blockmine 1.24.0 → 1.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (476) hide show
  1. package/CHANGELOG.md +76 -1
  2. package/README.en.md +427 -0
  3. package/README.md +40 -0
  4. package/backend/package.json +2 -2
  5. package/backend/prisma/migrations/20260328173000_add_plugin_source_ref/migration.sql +2 -0
  6. package/backend/prisma/migrations/migration_lock.toml +2 -2
  7. package/backend/prisma/schema.prisma +2 -0
  8. package/backend/src/ai/plugin-assistant-system-prompt.md +664 -5
  9. package/backend/src/api/routes/apiKeys.js +8 -0
  10. package/backend/src/api/routes/bots.js +271 -9
  11. package/backend/src/api/routes/eventGraphs.js +151 -1
  12. package/backend/src/api/routes/health.js +38 -0
  13. package/backend/src/api/routes/nodeRegistry.js +63 -0
  14. package/backend/src/api/routes/plugins.js +254 -29
  15. package/backend/src/api/routes/servers.js +14 -2
  16. package/backend/src/container.js +11 -8
  17. package/backend/src/core/BotCommandLoader.js +161 -0
  18. package/backend/src/core/BotConnection.js +125 -0
  19. package/backend/src/core/BotEventHandlers.js +234 -0
  20. package/backend/src/core/BotIPCHandler.js +445 -0
  21. package/backend/src/core/BotManager.js +15 -7
  22. package/backend/src/core/BotProcess.js +169 -140
  23. package/backend/src/core/EventGraphManager.js +7 -3
  24. package/backend/src/core/GraphDebugHandler.js +229 -0
  25. package/backend/src/core/GraphDebugIPC.js +117 -0
  26. package/backend/src/core/GraphExecutionEngine.js +545 -978
  27. package/backend/src/core/GraphTraversal.js +80 -0
  28. package/backend/src/core/GraphValidation.js +73 -0
  29. package/backend/src/core/NodeDefinition.js +138 -0
  30. package/backend/src/core/NodeRegistry.js +153 -141
  31. package/backend/src/core/PluginLoader.js +83 -3
  32. package/backend/src/core/PluginManager.js +346 -35
  33. package/backend/src/core/RewindSignal.js +9 -0
  34. package/backend/src/core/config/ConfigValidator.js +72 -0
  35. package/backend/src/core/config/FeatureFlags.js +52 -0
  36. package/backend/src/core/config/__tests__/ConfigValidator.test.js +232 -0
  37. package/backend/src/core/domain/entities/Bot.js +39 -0
  38. package/backend/src/core/domain/entities/Command.js +41 -0
  39. package/backend/src/core/domain/entities/EventGraph.js +39 -0
  40. package/backend/src/core/domain/entities/Plugin.js +45 -0
  41. package/backend/src/core/domain/entities/User.js +40 -0
  42. package/backend/src/core/domain/services/DependencyResolver.js +168 -0
  43. package/backend/src/core/domain/services/GraphValidator.js +117 -0
  44. package/backend/src/core/domain/services/PermissionChecker.js +34 -0
  45. package/backend/src/core/domain/services/__tests__/DependencyResolver.test.js +126 -0
  46. package/backend/src/core/domain/valueObjects/BotConfig.js +27 -0
  47. package/backend/src/core/domain/valueObjects/DependencyGraph.js +86 -0
  48. package/backend/src/core/domain/valueObjects/PluginManifest.js +36 -0
  49. package/backend/src/core/errors/BaseError.js +29 -0
  50. package/backend/src/core/errors/ErrorHandler.js +81 -0
  51. package/backend/src/core/errors/__tests__/ErrorHandler.test.js +188 -0
  52. package/backend/src/core/errors/index.js +68 -0
  53. package/backend/src/core/infrastructure/BatchingUtility.js +66 -0
  54. package/backend/src/core/infrastructure/CircuitBreaker.js +103 -0
  55. package/backend/src/core/infrastructure/ConnectionPool.js +81 -0
  56. package/backend/src/core/infrastructure/RateLimiter.js +64 -0
  57. package/backend/src/core/infrastructure/__tests__/BatchingUtility.test.js +86 -0
  58. package/backend/src/core/infrastructure/__tests__/CircuitBreaker.test.js +156 -0
  59. package/backend/src/core/infrastructure/__tests__/ConnectionPool.test.js +146 -0
  60. package/backend/src/core/infrastructure/__tests__/RateLimiter.test.js +171 -0
  61. package/backend/src/core/ipc/botApiFactory.js +72 -0
  62. package/backend/src/core/ipc/ipcMessageTypes.js +115 -0
  63. package/backend/src/core/logging/AuditLogger.js +61 -0
  64. package/backend/src/core/logging/StructuredLogger.js +80 -0
  65. package/backend/src/core/logging/__tests__/StructuredLogger.test.js +213 -0
  66. package/backend/src/core/logging/index.js +7 -0
  67. package/backend/src/core/metrics/MetricsCollector.js +104 -0
  68. package/backend/src/core/metrics/__tests__/MetricsCollector.test.js +131 -0
  69. package/backend/src/core/node-registries/actionsNodes.js +191 -0
  70. package/backend/src/core/node-registries/arraysNodes.js +152 -0
  71. package/backend/src/core/node-registries/botNodes.js +48 -0
  72. package/backend/src/core/node-registries/containerNodes.js +141 -0
  73. package/backend/src/core/node-registries/dataNodes.js +284 -0
  74. package/backend/src/core/node-registries/debugNodes.js +23 -0
  75. package/backend/src/core/node-registries/eventsNodes.js +223 -0
  76. package/backend/src/core/node-registries/flowNodes.js +151 -0
  77. package/backend/src/core/node-registries/furnaceNodes.js +123 -0
  78. package/backend/src/core/node-registries/index.js +108 -0
  79. package/backend/src/core/node-registries/inventory.js +102 -106
  80. package/backend/src/core/node-registries/logicNodes.js +54 -0
  81. package/backend/src/core/node-registries/mathNodes.js +38 -0
  82. package/backend/src/core/node-registries/navigationNodes.js +109 -0
  83. package/backend/src/core/node-registries/objectsNodes.js +90 -0
  84. package/backend/src/core/node-registries/stringsNodes.js +165 -0
  85. package/backend/src/core/node-registries/timeNodes.js +105 -0
  86. package/backend/src/core/node-registries/typeNodes.js +22 -0
  87. package/backend/src/core/node-registries/usersNodes.js +126 -0
  88. package/backend/src/core/nodes/arrays/shuffle.js +14 -0
  89. package/backend/src/core/nodes/bot/get_name.js +8 -0
  90. package/backend/src/core/nodes/bot/stop_bot.js +5 -0
  91. package/backend/src/core/nodes/container/open.js +101 -111
  92. package/backend/src/core/nodes/data/store_read.js +26 -0
  93. package/backend/src/core/nodes/data/store_write.js +23 -0
  94. package/backend/src/core/nodes/event/call_event.js +31 -0
  95. package/backend/src/core/nodes/event/custom_event.js +8 -0
  96. package/backend/src/core/nodes/flow/timer.js +35 -0
  97. package/backend/src/core/nodes/inventory/drop.js +73 -65
  98. package/backend/src/core/nodes/inventory/equip.js +54 -45
  99. package/backend/src/core/nodes/inventory/select_slot.js +48 -46
  100. package/backend/src/core/nodes/navigation/follow.js +54 -51
  101. package/backend/src/core/nodes/navigation/go_to.js +41 -53
  102. package/backend/src/core/nodes/navigation/go_to_entity.js +65 -69
  103. package/backend/src/core/nodes/navigation/go_to_player.js +65 -70
  104. package/backend/src/core/nodes/navigation/stop.js +17 -26
  105. package/backend/src/core/nodes/users/add_to_group.js +24 -0
  106. package/backend/src/core/nodes/users/check_permission.js +26 -0
  107. package/backend/src/core/nodes/users/remove_from_group.js +24 -0
  108. package/backend/src/core/services/BotIPCMessageRouter.js +337 -0
  109. package/backend/src/core/services/BotLifecycleService.js +43 -450
  110. package/backend/src/core/services/CacheManager.js +83 -23
  111. package/backend/src/core/services/CrashRestartManager.js +42 -0
  112. package/backend/src/core/services/DebugSessionManager.js +114 -12
  113. package/backend/src/core/services/EventGraphService.js +69 -0
  114. package/backend/src/core/services/MinecraftBotManager.js +9 -1
  115. package/backend/src/core/services/PluginManagementService.js +84 -0
  116. package/backend/src/core/services/TestModeContext.js +65 -0
  117. package/backend/src/core/services/__tests__/CacheManager.test.js +168 -0
  118. package/backend/src/core/services.js +1 -11
  119. package/backend/src/core/validation/InputValidator.js +167 -0
  120. package/backend/src/core/validation/__tests__/InputValidator.test.js +296 -0
  121. package/backend/src/real-time/botApi/index.js +1 -1
  122. package/backend/src/real-time/socketHandler.js +26 -0
  123. package/backend/src/server.js +21 -6
  124. package/frontend/dist/assets/browser-ponyfill-D8y0Ty7C.js +2 -0
  125. package/frontend/dist/assets/index-CFJLS0dk.css +32 -0
  126. package/frontend/dist/assets/index-D91UGNMG.js +11260 -0
  127. package/frontend/dist/flags/en.svg +32 -0
  128. package/frontend/dist/flags/ru.svg +5 -0
  129. package/frontend/dist/index.html +2 -2
  130. package/frontend/dist/locales/en/admin.json +100 -0
  131. package/frontend/dist/locales/en/api-keys.json +58 -0
  132. package/frontend/dist/locales/en/bots.json +113 -0
  133. package/frontend/dist/locales/en/common.json +53 -0
  134. package/frontend/dist/locales/en/configuration.json +22 -0
  135. package/frontend/dist/locales/en/console.json +10 -0
  136. package/frontend/dist/locales/en/dashboard.json +85 -0
  137. package/frontend/dist/locales/en/dialogs.json +70 -0
  138. package/frontend/dist/locales/en/event-graphs.json +50 -0
  139. package/frontend/dist/locales/en/graph-store.json +70 -0
  140. package/frontend/dist/locales/en/login.json +36 -0
  141. package/frontend/dist/locales/en/management.json +192 -0
  142. package/frontend/dist/locales/en/minecraft-viewer.json +27 -0
  143. package/frontend/dist/locales/en/nodes.json +1132 -0
  144. package/frontend/dist/locales/en/permissions.json +50 -0
  145. package/frontend/dist/locales/en/plugin-detail.json +69 -0
  146. package/frontend/dist/locales/en/plugins.json +329 -0
  147. package/frontend/dist/locales/en/proxies.json +81 -0
  148. package/frontend/dist/locales/en/servers.json +39 -0
  149. package/frontend/dist/locales/en/setup.json +19 -0
  150. package/frontend/dist/locales/en/sidebar.json +195 -0
  151. package/frontend/dist/locales/en/tasks.json +62 -0
  152. package/frontend/dist/locales/en/visual-editor.json +418 -0
  153. package/frontend/dist/locales/en/websocket.json +86 -0
  154. package/frontend/dist/locales/ru/admin.json +100 -0
  155. package/frontend/dist/locales/ru/api-keys.json +58 -0
  156. package/frontend/dist/locales/ru/bots.json +113 -0
  157. package/frontend/dist/locales/ru/common.json +49 -0
  158. package/frontend/dist/locales/ru/configuration.json +22 -0
  159. package/frontend/dist/locales/ru/console.json +10 -0
  160. package/frontend/dist/locales/ru/dashboard.json +85 -0
  161. package/frontend/dist/locales/ru/dialogs.json +70 -0
  162. package/frontend/dist/locales/ru/event-graphs.json +50 -0
  163. package/frontend/dist/locales/ru/graph-store.json +70 -0
  164. package/frontend/dist/locales/ru/login.json +36 -0
  165. package/frontend/dist/locales/ru/management.json +192 -0
  166. package/frontend/dist/locales/ru/minecraft-viewer.json +30 -0
  167. package/frontend/dist/locales/ru/nodes.json +1131 -0
  168. package/frontend/dist/locales/ru/permissions.json +50 -0
  169. package/frontend/dist/locales/ru/plugin-detail.json +49 -0
  170. package/frontend/dist/locales/ru/plugins.json +209 -0
  171. package/frontend/dist/locales/ru/proxies.json +81 -0
  172. package/frontend/dist/locales/ru/servers.json +39 -0
  173. package/frontend/dist/locales/ru/setup.json +19 -0
  174. package/frontend/dist/locales/ru/sidebar.json +195 -0
  175. package/frontend/dist/locales/ru/tasks.json +62 -0
  176. package/frontend/dist/locales/ru/visual-editor.json +420 -0
  177. package/frontend/dist/locales/ru/websocket.json +86 -0
  178. package/frontend/dist/monacoeditorwork/css.worker.bundle.js +7 -7
  179. package/frontend/dist/monacoeditorwork/html.worker.bundle.js +7 -7
  180. package/frontend/dist/monacoeditorwork/json.worker.bundle.js +7 -7
  181. package/frontend/dist/monacoeditorwork/ts.worker.bundle.js +3 -3
  182. package/frontend/package.json +6 -0
  183. package/nul +12 -0
  184. package/package.json +3 -3
  185. package/screen/3dviewer.png +0 -0
  186. package/screen/console.png +0 -0
  187. package/screen/dashboard.png +0 -0
  188. package/screen/graph_collabe.png +0 -0
  189. package/screen/graph_live_debug.png +0 -0
  190. package/screen/language_selector.png +0 -0
  191. package/screen/management_command.png +0 -0
  192. package/screen/node_debug_trace.png +0 -0
  193. package/screen/plugin_/320/276/320/261/320/267/320/276/321/200.png +0 -0
  194. package/screen/websocket.png +0 -0
  195. package/screen//320/275/320/260/321/201/321/202/321/200/320/276/320/271/320/272/320/270_/320/276/321/202/320/264/320/265/320/273/321/214/320/275/321/213/321/205_/320/272/320/276/320/274/320/260/320/275/320/264_/320/272/320/260/320/266/320/264/321/203_/320/272/320/276/320/274/320/260/320/275/320/273/320/264/321/203_/320/274/320/276/320/266/320/275/320/276_/320/275/320/260/321/201/321/202/321/200/320/260/320/270/320/262/320/260/321/202/321/214.png +0 -0
  196. package/screen//320/277/320/273/320/260/320/275/320/270/321/200/320/276/320/262/321/211/320/270/320/272_/320/274/320/276/320/266/320/275/320/276_/320/267/320/260/320/264/320/260/320/262/320/260/321/202/321/214_/320/264/320/265/320/271/321/201/321/202/320/262/320/270/321/217_/320/277/320/276_/320/262/321/200/320/265/320/274/320/265/320/275/320/270.png +0 -0
  197. package/.claude/agents/README.md +0 -469
  198. package/.claude/agents/auth-route-debugger.md +0 -118
  199. package/.claude/agents/auth-route-tester.md +0 -93
  200. package/.claude/agents/auto-error-resolver.md +0 -97
  201. package/.claude/agents/build-optimizer.md +0 -236
  202. package/.claude/agents/code-architect.md +0 -34
  203. package/.claude/agents/code-architecture-reviewer.md +0 -83
  204. package/.claude/agents/code-explorer.md +0 -51
  205. package/.claude/agents/code-refactor-master.md +0 -94
  206. package/.claude/agents/code-reviewer.md +0 -46
  207. package/.claude/agents/cost-optimizer.md +0 -134
  208. package/.claude/agents/deployment-orchestrator.md +0 -113
  209. package/.claude/agents/documentation-architect.md +0 -82
  210. package/.claude/agents/frontend-error-fixer.md +0 -77
  211. package/.claude/agents/iac-code-generator.md +0 -71
  212. package/.claude/agents/incident-responder.md +0 -346
  213. package/.claude/agents/infrastructure-architect.md +0 -31
  214. package/.claude/agents/kubernetes-specialist.md +0 -56
  215. package/.claude/agents/migration-planner.md +0 -181
  216. package/.claude/agents/network-architect.md +0 -196
  217. package/.claude/agents/plan-reviewer.md +0 -52
  218. package/.claude/agents/refactor-planner.md +0 -63
  219. package/.claude/agents/security-scanner.md +0 -102
  220. package/.claude/agents/web-research-specialist.md +0 -78
  221. package/.claude/commands/cost-analysis.md +0 -315
  222. package/.claude/commands/dev-docs-update.md +0 -55
  223. package/.claude/commands/dev-docs.md +0 -51
  224. package/.claude/commands/feature-dev.md +0 -125
  225. package/.claude/commands/incident-debug.md +0 -247
  226. package/.claude/commands/infra-plan.md +0 -81
  227. package/.claude/commands/migration-plan.md +0 -478
  228. package/.claude/commands/route-research-for-testing.md +0 -37
  229. package/.claude/commands/security-review.md +0 -66
  230. package/.claude/hooks/CONFIG.md +0 -448
  231. package/.claude/hooks/README.md +0 -163
  232. package/.claude/hooks/SKILL_ACTIVATION_COMPLETE.md +0 -226
  233. package/.claude/hooks/WINDOWS_HOOKS_README.md +0 -151
  234. package/.claude/hooks/add-skill-activation-banners.ts +0 -132
  235. package/.claude/hooks/comprehensive-skill-test.ts +0 -1315
  236. package/.claude/hooks/error-handling-reminder.sh +0 -12
  237. package/.claude/hooks/error-handling-reminder.ts +0 -222
  238. package/.claude/hooks/k8s-manifest-validator.sh +0 -56
  239. package/.claude/hooks/package-lock.json +0 -556
  240. package/.claude/hooks/package.json +0 -16
  241. package/.claude/hooks/post-tool-use-tracker.ps1 +0 -174
  242. package/.claude/hooks/post-tool-use-tracker.sh +0 -183
  243. package/.claude/hooks/security-policy-check.sh +0 -247
  244. package/.claude/hooks/skill-activation-prompt.ps1 +0 -10
  245. package/.claude/hooks/skill-activation-prompt.sh +0 -10
  246. package/.claude/hooks/skill-activation-prompt.ts +0 -141
  247. package/.claude/hooks/stop-build-check-enhanced.sh +0 -130
  248. package/.claude/hooks/terraform-validator.sh +0 -53
  249. package/.claude/hooks/test-input.json +0 -7
  250. package/.claude/hooks/test-skill-activation.ts +0 -427
  251. package/.claude/hooks/trigger-build-resolver.sh +0 -79
  252. package/.claude/hooks/tsc-check.sh +0 -173
  253. package/.claude/hooks/tsconfig.json +0 -19
  254. package/.claude/settings.json +0 -59
  255. package/.claude/settings.local.json +0 -67
  256. package/.claude/skills/README.md +0 -507
  257. package/.claude/skills/api-engineering/SKILL.md +0 -63
  258. package/.claude/skills/api-engineering/resources/api-versioning.md +0 -88
  259. package/.claude/skills/api-engineering/resources/graphql-patterns.md +0 -106
  260. package/.claude/skills/api-engineering/resources/rate-limiting.md +0 -118
  261. package/.claude/skills/api-engineering/resources/rest-api-design.md +0 -105
  262. package/.claude/skills/backend-dev-guidelines/SKILL.md +0 -306
  263. package/.claude/skills/backend-dev-guidelines/resources/architecture-overview.md +0 -451
  264. package/.claude/skills/backend-dev-guidelines/resources/async-and-errors.md +0 -307
  265. package/.claude/skills/backend-dev-guidelines/resources/complete-examples.md +0 -638
  266. package/.claude/skills/backend-dev-guidelines/resources/configuration.md +0 -275
  267. package/.claude/skills/backend-dev-guidelines/resources/database-patterns.md +0 -224
  268. package/.claude/skills/backend-dev-guidelines/resources/middleware-guide.md +0 -213
  269. package/.claude/skills/backend-dev-guidelines/resources/routing-and-controllers.md +0 -756
  270. package/.claude/skills/backend-dev-guidelines/resources/sentry-and-monitoring.md +0 -336
  271. package/.claude/skills/backend-dev-guidelines/resources/services-and-repositories.md +0 -789
  272. package/.claude/skills/backend-dev-guidelines/resources/testing-guide.md +0 -235
  273. package/.claude/skills/backend-dev-guidelines/resources/validation-patterns.md +0 -754
  274. package/.claude/skills/budget-and-cost-management/SKILL.md +0 -850
  275. package/.claude/skills/build-engineering/SKILL.md +0 -431
  276. package/.claude/skills/build-engineering/resources/artifact-repositories.md +0 -72
  277. package/.claude/skills/build-engineering/resources/build-caching.md +0 -96
  278. package/.claude/skills/build-engineering/resources/build-pipelines.md +0 -105
  279. package/.claude/skills/build-engineering/resources/build-security.md +0 -95
  280. package/.claude/skills/build-engineering/resources/build-systems.md +0 -389
  281. package/.claude/skills/build-engineering/resources/compilation-optimization.md +0 -201
  282. package/.claude/skills/build-engineering/resources/dependency-management.md +0 -73
  283. package/.claude/skills/build-engineering/resources/monorepo-builds.md +0 -110
  284. package/.claude/skills/build-engineering/resources/performance-optimization.md +0 -113
  285. package/.claude/skills/build-engineering/resources/reproducible-builds.md +0 -82
  286. package/.claude/skills/cloud-engineering/SKILL.md +0 -675
  287. package/.claude/skills/cloud-engineering/resources/aws-patterns.md +0 -742
  288. package/.claude/skills/cloud-engineering/resources/azure-patterns.md +0 -714
  289. package/.claude/skills/cloud-engineering/resources/cleared-cloud-environments.md +0 -987
  290. package/.claude/skills/cloud-engineering/resources/cloud-cost-optimization.md +0 -757
  291. package/.claude/skills/cloud-engineering/resources/cloud-networking.md +0 -1058
  292. package/.claude/skills/cloud-engineering/resources/cloud-security-tools.md +0 -1530
  293. package/.claude/skills/cloud-engineering/resources/cloud-security.md +0 -990
  294. package/.claude/skills/cloud-engineering/resources/gcp-patterns.md +0 -758
  295. package/.claude/skills/cloud-engineering/resources/migration-strategies.md +0 -820
  296. package/.claude/skills/cloud-engineering/resources/multi-cloud-strategies.md +0 -670
  297. package/.claude/skills/cloud-engineering/resources/oci-patterns.md +0 -1198
  298. package/.claude/skills/cloud-engineering/resources/serverless-patterns.md +0 -795
  299. package/.claude/skills/cloud-engineering/resources/well-architected-frameworks.md +0 -966
  300. package/.claude/skills/cybersecurity/SKILL.md +0 -409
  301. package/.claude/skills/cybersecurity/resources/security-architecture.md +0 -266
  302. package/.claude/skills/database-engineering/SKILL.md +0 -61
  303. package/.claude/skills/database-engineering/resources/backup-and-recovery.md +0 -72
  304. package/.claude/skills/database-engineering/resources/database-replication.md +0 -63
  305. package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md +0 -70
  306. package/.claude/skills/database-engineering/resources/query-optimization.md +0 -68
  307. package/.claude/skills/devsecops/SKILL.md +0 -374
  308. package/.claude/skills/devsecops/resources/ci-cd-security.md +0 -204
  309. package/.claude/skills/devsecops/resources/compliance-automation.md +0 -530
  310. package/.claude/skills/devsecops/resources/compliance-frameworks.md +0 -2322
  311. package/.claude/skills/devsecops/resources/container-security.md +0 -915
  312. package/.claude/skills/devsecops/resources/cspm-integration.md +0 -1440
  313. package/.claude/skills/devsecops/resources/policy-enforcement.md +0 -619
  314. package/.claude/skills/devsecops/resources/secrets-management.md +0 -755
  315. package/.claude/skills/devsecops/resources/security-monitoring.md +0 -146
  316. package/.claude/skills/devsecops/resources/security-scanning.md +0 -887
  317. package/.claude/skills/devsecops/resources/security-testing.md +0 -203
  318. package/.claude/skills/devsecops/resources/supply-chain-security.md +0 -518
  319. package/.claude/skills/devsecops/resources/vulnerability-management.md +0 -481
  320. package/.claude/skills/devsecops/resources/zero-trust-architecture.md +0 -177
  321. package/.claude/skills/documentation-as-code/SKILL.md +0 -323
  322. package/.claude/skills/documentation-as-code/resources/api-documentation.md +0 -90
  323. package/.claude/skills/documentation-as-code/resources/changelog-management.md +0 -79
  324. package/.claude/skills/documentation-as-code/resources/diagram-generation.md +0 -44
  325. package/.claude/skills/documentation-as-code/resources/docs-as-code-workflow.md +0 -99
  326. package/.claude/skills/documentation-as-code/resources/documentation-automation.md +0 -68
  327. package/.claude/skills/documentation-as-code/resources/documentation-sites.md +0 -79
  328. package/.claude/skills/documentation-as-code/resources/markdown-best-practices.md +0 -162
  329. package/.claude/skills/documentation-as-code/resources/openapi-specification.md +0 -77
  330. package/.claude/skills/documentation-as-code/resources/readme-engineering.md +0 -60
  331. package/.claude/skills/documentation-as-code/resources/technical-writing-guide.md +0 -202
  332. package/.claude/skills/engineering-management/SKILL.md +0 -356
  333. package/.claude/skills/engineering-management/resources/career-ladders.md +0 -609
  334. package/.claude/skills/engineering-management/resources/hiring-and-assessment.md +0 -555
  335. package/.claude/skills/engineering-management/resources/one-on-one-guides.md +0 -609
  336. package/.claude/skills/engineering-management/resources/resource-planning.md +0 -557
  337. package/.claude/skills/engineering-management/resources/team-organization-patterns.md +0 -491
  338. package/.claude/skills/engineering-management/resources/technical-interviews.md +0 -474
  339. package/.claude/skills/engineering-operations-management/SKILL.md +0 -817
  340. package/.claude/skills/error-tracking/SKILL.md +0 -379
  341. package/.claude/skills/frontend-design/SKILL.md +0 -42
  342. package/.claude/skills/frontend-dev-guidelines/SKILL.md +0 -403
  343. package/.claude/skills/frontend-dev-guidelines/resources/common-patterns.md +0 -331
  344. package/.claude/skills/frontend-dev-guidelines/resources/complete-examples.md +0 -872
  345. package/.claude/skills/frontend-dev-guidelines/resources/component-patterns.md +0 -502
  346. package/.claude/skills/frontend-dev-guidelines/resources/data-fetching.md +0 -767
  347. package/.claude/skills/frontend-dev-guidelines/resources/file-organization.md +0 -502
  348. package/.claude/skills/frontend-dev-guidelines/resources/loading-and-error-states.md +0 -501
  349. package/.claude/skills/frontend-dev-guidelines/resources/performance.md +0 -406
  350. package/.claude/skills/frontend-dev-guidelines/resources/routing-guide.md +0 -364
  351. package/.claude/skills/frontend-dev-guidelines/resources/styling-guide.md +0 -428
  352. package/.claude/skills/frontend-dev-guidelines/resources/typescript-standards.md +0 -418
  353. package/.claude/skills/general-it-engineering/SKILL.md +0 -393
  354. package/.claude/skills/general-it-engineering/resources/asset-management.md +0 -712
  355. package/.claude/skills/general-it-engineering/resources/automation-orchestration.md +0 -817
  356. package/.claude/skills/general-it-engineering/resources/business-continuity.md +0 -786
  357. package/.claude/skills/general-it-engineering/resources/change-management.md +0 -715
  358. package/.claude/skills/general-it-engineering/resources/enterprise-monitoring.md +0 -729
  359. package/.claude/skills/general-it-engineering/resources/help-desk-operations.md +0 -738
  360. package/.claude/skills/general-it-engineering/resources/incident-service-management.md +0 -834
  361. package/.claude/skills/general-it-engineering/resources/it-governance.md +0 -753
  362. package/.claude/skills/general-it-engineering/resources/itil-framework.md +0 -503
  363. package/.claude/skills/general-it-engineering/resources/service-management.md +0 -669
  364. package/.claude/skills/infrastructure-architecture/SKILL.md +0 -328
  365. package/.claude/skills/infrastructure-architecture/resources/architecture-decision-records.md +0 -505
  366. package/.claude/skills/infrastructure-architecture/resources/architecture-patterns.md +0 -528
  367. package/.claude/skills/infrastructure-architecture/resources/capacity-planning.md +0 -453
  368. package/.claude/skills/infrastructure-architecture/resources/cleared-environment-architecture.md +0 -773
  369. package/.claude/skills/infrastructure-architecture/resources/cost-architecture.md +0 -499
  370. package/.claude/skills/infrastructure-architecture/resources/data-architecture.md +0 -501
  371. package/.claude/skills/infrastructure-architecture/resources/disaster-recovery.md +0 -535
  372. package/.claude/skills/infrastructure-architecture/resources/migration-architecture.md +0 -512
  373. package/.claude/skills/infrastructure-architecture/resources/multi-region-design.md +0 -608
  374. package/.claude/skills/infrastructure-architecture/resources/reference-architectures.md +0 -562
  375. package/.claude/skills/infrastructure-architecture/resources/security-architecture.md +0 -538
  376. package/.claude/skills/infrastructure-architecture/resources/system-design-principles.md +0 -489
  377. package/.claude/skills/infrastructure-architecture/resources/workload-classification.md +0 -1000
  378. package/.claude/skills/infrastructure-strategy/SKILL.md +0 -924
  379. package/.claude/skills/network-engineering/SKILL.md +0 -385
  380. package/.claude/skills/network-engineering/resources/dns-management.md +0 -738
  381. package/.claude/skills/network-engineering/resources/load-balancing.md +0 -820
  382. package/.claude/skills/network-engineering/resources/network-architecture.md +0 -546
  383. package/.claude/skills/network-engineering/resources/network-security.md +0 -921
  384. package/.claude/skills/network-engineering/resources/network-troubleshooting.md +0 -749
  385. package/.claude/skills/network-engineering/resources/routing-switching.md +0 -373
  386. package/.claude/skills/network-engineering/resources/sdn-networking.md +0 -695
  387. package/.claude/skills/network-engineering/resources/service-mesh-networking.md +0 -777
  388. package/.claude/skills/network-engineering/resources/tcp-ip-protocols.md +0 -444
  389. package/.claude/skills/network-engineering/resources/vpn-connectivity.md +0 -672
  390. package/.claude/skills/node-development/SKILL.md +0 -317
  391. package/.claude/skills/observability-engineering/SKILL.md +0 -101
  392. package/.claude/skills/observability-engineering/resources/apm-tools.md +0 -97
  393. package/.claude/skills/observability-engineering/resources/correlation-strategies.md +0 -87
  394. package/.claude/skills/observability-engineering/resources/distributed-tracing.md +0 -98
  395. package/.claude/skills/observability-engineering/resources/logs-aggregation.md +0 -118
  396. package/.claude/skills/observability-engineering/resources/observability-cost-optimization.md +0 -141
  397. package/.claude/skills/observability-engineering/resources/opentelemetry.md +0 -110
  398. package/.claude/skills/platform-engineering/SKILL.md +0 -555
  399. package/.claude/skills/platform-engineering/resources/architecture-overview.md +0 -600
  400. package/.claude/skills/platform-engineering/resources/container-orchestration.md +0 -916
  401. package/.claude/skills/platform-engineering/resources/cost-optimization.md +0 -634
  402. package/.claude/skills/platform-engineering/resources/developer-platforms.md +0 -670
  403. package/.claude/skills/platform-engineering/resources/gitops-automation.md +0 -650
  404. package/.claude/skills/platform-engineering/resources/infrastructure-as-code.md +0 -778
  405. package/.claude/skills/platform-engineering/resources/infrastructure-standards.md +0 -708
  406. package/.claude/skills/platform-engineering/resources/multi-tenancy.md +0 -602
  407. package/.claude/skills/platform-engineering/resources/platform-security.md +0 -711
  408. package/.claude/skills/platform-engineering/resources/resource-management.md +0 -592
  409. package/.claude/skills/platform-engineering/resources/service-mesh.md +0 -628
  410. package/.claude/skills/release-engineering/SKILL.md +0 -393
  411. package/.claude/skills/release-engineering/resources/artifact-management.md +0 -108
  412. package/.claude/skills/release-engineering/resources/build-optimization.md +0 -84
  413. package/.claude/skills/release-engineering/resources/ci-cd-pipelines.md +0 -411
  414. package/.claude/skills/release-engineering/resources/deployment-strategies.md +0 -197
  415. package/.claude/skills/release-engineering/resources/pipeline-security.md +0 -62
  416. package/.claude/skills/release-engineering/resources/progressive-delivery.md +0 -83
  417. package/.claude/skills/release-engineering/resources/release-automation.md +0 -68
  418. package/.claude/skills/release-engineering/resources/release-orchestration.md +0 -77
  419. package/.claude/skills/release-engineering/resources/rollback-strategies.md +0 -66
  420. package/.claude/skills/release-engineering/resources/versioning-strategies.md +0 -59
  421. package/.claude/skills/route-tester/SKILL.md +0 -392
  422. package/.claude/skills/skill-developer/ADVANCED.md +0 -197
  423. package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +0 -306
  424. package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +0 -152
  425. package/.claude/skills/skill-developer/SKILL.md +0 -430
  426. package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +0 -315
  427. package/.claude/skills/skill-developer/TRIGGER_TYPES.md +0 -305
  428. package/.claude/skills/skill-developer/TROUBLESHOOTING.md +0 -514
  429. package/.claude/skills/skill-rules.json +0 -2989
  430. package/.claude/skills/sre/SKILL.md +0 -464
  431. package/.claude/skills/sre/resources/alerting-best-practices.md +0 -282
  432. package/.claude/skills/sre/resources/capacity-planning.md +0 -226
  433. package/.claude/skills/sre/resources/chaos-engineering.md +0 -193
  434. package/.claude/skills/sre/resources/disaster-recovery.md +0 -232
  435. package/.claude/skills/sre/resources/incident-management.md +0 -436
  436. package/.claude/skills/sre/resources/observability-stack.md +0 -240
  437. package/.claude/skills/sre/resources/on-call-runbooks.md +0 -167
  438. package/.claude/skills/sre/resources/performance-optimization.md +0 -108
  439. package/.claude/skills/sre/resources/reliability-patterns.md +0 -183
  440. package/.claude/skills/sre/resources/slo-sli-sla.md +0 -464
  441. package/.claude/skills/sre/resources/toil-reduction.md +0 -145
  442. package/.claude/skills/systems-engineering/SKILL.md +0 -648
  443. package/.claude/skills/systems-engineering/resources/automation-patterns.md +0 -771
  444. package/.claude/skills/systems-engineering/resources/configuration-management.md +0 -998
  445. package/.claude/skills/systems-engineering/resources/linux-administration.md +0 -672
  446. package/.claude/skills/systems-engineering/resources/networking-fundamentals.md +0 -982
  447. package/.claude/skills/systems-engineering/resources/performance-tuning.md +0 -871
  448. package/.claude/skills/systems-engineering/resources/powershell-scripting.md +0 -482
  449. package/.claude/skills/systems-engineering/resources/security-hardening.md +0 -739
  450. package/.claude/skills/systems-engineering/resources/shell-scripting.md +0 -915
  451. package/.claude/skills/systems-engineering/resources/storage-management.md +0 -628
  452. package/.claude/skills/systems-engineering/resources/system-monitoring.md +0 -787
  453. package/.claude/skills/systems-engineering/resources/troubleshooting-guide.md +0 -753
  454. package/.claude/skills/systems-engineering/resources/windows-administration.md +0 -738
  455. package/.claude/skills/technical-leadership/SKILL.md +0 -728
  456. package/backend/docs/SECRETS_DOCUMENTATION.md +0 -327
  457. package/backend/package-lock.json +0 -6801
  458. package/backend/src/core/node-registries/actions.js +0 -202
  459. package/backend/src/core/node-registries/arrays.js +0 -155
  460. package/backend/src/core/node-registries/bot.js +0 -23
  461. package/backend/src/core/node-registries/container.js +0 -162
  462. package/backend/src/core/node-registries/data.js +0 -290
  463. package/backend/src/core/node-registries/debug.js +0 -26
  464. package/backend/src/core/node-registries/events.js +0 -201
  465. package/backend/src/core/node-registries/flow.js +0 -139
  466. package/backend/src/core/node-registries/furnace.js +0 -143
  467. package/backend/src/core/node-registries/logic.js +0 -62
  468. package/backend/src/core/node-registries/math.js +0 -42
  469. package/backend/src/core/node-registries/navigation.js +0 -111
  470. package/backend/src/core/node-registries/objects.js +0 -98
  471. package/backend/src/core/node-registries/strings.js +0 -187
  472. package/backend/src/core/node-registries/time.js +0 -113
  473. package/backend/src/core/node-registries/type.js +0 -25
  474. package/backend/src/core/node-registries/users.js +0 -79
  475. package/frontend/dist/assets/index-BC-NbKXi.css +0 -32
  476. package/frontend/dist/assets/index-DqJXZMHY.js +0 -11266
package/.claude/skills/devsecops/resources/vulnerability-management.md DELETED
@@ -1,481 +0,0 @@
1
- # Vulnerability Management
2
-
3
- CVE tracking, patching strategies, vulnerability databases, remediation workflows, and continuous vulnerability assessment.
4
-
5
- ## Table of Contents
6
-
7
- - [Overview](#overview)
8
- - [CVE Tracking](#cve-tracking)
9
- - [Vulnerability Databases](#vulnerability-databases)
10
- - [Patching Strategies](#patching-strategies)
11
- - [Remediation Workflows](#remediation-workflows)
12
- - [Metrics and Reporting](#metrics-and-reporting)
13
- - [Best Practices](#best-practices)
14
-
15
- ## Overview
16
-
17
- **Vulnerability Management Lifecycle:**
18
-
19
- ```
20
- Discover → Prioritize → Remediate → Verify → Report
21
- ↑ ↓
22
- └───────────────────────────────────────────┘
23
- Continuous Monitoring
24
- ```
25
-
26
- ## CVE Tracking
27
-
28
- ### Vulnerability Severity
29
-
30
- **CVSS Scoring:**
31
- ```
32
- CRITICAL (9.0-10.0): Immediate action required (< 24 hours)
33
- HIGH (7.0-8.9): Fix within 7 days
34
- MEDIUM (4.0-6.9): Fix within 30 days
35
- LOW (0.1-3.9): Fix when convenient
36
- ```
37
-
38
- ### Automated Scanning
39
-
40
- ```yaml
41
- # .github/workflows/vuln-scan.yml
42
- name: Vulnerability Scanning
43
-
44
- on:
45
- schedule:
46
- - cron: '0 0 * * *' # Daily
47
- push:
48
- branches: [main]
49
-
50
- jobs:
51
- scan-dependencies:
52
- runs-on: ubuntu-latest
53
- steps:
54
- - uses: actions/checkout@v3
55
-
56
- - name: Scan with Trivy
57
- uses: aquasecurity/trivy-action@master
58
- with:
59
- scan-type: 'fs'
60
- format: 'json'
61
- output: 'trivy-results.json'
62
-
63
- - name: Parse and Create Issues
64
- run: |
65
- jq -r '.Results[] | select(.Vulnerabilities) |
66
- .Vulnerabilities[] |
67
- select(.Severity == "CRITICAL" or .Severity == "HIGH") |
68
- "[\(.Severity)] \(.VulnerabilityID): \(.PkgName) \(.InstalledVersion)"' \
69
- trivy-results.json
70
- ```
71
-
72
- ## Vulnerability Databases
73
-
74
- ### National Vulnerability Database (NVD)
75
-
76
- ```python
77
- import requests
78
-
79
- def get_cve_details(cve_id):
80
- url = f"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId={cve_id}"
81
- response = requests.get(url)
82
- data = response.json()
83
-
84
- cve = data['vulnerabilities'][0]['cve']
85
-
86
- return {
87
- 'id': cve_id,
88
- 'description': cve['descriptions'][0]['value'],
89
- 'cvss_score': cve['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'],
90
- 'severity': cve['metrics']['cvssMetricV31'][0]['cvssData']['baseSeverity'],
91
- 'published': cve['published'],
92
- 'last_modified': cve['lastModified']
93
- }
94
-
95
- # Usage
96
- cve_info = get_cve_details('CVE-2023-12345')
97
- ```
98
-
99
- ### GitHub Security Advisories
100
-
101
- ```bash
102
- # Query GitHub API for advisories
103
- curl -H "Authorization: token $GITHUB_TOKEN" \
104
- https://api.github.com/advisories?ecosystem=npm
105
-
106
- # Get specific advisory
107
- curl -H "Authorization: token $GITHUB_TOKEN" \
108
- https://api.github.com/advisories/GHSA-xxxx-yyyy-zzzz
109
- ```
110
-
111
- ## Patching Strategies
112
-
113
- ### Automated Dependency Updates
114
-
115
- **Dependabot Configuration:**
116
- ```yaml
117
- # .github/dependabot.yml
118
- version: 2
119
- updates:
120
- - package-ecosystem: "npm"
121
- directory: "/"
122
- schedule:
123
- interval: "daily"
124
- open-pull-requests-limit: 10
125
-
126
- # Auto-merge patch updates
127
- target-branch: "main"
128
-
129
- # Group updates
130
- groups:
131
- dev-dependencies:
132
- patterns:
133
- - "@types/*"
134
- - "eslint*"
135
- update-types:
136
- - "patch"
137
- - "minor"
138
-
139
- - package-ecosystem: "docker"
140
- directory: "/"
141
- schedule:
142
- interval: "weekly"
143
- ```
144
-
145
- **Renovate Configuration:**
146
- ```json
147
- {
148
- "extends": ["config:base"],
149
- "schedule": ["after 10pm every weekday", "before 5am every weekday"],
150
- "timezone": "America/New_York",
151
- "vulnerabilityAlerts": {
152
- "labels": ["security"],
153
- "assignees": ["@security-team"]
154
- },
155
- "packageRules": [
156
- {
157
- "matchUpdateTypes": ["patch"],
158
- "automerge": true
159
- },
160
- {
161
- "matchPackagePatterns": ["^@types/"],
162
- "automerge": true
163
- },
164
- {
165
- "matchDepTypes": ["devDependencies"],
166
- "automerge": true,
167
- "matchUpdateTypes": ["minor", "patch"]
168
- }
169
- ]
170
- }
171
- ```
172
-
173
- ### Patch Testing
174
-
175
- ```yaml
176
- # .github/workflows/patch-test.yml
177
- name: Test Security Patches
178
-
179
- on:
180
- pull_request:
181
- paths:
182
- - 'package*.json'
183
- - 'requirements.txt'
184
- - 'go.mod'
185
-
186
- jobs:
187
- test-patch:
188
- runs-on: ubuntu-latest
189
- steps:
190
- - uses: actions/checkout@v3
191
-
192
- - name: Install dependencies
193
- run: npm ci
194
-
195
- - name: Run tests
196
- run: npm test
197
-
198
- - name: Run security scan
199
- run: npm audit --audit-level=moderate
200
-
201
- - name: Check for breaking changes
202
- run: npm run test:integration
203
-
204
- - name: Auto-approve if patch
205
- if: contains(github.event.pull_request.title, '[PATCH]')
206
- run: gh pr review --approve
207
- env:
208
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
209
- ```
210
-
211
- ## Remediation Workflows
212
-
213
- ### Vulnerability Triage
214
-
215
- ```yaml
216
- # vulnerability-triage.yaml
217
- workflow:
218
- 1_discovery:
219
- - Automated scanning (daily)
220
- - Manual security research
221
- - Third-party advisories
222
-
223
- 2_assessment:
224
- - CVSS score
225
- - Exploitability
226
- - Attack surface
227
- - Data sensitivity
228
- - Business impact
229
-
230
- 3_prioritization:
231
- critical:
232
- sla: 24 hours
233
- process: Emergency patch
234
- high:
235
- sla: 7 days
236
- process: Scheduled patch
237
- medium:
238
- sla: 30 days
239
- process: Regular maintenance
240
- low:
241
- sla: 90 days
242
- process: Backlog
243
-
244
- 4_remediation:
245
- - Update dependency
246
- - Apply patch
247
- - Implement workaround
248
- - Accept risk (with approval)
249
-
250
- 5_verification:
251
- - Rescan
252
- - Test functionality
253
- - Validate fix
254
-
255
- 6_closure:
256
- - Document resolution
257
- - Update tracking
258
- - Close ticket
259
- ```
260
-
261
- ### Issue Template
262
-
263
- ```yaml
264
- # .github/ISSUE_TEMPLATE/security-vulnerability.yml
265
- name: Security Vulnerability
266
- description: Report a security vulnerability
267
- labels: ["security", "vulnerability"]
268
- assignees: ["security-team"]
269
-
270
- body:
271
- - type: input
272
- id: cve
273
- attributes:
274
- label: CVE ID
275
- description: CVE identifier if available
276
- placeholder: CVE-2023-12345
277
-
278
- - type: dropdown
279
- id: severity
280
- attributes:
281
- label: Severity
282
- options:
283
- - Critical
284
- - High
285
- - Medium
286
- - Low
287
-
288
- - type: input
289
- id: package
290
- attributes:
291
- label: Affected Package
292
- placeholder: lodash@4.17.20
293
-
294
- - type: textarea
295
- id: description
296
- attributes:
297
- label: Description
298
- description: Vulnerability details
299
-
300
- - type: textarea
301
- id: remediation
302
- attributes:
303
- label: Remediation
304
- description: Proposed fix
305
- placeholder: Update to lodash@4.17.21
306
-
307
- - type: dropdown
308
- id: exploitable
309
- attributes:
310
- label: Exploitability
311
- options:
312
- - Publicly exploited
313
- - Proof of concept available
314
- - Theoretical
315
- - Unknown
316
- ```
317
-
318
- ### Automated Remediation
319
-
320
- ```typescript
321
- // auto-remediate.ts
322
- import { Octokit } from '@octokit/rest';
323
- import { exec } from 'child_process';
324
- import { promisify } from 'util';
325
-
326
- const execAsync = promisify(exec);
327
-
328
- async function autoRemediate(vulnerability: Vulnerability) {
329
- const { package, currentVersion, fixedVersion, severity } = vulnerability;
330
-
331
- // Only auto-remediate patch updates
332
- if (severity === 'LOW' && isPatchUpdate(currentVersion, fixedVersion)) {
333
- // Create branch
334
- await execAsync(`git checkout -b auto-fix/${package}-${fixedVersion}`);
335
-
336
- // Update dependency
337
- await execAsync(`npm install ${package}@${fixedVersion}`);
338
-
339
- // Run tests
340
- const { stdout: testOutput } = await execAsync('npm test');
341
-
342
- if (testOutput.includes('PASS')) {
343
- // Create PR
344
- const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN });
345
-
346
- await octokit.pulls.create({
347
- owner: 'myorg',
348
- repo: 'myrepo',
349
- title: `[AUTO] Update ${package} to ${fixedVersion}`,
350
- head: `auto-fix/${package}-${fixedVersion}`,
351
- base: 'main',
352
- body: `Automated security patch for ${package}\n\nFixes: ${vulnerability.cve}`,
353
- labels: ['security', 'automated']
354
- });
355
- }
356
- }
357
- }
358
- ```
359
-
360
- ## Metrics and Reporting
361
-
362
- ### KPIs
363
-
364
- ```typescript
365
- // security-metrics.ts
366
- interface SecurityMetrics {
367
- // Vulnerability metrics
368
- totalVulnerabilities: number;
369
- bySeverity: {
370
- critical: number;
371
- high: number;
372
- medium: number;
373
- low: number;
374
- };
375
-
376
- // Remediation metrics
377
- meanTimeToRemediate: {
378
- critical: number; // hours
379
- high: number; // days
380
- medium: number;
381
- low: number;
382
- };
383
-
384
- // SLA compliance
385
- slaCompliance: {
386
- critical: number; // percentage
387
- high: number;
388
- medium: number;
389
- low: number;
390
- };
391
-
392
- // Trends
393
- newVulnerabilities: number; // this week
394
- remediatedVulnerabilities: number;
395
- openVulnerabilities: number;
396
-
397
- // Coverage
398
- scanCoverage: number; // percentage of projects scanned
399
- lastScanTime: Date;
400
- }
401
- ```
402
-
403
- ### Dashboard
404
-
405
- ```yaml
406
- # Grafana dashboard config
407
- dashboard:
408
- title: Vulnerability Management
409
- panels:
410
- - title: Open Vulnerabilities by Severity
411
- type: graph
412
- metrics:
413
- - critical_vulns
414
- - high_vulns
415
- - medium_vulns
416
- - low_vulns
417
-
418
- - title: Mean Time to Remediate
419
- type: stat
420
- metrics:
421
- - avg(remediation_time_hours) by severity
422
-
423
- - title: SLA Compliance
424
- type: gauge
425
- metrics:
426
- - sla_compliance_percentage
427
-
428
- - title: Vulnerability Trend
429
- type: graph
430
- metrics:
431
- - new_vulns_weekly
432
- - remediated_vulns_weekly
433
- ```
434
-
435
- ## Best Practices
436
-
437
- ### 1. Continuous Scanning
438
-
439
- ```bash
440
- # Scan on every commit
441
- # Scan daily for new vulnerabilities
442
- # Scan on dependency changes
443
- ```
444
-
445
- ### 2. Risk-Based Prioritization
446
-
447
- ```yaml
448
- priority_matrix:
449
- critical_severity + internet_exposed: P0 (immediate)
450
- high_severity + production: P1 (24h)
451
- medium_severity + production: P2 (7d)
452
- low_severity: P3 (30d)
453
- ```
454
-
455
- ### 3. Defense in Depth
456
-
457
- ```
458
- Layer 1: Prevent (automated updates)
459
- Layer 2: Detect (scanning)
460
- Layer 3: Respond (remediation)
461
- Layer 4: Monitor (runtime protection)
462
- ```
463
-
464
- ### 4. Document Exceptions
465
-
466
- ```yaml
467
- # vulnerability-exceptions.yaml
468
- exceptions:
469
- - cve: CVE-2023-12345
470
- package: old-library@1.0.0
471
- reason: No fix available, mitigated by network policy
472
- mitigation: Network policy blocks external access
473
- approved_by: security-team
474
- expires: 2024-12-31
475
- ```
476
-
477
- ---
478
-
479
- **Related Resources:**
480
- - [security-scanning.md](security-scanning.md) - Scanning tools and techniques
481
- - [supply-chain-security.md](supply-chain-security.md) - Dependency security
package/.claude/skills/devsecops/resources/zero-trust-architecture.md DELETED
@@ -1,177 +0,0 @@
1
- # Zero Trust Architecture
2
-
3
- Service-to-service authentication with mTLS, network policies, identity-based access control, and zero-trust security model implementation.
4
-
5
- ## Table of Contents
6
-
7
- - [Overview](#overview)
8
- - [Service-to-Service Authentication](#service-to-service-authentication)
9
- - [Network Policies](#network-policies)
10
- - [Identity-Based Access](#identity-based-access)
11
- - [Implementation](#implementation)
12
-
13
- ## Overview
14
-
15
- **Zero Trust Principles:**
16
-
17
- ```
18
- 1. Never trust, always verify
19
- 2. Assume breach
20
- 3. Verify explicitly
21
- 4. Least privilege access
22
- 5. Microsegmentation
23
- ```
24
-
25
- ## Service-to-Service Authentication
26
-
27
- ### mTLS with Istio
28
-
29
- ```yaml
30
- apiVersion: security.istio.io/v1beta1
31
- kind: PeerAuthentication
32
- metadata:
33
- name: default
34
- namespace: production
35
- spec:
36
- mtls:
37
- mode: STRICT
38
- ```
39
-
40
- ### Certificate Management
41
-
42
- ```yaml
43
- apiVersion: cert-manager.io/v1
44
- kind: Certificate
45
- metadata:
46
- name: service-cert
47
- spec:
48
- secretName: service-tls
49
- issuerRef:
50
- name: internal-ca
51
- kind: ClusterIssuer
52
- dnsNames:
53
- - service.production.svc.cluster.local
54
- ```
55
-
56
- ## Network Policies
57
-
58
- **Default Deny:**
59
- ```yaml
60
- apiVersion: networking.k8s.io/v1
61
- kind: NetworkPolicy
62
- metadata:
63
- name: default-deny-all
64
- spec:
65
- podSelector: {}
66
- policyTypes:
67
- - Ingress
68
- - Egress
69
- ```
70
-
71
- **Allow Specific Traffic:**
72
- ```yaml
73
- apiVersion: networking.k8s.io/v1
74
- kind: NetworkPolicy
75
- metadata:
76
- name: api-allow
77
- spec:
78
- podSelector:
79
- matchLabels:
80
- app: api
81
- policyTypes:
82
- - Ingress
83
- ingress:
84
- - from:
85
- - podSelector:
86
- matchLabels:
87
- app: frontend
88
- ports:
89
- - protocol: TCP
90
- port: 8080
91
- ```
92
-
93
- ## Identity-Based Access
94
-
95
- ### Workload Identity
96
-
97
- **GKE:**
98
- ```yaml
99
- apiVersion: v1
100
- kind: ServiceAccount
101
- metadata:
102
- name: myapp
103
- annotations:
104
- iam.gke.io/gcp-service-account: myapp@project.iam.gserviceaccount.com
105
- ```
106
-
107
- **EKS:**
108
- ```yaml
109
- apiVersion: v1
110
- kind: ServiceAccount
111
- metadata:
112
- name: myapp
113
- annotations:
114
- eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/myapp
115
- ```
116
-
117
- ### SPIFFE/SPIRE
118
-
119
- ```bash
120
- # Install SPIRE
121
- kubectl apply -f https://spiffe.io/docs/latest/try/getting-started-k8s.yaml
122
-
123
- # Create registration entry
124
- spire-server entry create \
125
- -parentID spiffe://example.org/k8s-workload-registrar/node \
126
- -spiffeID spiffe://example.org/myapp \
127
- -selector k8s:ns:production \
128
- -selector k8s:pod-label:app:myapp
129
- ```
130
-
131
- ## Implementation
132
-
133
- **Complete Zero Trust Setup:**
134
- ```yaml
135
- # 1. Default deny network policy
136
- apiVersion: networking.k8s.io/v1
137
- kind: NetworkPolicy
138
- metadata:
139
- name: default-deny
140
- spec:
141
- podSelector: {}
142
- policyTypes: [Ingress, Egress]
143
-
144
- ---
145
- # 2. mTLS enforcement
146
- apiVersion: security.istio.io/v1beta1
147
- kind: PeerAuthentication
148
- metadata:
149
- name: strict-mtls
150
- spec:
151
- mtls:
152
- mode: STRICT
153
-
154
- ---
155
- # 3. Authorization policy
156
- apiVersion: security.istio.io/v1beta1
157
- kind: AuthorizationPolicy
158
- metadata:
159
- name: require-jwt
160
- spec:
161
- selector:
162
- matchLabels:
163
- app: api
164
- rules:
165
- - from:
166
- - source:
167
- requestPrincipals: ["*"]
168
- when:
169
- - key: request.auth.claims[iss]
170
- values: ["https://auth.example.com"]
171
- ```
172
-
173
- ---
174
-
175
- **Related Resources:**
176
- - [container-security.md](container-security.md)
177
- - [policy-enforcement.md](policy-enforcement.md)