blockmine 1.24.0 → 1.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/README.en.md +427 -0
  3. package/README.md +40 -0
  4. package/backend/cli.js +1 -1
  5. package/backend/src/ai/plugin-assistant-system-prompt.md +664 -5
  6. package/backend/src/api/routes/bots.js +13 -0
  7. package/backend/src/api/routes/servers.js +14 -2
  8. package/backend/src/core/BotProcess.js +98 -2
  9. package/backend/src/core/PluginLoader.js +83 -3
  10. package/backend/src/core/PluginManager.js +75 -5
  11. package/backend/src/core/services/BotLifecycleService.js +186 -2
  12. package/backend/src/server.js +11 -1
  13. package/frontend/dist/assets/browser-ponyfill-DN7pwmHT.js +2 -0
  14. package/frontend/dist/assets/index-LSy71uwm.js +11261 -0
  15. package/frontend/dist/assets/index-SfhKxI4-.css +32 -0
  16. package/frontend/dist/flags/en.svg +32 -0
  17. package/frontend/dist/flags/ru.svg +5 -0
  18. package/frontend/dist/index.html +2 -2
  19. package/frontend/dist/locales/en/admin.json +100 -0
  20. package/frontend/dist/locales/en/api-keys.json +58 -0
  21. package/frontend/dist/locales/en/bots.json +110 -0
  22. package/frontend/dist/locales/en/common.json +47 -0
  23. package/frontend/dist/locales/en/configuration.json +22 -0
  24. package/frontend/dist/locales/en/console.json +10 -0
  25. package/frontend/dist/locales/en/dashboard.json +85 -0
  26. package/frontend/dist/locales/en/dialogs.json +70 -0
  27. package/frontend/dist/locales/en/event-graphs.json +50 -0
  28. package/frontend/dist/locales/en/graph-store.json +70 -0
  29. package/frontend/dist/locales/en/login.json +34 -0
  30. package/frontend/dist/locales/en/management.json +114 -0
  31. package/frontend/dist/locales/en/minecraft-viewer.json +27 -0
  32. package/frontend/dist/locales/en/nodes.json +1077 -0
  33. package/frontend/dist/locales/en/permissions.json +50 -0
  34. package/frontend/dist/locales/en/plugin-detail.json +49 -0
  35. package/frontend/dist/locales/en/plugins.json +110 -0
  36. package/frontend/dist/locales/en/proxies.json +81 -0
  37. package/frontend/dist/locales/en/servers.json +39 -0
  38. package/frontend/dist/locales/en/setup.json +17 -0
  39. package/frontend/dist/locales/en/sidebar.json +27 -0
  40. package/frontend/dist/locales/en/tasks.json +62 -0
  41. package/frontend/dist/locales/en/visual-editor.json +219 -0
  42. package/frontend/dist/locales/en/websocket.json +86 -0
  43. package/frontend/dist/locales/ru/admin.json +100 -0
  44. package/frontend/dist/locales/ru/api-keys.json +58 -0
  45. package/frontend/dist/locales/ru/bots.json +110 -0
  46. package/frontend/dist/locales/ru/common.json +49 -0
  47. package/frontend/dist/locales/ru/configuration.json +22 -0
  48. package/frontend/dist/locales/ru/console.json +10 -0
  49. package/frontend/dist/locales/ru/dashboard.json +85 -0
  50. package/frontend/dist/locales/ru/dialogs.json +70 -0
  51. package/frontend/dist/locales/ru/event-graphs.json +50 -0
  52. package/frontend/dist/locales/ru/graph-store.json +70 -0
  53. package/frontend/dist/locales/ru/login.json +34 -0
  54. package/frontend/dist/locales/ru/management.json +114 -0
  55. package/frontend/dist/locales/ru/minecraft-viewer.json +27 -0
  56. package/frontend/dist/locales/ru/nodes.json +1077 -0
  57. package/frontend/dist/locales/ru/permissions.json +50 -0
  58. package/frontend/dist/locales/ru/plugin-detail.json +49 -0
  59. package/frontend/dist/locales/ru/plugins.json +110 -0
  60. package/frontend/dist/locales/ru/proxies.json +81 -0
  61. package/frontend/dist/locales/ru/servers.json +39 -0
  62. package/frontend/dist/locales/ru/setup.json +17 -0
  63. package/frontend/dist/locales/ru/sidebar.json +27 -0
  64. package/frontend/dist/locales/ru/tasks.json +62 -0
  65. package/frontend/dist/locales/ru/visual-editor.json +221 -0
  66. package/frontend/dist/locales/ru/websocket.json +86 -0
  67. package/frontend/dist/monacoeditorwork/css.worker.bundle.js +7 -7
  68. package/frontend/dist/monacoeditorwork/html.worker.bundle.js +7 -7
  69. package/frontend/dist/monacoeditorwork/json.worker.bundle.js +7 -7
  70. package/frontend/dist/monacoeditorwork/ts.worker.bundle.js +3 -3
  71. package/frontend/package.json +4 -0
  72. package/package.json +1 -1
  73. package/screen/3dviewer.png +0 -0
  74. package/screen/console.png +0 -0
  75. package/screen/dashboard.png +0 -0
  76. package/screen/graph_collabe.png +0 -0
  77. package/screen/graph_live_debug.png +0 -0
  78. package/screen/language_selector.png +0 -0
  79. package/screen/management_command.png +0 -0
  80. package/screen/node_debug_trace.png +0 -0
  81. package/screen/plugin_/320/276/320/261/320/267/320/276/321/200.png +0 -0
  82. package/screen/websocket.png +0 -0
  83. package/screen//320/275/320/260/321/201/321/202/321/200/320/276/320/271/320/272/320/270_/320/276/321/202/320/264/320/265/320/273/321/214/320/275/321/213/321/205_/320/272/320/276/320/274/320/260/320/275/320/264_/320/272/320/260/320/266/320/264/321/203_/320/272/320/276/320/274/320/260/320/275/320/273/320/264/321/203_/320/274/320/276/320/266/320/275/320/276_/320/275/320/260/321/201/321/202/321/200/320/260/320/270/320/262/320/260/321/202/321/214.png +0 -0
  84. package/screen//320/277/320/273/320/260/320/275/320/270/321/200/320/276/320/262/321/211/320/270/320/272_/320/274/320/276/320/266/320/275/320/276_/320/267/320/260/320/264/320/260/320/262/320/260/321/202/321/214_/320/264/320/265/320/271/321/201/321/202/320/262/320/270/321/217_/320/277/320/276_/320/262/321/200/320/265/320/274/320/265/320/275/320/270.png +0 -0
  85. package/.claude/agents/README.md +0 -469
  86. package/.claude/agents/auth-route-debugger.md +0 -118
  87. package/.claude/agents/auth-route-tester.md +0 -93
  88. package/.claude/agents/auto-error-resolver.md +0 -97
  89. package/.claude/agents/build-optimizer.md +0 -236
  90. package/.claude/agents/code-architect.md +0 -34
  91. package/.claude/agents/code-architecture-reviewer.md +0 -83
  92. package/.claude/agents/code-explorer.md +0 -51
  93. package/.claude/agents/code-refactor-master.md +0 -94
  94. package/.claude/agents/code-reviewer.md +0 -46
  95. package/.claude/agents/cost-optimizer.md +0 -134
  96. package/.claude/agents/deployment-orchestrator.md +0 -113
  97. package/.claude/agents/documentation-architect.md +0 -82
  98. package/.claude/agents/frontend-error-fixer.md +0 -77
  99. package/.claude/agents/iac-code-generator.md +0 -71
  100. package/.claude/agents/incident-responder.md +0 -346
  101. package/.claude/agents/infrastructure-architect.md +0 -31
  102. package/.claude/agents/kubernetes-specialist.md +0 -56
  103. package/.claude/agents/migration-planner.md +0 -181
  104. package/.claude/agents/network-architect.md +0 -196
  105. package/.claude/agents/plan-reviewer.md +0 -52
  106. package/.claude/agents/refactor-planner.md +0 -63
  107. package/.claude/agents/security-scanner.md +0 -102
  108. package/.claude/agents/web-research-specialist.md +0 -78
  109. package/.claude/commands/cost-analysis.md +0 -315
  110. package/.claude/commands/dev-docs-update.md +0 -55
  111. package/.claude/commands/dev-docs.md +0 -51
  112. package/.claude/commands/feature-dev.md +0 -125
  113. package/.claude/commands/incident-debug.md +0 -247
  114. package/.claude/commands/infra-plan.md +0 -81
  115. package/.claude/commands/migration-plan.md +0 -478
  116. package/.claude/commands/route-research-for-testing.md +0 -37
  117. package/.claude/commands/security-review.md +0 -66
  118. package/.claude/hooks/CONFIG.md +0 -448
  119. package/.claude/hooks/README.md +0 -163
  120. package/.claude/hooks/SKILL_ACTIVATION_COMPLETE.md +0 -226
  121. package/.claude/hooks/WINDOWS_HOOKS_README.md +0 -151
  122. package/.claude/hooks/add-skill-activation-banners.ts +0 -132
  123. package/.claude/hooks/comprehensive-skill-test.ts +0 -1315
  124. package/.claude/hooks/error-handling-reminder.sh +0 -12
  125. package/.claude/hooks/error-handling-reminder.ts +0 -222
  126. package/.claude/hooks/k8s-manifest-validator.sh +0 -56
  127. package/.claude/hooks/package-lock.json +0 -556
  128. package/.claude/hooks/package.json +0 -16
  129. package/.claude/hooks/post-tool-use-tracker.ps1 +0 -174
  130. package/.claude/hooks/post-tool-use-tracker.sh +0 -183
  131. package/.claude/hooks/security-policy-check.sh +0 -247
  132. package/.claude/hooks/skill-activation-prompt.ps1 +0 -10
  133. package/.claude/hooks/skill-activation-prompt.sh +0 -10
  134. package/.claude/hooks/skill-activation-prompt.ts +0 -141
  135. package/.claude/hooks/stop-build-check-enhanced.sh +0 -130
  136. package/.claude/hooks/terraform-validator.sh +0 -53
  137. package/.claude/hooks/test-input.json +0 -7
  138. package/.claude/hooks/test-skill-activation.ts +0 -427
  139. package/.claude/hooks/trigger-build-resolver.sh +0 -79
  140. package/.claude/hooks/tsc-check.sh +0 -173
  141. package/.claude/hooks/tsconfig.json +0 -19
  142. package/.claude/settings.json +0 -59
  143. package/.claude/settings.local.json +0 -67
  144. package/.claude/skills/README.md +0 -507
  145. package/.claude/skills/api-engineering/SKILL.md +0 -63
  146. package/.claude/skills/api-engineering/resources/api-versioning.md +0 -88
  147. package/.claude/skills/api-engineering/resources/graphql-patterns.md +0 -106
  148. package/.claude/skills/api-engineering/resources/rate-limiting.md +0 -118
  149. package/.claude/skills/api-engineering/resources/rest-api-design.md +0 -105
  150. package/.claude/skills/backend-dev-guidelines/SKILL.md +0 -306
  151. package/.claude/skills/backend-dev-guidelines/resources/architecture-overview.md +0 -451
  152. package/.claude/skills/backend-dev-guidelines/resources/async-and-errors.md +0 -307
  153. package/.claude/skills/backend-dev-guidelines/resources/complete-examples.md +0 -638
  154. package/.claude/skills/backend-dev-guidelines/resources/configuration.md +0 -275
  155. package/.claude/skills/backend-dev-guidelines/resources/database-patterns.md +0 -224
  156. package/.claude/skills/backend-dev-guidelines/resources/middleware-guide.md +0 -213
  157. package/.claude/skills/backend-dev-guidelines/resources/routing-and-controllers.md +0 -756
  158. package/.claude/skills/backend-dev-guidelines/resources/sentry-and-monitoring.md +0 -336
  159. package/.claude/skills/backend-dev-guidelines/resources/services-and-repositories.md +0 -789
  160. package/.claude/skills/backend-dev-guidelines/resources/testing-guide.md +0 -235
  161. package/.claude/skills/backend-dev-guidelines/resources/validation-patterns.md +0 -754
  162. package/.claude/skills/budget-and-cost-management/SKILL.md +0 -850
  163. package/.claude/skills/build-engineering/SKILL.md +0 -431
  164. package/.claude/skills/build-engineering/resources/artifact-repositories.md +0 -72
  165. package/.claude/skills/build-engineering/resources/build-caching.md +0 -96
  166. package/.claude/skills/build-engineering/resources/build-pipelines.md +0 -105
  167. package/.claude/skills/build-engineering/resources/build-security.md +0 -95
  168. package/.claude/skills/build-engineering/resources/build-systems.md +0 -389
  169. package/.claude/skills/build-engineering/resources/compilation-optimization.md +0 -201
  170. package/.claude/skills/build-engineering/resources/dependency-management.md +0 -73
  171. package/.claude/skills/build-engineering/resources/monorepo-builds.md +0 -110
  172. package/.claude/skills/build-engineering/resources/performance-optimization.md +0 -113
  173. package/.claude/skills/build-engineering/resources/reproducible-builds.md +0 -82
  174. package/.claude/skills/cloud-engineering/SKILL.md +0 -675
  175. package/.claude/skills/cloud-engineering/resources/aws-patterns.md +0 -742
  176. package/.claude/skills/cloud-engineering/resources/azure-patterns.md +0 -714
  177. package/.claude/skills/cloud-engineering/resources/cleared-cloud-environments.md +0 -987
  178. package/.claude/skills/cloud-engineering/resources/cloud-cost-optimization.md +0 -757
  179. package/.claude/skills/cloud-engineering/resources/cloud-networking.md +0 -1058
  180. package/.claude/skills/cloud-engineering/resources/cloud-security-tools.md +0 -1530
  181. package/.claude/skills/cloud-engineering/resources/cloud-security.md +0 -990
  182. package/.claude/skills/cloud-engineering/resources/gcp-patterns.md +0 -758
  183. package/.claude/skills/cloud-engineering/resources/migration-strategies.md +0 -820
  184. package/.claude/skills/cloud-engineering/resources/multi-cloud-strategies.md +0 -670
  185. package/.claude/skills/cloud-engineering/resources/oci-patterns.md +0 -1198
  186. package/.claude/skills/cloud-engineering/resources/serverless-patterns.md +0 -795
  187. package/.claude/skills/cloud-engineering/resources/well-architected-frameworks.md +0 -966
  188. package/.claude/skills/cybersecurity/SKILL.md +0 -409
  189. package/.claude/skills/cybersecurity/resources/security-architecture.md +0 -266
  190. package/.claude/skills/database-engineering/SKILL.md +0 -61
  191. package/.claude/skills/database-engineering/resources/backup-and-recovery.md +0 -72
  192. package/.claude/skills/database-engineering/resources/database-replication.md +0 -63
  193. package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md +0 -70
  194. package/.claude/skills/database-engineering/resources/query-optimization.md +0 -68
  195. package/.claude/skills/devsecops/SKILL.md +0 -374
  196. package/.claude/skills/devsecops/resources/ci-cd-security.md +0 -204
  197. package/.claude/skills/devsecops/resources/compliance-automation.md +0 -530
  198. package/.claude/skills/devsecops/resources/compliance-frameworks.md +0 -2322
  199. package/.claude/skills/devsecops/resources/container-security.md +0 -915
  200. package/.claude/skills/devsecops/resources/cspm-integration.md +0 -1440
  201. package/.claude/skills/devsecops/resources/policy-enforcement.md +0 -619
  202. package/.claude/skills/devsecops/resources/secrets-management.md +0 -755
  203. package/.claude/skills/devsecops/resources/security-monitoring.md +0 -146
  204. package/.claude/skills/devsecops/resources/security-scanning.md +0 -887
  205. package/.claude/skills/devsecops/resources/security-testing.md +0 -203
  206. package/.claude/skills/devsecops/resources/supply-chain-security.md +0 -518
  207. package/.claude/skills/devsecops/resources/vulnerability-management.md +0 -481
  208. package/.claude/skills/devsecops/resources/zero-trust-architecture.md +0 -177
  209. package/.claude/skills/documentation-as-code/SKILL.md +0 -323
  210. package/.claude/skills/documentation-as-code/resources/api-documentation.md +0 -90
  211. package/.claude/skills/documentation-as-code/resources/changelog-management.md +0 -79
  212. package/.claude/skills/documentation-as-code/resources/diagram-generation.md +0 -44
  213. package/.claude/skills/documentation-as-code/resources/docs-as-code-workflow.md +0 -99
  214. package/.claude/skills/documentation-as-code/resources/documentation-automation.md +0 -68
  215. package/.claude/skills/documentation-as-code/resources/documentation-sites.md +0 -79
  216. package/.claude/skills/documentation-as-code/resources/markdown-best-practices.md +0 -162
  217. package/.claude/skills/documentation-as-code/resources/openapi-specification.md +0 -77
  218. package/.claude/skills/documentation-as-code/resources/readme-engineering.md +0 -60
  219. package/.claude/skills/documentation-as-code/resources/technical-writing-guide.md +0 -202
  220. package/.claude/skills/engineering-management/SKILL.md +0 -356
  221. package/.claude/skills/engineering-management/resources/career-ladders.md +0 -609
  222. package/.claude/skills/engineering-management/resources/hiring-and-assessment.md +0 -555
  223. package/.claude/skills/engineering-management/resources/one-on-one-guides.md +0 -609
  224. package/.claude/skills/engineering-management/resources/resource-planning.md +0 -557
  225. package/.claude/skills/engineering-management/resources/team-organization-patterns.md +0 -491
  226. package/.claude/skills/engineering-management/resources/technical-interviews.md +0 -474
  227. package/.claude/skills/engineering-operations-management/SKILL.md +0 -817
  228. package/.claude/skills/error-tracking/SKILL.md +0 -379
  229. package/.claude/skills/frontend-design/SKILL.md +0 -42
  230. package/.claude/skills/frontend-dev-guidelines/SKILL.md +0 -403
  231. package/.claude/skills/frontend-dev-guidelines/resources/common-patterns.md +0 -331
  232. package/.claude/skills/frontend-dev-guidelines/resources/complete-examples.md +0 -872
  233. package/.claude/skills/frontend-dev-guidelines/resources/component-patterns.md +0 -502
  234. package/.claude/skills/frontend-dev-guidelines/resources/data-fetching.md +0 -767
  235. package/.claude/skills/frontend-dev-guidelines/resources/file-organization.md +0 -502
  236. package/.claude/skills/frontend-dev-guidelines/resources/loading-and-error-states.md +0 -501
  237. package/.claude/skills/frontend-dev-guidelines/resources/performance.md +0 -406
  238. package/.claude/skills/frontend-dev-guidelines/resources/routing-guide.md +0 -364
  239. package/.claude/skills/frontend-dev-guidelines/resources/styling-guide.md +0 -428
  240. package/.claude/skills/frontend-dev-guidelines/resources/typescript-standards.md +0 -418
  241. package/.claude/skills/general-it-engineering/SKILL.md +0 -393
  242. package/.claude/skills/general-it-engineering/resources/asset-management.md +0 -712
  243. package/.claude/skills/general-it-engineering/resources/automation-orchestration.md +0 -817
  244. package/.claude/skills/general-it-engineering/resources/business-continuity.md +0 -786
  245. package/.claude/skills/general-it-engineering/resources/change-management.md +0 -715
  246. package/.claude/skills/general-it-engineering/resources/enterprise-monitoring.md +0 -729
  247. package/.claude/skills/general-it-engineering/resources/help-desk-operations.md +0 -738
  248. package/.claude/skills/general-it-engineering/resources/incident-service-management.md +0 -834
  249. package/.claude/skills/general-it-engineering/resources/it-governance.md +0 -753
  250. package/.claude/skills/general-it-engineering/resources/itil-framework.md +0 -503
  251. package/.claude/skills/general-it-engineering/resources/service-management.md +0 -669
  252. package/.claude/skills/infrastructure-architecture/SKILL.md +0 -328
  253. package/.claude/skills/infrastructure-architecture/resources/architecture-decision-records.md +0 -505
  254. package/.claude/skills/infrastructure-architecture/resources/architecture-patterns.md +0 -528
  255. package/.claude/skills/infrastructure-architecture/resources/capacity-planning.md +0 -453
  256. package/.claude/skills/infrastructure-architecture/resources/cleared-environment-architecture.md +0 -773
  257. package/.claude/skills/infrastructure-architecture/resources/cost-architecture.md +0 -499
  258. package/.claude/skills/infrastructure-architecture/resources/data-architecture.md +0 -501
  259. package/.claude/skills/infrastructure-architecture/resources/disaster-recovery.md +0 -535
  260. package/.claude/skills/infrastructure-architecture/resources/migration-architecture.md +0 -512
  261. package/.claude/skills/infrastructure-architecture/resources/multi-region-design.md +0 -608
  262. package/.claude/skills/infrastructure-architecture/resources/reference-architectures.md +0 -562
  263. package/.claude/skills/infrastructure-architecture/resources/security-architecture.md +0 -538
  264. package/.claude/skills/infrastructure-architecture/resources/system-design-principles.md +0 -489
  265. package/.claude/skills/infrastructure-architecture/resources/workload-classification.md +0 -1000
  266. package/.claude/skills/infrastructure-strategy/SKILL.md +0 -924
  267. package/.claude/skills/network-engineering/SKILL.md +0 -385
  268. package/.claude/skills/network-engineering/resources/dns-management.md +0 -738
  269. package/.claude/skills/network-engineering/resources/load-balancing.md +0 -820
  270. package/.claude/skills/network-engineering/resources/network-architecture.md +0 -546
  271. package/.claude/skills/network-engineering/resources/network-security.md +0 -921
  272. package/.claude/skills/network-engineering/resources/network-troubleshooting.md +0 -749
  273. package/.claude/skills/network-engineering/resources/routing-switching.md +0 -373
  274. package/.claude/skills/network-engineering/resources/sdn-networking.md +0 -695
  275. package/.claude/skills/network-engineering/resources/service-mesh-networking.md +0 -777
  276. package/.claude/skills/network-engineering/resources/tcp-ip-protocols.md +0 -444
  277. package/.claude/skills/network-engineering/resources/vpn-connectivity.md +0 -672
  278. package/.claude/skills/node-development/SKILL.md +0 -317
  279. package/.claude/skills/observability-engineering/SKILL.md +0 -101
  280. package/.claude/skills/observability-engineering/resources/apm-tools.md +0 -97
  281. package/.claude/skills/observability-engineering/resources/correlation-strategies.md +0 -87
  282. package/.claude/skills/observability-engineering/resources/distributed-tracing.md +0 -98
  283. package/.claude/skills/observability-engineering/resources/logs-aggregation.md +0 -118
  284. package/.claude/skills/observability-engineering/resources/observability-cost-optimization.md +0 -141
  285. package/.claude/skills/observability-engineering/resources/opentelemetry.md +0 -110
  286. package/.claude/skills/platform-engineering/SKILL.md +0 -555
  287. package/.claude/skills/platform-engineering/resources/architecture-overview.md +0 -600
  288. package/.claude/skills/platform-engineering/resources/container-orchestration.md +0 -916
  289. package/.claude/skills/platform-engineering/resources/cost-optimization.md +0 -634
  290. package/.claude/skills/platform-engineering/resources/developer-platforms.md +0 -670
  291. package/.claude/skills/platform-engineering/resources/gitops-automation.md +0 -650
  292. package/.claude/skills/platform-engineering/resources/infrastructure-as-code.md +0 -778
  293. package/.claude/skills/platform-engineering/resources/infrastructure-standards.md +0 -708
  294. package/.claude/skills/platform-engineering/resources/multi-tenancy.md +0 -602
  295. package/.claude/skills/platform-engineering/resources/platform-security.md +0 -711
  296. package/.claude/skills/platform-engineering/resources/resource-management.md +0 -592
  297. package/.claude/skills/platform-engineering/resources/service-mesh.md +0 -628
  298. package/.claude/skills/release-engineering/SKILL.md +0 -393
  299. package/.claude/skills/release-engineering/resources/artifact-management.md +0 -108
  300. package/.claude/skills/release-engineering/resources/build-optimization.md +0 -84
  301. package/.claude/skills/release-engineering/resources/ci-cd-pipelines.md +0 -411
  302. package/.claude/skills/release-engineering/resources/deployment-strategies.md +0 -197
  303. package/.claude/skills/release-engineering/resources/pipeline-security.md +0 -62
  304. package/.claude/skills/release-engineering/resources/progressive-delivery.md +0 -83
  305. package/.claude/skills/release-engineering/resources/release-automation.md +0 -68
  306. package/.claude/skills/release-engineering/resources/release-orchestration.md +0 -77
  307. package/.claude/skills/release-engineering/resources/rollback-strategies.md +0 -66
  308. package/.claude/skills/release-engineering/resources/versioning-strategies.md +0 -59
  309. package/.claude/skills/route-tester/SKILL.md +0 -392
  310. package/.claude/skills/skill-developer/ADVANCED.md +0 -197
  311. package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +0 -306
  312. package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +0 -152
  313. package/.claude/skills/skill-developer/SKILL.md +0 -430
  314. package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +0 -315
  315. package/.claude/skills/skill-developer/TRIGGER_TYPES.md +0 -305
  316. package/.claude/skills/skill-developer/TROUBLESHOOTING.md +0 -514
  317. package/.claude/skills/skill-rules.json +0 -2989
  318. package/.claude/skills/sre/SKILL.md +0 -464
  319. package/.claude/skills/sre/resources/alerting-best-practices.md +0 -282
  320. package/.claude/skills/sre/resources/capacity-planning.md +0 -226
  321. package/.claude/skills/sre/resources/chaos-engineering.md +0 -193
  322. package/.claude/skills/sre/resources/disaster-recovery.md +0 -232
  323. package/.claude/skills/sre/resources/incident-management.md +0 -436
  324. package/.claude/skills/sre/resources/observability-stack.md +0 -240
  325. package/.claude/skills/sre/resources/on-call-runbooks.md +0 -167
  326. package/.claude/skills/sre/resources/performance-optimization.md +0 -108
  327. package/.claude/skills/sre/resources/reliability-patterns.md +0 -183
  328. package/.claude/skills/sre/resources/slo-sli-sla.md +0 -464
  329. package/.claude/skills/sre/resources/toil-reduction.md +0 -145
  330. package/.claude/skills/systems-engineering/SKILL.md +0 -648
  331. package/.claude/skills/systems-engineering/resources/automation-patterns.md +0 -771
  332. package/.claude/skills/systems-engineering/resources/configuration-management.md +0 -998
  333. package/.claude/skills/systems-engineering/resources/linux-administration.md +0 -672
  334. package/.claude/skills/systems-engineering/resources/networking-fundamentals.md +0 -982
  335. package/.claude/skills/systems-engineering/resources/performance-tuning.md +0 -871
  336. package/.claude/skills/systems-engineering/resources/powershell-scripting.md +0 -482
  337. package/.claude/skills/systems-engineering/resources/security-hardening.md +0 -739
  338. package/.claude/skills/systems-engineering/resources/shell-scripting.md +0 -915
  339. package/.claude/skills/systems-engineering/resources/storage-management.md +0 -628
  340. package/.claude/skills/systems-engineering/resources/system-monitoring.md +0 -787
  341. package/.claude/skills/systems-engineering/resources/troubleshooting-guide.md +0 -753
  342. package/.claude/skills/systems-engineering/resources/windows-administration.md +0 -738
  343. package/.claude/skills/technical-leadership/SKILL.md +0 -728
  344. package/backend/docs/SECRETS_DOCUMENTATION.md +0 -327
  345. package/frontend/dist/assets/index-BC-NbKXi.css +0 -32
  346. package/frontend/dist/assets/index-DqJXZMHY.js +0 -11266
package/.claude/skills/devsecops/resources/policy-enforcement.md DELETED
@@ -1,619 +0,0 @@
1
- # Policy Enforcement - OPA, Gatekeeper, and Kyverno
2
-
3
- Comprehensive guide to policy-as-code using Open Policy Agent (OPA), Gatekeeper, Kyverno, admission controllers, and compliance automation for Kubernetes and cloud infrastructure.
4
-
5
- ## Table of Contents
6
-
7
- - [Overview](#overview)
8
- - [Open Policy Agent (OPA)](#open-policy-agent-opa)
9
- - [Gatekeeper](#gatekeeper)
10
- - [Kyverno](#kyverno)
11
- - [Admission Controllers](#admission-controllers)
12
- - [Policy Testing](#policy-testing)
13
- - [Common Policies](#common-policies)
14
- - [Best Practices](#best-practices)
15
-
16
- ## Overview
17
-
18
- **Policy as Code Benefits:**
19
- - ✅ Automated enforcement
20
- - ✅ Consistent across environments
21
- - ✅ Version controlled
22
- - ✅ Auditable and testable
23
- - ✅ Shift-left security
24
-
25
- ## Open Policy Agent (OPA)
26
-
27
- ### Installation
28
-
29
- ```bash
30
- # Linux/macOS
31
- curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64
32
- chmod +x opa
33
-
34
- # Docker
35
- docker run -p 8181:8181 openpolicyagent/opa run --server
36
- ```
37
-
38
- ### Rego Language Basics
39
-
40
- ```rego
41
- package example
42
-
43
- # Simple rule
44
- allow {
45
- input.user == "admin"
46
- }
47
-
48
- # Rule with conditions
49
- allow {
50
- input.user.role == "developer"
51
- input.action == "read"
52
- }
53
-
54
- # Complex policy
55
- deny[msg] {
56
- input.resource.type == "deployment"
57
- not input.resource.securityContext.runAsNonRoot
58
- msg := "Containers must run as non-root"
59
- }
60
- ```
61
-
62
- ### Kubernetes Admission Control
63
-
64
- ```rego
65
- # Policy: Block privileged containers
66
- package kubernetes.admission
67
-
68
- deny[msg] {
69
- input.request.kind.kind == "Pod"
70
- container := input.request.object.spec.containers[_]
71
- container.securityContext.privileged
72
- msg := sprintf("Privileged container not allowed: %v", [container.name])
73
- }
74
-
75
- # Policy: Require resource limits
76
- deny[msg] {
77
- input.request.kind.kind == "Deployment"
78
- container := input.request.object.spec.template.spec.containers[_]
79
- not container.resources.limits.memory
80
- msg := sprintf("Container %v must have memory limits", [container.name])
81
- }
82
-
83
- # Policy: Enforce image registry
84
- deny[msg] {
85
- input.request.kind.kind == "Pod"
86
- image := input.request.object.spec.containers[_].image
87
- not startswith(image, "myregistry.com/")
88
- msg := sprintf("Image must be from approved registry: %v", [image])
89
- }
90
- ```
91
-
92
- ## Gatekeeper
93
-
94
- ### Installation
95
-
96
- ```bash
97
- kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
98
- ```
99
-
100
- ### Constraint Templates
101
-
102
- **Block Privileged Containers:**
103
- ```yaml
104
- apiVersion: templates.gatekeeper.sh/v1
105
- kind: ConstraintTemplate
106
- metadata:
107
- name: k8sblockprivileged
108
- spec:
109
- crd:
110
- spec:
111
- names:
112
- kind: K8sBlockPrivileged
113
- targets:
114
- - target: admission.k8s.gatekeeper.sh
115
- rego: |
116
- package k8sblockprivileged
117
-
118
- violation[{"msg": msg}] {
119
- container := input.review.object.spec.containers[_]
120
- container.securityContext.privileged
121
- msg := sprintf("Privileged container not allowed: %v", [container.name])
122
- }
123
-
124
- violation[{"msg": msg}] {
125
- container := input.review.object.spec.initContainers[_]
126
- container.securityContext.privileged
127
- msg := sprintf("Privileged init container not allowed: %v", [container.name])
128
- }
129
- ```
130
-
131
- **Require Labels:**
132
- ```yaml
133
- apiVersion: templates.gatekeeper.sh/v1
134
- kind: ConstraintTemplate
135
- metadata:
136
- name: k8srequiredlabels
137
- spec:
138
- crd:
139
- spec:
140
- names:
141
- kind: K8sRequiredLabels
142
- validation:
143
- openAPIV3Schema:
144
- properties:
145
- labels:
146
- type: array
147
- items:
148
- type: string
149
- targets:
150
- - target: admission.k8s.gatekeeper.sh
151
- rego: |
152
- package k8srequiredlabels
153
-
154
- violation[{"msg": msg}] {
155
- provided := {label | input.review.object.metadata.labels[label]}
156
- required := {label | label := input.parameters.labels[_]}
157
- missing := required - provided
158
- count(missing) > 0
159
- msg := sprintf("Missing required labels: %v", [missing])
160
- }
161
- ```
162
-
163
- ### Constraints
164
-
165
- ```yaml
166
- apiVersion: constraints.gatekeeper.sh/v1beta1
167
- kind: K8sBlockPrivileged
168
- metadata:
169
- name: block-privileged-containers
170
- spec:
171
- match:
172
- kinds:
173
- - apiGroups: [""]
174
- kinds: ["Pod"]
175
- excludedNamespaces: ["kube-system"]
176
- enforcementAction: deny
177
- ```
178
-
179
- ```yaml
180
- apiVersion: constraints.gatekeeper.sh/v1beta1
181
- kind: K8sRequiredLabels
182
- metadata:
183
- name: require-standard-labels
184
- spec:
185
- match:
186
- kinds:
187
- - apiGroups: ["apps"]
188
- kinds: ["Deployment", "StatefulSet"]
189
- parameters:
190
- labels:
191
- - "app"
192
- - "environment"
193
- - "owner"
194
- ```
195
-
196
- ### Mutation
197
-
198
- ```yaml
199
- apiVersion: mutations.gatekeeper.sh/v1beta1
200
- kind: Assign
201
- metadata:
202
- name: add-default-labels
203
- spec:
204
- applyTo:
205
- - groups: ["apps"]
206
- kinds: ["Deployment"]
207
- versions: ["v1"]
208
- location: "spec.template.metadata.labels.managed-by"
209
- parameters:
210
- assign:
211
- value: "gatekeeper"
212
- ```
213
-
214
- ## Kyverno
215
-
216
- ### Installation
217
-
218
- ```bash
219
- kubectl create -f https://github.com/kyverno/kyverno/releases/download/v1.10.0/install.yaml
220
- ```
221
-
222
- ### Validation Policies
223
-
224
- **Require Non-Root:**
225
- ```yaml
226
- apiVersion: kyverno.io/v1
227
- kind: ClusterPolicy
228
- metadata:
229
- name: require-non-root
230
- spec:
231
- validationFailureAction: enforce
232
- background: true
233
- rules:
234
- - name: validate-runAsNonRoot
235
- match:
236
- any:
237
- - resources:
238
- kinds:
239
- - Pod
240
- validate:
241
- message: "Containers must run as non-root user"
242
- pattern:
243
- spec:
244
- securityContext:
245
- runAsNonRoot: true
246
- containers:
247
- - securityContext:
248
- runAsNonRoot: true
249
- ```
250
-
251
- **Block Latest Tag:**
252
- ```yaml
253
- apiVersion: kyverno.io/v1
254
- kind: ClusterPolicy
255
- metadata:
256
- name: disallow-latest-tag
257
- spec:
258
- validationFailureAction: enforce
259
- rules:
260
- - name: require-image-tag
261
- match:
262
- any:
263
- - resources:
264
- kinds:
265
- - Pod
266
- validate:
267
- message: "Using 'latest' tag is not allowed"
268
- pattern:
269
- spec:
270
- containers:
271
- - image: "!*:latest"
272
- ```
273
-
274
- **Require Resource Limits:**
275
- ```yaml
276
- apiVersion: kyverno.io/v1
277
- kind: ClusterPolicy
278
- metadata:
279
- name: require-resource-limits
280
- spec:
281
- validationFailureAction: enforce
282
- rules:
283
- - name: validate-resources
284
- match:
285
- any:
286
- - resources:
287
- kinds:
288
- - Deployment
289
- validate:
290
- message: "CPU and memory resources are required"
291
- pattern:
292
- spec:
293
- template:
294
- spec:
295
- containers:
296
- - resources:
297
- requests:
298
- memory: "?*"
299
- cpu: "?*"
300
- limits:
301
- memory: "?*"
302
- cpu: "?*"
303
- ```
304
-
305
- ### Mutation Policies
306
-
307
- **Add Default Network Policy:**
308
- ```yaml
309
- apiVersion: kyverno.io/v1
310
- kind: ClusterPolicy
311
- metadata:
312
- name: add-networkpolicy
313
- spec:
314
- rules:
315
- - name: default-deny-ingress
316
- match:
317
- any:
318
- - resources:
319
- kinds:
320
- - Namespace
321
- generate:
322
- kind: NetworkPolicy
323
- name: default-deny-ingress
324
- namespace: "{{request.object.metadata.name}}"
325
- data:
326
- spec:
327
- podSelector: {}
328
- policyTypes:
329
- - Ingress
330
- ```
331
-
332
- **Inject Sidecar:**
333
- ```yaml
334
- apiVersion: kyverno.io/v1
335
- kind: ClusterPolicy
336
- metadata:
337
- name: inject-logging-sidecar
338
- spec:
339
- rules:
340
- - name: add-fluentd-sidecar
341
- match:
342
- any:
343
- - resources:
344
- kinds:
345
- - Deployment
346
- selector:
347
- matchLabels:
348
- logging: enabled
349
- mutate:
350
- patchStrategicMerge:
351
- spec:
352
- template:
353
- spec:
354
- containers:
355
- - name: fluentd
356
- image: fluent/fluentd:v1.14
357
- volumeMounts:
358
- - name: logs
359
- mountPath: /var/log
360
- ```
361
-
362
- ### Image Verification
363
-
364
- ```yaml
365
- apiVersion: kyverno.io/v1
366
- kind: ClusterPolicy
367
- metadata:
368
- name: verify-image-signature
369
- spec:
370
- validationFailureAction: enforce
371
- webhookTimeoutSeconds: 30
372
- rules:
373
- - name: verify-signature
374
- match:
375
- any:
376
- - resources:
377
- kinds:
378
- - Pod
379
- verifyImages:
380
- - imageReferences:
381
- - "myregistry.com/*"
382
- attestors:
383
- - count: 1
384
- entries:
385
- - keys:
386
- publicKeys: |-
387
- -----BEGIN PUBLIC KEY-----
388
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...
389
- -----END PUBLIC KEY-----
390
- ```
391
-
392
- ## Common Policies
393
-
394
- ### Security Policies
395
-
396
- **Drop All Capabilities:**
397
- ```yaml
398
- apiVersion: kyverno.io/v1
399
- kind: ClusterPolicy
400
- metadata:
401
- name: drop-all-capabilities
402
- spec:
403
- validationFailureAction: enforce
404
- rules:
405
- - name: drop-all
406
- match:
407
- any:
408
- - resources:
409
- kinds: [Pod]
410
- validate:
411
- message: "All capabilities must be dropped"
412
- pattern:
413
- spec:
414
- containers:
415
- - securityContext:
416
- capabilities:
417
- drop:
418
- - ALL
419
- ```
420
-
421
- **Read-Only Root Filesystem:**
422
- ```yaml
423
- apiVersion: kyverno.io/v1
424
- kind: ClusterPolicy
425
- metadata:
426
- name: readonly-root-filesystem
427
- spec:
428
- validationFailureAction: enforce
429
- rules:
430
- - name: validate-readOnlyRootFilesystem
431
- match:
432
- any:
433
- - resources:
434
- kinds: [Pod]
435
- validate:
436
- message: "Root filesystem must be read-only"
437
- pattern:
438
- spec:
439
- containers:
440
- - securityContext:
441
- readOnlyRootFilesystem: true
442
- ```
443
-
444
- ### Compliance Policies
445
-
446
- **PCI-DSS Compliance:**
447
- ```yaml
448
- apiVersion: kyverno.io/v1
449
- kind: ClusterPolicy
450
- metadata:
451
- name: pci-dss-compliance
452
- annotations:
453
- policies.kyverno.io/category: PCI-DSS
454
- spec:
455
- validationFailureAction: enforce
456
- rules:
457
- - name: require-encryption-at-rest
458
- match:
459
- any:
460
- - resources:
461
- kinds: [PersistentVolumeClaim]
462
- validate:
463
- message: "PCI-DSS requires encryption at rest"
464
- pattern:
465
- metadata:
466
- annotations:
467
- encrypted: "true"
468
-
469
- - name: require-tls
470
- match:
471
- any:
472
- - resources:
473
- kinds: [Ingress]
474
- validate:
475
- message: "PCI-DSS requires TLS"
476
- pattern:
477
- spec:
478
- tls:
479
- - hosts:
480
- - "?*"
481
- ```
482
-
483
- ### Cost Optimization
484
-
485
- **Limit Resource Usage:**
486
- ```yaml
487
- apiVersion: kyverno.io/v1
488
- kind: ClusterPolicy
489
- metadata:
490
- name: limit-resources
491
- spec:
492
- validationFailureAction: enforce
493
- rules:
494
- - name: max-memory-limit
495
- match:
496
- any:
497
- - resources:
498
- kinds: [Deployment]
499
- validate:
500
- message: "Memory limit cannot exceed 8Gi"
501
- deny:
502
- conditions:
503
- any:
504
- - key: "{{request.object.spec.template.spec.containers[].resources.limits.memory}}"
505
- operator: GreaterThan
506
- value: 8Gi
507
- ```
508
-
509
- ## Policy Testing
510
-
511
- ### OPA Testing
512
-
513
- ```rego
514
- # policy_test.rego
515
- package kubernetes.admission
516
-
517
- test_privileged_denied {
518
- deny["Privileged container not allowed: nginx"] with input as {
519
- "request": {
520
- "kind": {"kind": "Pod"},
521
- "object": {
522
- "spec": {
523
- "containers": [{
524
- "name": "nginx",
525
- "securityContext": {"privileged": true}
526
- }]
527
- }
528
- }
529
- }
530
- }
531
- }
532
-
533
- test_non_privileged_allowed {
534
- count(deny) == 0 with input as {
535
- "request": {
536
- "kind": {"kind": "Pod"},
537
- "object": {
538
- "spec": {
539
- "containers": [{
540
- "name": "nginx",
541
- "securityContext": {"privileged": false}
542
- }]
543
- }
544
- }
545
- }
546
- }
547
- }
548
- ```
549
-
550
- ```bash
551
- # Run tests
552
- opa test policy.rego policy_test.rego -v
553
- ```
554
-
555
- ### Kyverno Testing
556
-
557
- ```bash
558
- # Test policy against resource
559
- kyverno apply policy.yaml --resource pod.yaml
560
-
561
- # Test in cluster
562
- kubectl create -f test-pod.yaml --dry-run=server
563
- ```
564
-
565
- ## Best Practices
566
-
567
- ### 1. Start with Audit Mode
568
-
569
- ```yaml
570
- spec:
571
- validationFailureAction: audit # Start here
572
- # After validation, change to: enforce
573
- ```
574
-
575
- ### 2. Exclude System Namespaces
576
-
577
- ```yaml
578
- spec:
579
- match:
580
- any:
581
- - resources:
582
- kinds: [Pod]
583
- excludedNamespaces:
584
- - kube-system
585
- - kube-public
586
- - gatekeeper-system
587
- ```
588
-
589
- ### 3. Use Meaningful Messages
590
-
591
- ```yaml
592
- validate:
593
- message: >
594
- Containers must run as non-root user for security.
595
- Set spec.securityContext.runAsNonRoot: true
596
- ```
597
-
598
- ### 4. Test Policies Before Enforcement
599
-
600
- ```bash
601
- # Dry-run test
602
- kubectl create -f resource.yaml --dry-run=server
603
- ```
604
-
605
- ### 5. Monitor Policy Violations
606
-
607
- ```bash
608
- # Gatekeeper violations
609
- kubectl get constraints -A
610
-
611
- # Kyverno policy reports
612
- kubectl get policyreport -A
613
- ```
614
-
615
- ---
616
-
617
- **Related Resources:**
618
- - [compliance-automation.md](compliance-automation.md) - Compliance frameworks
619
- - [container-security.md](container-security.md) - Pod security standards