blockmine 1.24.0 → 1.27.0

package/.claude/skills/database-engineering/SKILL.md

@@ -1,61 +0,0 @@
-# Database Engineering
-
-Guide to PostgreSQL/MySQL administration, query optimization, indexing, replication, and database best practices.
-
-**Note:** This is a foundational version. Community contributions welcome to expand coverage!
-
-## Purpose
-
-Enable teams to effectively manage, optimize, and scale relational databases.
-
-## When to Use This Skill
-
-Automatically activates when working on:
-- Database administration
-- Query optimization and EXPLAIN plans
-- Index design and tuning
-- Database replication setup
-- Backup and restore procedures
-- Database migrations
-- PostgreSQL or MySQL configuration
-
-## Quick Start Checklist
-
-- [ ] Set up database monitoring
-- [ ] Configure automated backups
-- [ ] Create indexes for slow queries
-- [ ] Set up replication (if needed)
-- [ ] Configure connection pooling
-- [ ] Review query performance regularly
-- [ ] Plan migration strategy
-
-## Resource Files
-
-- **[postgresql-fundamentals.md](resources/postgresql-fundamentals.md)** - PostgreSQL basics, configuration, extensions
-- **[query-optimization.md](resources/query-optimization.md)** - EXPLAIN, indexing strategies, query tuning
-- **[database-replication.md](resources/database-replication.md)** - Streaming, logical replication, conflict resolution
-- **[backup-and-recovery.md](resources/backup-and-recovery.md)** - pg_dump, point-in-time recovery, backup strategies
-
-## Best Practices
-
-✅ Monitor slow queries
-✅ Index strategically
-✅ Use connection pooling
-✅ Regular backups with testing
-✅ Replication for high availability
-✅ Optimize for read vs write patterns
-
-## Integration Points
-
-- **backend-dev-guidelines**: ORM usage (Prisma)
-- **sre**: Database monitoring
-- **cloud-engineering**: Managed databases (RDS, Aurora)
-
----
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-🎯 SKILL ACTIVATED: database-engineering
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-
-**Total Resources:** 4 foundational guides (community can expand!)
-**Status:** Basic coverage - contributions welcome

package/.claude/skills/database-engineering/resources/backup-and-recovery.md

@@ -1,72 +0,0 @@
-# Backup and Recovery
-
-Guide to PostgreSQL backup strategies and disaster recovery procedures.
-
-## pg_dump (Logical Backup)
-
-```bash
-# Full database backup
-pg_dump -h localhost -U postgres myapp > backup.sql
-
-# Compressed backup
-pg_dump -h localhost -U postgres myapp | gzip > backup.sql.gz
-
-# Restore
-psql -h localhost -U postgres myapp < backup.sql
-
-# Backup specific tables
-pg_dump -h localhost -U postgres -t users -t orders myapp > tables_backup.sql
-```
-
-## Automated Backups
-
-```bash
-#!/bin/bash
-# daily-backup.sh
-
-DATE=$(date +%Y-%m-%d)
-BACKUP_DIR="/backups"
-DATABASE="myapp"
-
-# Create backup
-pg_dump -h localhost -U postgres $DATABASE | gzip > "$BACKUP_DIR/backup-$DATE.sql.gz"
-
-# Delete backups older than 30 days
-find $BACKUP_DIR -name "backup-*.sql.gz" -mtime +30 -delete
-
-# Upload to S3
-aws s3 cp "$BACKUP_DIR/backup-$DATE.sql.gz" s3://my-backups/
-```
-
-## Point-in-Time Recovery
-
-```ini
-# postgresql.conf
-wal_level = replica
-archive_mode = on
-archive_command = 'cp %p /archive/%f'
-```
-
-```bash
-# Restore to specific point in time
-pg_basebackup -D /var/lib/postgresql/data
-
-# recovery.conf
-restore_command = 'cp /archive/%f %p'
-recovery_target_time = '2024-01-15 14:30:00'
-```
-
-## Best Practices
-
-✅ Automated daily backups
-✅ Test restore procedure regularly
-✅ Store backups off-site (S3, etc.)
-✅ Retain backups for 30+ days
-✅ Monitor backup success
-✅ Document recovery procedures
-
----
-
-**Related Resources:**
-- postgresql-fundamentals.md - PostgreSQL basics
-- database-replication.md - Replication for HA

package/.claude/skills/database-engineering/resources/database-replication.md

@@ -1,63 +0,0 @@
-# Database Replication
-
-Guide to setting up PostgreSQL replication for high availability and read scaling.
-
-## Streaming Replication
-
-```bash
-# Primary server
-# postgresql.conf
-wal_level = replica
-max_wal_senders = 3
-
-# Replica server
-# Create replication slot on primary
-SELECT * FROM pg_create_physical_replication_slot('replica_1');
-
-# Start replica
-pg_basebackup -h primary -D /var/lib/postgresql/data -U replicator -v -P
-
-# standby.signal file indicates replica mode
-touch /var/lib/postgresql/data/standby.signal
-```
-
-## Read Replicas
-
-```typescript
-// Application code
-import { PrismaClient } from '@prisma/client';
-
-const primary = new PrismaClient({
-  datasources: { db: { url: process.env.DATABASE_PRIMARY_URL } }
-});
-
-const replica = new PrismaClient({
-  datasources: { db: { url: process.env.DATABASE_REPLICA_URL } }
-});
-
-// Writes go to primary
-await primary.users.create({ data: { email: 'user@example.com' } });
-
-// Reads can use replica
-const users = await replica.users.findMany();
-```
-
-## Monitoring Replication
-
-```sql
--- Check replication lag
-SELECT
-  client_addr,
-  state,
-  sent_lsn,
-  write_lsn,
-  replay_lsn,
-  sync_state
-FROM pg_stat_replication;
-```
-
----
-
-**Related Resources:**
-- postgresql-fundamentals.md - PostgreSQL basics
-- backup-and-recovery.md - Backup strategies

package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md

@@ -1,70 +0,0 @@
-# PostgreSQL Fundamentals
-
-Basic PostgreSQL administration, configuration, and common operations.
-
-## Installation
-
-```bash
-# Docker
-docker run --name postgres \
-  -e POSTGRES_PASSWORD=mysecretpassword \
-  -p 5432:5432 \
-  -d postgres:15
-
-# Connect
-psql -h localhost -U postgres
-```
-
-## Common Operations
-
-```sql
--- Create database
-CREATE DATABASE myapp;
-
--- Create user
-CREATE USER myapp_user WITH PASSWORD 'secure_password';
-GRANT ALL PRIVILEGES ON DATABASE myapp TO myapp_user;
-
--- Create table
-CREATE TABLE users (
-  id SERIAL PRIMARY KEY,
-  email VARCHAR(255) UNIQUE NOT NULL,
-  created_at TIMESTAMP DEFAULT NOW()
-);
-
--- Create index
-CREATE INDEX idx_users_email ON users(email);
-
--- Vacuum (cleanup)
-VACUUM ANALYZE users;
-```
-
-## Configuration
-
-```ini
-# postgresql.conf
-max_connections = 100
-shared_buffers = 256MB
-effective_cache_size = 1GB
-maintenance_work_mem = 64MB
-work_mem = 4MB
-```
-
-## Extensions
-
-```sql
--- Enable UUID
-CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-
--- Full-text search
-CREATE EXTENSION IF NOT EXISTS pg_trgm;
-
--- PostGIS (geospatial)
-CREATE EXTENSION IF NOT EXISTS postgis;
-```
-
----
-
-**Related Resources:**
-- query-optimization.md - Performance tuning
-- backup-and-recovery.md - Data protection

package/.claude/skills/database-engineering/resources/query-optimization.md

@@ -1,68 +0,0 @@
-# Query Optimization
-
-Guide to optimizing database queries with EXPLAIN, indexing, and query tuning.
-
-## EXPLAIN ANALYZE
-
-```sql
--- See query plan
-EXPLAIN ANALYZE
-SELECT * FROM users
-WHERE email = 'user@example.com';
-
--- Output shows:
--- Seq Scan on users (cost=0.00..1.25 rows=1) (actual time=0.025..0.026 rows=1)
---   Filter: (email = 'user@example.com')
-
--- After adding index:
--- Index Scan using idx_users_email (cost=0.15..8.17 rows=1) (actual time=0.010..0.011 rows=1)
-```
-
-## Index Strategies
-
-```sql
--- Single column index
-CREATE INDEX idx_users_email ON users(email);
-
--- Composite index
-CREATE INDEX idx_orders_user_date ON orders(user_id, created_at);
-
--- Partial index
-CREATE INDEX idx_active_users ON users(email)
-WHERE is_active = true;
-
--- GIN index for JSON
-CREATE INDEX idx_metadata ON users USING GIN (metadata);
-```
-
-## Query Tuning
-
-```sql
--- ❌ Bad: SELECT *
-SELECT * FROM orders WHERE user_id = 123;
-
--- ✅ Good: Select only needed columns
-SELECT id, total, created_at FROM orders WHERE user_id = 123;
-
--- ❌ Bad: N+1 queries
-SELECT * FROM users;
--- Then for each user: SELECT * FROM orders WHERE user_id = ?
-
--- ✅ Good: JOIN
-SELECT u.*, o.* FROM users u
-LEFT JOIN orders o ON o.user_id = u.id;
-```
-
-## Best Practices
-
-✅ Use EXPLAIN ANALYZE for slow queries
-✅ Index foreign keys
-✅ Avoid SELECT *
-✅ Use LIMIT for large result sets
-✅ Consider query caching
-✅ Monitor slow query logs
-
----
-
-**Related Resources:**
-- postgresql-fundamentals.md - Database basics

package/.claude/skills/devsecops/SKILL.md

@@ -1,374 +0,0 @@
-# DevSecOps - Security Integration in Development
-
-Comprehensive guide for integrating security throughout the software development lifecycle. Covers security scanning (SAST, DAST, SCA), container security, secrets management, compliance as code, policy enforcement, vulnerability management, and shift-left security practices.
-
-## Purpose
-
-Enable teams to build secure applications by integrating security practices into every phase of development, from code commit to production deployment.
-
-## When to Use This Skill
-
-Automatically activates when working on:
-- Security scanning and vulnerability assessment
-- Container and image security
-- Secrets management and encryption
-- Policy enforcement and compliance
-- Security automation in CI/CD
-- Threat modeling and security architecture
-- Incident response and security monitoring
-
-## Quick Start Checklist
-
-When implementing DevSecOps practices:
-
-- [ ] Integrate SAST/DAST scanning in CI/CD pipeline
-- [ ] Implement container image scanning
-- [ ] Set up secrets management (never commit secrets)
-- [ ] Define security policies as code (OPA, Kyverno)
-- [ ] Enable dependency scanning (SCA)
-- [ ] Implement runtime security monitoring
-- [ ] Configure security gates in deployment pipeline
-- [ ] Document security requirements and controls
-- [ ] Set up security alerting and incident response
-- [ ] Conduct regular security reviews
-
-## Core Concepts
-
-### Shift-Left Security
-
-**Traditional (Security at End):**
-```
-Develop → Build → Test → Security Review → Deploy
-                              ↑
-                       Found Issues Late!
-```
-
-**DevSecOps (Security Throughout):**
-```
-Develop (IDE security) →
-Build (SAST, secrets scan) →
-Test (DAST, dependency scan) →
-Deploy (policy enforcement, runtime protection)
-    ↓
-Continuous Security Monitoring
-```
-
-### Security as Code
-
-```yaml
-# Security policies defined as code
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: security-baseline
-spec:
-  validationFailureAction: enforce
-  rules:
-  - name: no-privileged-containers
-    match:
-      resources:
-        kinds:
-        - Pod
-    validate:
-      message: "Privileged containers not allowed"
-      pattern:
-        spec:
-          containers:
-          - securityContext:
-              privileged: false
-```
-
-### Security Scanning Types
-
-```
-SAST (Static Application Security Testing):
-  - Analyzes source code
-  - Finds coding vulnerabilities
-  - Tools: SonarQube, Semgrep, CodeQL
-
-DAST (Dynamic Application Security Testing):
-  - Tests running application
-  - Finds runtime vulnerabilities
-  - Tools: OWASP ZAP, Burp Suite
-
-SCA (Software Composition Analysis):
-  - Scans dependencies
-  - Finds known vulnerabilities
-  - Tools: Snyk, Dependabot, Trivy
-
-Container Security:
-  - Scans container images
-  - Base image vulnerabilities
-  - Tools: Trivy, Grype, Clair
-
-Secrets Scanning:
-  - Detects hardcoded secrets
-  - Prevents secret leaks
-  - Tools: GitGuardian, TruffleHog
-```
-
-## Common Patterns
-
-### Pattern 1: CI/CD Security Pipeline
-
-```yaml
-# .github/workflows/security.yaml
-name: Security Scan
-
-on: [push, pull_request]
-
-jobs:
-  secret-scan:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: TruffleHog Secret Scan
-      uses: trufflesecurity/trufflehog@main
-      with:
-        path: ./
-        base: main
-        head: HEAD
-
-  sast:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Run Semgrep
-      uses: returntocorp/semgrep-action@v1
-      with:
-        config: >-
-          p/security-audit
-          p/secrets
-          p/owasp-top-ten
-
-  dependency-scan:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Run Snyk
-      uses: snyk/actions/node@master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        args: --severity-threshold=high
-
-  container-scan:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Build image
-      run: docker build -t ${{ github.repository }}:${{ github.sha }} .
-
-    - name: Run Trivy
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: ${{ github.repository }}:${{ github.sha }}
-        format: 'sarif'
-        severity: 'CRITICAL,HIGH'
-        exit-code: '1'
-
-  security-gate:
-    needs: [secret-scan, sast, dependency-scan, container-scan]
-    runs-on: ubuntu-latest
-    steps:
-    - name: Security gate passed
-      run: echo "All security checks passed"
-```
-
-### Pattern 2: Policy as Code
-
-```yaml
-# OPA/Gatekeeper policy
-apiVersion: templates.gatekeeper.sh/v1
-kind: ConstraintTemplate
-metadata:
-  name: k8sblockprivileged
-spec:
-  crd:
-    spec:
-      names:
-        kind: K8sBlockPrivileged
-  targets:
-  - target: admission.k8s.gatekeeper.sh
-    rego: |
-      package k8sblockprivileged
-
-      violation[{"msg": msg}] {
-        container := input.review.object.spec.containers[_]
-        container.securityContext.privileged
-        msg := sprintf("Privileged container not allowed: %v", [container.name])
-      }
-```
-
-### Pattern 3: Secrets Management
-
-```yaml
-# External Secrets Operator
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: app-secrets
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: vault-backend
-    kind: SecretStore
-  target:
-    name: app-secrets
-  data:
-  - secretKey: api-key
-    remoteRef:
-      key: secret/data/app
-      property: api-key
-  - secretKey: db-password
-    remoteRef:
-      key: secret/data/database
-      property: password
-```
-
-## Resource Files
-
-For detailed guidance on specific topics, see:
-
-### Security Scanning & Testing
-- **[security-scanning.md](resources/security-scanning.md)** - SAST, DAST, SCA implementation, tool comparisons, CI/CD integration
-- **[container-security.md](resources/container-security.md)** - Image scanning, base image selection, vulnerability remediation, registry security
-- **[supply-chain-security.md](resources/supply-chain-security.md)** - SCA tools, SBOM, dependency security, software supply chain attacks
-- **[vulnerability-management.md](resources/vulnerability-management.md)** - Vulnerability scanning, tracking, prioritization, remediation workflows
-- **[security-testing.md](resources/security-testing.md)** - Security testing in CI/CD, penetration testing, security test automation
-
-### Access Control & Secrets
-- **[secrets-management.md](resources/secrets-management.md)** - Vault, AWS Secrets Manager, External Secrets Operator, rotation strategies, encryption
-- **[zero-trust-architecture.md](resources/zero-trust-architecture.md)** - Zero trust principles, identity-based security, service mesh, mTLS
-
-### Policy & Compliance
-- **[policy-enforcement.md](resources/policy-enforcement.md)** - OPA, Gatekeeper, Kyverno, admission controllers, policy testing
-- **[compliance-automation.md](resources/compliance-automation.md)** - Compliance frameworks (SOC2, PCI-DSS, HIPAA), automated audits
-- **[compliance-frameworks.md](resources/compliance-frameworks.md)** - FedRAMP, CMMC, NIST 800-53/800-171, ITAR, CJIS, PCI-DSS, HIPAA, SOC 2, implementation checklists, audit preparation
-- **[cspm-integration.md](resources/cspm-integration.md)** - CSPM tool integration (Prisma Cloud, Wiz, Aqua, Trend Micro), CI/CD pipeline security scanning, policy as code, shift-left security
-
-### CI/CD & Monitoring
-- **[ci-cd-security.md](resources/ci-cd-security.md)** - Secure pipeline design, build security, deployment security, supply chain protection
-- **[security-monitoring.md](resources/security-monitoring.md)** - SIEM, security analytics, threat detection, incident response
-
-## Best Practices
-
-### 1. Never Commit Secrets
-
-```bash
-# Use pre-commit hooks
-# .pre-commit-config.yaml
-repos:
-- repo: https://github.com/trufflesecurity/trufflehog
-  rev: v3.63.0
-  hooks:
-  - id: trufflehog
-    name: TruffleHog
-    entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail'
-```
-
-### 2. Scan Everything
-
-- Source code (SAST)
-- Dependencies (SCA)
-- Container images
-- Infrastructure as code
-- Runtime behavior
-
-### 3. Automate Security Testing
-
-Integrate into CI/CD, fail fast on critical issues.
-
-### 4. Least Privilege Access
-
-Grant minimum necessary permissions.
-
-### 5. Defense in Depth
-
-Multiple layers of security controls.
-
-### 6. Regular Updates
-
-Keep dependencies and base images updated.
-
-### 7. Security Monitoring
-
-Continuous monitoring and alerting.
-
-### 8. Incident Response Plan
-
-Documented procedures for security incidents.
-
-## Anti-Patterns to Avoid
-
-❌ Security only at the end (too late, too expensive)
-❌ Committing secrets to Git
-❌ Ignoring vulnerability scan results
-❌ Using outdated dependencies
-❌ No runtime security monitoring
-❌ Manual security processes
-❌ Privileged containers in production
-❌ Disabled security policies for convenience
-❌ No security training for developers
-❌ Security as blocker instead of enabler
-
-## Common Tasks
-
-### Task: Add Security Scanning to CI/CD
-
-1. Choose scanning tools (SAST, SCA, container)
-2. Add security jobs to CI/CD pipeline
-3. Set severity thresholds
-4. Configure notifications
-5. Document remediation process
-
-### Task: Implement Secrets Management
-
-1. Choose secrets backend (Vault, AWS SM, etc.)
-2. Migrate existing secrets
-3. Implement External Secrets Operator
-4. Set up rotation policies
-5. Remove hardcoded secrets
-
-### Task: Enforce Security Policies
-
-1. Define security requirements
-2. Write policies as code (OPA/Kyverno)
-3. Test policies in non-production
-4. Deploy to production clusters
-5. Monitor policy violations
-
-## Integration Points
-
-This skill integrates with:
-- **platform-engineering**: Infrastructure security, Kubernetes security
-- **sre**: Incident response, monitoring, reliability
-- **release-engineering**: Secure CI/CD pipelines, deployment gates
-- **cloud-engineering**: Cloud security, IAM, encryption
-- **systems-engineering**: OS hardening, network security
-
-## Triggers and Activation
-
-This skill activates when you:
-- Work with security scanning tools
-- Implement secrets management
-- Define security policies
-- Configure compliance frameworks
-- Investigate security vulnerabilities
-- Set up security monitoring
-
----
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-🎯 SKILL ACTIVATED: devsecops
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-
-**Total Resources:** 11 detailed guides covering all aspects of DevSecOps
-**Focus:** Shift-left security, automation, continuous improvement
-**Maintained by:** Security team based on industry best practices and real-world implementations