npm - buildanything - Versions diffs - 1.8.0 → 2.1.1 - Mend

buildanything 1.8.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (494) hide show

package/.claude-plugin/marketplace.json +3 -3
package/.claude-plugin/plugin.json +17 -3
package/CHANGELOG.md +57 -0
package/README.md +57 -61
package/agents/a11y-architect.md +168 -0
package/agents/briefing-officer.md +172 -0
package/agents/business-model.md +82 -29
package/agents/code-architect.md +80 -0
package/agents/code-reviewer.md +256 -0
package/agents/code-simplifier.md +72 -0
package/agents/design-brand-guardian.md +312 -53
package/agents/design-critic.md +144 -0
package/agents/design-inclusive-visuals-specialist.md +8 -19
package/agents/design-ui-designer.md +352 -56
package/agents/design-ux-architect.md +418 -55
package/agents/design-ux-researcher.md +359 -49
package/agents/engineering-ai-engineer.md +28 -36
package/agents/engineering-backend-architect.md +187 -36
package/agents/engineering-data-engineer.md +227 -43
package/agents/engineering-devops-automator.md +229 -74
package/agents/engineering-frontend-developer.md +223 -34
package/agents/engineering-mobile-app-builder.md +8 -1
package/agents/engineering-rapid-prototyper.md +45 -11
package/agents/engineering-security-engineer.md +265 -61
package/agents/engineering-senior-developer.md +141 -19
package/agents/engineering-sre.md +86 -0
package/agents/engineering-technical-writer.md +287 -41
package/agents/feature-intel.md +111 -0
package/agents/ios-app-review-guardian.md +21 -2
package/agents/ios-foundation-models-specialist.md +22 -2
package/agents/ios-product-reality-auditor.md +292 -0
package/agents/ios-storekit-specialist.md +11 -2
package/agents/ios-swift-architect.md +29 -1
package/agents/ios-swift-search.md +9 -1
package/agents/ios-swift-ui-design.md +40 -5
package/agents/marketing-app-store-optimizer.md +248 -64
package/agents/planner.md +221 -0
package/agents/pr-test-analyzer.md +64 -0
package/agents/product-feedback-synthesizer.md +70 -2
package/agents/product-owner.md +163 -0
package/agents/product-reality-auditor.md +216 -0
package/agents/product-spec-writer.md +176 -0
package/agents/refactor-cleaner.md +110 -0
package/agents/security-reviewer.md +129 -0
package/agents/silent-failure-hunter.md +55 -0
package/agents/swift-build-resolver.md +121 -0
package/agents/swift-reviewer.md +113 -0
package/agents/tech-feasibility.md +26 -4
package/agents/testing-api-tester.md +238 -59
package/agents/testing-evidence-collector.md +50 -1
package/agents/testing-performance-benchmarker.md +23 -1
package/agents/testing-reality-checker.md +7 -1
package/agents/visual-research.md +118 -0
package/bin/adapters/cycle-counter-tool.ts +155 -0
package/bin/adapters/scribe-tool.ts +73 -0
package/bin/adapters/state-save-tool.ts +130 -0
package/bin/adapters/write-lease-tool.ts +127 -0
package/bin/buildanything-runtime.js +15 -0
package/bin/buildanything-runtime.ts +241 -0
package/bin/graph-index.js +24 -0
package/bin/graph-index.ts +340 -0
package/bin/mcp-servers/graph-mcp.js +26 -0
package/bin/mcp-servers/graph-mcp.ts +481 -0
package/bin/mcp-servers/orchestrator-mcp.js +26 -0
package/bin/mcp-servers/orchestrator-mcp.ts +361 -0
package/bin/setup.js +312 -76
package/commands/add-feature.md +2 -0
package/commands/build.md +994 -265
package/commands/fix.md +1 -1
package/commands/idea-sweep.md +2 -2
package/commands/self-check.md +121 -0
package/commands/setup.md +61 -9
package/commands/ux-review.md +5 -5
package/commands/verify.md +9 -9
package/docs/migration/agents.yaml +729 -0
package/docs/migration/phase-graph.yaml +1504 -0
package/docs/migration/sdk-host-compat.md +18 -0
package/hooks/compile-writer-owner-cache.ts +171 -0
package/hooks/design-md-lint +4 -0
package/hooks/design-md-lint.ts +295 -0
package/hooks/hooks.json +36 -0
package/hooks/pre-tool-use +19 -0
package/hooks/pre-tool-use.ts +807 -0
package/hooks/record-mode-transitions.ts +235 -0
package/hooks/session-start +71 -1
package/hooks/subagent-start +17 -0
package/hooks/subagent-start.ts +472 -0
package/hooks/subagent-stop +17 -0
package/hooks/subagent-stop.ts +153 -0
package/package.json +26 -4
package/protocols/agent-prompt-authoring.md +165 -0
package/protocols/architecture-schema.md +178 -0
package/protocols/cleanup.md +4 -0
package/protocols/decision-log.md +135 -0
package/protocols/design-md-authoring.md +520 -0
package/protocols/design-md-spec.md +362 -0
package/protocols/fake-data-detector.md +1 -1
package/protocols/ios-context.md +10 -11
package/protocols/ios-fake-data-detector.md +65 -0
package/protocols/ios-phase-branches.md +299 -39
package/protocols/launch-readiness.md +262 -0
package/protocols/metric-loop.md +62 -2
package/protocols/page-spec-schema.md +234 -0
package/protocols/product-spec-schema.md +354 -0
package/protocols/smoke-test.md +9 -1
package/protocols/sprint-tasks-schema.md +53 -0
package/protocols/state-schema.json +423 -0
package/protocols/state-schema.md +202 -0
package/protocols/verify.md +91 -3
package/protocols/web-phase-branches.md +395 -75
package/skills/ios/_VENDORED.md +2 -0
package/skills/ios/app-store-connect-metadata/SKILL.md +148 -0
package/skills/ios/asc-privacy-manifest/SKILL.md +350 -0
package/skills/ios/hig-components-content/SKILL.md +86 -0
package/skills/ios/hig-components-content/references/activity-views.md +79 -0
package/skills/ios/hig-components-content/references/charts.md +180 -0
package/skills/ios/hig-components-content/references/collections.md +48 -0
package/skills/ios/hig-components-content/references/color-wells.md +42 -0
package/skills/ios/hig-components-content/references/image-views.md +82 -0
package/skills/ios/hig-components-content/references/image-wells.md +34 -0
package/skills/ios/hig-components-content/references/lockups.md +78 -0
package/skills/ios/hig-components-content/references/web-views.md +36 -0
package/skills/ios/hig-components-controls/SKILL.md +88 -0
package/skills/ios/hig-components-controls/references/combo-boxes.md +40 -0
package/skills/ios/hig-components-controls/references/controls.md +112 -0
package/skills/ios/hig-components-controls/references/gauges.md +74 -0
package/skills/ios/hig-components-controls/references/labels.md +92 -0
package/skills/ios/hig-components-controls/references/pickers.md +128 -0
package/skills/ios/hig-components-controls/references/rating-indicators.md +38 -0
package/skills/ios/hig-components-controls/references/segmented-controls.md +94 -0
package/skills/ios/hig-components-controls/references/sliders.md +92 -0
package/skills/ios/hig-components-controls/references/steppers.md +40 -0
package/skills/ios/hig-components-controls/references/text-fields.md +88 -0
package/skills/ios/hig-components-controls/references/text-views.md +56 -0
package/skills/ios/hig-components-controls/references/toggles.md +127 -0
package/skills/ios/hig-components-controls/references/token-fields.md +48 -0
package/skills/ios/hig-components-controls/references/virtual-keyboards.md +156 -0
package/skills/ios/hig-components-dialogs/SKILL.md +76 -0
package/skills/ios/hig-components-dialogs/references/action-sheets.md +74 -0
package/skills/ios/hig-components-dialogs/references/alerts.md +158 -0
package/skills/ios/hig-components-dialogs/references/digit-entry-views.md +32 -0
package/skills/ios/hig-components-dialogs/references/popovers.md +81 -0
package/skills/ios/hig-components-dialogs/references/sheets.md +157 -0
package/skills/ios/hig-components-layout/SKILL.md +99 -0
package/skills/ios/hig-components-layout/references/boxes.md +48 -0
package/skills/ios/hig-components-layout/references/column-views.md +44 -0
package/skills/ios/hig-components-layout/references/lists-and-tables.md +99 -0
package/skills/ios/hig-components-layout/references/ornaments.md +56 -0
package/skills/ios/hig-components-layout/references/outline-views.md +64 -0
package/skills/ios/hig-components-layout/references/panels.md +75 -0
package/skills/ios/hig-components-layout/references/scroll-views.md +123 -0
package/skills/ios/hig-components-layout/references/sidebars.md +109 -0
package/skills/ios/hig-components-layout/references/split-views.md +110 -0
package/skills/ios/hig-components-layout/references/tab-bars.md +173 -0
package/skills/ios/hig-components-layout/references/tab-views.md +68 -0
package/skills/ios/hig-components-layout/references/windows.md +188 -0
package/skills/ios/hig-components-menus/SKILL.md +81 -0
package/skills/ios/hig-components-menus/references/action-button.md +61 -0
package/skills/ios/hig-components-menus/references/buttons.md +261 -0
package/skills/ios/hig-components-menus/references/context-menus.md +105 -0
package/skills/ios/hig-components-menus/references/disclosure-controls.md +84 -0
package/skills/ios/hig-components-menus/references/dock-menus.md +40 -0
package/skills/ios/hig-components-menus/references/edit-menus.md +88 -0
package/skills/ios/hig-components-menus/references/menus.md +171 -0
package/skills/ios/hig-components-menus/references/pop-up-buttons.md +70 -0
package/skills/ios/hig-components-menus/references/pull-down-buttons.md +77 -0
package/skills/ios/hig-components-menus/references/the-menu-bar.md +303 -0
package/skills/ios/hig-components-menus/references/toolbars.md +256 -0
package/skills/ios/hig-components-search/SKILL.md +68 -0
package/skills/ios/hig-components-search/references/page-controls.md +120 -0
package/skills/ios/hig-components-search/references/path-controls.md +40 -0
package/skills/ios/hig-components-search/references/search-fields.md +189 -0
package/skills/ios/hig-components-status/SKILL.md +80 -0
package/skills/ios/hig-components-status/references/activity-rings.md +105 -0
package/skills/ios/hig-components-status/references/progress-indicators.md +116 -0
package/skills/ios/hig-components-status/references/status-bars.md +38 -0
package/skills/ios/hig-components-system/SKILL.md +88 -0
package/skills/ios/hig-components-system/references/app-clips.md +387 -0
package/skills/ios/hig-components-system/references/app-shortcuts.md +114 -0
package/skills/ios/hig-components-system/references/complications.md +425 -0
package/skills/ios/hig-components-system/references/home-screen-quick-actions.md +42 -0
package/skills/ios/hig-components-system/references/live-activities.md +442 -0
package/skills/ios/hig-components-system/references/notifications.md +153 -0
package/skills/ios/hig-components-system/references/top-shelf.md +135 -0
package/skills/ios/hig-components-system/references/watch-faces.md +40 -0
package/skills/ios/hig-components-system/references/widgets.md +517 -0
package/skills/ios/hig-foundations/SKILL.md +98 -0
package/skills/ios/hig-foundations/references/accessibility.md +291 -0
package/skills/ios/hig-foundations/references/app-icons.md +210 -0
package/skills/ios/hig-foundations/references/branding.md +44 -0
package/skills/ios/hig-foundations/references/color.md +274 -0
package/skills/ios/hig-foundations/references/dark-mode.md +116 -0
package/skills/ios/hig-foundations/references/icons.md +263 -0
package/skills/ios/hig-foundations/references/images.md +176 -0
package/skills/ios/hig-foundations/references/immersive-experiences.md +174 -0
package/skills/ios/hig-foundations/references/inclusion.md +189 -0
package/skills/ios/hig-foundations/references/layout.md +425 -0
package/skills/ios/hig-foundations/references/materials.md +238 -0
package/skills/ios/hig-foundations/references/motion.md +103 -0
package/skills/ios/hig-foundations/references/privacy.md +231 -0
package/skills/ios/hig-foundations/references/right-to-left.md +206 -0
package/skills/ios/hig-foundations/references/sf-symbols.md +310 -0
package/skills/ios/hig-foundations/references/spatial-layout.md +142 -0
package/skills/ios/hig-foundations/references/typography.md +1146 -0
package/skills/ios/hig-foundations/references/writing.md +91 -0
package/skills/ios/hig-inputs/SKILL.md +94 -0
package/skills/ios/hig-inputs/references/apple-pencil-and-scribble.md +148 -0
package/skills/ios/hig-inputs/references/camera-control.md +107 -0
package/skills/ios/hig-inputs/references/digital-crown.md +83 -0
package/skills/ios/hig-inputs/references/eyes.md +120 -0
package/skills/ios/hig-inputs/references/focus-and-selection.md +120 -0
package/skills/ios/hig-inputs/references/game-controls.md +156 -0
package/skills/ios/hig-inputs/references/gestures.md +208 -0
package/skills/ios/hig-inputs/references/gyro-and-accelerometer.md +40 -0
package/skills/ios/hig-inputs/references/keyboards.md +234 -0
package/skills/ios/hig-inputs/references/nearby-interactions.md +70 -0
package/skills/ios/hig-inputs/references/pointing-devices.md +237 -0
package/skills/ios/hig-inputs/references/remotes.md +67 -0
package/skills/ios/hig-inputs/references/spatial-interactions.md +70 -0
package/skills/ios/hig-patterns/SKILL.md +104 -0
package/skills/ios/hig-patterns/references/charting-data.md +81 -0
package/skills/ios/hig-patterns/references/collaboration-and-sharing.md +86 -0
package/skills/ios/hig-patterns/references/drag-and-drop.md +134 -0
package/skills/ios/hig-patterns/references/entering-data.md +69 -0
package/skills/ios/hig-patterns/references/feedback.md +67 -0
package/skills/ios/hig-patterns/references/file-management.md +135 -0
package/skills/ios/hig-patterns/references/going-full-screen.md +79 -0
package/skills/ios/hig-patterns/references/launching.md +81 -0
package/skills/ios/hig-patterns/references/live-viewing-apps.md +79 -0
package/skills/ios/hig-patterns/references/loading.md +59 -0
package/skills/ios/hig-patterns/references/managing-accounts.md +107 -0
package/skills/ios/hig-patterns/references/managing-notifications.md +99 -0
package/skills/ios/hig-patterns/references/modality.md +82 -0
package/skills/ios/hig-patterns/references/multitasking.md +131 -0
package/skills/ios/hig-patterns/references/offering-help.md +117 -0
package/skills/ios/hig-patterns/references/onboarding.md +69 -0
package/skills/ios/hig-patterns/references/playing-audio.md +124 -0
package/skills/ios/hig-patterns/references/playing-haptics.md +280 -0
package/skills/ios/hig-patterns/references/playing-video.md +180 -0
package/skills/ios/hig-patterns/references/printing.md +50 -0
package/skills/ios/hig-patterns/references/ratings-and-reviews.md +48 -0
package/skills/ios/hig-patterns/references/searching.md +70 -0
package/skills/ios/hig-patterns/references/settings.md +84 -0
package/skills/ios/hig-patterns/references/undo-and-redo.md +58 -0
package/skills/ios/hig-patterns/references/workouts.md +76 -0
package/skills/ios/hig-platforms/SKILL.md +84 -0
package/skills/ios/hig-platforms/references/designing-for-games.md +159 -0
package/skills/ios/hig-platforms/references/designing-for-ios.md +66 -0
package/skills/ios/hig-platforms/references/designing-for-ipados.md +64 -0
package/skills/ios/hig-platforms/references/designing-for-macos.md +70 -0
package/skills/ios/hig-platforms/references/designing-for-tvos.md +68 -0
package/skills/ios/hig-platforms/references/designing-for-visionos.md +85 -0
package/skills/ios/hig-platforms/references/designing-for-watchos.md +74 -0
package/skills/ios/hig-project-context/SKILL.md +133 -0
package/skills/ios/hig-technologies/SKILL.md +107 -0
package/skills/ios/hig-technologies/references/airplay.md +125 -0
package/skills/ios/hig-technologies/references/always-on.md +62 -0
package/skills/ios/hig-technologies/references/apple-pay.md +441 -0
package/skills/ios/hig-technologies/references/augmented-reality.md +247 -0
package/skills/ios/hig-technologies/references/carekit.md +224 -0
package/skills/ios/hig-technologies/references/carplay.md +119 -0
package/skills/ios/hig-technologies/references/game-center.md +343 -0
package/skills/ios/hig-technologies/references/generative-ai.md +110 -0
package/skills/ios/hig-technologies/references/healthkit.md +120 -0
package/skills/ios/hig-technologies/references/homekit.md +343 -0
package/skills/ios/hig-technologies/references/icloud.md +52 -0
package/skills/ios/hig-technologies/references/id-verifier.md +73 -0
package/skills/ios/hig-technologies/references/imessage-apps-and-stickers.md +105 -0
package/skills/ios/hig-technologies/references/in-app-purchase.md +263 -0
package/skills/ios/hig-technologies/references/live-photos.md +54 -0
package/skills/ios/hig-technologies/references/mac-catalyst.md +216 -0
package/skills/ios/hig-technologies/references/machine-learning.md +394 -0
package/skills/ios/hig-technologies/references/maps.md +221 -0
package/skills/ios/hig-technologies/references/nfc.md +51 -0
package/skills/ios/hig-technologies/references/photo-editing.md +40 -0
package/skills/ios/hig-technologies/references/researchkit.md +134 -0
package/skills/ios/hig-technologies/references/shareplay.md +142 -0
package/skills/ios/hig-technologies/references/shazamkit.md +47 -0
package/skills/ios/hig-technologies/references/sign-in-with-apple.md +288 -0
package/skills/ios/hig-technologies/references/siri.md +523 -0
package/skills/ios/hig-technologies/references/tap-to-pay-on-iphone.md +208 -0
package/skills/ios/hig-technologies/references/voiceover.md +90 -0
package/skills/ios/hig-technologies/references/wallet.md +420 -0
package/skills/ios/ios-bootstrap/SKILL.md +17 -8
package/skills/ios/swift-actor-persistence/SKILL.md +143 -0
package/skills/ios/swift-concurrency-6-2/SKILL.md +216 -0
package/skills/ios/swift-protocol-di-testing/SKILL.md +190 -0
package/skills/ios/swiftui-design-tokens/SKILL.md +475 -0
package/skills/ios/writing-for-interfaces/SKILL.md +75 -0
package/skills/web/accessibility/SKILL.md +146 -0
package/skills/web/aceternity-ui/SKILL.md +719 -0
package/skills/web/aceternity-ui/metadata.json +10 -0
package/skills/web/api-design/SKILL.md +523 -0
package/skills/web/chart-accessibility/SKILL.md +332 -0
package/skills/web/composition-patterns/AGENTS.md +946 -0
package/skills/web/composition-patterns/README.md +60 -0
package/skills/web/composition-patterns/SKILL.md +89 -0
package/skills/web/composition-patterns/metadata.json +11 -0
package/skills/web/composition-patterns/rules/_sections.md +29 -0
package/skills/web/composition-patterns/rules/_template.md +24 -0
package/skills/web/composition-patterns/rules/architecture-avoid-boolean-props.md +100 -0
package/skills/web/composition-patterns/rules/architecture-compound-components.md +112 -0
package/skills/web/composition-patterns/rules/patterns-children-over-render-props.md +87 -0
package/skills/web/composition-patterns/rules/patterns-explicit-variants.md +100 -0
package/skills/web/composition-patterns/rules/react19-no-forwardref.md +42 -0
package/skills/web/composition-patterns/rules/state-context-interface.md +191 -0
package/skills/web/composition-patterns/rules/state-decouple-implementation.md +113 -0
package/skills/web/composition-patterns/rules/state-lift-state.md +125 -0
package/skills/web/cost-aware-llm-pipeline/SKILL.md +183 -0
package/skills/web/database-migrations/SKILL.md +429 -0
package/skills/web/deployment-patterns/SKILL.md +427 -0
package/skills/web/docker-patterns/SKILL.md +364 -0
package/skills/web/e2e-testing/SKILL.md +326 -0
package/skills/web/lighthouse-ci/SKILL.md +361 -0
package/skills/web/mcp-server-patterns/SKILL.md +69 -0
package/skills/web/next-best-practices/SKILL.md +153 -0
package/skills/web/next-best-practices/async-patterns.md +87 -0
package/skills/web/next-best-practices/bundling.md +180 -0
package/skills/web/next-best-practices/data-patterns.md +297 -0
package/skills/web/next-best-practices/debug-tricks.md +105 -0
package/skills/web/next-best-practices/directives.md +73 -0
package/skills/web/next-best-practices/error-handling.md +227 -0
package/skills/web/next-best-practices/file-conventions.md +140 -0
package/skills/web/next-best-practices/font.md +245 -0
package/skills/web/next-best-practices/functions.md +108 -0
package/skills/web/next-best-practices/hydration-error.md +91 -0
package/skills/web/next-best-practices/image.md +173 -0
package/skills/web/next-best-practices/metadata.md +301 -0
package/skills/web/next-best-practices/parallel-routes.md +287 -0
package/skills/web/next-best-practices/route-handlers.md +146 -0
package/skills/web/next-best-practices/rsc-boundaries.md +159 -0
package/skills/web/next-best-practices/runtime-selection.md +39 -0
package/skills/web/next-best-practices/scripts.md +141 -0
package/skills/web/next-best-practices/self-hosting.md +371 -0
package/skills/web/next-best-practices/suspense-boundaries.md +67 -0
package/skills/web/next-cache-components/SKILL.md +411 -0
package/skills/web/postgres-best-practices/SKILL.md +14 -0
package/skills/web/postgres-best-practices/references/schema-design.md +9 -0
package/skills/web/react-best-practices/AGENTS.md +3810 -0
package/skills/web/react-best-practices/README.md +123 -0
package/skills/web/react-best-practices/SKILL.md +149 -0
package/skills/web/react-best-practices/metadata.json +15 -0
package/skills/web/react-best-practices/rules/_sections.md +46 -0
package/skills/web/react-best-practices/rules/_template.md +28 -0
package/skills/web/react-best-practices/rules/advanced-effect-event-deps.md +56 -0
package/skills/web/react-best-practices/rules/advanced-event-handler-refs.md +55 -0
package/skills/web/react-best-practices/rules/advanced-init-once.md +42 -0
package/skills/web/react-best-practices/rules/advanced-use-latest.md +39 -0
package/skills/web/react-best-practices/rules/async-api-routes.md +38 -0
package/skills/web/react-best-practices/rules/async-cheap-condition-before-await.md +37 -0
package/skills/web/react-best-practices/rules/async-defer-await.md +82 -0
package/skills/web/react-best-practices/rules/async-dependencies.md +51 -0
package/skills/web/react-best-practices/rules/async-parallel.md +28 -0
package/skills/web/react-best-practices/rules/async-suspense-boundaries.md +99 -0
package/skills/web/react-best-practices/rules/bundle-analyzable-paths.md +63 -0
package/skills/web/react-best-practices/rules/bundle-barrel-imports.md +60 -0
package/skills/web/react-best-practices/rules/bundle-conditional.md +31 -0
package/skills/web/react-best-practices/rules/bundle-defer-third-party.md +49 -0
package/skills/web/react-best-practices/rules/bundle-dynamic-imports.md +35 -0
package/skills/web/react-best-practices/rules/bundle-preload.md +50 -0
package/skills/web/react-best-practices/rules/client-event-listeners.md +74 -0
package/skills/web/react-best-practices/rules/client-localstorage-schema.md +71 -0
package/skills/web/react-best-practices/rules/client-passive-event-listeners.md +48 -0
package/skills/web/react-best-practices/rules/client-swr-dedup.md +56 -0
package/skills/web/react-best-practices/rules/js-batch-dom-css.md +107 -0
package/skills/web/react-best-practices/rules/js-cache-function-results.md +80 -0
package/skills/web/react-best-practices/rules/js-cache-property-access.md +28 -0
package/skills/web/react-best-practices/rules/js-cache-storage.md +70 -0
package/skills/web/react-best-practices/rules/js-combine-iterations.md +32 -0
package/skills/web/react-best-practices/rules/js-early-exit.md +50 -0
package/skills/web/react-best-practices/rules/js-flatmap-filter.md +60 -0
package/skills/web/react-best-practices/rules/js-hoist-regexp.md +45 -0
package/skills/web/react-best-practices/rules/js-index-maps.md +37 -0
package/skills/web/react-best-practices/rules/js-length-check-first.md +49 -0
package/skills/web/react-best-practices/rules/js-min-max-loop.md +82 -0
package/skills/web/react-best-practices/rules/js-request-idle-callback.md +105 -0
package/skills/web/react-best-practices/rules/js-set-map-lookups.md +24 -0
package/skills/web/react-best-practices/rules/js-tosorted-immutable.md +57 -0
package/skills/web/react-best-practices/rules/rendering-activity.md +26 -0
package/skills/web/react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
package/skills/web/react-best-practices/rules/rendering-conditional-render.md +40 -0
package/skills/web/react-best-practices/rules/rendering-content-visibility.md +38 -0
package/skills/web/react-best-practices/rules/rendering-hoist-jsx.md +46 -0
package/skills/web/react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
package/skills/web/react-best-practices/rules/rendering-hydration-suppress-warning.md +30 -0
package/skills/web/react-best-practices/rules/rendering-resource-hints.md +85 -0
package/skills/web/react-best-practices/rules/rendering-script-defer-async.md +68 -0
package/skills/web/react-best-practices/rules/rendering-svg-precision.md +28 -0
package/skills/web/react-best-practices/rules/rendering-usetransition-loading.md +75 -0
package/skills/web/react-best-practices/rules/rerender-defer-reads.md +39 -0
package/skills/web/react-best-practices/rules/rerender-dependencies.md +45 -0
package/skills/web/react-best-practices/rules/rerender-derived-state-no-effect.md +40 -0
package/skills/web/react-best-practices/rules/rerender-derived-state.md +29 -0
package/skills/web/react-best-practices/rules/rerender-functional-setstate.md +74 -0
package/skills/web/react-best-practices/rules/rerender-lazy-state-init.md +58 -0
package/skills/web/react-best-practices/rules/rerender-memo-with-default-value.md +38 -0
package/skills/web/react-best-practices/rules/rerender-memo.md +44 -0
package/skills/web/react-best-practices/rules/rerender-move-effect-to-event.md +45 -0
package/skills/web/react-best-practices/rules/rerender-no-inline-components.md +82 -0
package/skills/web/react-best-practices/rules/rerender-simple-expression-in-memo.md +35 -0
package/skills/web/react-best-practices/rules/rerender-split-combined-hooks.md +64 -0
package/skills/web/react-best-practices/rules/rerender-transitions.md +40 -0
package/skills/web/react-best-practices/rules/rerender-use-deferred-value.md +59 -0
package/skills/web/react-best-practices/rules/rerender-use-ref-transient-values.md +73 -0
package/skills/web/react-best-practices/rules/server-after-nonblocking.md +73 -0
package/skills/web/react-best-practices/rules/server-auth-actions.md +96 -0
package/skills/web/react-best-practices/rules/server-cache-lru.md +41 -0
package/skills/web/react-best-practices/rules/server-cache-react.md +76 -0
package/skills/web/react-best-practices/rules/server-dedup-props.md +65 -0
package/skills/web/react-best-practices/rules/server-hoist-static-io.md +149 -0
package/skills/web/react-best-practices/rules/server-no-shared-module-state.md +50 -0
package/skills/web/react-best-practices/rules/server-parallel-fetching.md +83 -0
package/skills/web/react-best-practices/rules/server-parallel-nested-fetching.md +34 -0
package/skills/web/react-best-practices/rules/server-serialization.md +38 -0
package/skills/web/seo/SKILL.md +154 -0
package/skills/web/web-design-guidelines/SKILL.md +39 -0
package/skills/web/zap-scan-config/SKILL.md +444 -0
package/skills/web/zap-scan-config/assets/.gitkeep +9 -0
package/skills/web/zap-scan-config/assets/github_action.yml +207 -0
package/skills/web/zap-scan-config/assets/gitlab_ci.yml +226 -0
package/skills/web/zap-scan-config/assets/zap_automation.yaml +196 -0
package/skills/web/zap-scan-config/assets/zap_context.xml +192 -0
package/skills/web/zap-scan-config/references/EXAMPLE.md +40 -0
package/skills/web/zap-scan-config/references/api_testing_guide.md +475 -0
package/skills/web/zap-scan-config/references/authentication_guide.md +431 -0
package/skills/web/zap-scan-config/references/false_positive_handling.md +427 -0
package/skills/web/zap-scan-config/references/owasp_mapping.md +255 -0
package/src/graph/ids.ts +86 -0
package/src/graph/index.ts +32 -0
package/src/graph/parser/architecture.ts +603 -0
package/src/graph/parser/component-manifest.ts +268 -0
package/src/graph/parser/decisions-jsonl.ts +407 -0
package/src/graph/parser/design-md-pass2.ts +253 -0
package/src/graph/parser/design-md.ts +477 -0
package/src/graph/parser/page-spec.ts +496 -0
package/src/graph/parser/product-spec.ts +930 -0
package/src/graph/parser/screenshot.ts +342 -0
package/src/graph/parser/sprint-tasks.ts +317 -0
package/src/graph/storage/index.ts +1154 -0
package/src/graph/types.ts +432 -0
package/src/graph/util/dhash.ts +84 -0
package/src/lrr/aggregator.ts +175 -0
package/src/orchestrator/hooks/context-header.ts +119 -0
package/src/orchestrator/hooks/token-accounting-emitter.ts +77 -0
package/src/orchestrator/hooks/token-accounting.ts +112 -0
package/src/orchestrator/mcp/cycle-counter.ts +130 -0
package/src/orchestrator/mcp/scribe.ts +294 -0
package/src/orchestrator/mcp/state-save.ts +149 -0
package/src/orchestrator/mcp/write-lease.ts +184 -0
package/src/orchestrator/phase4-shared-context.ts +57 -0
package/src/orchestrator/schemas/backward-edge.ts +46 -0
package/agents/agentic-identity-trust.md +0 -121
package/agents/data-consolidation-agent.md +0 -39
package/agents/design-image-prompt-engineer.md +0 -105
package/agents/design-visual-storyteller.md +0 -147
package/agents/design-whimsy-injector.md +0 -89
package/agents/engineering-autonomous-optimization-architect.md +0 -105
package/agents/market-intel.md +0 -35
package/agents/marketing-instagram-curator.md +0 -111
package/agents/marketing-reddit-community-builder.md +0 -121
package/agents/marketing-social-media-strategist.md +0 -74
package/agents/marketing-tiktok-strategist.md +0 -123
package/agents/marketing-twitter-engager.md +0 -124
package/agents/marketing-wechat-official-account.md +0 -143
package/agents/marketing-xiaohongshu-specialist.md +0 -136
package/agents/marketing-zhihu-strategist.md +0 -160
package/agents/product-behavioral-nudge-engine.md +0 -78
package/agents/project-management-experiment-tracker.md +0 -102
package/agents/report-distribution-agent.md +0 -43
package/agents/risk-analysis.md +0 -45
package/agents/sales-data-extraction-agent.md +0 -46
package/agents/specialized-cultural-intelligence-strategist.md +0 -65
package/agents/specialized-developer-advocate.md +0 -146
package/agents/support-analytics-reporter.md +0 -133
package/agents/support-executive-summary-generator.md +0 -64
package/agents/support-finance-tracker.md +0 -145
package/agents/support-legal-compliance-checker.md +0 -129
package/agents/support-support-responder.md +0 -91
package/agents/testing-accessibility-auditor.md +0 -110
package/agents/testing-test-results-analyzer.md +0 -97
package/agents/testing-tool-evaluator.md +0 -76
package/agents/testing-workflow-optimizer.md +0 -99
package/agents/user-research.md +0 -40
package/protocols/brainstorm.md +0 -99
package/protocols/design.md +0 -269
package/protocols/planning.md +0 -87
package/skills/ios/ios-hig/SKILL.md +0 -41
package/skills/ios/ios-hig/references/accessibility.md +0 -81
package/skills/ios/ios-hig/references/content.md +0 -142
package/skills/ios/ios-hig/references/feedback.md +0 -123
package/skills/ios/ios-hig/references/interaction.md +0 -199
package/skills/ios/ios-hig/references/performance-platform.md +0 -129
package/skills/ios/ios-hig/references/privacy-permissions.md +0 -181
package/skills/ios/ios-hig/references/visual-design.md +0 -84

package/skills/web/zap-scan-config/assets/gitlab_ci.yml ADDED Viewed

@@ -0,0 +1,226 @@
+# GitLab CI/CD Pipeline for OWASP ZAP Security Scanning
+# Add this to your .gitlab-ci.yml file
+stages:
+  - security
+  - report
+variables:
+  ZAP_IMAGE: "zaproxy/zap-stable:latest"
+  STAGING_URL: "https://staging.example.com"
+  REPORTS_DIR: "security-reports"
+# Baseline scan for all merge requests
+zap_baseline_scan:
+  stage: security
+  image: docker:latest
+  services:
+    - docker:dind
+  script:
+    - mkdir -p $REPORTS_DIR
+    - |
+      docker run --rm \
+        -v $(pwd)/$REPORTS_DIR:/zap/wrk/:rw \
+        $ZAP_IMAGE \
+        zap-baseline.py \
+        -t $STAGING_URL \
+        -r /zap/wrk/baseline-report.html \
+        -J /zap/wrk/baseline-report.json \
+        -w /zap/wrk/baseline-report.md \
+        || true
+    - echo "Baseline scan completed"
+  artifacts:
+    when: always
+    paths:
+      - $REPORTS_DIR/
+    reports:
+      junit: $REPORTS_DIR/baseline-report.xml
+    expire_in: 1 week
+  only:
+    - merge_requests
+    - develop
+    - main
+  tags:
+    - docker
+# Full active scan (manual trigger for staging)
+zap_full_scan:
+  stage: security
+  image: docker:latest
+  services:
+    - docker:dind
+  script:
+    - mkdir -p $REPORTS_DIR
+    - |
+      docker run --rm \
+        -v $(pwd)/$REPORTS_DIR:/zap/wrk/:rw \
+        -v $(pwd)/.zap:/zap/config/:ro \
+        $ZAP_IMAGE \
+        zap-full-scan.py \
+        -t $STAGING_URL \
+        -c /zap/config/rules.tsv \
+        -r /zap/wrk/full-scan-report.html \
+        -J /zap/wrk/full-scan-report.json \
+        -x /zap/wrk/full-scan-report.xml \
+        || true
+    # Check for high-risk findings
+    - |
+      if command -v jq &> /dev/null; then
+        HIGH_COUNT=$(jq '[.site[].alerts[] | select(.risk == "High")] | length' $REPORTS_DIR/full-scan-report.json)
+        echo "High risk findings: $HIGH_COUNT"
+        if [ "$HIGH_COUNT" -gt 0 ]; then
+          echo "❌ Security scan failed: $HIGH_COUNT high-risk vulnerabilities"
+          exit 1
+        fi
+      fi
+  artifacts:
+    when: always
+    paths:
+      - $REPORTS_DIR/
+    expire_in: 4 weeks
+  only:
+    - develop
+  when: manual
+  allow_failure: false
+  tags:
+    - docker
+# API security scan
+zap_api_scan:
+  stage: security
+  image: docker:latest
+  services:
+    - docker:dind
+  script:
+    - mkdir -p $REPORTS_DIR
+    - |
+      if [ -f "openapi.yaml" ]; then
+        docker run --rm \
+          -v $(pwd)/$REPORTS_DIR:/zap/wrk/:rw \
+          -v $(pwd):/zap/specs/:ro \
+          $ZAP_IMAGE \
+          zap-api-scan.py \
+          -t $STAGING_URL \
+          -f openapi \
+          -d /zap/specs/openapi.yaml \
+          -r /zap/wrk/api-scan-report.html \
+          -J /zap/wrk/api-scan-report.json \
+          || true
+      else
+        echo "OpenAPI specification not found, skipping API scan"
+      fi
+  artifacts:
+    when: always
+    paths:
+      - $REPORTS_DIR/
+    expire_in: 1 week
+  only:
+    - merge_requests
+    - develop
+  allow_failure: true
+  tags:
+    - docker
+# Authenticated scan (requires test credentials)
+zap_authenticated_scan:
+  stage: security
+  image: python:3.11-slim
+  before_script:
+    - apt-get update && apt-get install -y docker.io
+  script:
+    - mkdir -p $REPORTS_DIR
+    - |
+      python3 scripts/zap_auth_scanner.py \
+        --target $STAGING_URL \
+        --auth-type form \
+        --login-url $STAGING_URL/login \
+        --username $TEST_USERNAME \
+        --password-env TEST_PASSWORD \
+        --output $REPORTS_DIR/authenticated-scan-report.html
+  artifacts:
+    when: always
+    paths:
+      - $REPORTS_DIR/
+    expire_in: 4 weeks
+  only:
+    - develop
+  when: manual
+  tags:
+    - docker
+# Security gate - check thresholds
+security_gate:
+  stage: report
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache jq
+  script:
+    - |
+      if [ -f "$REPORTS_DIR/baseline-report.json" ]; then
+        HIGH_COUNT=$(jq '[.site[].alerts[] | select(.risk == "High")] | length' $REPORTS_DIR/baseline-report.json)
+        MEDIUM_COUNT=$(jq '[.site[].alerts[] | select(.risk == "Medium")] | length' $REPORTS_DIR/baseline-report.json)
+        echo "==================================="
+        echo "Security Scan Results"
+        echo "==================================="
+        echo "High risk findings:   $HIGH_COUNT"
+        echo "Medium risk findings: $MEDIUM_COUNT"
+        echo "==================================="
+        # Fail on high-risk findings
+        if [ "$HIGH_COUNT" -gt 0 ]; then
+          echo "❌ Build failed: High-risk vulnerabilities detected"
+          exit 1
+        fi
+        # Warn on medium-risk findings above threshold
+        if [ "$MEDIUM_COUNT" -gt 10 ]; then
+          echo "⚠️  Warning: $MEDIUM_COUNT medium-risk findings (threshold: 10)"
+        fi
+        echo "✅ Security gate passed"
+      else
+        echo "No scan report found, skipping security gate"
+      fi
+  dependencies:
+    - zap_baseline_scan
+  only:
+    - merge_requests
+    - develop
+    - main
+# Generate consolidated report
+generate_report:
+  stage: report
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache jq curl
+  script:
+    - |
+      echo "# Security Scan Report" > $REPORTS_DIR/summary.md
+      echo "" >> $REPORTS_DIR/summary.md
+      echo "**Scan Date:** $(date)" >> $REPORTS_DIR/summary.md
+      echo "**Target:** $STAGING_URL" >> $REPORTS_DIR/summary.md
+      echo "" >> $REPORTS_DIR/summary.md
+      echo "## Findings Summary" >> $REPORTS_DIR/summary.md
+      echo "" >> $REPORTS_DIR/summary.md
+      if [ -f "$REPORTS_DIR/baseline-report.json" ]; then
+        echo "| Risk Level | Count |" >> $REPORTS_DIR/summary.md
+        echo "|------------|-------|" >> $REPORTS_DIR/summary.md
+        jq -r '.site[].alerts[] | .risk' $REPORTS_DIR/baseline-report.json | \
+          sort | uniq -c | awk '{print "| " $2 " | " $1 " |"}' >> $REPORTS_DIR/summary.md
+      fi
+      cat $REPORTS_DIR/summary.md
+  artifacts:
+    when: always
+    paths:
+      - $REPORTS_DIR/summary.md
+    expire_in: 4 weeks
+  dependencies:
+    - zap_baseline_scan
+  only:
+    - merge_requests
+    - develop
+    - main

package/skills/web/zap-scan-config/assets/zap_automation.yaml ADDED Viewed

@@ -0,0 +1,196 @@
+# OWASP ZAP Automation Framework Configuration
+# Complete automation workflow for web application security testing
+env:
+  contexts:
+    - name: WebApp-Security-Scan
+      urls:
+        - ${TARGET_URL}
+      includePaths:
+        - ${TARGET_URL}.*
+      excludePaths:
+        - .*logout.*
+        - .*signout.*
+        - .*\\.css
+        - .*\\.js
+        - .*\\.png
+        - .*\\.jpg
+        - .*\\.gif
+        - .*\\.svg
+      authentication:
+        method: form
+        parameters:
+          loginUrl: ${LOGIN_URL}
+          loginRequestData: username={%username%}&password={%password%}
+        verification:
+          method: response
+          loggedInRegex: "\\QWelcome\\E"
+          loggedOutRegex: "\\QLogin\\E"
+      sessionManagement:
+        method: cookie
+        parameters:
+          sessionCookieName: JSESSIONID
+      users:
+        - name: test-user
+          credentials:
+            username: ${TEST_USERNAME}
+            password: ${TEST_PASSWORD}
+  parameters:
+    failOnError: true
+    failOnWarning: false
+    progressToStdout: true
+  vars:
+    target_url: ${TARGET_URL}
+    api_key: ${ZAP_API_KEY}
+jobs:
+  # Environment setup
+  - type: environment
+    parameters:
+      deleteGlobalAlerts: true
+      updateAddOns: true
+  # Import OpenAPI specification (if available)
+  - type: openapi
+    parameters:
+      apiFile: ${OPENAPI_SPEC_FILE}
+      apiUrl: ${TARGET_URL}
+      targetUrl: ${TARGET_URL}
+      context: WebApp-Security-Scan
+    optional: true
+  # Spider crawling
+  - type: spider
+    parameters:
+      context: WebApp-Security-Scan
+      user: test-user
+      maxDuration: 10
+      maxDepth: 5
+      maxChildren: 10
+      acceptCookies: true
+      handleODataParametersVisited: true
+      parseComments: true
+      parseRobotsTxt: true
+      parseSitemapXml: true
+      parseSVNEntries: true
+      parseGit: true
+      postForm: true
+      processForm: true
+      requestWaitTime: 200
+  # AJAX Spider for JavaScript-heavy applications
+  - type: spiderAjax
+    parameters:
+      context: WebApp-Security-Scan
+      user: test-user
+      maxDuration: 10
+      maxCrawlDepth: 5
+      numberOfBrowsers: 2
+      browserId: firefox-headless
+      clickDefaultElems: true
+      clickElemsOnce: true
+      eventWait: 1000
+      reloadWait: 1000
+    optional: true
+  # Wait for passive scanning to complete
+  - type: passiveScan-wait
+    parameters:
+      maxDuration: 5
+  # Configure passive scan rules
+  - type: passiveScan-config
+    parameters:
+      maxAlertsPerRule: 10
+      scanOnlyInScope: true
+      enableTags: true
+      disableRules:
+        - 10096  # Timestamp Disclosure (informational)
+  # Active scanning
+  - type: activeScan
+    parameters:
+      context: WebApp-Security-Scan
+      user: test-user
+      policy: Default Policy
+      maxRuleDurationInMins: 5
+      maxScanDurationInMins: 30
+      addQueryParam: false
+      defaultPolicy: Default Policy
+      delayInMs: 0
+      handleAntiCSRFTokens: true
+      injectPluginIdInHeader: false
+      scanHeadersAllRequests: false
+      threadPerHost: 2
+  # Wait for active scanning to complete
+  - type: activeScan-wait
+  # Generate reports
+  - type: report
+    parameters:
+      template: traditional-html
+      reportDir: ${REPORT_DIR}
+      reportFile: security-report.html
+      reportTitle: Web Application Security Assessment
+      reportDescription: Automated DAST scan using OWASP ZAP
+      displayReport: false
+  - type: report
+    parameters:
+      template: traditional-json
+      reportDir: ${REPORT_DIR}
+      reportFile: security-report.json
+      reportTitle: Web Application Security Assessment
+  - type: report
+    parameters:
+      template: traditional-xml
+      reportDir: ${REPORT_DIR}
+      reportFile: security-report.xml
+      reportTitle: Web Application Security Assessment
+  - type: report
+    parameters:
+      template: sarif-json
+      reportDir: ${REPORT_DIR}
+      reportFile: security-report.sarif
+      reportTitle: Web Application Security Assessment (SARIF)
+    optional: true
+# Alert filters (false positive suppression)
+alertFilters:
+  - ruleId: 10021
+    newRisk: Info
+    url: ".*\\.css|.*\\.js|.*cdn\\..*"
+    context: WebApp-Security-Scan
+  - ruleId: 10096
+    newRisk: Info
+    url: ".*api\\..*"
+    parameter: "created_at|updated_at|timestamp"
+    context: WebApp-Security-Scan
+# Scan policies
+policies:
+  - name: Default Policy
+    defaultStrength: Medium
+    defaultThreshold: Medium
+    rules:
+      - id: 40018  # SQL Injection
+        strength: High
+        threshold: Low
+      - id: 40012  # Cross-Site Scripting (Reflected)
+        strength: High
+        threshold: Low
+      - id: 40014  # Cross-Site Scripting (Persistent)
+        strength: High
+        threshold: Low
+      - id: 90019  # Server-Side Code Injection
+        strength: High
+        threshold: Low
+      - id: 90020  # Remote OS Command Injection
+        strength: High
+        threshold: Low

package/skills/web/zap-scan-config/assets/zap_context.xml ADDED Viewed

@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  OWASP ZAP Authentication Context Template
+  Configure this file for form-based, HTTP, or script-based authentication
+-->
+<configuration>
+    <context>
+        <!-- Context Name -->
+        <name>WebApp-Auth-Context</name>
+        <desc>Authentication context for web application security testing</desc>
+        <!-- Enable context -->
+        <inscope>true</inscope>
+        <!-- URL Scope Definition -->
+        <!-- Include all URLs under target domain -->
+        <incregexes>https://app\.example\.com/.*</incregexes>
+        <!-- Exclude logout and static content -->
+        <excregexes>https://app\.example\.com/logout</excregexes>
+        <excregexes>https://app\.example\.com/signout</excregexes>
+        <excregexes>https://app\.example\.com/static/.*</excregexes>
+        <excregexes>.*\.css</excregexes>
+        <excregexes>.*\.js</excregexes>
+        <excregexes>.*\.png|.*\.jpg|.*\.gif</excregexes>
+        <!-- Technology Detection -->
+        <tech>
+            <include>Language</include>
+            <include>Language.JavaScript</include>
+            <include>OS</include>
+            <include>OS.Linux</include>
+            <include>WS</include>
+        </tech>
+        <!-- Authentication Configuration -->
+        <authentication>
+            <!--
+              Authentication Types:
+              - formBasedAuthentication: Traditional login forms
+              - httpAuthentication: HTTP Basic/Digest/NTLM
+              - scriptBasedAuthentication: Custom authentication via script
+            -->
+            <type>formBasedAuthentication</type>
+            <!-- Form-Based Authentication -->
+            <form>
+                <!-- Login URL -->
+                <loginurl>https://app.example.com/login</loginurl>
+                <!-- Login Request Body (POST parameters) -->
+                <!-- Use {%username%} and {%password%} as placeholders -->
+                <loginbody>username={%username%}&amp;password={%password%}&amp;csrf_token={%csrf_token%}</loginbody>
+                <!-- Login Page URL (where login form is displayed) -->
+                <loginpageurl>https://app.example.com/login</loginpageurl>
+            </form>
+            <!-- HTTP Authentication (uncomment if using) -->
+            <!--
+            <http>
+                <realm>Protected Area</realm>
+                <hostname>app.example.com</hostname>
+                <port>443</port>
+            </http>
+            -->
+            <!-- Logged-In Indicator (regex pattern that appears when logged in) -->
+            <!-- This helps ZAP determine if authentication succeeded -->
+            <loggedin>\QWelcome,\E</loggedin>
+            <!-- Alternative patterns:
+            <loggedin>\QLogout\E</loggedin>
+            <loggedin>\Qdashboard\E</loggedin>
+            <loggedin>class="user-menu"</loggedin>
+            -->
+            <!-- Logged-Out Indicator (regex pattern that appears when logged out) -->
+            <loggedout>\QYou are not logged in\E</loggedout>
+            <!-- Alternative patterns:
+            <loggedout>\QLogin\E</loggedout>
+            <loggedout>\QSign In\E</loggedout>
+            -->
+            <!-- Poll URL for verification (optional) -->
+            <pollurl>https://app.example.com/api/session/verify</pollurl>
+            <polldata></polldata>
+            <pollfreq>60</pollfreq>
+        </authentication>
+        <!-- Session Management -->
+        <sessionManagement>
+            <!--
+              Session Management Types:
+              - cookieBasedSessionManagement: Session via cookies (most common)
+              - httpAuthSessionManagement: HTTP authentication
+              - scriptBasedSessionManagement: Custom session handling
+            -->
+            <type>cookieBasedSessionManagement</type>
+            <!-- Session cookies to monitor -->
+            <sessioncookies>
+                <cookie>JSESSIONID</cookie>
+                <cookie>PHPSESSID</cookie>
+                <cookie>sessionid</cookie>
+                <cookie>session_token</cookie>
+            </sessioncookies>
+        </sessionManagement>
+        <!-- Test Users -->
+        <users>
+            <!-- User 1: Standard test user -->
+            <user>
+                <name>testuser</name>
+                <enabled>true</enabled>
+                <credentials>
+                    <credential>
+                        <name>username</name>
+                        <value>testuser</value>
+                    </credential>
+                    <credential>
+                        <name>password</name>
+                        <value>TestPassword123!</value>
+                    </credential>
+                    <!-- CSRF token (if needed) -->
+                    <!--
+                    <credential>
+                        <name>csrf_token</name>
+                        <value></value>
+                    </credential>
+                    -->
+                </credentials>
+            </user>
+            <!-- User 2: Admin user (if testing authorization) -->
+            <user>
+                <name>adminuser</name>
+                <enabled>false</enabled>
+                <credentials>
+                    <credential>
+                        <name>username</name>
+                        <value>adminuser</value>
+                    </credential>
+                    <credential>
+                        <name>password</name>
+                        <value>AdminPassword123!</value>
+                    </credential>
+                </credentials>
+            </user>
+        </users>
+        <!-- Forced User Mode (for authorization testing) -->
+        <!--
+          Enables testing if authenticated user can access resources
+          they shouldn't have access to
+        -->
+        <forcedUserMode>false</forcedUserMode>
+        <!-- Data Driven Nodes -->
+        <!--
+          For testing parameters with different values
+        -->
+        <datadrivennodes>
+            <node>
+                <name>user_id</name>
+                <url>https://app.example.com/api/users/{user_id}</url>
+            </node>
+        </datadrivennodes>
+    </context>
+    <!-- Global Exclude URLs (applied to all contexts) -->
+    <globalexcludeurl>
+        <regex>https://.*\.googleapis\.com/.*</regex>
+        <regex>https://.*\.google-analytics\.com/.*</regex>
+        <regex>https://.*\.googletagmanager\.com/.*</regex>
+        <regex>https://cdn\..*</regex>
+    </globalexcludeurl>
+    <!-- Anti-CSRF Token Configuration -->
+    <anticsrf>
+        <!-- Enable anti-CSRF token handling -->
+        <enabled>true</enabled>
+        <!-- Token names to automatically detect and handle -->
+        <tokennames>
+            <tokenname>csrf_token</tokenname>
+            <tokenname>csrftoken</tokenname>
+            <tokenname>_csrf</tokenname>
+            <tokenname>authenticity_token</tokenname>
+            <tokenname>__RequestVerificationToken</tokenname>
+        </tokennames>
+    </anticsrf>
+</configuration>

package/skills/web/zap-scan-config/references/EXAMPLE.md ADDED Viewed

@@ -0,0 +1,40 @@
+# Reference Document Template
+This file contains detailed reference material that Claude should load only when needed.
+## Table of Contents
+- [Section 1](#section-1)
+- [Section 2](#section-2)
+- [Security Standards](#security-standards)
+## Section 1
+Detailed information, schemas, or examples that are too large for SKILL.md.
+## Section 2
+Additional reference material.
+## Security Standards
+### OWASP Top 10
+Reference relevant OWASP categories:
+- A01: Broken Access Control
+- A02: Cryptographic Failures
+- etc.
+### CWE Mappings
+Map to relevant Common Weakness Enumeration categories:
+- CWE-79: Cross-site Scripting
+- CWE-89: SQL Injection
+- etc.
+### MITRE ATT&CK
+Reference relevant tactics and techniques if applicable:
+- TA0001: Initial Access
+- T1190: Exploit Public-Facing Application
+- etc.