0
  270. package/prisma/skills/nodejs-keccak256/SKILL.md +103 -0
  271. package/prisma/skills/nutrient-document-processing/SKILL.md +168 -0
  272. package/prisma/skills/nuxt4-patterns/SKILL.md +101 -0
  273. package/prisma/skills/openclaw-persona-forge/SKILL.md +289 -0
  274. package/prisma/skills/openclaw-persona-forge/gacha.py +224 -0
  275. package/prisma/skills/openclaw-persona-forge/gacha.sh +5 -0
  276. package/prisma/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
  277. package/prisma/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
  278. package/prisma/skills/openclaw-persona-forge/references/error-handling.md +53 -0
  279. package/prisma/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
  280. package/prisma/skills/openclaw-persona-forge/references/naming-system.md +39 -0
  281. package/prisma/skills/openclaw-persona-forge/references/output-template.md +166 -0
  282. package/prisma/skills/opensource-pipeline/SKILL.md +256 -0
  283. package/prisma/skills/orch-add-feature/SKILL.md +45 -0
  284. package/prisma/skills/orch-build-mvp/SKILL.md +49 -0
  285. package/prisma/skills/orch-change-feature/SKILL.md +43 -0
  286. package/prisma/skills/orch-fix-defect/SKILL.md +43 -0
  287. package/prisma/skills/orch-pipeline/SKILL.md +121 -0
  288. package/prisma/skills/orch-refine-code/SKILL.md +44 -0
  289. package/prisma/skills/parallel-execution-optimizer/SKILL.md +73 -0
  290. package/prisma/skills/perl-patterns/SKILL.md +505 -0
  291. package/prisma/skills/perl-security/SKILL.md +504 -0
  292. package/prisma/skills/perl-testing/SKILL.md +476 -0
  293. package/prisma/skills/plan-orchestrate/SKILL.md +263 -0
  294. package/prisma/skills/plankton-code-quality/SKILL.md +237 -0
  295. package/prisma/skills/postgres-patterns/SKILL.md +148 -0
  296. package/prisma/skills/prediction-market-oracle-research/SKILL.md +64 -0
  297. package/prisma/skills/prediction-market-risk-review/SKILL.md +61 -0
  298. package/prisma/skills/prisma-patterns/SKILL.md +401 -0
  299. package/prisma/skills/product-capability/SKILL.md +142 -0
  300. package/prisma/skills/product-lens/SKILL.md +93 -0
  301. package/prisma/skills/production-audit/SKILL.md +207 -0
  302. package/prisma/skills/production-scheduling/SKILL.md +238 -0
  303. package/prisma/skills/project-flow-ops/SKILL.md +112 -0
  304. package/prisma/skills/prompt-optimizer/SKILL.md +398 -0
  305. package/prisma/skills/python-patterns/SKILL.md +751 -0
  306. package/prisma/skills/python-testing/SKILL.md +817 -0
  307. package/prisma/skills/pytorch-patterns/SKILL.md +397 -0
  308. package/prisma/skills/quality-nonconformance/SKILL.md +260 -0
  309. package/prisma/skills/quarkus-patterns/SKILL.md +723 -0
  310. package/prisma/skills/quarkus-security/SKILL.md +468 -0
  311. package/prisma/skills/quarkus-tdd/SKILL.md +812 -0
  312. package/prisma/skills/quarkus-verification/SKILL.md +480 -0
  313. package/prisma/skills/ralphinho-rfc-pipeline/SKILL.md +68 -0
  314. package/prisma/skills/react-native-patterns/SKILL.md +326 -0
  315. package/prisma/skills/react-patterns/SKILL.md +342 -0
  316. package/prisma/skills/react-performance/SKILL.md +575 -0
  317. package/prisma/skills/react-testing/SKILL.md +424 -0
  318. package/prisma/skills/recsys-pipeline-architect/SKILL.md +115 -0
  319. package/prisma/skills/recursive-decision-ledger/SKILL.md +80 -0
  320. package/prisma/skills/redis-patterns/SKILL.md +404 -0
  321. package/prisma/skills/regex-vs-llm-structured-text/SKILL.md +221 -0
  322. package/prisma/skills/remotion-video-creation/SKILL.md +43 -0
  323. package/prisma/skills/remotion-video-creation/rules/3d.md +86 -0
  324. package/prisma/skills/remotion-video-creation/rules/animations.md +29 -0
  325. package/prisma/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
  326. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
  327. package/prisma/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
  328. package/prisma/skills/remotion-video-creation/rules/assets.md +78 -0
  329. package/prisma/skills/remotion-video-creation/rules/audio.md +172 -0
  330. package/prisma/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
  331. package/prisma/skills/remotion-video-creation/rules/can-decode.md +75 -0
  332. package/prisma/skills/remotion-video-creation/rules/charts.md +58 -0
  333. package/prisma/skills/remotion-video-creation/rules/compositions.md +146 -0
  334. package/prisma/skills/remotion-video-creation/rules/display-captions.md +126 -0
  335. package/prisma/skills/remotion-video-creation/rules/extract-frames.md +229 -0
  336. package/prisma/skills/remotion-video-creation/rules/fonts.md +152 -0
  337. package/prisma/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
  338. package/prisma/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
  339. package/prisma/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
  340. package/prisma/skills/remotion-video-creation/rules/gifs.md +138 -0
  341. package/prisma/skills/remotion-video-creation/rules/images.md +130 -0
  342. package/prisma/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
  343. package/prisma/skills/remotion-video-creation/rules/lottie.md +67 -0
  344. package/prisma/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
  345. package/prisma/skills/remotion-video-creation/rules/measuring-text.md +143 -0
  346. package/prisma/skills/remotion-video-creation/rules/sequencing.md +106 -0
  347. package/prisma/skills/remotion-video-creation/rules/tailwind.md +11 -0
  348. package/prisma/skills/remotion-video-creation/rules/text-animations.md +20 -0
  349. package/prisma/skills/remotion-video-creation/rules/timing.md +179 -0
  350. package/prisma/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
  351. package/prisma/skills/remotion-video-creation/rules/transitions.md +122 -0
  352. package/prisma/skills/remotion-video-creation/rules/trimming.md +52 -0
  353. package/prisma/skills/remotion-video-creation/rules/videos.md +171 -0
  354. package/prisma/skills/repo-scan/SKILL.md +79 -0
  355. package/prisma/skills/research-ops/SKILL.md +113 -0
  356. package/prisma/skills/returns-reverse-logistics/SKILL.md +240 -0
  357. package/prisma/skills/rules-distill/SKILL.md +265 -0
  358. package/prisma/skills/rules-distill/scripts/scan-rules.sh +58 -0
  359. package/prisma/skills/rules-distill/scripts/scan-skills.sh +129 -0
  360. package/prisma/skills/rust-patterns/SKILL.md +500 -0
  361. package/prisma/skills/rust-testing/SKILL.md +501 -0
  362. package/prisma/skills/safety-guard/SKILL.md +76 -0
  363. package/prisma/skills/santa-method/SKILL.md +307 -0
  364. package/prisma/skills/scientific-db-pubmed-database/SKILL.md +176 -0
  365. package/prisma/skills/scientific-db-uspto-database/SKILL.md +178 -0
  366. package/prisma/skills/scientific-pkg-gget/SKILL.md +167 -0
  367. package/prisma/skills/scientific-thinking-literature-review/SKILL.md +193 -0
  368. package/prisma/skills/scientific-thinking-scholar-evaluation/SKILL.md +161 -0
  369. package/prisma/skills/search-first/SKILL.md +183 -0
  370. package/prisma/skills/security-bounty-hunter/SKILL.md +100 -0
  371. package/prisma/skills/security-review/SKILL.md +504 -0
  372. package/prisma/skills/security-review/cloud-infrastructure-security.md +361 -0
  373. package/prisma/skills/security-scan/SKILL.md +166 -0
  374. package/prisma/skills/seo/SKILL.md +155 -0
  375. package/prisma/skills/skill-comply/SKILL.md +59 -0
  376. package/prisma/skills/skill-comply/fixtures/compliant_trace.jsonl +5 -0
  377. package/prisma/skills/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
  378. package/prisma/skills/skill-comply/fixtures/tdd_spec.yaml +44 -0
  379. package/prisma/skills/skill-comply/prompts/classifier.md +24 -0
  380. package/prisma/skills/skill-comply/prompts/scenario_generator.md +62 -0
  381. package/prisma/skills/skill-comply/prompts/spec_generator.md +42 -0
  382. package/prisma/skills/skill-comply/pyproject.toml +15 -0
  383. package/prisma/skills/skill-comply/scripts/__init__.py +0 -0
  384. package/prisma/skills/skill-comply/scripts/classifier.py +85 -0
  385. package/prisma/skills/skill-comply/scripts/grader.py +124 -0
  386. package/prisma/skills/skill-comply/scripts/parser.py +107 -0
  387. package/prisma/skills/skill-comply/scripts/report.py +170 -0
  388. package/prisma/skills/skill-comply/scripts/run.py +127 -0
  389. package/prisma/skills/skill-comply/scripts/runner.py +194 -0
  390. package/prisma/skills/skill-comply/scripts/scenario_generator.py +70 -0
  391. package/prisma/skills/skill-comply/scripts/spec_generator.py +72 -0
  392. package/prisma/skills/skill-comply/scripts/utils.py +13 -0
  393. package/prisma/skills/skill-comply/tests/test_grader.py +197 -0
  394. package/prisma/skills/skill-comply/tests/test_parser.py +90 -0
  395. package/prisma/skills/skill-comply/tests/test_runner.py +172 -0
  396. package/prisma/skills/skill-scout/SKILL.md +141 -0
  397. package/prisma/skills/skill-stocktake/SKILL.md +195 -0
  398. package/prisma/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
  399. package/prisma/skills/skill-stocktake/scripts/save-results.sh +56 -0
  400. package/prisma/skills/skill-stocktake/scripts/scan.sh +170 -0
  401. package/prisma/skills/social-graph-ranker/SKILL.md +155 -0
  402. package/prisma/skills/social-publisher/SKILL.md +130 -0
  403. package/prisma/skills/springboot-patterns/SKILL.md +315 -0
  404. package/prisma/skills/springboot-security/SKILL.md +273 -0
  405. package/prisma/skills/springboot-tdd/SKILL.md +159 -0
  406. package/prisma/skills/springboot-verification/SKILL.md +232 -0
  407. package/prisma/skills/strategic-compact/SKILL.md +136 -0
  408. package/prisma/skills/swift-actor-persistence/SKILL.md +144 -0
  409. package/prisma/skills/swift-concurrency-6-2/SKILL.md +216 -0
  410. package/prisma/skills/swift-protocol-di-testing/SKILL.md +191 -0
  411. package/prisma/skills/swiftui-patterns/SKILL.md +259 -0
  412. package/prisma/skills/taste/SKILL.md +264 -0
  413. package/prisma/skills/taste/references/genre-taxonomy.md +87 -0
  414. package/prisma/skills/tdd-workflow/SKILL.md +583 -0
  415. package/prisma/skills/team-agent-orchestration/SKILL.md +111 -0
  416. package/prisma/skills/team-builder/SKILL.md +169 -0
  417. package/prisma/skills/terminal-ops/SKILL.md +110 -0
  418. package/prisma/skills/tinystruct-patterns/SKILL.md +279 -0
  419. package/prisma/skills/tinystruct-patterns/references/architecture.md +90 -0
  420. package/prisma/skills/tinystruct-patterns/references/data-handling.md +60 -0
  421. package/prisma/skills/tinystruct-patterns/references/database.md +99 -0
  422. package/prisma/skills/tinystruct-patterns/references/routing.md +64 -0
  423. package/prisma/skills/tinystruct-patterns/references/system-usage.md +97 -0
  424. package/prisma/skills/tinystruct-patterns/references/testing.md +72 -0
  425. package/prisma/skills/token-budget-advisor/SKILL.md +134 -0
  426. package/prisma/skills/ui-demo/SKILL.md +466 -0
  427. package/prisma/skills/ui-to-vue/SKILL.md +135 -0
  428. package/prisma/skills/uncloud/SKILL.md +344 -0
  429. package/prisma/skills/unified-notifications-ops/SKILL.md +188 -0
  430. package/prisma/skills/verification-loop/SKILL.md +127 -0
  431. package/prisma/skills/video-editing/SKILL.md +311 -0
  432. package/prisma/skills/videodb/SKILL.md +375 -0
  433. package/prisma/skills/videodb/reference/api-reference.md +550 -0
  434. package/prisma/skills/videodb/reference/capture-reference.md +407 -0
  435. package/prisma/skills/videodb/reference/capture.md +101 -0
  436. package/prisma/skills/videodb/reference/editor.md +443 -0
  437. package/prisma/skills/videodb/reference/generative.md +331 -0
  438. package/prisma/skills/videodb/reference/rtstream-reference.md +564 -0
  439. package/prisma/skills/videodb/reference/rtstream.md +65 -0
  440. package/prisma/skills/videodb/reference/search.md +230 -0
  441. package/prisma/skills/videodb/reference/streaming.md +406 -0
  442. package/prisma/skills/videodb/reference/use-cases.md +118 -0
  443. package/prisma/skills/videodb/scripts/ws_listener.py +282 -0
  444. package/prisma/skills/visa-doc-translate/README.md +86 -0
  445. package/prisma/skills/visa-doc-translate/SKILL.md +117 -0
  446. package/prisma/skills/vite-patterns/SKILL.md +450 -0
  447. package/prisma/skills/vue-patterns/SKILL.md +471 -0
  448. package/prisma/skills/windows-desktop-e2e/SKILL.md +888 -0
  449. package/prisma/skills/workspace-surface-audit/SKILL.md +126 -0
  450. package/prisma/skills/x-api/SKILL.md +235 -0
  451. package/run.mjs +0 -10
@@ -0,0 +1,275 @@
1
+ ---
2
+ name: homelab-pihole-dns
3
+ description: Pi-hole installation, blocklist management, DNS-over-HTTPS setup, DHCP integration, local DNS records, and troubleshooting broken DNS resolution on a home network.
4
+ metadata:
5
+ origin: community
6
+ ---
7
+
8
+ # Homelab Pi-hole DNS
9
+
10
+ Pi-hole is a network-wide DNS ad blocker that runs on a Raspberry Pi or any Linux host.
11
+ Every device on your network gets ad and malware domain blocking automatically — no browser
12
+ extension needed.
13
+
14
+ ## When to Use
15
+
16
+ - Installing Pi-hole on a Raspberry Pi or Linux host
17
+ - Configuring Pi-hole as the DNS server for a home network
18
+ - Adding or managing blocklists
19
+ - Setting up DNS-over-HTTPS (DoH) upstream resolvers
20
+ - Creating local DNS records (e.g. `nas.home.lan`, `pi.home.lan`)
21
+ - Troubleshooting devices that lose internet access after Pi-hole is installed
22
+ - Running Pi-hole alongside or instead of DHCP
23
+
24
+ ## How Pi-hole Works
25
+
26
+ ```
27
+ Normal flow (without Pi-hole):
28
+ Device → requests ads.tracker.com → ISP DNS → real IP → ads load
29
+
30
+ With Pi-hole:
31
+ Device → requests ads.tracker.com → Pi-hole DNS → blocked (returns 0.0.0.0) → no ad
32
+
33
+ All DNS queries go through Pi-hole first.
34
+ Pi-hole checks against blocklists.
35
+ Blocked domains return a null response — the ad/tracker never loads.
36
+ Allowed domains get forwarded to your upstream resolver (Cloudflare, Google, etc.).
37
+ ```
38
+
39
+ ## Installation
40
+
41
+ ### Docker (Recommended)
42
+
43
+ Docker is the easiest way to install Pi-hole and makes updates and backups
44
+ straightforward.
45
+
46
+ ```yaml
47
+ # docker-compose.yml
48
+ services:
49
+ pihole:
50
+ image: pihole/pihole:<pinned-release-tag>
51
+ container_name: pihole
52
+ ports:
53
+ - "53:53/tcp"
54
+ - "53:53/udp"
55
+ - "80:80/tcp" # Web admin
56
+ environment:
57
+ TZ: "America/New_York"
58
+ WEBPASSWORD: "${PIHOLE_WEBPASSWORD}" # set via .env file or secret
59
+ PIHOLE_DNS_: "1.1.1.1;1.0.0.1"
60
+ DNSMASQ_LISTENING: "all"
61
+ volumes:
62
+ - "./etc-pihole:/etc/pihole"
63
+ - "./etc-dnsmasq.d:/etc/dnsmasq.d"
64
+ restart: unless-stopped
65
+ cap_add:
66
+ - NET_ADMIN # only needed if Pi-hole will serve DHCP
67
+ ```
68
+
69
+ Replace `<pinned-release-tag>` with a current Pi-hole release tag before deploying.
70
+ Avoid `latest` for long-lived DNS infrastructure so upgrades are deliberate and
71
+ reviewable.
72
+
73
+ Set `PIHOLE_WEBPASSWORD` in a `.env` file next to `docker-compose.yml`, chmod it to
74
+ `600`, and keep it out of git — do not put the password directly in the compose file.
75
+
76
+ Access web admin at: `http://<pi-ip>/admin`
77
+
78
+ ### Bare-Metal Install (Raspberry Pi OS / Debian / Ubuntu)
79
+
80
+ Pi-hole requires a static IP before installing.
81
+
82
+ ```bash
83
+ # Step 1: Assign a static IP (edit /etc/dhcpcd.conf on Pi OS)
84
+ sudo nano /etc/dhcpcd.conf
85
+ # Add at the bottom:
86
+ interface eth0
87
+ static ip_address=192.168.3.2/24
88
+ static routers=192.168.3.1
89
+ static domain_name_servers=192.168.3.1
90
+
91
+ # Step 2: Download and inspect the installer before running it.
92
+ # Prefer the package or installer path documented by Pi-hole for your OS/version.
93
+ curl -sSL https://install.pi-hole.net -o pi-hole-install.sh
94
+ less pi-hole-install.sh # review before proceeding
95
+
96
+ # Step 3: Run
97
+ bash pi-hole-install.sh
98
+
99
+ # Follow the interactive installer:
100
+ # 1. Select network interface (eth0 for wired — recommended)
101
+ # 2. Select upstream DNS (Cloudflare or leave default — can change later)
102
+ # 3. Confirm static IP
103
+ # 4. Install the web admin interface (recommended)
104
+ # 5. Note the admin password shown at the end
105
+ ```
106
+
107
+ ## Pointing Your Network at Pi-hole
108
+
109
+ ```
110
+ # Method 1: Change DNS in your router DHCP settings (recommended)
111
+ Router admin UI → DHCP Settings → DNS Server
112
+ Primary DNS: 192.168.3.2 (Pi-hole IP)
113
+ Secondary DNS: leave blank for strict blocking, or use a second Pi-hole.
114
+ A public fallback such as 1.1.1.1 improves availability during
115
+ rollout but can bypass blocking because clients may query it.
116
+
117
+ All devices get Pi-hole as DNS automatically on next DHCP renewal.
118
+ Force renewal: reconnect Wi-Fi or run 'sudo dhclient -r && sudo dhclient' on Linux
119
+
120
+ # Method 2: Per-device DNS (useful for testing before network-wide rollout)
121
+ Windows: Control Panel → Network Adapter → IPv4 Properties → set DNS manually
122
+ macOS: System Settings → Network → Details → DNS → set manually
123
+ Linux: /etc/resolv.conf or NetworkManager
124
+
125
+ # Method 3: Pi-hole as DHCP server (replaces router DHCP)
126
+ Pi-hole admin → Settings → DHCP → Enable
127
+ Disable DHCP on your router first — two DHCP servers on the same network cause conflicts
128
+ Advantage: hostname resolution works automatically (devices register their names)
129
+ ```
130
+
131
+ ## Blocklist Management
132
+
133
+ ```
134
+ # Pi-hole admin → Adlists → Add new adlist
135
+
136
+ # Recommended blocklists:
137
+ https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
138
+ # default — 200k+ domains
139
+
140
+ https://blocklistproject.github.io/Lists/malware.txt
141
+ # malware domains
142
+
143
+ https://blocklistproject.github.io/Lists/tracking.txt
144
+ # tracking/telemetry
145
+
146
+ # After adding a list:
147
+ Tools → Update Gravity (downloads and compiles all blocklists)
148
+
149
+ # If a site is blocked that should not be (false positive):
150
+ Pi-hole admin → Whitelist → Add domain
151
+ Example: api.my-legitimate-service.com
152
+
153
+ # Check what is being blocked in real time:
154
+ Dashboard → Query Log (live DNS query stream with block/allow status)
155
+ ```
156
+
157
+ ## DNS-over-HTTPS Upstream
158
+
159
+ DNS-over-HTTPS encrypts your DNS queries so your ISP cannot see what sites you resolve.
160
+
161
+ ```bash
162
+ # Install cloudflared (Cloudflare's DoH proxy).
163
+ # Prefer Cloudflare's package repository for automatic signed package verification.
164
+ # If you download a binary directly, pin a release version and verify its checksum.
165
+ CLOUDFLARED_VERSION="<pinned-version>"
166
+ curl -LO "https://github.com/cloudflare/cloudflared/releases/download/${CLOUDFLARED_VERSION}/cloudflared-linux-arm64"
167
+ # Verify the checksum/signature from Cloudflare's release notes before installing.
168
+ sudo mv cloudflared-linux-arm64 /usr/local/bin/cloudflared
169
+ sudo chmod +x /usr/local/bin/cloudflared
170
+
171
+ # Create cloudflared config
172
+ sudo mkdir -p /etc/cloudflared
173
+ sudo tee /etc/cloudflared/config.yml << EOF
174
+ proxy-dns: true
175
+ proxy-dns-port: 5053
176
+ proxy-dns-upstream:
177
+ - https://1.1.1.1/dns-query
178
+ - https://1.0.0.1/dns-query
179
+ EOF
180
+
181
+ # Create systemd service
182
+ sudo cloudflared service install
183
+ sudo systemctl start cloudflared
184
+ sudo systemctl enable cloudflared
185
+
186
+ # Now point Pi-hole at the local DoH proxy:
187
+ # Pi-hole admin → Settings → DNS → Custom upstream DNS
188
+ # Set to: 127.0.0.1#5053
189
+ # Uncheck all other upstream resolvers
190
+ ```
191
+
192
+ ## Local DNS Records
193
+
194
+ Make your services reachable by name (e.g. `nas.home.lan`, `grafana.home.lan`).
195
+
196
+ > **Domain name note:** `.home.lan` is widely used in homelabs and works in practice.
197
+ > The IETF-reserved suffix for local use is `.home.arpa` (RFC 8375) — use that to
198
+ > follow the standard. Avoid `.local` for Pi-hole DNS records as it conflicts with
199
+ > mDNS/Bonjour.
200
+
201
+ ```
202
+ # Pi-hole admin → Local DNS → DNS Records
203
+
204
+ Domain IP
205
+ nas.home.lan 192.168.30.10
206
+ pi.home.lan 192.168.30.2
207
+ grafana.home.lan 192.168.30.3
208
+ proxmox.home.lan 192.168.30.4
209
+
210
+ # From any device on your network:
211
+ ping nas.home.lan → 192.168.30.10
212
+ http://grafana.home.lan → your Grafana dashboard
213
+
214
+ # For subdomains, add a CNAME:
215
+ Pi-hole admin → Local DNS → CNAME Records
216
+ Domain: portainer.home.lan → Target: pi.home.lan
217
+ ```
218
+
219
+ ## Troubleshooting
220
+
221
+ ```bash
222
+ # Pi-hole blocking something it should not
223
+ pihole -q example.com # Check if domain is blocked and which list
224
+ pihole -w example.com # Whitelist immediately
225
+
226
+ # DNS not resolving at all
227
+ pihole status # Check if pihole-FTL is running
228
+ dig @192.168.3.2 google.com # Test DNS directly against Pi-hole
229
+
230
+ # Restart Pi-hole DNS
231
+ pihole restartdns
232
+
233
+ # Check query logs for a specific device
234
+ pihole -t # Live tail of all queries
235
+ # Or filter by client in the web admin Query Log
236
+
237
+ # Pi-hole gravity update (refresh blocklists)
238
+ pihole -g
239
+ ```
240
+
241
+ ## Anti-Patterns
242
+
243
+ ```
244
+ # BAD: Depending on one Pi-hole without a recovery path
245
+ # If Pi-hole crashes or the Pi loses power, DNS can stop working
246
+ # GOOD: Keep a documented router fallback for rollback during setup
247
+ # BETTER: Run two Pi-hole instances for redundancy; avoid public fallback DNS for strict blocking
248
+
249
+ # BAD: Installing Pi-hole without a static IP
250
+ # If the Pi gets a new DHCP IP, all devices lose DNS
251
+ # GOOD: Set static IP first, then install Pi-hole
252
+
253
+ # BAD: Enabling Pi-hole DHCP without disabling the router's DHCP first
254
+ # Two DHCP servers on the same network hand out conflicting IPs
255
+ # GOOD: Disable router DHCP, then enable Pi-hole DHCP
256
+
257
+ # BAD: Never updating gravity (blocklists)
258
+ # New ad and malware domains accumulate — stale lists miss them
259
+ # GOOD: Schedule weekly gravity update: pihole -g (or enable in Settings → API)
260
+ ```
261
+
262
+ ## Best Practices
263
+
264
+ - Give the Pi a static IP or DHCP reservation before installing Pi-hole
265
+ - Use Pi-hole as primary DNS; for redundancy, add a second Pi-hole instead of a
266
+ public resolver if you need strict blocking
267
+ - Enable DoH (DNS-over-HTTPS) with cloudflared for encrypted upstream queries
268
+ - Set `home.lan` as your local domain and create DNS records for all your services
269
+ - Review the Query Log occasionally — blocked queries show you what devices are doing
270
+
271
+ ## Related Skills
272
+
273
+ - homelab-network-setup
274
+ - homelab-vlan-segmentation
275
+ - homelab-wireguard-vpn
@@ -0,0 +1,312 @@
1
+ ---
2
+ name: homelab-vlan-segmentation
3
+ description: Segmenting home networks into VLANs for IoT, guest, trusted, and server traffic using UniFi, pfSense/OPNsense, and MikroTik — including switch trunk config, firewall rules, and wireless SSID mapping.
4
+ metadata:
5
+ origin: community
6
+ ---
7
+
8
+ # Homelab VLAN Segmentation
9
+
10
+ How to split a home network into isolated VLANs so IoT devices, guests, and your main
11
+ PCs cannot talk to each other. The most impactful security upgrade for a home network.
12
+
13
+ All firewall rules shown here add isolation between segments — they do not remove
14
+ existing protections. Apply changes in a maintenance window and verify connectivity
15
+ between segments after each step before moving on.
16
+
17
+ ## When to Use
18
+
19
+ - Setting up VLANs on a home network for the first time
20
+ - Isolating IoT devices (smart bulbs, cameras, TVs) from trusted devices
21
+ - Creating a guest Wi-Fi network that cannot reach home devices
22
+ - Explaining how VLANs work to someone unfamiliar with the concept
23
+ - Configuring trunk ports, access ports, and SSID-to-VLAN mapping
24
+ - Troubleshooting inter-VLAN routing or firewall rule issues on pfSense/OPNsense/UniFi
25
+
26
+ ## How It Works
27
+
28
+ ```
29
+ Without VLANs — flat network:
30
+ All devices on 192.168.1.0/24
31
+ Smart TV (potential malware) → can reach your NAS, PCs, everything
32
+
33
+ With VLANs:
34
+ VLAN 10 — Trusted 192.168.10.0/24 (PCs, phones, laptops)
35
+ VLAN 20 — IoT 192.168.20.0/24 (smart TV, bulbs, cameras)
36
+ VLAN 30 — Servers 192.168.30.0/24 (NAS, Pi, VMs)
37
+ VLAN 40 — Guest 192.168.40.0/24 (visitor Wi-Fi)
38
+ VLAN 99 — Management 192.168.99.0/24 (switch/AP web UIs)
39
+
40
+ Smart TV → blocked from reaching 192.168.10.0/24 and 192.168.30.0/24
41
+ Guests → internet only, cannot see any home devices
42
+ ```
43
+
44
+ ## VLAN Design Template
45
+
46
+ ```
47
+ VLAN Name Subnet Gateway Purpose
48
+ 10 trusted 192.168.10.0/24 192.168.10.1 PCs, phones, laptops
49
+ 20 iot 192.168.20.0/24 192.168.20.1 Smart home devices
50
+ 30 servers 192.168.30.0/24 192.168.30.1 NAS, Pi, self-hosted
51
+ 40 guest 192.168.40.0/24 192.168.40.1 Visitor Wi-Fi
52
+ 99 management 192.168.99.0/24 192.168.99.1 Network gear web UIs
53
+ ```
54
+
55
+ ## Examples
56
+
57
+ **Typical homelab with UniFi AP and managed switch:**
58
+
59
+ ```
60
+ Scenario: 3-bedroom house, UniFi Dream Machine + UniFi 8-port switch + 2 APs
61
+
62
+ VLAN 10 — Trusted 192.168.10.0/24 MacBook, iPhones, iPad
63
+ VLAN 20 — IoT 192.168.20.0/24 Nest thermostat, Philips Hue, Ring doorbell, smart TVs
64
+ VLAN 30 — Servers 192.168.30.0/24 Synology NAS (192.168.30.10), Pi-hole (192.168.30.2)
65
+ VLAN 40 — Guest 192.168.40.0/24 Visitor Wi-Fi — internet only
66
+
67
+ SSID → VLAN mapping:
68
+ "Home" → VLAN 10 (WPA2, strong password, trusted devices only)
69
+ "IoT" → VLAN 20 (WPA2, separate password, printed on router for setup)
70
+ "Guest" → VLAN 40 (WPA2, simple password you can share freely)
71
+
72
+ Switch port behavior:
73
+ Port 1 → trunk to router (tagged VLANs 10,20,30,40,99)
74
+ Port 2 → trunk to APs (tagged VLANs 10,20,40; AP handles per-SSID tagging)
75
+ Port 3 → access VLAN 30 (NAS — untagged, no VLAN awareness needed)
76
+ Port 4 → access VLAN 30 (Pi-hole — untagged)
77
+ Port 5–8 → access VLAN 10 (wired workstations)
78
+
79
+ Firewall rules applied (all rules add isolation, none remove existing protections):
80
+ IoT → Trusted: BLOCK
81
+ IoT → Servers: BLOCK except 192.168.30.2:53 (Pi-hole DNS allowed)
82
+ IoT → Internet: ALLOW
83
+ Guest → Local networks: BLOCK
84
+ Guest → Internet: ALLOW
85
+ Trusted → everywhere: ALLOW
86
+ ```
87
+
88
+ ## UniFi Configuration
89
+
90
+ ### Create Networks in UniFi Controller
91
+
92
+ ```
93
+ Settings → Networks → Create New Network
94
+
95
+ For each VLAN:
96
+ Name: IoT
97
+ Purpose: Corporate (gives DHCP + routing)
98
+ VLAN ID: 20
99
+ Network: 192.168.20.0/24
100
+ Gateway IP: 192.168.20.1
101
+ DHCP: Enable
102
+ DHCP Range: 192.168.20.100 – 192.168.20.254
103
+ ```
104
+
105
+ ### Map SSIDs to VLANs (UniFi)
106
+
107
+ ```
108
+ Settings → WiFi → Create New WiFi
109
+
110
+ Name: IoT-Network
111
+ Password: <separate password>
112
+ Network: IoT ← select your VLAN here
113
+ # All devices connecting to this SSID land in VLAN 20
114
+
115
+ Name: Guest
116
+ Password: <guest password>
117
+ Network: Guest
118
+ Guest Policy: Enable ← isolates guests from each other too
119
+ ```
120
+
121
+ ### UniFi Firewall Rules (Traffic Rules)
122
+
123
+ ```
124
+ Settings → Traffic & Security → Traffic Rules
125
+
126
+ # Block IoT from reaching Trusted VLAN
127
+ Action: Block
128
+ Category: Local Network
129
+ Source: IoT (192.168.20.0/24)
130
+ Destination: Trusted (192.168.10.0/24)
131
+
132
+ # Allow IoT to reach internet only
133
+ Action: Allow
134
+ Source: IoT
135
+ Destination: Internet
136
+
137
+ # Block Guest from all local networks
138
+ Action: Block
139
+ Source: Guest
140
+ Destination: Local Networks
141
+ ```
142
+
143
+ ## pfSense / OPNsense Configuration
144
+
145
+ ### Create VLANs
146
+
147
+ ```
148
+ Interfaces → Assignments → VLANs → Add
149
+
150
+ Parent Interface: em1 (your LAN NIC)
151
+ VLAN Tag: 20
152
+ Description: IoT
153
+
154
+ # Repeat for each VLAN, then assign each VLAN to an interface:
155
+ Interfaces → Assignments → Add
156
+ Select the VLAN you created → click Add
157
+ Enable the interface, set IP to gateway address (192.168.20.1/24)
158
+ ```
159
+
160
+ ### DHCP for Each VLAN
161
+
162
+ ```
163
+ Services → DHCP Server → Select your VLAN interface
164
+
165
+ Enable DHCP
166
+ Range: 192.168.20.100 to 192.168.20.254
167
+ DNS Servers: 192.168.30.2 ← Pi-hole IP if you have one
168
+ ```
169
+
170
+ ### Firewall Rules (pfSense/OPNsense)
171
+
172
+ ```
173
+ # Rules are processed top-to-bottom, first match wins.
174
+
175
+ # On the IoT interface (VLAN 20):
176
+ Rule 1: Allow IoT → Pi-hole DNS ← MUST come before the RFC1918 block rule
177
+ Protocol: UDP/TCP
178
+ Source: IoT net
179
+ Destination: 192.168.30.2 port 53
180
+ Action: Allow
181
+
182
+ Rule 2: Block IoT → RFC1918 (all private IP ranges)
183
+ Protocol: any
184
+ Source: IoT net
185
+ Destination: RFC1918 (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12)
186
+ Action: Block
187
+
188
+ Rule 3: Allow IoT → internet
189
+ Protocol: any
190
+ Source: IoT net
191
+ Destination: any
192
+ Action: Allow
193
+
194
+ # On the Trusted interface (VLAN 10):
195
+ Allow all (trusted devices can reach everything)
196
+ Source: Trusted net
197
+ Destination: any
198
+ Action: Allow
199
+
200
+ # Additional exceptions for IoT devices that need specific local services:
201
+ Insert before Rule 2 (the RFC1918 block):
202
+ Protocol: TCP
203
+ Source: IoT net
204
+ Destination: 192.168.30.x port 8123 ← Home Assistant
205
+ Action: Allow
206
+ ```
207
+
208
+ ## MikroTik Configuration
209
+
210
+ ```
211
+ # Step 1: Create a bridge with VLAN filtering enabled
212
+ /interface bridge
213
+ add name=bridge vlan-filtering=yes
214
+
215
+ # Step 2: Add physical ports to the bridge
216
+ # Trunk port to router/uplink (tagged for all VLANs)
217
+ /interface bridge port
218
+ add bridge=bridge interface=ether1 frame-types=admit-only-vlan-tagged
219
+
220
+ # Access port for trusted devices (untagged VLAN 10)
221
+ /interface bridge port
222
+ add bridge=bridge interface=ether2 pvid=10 frame-types=admit-only-untagged-and-priority-tagged
223
+
224
+ # Access port for IoT devices (untagged VLAN 20)
225
+ /interface bridge port
226
+ add bridge=bridge interface=ether3 pvid=20 frame-types=admit-only-untagged-and-priority-tagged
227
+
228
+ # Step 3: Define which VLANs are allowed on which ports
229
+ /interface bridge vlan
230
+ add bridge=bridge tagged=ether1 untagged=ether2 vlan-ids=10
231
+ add bridge=bridge tagged=ether1 untagged=ether3 vlan-ids=20
232
+
233
+ # Step 4: Create VLAN interfaces on the bridge (gateway IPs)
234
+ /interface vlan
235
+ add interface=bridge name=vlan10 vlan-id=10
236
+ add interface=bridge name=vlan20 vlan-id=20
237
+
238
+ # Step 5: Assign gateway IPs
239
+ /ip address
240
+ add interface=vlan10 address=192.168.10.1/24
241
+ add interface=vlan20 address=192.168.20.1/24
242
+
243
+ # Step 6: DHCP pools and servers
244
+ /ip pool
245
+ add name=pool-trusted ranges=192.168.10.100-192.168.10.254
246
+ add name=pool-iot ranges=192.168.20.100-192.168.20.254
247
+
248
+ /ip dhcp-server
249
+ add interface=vlan10 address-pool=pool-trusted name=dhcp-trusted
250
+ add interface=vlan20 address-pool=pool-iot name=dhcp-iot
251
+
252
+ /ip dhcp-server network
253
+ add address=192.168.10.0/24 gateway=192.168.10.1
254
+ add address=192.168.20.0/24 gateway=192.168.20.1
255
+
256
+ # Step 7: Firewall — block IoT from reaching trusted VLAN
257
+ /ip firewall filter
258
+ add chain=forward src-address=192.168.20.0/24 dst-address=192.168.10.0/24 \
259
+ action=drop comment="Block IoT to Trusted"
260
+ ```
261
+
262
+ ## Switch Trunk vs Access Ports
263
+
264
+ ```
265
+ # Trunk port: carries multiple VLANs (tagged) — connects switch-to-switch, switch-to-router, switch-to-AP
266
+ # Access port: carries one VLAN (untagged) — connects to end devices (PC, camera, NAS)
267
+
268
+ # A managed switch port connected to your router should be a trunk:
269
+ Allowed VLANs: 10, 20, 30, 40, 99
270
+
271
+ # A port connecting to a PC should be an access port:
272
+ VLAN: 10 (trusted)
273
+ No tagging — the PC does not know or care about VLANs
274
+
275
+ # A port connecting to an AP must be a trunk:
276
+ The AP tags traffic from each SSID with the right VLAN ID
277
+ Allowed VLANs: 10, 20, 40 (whichever SSIDs the AP serves)
278
+ ```
279
+
280
+ ## Anti-Patterns
281
+
282
+ ```
283
+ # BAD: Creating VLANs without adding firewall rules
284
+ # VLANs without firewall rules do not provide security — inter-VLAN routing is open by default
285
+ # GOOD: Add explicit block rules immediately after creating VLANs
286
+
287
+ # BAD: Putting the Pi-hole in the IoT VLAN
288
+ # IoT devices can reach it but trusted devices cannot (without extra rules)
289
+ # GOOD: Pi-hole in the Servers VLAN with a rule allowing all VLANs to reach port 53
290
+
291
+ # BAD: Native VLAN equals management VLAN
292
+ # Untagged traffic landing in your management VLAN enables VLAN hopping attacks
293
+ # GOOD: Use a dedicated unused VLAN as native (e.g. VLAN 999), keep management traffic tagged
294
+
295
+ # BAD: Same Wi-Fi password for IoT SSID and trusted SSID
296
+ # Anyone who learns the password can connect IoT devices to the wrong segment
297
+ ```
298
+
299
+ ## Best Practices
300
+
301
+ - Start with 4 VLANs: Trusted, IoT, Servers, Guest — add more as needed
302
+ - Put Pi-hole in the Servers VLAN (192.168.30.x)
303
+ - Add a firewall rule allowing DNS (port 53) from all VLANs to the Pi-hole IP — before any RFC1918 block rule
304
+ - Test isolation after every rule change: from the IoT VLAN, try to ping a trusted device — it should fail
305
+ - Use a management VLAN for switch and AP web UIs and restrict access to the Trusted VLAN only
306
+ - Document your VLAN design in a table (VLAN ID, name, subnet, purpose)
307
+
308
+ ## Related Skills
309
+
310
+ - homelab-network-setup
311
+ - homelab-pihole-dns
312
+ - homelab-wireguard-vpn