blockmine 1.21.0 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (433) hide show
  1. package/.claude/agents/README.md +469 -0
  2. package/.claude/agents/auth-route-debugger.md +118 -0
  3. package/.claude/agents/auth-route-tester.md +93 -0
  4. package/.claude/agents/auto-error-resolver.md +97 -0
  5. package/.claude/agents/build-optimizer.md +236 -0
  6. package/.claude/agents/code-architecture-reviewer.md +83 -0
  7. package/.claude/agents/code-refactor-master.md +94 -0
  8. package/.claude/agents/cost-optimizer.md +134 -0
  9. package/.claude/agents/deployment-orchestrator.md +113 -0
  10. package/.claude/agents/documentation-architect.md +82 -0
  11. package/.claude/agents/frontend-error-fixer.md +77 -0
  12. package/.claude/agents/iac-code-generator.md +71 -0
  13. package/.claude/agents/incident-responder.md +346 -0
  14. package/.claude/agents/infrastructure-architect.md +31 -0
  15. package/.claude/agents/kubernetes-specialist.md +56 -0
  16. package/.claude/agents/migration-planner.md +181 -0
  17. package/.claude/agents/network-architect.md +196 -0
  18. package/.claude/agents/plan-reviewer.md +52 -0
  19. package/.claude/agents/refactor-planner.md +63 -0
  20. package/.claude/agents/security-scanner.md +102 -0
  21. package/.claude/agents/web-research-specialist.md +78 -0
  22. package/.claude/commands/cost-analysis.md +315 -0
  23. package/.claude/commands/dev-docs-update.md +55 -0
  24. package/.claude/commands/dev-docs.md +51 -0
  25. package/.claude/commands/incident-debug.md +247 -0
  26. package/.claude/commands/infra-plan.md +81 -0
  27. package/.claude/commands/migration-plan.md +478 -0
  28. package/.claude/commands/route-research-for-testing.md +37 -0
  29. package/.claude/commands/security-review.md +66 -0
  30. package/.claude/hooks/CONFIG.md +448 -0
  31. package/.claude/hooks/README.md +163 -0
  32. package/.claude/hooks/SKILL_ACTIVATION_COMPLETE.md +226 -0
  33. package/.claude/hooks/WINDOWS_HOOKS_README.md +151 -0
  34. package/.claude/hooks/add-skill-activation-banners.ts +132 -0
  35. package/.claude/hooks/comprehensive-skill-test.ts +1315 -0
  36. package/.claude/hooks/error-handling-reminder.sh +12 -0
  37. package/.claude/hooks/error-handling-reminder.ts +222 -0
  38. package/.claude/hooks/k8s-manifest-validator.sh +56 -0
  39. package/.claude/hooks/package-lock.json +556 -0
  40. package/.claude/hooks/package.json +16 -0
  41. package/.claude/hooks/post-tool-use-tracker.ps1 +174 -0
  42. package/.claude/hooks/post-tool-use-tracker.sh +183 -0
  43. package/.claude/hooks/security-policy-check.sh +247 -0
  44. package/.claude/hooks/skill-activation-prompt.ps1 +10 -0
  45. package/.claude/hooks/skill-activation-prompt.sh +10 -0
  46. package/.claude/hooks/skill-activation-prompt.ts +141 -0
  47. package/.claude/hooks/stop-build-check-enhanced.sh +130 -0
  48. package/.claude/hooks/terraform-validator.sh +53 -0
  49. package/.claude/hooks/test-input.json +7 -0
  50. package/.claude/hooks/test-skill-activation.ts +427 -0
  51. package/.claude/hooks/trigger-build-resolver.sh +79 -0
  52. package/.claude/hooks/tsc-check.sh +173 -0
  53. package/.claude/hooks/tsconfig.json +19 -0
  54. package/.claude/settings.json +55 -0
  55. package/.claude/settings.local.json +27 -14
  56. package/.claude/skills/README.md +507 -0
  57. package/.claude/skills/api-engineering/SKILL.md +63 -0
  58. package/.claude/skills/api-engineering/resources/api-versioning.md +88 -0
  59. package/.claude/skills/api-engineering/resources/graphql-patterns.md +106 -0
  60. package/.claude/skills/api-engineering/resources/rate-limiting.md +118 -0
  61. package/.claude/skills/api-engineering/resources/rest-api-design.md +105 -0
  62. package/.claude/skills/backend-dev-guidelines/SKILL.md +306 -0
  63. package/.claude/skills/backend-dev-guidelines/resources/architecture-overview.md +451 -0
  64. package/.claude/skills/backend-dev-guidelines/resources/async-and-errors.md +307 -0
  65. package/.claude/skills/backend-dev-guidelines/resources/complete-examples.md +638 -0
  66. package/.claude/skills/backend-dev-guidelines/resources/configuration.md +275 -0
  67. package/.claude/skills/backend-dev-guidelines/resources/database-patterns.md +224 -0
  68. package/.claude/skills/backend-dev-guidelines/resources/middleware-guide.md +213 -0
  69. package/.claude/skills/backend-dev-guidelines/resources/routing-and-controllers.md +756 -0
  70. package/.claude/skills/backend-dev-guidelines/resources/sentry-and-monitoring.md +336 -0
  71. package/.claude/skills/backend-dev-guidelines/resources/services-and-repositories.md +789 -0
  72. package/.claude/skills/backend-dev-guidelines/resources/testing-guide.md +235 -0
  73. package/.claude/skills/backend-dev-guidelines/resources/validation-patterns.md +754 -0
  74. package/.claude/skills/budget-and-cost-management/SKILL.md +850 -0
  75. package/.claude/skills/build-engineering/SKILL.md +431 -0
  76. package/.claude/skills/build-engineering/resources/artifact-repositories.md +72 -0
  77. package/.claude/skills/build-engineering/resources/build-caching.md +96 -0
  78. package/.claude/skills/build-engineering/resources/build-pipelines.md +105 -0
  79. package/.claude/skills/build-engineering/resources/build-security.md +95 -0
  80. package/.claude/skills/build-engineering/resources/build-systems.md +389 -0
  81. package/.claude/skills/build-engineering/resources/compilation-optimization.md +201 -0
  82. package/.claude/skills/build-engineering/resources/dependency-management.md +73 -0
  83. package/.claude/skills/build-engineering/resources/monorepo-builds.md +110 -0
  84. package/.claude/skills/build-engineering/resources/performance-optimization.md +113 -0
  85. package/.claude/skills/build-engineering/resources/reproducible-builds.md +82 -0
  86. package/.claude/skills/cloud-engineering/SKILL.md +675 -0
  87. package/.claude/skills/cloud-engineering/resources/aws-patterns.md +742 -0
  88. package/.claude/skills/cloud-engineering/resources/azure-patterns.md +714 -0
  89. package/.claude/skills/cloud-engineering/resources/cleared-cloud-environments.md +987 -0
  90. package/.claude/skills/cloud-engineering/resources/cloud-cost-optimization.md +757 -0
  91. package/.claude/skills/cloud-engineering/resources/cloud-networking.md +1058 -0
  92. package/.claude/skills/cloud-engineering/resources/cloud-security-tools.md +1530 -0
  93. package/.claude/skills/cloud-engineering/resources/cloud-security.md +990 -0
  94. package/.claude/skills/cloud-engineering/resources/gcp-patterns.md +758 -0
  95. package/.claude/skills/cloud-engineering/resources/migration-strategies.md +820 -0
  96. package/.claude/skills/cloud-engineering/resources/multi-cloud-strategies.md +670 -0
  97. package/.claude/skills/cloud-engineering/resources/oci-patterns.md +1198 -0
  98. package/.claude/skills/cloud-engineering/resources/serverless-patterns.md +795 -0
  99. package/.claude/skills/cloud-engineering/resources/well-architected-frameworks.md +966 -0
  100. package/.claude/skills/cybersecurity/SKILL.md +409 -0
  101. package/.claude/skills/cybersecurity/resources/security-architecture.md +266 -0
  102. package/.claude/skills/database-engineering/SKILL.md +61 -0
  103. package/.claude/skills/database-engineering/resources/backup-and-recovery.md +72 -0
  104. package/.claude/skills/database-engineering/resources/database-replication.md +63 -0
  105. package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md +70 -0
  106. package/.claude/skills/database-engineering/resources/query-optimization.md +68 -0
  107. package/.claude/skills/devsecops/SKILL.md +374 -0
  108. package/.claude/skills/devsecops/resources/ci-cd-security.md +204 -0
  109. package/.claude/skills/devsecops/resources/compliance-automation.md +530 -0
  110. package/.claude/skills/devsecops/resources/compliance-frameworks.md +2322 -0
  111. package/.claude/skills/devsecops/resources/container-security.md +915 -0
  112. package/.claude/skills/devsecops/resources/cspm-integration.md +1440 -0
  113. package/.claude/skills/devsecops/resources/policy-enforcement.md +619 -0
  114. package/.claude/skills/devsecops/resources/secrets-management.md +755 -0
  115. package/.claude/skills/devsecops/resources/security-monitoring.md +146 -0
  116. package/.claude/skills/devsecops/resources/security-scanning.md +887 -0
  117. package/.claude/skills/devsecops/resources/security-testing.md +203 -0
  118. package/.claude/skills/devsecops/resources/supply-chain-security.md +518 -0
  119. package/.claude/skills/devsecops/resources/vulnerability-management.md +481 -0
  120. package/.claude/skills/devsecops/resources/zero-trust-architecture.md +177 -0
  121. package/.claude/skills/documentation-as-code/SKILL.md +323 -0
  122. package/.claude/skills/documentation-as-code/resources/api-documentation.md +90 -0
  123. package/.claude/skills/documentation-as-code/resources/changelog-management.md +79 -0
  124. package/.claude/skills/documentation-as-code/resources/diagram-generation.md +44 -0
  125. package/.claude/skills/documentation-as-code/resources/docs-as-code-workflow.md +99 -0
  126. package/.claude/skills/documentation-as-code/resources/documentation-automation.md +68 -0
  127. package/.claude/skills/documentation-as-code/resources/documentation-sites.md +79 -0
  128. package/.claude/skills/documentation-as-code/resources/markdown-best-practices.md +162 -0
  129. package/.claude/skills/documentation-as-code/resources/openapi-specification.md +77 -0
  130. package/.claude/skills/documentation-as-code/resources/readme-engineering.md +60 -0
  131. package/.claude/skills/documentation-as-code/resources/technical-writing-guide.md +202 -0
  132. package/.claude/skills/engineering-management/SKILL.md +356 -0
  133. package/.claude/skills/engineering-management/resources/career-ladders.md +609 -0
  134. package/.claude/skills/engineering-management/resources/hiring-and-assessment.md +555 -0
  135. package/.claude/skills/engineering-management/resources/one-on-one-guides.md +609 -0
  136. package/.claude/skills/engineering-management/resources/resource-planning.md +557 -0
  137. package/.claude/skills/engineering-management/resources/team-organization-patterns.md +491 -0
  138. package/.claude/skills/engineering-management/resources/technical-interviews.md +474 -0
  139. package/.claude/skills/engineering-operations-management/SKILL.md +817 -0
  140. package/.claude/skills/error-tracking/SKILL.md +379 -0
  141. package/.claude/skills/frontend-dev-guidelines/SKILL.md +403 -0
  142. package/.claude/skills/frontend-dev-guidelines/resources/common-patterns.md +331 -0
  143. package/.claude/skills/frontend-dev-guidelines/resources/complete-examples.md +872 -0
  144. package/.claude/skills/frontend-dev-guidelines/resources/component-patterns.md +502 -0
  145. package/.claude/skills/frontend-dev-guidelines/resources/data-fetching.md +767 -0
  146. package/.claude/skills/frontend-dev-guidelines/resources/file-organization.md +502 -0
  147. package/.claude/skills/frontend-dev-guidelines/resources/loading-and-error-states.md +501 -0
  148. package/.claude/skills/frontend-dev-guidelines/resources/performance.md +406 -0
  149. package/.claude/skills/frontend-dev-guidelines/resources/routing-guide.md +364 -0
  150. package/.claude/skills/frontend-dev-guidelines/resources/styling-guide.md +428 -0
  151. package/.claude/skills/frontend-dev-guidelines/resources/typescript-standards.md +418 -0
  152. package/.claude/skills/general-it-engineering/SKILL.md +393 -0
  153. package/.claude/skills/general-it-engineering/resources/asset-management.md +712 -0
  154. package/.claude/skills/general-it-engineering/resources/automation-orchestration.md +817 -0
  155. package/.claude/skills/general-it-engineering/resources/business-continuity.md +786 -0
  156. package/.claude/skills/general-it-engineering/resources/change-management.md +715 -0
  157. package/.claude/skills/general-it-engineering/resources/enterprise-monitoring.md +729 -0
  158. package/.claude/skills/general-it-engineering/resources/help-desk-operations.md +738 -0
  159. package/.claude/skills/general-it-engineering/resources/incident-service-management.md +834 -0
  160. package/.claude/skills/general-it-engineering/resources/it-governance.md +753 -0
  161. package/.claude/skills/general-it-engineering/resources/itil-framework.md +503 -0
  162. package/.claude/skills/general-it-engineering/resources/service-management.md +669 -0
  163. package/.claude/skills/infrastructure-architecture/SKILL.md +328 -0
  164. package/.claude/skills/infrastructure-architecture/resources/architecture-decision-records.md +505 -0
  165. package/.claude/skills/infrastructure-architecture/resources/architecture-patterns.md +528 -0
  166. package/.claude/skills/infrastructure-architecture/resources/capacity-planning.md +453 -0
  167. package/.claude/skills/infrastructure-architecture/resources/cleared-environment-architecture.md +773 -0
  168. package/.claude/skills/infrastructure-architecture/resources/cost-architecture.md +499 -0
  169. package/.claude/skills/infrastructure-architecture/resources/data-architecture.md +501 -0
  170. package/.claude/skills/infrastructure-architecture/resources/disaster-recovery.md +535 -0
  171. package/.claude/skills/infrastructure-architecture/resources/migration-architecture.md +512 -0
  172. package/.claude/skills/infrastructure-architecture/resources/multi-region-design.md +608 -0
  173. package/.claude/skills/infrastructure-architecture/resources/reference-architectures.md +562 -0
  174. package/.claude/skills/infrastructure-architecture/resources/security-architecture.md +538 -0
  175. package/.claude/skills/infrastructure-architecture/resources/system-design-principles.md +489 -0
  176. package/.claude/skills/infrastructure-architecture/resources/workload-classification.md +1000 -0
  177. package/.claude/skills/infrastructure-strategy/SKILL.md +924 -0
  178. package/.claude/skills/network-engineering/SKILL.md +385 -0
  179. package/.claude/skills/network-engineering/resources/dns-management.md +738 -0
  180. package/.claude/skills/network-engineering/resources/load-balancing.md +820 -0
  181. package/.claude/skills/network-engineering/resources/network-architecture.md +546 -0
  182. package/.claude/skills/network-engineering/resources/network-security.md +921 -0
  183. package/.claude/skills/network-engineering/resources/network-troubleshooting.md +749 -0
  184. package/.claude/skills/network-engineering/resources/routing-switching.md +373 -0
  185. package/.claude/skills/network-engineering/resources/sdn-networking.md +695 -0
  186. package/.claude/skills/network-engineering/resources/service-mesh-networking.md +777 -0
  187. package/.claude/skills/network-engineering/resources/tcp-ip-protocols.md +444 -0
  188. package/.claude/skills/network-engineering/resources/vpn-connectivity.md +672 -0
  189. package/.claude/skills/observability-engineering/SKILL.md +101 -0
  190. package/.claude/skills/observability-engineering/resources/apm-tools.md +97 -0
  191. package/.claude/skills/observability-engineering/resources/correlation-strategies.md +87 -0
  192. package/.claude/skills/observability-engineering/resources/distributed-tracing.md +98 -0
  193. package/.claude/skills/observability-engineering/resources/logs-aggregation.md +118 -0
  194. package/.claude/skills/observability-engineering/resources/observability-cost-optimization.md +141 -0
  195. package/.claude/skills/observability-engineering/resources/opentelemetry.md +110 -0
  196. package/.claude/skills/platform-engineering/SKILL.md +555 -0
  197. package/.claude/skills/platform-engineering/resources/architecture-overview.md +600 -0
  198. package/.claude/skills/platform-engineering/resources/container-orchestration.md +916 -0
  199. package/.claude/skills/platform-engineering/resources/cost-optimization.md +634 -0
  200. package/.claude/skills/platform-engineering/resources/developer-platforms.md +670 -0
  201. package/.claude/skills/platform-engineering/resources/gitops-automation.md +650 -0
  202. package/.claude/skills/platform-engineering/resources/infrastructure-as-code.md +778 -0
  203. package/.claude/skills/platform-engineering/resources/infrastructure-standards.md +708 -0
  204. package/.claude/skills/platform-engineering/resources/multi-tenancy.md +602 -0
  205. package/.claude/skills/platform-engineering/resources/platform-security.md +711 -0
  206. package/.claude/skills/platform-engineering/resources/resource-management.md +592 -0
  207. package/.claude/skills/platform-engineering/resources/service-mesh.md +628 -0
  208. package/.claude/skills/release-engineering/SKILL.md +393 -0
  209. package/.claude/skills/release-engineering/resources/artifact-management.md +108 -0
  210. package/.claude/skills/release-engineering/resources/build-optimization.md +84 -0
  211. package/.claude/skills/release-engineering/resources/ci-cd-pipelines.md +411 -0
  212. package/.claude/skills/release-engineering/resources/deployment-strategies.md +197 -0
  213. package/.claude/skills/release-engineering/resources/pipeline-security.md +62 -0
  214. package/.claude/skills/release-engineering/resources/progressive-delivery.md +83 -0
  215. package/.claude/skills/release-engineering/resources/release-automation.md +68 -0
  216. package/.claude/skills/release-engineering/resources/release-orchestration.md +77 -0
  217. package/.claude/skills/release-engineering/resources/rollback-strategies.md +66 -0
  218. package/.claude/skills/release-engineering/resources/versioning-strategies.md +59 -0
  219. package/.claude/skills/route-tester/SKILL.md +392 -0
  220. package/.claude/skills/skill-developer/ADVANCED.md +197 -0
  221. package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +306 -0
  222. package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +152 -0
  223. package/.claude/skills/skill-developer/SKILL.md +430 -0
  224. package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +315 -0
  225. package/.claude/skills/skill-developer/TRIGGER_TYPES.md +305 -0
  226. package/.claude/skills/skill-developer/TROUBLESHOOTING.md +514 -0
  227. package/.claude/skills/skill-rules.json +2940 -0
  228. package/.claude/skills/sre/SKILL.md +464 -0
  229. package/.claude/skills/sre/resources/alerting-best-practices.md +282 -0
  230. package/.claude/skills/sre/resources/capacity-planning.md +226 -0
  231. package/.claude/skills/sre/resources/chaos-engineering.md +193 -0
  232. package/.claude/skills/sre/resources/disaster-recovery.md +232 -0
  233. package/.claude/skills/sre/resources/incident-management.md +436 -0
  234. package/.claude/skills/sre/resources/observability-stack.md +240 -0
  235. package/.claude/skills/sre/resources/on-call-runbooks.md +167 -0
  236. package/.claude/skills/sre/resources/performance-optimization.md +108 -0
  237. package/.claude/skills/sre/resources/reliability-patterns.md +183 -0
  238. package/.claude/skills/sre/resources/slo-sli-sla.md +464 -0
  239. package/.claude/skills/sre/resources/toil-reduction.md +145 -0
  240. package/.claude/skills/systems-engineering/SKILL.md +648 -0
  241. package/.claude/skills/systems-engineering/resources/automation-patterns.md +771 -0
  242. package/.claude/skills/systems-engineering/resources/configuration-management.md +998 -0
  243. package/.claude/skills/systems-engineering/resources/linux-administration.md +672 -0
  244. package/.claude/skills/systems-engineering/resources/networking-fundamentals.md +982 -0
  245. package/.claude/skills/systems-engineering/resources/performance-tuning.md +871 -0
  246. package/.claude/skills/systems-engineering/resources/powershell-scripting.md +482 -0
  247. package/.claude/skills/systems-engineering/resources/security-hardening.md +739 -0
  248. package/.claude/skills/systems-engineering/resources/shell-scripting.md +915 -0
  249. package/.claude/skills/systems-engineering/resources/storage-management.md +628 -0
  250. package/.claude/skills/systems-engineering/resources/system-monitoring.md +787 -0
  251. package/.claude/skills/systems-engineering/resources/troubleshooting-guide.md +753 -0
  252. package/.claude/skills/systems-engineering/resources/windows-administration.md +738 -0
  253. package/.claude/skills/technical-leadership/SKILL.md +728 -0
  254. package/CHANGELOG.md +90 -54
  255. package/README.md +94 -0
  256. package/backend/docs/SECRETS_DOCUMENTATION.md +327 -0
  257. package/backend/jest.config.js +59 -0
  258. package/backend/package-lock.json +6129 -0
  259. package/backend/package.json +16 -4
  260. package/backend/prisma/migrations/20251026104609_add_websocket_api/migration.sql +33 -0
  261. package/backend/prisma/schema.prisma +33 -0
  262. package/backend/src/__tests__/core/DependencyService.test.js +336 -0
  263. package/backend/src/__tests__/core/UserService.test.js +875 -0
  264. package/backend/src/__tests__/repositories/BaseRepository.test.js +146 -0
  265. package/backend/src/__tests__/repositories/BotRepository.test.js +118 -0
  266. package/backend/src/__tests__/repositories/CommandRepository.test.js +132 -0
  267. package/backend/src/__tests__/repositories/EventGraphRepository.test.js +93 -0
  268. package/backend/src/__tests__/repositories/GroupRepository.test.js +155 -0
  269. package/backend/src/__tests__/repositories/PermissionRepository.test.js +130 -0
  270. package/backend/src/__tests__/repositories/PluginRepository.test.js +107 -0
  271. package/backend/src/__tests__/repositories/ServerRepository.test.js +80 -0
  272. package/backend/src/__tests__/repositories/UserRepository.test.js +128 -0
  273. package/backend/src/__tests__/secretsFilter.test.js +425 -0
  274. package/backend/src/__tests__/services/BotLifecycleService.test.js +411 -0
  275. package/backend/src/__tests__/services/BotProcessManager.test.js +285 -0
  276. package/backend/src/__tests__/services/CacheManager.test.js +125 -0
  277. package/backend/src/__tests__/services/CommandExecutionService.test.js +460 -0
  278. package/backend/src/__tests__/services/ResourceMonitorService.test.js +207 -0
  279. package/backend/src/__tests__/services/TelemetryService.test.js +291 -0
  280. package/backend/src/__tests__/setup.js +25 -0
  281. package/backend/src/api/routes/apiKeys.js +181 -0
  282. package/backend/src/api/routes/bots.js +49 -7
  283. package/backend/src/api/routes/plugins.js +2 -1
  284. package/backend/src/api/routes/system.js +174 -0
  285. package/backend/src/container.js +82 -0
  286. package/backend/src/core/BotManager.js +142 -871
  287. package/backend/src/core/BotManager.old.js +1093 -0
  288. package/backend/src/core/BotProcess.js +1092 -858
  289. package/backend/src/core/EventGraphManager.js +280 -198
  290. package/backend/src/core/GraphExecutionEngine.js +321 -325
  291. package/backend/src/core/MessageQueue.js +27 -6
  292. package/backend/src/core/NodeRegistry.js +37 -1134
  293. package/backend/src/core/PluginManager.js +62 -12
  294. package/backend/src/core/PrismaService.js +32 -0
  295. package/backend/src/core/UserService.js +3 -3
  296. package/backend/src/core/__tests__/PrismaService.test.js +24 -0
  297. package/backend/src/core/commands/README.md +305 -0
  298. package/backend/src/core/commands/dev.js +13 -7
  299. package/backend/src/core/commands/ping.js +10 -4
  300. package/backend/src/core/commands/whois.js +63 -0
  301. package/backend/src/core/config/validation.js +27 -0
  302. package/backend/src/core/constants/graphTypes.js +21 -0
  303. package/backend/src/core/node-registries/actions.js +132 -0
  304. package/backend/src/core/node-registries/arrays.js +137 -0
  305. package/backend/src/core/node-registries/bot.js +23 -0
  306. package/backend/src/core/node-registries/data.js +290 -0
  307. package/backend/src/core/node-registries/debug.js +26 -0
  308. package/backend/src/core/node-registries/events.js +187 -0
  309. package/backend/src/core/node-registries/flow.js +139 -0
  310. package/backend/src/core/node-registries/logic.js +45 -0
  311. package/backend/src/core/node-registries/math.js +42 -0
  312. package/backend/src/core/node-registries/objects.js +98 -0
  313. package/backend/src/core/node-registries/strings.js +153 -0
  314. package/backend/src/core/node-registries/time.js +113 -0
  315. package/backend/src/core/node-registries/users.js +79 -0
  316. package/backend/src/core/nodes/{action_bot_look_at.js → actions/bot_look_at.js} +36 -36
  317. package/backend/src/core/nodes/{action_bot_set_variable.js → actions/bot_set_variable.js} +32 -32
  318. package/backend/src/core/nodes/{action_send_log.js → actions/send_log.js} +28 -23
  319. package/backend/src/core/nodes/{action_send_message.js → actions/send_message.js} +32 -32
  320. package/backend/src/core/nodes/actions/send_websocket_response.js +33 -0
  321. package/backend/src/core/nodes/arrays/get_next.js +35 -0
  322. package/backend/src/core/nodes/{data_cast.js → data/cast.js} +8 -0
  323. package/backend/src/core/nodes/data/datetime_literal.js +27 -0
  324. package/backend/src/core/nodes/data/entity_info.js +69 -0
  325. package/backend/src/core/nodes/data/get_nearby_entities.js +32 -0
  326. package/backend/src/core/nodes/data/get_nearby_players.js +64 -0
  327. package/backend/src/core/nodes/{data_get_user_field.js → data/get_user_field.js} +1 -1
  328. package/backend/src/core/nodes/data/type_check.js +53 -0
  329. package/backend/src/core/nodes/{debug_log.js → debug/log.js} +16 -16
  330. package/backend/src/core/nodes/{flow_branch.js → flow/branch.js} +15 -15
  331. package/backend/src/core/nodes/{flow_break.js → flow/break.js} +14 -14
  332. package/backend/src/core/nodes/flow/delay.js +43 -0
  333. package/backend/src/core/nodes/{flow_for_each.js → flow/for_each.js} +39 -39
  334. package/backend/src/core/nodes/{flow_sequence.js → flow/sequence.js} +16 -16
  335. package/backend/src/core/nodes/{flow_switch.js → flow/switch.js} +47 -47
  336. package/backend/src/core/nodes/{flow_while.js → flow/while.js} +1 -1
  337. package/backend/src/core/nodes/logic/__tests__/compare.test.js +83 -0
  338. package/backend/src/core/nodes/math/__tests__/operation.test.js +65 -0
  339. package/backend/src/core/nodes/strings/__tests__/concat.test.js +89 -0
  340. package/backend/src/core/nodes/time/__tests__/now.test.js +24 -0
  341. package/backend/src/core/nodes/time/add.js +33 -0
  342. package/backend/src/core/nodes/time/compare.js +35 -0
  343. package/backend/src/core/nodes/time/diff.js +29 -0
  344. package/backend/src/core/nodes/time/format.js +32 -0
  345. package/backend/src/core/nodes/time/now.js +18 -0
  346. package/backend/src/core/nodes/{user_check_blacklist.js → users/check_blacklist.js} +37 -37
  347. package/backend/src/core/nodes/{user_get_groups.js → users/get_groups.js} +36 -36
  348. package/backend/src/core/nodes/{user_get_permissions.js → users/get_permissions.js} +36 -36
  349. package/backend/src/core/nodes/{user_set_blacklist.js → users/set_blacklist.js} +37 -37
  350. package/backend/src/core/services/BotLifecycleService.js +596 -0
  351. package/backend/src/core/services/BotProcessManager.js +163 -0
  352. package/backend/src/core/services/CacheManager.js +111 -0
  353. package/backend/src/core/services/CommandExecutionService.js +351 -0
  354. package/backend/src/core/services/ResourceMonitorService.js +90 -0
  355. package/backend/src/core/services/TelemetryService.js +124 -0
  356. package/backend/src/core/services/ValidationService.js +132 -0
  357. package/backend/src/core/services/__tests__/ValidationService.test.js +148 -0
  358. package/backend/src/core/services.js +20 -5
  359. package/backend/src/core/system/CommandContext.js +84 -0
  360. package/backend/src/core/system/Transport.js +78 -0
  361. package/backend/src/core/utils/__tests__/jsonParser.test.js +44 -0
  362. package/backend/src/core/utils/jsonParser.js +18 -0
  363. package/backend/src/core/utils/secretsFilter.js +262 -0
  364. package/backend/src/core/utils/variableParser.js +89 -0
  365. package/backend/src/core/validation/__tests__/nodeSchemas.test.js +175 -0
  366. package/backend/src/core/validation/nodeSchemas.js +112 -0
  367. package/backend/src/lib/prisma.js +2 -4
  368. package/backend/src/real-time/botApi/handlers/commandHandlers.js +28 -0
  369. package/backend/src/real-time/botApi/handlers/graphHandlers.js +99 -0
  370. package/backend/src/real-time/botApi/handlers/graphWebSocketHandlers.js +147 -0
  371. package/backend/src/real-time/botApi/handlers/index.js +43 -0
  372. package/backend/src/real-time/botApi/handlers/messageHandlers.js +66 -0
  373. package/backend/src/real-time/botApi/handlers/statusHandlers.js +17 -0
  374. package/backend/src/real-time/botApi/handlers/userHandlers.js +141 -0
  375. package/backend/src/real-time/botApi/index.js +40 -0
  376. package/backend/src/real-time/botApi/middleware.js +79 -0
  377. package/backend/src/real-time/botApi/utils.js +54 -0
  378. package/backend/src/real-time/socketHandler.js +6 -2
  379. package/backend/src/repositories/BaseRepository.js +43 -0
  380. package/backend/src/repositories/BotRepository.js +42 -0
  381. package/backend/src/repositories/CommandRepository.js +53 -0
  382. package/backend/src/repositories/EventGraphRepository.js +40 -0
  383. package/backend/src/repositories/GroupRepository.js +69 -0
  384. package/backend/src/repositories/PermissionRepository.js +48 -0
  385. package/backend/src/repositories/PluginRepository.js +42 -0
  386. package/backend/src/repositories/ServerRepository.js +27 -0
  387. package/backend/src/repositories/UserRepository.js +48 -0
  388. package/backend/src/server.js +3 -0
  389. package/backend/src/test-refactor.js +85 -0
  390. package/frontend/dist/assets/index-CfTo92bP.css +1 -0
  391. package/frontend/dist/assets/index-CiFD5X9Z.js +8344 -0
  392. package/frontend/dist/index.html +2 -2
  393. package/frontend/package.json +0 -5
  394. package/package.json +2 -1
  395. package/frontend/dist/assets/index-B9GedHEa.js +0 -8352
  396. package/frontend/dist/assets/index-zLiy9MDx.css +0 -1
  397. package/nul +0 -0
  398. /package/backend/src/core/nodes/{action_http_request.js → actions/http_request.js} +0 -0
  399. /package/backend/src/core/nodes/{array_add_element.js → arrays/add_element.js} +0 -0
  400. /package/backend/src/core/nodes/{array_contains.js → arrays/contains.js} +0 -0
  401. /package/backend/src/core/nodes/{array_find_index.js → arrays/find_index.js} +0 -0
  402. /package/backend/src/core/nodes/{array_get_by_index.js → arrays/get_by_index.js} +0 -0
  403. /package/backend/src/core/nodes/{array_get_random_element.js → arrays/get_random_element.js} +0 -0
  404. /package/backend/src/core/nodes/{array_remove_by_index.js → arrays/remove_by_index.js} +0 -0
  405. /package/backend/src/core/nodes/{bot_get_position.js → bot/get_position.js} +0 -0
  406. /package/backend/src/core/nodes/{data_array_literal.js → data/array_literal.js} +0 -0
  407. /package/backend/src/core/nodes/{data_boolean_literal.js → data/boolean_literal.js} +0 -0
  408. /package/backend/src/core/nodes/{data_get_argument.js → data/get_argument.js} +0 -0
  409. /package/backend/src/core/nodes/{data_get_bot_look.js → data/get_bot_look.js} +0 -0
  410. /package/backend/src/core/nodes/{data_get_entity_field.js → data/get_entity_field.js} +0 -0
  411. /package/backend/src/core/nodes/{data_get_server_players.js → data/get_server_players.js} +0 -0
  412. /package/backend/src/core/nodes/{data_get_variable.js → data/get_variable.js} +0 -0
  413. /package/backend/src/core/nodes/{data_length.js → data/length.js} +0 -0
  414. /package/backend/src/core/nodes/{data_make_object.js → data/make_object.js} +0 -0
  415. /package/backend/src/core/nodes/{data_number_literal.js → data/number_literal.js} +0 -0
  416. /package/backend/src/core/nodes/{data_string_literal.js → data/string_literal.js} +0 -0
  417. /package/backend/src/core/nodes/{logic_compare.js → logic/compare.js} +0 -0
  418. /package/backend/src/core/nodes/{logic_operation.js → logic/operation.js} +0 -0
  419. /package/backend/src/core/nodes/{math_operation.js → math/operation.js} +0 -0
  420. /package/backend/src/core/nodes/{math_random_number.js → math/random_number.js} +0 -0
  421. /package/backend/src/core/nodes/{object_create.js → objects/create.js} +0 -0
  422. /package/backend/src/core/nodes/{object_delete.js → objects/delete.js} +0 -0
  423. /package/backend/src/core/nodes/{object_get.js → objects/get.js} +0 -0
  424. /package/backend/src/core/nodes/{object_has_key.js → objects/has_key.js} +0 -0
  425. /package/backend/src/core/nodes/{object_set.js → objects/set.js} +0 -0
  426. /package/backend/src/core/nodes/{string_concat.js → strings/concat.js} +0 -0
  427. /package/backend/src/core/nodes/{string_contains.js → strings/contains.js} +0 -0
  428. /package/backend/src/core/nodes/{string_ends_with.js → strings/ends_with.js} +0 -0
  429. /package/backend/src/core/nodes/{string_equals.js → strings/equals.js} +0 -0
  430. /package/backend/src/core/nodes/{string_length.js → strings/length.js} +0 -0
  431. /package/backend/src/core/nodes/{string_matches.js → strings/matches.js} +0 -0
  432. /package/backend/src/core/nodes/{string_split.js → strings/split.js} +0 -0
  433. /package/backend/src/core/nodes/{string_starts_with.js → strings/starts_with.js} +0 -0
package/.claude/skills/devsecops/resources/vulnerability-management.md ADDED
@@ -0,0 +1,481 @@
1
+ # Vulnerability Management
2
+
3
+ CVE tracking, patching strategies, vulnerability databases, remediation workflows, and continuous vulnerability assessment.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Overview](#overview)
8
+ - [CVE Tracking](#cve-tracking)
9
+ - [Vulnerability Databases](#vulnerability-databases)
10
+ - [Patching Strategies](#patching-strategies)
11
+ - [Remediation Workflows](#remediation-workflows)
12
+ - [Metrics and Reporting](#metrics-and-reporting)
13
+ - [Best Practices](#best-practices)
14
+
15
+ ## Overview
16
+
17
+ **Vulnerability Management Lifecycle:**
18
+
19
+ ```
20
+ Discover → Prioritize → Remediate → Verify → Report
21
+ ↑ ↓
22
+ └───────────────────────────────────────────┘
23
+ Continuous Monitoring
24
+ ```
25
+
26
+ ## CVE Tracking
27
+
28
+ ### Vulnerability Severity
29
+
30
+ **CVSS Scoring:**
31
+ ```
32
+ CRITICAL (9.0-10.0): Immediate action required (< 24 hours)
33
+ HIGH (7.0-8.9): Fix within 7 days
34
+ MEDIUM (4.0-6.9): Fix within 30 days
35
+ LOW (0.1-3.9): Fix when convenient
36
+ ```
37
+
38
+ ### Automated Scanning
39
+
40
+ ```yaml
41
+ # .github/workflows/vuln-scan.yml
42
+ name: Vulnerability Scanning
43
+
44
+ on:
45
+ schedule:
46
+ - cron: '0 0 * * *' # Daily
47
+ push:
48
+ branches: [main]
49
+
50
+ jobs:
51
+ scan-dependencies:
52
+ runs-on: ubuntu-latest
53
+ steps:
54
+ - uses: actions/checkout@v3
55
+
56
+ - name: Scan with Trivy
57
+ uses: aquasecurity/trivy-action@master
58
+ with:
59
+ scan-type: 'fs'
60
+ format: 'json'
61
+ output: 'trivy-results.json'
62
+
63
+ - name: Parse and Create Issues
64
+ run: |
65
+ jq -r '.Results[] | select(.Vulnerabilities) |
66
+ .Vulnerabilities[] |
67
+ select(.Severity == "CRITICAL" or .Severity == "HIGH") |
68
+ "[\(.Severity)] \(.VulnerabilityID): \(.PkgName) \(.InstalledVersion)"' \
69
+ trivy-results.json
70
+ ```
71
+
72
+ ## Vulnerability Databases
73
+
74
+ ### National Vulnerability Database (NVD)
75
+
76
+ ```python
77
+ import requests
78
+
79
+ def get_cve_details(cve_id):
80
+ url = f"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId={cve_id}"
81
+ response = requests.get(url)
82
+ data = response.json()
83
+
84
+ cve = data['vulnerabilities'][0]['cve']
85
+
86
+ return {
87
+ 'id': cve_id,
88
+ 'description': cve['descriptions'][0]['value'],
89
+ 'cvss_score': cve['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'],
90
+ 'severity': cve['metrics']['cvssMetricV31'][0]['cvssData']['baseSeverity'],
91
+ 'published': cve['published'],
92
+ 'last_modified': cve['lastModified']
93
+ }
94
+
95
+ # Usage
96
+ cve_info = get_cve_details('CVE-2023-12345')
97
+ ```
98
+
99
+ ### GitHub Security Advisories
100
+
101
+ ```bash
102
+ # Query GitHub API for advisories
103
+ curl -H "Authorization: token $GITHUB_TOKEN" \
104
+ https://api.github.com/advisories?ecosystem=npm
105
+
106
+ # Get specific advisory
107
+ curl -H "Authorization: token $GITHUB_TOKEN" \
108
+ https://api.github.com/advisories/GHSA-xxxx-yyyy-zzzz
109
+ ```
110
+
111
+ ## Patching Strategies
112
+
113
+ ### Automated Dependency Updates
114
+
115
+ **Dependabot Configuration:**
116
+ ```yaml
117
+ # .github/dependabot.yml
118
+ version: 2
119
+ updates:
120
+ - package-ecosystem: "npm"
121
+ directory: "/"
122
+ schedule:
123
+ interval: "daily"
124
+ open-pull-requests-limit: 10
125
+
126
+ # Auto-merge patch updates
127
+ target-branch: "main"
128
+
129
+ # Group updates
130
+ groups:
131
+ dev-dependencies:
132
+ patterns:
133
+ - "@types/*"
134
+ - "eslint*"
135
+ update-types:
136
+ - "patch"
137
+ - "minor"
138
+
139
+ - package-ecosystem: "docker"
140
+ directory: "/"
141
+ schedule:
142
+ interval: "weekly"
143
+ ```
144
+
145
+ **Renovate Configuration:**
146
+ ```json
147
+ {
148
+ "extends": ["config:base"],
149
+ "schedule": ["after 10pm every weekday", "before 5am every weekday"],
150
+ "timezone": "America/New_York",
151
+ "vulnerabilityAlerts": {
152
+ "labels": ["security"],
153
+ "assignees": ["@security-team"]
154
+ },
155
+ "packageRules": [
156
+ {
157
+ "matchUpdateTypes": ["patch"],
158
+ "automerge": true
159
+ },
160
+ {
161
+ "matchPackagePatterns": ["^@types/"],
162
+ "automerge": true
163
+ },
164
+ {
165
+ "matchDepTypes": ["devDependencies"],
166
+ "automerge": true,
167
+ "matchUpdateTypes": ["minor", "patch"]
168
+ }
169
+ ]
170
+ }
171
+ ```
172
+
173
+ ### Patch Testing
174
+
175
+ ```yaml
176
+ # .github/workflows/patch-test.yml
177
+ name: Test Security Patches
178
+
179
+ on:
180
+ pull_request:
181
+ paths:
182
+ - 'package*.json'
183
+ - 'requirements.txt'
184
+ - 'go.mod'
185
+
186
+ jobs:
187
+ test-patch:
188
+ runs-on: ubuntu-latest
189
+ steps:
190
+ - uses: actions/checkout@v3
191
+
192
+ - name: Install dependencies
193
+ run: npm ci
194
+
195
+ - name: Run tests
196
+ run: npm test
197
+
198
+ - name: Run security scan
199
+ run: npm audit --audit-level=moderate
200
+
201
+ - name: Check for breaking changes
202
+ run: npm run test:integration
203
+
204
+ - name: Auto-approve if patch
205
+ if: contains(github.event.pull_request.title, '[PATCH]')
206
+ run: gh pr review --approve
207
+ env:
208
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
209
+ ```
210
+
211
+ ## Remediation Workflows
212
+
213
+ ### Vulnerability Triage
214
+
215
+ ```yaml
216
+ # vulnerability-triage.yaml
217
+ workflow:
218
+ 1_discovery:
219
+ - Automated scanning (daily)
220
+ - Manual security research
221
+ - Third-party advisories
222
+
223
+ 2_assessment:
224
+ - CVSS score
225
+ - Exploitability
226
+ - Attack surface
227
+ - Data sensitivity
228
+ - Business impact
229
+
230
+ 3_prioritization:
231
+ critical:
232
+ sla: 24 hours
233
+ process: Emergency patch
234
+ high:
235
+ sla: 7 days
236
+ process: Scheduled patch
237
+ medium:
238
+ sla: 30 days
239
+ process: Regular maintenance
240
+ low:
241
+ sla: 90 days
242
+ process: Backlog
243
+
244
+ 4_remediation:
245
+ - Update dependency
246
+ - Apply patch
247
+ - Implement workaround
248
+ - Accept risk (with approval)
249
+
250
+ 5_verification:
251
+ - Rescan
252
+ - Test functionality
253
+ - Validate fix
254
+
255
+ 6_closure:
256
+ - Document resolution
257
+ - Update tracking
258
+ - Close ticket
259
+ ```
260
+
261
+ ### Issue Template
262
+
263
+ ```yaml
264
+ # .github/ISSUE_TEMPLATE/security-vulnerability.yml
265
+ name: Security Vulnerability
266
+ description: Report a security vulnerability
267
+ labels: ["security", "vulnerability"]
268
+ assignees: ["security-team"]
269
+
270
+ body:
271
+ - type: input
272
+ id: cve
273
+ attributes:
274
+ label: CVE ID
275
+ description: CVE identifier if available
276
+ placeholder: CVE-2023-12345
277
+
278
+ - type: dropdown
279
+ id: severity
280
+ attributes:
281
+ label: Severity
282
+ options:
283
+ - Critical
284
+ - High
285
+ - Medium
286
+ - Low
287
+
288
+ - type: input
289
+ id: package
290
+ attributes:
291
+ label: Affected Package
292
+ placeholder: lodash@4.17.20
293
+
294
+ - type: textarea
295
+ id: description
296
+ attributes:
297
+ label: Description
298
+ description: Vulnerability details
299
+
300
+ - type: textarea
301
+ id: remediation
302
+ attributes:
303
+ label: Remediation
304
+ description: Proposed fix
305
+ placeholder: Update to lodash@4.17.21
306
+
307
+ - type: dropdown
308
+ id: exploitable
309
+ attributes:
310
+ label: Exploitability
311
+ options:
312
+ - Publicly exploited
313
+ - Proof of concept available
314
+ - Theoretical
315
+ - Unknown
316
+ ```
317
+
318
+ ### Automated Remediation
319
+
320
+ ```typescript
321
+ // auto-remediate.ts
322
+ import { Octokit } from '@octokit/rest';
323
+ import { exec } from 'child_process';
324
+ import { promisify } from 'util';
325
+
326
+ const execAsync = promisify(exec);
327
+
328
+ async function autoRemediate(vulnerability: Vulnerability) {
329
+ const { package, currentVersion, fixedVersion, severity } = vulnerability;
330
+
331
+ // Only auto-remediate patch updates
332
+ if (severity === 'LOW' && isPatchUpdate(currentVersion, fixedVersion)) {
333
+ // Create branch
334
+ await execAsync(`git checkout -b auto-fix/${package}-${fixedVersion}`);
335
+
336
+ // Update dependency
337
+ await execAsync(`npm install ${package}@${fixedVersion}`);
338
+
339
+ // Run tests
340
+ const { stdout: testOutput } = await execAsync('npm test');
341
+
342
+ if (testOutput.includes('PASS')) {
343
+ // Create PR
344
+ const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN });
345
+
346
+ await octokit.pulls.create({
347
+ owner: 'myorg',
348
+ repo: 'myrepo',
349
+ title: `[AUTO] Update ${package} to ${fixedVersion}`,
350
+ head: `auto-fix/${package}-${fixedVersion}`,
351
+ base: 'main',
352
+ body: `Automated security patch for ${package}\n\nFixes: ${vulnerability.cve}`,
353
+ labels: ['security', 'automated']
354
+ });
355
+ }
356
+ }
357
+ }
358
+ ```
359
+
360
+ ## Metrics and Reporting
361
+
362
+ ### KPIs
363
+
364
+ ```typescript
365
+ // security-metrics.ts
366
+ interface SecurityMetrics {
367
+ // Vulnerability metrics
368
+ totalVulnerabilities: number;
369
+ bySeverity: {
370
+ critical: number;
371
+ high: number;
372
+ medium: number;
373
+ low: number;
374
+ };
375
+
376
+ // Remediation metrics
377
+ meanTimeToRemediate: {
378
+ critical: number; // hours
379
+ high: number; // days
380
+ medium: number;
381
+ low: number;
382
+ };
383
+
384
+ // SLA compliance
385
+ slaCompliance: {
386
+ critical: number; // percentage
387
+ high: number;
388
+ medium: number;
389
+ low: number;
390
+ };
391
+
392
+ // Trends
393
+ newVulnerabilities: number; // this week
394
+ remediatedVulnerabilities: number;
395
+ openVulnerabilities: number;
396
+
397
+ // Coverage
398
+ scanCoverage: number; // percentage of projects scanned
399
+ lastScanTime: Date;
400
+ }
401
+ ```
402
+
403
+ ### Dashboard
404
+
405
+ ```yaml
406
+ # Grafana dashboard config
407
+ dashboard:
408
+ title: Vulnerability Management
409
+ panels:
410
+ - title: Open Vulnerabilities by Severity
411
+ type: graph
412
+ metrics:
413
+ - critical_vulns
414
+ - high_vulns
415
+ - medium_vulns
416
+ - low_vulns
417
+
418
+ - title: Mean Time to Remediate
419
+ type: stat
420
+ metrics:
421
+ - avg(remediation_time_hours) by severity
422
+
423
+ - title: SLA Compliance
424
+ type: gauge
425
+ metrics:
426
+ - sla_compliance_percentage
427
+
428
+ - title: Vulnerability Trend
429
+ type: graph
430
+ metrics:
431
+ - new_vulns_weekly
432
+ - remediated_vulns_weekly
433
+ ```
434
+
435
+ ## Best Practices
436
+
437
+ ### 1. Continuous Scanning
438
+
439
+ ```bash
440
+ # Scan on every commit
441
+ # Scan daily for new vulnerabilities
442
+ # Scan on dependency changes
443
+ ```
444
+
445
+ ### 2. Risk-Based Prioritization
446
+
447
+ ```yaml
448
+ priority_matrix:
449
+ critical_severity + internet_exposed: P0 (immediate)
450
+ high_severity + production: P1 (24h)
451
+ medium_severity + production: P2 (7d)
452
+ low_severity: P3 (30d)
453
+ ```
454
+
455
+ ### 3. Defense in Depth
456
+
457
+ ```
458
+ Layer 1: Prevent (automated updates)
459
+ Layer 2: Detect (scanning)
460
+ Layer 3: Respond (remediation)
461
+ Layer 4: Monitor (runtime protection)
462
+ ```
463
+
464
+ ### 4. Document Exceptions
465
+
466
+ ```yaml
467
+ # vulnerability-exceptions.yaml
468
+ exceptions:
469
+ - cve: CVE-2023-12345
470
+ package: old-library@1.0.0
471
+ reason: No fix available, mitigated by network policy
472
+ mitigation: Network policy blocks external access
473
+ approved_by: security-team
474
+ expires: 2024-12-31
475
+ ```
476
+
477
+ ---
478
+
479
+ **Related Resources:**
480
+ - [security-scanning.md](security-scanning.md) - Scanning tools and techniques
481
+ - [supply-chain-security.md](supply-chain-security.md) - Dependency security
package/.claude/skills/devsecops/resources/zero-trust-architecture.md ADDED
@@ -0,0 +1,177 @@
1
+ # Zero Trust Architecture
2
+
3
+ Service-to-service authentication with mTLS, network policies, identity-based access control, and zero-trust security model implementation.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Overview](#overview)
8
+ - [Service-to-Service Authentication](#service-to-service-authentication)
9
+ - [Network Policies](#network-policies)
10
+ - [Identity-Based Access](#identity-based-access)
11
+ - [Implementation](#implementation)
12
+
13
+ ## Overview
14
+
15
+ **Zero Trust Principles:**
16
+
17
+ ```
18
+ 1. Never trust, always verify
19
+ 2. Assume breach
20
+ 3. Verify explicitly
21
+ 4. Least privilege access
22
+ 5. Microsegmentation
23
+ ```
24
+
25
+ ## Service-to-Service Authentication
26
+
27
+ ### mTLS with Istio
28
+
29
+ ```yaml
30
+ apiVersion: security.istio.io/v1beta1
31
+ kind: PeerAuthentication
32
+ metadata:
33
+ name: default
34
+ namespace: production
35
+ spec:
36
+ mtls:
37
+ mode: STRICT
38
+ ```
39
+
40
+ ### Certificate Management
41
+
42
+ ```yaml
43
+ apiVersion: cert-manager.io/v1
44
+ kind: Certificate
45
+ metadata:
46
+ name: service-cert
47
+ spec:
48
+ secretName: service-tls
49
+ issuerRef:
50
+ name: internal-ca
51
+ kind: ClusterIssuer
52
+ dnsNames:
53
+ - service.production.svc.cluster.local
54
+ ```
55
+
56
+ ## Network Policies
57
+
58
+ **Default Deny:**
59
+ ```yaml
60
+ apiVersion: networking.k8s.io/v1
61
+ kind: NetworkPolicy
62
+ metadata:
63
+ name: default-deny-all
64
+ spec:
65
+ podSelector: {}
66
+ policyTypes:
67
+ - Ingress
68
+ - Egress
69
+ ```
70
+
71
+ **Allow Specific Traffic:**
72
+ ```yaml
73
+ apiVersion: networking.k8s.io/v1
74
+ kind: NetworkPolicy
75
+ metadata:
76
+ name: api-allow
77
+ spec:
78
+ podSelector:
79
+ matchLabels:
80
+ app: api
81
+ policyTypes:
82
+ - Ingress
83
+ ingress:
84
+ - from:
85
+ - podSelector:
86
+ matchLabels:
87
+ app: frontend
88
+ ports:
89
+ - protocol: TCP
90
+ port: 8080
91
+ ```
92
+
93
+ ## Identity-Based Access
94
+
95
+ ### Workload Identity
96
+
97
+ **GKE:**
98
+ ```yaml
99
+ apiVersion: v1
100
+ kind: ServiceAccount
101
+ metadata:
102
+ name: myapp
103
+ annotations:
104
+ iam.gke.io/gcp-service-account: myapp@project.iam.gserviceaccount.com
105
+ ```
106
+
107
+ **EKS:**
108
+ ```yaml
109
+ apiVersion: v1
110
+ kind: ServiceAccount
111
+ metadata:
112
+ name: myapp
113
+ annotations:
114
+ eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/myapp
115
+ ```
116
+
117
+ ### SPIFFE/SPIRE
118
+
119
+ ```bash
120
+ # Install SPIRE
121
+ kubectl apply -f https://spiffe.io/docs/latest/try/getting-started-k8s.yaml
122
+
123
+ # Create registration entry
124
+ spire-server entry create \
125
+ -parentID spiffe://example.org/k8s-workload-registrar/node \
126
+ -spiffeID spiffe://example.org/myapp \
127
+ -selector k8s:ns:production \
128
+ -selector k8s:pod-label:app:myapp
129
+ ```
130
+
131
+ ## Implementation
132
+
133
+ **Complete Zero Trust Setup:**
134
+ ```yaml
135
+ # 1. Default deny network policy
136
+ apiVersion: networking.k8s.io/v1
137
+ kind: NetworkPolicy
138
+ metadata:
139
+ name: default-deny
140
+ spec:
141
+ podSelector: {}
142
+ policyTypes: [Ingress, Egress]
143
+
144
+ ---
145
+ # 2. mTLS enforcement
146
+ apiVersion: security.istio.io/v1beta1
147
+ kind: PeerAuthentication
148
+ metadata:
149
+ name: strict-mtls
150
+ spec:
151
+ mtls:
152
+ mode: STRICT
153
+
154
+ ---
155
+ # 3. Authorization policy
156
+ apiVersion: security.istio.io/v1beta1
157
+ kind: AuthorizationPolicy
158
+ metadata:
159
+ name: require-jwt
160
+ spec:
161
+ selector:
162
+ matchLabels:
163
+ app: api
164
+ rules:
165
+ - from:
166
+ - source:
167
+ requestPrincipals: ["*"]
168
+ when:
169
+ - key: request.auth.claims[iss]
170
+ values: ["https://auth.example.com"]
171
+ ```
172
+
173
+ ---
174
+
175
+ **Related Resources:**
176
+ - [container-security.md](container-security.md)
177
+ - [policy-enforcement.md](policy-enforcement.md)