cli-jaw 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.ko.md +68 -71
- package/README.md +123 -92
- package/README.zh-CN.md +68 -73
- package/dist/bin/cli-claw.js +96 -0
- package/dist/bin/cli-claw.js.map +1 -0
- package/dist/bin/cli-jaw.js +0 -0
- package/dist/bin/commands/doctor.js +3 -0
- package/dist/bin/commands/doctor.js.map +1 -1
- package/dist/bin/commands/init.js +36 -19
- package/dist/bin/commands/init.js.map +1 -1
- package/dist/bin/postinstall.js +175 -104
- package/dist/bin/postinstall.js.map +1 -1
- package/dist/lib/mcp-sync.js +43 -4
- package/dist/lib/mcp-sync.js.map +1 -1
- package/dist/server.js +22 -103
- package/dist/server.js.map +1 -1
- package/dist/src/cli/acp-client.js +1 -1
- package/dist/src/cli/command-context.js +73 -0
- package/dist/src/cli/command-context.js.map +1 -0
- package/dist/src/core/db.js +1 -1
- package/dist/src/memory/heartbeat.js +2 -1
- package/dist/src/memory/heartbeat.js.map +1 -1
- package/dist/src/orchestrator/collect.js +53 -0
- package/dist/src/orchestrator/collect.js.map +1 -0
- package/dist/src/orchestrator/gateway.js +49 -0
- package/dist/src/orchestrator/gateway.js.map +1 -0
- package/dist/src/telegram/bot.js +32 -119
- package/dist/src/telegram/bot.js.map +1 -1
- package/package.json +7 -7
- package/public/css/sidebar.css +14 -0
- package/public/dist/bundle.js +21 -21
- package/public/dist/bundle.js.map +3 -3
- package/public/index.html +2 -2
- package/public/js/features/settings.js +1 -2
- package/public/js/main.js +0 -1
- package/scripts/check-copilot-gap.js +57 -0
- package/scripts/check-deps-offline.mjs +75 -0
- package/scripts/check-deps-online.sh +26 -0
- package/scripts/i18n-registry.py +208 -0
- package/scripts/postinstall-guard.cjs +63 -0
- package/scripts/release.sh +30 -0
- package/skills_ref/1password/SKILL.md +0 -70
- package/skills_ref/agents-sdk/SKILL.md +0 -155
- package/skills_ref/agents-sdk/references/callable.md +0 -92
- package/skills_ref/agents-sdk/references/codemode.md +0 -207
- package/skills_ref/agents-sdk/references/email.md +0 -146
- package/skills_ref/agents-sdk/references/mcp.md +0 -154
- package/skills_ref/agents-sdk/references/state-scheduling.md +0 -164
- package/skills_ref/agents-sdk/references/streaming-chat.md +0 -178
- package/skills_ref/agents-sdk/references/workflows.md +0 -132
- package/skills_ref/algorithmic-art/LICENSE.txt +0 -202
- package/skills_ref/algorithmic-art/SKILL.md +0 -405
- package/skills_ref/algorithmic-art/templates/generator_template.js +0 -223
- package/skills_ref/algorithmic-art/templates/viewer.html +0 -599
- package/skills_ref/apple-notes/SKILL.md +0 -77
- package/skills_ref/apple-reminders/SKILL.md +0 -118
- package/skills_ref/atlas/SKILL.md +0 -99
- package/skills_ref/brainstorming/SKILL.md +0 -96
- package/skills_ref/browser/SKILL.md +0 -179
- package/skills_ref/canvas-design/LICENSE.txt +0 -202
- package/skills_ref/canvas-design/SKILL.md +0 -130
- package/skills_ref/canvas-design/canvas-fonts/ArsenalSC-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/ArsenalSC-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/BigShoulders-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/BigShoulders-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/BigShoulders-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Boldonse-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Boldonse-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/BricolageGrotesque-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/BricolageGrotesque-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/BricolageGrotesque-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/CrimsonPro-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/CrimsonPro-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/CrimsonPro-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/CrimsonPro-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/DMMono-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/DMMono-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/EricaOne-OFL.txt +0 -94
- package/skills_ref/canvas-design/canvas-fonts/EricaOne-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/GeistMono-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/GeistMono-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/GeistMono-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Gloock-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Gloock-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexMono-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexMono-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexMono-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexSerif-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexSerif-BoldItalic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexSerif-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/IBMPlexSerif-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSans-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSans-BoldItalic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSans-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSans-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSans-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSerif-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/InstrumentSerif-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Italiana-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Italiana-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/JetBrainsMono-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/JetBrainsMono-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/JetBrainsMono-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Jura-Light.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Jura-Medium.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Jura-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/LibreBaskerville-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/LibreBaskerville-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Lora-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Lora-BoldItalic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Lora-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Lora-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Lora-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/NationalPark-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/NationalPark-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/NationalPark-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/NothingYouCouldDo-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/NothingYouCouldDo-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Outfit-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Outfit-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Outfit-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/PixelifySans-Medium.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/PixelifySans-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/PoiretOne-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/PoiretOne-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/RedHatMono-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/RedHatMono-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/RedHatMono-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Silkscreen-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Silkscreen-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/SmoochSans-Medium.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/SmoochSans-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Tektur-Medium.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/Tektur-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/Tektur-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/WorkSans-Bold.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/WorkSans-BoldItalic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/WorkSans-Italic.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/WorkSans-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/WorkSans-Regular.ttf +0 -0
- package/skills_ref/canvas-design/canvas-fonts/YoungSerif-OFL.txt +0 -93
- package/skills_ref/canvas-design/canvas-fonts/YoungSerif-Regular.ttf +0 -0
- package/skills_ref/changelog-generator/SKILL.md +0 -104
- package/skills_ref/cloudflare-deploy/SKILL.md +0 -207
- package/skills_ref/codebase-orientation/SKILL.md +0 -29
- package/skills_ref/config-file-explainer/SKILL.md +0 -26
- package/skills_ref/context-compression/SKILL.md +0 -265
- package/skills_ref/context-compression/references/evaluation-framework.md +0 -213
- package/skills_ref/context-compression/scripts/compression_evaluator.py +0 -658
- package/skills_ref/data-structure-chooser/SKILL.md +0 -26
- package/skills_ref/debugging-checklist/SKILL.md +0 -26
- package/skills_ref/debugging-helpers/CREATION-LOG.md +0 -119
- package/skills_ref/debugging-helpers/SKILL.md +0 -296
- package/skills_ref/debugging-helpers/condition-based-waiting-example.ts +0 -158
- package/skills_ref/debugging-helpers/condition-based-waiting.md +0 -115
- package/skills_ref/debugging-helpers/defense-in-depth.md +0 -122
- package/skills_ref/debugging-helpers/find-polluter.sh +0 -63
- package/skills_ref/debugging-helpers/root-cause-tracing.md +0 -169
- package/skills_ref/debugging-helpers/test-academic.md +0 -14
- package/skills_ref/debugging-helpers/test-pressure-1.md +0 -58
- package/skills_ref/debugging-helpers/test-pressure-2.md +0 -68
- package/skills_ref/debugging-helpers/test-pressure-3.md +0 -69
- package/skills_ref/deep-research/.env.example +0 -7
- package/skills_ref/deep-research/README.md +0 -246
- package/skills_ref/deep-research/SKILL.md +0 -106
- package/skills_ref/deep-research/requirements.txt +0 -2
- package/skills_ref/deep-research/scripts/research.py +0 -692
- package/skills_ref/dependency-install-helper/SKILL.md +0 -26
- package/skills_ref/dev/SKILL.md +0 -65
- package/skills_ref/dev-backend/SKILL.md +0 -61
- package/skills_ref/dev-data/SKILL.md +0 -76
- package/skills_ref/dev-frontend/LICENSE.txt +0 -177
- package/skills_ref/dev-frontend/SKILL.md +0 -42
- package/skills_ref/dev-testing/LICENSE.txt +0 -202
- package/skills_ref/dev-testing/SKILL.md +0 -96
- package/skills_ref/dev-testing/examples/console_logging.py +0 -35
- package/skills_ref/dev-testing/examples/element_discovery.py +0 -40
- package/skills_ref/dev-testing/examples/static_html_automation.py +0 -33
- package/skills_ref/dev-testing/scripts/with_server.py +0 -106
- package/skills_ref/develop-web-game/SKILL.md +0 -149
- package/skills_ref/differential-review/.claude-plugin/plugin.json +0 -10
- package/skills_ref/differential-review/README.md +0 -109
- package/skills_ref/differential-review/commands/diff-review.md +0 -21
- package/skills_ref/differential-review/skills/differential-review/SKILL.md +0 -220
- package/skills_ref/differential-review/skills/differential-review/adversarial.md +0 -203
- package/skills_ref/differential-review/skills/differential-review/methodology.md +0 -234
- package/skills_ref/differential-review/skills/differential-review/patterns.md +0 -300
- package/skills_ref/differential-review/skills/differential-review/reporting.md +0 -369
- package/skills_ref/dispatching-parallel-agents/SKILL.md +0 -180
- package/skills_ref/doc-coauthoring/SKILL.md +0 -375
- package/skills_ref/docx/LICENSE.txt +0 -30
- package/skills_ref/docx/SKILL.md +0 -481
- package/skills_ref/docx/scripts/__init__.py +0 -1
- package/skills_ref/docx/scripts/accept_changes.py +0 -135
- package/skills_ref/docx/scripts/comment.py +0 -318
- package/skills_ref/docx/scripts/office/helpers/__init__.py +0 -0
- package/skills_ref/docx/scripts/office/helpers/merge_runs.py +0 -199
- package/skills_ref/docx/scripts/office/helpers/simplify_redlines.py +0 -197
- package/skills_ref/docx/scripts/office/pack.py +0 -159
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +0 -1499
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +0 -146
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +0 -1085
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +0 -11
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +0 -3081
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +0 -23
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +0 -185
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +0 -287
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +0 -1676
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +0 -28
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +0 -144
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +0 -174
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +0 -25
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +0 -18
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +0 -59
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +0 -56
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +0 -195
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +0 -582
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +0 -25
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +0 -4439
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +0 -570
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +0 -509
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +0 -12
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +0 -108
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +0 -96
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +0 -3646
- package/skills_ref/docx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +0 -116
- package/skills_ref/docx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +0 -42
- package/skills_ref/docx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +0 -50
- package/skills_ref/docx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +0 -49
- package/skills_ref/docx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +0 -33
- package/skills_ref/docx/scripts/office/schemas/mce/mc.xsd +0 -75
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-2010.xsd +0 -560
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-2012.xsd +0 -67
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-2018.xsd +0 -14
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +0 -20
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +0 -13
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +0 -4
- package/skills_ref/docx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +0 -8
- package/skills_ref/docx/scripts/office/soffice.py +0 -183
- package/skills_ref/docx/scripts/office/unpack.py +0 -132
- package/skills_ref/docx/scripts/office/validate.py +0 -111
- package/skills_ref/docx/scripts/office/validators/__init__.py +0 -15
- package/skills_ref/docx/scripts/office/validators/base.py +0 -847
- package/skills_ref/docx/scripts/office/validators/docx.py +0 -446
- package/skills_ref/docx/scripts/office/validators/pptx.py +0 -275
- package/skills_ref/docx/scripts/office/validators/redlining.py +0 -247
- package/skills_ref/docx/scripts/templates/comments.xml +0 -3
- package/skills_ref/docx/scripts/templates/commentsExtended.xml +0 -3
- package/skills_ref/docx/scripts/templates/commentsExtensible.xml +0 -3
- package/skills_ref/docx/scripts/templates/commentsIds.xml +0 -3
- package/skills_ref/docx/scripts/templates/people.xml +0 -3
- package/skills_ref/durable-objects/SKILL.md +0 -186
- package/skills_ref/durable-objects/references/rules.md +0 -286
- package/skills_ref/durable-objects/references/testing.md +0 -264
- package/skills_ref/durable-objects/references/workers.md +0 -346
- package/skills_ref/email-draft-polish/SKILL.md +0 -24
- package/skills_ref/error-message-explainer/SKILL.md +0 -27
- package/skills_ref/fal-image-edit/SKILL.md +0 -249
- package/skills_ref/fal-image-edit/scripts/edit-image.sh +0 -199
- package/skills_ref/figma-implement-design/SKILL.md +0 -264
- package/skills_ref/git-worktrees/SKILL.md +0 -218
- package/skills_ref/github/SKILL.md +0 -210
- package/skills_ref/gog/SKILL.md +0 -116
- package/skills_ref/goplaces/SKILL.md +0 -52
- package/skills_ref/himalaya/SKILL.md +0 -257
- package/skills_ref/hugging-face-cli/SKILL.md +0 -186
- package/skills_ref/hugging-face-cli/references/commands.md +0 -954
- package/skills_ref/hugging-face-cli/references/examples.md +0 -374
- package/skills_ref/hugging-face-evaluation/SKILL.md +0 -651
- package/skills_ref/hugging-face-evaluation/examples/.env.example +0 -7
- package/skills_ref/hugging-face-evaluation/examples/USAGE_EXAMPLES.md +0 -382
- package/skills_ref/hugging-face-evaluation/examples/artificial_analysis_to_hub.py +0 -141
- package/skills_ref/hugging-face-evaluation/examples/example_readme_tables.md +0 -135
- package/skills_ref/hugging-face-evaluation/examples/metric_mapping.json +0 -50
- package/skills_ref/hugging-face-evaluation/requirements.txt +0 -20
- package/skills_ref/hugging-face-evaluation/scripts/evaluation_manager.py +0 -1374
- package/skills_ref/hugging-face-evaluation/scripts/inspect_eval_uv.py +0 -104
- package/skills_ref/hugging-face-evaluation/scripts/inspect_vllm_uv.py +0 -317
- package/skills_ref/hugging-face-evaluation/scripts/lighteval_vllm_uv.py +0 -303
- package/skills_ref/hugging-face-evaluation/scripts/run_eval_job.py +0 -98
- package/skills_ref/hugging-face-evaluation/scripts/run_vllm_eval_job.py +0 -331
- package/skills_ref/hugging-face-evaluation/scripts/test_extraction.py +0 -206
- package/skills_ref/hugging-face-model-trainer/SKILL.md +0 -718
- package/skills_ref/hugging-face-model-trainer/references/gguf_conversion.md +0 -296
- package/skills_ref/hugging-face-model-trainer/references/hardware_guide.md +0 -283
- package/skills_ref/hugging-face-model-trainer/references/hub_saving.md +0 -364
- package/skills_ref/hugging-face-model-trainer/references/reliability_principles.md +0 -371
- package/skills_ref/hugging-face-model-trainer/references/trackio_guide.md +0 -189
- package/skills_ref/hugging-face-model-trainer/references/training_methods.md +0 -150
- package/skills_ref/hugging-face-model-trainer/references/training_patterns.md +0 -203
- package/skills_ref/hugging-face-model-trainer/references/troubleshooting.md +0 -282
- package/skills_ref/hugging-face-model-trainer/references/unsloth.md +0 -313
- package/skills_ref/hugging-face-model-trainer/scripts/convert_to_gguf.py +0 -424
- package/skills_ref/hugging-face-model-trainer/scripts/dataset_inspector.py +0 -417
- package/skills_ref/hugging-face-model-trainer/scripts/estimate_cost.py +0 -150
- package/skills_ref/hugging-face-model-trainer/scripts/train_dpo_example.py +0 -106
- package/skills_ref/hugging-face-model-trainer/scripts/train_grpo_example.py +0 -89
- package/skills_ref/hugging-face-model-trainer/scripts/train_sft_example.py +0 -122
- package/skills_ref/hugging-face-model-trainer/scripts/unsloth_sft_example.py +0 -512
- package/skills_ref/imagegen/SKILL.md +0 -174
- package/skills_ref/insecure-defaults/.claude-plugin/plugin.json +0 -10
- package/skills_ref/insecure-defaults/README.md +0 -45
- package/skills_ref/insecure-defaults/skills/insecure-defaults/SKILL.md +0 -117
- package/skills_ref/insecure-defaults/skills/insecure-defaults/references/examples.md +0 -409
- package/skills_ref/jupyter-notebook/SKILL.md +0 -107
- package/skills_ref/linear/SKILL.md +0 -87
- package/skills_ref/linter-fix-guide/SKILL.md +0 -27
- package/skills_ref/log-summarizer/SKILL.md +0 -27
- package/skills_ref/mcp-builder/LICENSE.txt +0 -202
- package/skills_ref/mcp-builder/SKILL.md +0 -236
- package/skills_ref/mcp-builder/reference/evaluation.md +0 -602
- package/skills_ref/mcp-builder/reference/mcp_best_practices.md +0 -249
- package/skills_ref/mcp-builder/reference/node_mcp_server.md +0 -970
- package/skills_ref/mcp-builder/reference/python_mcp_server.md +0 -719
- package/skills_ref/mcp-builder/scripts/connections.py +0 -151
- package/skills_ref/mcp-builder/scripts/evaluation.py +0 -373
- package/skills_ref/mcp-builder/scripts/example_evaluation.xml +0 -22
- package/skills_ref/mcp-builder/scripts/requirements.txt +0 -2
- package/skills_ref/memory/SKILL.md +0 -129
- package/skills_ref/modern-python/.claude-plugin/plugin.json +0 -10
- package/skills_ref/modern-python/README.md +0 -66
- package/skills_ref/modern-python/hooks/hooks.json +0 -16
- package/skills_ref/modern-python/hooks/setup-shims.bats +0 -70
- package/skills_ref/modern-python/hooks/setup-shims.sh +0 -24
- package/skills_ref/modern-python/hooks/shims/pip +0 -27
- package/skills_ref/modern-python/hooks/shims/pip-shim.bats +0 -45
- package/skills_ref/modern-python/hooks/shims/pip3 +0 -27
- package/skills_ref/modern-python/hooks/shims/pipx +0 -41
- package/skills_ref/modern-python/hooks/shims/pipx-shim.bats +0 -64
- package/skills_ref/modern-python/hooks/shims/python +0 -26
- package/skills_ref/modern-python/hooks/shims/python-shim.bats +0 -53
- package/skills_ref/modern-python/hooks/shims/python3 +0 -26
- package/skills_ref/modern-python/hooks/shims/uv +0 -27
- package/skills_ref/modern-python/hooks/shims/uv-shim.bats +0 -47
- package/skills_ref/modern-python/skills/modern-python/SKILL.md +0 -333
- package/skills_ref/modern-python/skills/modern-python/references/dependabot.md +0 -43
- package/skills_ref/modern-python/skills/modern-python/references/migration-checklist.md +0 -141
- package/skills_ref/modern-python/skills/modern-python/references/pep723-scripts.md +0 -259
- package/skills_ref/modern-python/skills/modern-python/references/prek.md +0 -211
- package/skills_ref/modern-python/skills/modern-python/references/pyproject.md +0 -254
- package/skills_ref/modern-python/skills/modern-python/references/ruff-config.md +0 -240
- package/skills_ref/modern-python/skills/modern-python/references/security-setup.md +0 -255
- package/skills_ref/modern-python/skills/modern-python/references/testing.md +0 -284
- package/skills_ref/modern-python/skills/modern-python/references/uv-commands.md +0 -200
- package/skills_ref/modern-python/skills/modern-python/templates/dependabot.yml +0 -36
- package/skills_ref/modern-python/skills/modern-python/templates/pre-commit-config.yaml +0 -66
- package/skills_ref/nano-banana-pro/SKILL.md +0 -58
- package/skills_ref/netlify-deploy/SKILL.md +0 -233
- package/skills_ref/notion/SKILL.md +0 -304
- package/skills_ref/notion-knowledge-capture/SKILL.md +0 -56
- package/skills_ref/notion-meeting-intelligence/SKILL.md +0 -60
- package/skills_ref/notion-research-documentation/SKILL.md +0 -59
- package/skills_ref/notion-spec-to-implementation/SKILL.md +0 -58
- package/skills_ref/obsidian/SKILL.md +0 -81
- package/skills_ref/openai-docs/SKILL.md +0 -56
- package/skills_ref/openhue/SKILL.md +0 -112
- package/skills_ref/pdf/SKILL.md +0 -69
- package/skills_ref/postgres/README.md +0 -77
- package/skills_ref/postgres/SKILL.md +0 -129
- package/skills_ref/postgres/connections.example.json +0 -34
- package/skills_ref/postgres/requirements.txt +0 -1
- package/skills_ref/postgres/scripts/query.py +0 -262
- package/skills_ref/pptx/LICENSE.txt +0 -30
- package/skills_ref/pptx/SKILL.md +0 -232
- package/skills_ref/pptx/editing.md +0 -205
- package/skills_ref/pptx/pptxgenjs.md +0 -420
- package/skills_ref/pptx/scripts/__init__.py +0 -0
- package/skills_ref/pptx/scripts/add_slide.py +0 -195
- package/skills_ref/pptx/scripts/clean.py +0 -286
- package/skills_ref/pptx/scripts/office/helpers/__init__.py +0 -0
- package/skills_ref/pptx/scripts/office/helpers/merge_runs.py +0 -199
- package/skills_ref/pptx/scripts/office/helpers/simplify_redlines.py +0 -197
- package/skills_ref/pptx/scripts/office/pack.py +0 -159
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +0 -1499
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +0 -146
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +0 -1085
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +0 -11
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +0 -3081
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +0 -23
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +0 -185
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +0 -287
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +0 -1676
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +0 -28
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +0 -144
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +0 -174
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +0 -25
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +0 -18
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +0 -59
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +0 -56
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +0 -195
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +0 -582
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +0 -25
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +0 -4439
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +0 -570
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +0 -509
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +0 -12
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +0 -108
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +0 -96
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +0 -3646
- package/skills_ref/pptx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +0 -116
- package/skills_ref/pptx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +0 -42
- package/skills_ref/pptx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +0 -50
- package/skills_ref/pptx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +0 -49
- package/skills_ref/pptx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +0 -33
- package/skills_ref/pptx/scripts/office/schemas/mce/mc.xsd +0 -75
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-2010.xsd +0 -560
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-2012.xsd +0 -67
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-2018.xsd +0 -14
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +0 -20
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +0 -13
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +0 -4
- package/skills_ref/pptx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +0 -8
- package/skills_ref/pptx/scripts/office/soffice.py +0 -183
- package/skills_ref/pptx/scripts/office/unpack.py +0 -132
- package/skills_ref/pptx/scripts/office/validate.py +0 -111
- package/skills_ref/pptx/scripts/office/validators/__init__.py +0 -15
- package/skills_ref/pptx/scripts/office/validators/base.py +0 -847
- package/skills_ref/pptx/scripts/office/validators/docx.py +0 -446
- package/skills_ref/pptx/scripts/office/validators/pptx.py +0 -275
- package/skills_ref/pptx/scripts/office/validators/redlining.py +0 -247
- package/skills_ref/pptx/scripts/thumbnail.py +0 -289
- package/skills_ref/property-based-testing/.claude-plugin/plugin.json +0 -9
- package/skills_ref/property-based-testing/README.md +0 -47
- package/skills_ref/property-based-testing/skills/property-based-testing/README.md +0 -88
- package/skills_ref/property-based-testing/skills/property-based-testing/SKILL.md +0 -123
- package/skills_ref/property-based-testing/skills/property-based-testing/references/design.md +0 -191
- package/skills_ref/property-based-testing/skills/property-based-testing/references/generating.md +0 -204
- package/skills_ref/property-based-testing/skills/property-based-testing/references/interpreting-failures.md +0 -239
- package/skills_ref/property-based-testing/skills/property-based-testing/references/libraries.md +0 -130
- package/skills_ref/property-based-testing/skills/property-based-testing/references/refactoring.md +0 -181
- package/skills_ref/property-based-testing/skills/property-based-testing/references/reviewing.md +0 -209
- package/skills_ref/property-based-testing/skills/property-based-testing/references/strategies.md +0 -124
- package/skills_ref/react-best-practices/AGENTS.md +0 -2934
- package/skills_ref/react-best-practices/README.md +0 -123
- package/skills_ref/react-best-practices/SKILL.md +0 -136
- package/skills_ref/react-best-practices/metadata.json +0 -15
- package/skills_ref/react-best-practices/rules/_sections.md +0 -46
- package/skills_ref/react-best-practices/rules/_template.md +0 -28
- package/skills_ref/react-best-practices/rules/advanced-event-handler-refs.md +0 -55
- package/skills_ref/react-best-practices/rules/advanced-init-once.md +0 -42
- package/skills_ref/react-best-practices/rules/advanced-use-latest.md +0 -39
- package/skills_ref/react-best-practices/rules/async-api-routes.md +0 -38
- package/skills_ref/react-best-practices/rules/async-defer-await.md +0 -80
- package/skills_ref/react-best-practices/rules/async-dependencies.md +0 -51
- package/skills_ref/react-best-practices/rules/async-parallel.md +0 -28
- package/skills_ref/react-best-practices/rules/async-suspense-boundaries.md +0 -99
- package/skills_ref/react-best-practices/rules/bundle-barrel-imports.md +0 -59
- package/skills_ref/react-best-practices/rules/bundle-conditional.md +0 -31
- package/skills_ref/react-best-practices/rules/bundle-defer-third-party.md +0 -49
- package/skills_ref/react-best-practices/rules/bundle-dynamic-imports.md +0 -35
- package/skills_ref/react-best-practices/rules/bundle-preload.md +0 -50
- package/skills_ref/react-best-practices/rules/client-event-listeners.md +0 -74
- package/skills_ref/react-best-practices/rules/client-localstorage-schema.md +0 -71
- package/skills_ref/react-best-practices/rules/client-passive-event-listeners.md +0 -48
- package/skills_ref/react-best-practices/rules/client-swr-dedup.md +0 -56
- package/skills_ref/react-best-practices/rules/js-batch-dom-css.md +0 -107
- package/skills_ref/react-best-practices/rules/js-cache-function-results.md +0 -80
- package/skills_ref/react-best-practices/rules/js-cache-property-access.md +0 -28
- package/skills_ref/react-best-practices/rules/js-cache-storage.md +0 -70
- package/skills_ref/react-best-practices/rules/js-combine-iterations.md +0 -32
- package/skills_ref/react-best-practices/rules/js-early-exit.md +0 -50
- package/skills_ref/react-best-practices/rules/js-hoist-regexp.md +0 -45
- package/skills_ref/react-best-practices/rules/js-index-maps.md +0 -37
- package/skills_ref/react-best-practices/rules/js-length-check-first.md +0 -49
- package/skills_ref/react-best-practices/rules/js-min-max-loop.md +0 -82
- package/skills_ref/react-best-practices/rules/js-set-map-lookups.md +0 -24
- package/skills_ref/react-best-practices/rules/js-tosorted-immutable.md +0 -57
- package/skills_ref/react-best-practices/rules/rendering-activity.md +0 -26
- package/skills_ref/react-best-practices/rules/rendering-animate-svg-wrapper.md +0 -47
- package/skills_ref/react-best-practices/rules/rendering-conditional-render.md +0 -40
- package/skills_ref/react-best-practices/rules/rendering-content-visibility.md +0 -38
- package/skills_ref/react-best-practices/rules/rendering-hoist-jsx.md +0 -46
- package/skills_ref/react-best-practices/rules/rendering-hydration-no-flicker.md +0 -82
- package/skills_ref/react-best-practices/rules/rendering-hydration-suppress-warning.md +0 -30
- package/skills_ref/react-best-practices/rules/rendering-svg-precision.md +0 -28
- package/skills_ref/react-best-practices/rules/rendering-usetransition-loading.md +0 -75
- package/skills_ref/react-best-practices/rules/rerender-defer-reads.md +0 -39
- package/skills_ref/react-best-practices/rules/rerender-dependencies.md +0 -45
- package/skills_ref/react-best-practices/rules/rerender-derived-state-no-effect.md +0 -40
- package/skills_ref/react-best-practices/rules/rerender-derived-state.md +0 -29
- package/skills_ref/react-best-practices/rules/rerender-functional-setstate.md +0 -74
- package/skills_ref/react-best-practices/rules/rerender-lazy-state-init.md +0 -58
- package/skills_ref/react-best-practices/rules/rerender-memo-with-default-value.md +0 -38
- package/skills_ref/react-best-practices/rules/rerender-memo.md +0 -44
- package/skills_ref/react-best-practices/rules/rerender-move-effect-to-event.md +0 -45
- package/skills_ref/react-best-practices/rules/rerender-simple-expression-in-memo.md +0 -35
- package/skills_ref/react-best-practices/rules/rerender-transitions.md +0 -40
- package/skills_ref/react-best-practices/rules/rerender-use-ref-transient-values.md +0 -73
- package/skills_ref/react-best-practices/rules/server-after-nonblocking.md +0 -73
- package/skills_ref/react-best-practices/rules/server-auth-actions.md +0 -96
- package/skills_ref/react-best-practices/rules/server-cache-lru.md +0 -41
- package/skills_ref/react-best-practices/rules/server-cache-react.md +0 -76
- package/skills_ref/react-best-practices/rules/server-dedup-props.md +0 -65
- package/skills_ref/react-best-practices/rules/server-parallel-fetching.md +0 -83
- package/skills_ref/react-best-practices/rules/server-serialization.md +0 -38
- package/skills_ref/receiving-code-review/SKILL.md +0 -213
- package/skills_ref/registry.json +0 -1493
- package/skills_ref/render-deploy/SKILL.md +0 -462
- package/skills_ref/requesting-code-review/SKILL.md +0 -105
- package/skills_ref/requesting-code-review/code-reviewer.md +0 -146
- package/skills_ref/screen-capture/SKILL.md +0 -162
- package/skills_ref/security-best-practices/LICENSE.txt +0 -201
- package/skills_ref/security-best-practices/SKILL.md +0 -86
- package/skills_ref/security-best-practices/agents/openai.yaml +0 -4
- package/skills_ref/security-best-practices/references/golang-general-backend-security.md +0 -826
- package/skills_ref/security-best-practices/references/javascript-express-web-server-security.md +0 -1158
- package/skills_ref/security-best-practices/references/javascript-general-web-frontend-security.md +0 -747
- package/skills_ref/security-best-practices/references/javascript-jquery-web-frontend-security.md +0 -678
- package/skills_ref/security-best-practices/references/javascript-typescript-nextjs-web-server-security.md +0 -1144
- package/skills_ref/security-best-practices/references/javascript-typescript-react-web-frontend-security.md +0 -990
- package/skills_ref/security-best-practices/references/javascript-typescript-vue-web-frontend-security.md +0 -791
- package/skills_ref/security-best-practices/references/python-django-web-server-security.md +0 -882
- package/skills_ref/security-best-practices/references/python-fastapi-web-server-security.md +0 -1036
- package/skills_ref/security-best-practices/references/python-flask-web-server-security.md +0 -705
- package/skills_ref/security-ownership-map/LICENSE.txt +0 -201
- package/skills_ref/security-ownership-map/SKILL.md +0 -206
- package/skills_ref/security-ownership-map/agents/openai.yaml +0 -4
- package/skills_ref/security-ownership-map/references/neo4j-import.md +0 -60
- package/skills_ref/security-ownership-map/scripts/build_ownership_map.py +0 -956
- package/skills_ref/security-ownership-map/scripts/community_maintainers.py +0 -544
- package/skills_ref/security-ownership-map/scripts/query_ownership.py +0 -483
- package/skills_ref/security-ownership-map/scripts/run_ownership_map.py +0 -200
- package/skills_ref/security-threat-model/LICENSE.txt +0 -201
- package/skills_ref/security-threat-model/SKILL.md +0 -81
- package/skills_ref/security-threat-model/agents/openai.yaml +0 -4
- package/skills_ref/security-threat-model/references/prompt-template.md +0 -255
- package/skills_ref/security-threat-model/references/security-controls-and-assets.md +0 -32
- package/skills_ref/sentry/SKILL.md +0 -123
- package/skills_ref/skill-creator/SKILL.md +0 -372
- package/skills_ref/sora/SKILL.md +0 -153
- package/skills_ref/speech/SKILL.md +0 -144
- package/skills_ref/spotify-player/SKILL.md +0 -64
- package/skills_ref/static-analysis/.claude-plugin/plugin.json +0 -8
- package/skills_ref/static-analysis/README.md +0 -65
- package/skills_ref/static-analysis/agents/semgrep-scanner.md +0 -71
- package/skills_ref/static-analysis/agents/semgrep-triager.md +0 -107
- package/skills_ref/static-analysis/skills/codeql/SKILL.md +0 -119
- package/skills_ref/static-analysis/skills/codeql/references/diagnostic-query-templates.md +0 -339
- package/skills_ref/static-analysis/skills/codeql/references/language-details.md +0 -207
- package/skills_ref/static-analysis/skills/codeql/references/performance-tuning.md +0 -111
- package/skills_ref/static-analysis/skills/codeql/references/ruleset-catalog.md +0 -63
- package/skills_ref/static-analysis/skills/codeql/references/threat-models.md +0 -44
- package/skills_ref/static-analysis/skills/codeql/workflows/build-database.md +0 -669
- package/skills_ref/static-analysis/skills/codeql/workflows/create-data-extensions.md +0 -536
- package/skills_ref/static-analysis/skills/codeql/workflows/run-analysis.md +0 -436
- package/skills_ref/static-analysis/skills/sarif-parsing/SKILL.md +0 -479
- package/skills_ref/static-analysis/skills/sarif-parsing/resources/jq-queries.md +0 -162
- package/skills_ref/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +0 -331
- package/skills_ref/static-analysis/skills/semgrep/SKILL.md +0 -431
- package/skills_ref/static-analysis/skills/semgrep/references/rulesets.md +0 -162
- package/skills_ref/static-analysis/skills/semgrep/references/scanner-task-prompt.md +0 -102
- package/skills_ref/static-analysis/skills/semgrep/references/triage-task-prompt.md +0 -122
- package/skills_ref/static-analysis/skills/semgrep/scripts/merge_triaged_sarif.py +0 -252
- package/skills_ref/summarize/SKILL.md +0 -87
- package/skills_ref/tdd/SKILL.md +0 -371
- package/skills_ref/tdd/testing-anti-patterns.md +0 -299
- package/skills_ref/telegram-send/SKILL.md +0 -99
- package/skills_ref/terraform/README.md +0 -105
- package/skills_ref/terraform/code-generation/.claude-plugin/plugin.json +0 -30
- package/skills_ref/terraform/code-generation/skills/azure-verified-modules/SKILL.md +0 -613
- package/skills_ref/terraform/code-generation/skills/terraform-style-guide/SKILL.md +0 -353
- package/skills_ref/terraform/code-generation/skills/terraform-test/SKILL.md +0 -1669
- package/skills_ref/terraform/module-generation/.claude-plugin/plugin.json +0 -30
- package/skills_ref/terraform/module-generation/skills/refactor-module/SKILL.md +0 -538
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/SKILL.md +0 -468
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/api-monitoring.md +0 -543
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/component-blocks.md +0 -476
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/deployment-blocks.md +0 -391
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/examples.md +0 -1529
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/linked-stacks.md +0 -187
- package/skills_ref/terraform/module-generation/skills/terraform-stacks/references/troubleshooting.md +0 -671
- package/skills_ref/terraform/provider-development/.claude-plugin/plugin.json +0 -13
- package/skills_ref/terraform/provider-development/skills/new-terraform-provider/SKILL.md +0 -25
- package/skills_ref/terraform/provider-development/skills/new-terraform-provider/assets/main.go +0 -40
- package/skills_ref/terraform/provider-development/skills/provider-actions/SKILL.md +0 -478
- package/skills_ref/terraform/provider-development/skills/provider-resources/SKILL.md +0 -599
- package/skills_ref/terraform/provider-development/skills/run-acceptance-tests/SKILL.md +0 -41
- package/skills_ref/theme-factory/LICENSE.txt +0 -202
- package/skills_ref/theme-factory/SKILL.md +0 -59
- package/skills_ref/theme-factory/theme-showcase.pdf +0 -0
- package/skills_ref/theme-factory/themes/arctic-frost.md +0 -19
- package/skills_ref/theme-factory/themes/botanical-garden.md +0 -19
- package/skills_ref/theme-factory/themes/desert-rose.md +0 -19
- package/skills_ref/theme-factory/themes/forest-canopy.md +0 -19
- package/skills_ref/theme-factory/themes/golden-hour.md +0 -19
- package/skills_ref/theme-factory/themes/midnight-galaxy.md +0 -19
- package/skills_ref/theme-factory/themes/modern-minimalist.md +0 -19
- package/skills_ref/theme-factory/themes/ocean-depths.md +0 -19
- package/skills_ref/theme-factory/themes/sunset-boulevard.md +0 -19
- package/skills_ref/theme-factory/themes/tech-innovation.md +0 -19
- package/skills_ref/things-mac/SKILL.md +0 -86
- package/skills_ref/tmux/SKILL.md +0 -153
- package/skills_ref/transcribe/SKILL.md +0 -81
- package/skills_ref/trello/SKILL.md +0 -95
- package/skills_ref/tts/SKILL.md +0 -99
- package/skills_ref/vercel-deploy/SKILL.md +0 -115
- package/skills_ref/video-downloader/SKILL.md +0 -99
- package/skills_ref/video-downloader/scripts/download_video.py +0 -145
- package/skills_ref/video-frames/SKILL.md +0 -46
- package/skills_ref/vision-click/SKILL.md +0 -128
- package/skills_ref/weather/SKILL.md +0 -112
- package/skills_ref/web-artifacts-builder/LICENSE.txt +0 -202
- package/skills_ref/web-artifacts-builder/SKILL.md +0 -74
- package/skills_ref/web-artifacts-builder/scripts/bundle-artifact.sh +0 -54
- package/skills_ref/web-artifacts-builder/scripts/init-artifact.sh +0 -322
- package/skills_ref/web-artifacts-builder/scripts/shadcn-components.tar.gz +0 -0
- package/skills_ref/web-perf/SKILL.md +0 -193
- package/skills_ref/web-routing/SKILL.md +0 -26
- package/skills_ref/whatsapp/SKILL.md +0 -255
- package/skills_ref/whatsapp/assets/agent-app-integration-example.json +0 -35
- package/skills_ref/whatsapp/assets/databases-example.json +0 -11
- package/skills_ref/whatsapp/assets/function-decide-route-interactive-buttons.json +0 -6
- package/skills_ref/whatsapp/assets/functions-example.json +0 -5
- package/skills_ref/whatsapp/assets/workflow-agent-simple.json +0 -31
- package/skills_ref/whatsapp/assets/workflow-api-template-wait-agent.json +0 -59
- package/skills_ref/whatsapp/assets/workflow-customer-support-intake-agent.json +0 -56
- package/skills_ref/whatsapp/assets/workflow-decision.json +0 -83
- package/skills_ref/whatsapp/assets/workflow-interactive-buttons-decide-ai.json +0 -89
- package/skills_ref/whatsapp/assets/workflow-interactive-buttons-decide-function.json +0 -88
- package/skills_ref/whatsapp/assets/workflow-linear.json +0 -53
- package/skills_ref/whatsapp/package.json +0 -10
- package/skills_ref/whatsapp/references/app-integrations.md +0 -89
- package/skills_ref/whatsapp/references/databases-reference.md +0 -21
- package/skills_ref/whatsapp/references/execution-context.md +0 -42
- package/skills_ref/whatsapp/references/function-contracts.md +0 -55
- package/skills_ref/whatsapp/references/functions-payloads.md +0 -87
- package/skills_ref/whatsapp/references/functions-reference.md +0 -133
- package/skills_ref/whatsapp/references/graph-contract.md +0 -145
- package/skills_ref/whatsapp/references/node-types.md +0 -430
- package/skills_ref/whatsapp/references/triggers.md +0 -20
- package/skills_ref/whatsapp/references/workflow-overview.md +0 -22
- package/skills_ref/whatsapp/references/workflow-reference.md +0 -123
- package/skills_ref/whatsapp/scripts/configure-prop.js +0 -113
- package/skills_ref/whatsapp/scripts/create-connect-token.js +0 -38
- package/skills_ref/whatsapp/scripts/create-function.js +0 -64
- package/skills_ref/whatsapp/scripts/create-integration.js +0 -137
- package/skills_ref/whatsapp/scripts/create-row.js +0 -47
- package/skills_ref/whatsapp/scripts/create-trigger.js +0 -88
- package/skills_ref/whatsapp/scripts/create-workflow.js +0 -85
- package/skills_ref/whatsapp/scripts/delete-integration.js +0 -44
- package/skills_ref/whatsapp/scripts/delete-row.js +0 -49
- package/skills_ref/whatsapp/scripts/delete-trigger.js +0 -44
- package/skills_ref/whatsapp/scripts/deploy-function.js +0 -47
- package/skills_ref/whatsapp/scripts/edit-graph.js +0 -289
- package/skills_ref/whatsapp/scripts/get-action-schema.js +0 -44
- package/skills_ref/whatsapp/scripts/get-context-value.js +0 -80
- package/skills_ref/whatsapp/scripts/get-execution-event.js +0 -55
- package/skills_ref/whatsapp/scripts/get-execution.js +0 -44
- package/skills_ref/whatsapp/scripts/get-function.js +0 -43
- package/skills_ref/whatsapp/scripts/get-graph.js +0 -85
- package/skills_ref/whatsapp/scripts/get-table.js +0 -45
- package/skills_ref/whatsapp/scripts/get-workflow.js +0 -44
- package/skills_ref/whatsapp/scripts/invoke-function.js +0 -60
- package/skills_ref/whatsapp/scripts/lib/databases/args.js +0 -87
- package/skills_ref/whatsapp/scripts/lib/databases/filters.js +0 -30
- package/skills_ref/whatsapp/scripts/lib/databases/kapso-api.js +0 -70
- package/skills_ref/whatsapp/scripts/lib/functions/args.js +0 -55
- package/skills_ref/whatsapp/scripts/lib/functions/kapso-api.js +0 -70
- package/skills_ref/whatsapp/scripts/lib/workflows/args.js +0 -53
- package/skills_ref/whatsapp/scripts/lib/workflows/kapso-api.js +0 -123
- package/skills_ref/whatsapp/scripts/lib/workflows/result.js +0 -16
- package/skills_ref/whatsapp/scripts/list-accounts.js +0 -62
- package/skills_ref/whatsapp/scripts/list-apps.js +0 -42
- package/skills_ref/whatsapp/scripts/list-execution-events.js +0 -61
- package/skills_ref/whatsapp/scripts/list-executions.js +0 -53
- package/skills_ref/whatsapp/scripts/list-function-invocations.js +0 -53
- package/skills_ref/whatsapp/scripts/list-functions.js +0 -41
- package/skills_ref/whatsapp/scripts/list-integrations.js +0 -41
- package/skills_ref/whatsapp/scripts/list-provider-models.js +0 -48
- package/skills_ref/whatsapp/scripts/list-tables.js +0 -41
- package/skills_ref/whatsapp/scripts/list-triggers.js +0 -44
- package/skills_ref/whatsapp/scripts/list-whatsapp-phone-numbers.js +0 -56
- package/skills_ref/whatsapp/scripts/list-workflows.js +0 -44
- package/skills_ref/whatsapp/scripts/openapi-explore.mjs +0 -1273
- package/skills_ref/whatsapp/scripts/query-rows.js +0 -71
- package/skills_ref/whatsapp/scripts/reload-props.js +0 -110
- package/skills_ref/whatsapp/scripts/resume-execution.js +0 -75
- package/skills_ref/whatsapp/scripts/search-actions.js +0 -64
- package/skills_ref/whatsapp/scripts/update-execution-status.js +0 -51
- package/skills_ref/whatsapp/scripts/update-function.js +0 -65
- package/skills_ref/whatsapp/scripts/update-graph.js +0 -154
- package/skills_ref/whatsapp/scripts/update-integration.js +0 -82
- package/skills_ref/whatsapp/scripts/update-row.js +0 -51
- package/skills_ref/whatsapp/scripts/update-trigger.js +0 -60
- package/skills_ref/whatsapp/scripts/update-workflow-settings.js +0 -67
- package/skills_ref/whatsapp/scripts/upsert-row.js +0 -64
- package/skills_ref/whatsapp/scripts/validate-graph.js +0 -293
- package/skills_ref/whatsapp/scripts/variables-delete.js +0 -37
- package/skills_ref/whatsapp/scripts/variables-list.js +0 -55
- package/skills_ref/whatsapp/scripts/variables-set.js +0 -39
- package/skills_ref/writing-plans/SKILL.md +0 -116
- package/skills_ref/xlsx/LICENSE.txt +0 -30
- package/skills_ref/xlsx/SKILL.md +0 -292
- package/skills_ref/xlsx/scripts/office/helpers/__init__.py +0 -0
- package/skills_ref/xlsx/scripts/office/helpers/merge_runs.py +0 -199
- package/skills_ref/xlsx/scripts/office/helpers/simplify_redlines.py +0 -197
- package/skills_ref/xlsx/scripts/office/pack.py +0 -159
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chart.xsd +0 -1499
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-chartDrawing.xsd +0 -146
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-diagram.xsd +0 -1085
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-lockedCanvas.xsd +0 -11
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-main.xsd +0 -3081
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-picture.xsd +0 -23
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-spreadsheetDrawing.xsd +0 -185
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/dml-wordprocessingDrawing.xsd +0 -287
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/pml.xsd +0 -1676
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-additionalCharacteristics.xsd +0 -28
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-bibliography.xsd +0 -144
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-commonSimpleTypes.xsd +0 -174
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlDataProperties.xsd +0 -25
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-customXmlSchemaProperties.xsd +0 -18
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesCustom.xsd +0 -59
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesExtended.xsd +0 -56
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-documentPropertiesVariantTypes.xsd +0 -195
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-math.xsd +0 -582
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/shared-relationshipReference.xsd +0 -25
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/sml.xsd +0 -4439
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-main.xsd +0 -570
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-officeDrawing.xsd +0 -509
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-presentationDrawing.xsd +0 -12
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-spreadsheetDrawing.xsd +0 -108
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/vml-wordprocessingDrawing.xsd +0 -96
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/wml.xsd +0 -3646
- package/skills_ref/xlsx/scripts/office/schemas/ISO-IEC29500-4_2016/xml.xsd +0 -116
- package/skills_ref/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-contentTypes.xsd +0 -42
- package/skills_ref/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-coreProperties.xsd +0 -50
- package/skills_ref/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-digSig.xsd +0 -49
- package/skills_ref/xlsx/scripts/office/schemas/ecma/fouth-edition/opc-relationships.xsd +0 -33
- package/skills_ref/xlsx/scripts/office/schemas/mce/mc.xsd +0 -75
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-2010.xsd +0 -560
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-2012.xsd +0 -67
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-2018.xsd +0 -14
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-cex-2018.xsd +0 -20
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-cid-2016.xsd +0 -13
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-sdtdatahash-2020.xsd +0 -4
- package/skills_ref/xlsx/scripts/office/schemas/microsoft/wml-symex-2015.xsd +0 -8
- package/skills_ref/xlsx/scripts/office/soffice.py +0 -183
- package/skills_ref/xlsx/scripts/office/unpack.py +0 -132
- package/skills_ref/xlsx/scripts/office/validate.py +0 -111
- package/skills_ref/xlsx/scripts/office/validators/__init__.py +0 -15
- package/skills_ref/xlsx/scripts/office/validators/base.py +0 -847
- package/skills_ref/xlsx/scripts/office/validators/docx.py +0 -446
- package/skills_ref/xlsx/scripts/office/validators/pptx.py +0 -275
- package/skills_ref/xlsx/scripts/office/validators/redlining.py +0 -247
- package/skills_ref/xlsx/scripts/recalc.py +0 -184
- package/skills_ref/xurl/SKILL.md +0 -461
|
@@ -1,431 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: semgrep
|
|
3
|
-
description: Run Semgrep static analysis scan on a codebase using parallel subagents. Automatically
|
|
4
|
-
detects and uses Semgrep Pro for cross-file analysis when available. Use when asked to scan
|
|
5
|
-
code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform
|
|
6
|
-
static analysis. Spawns parallel workers for multi-language codebases and triage.
|
|
7
|
-
allowed-tools:
|
|
8
|
-
- Bash
|
|
9
|
-
- Read
|
|
10
|
-
- Glob
|
|
11
|
-
- Grep
|
|
12
|
-
- Write
|
|
13
|
-
- Task
|
|
14
|
-
- AskUserQuestion
|
|
15
|
-
- TaskCreate
|
|
16
|
-
- TaskList
|
|
17
|
-
- TaskUpdate
|
|
18
|
-
- WebFetch
|
|
19
|
-
---
|
|
20
|
-
|
|
21
|
-
# Semgrep Security Scan
|
|
22
|
-
|
|
23
|
-
Run a complete Semgrep scan with automatic language detection, parallel execution via Task subagents, and parallel triage. Automatically uses Semgrep Pro for cross-file taint analysis when available.
|
|
24
|
-
|
|
25
|
-
## Prerequisites
|
|
26
|
-
|
|
27
|
-
**Required:** Semgrep CLI
|
|
28
|
-
|
|
29
|
-
```bash
|
|
30
|
-
semgrep --version
|
|
31
|
-
```
|
|
32
|
-
|
|
33
|
-
If not installed, see [Semgrep installation docs](https://semgrep.dev/docs/getting-started/).
|
|
34
|
-
|
|
35
|
-
**Optional:** Semgrep Pro (for cross-file analysis and Pro languages)
|
|
36
|
-
|
|
37
|
-
```bash
|
|
38
|
-
# Check if Semgrep Pro engine is installed
|
|
39
|
-
semgrep --pro --validate --config p/default 2>/dev/null && echo "Pro available" || echo "OSS only"
|
|
40
|
-
|
|
41
|
-
# If logged in, install/update Pro Engine
|
|
42
|
-
semgrep install-semgrep-pro
|
|
43
|
-
```
|
|
44
|
-
|
|
45
|
-
Pro enables: cross-file taint tracking, inter-procedural analysis, and additional languages (Apex, C#, Elixir).
|
|
46
|
-
|
|
47
|
-
## When to Use
|
|
48
|
-
|
|
49
|
-
- Security audit of a codebase
|
|
50
|
-
- Finding vulnerabilities before code review
|
|
51
|
-
- Scanning for known bug patterns
|
|
52
|
-
- First-pass static analysis
|
|
53
|
-
|
|
54
|
-
## When NOT to Use
|
|
55
|
-
|
|
56
|
-
- Binary analysis → Use binary analysis tools
|
|
57
|
-
- Already have Semgrep CI configured → Use existing pipeline
|
|
58
|
-
- Need cross-file analysis but no Pro license → Consider CodeQL as alternative
|
|
59
|
-
- Creating custom Semgrep rules → Use `semgrep-rule-creator` skill
|
|
60
|
-
- Porting existing rules to other languages → Use `semgrep-rule-variant-creator` skill
|
|
61
|
-
|
|
62
|
-
---
|
|
63
|
-
|
|
64
|
-
## Orchestration Architecture
|
|
65
|
-
|
|
66
|
-
This skill uses **parallel Task subagents** for maximum efficiency:
|
|
67
|
-
|
|
68
|
-
```
|
|
69
|
-
┌─────────────────────────────────────────────────────────────────┐
|
|
70
|
-
│ MAIN AGENT │
|
|
71
|
-
│ 1. Detect languages + check Pro availability │
|
|
72
|
-
│ 2. Select rulesets based on detection (ref: rulesets.md) │
|
|
73
|
-
│ 3. Present plan + rulesets, get approval [⛔ HARD GATE] │
|
|
74
|
-
│ 4. Spawn parallel scan Tasks (with approved rulesets) │
|
|
75
|
-
│ 5. Spawn parallel triage Tasks │
|
|
76
|
-
│ 6. Collect and report results │
|
|
77
|
-
└─────────────────────────────────────────────────────────────────┘
|
|
78
|
-
│ Step 4 │ Step 5
|
|
79
|
-
▼ ▼
|
|
80
|
-
┌─────────────────┐ ┌─────────────────┐
|
|
81
|
-
│ Scan Tasks │ │ Triage Tasks │
|
|
82
|
-
│ (parallel) │ │ (parallel) │
|
|
83
|
-
├─────────────────┤ ├─────────────────┤
|
|
84
|
-
│ Python scanner │ │ Python triager │
|
|
85
|
-
│ JS/TS scanner │ │ JS/TS triager │
|
|
86
|
-
│ Go scanner │ │ Go triager │
|
|
87
|
-
│ Docker scanner │ │ Docker triager │
|
|
88
|
-
└─────────────────┘ └─────────────────┘
|
|
89
|
-
```
|
|
90
|
-
|
|
91
|
-
---
|
|
92
|
-
|
|
93
|
-
## Workflow Enforcement via Task System
|
|
94
|
-
|
|
95
|
-
This skill uses the **Task system** to enforce workflow compliance. On invocation, create these tasks:
|
|
96
|
-
|
|
97
|
-
```
|
|
98
|
-
TaskCreate: "Detect languages and Pro availability" (Step 1)
|
|
99
|
-
TaskCreate: "Select rulesets based on detection" (Step 2) - blockedBy: Step 1
|
|
100
|
-
TaskCreate: "Present plan with rulesets, get approval" (Step 3) - blockedBy: Step 2
|
|
101
|
-
TaskCreate: "Execute scans with approved rulesets" (Step 4) - blockedBy: Step 3
|
|
102
|
-
TaskCreate: "Triage findings" (Step 5) - blockedBy: Step 4
|
|
103
|
-
TaskCreate: "Report results" (Step 6) - blockedBy: Step 5
|
|
104
|
-
```
|
|
105
|
-
|
|
106
|
-
### Mandatory Gates
|
|
107
|
-
|
|
108
|
-
| Task | Gate Type | Cannot Proceed Until |
|
|
109
|
-
|------|-----------|---------------------|
|
|
110
|
-
| Step 3: Get approval | **HARD GATE** | User explicitly approves rulesets + plan |
|
|
111
|
-
| Step 5: Triage | **SOFT GATE** | All scan JSON files exist |
|
|
112
|
-
|
|
113
|
-
**Step 3 is a HARD GATE**: Mark as `completed` ONLY after user says "yes", "proceed", "approved", or equivalent.
|
|
114
|
-
|
|
115
|
-
### Task Flow Example
|
|
116
|
-
|
|
117
|
-
```
|
|
118
|
-
1. Create all 6 tasks with dependencies
|
|
119
|
-
2. TaskUpdate Step 1 → in_progress, execute detection
|
|
120
|
-
3. TaskUpdate Step 1 → completed
|
|
121
|
-
4. TaskUpdate Step 2 → in_progress, select rulesets
|
|
122
|
-
5. TaskUpdate Step 2 → completed
|
|
123
|
-
6. TaskUpdate Step 3 → in_progress, present plan with rulesets
|
|
124
|
-
7. STOP: Wait for user response (may modify rulesets)
|
|
125
|
-
8. User approves → TaskUpdate Step 3 → completed
|
|
126
|
-
9. TaskUpdate Step 4 → in_progress (now unblocked)
|
|
127
|
-
... continue workflow
|
|
128
|
-
```
|
|
129
|
-
|
|
130
|
-
---
|
|
131
|
-
|
|
132
|
-
## Workflow
|
|
133
|
-
|
|
134
|
-
### Step 1: Detect Languages and Pro Availability (Main Agent)
|
|
135
|
-
|
|
136
|
-
```bash
|
|
137
|
-
# Check if Semgrep Pro is available (non-destructive check)
|
|
138
|
-
SEMGREP_PRO=false
|
|
139
|
-
if semgrep --pro --validate --config p/default 2>/dev/null; then
|
|
140
|
-
SEMGREP_PRO=true
|
|
141
|
-
echo "Semgrep Pro: AVAILABLE (cross-file analysis enabled)"
|
|
142
|
-
else
|
|
143
|
-
echo "Semgrep Pro: NOT AVAILABLE (OSS mode, single-file analysis)"
|
|
144
|
-
fi
|
|
145
|
-
|
|
146
|
-
# Find languages by file extension
|
|
147
|
-
fd -t f -e py -e js -e ts -e jsx -e tsx -e go -e rb -e java -e php -e c -e cpp -e rs | \
|
|
148
|
-
sed 's/.*\.//' | sort | uniq -c | sort -rn
|
|
149
|
-
|
|
150
|
-
# Check for frameworks/technologies
|
|
151
|
-
ls -la package.json pyproject.toml Gemfile go.mod Cargo.toml pom.xml 2>/dev/null
|
|
152
|
-
fd -t f "Dockerfile" "docker-compose" ".tf" "*.yaml" "*.yml" | head -20
|
|
153
|
-
```
|
|
154
|
-
|
|
155
|
-
Map findings to categories:
|
|
156
|
-
|
|
157
|
-
| Detection | Category |
|
|
158
|
-
|-----------|----------|
|
|
159
|
-
| `.py`, `pyproject.toml` | Python |
|
|
160
|
-
| `.js`, `.ts`, `package.json` | JavaScript/TypeScript |
|
|
161
|
-
| `.go`, `go.mod` | Go |
|
|
162
|
-
| `.rb`, `Gemfile` | Ruby |
|
|
163
|
-
| `.java`, `pom.xml` | Java |
|
|
164
|
-
| `.php` | PHP |
|
|
165
|
-
| `.c`, `.cpp` | C/C++ |
|
|
166
|
-
| `.rs`, `Cargo.toml` | Rust |
|
|
167
|
-
| `Dockerfile` | Docker |
|
|
168
|
-
| `.tf` | Terraform |
|
|
169
|
-
| k8s manifests | Kubernetes |
|
|
170
|
-
|
|
171
|
-
### Step 2: Select Rulesets Based on Detection
|
|
172
|
-
|
|
173
|
-
Using the detected languages and frameworks from Step 1, select rulesets by following the **Ruleset Selection Algorithm** in [rulesets.md]({baseDir}/references/rulesets.md).
|
|
174
|
-
|
|
175
|
-
The algorithm covers:
|
|
176
|
-
1. Security baseline (always included)
|
|
177
|
-
2. Language-specific rulesets
|
|
178
|
-
3. Framework rulesets (if detected)
|
|
179
|
-
4. Infrastructure rulesets
|
|
180
|
-
5. **Required** third-party rulesets (Trail of Bits, 0xdea, Decurity - NOT optional)
|
|
181
|
-
6. Registry verification
|
|
182
|
-
|
|
183
|
-
**Output:** Structured JSON passed to Step 3 for user review:
|
|
184
|
-
|
|
185
|
-
```json
|
|
186
|
-
{
|
|
187
|
-
"baseline": ["p/security-audit", "p/secrets"],
|
|
188
|
-
"python": ["p/python", "p/django"],
|
|
189
|
-
"javascript": ["p/javascript", "p/react", "p/nodejs"],
|
|
190
|
-
"docker": ["p/dockerfile"],
|
|
191
|
-
"third_party": ["https://github.com/trailofbits/semgrep-rules"]
|
|
192
|
-
}
|
|
193
|
-
```
|
|
194
|
-
|
|
195
|
-
### Step 3: CRITICAL GATE - Present Plan and Get Approval
|
|
196
|
-
|
|
197
|
-
> **⛔ MANDATORY CHECKPOINT - DO NOT SKIP**
|
|
198
|
-
>
|
|
199
|
-
> This step requires explicit user approval before proceeding.
|
|
200
|
-
> User may modify rulesets before approving.
|
|
201
|
-
|
|
202
|
-
Present plan to user with **explicit ruleset listing**:
|
|
203
|
-
|
|
204
|
-
```
|
|
205
|
-
## Semgrep Scan Plan
|
|
206
|
-
|
|
207
|
-
**Target:** /path/to/codebase
|
|
208
|
-
**Output directory:** ./semgrep-results-001/
|
|
209
|
-
**Engine:** Semgrep Pro (cross-file analysis) | Semgrep OSS (single-file)
|
|
210
|
-
|
|
211
|
-
### Detected Languages/Technologies:
|
|
212
|
-
- Python (1,234 files) - Django framework detected
|
|
213
|
-
- JavaScript (567 files) - React detected
|
|
214
|
-
- Dockerfile (3 files)
|
|
215
|
-
|
|
216
|
-
### Rulesets to Run:
|
|
217
|
-
|
|
218
|
-
**Security Baseline (always included):**
|
|
219
|
-
- [x] `p/security-audit` - Comprehensive security rules
|
|
220
|
-
- [x] `p/secrets` - Hardcoded credentials, API keys
|
|
221
|
-
|
|
222
|
-
**Python (1,234 files):**
|
|
223
|
-
- [x] `p/python` - Python security patterns
|
|
224
|
-
- [x] `p/django` - Django-specific vulnerabilities
|
|
225
|
-
|
|
226
|
-
**JavaScript (567 files):**
|
|
227
|
-
- [x] `p/javascript` - JavaScript security patterns
|
|
228
|
-
- [x] `p/react` - React-specific issues
|
|
229
|
-
- [x] `p/nodejs` - Node.js server-side patterns
|
|
230
|
-
|
|
231
|
-
**Docker (3 files):**
|
|
232
|
-
- [x] `p/dockerfile` - Dockerfile best practices
|
|
233
|
-
|
|
234
|
-
**Third-party (auto-included for detected languages):**
|
|
235
|
-
- [x] Trail of Bits rules - https://github.com/trailofbits/semgrep-rules
|
|
236
|
-
|
|
237
|
-
**Available but not selected:**
|
|
238
|
-
- [ ] `p/owasp-top-ten` - OWASP Top 10 (overlaps with security-audit)
|
|
239
|
-
|
|
240
|
-
### Execution Strategy:
|
|
241
|
-
- Spawn 3 parallel scan Tasks (Python, JavaScript, Docker)
|
|
242
|
-
- Total rulesets: 9
|
|
243
|
-
- [If Pro] Cross-file taint tracking enabled
|
|
244
|
-
- Scan agent: `static-analysis:semgrep-scanner`
|
|
245
|
-
- Triage agent: `static-analysis:semgrep-triager`
|
|
246
|
-
|
|
247
|
-
**Want to modify rulesets?** Tell me which to add or remove.
|
|
248
|
-
**Ready to scan?** Say "proceed" or "yes".
|
|
249
|
-
```
|
|
250
|
-
|
|
251
|
-
**⛔ STOP: Await explicit user approval**
|
|
252
|
-
|
|
253
|
-
After presenting the plan:
|
|
254
|
-
|
|
255
|
-
1. **If user wants to modify rulesets:**
|
|
256
|
-
- Add requested rulesets to the appropriate category
|
|
257
|
-
- Remove requested rulesets
|
|
258
|
-
- Re-present the updated plan
|
|
259
|
-
- Return to waiting for approval
|
|
260
|
-
|
|
261
|
-
2. **Use AskUserQuestion** if user hasn't responded:
|
|
262
|
-
```
|
|
263
|
-
"I've prepared the scan plan with 9 rulesets (including Trail of Bits). Proceed with scanning?"
|
|
264
|
-
Options: ["Yes, run scan", "Modify rulesets first"]
|
|
265
|
-
```
|
|
266
|
-
|
|
267
|
-
3. **Valid approval responses:**
|
|
268
|
-
- "yes", "proceed", "approved", "go ahead", "looks good", "run it"
|
|
269
|
-
|
|
270
|
-
4. **Mark task completed** only after approval with final rulesets confirmed
|
|
271
|
-
|
|
272
|
-
5. **Do NOT treat as approval:**
|
|
273
|
-
- User's original request ("scan this codebase")
|
|
274
|
-
- Silence / no response
|
|
275
|
-
- Questions about the plan
|
|
276
|
-
|
|
277
|
-
### Pre-Scan Checklist
|
|
278
|
-
|
|
279
|
-
Before marking Step 3 complete, verify:
|
|
280
|
-
- [ ] Target directory shown to user
|
|
281
|
-
- [ ] Engine type (Pro/OSS) displayed
|
|
282
|
-
- [ ] Languages detected and listed
|
|
283
|
-
- [ ] **All rulesets explicitly listed with checkboxes**
|
|
284
|
-
- [ ] User given opportunity to modify rulesets
|
|
285
|
-
- [ ] User explicitly approved (quote their confirmation)
|
|
286
|
-
- [ ] **Final ruleset list captured for Step 4**
|
|
287
|
-
- [ ] Agent types listed: `static-analysis:semgrep-scanner` and `static-analysis:semgrep-triager`
|
|
288
|
-
|
|
289
|
-
### Step 4: Spawn Parallel Scan Tasks
|
|
290
|
-
|
|
291
|
-
Create output directory with run number to avoid collisions, then spawn Tasks with **approved rulesets from Step 3**:
|
|
292
|
-
|
|
293
|
-
```bash
|
|
294
|
-
# Find next available run number
|
|
295
|
-
LAST=$(ls -d semgrep-results-[0-9][0-9][0-9] 2>/dev/null | sort | tail -1 | grep -o '[0-9]*$' || true)
|
|
296
|
-
NEXT_NUM=$(printf "%03d" $(( ${LAST:-0} + 1 )))
|
|
297
|
-
OUTPUT_DIR="semgrep-results-${NEXT_NUM}"
|
|
298
|
-
mkdir -p "$OUTPUT_DIR"
|
|
299
|
-
echo "Output directory: $OUTPUT_DIR"
|
|
300
|
-
```
|
|
301
|
-
|
|
302
|
-
**Spawn N Tasks in a SINGLE message** (one per language category) using `subagent_type: static-analysis:semgrep-scanner`.
|
|
303
|
-
|
|
304
|
-
Use the scanner task prompt template from [scanner-task-prompt.md]({baseDir}/references/scanner-task-prompt.md).
|
|
305
|
-
|
|
306
|
-
**Example - 3 Language Scan (with approved rulesets):**
|
|
307
|
-
|
|
308
|
-
Spawn these 3 Tasks in a SINGLE message:
|
|
309
|
-
|
|
310
|
-
1. **Task: Python Scanner**
|
|
311
|
-
- Approved rulesets: p/python, p/django, p/security-audit, p/secrets, https://github.com/trailofbits/semgrep-rules
|
|
312
|
-
- Output: semgrep-results-001/python-*.json
|
|
313
|
-
|
|
314
|
-
2. **Task: JavaScript Scanner**
|
|
315
|
-
- Approved rulesets: p/javascript, p/react, p/nodejs, p/security-audit, p/secrets, https://github.com/trailofbits/semgrep-rules
|
|
316
|
-
- Output: semgrep-results-001/js-*.json
|
|
317
|
-
|
|
318
|
-
3. **Task: Docker Scanner**
|
|
319
|
-
- Approved rulesets: p/dockerfile
|
|
320
|
-
- Output: semgrep-results-001/docker-*.json
|
|
321
|
-
|
|
322
|
-
### Step 5: Spawn Parallel Triage Tasks
|
|
323
|
-
|
|
324
|
-
After scan Tasks complete, spawn triage Tasks using `subagent_type: static-analysis:semgrep-triager` (triage requires reading code context, not just running commands).
|
|
325
|
-
|
|
326
|
-
Use the triage task prompt template from [triage-task-prompt.md]({baseDir}/references/triage-task-prompt.md).
|
|
327
|
-
|
|
328
|
-
### Step 6: Collect Results (Main Agent)
|
|
329
|
-
|
|
330
|
-
After all Tasks complete, generate merged SARIF and report:
|
|
331
|
-
|
|
332
|
-
**Generate merged SARIF with only triaged true positives:**
|
|
333
|
-
|
|
334
|
-
```bash
|
|
335
|
-
uv run {baseDir}/scripts/merge_triaged_sarif.py [OUTPUT_DIR]
|
|
336
|
-
```
|
|
337
|
-
|
|
338
|
-
This script:
|
|
339
|
-
1. Attempts to use [SARIF Multitool](https://www.npmjs.com/package/@microsoft/sarif-multitool) for merging (if `npx` is available)
|
|
340
|
-
2. Falls back to pure Python merge if Multitool unavailable
|
|
341
|
-
3. Reads all `*-triage.json` files to extract true positive findings
|
|
342
|
-
4. Filters merged SARIF to include only triaged true positives
|
|
343
|
-
5. Writes output to `[OUTPUT_DIR]/findings-triaged.sarif`
|
|
344
|
-
|
|
345
|
-
**Optional: Install SARIF Multitool for better merge quality:**
|
|
346
|
-
|
|
347
|
-
```bash
|
|
348
|
-
npm install -g @microsoft/sarif-multitool
|
|
349
|
-
```
|
|
350
|
-
|
|
351
|
-
**Report to user:**
|
|
352
|
-
|
|
353
|
-
```
|
|
354
|
-
## Semgrep Scan Complete
|
|
355
|
-
|
|
356
|
-
**Scanned:** 1,804 files
|
|
357
|
-
**Rulesets used:** 9 (including Trail of Bits)
|
|
358
|
-
**Total raw findings:** 156
|
|
359
|
-
**After triage:** 32 true positives
|
|
360
|
-
|
|
361
|
-
### By Severity:
|
|
362
|
-
- ERROR: 5
|
|
363
|
-
- WARNING: 18
|
|
364
|
-
- INFO: 9
|
|
365
|
-
|
|
366
|
-
### By Category:
|
|
367
|
-
- SQL Injection: 3
|
|
368
|
-
- XSS: 7
|
|
369
|
-
- Hardcoded secrets: 2
|
|
370
|
-
- Insecure configuration: 12
|
|
371
|
-
- Code quality: 8
|
|
372
|
-
|
|
373
|
-
Results written to:
|
|
374
|
-
- semgrep-results-001/findings-triaged.sarif (SARIF, true positives only)
|
|
375
|
-
- semgrep-results-001/*-triage.json (triage details per language)
|
|
376
|
-
- semgrep-results-001/*.json (raw scan results)
|
|
377
|
-
- semgrep-results-001/*.sarif (raw SARIF per ruleset)
|
|
378
|
-
```
|
|
379
|
-
|
|
380
|
-
---
|
|
381
|
-
|
|
382
|
-
## Common Mistakes
|
|
383
|
-
|
|
384
|
-
| Mistake | Correct Approach |
|
|
385
|
-
|---------|------------------|
|
|
386
|
-
| Running without `--metrics=off` | Always use `--metrics=off` to prevent telemetry |
|
|
387
|
-
| Running rulesets sequentially | Run in parallel with `&` and `wait` |
|
|
388
|
-
| Not scoping rulesets to languages | Use `--include="*.py"` for language-specific rules |
|
|
389
|
-
| Reporting raw findings without triage | Always triage to remove false positives |
|
|
390
|
-
| Single-threaded for multi-lang | Spawn parallel Tasks per language |
|
|
391
|
-
| Sequential Tasks | Spawn all Tasks in SINGLE message for parallelism |
|
|
392
|
-
| Using OSS when Pro is available | Check login status; use `--pro` for deeper analysis |
|
|
393
|
-
| Assuming Pro is unavailable | Always check with login detection before scanning |
|
|
394
|
-
|
|
395
|
-
## Limitations
|
|
396
|
-
|
|
397
|
-
1. **OSS mode:** Cannot track data flow across files (login with `semgrep login` and run `semgrep install-semgrep-pro` to enable)
|
|
398
|
-
2. **Pro mode:** Cross-file analysis uses `-j 1` (single job) which is slower per ruleset, but parallel rulesets compensate
|
|
399
|
-
3. Triage requires reading code context - parallelized via Tasks
|
|
400
|
-
4. Some false positive patterns require human judgment
|
|
401
|
-
|
|
402
|
-
## Agents
|
|
403
|
-
|
|
404
|
-
This plugin provides two specialized agents for the scan and triage phases:
|
|
405
|
-
|
|
406
|
-
| Agent | Tools | Purpose |
|
|
407
|
-
|-------|-------|---------|
|
|
408
|
-
| `static-analysis:semgrep-scanner` | Bash | Executes parallel semgrep scans for a language category |
|
|
409
|
-
| `static-analysis:semgrep-triager` | Read, Grep, Glob, Write | Classifies findings as true/false positives by reading source context |
|
|
410
|
-
|
|
411
|
-
Use `subagent_type: static-analysis:semgrep-scanner` in Step 4 and `subagent_type: static-analysis:semgrep-triager` in Step 5 when spawning Task subagents.
|
|
412
|
-
|
|
413
|
-
## Rationalizations to Reject
|
|
414
|
-
|
|
415
|
-
| Shortcut | Why It's Wrong |
|
|
416
|
-
|----------|----------------|
|
|
417
|
-
| "User asked for scan, that's approval" | Original request ≠ plan approval; user must confirm specific parameters. Present plan, use AskUserQuestion, await explicit "yes" |
|
|
418
|
-
| "Step 3 task is blocking, just mark complete" | Lying about task status defeats enforcement. Only mark complete after real approval |
|
|
419
|
-
| "I already know what they want" | Assumptions cause scanning wrong directories/rulesets. Present plan with all parameters for verification |
|
|
420
|
-
| "Just use default rulesets" | User must see and approve exact rulesets before scan |
|
|
421
|
-
| "Add extra rulesets without asking" | Modifying approved list without consent breaks trust |
|
|
422
|
-
| "Skip showing ruleset list" | User can't make informed decision without seeing what will run |
|
|
423
|
-
| "Third-party rulesets are optional" | Trail of Bits, 0xdea, Decurity rules catch vulnerabilities not in official registry - they are REQUIRED when language matches |
|
|
424
|
-
| "Skip triage, report everything" | Floods user with noise; true issues get lost |
|
|
425
|
-
| "Run one ruleset at a time" | Wastes time; parallel execution is faster |
|
|
426
|
-
| "Use --config auto" | Sends metrics; less control over rulesets |
|
|
427
|
-
| "Triage later" | Findings without context are harder to evaluate |
|
|
428
|
-
| "One Task at a time" | Defeats parallelism; spawn all Tasks together |
|
|
429
|
-
| "Pro is too slow, skip --pro" | Cross-file analysis catches 250% more true positives; worth the time |
|
|
430
|
-
| "Don't bother checking for Pro" | Missing Pro = missing critical cross-file vulnerabilities |
|
|
431
|
-
| "OSS is good enough" | OSS misses inter-file taint flows; always prefer Pro when available |
|
|
@@ -1,162 +0,0 @@
|
|
|
1
|
-
# Semgrep Rulesets Reference
|
|
2
|
-
|
|
3
|
-
## Complete Ruleset Catalog
|
|
4
|
-
|
|
5
|
-
### Security-Focused Rulesets
|
|
6
|
-
|
|
7
|
-
| Ruleset | Description | Use Case |
|
|
8
|
-
|---------|-------------|----------|
|
|
9
|
-
| `p/security-audit` | Comprehensive vulnerability detection, higher false positives | Manual audits, security reviews |
|
|
10
|
-
| `p/secrets` | Hardcoded credentials, API keys, tokens | Always include |
|
|
11
|
-
| `p/owasp-top-ten` | OWASP Top 10 web application vulnerabilities | Web app security |
|
|
12
|
-
| `p/cwe-top-25` | CWE Top 25 most dangerous software weaknesses | General security |
|
|
13
|
-
| `p/sql-injection` | SQL injection patterns and tainted data flows | Database security |
|
|
14
|
-
| `p/insecure-transport` | Ensures code uses encrypted channels | Network security |
|
|
15
|
-
| `p/gitleaks` | Hard-coded credentials detection (gitleaks port) | Secrets scanning |
|
|
16
|
-
| `p/findsecbugs` | FindSecBugs rule pack for Java | Java security |
|
|
17
|
-
| `p/phpcs-security-audit` | PHP security audit rules | PHP security |
|
|
18
|
-
|
|
19
|
-
### CI/CD Rulesets
|
|
20
|
-
|
|
21
|
-
| Ruleset | Description | Use Case |
|
|
22
|
-
|---------|-------------|----------|
|
|
23
|
-
| `p/default` | Default ruleset, balanced coverage | First-time users |
|
|
24
|
-
| `p/ci` | High-confidence security + logic bugs, low FP | CI pipelines |
|
|
25
|
-
| `p/r2c-ci` | Low false positives, CI-safe | CI/CD blocking |
|
|
26
|
-
| `p/r2c` | Community favorite, curated by Semgrep (618k+ downloads) | General scanning |
|
|
27
|
-
| `p/auto` | Auto-selects rules based on detected languages/frameworks | Quick scans |
|
|
28
|
-
| `p/comment` | Comment-related rules | Code review |
|
|
29
|
-
|
|
30
|
-
### Third-Party Rulesets
|
|
31
|
-
|
|
32
|
-
| Ruleset | Description | Maintainer |
|
|
33
|
-
|---------|-------------|------------|
|
|
34
|
-
| `p/gitlab` | GitLab-maintained security rules | GitLab |
|
|
35
|
-
|
|
36
|
-
---
|
|
37
|
-
|
|
38
|
-
## Ruleset Selection Algorithm
|
|
39
|
-
|
|
40
|
-
Follow this algorithm to select rulesets based on detected languages and frameworks.
|
|
41
|
-
|
|
42
|
-
### Step 1: Always Include Security Baseline
|
|
43
|
-
|
|
44
|
-
```json
|
|
45
|
-
{
|
|
46
|
-
"baseline": ["p/security-audit", "p/secrets"]
|
|
47
|
-
}
|
|
48
|
-
```
|
|
49
|
-
|
|
50
|
-
- `p/security-audit` - Comprehensive vulnerability detection (always include)
|
|
51
|
-
- `p/secrets` - Hardcoded credentials, API keys, tokens (always include)
|
|
52
|
-
|
|
53
|
-
### Step 2: Add Language-Specific Rulesets
|
|
54
|
-
|
|
55
|
-
For each detected language, add the primary ruleset. If a framework is detected, add its ruleset too.
|
|
56
|
-
|
|
57
|
-
**GA Languages (production-ready):**
|
|
58
|
-
|
|
59
|
-
| Detection | Primary Ruleset | Framework Rulesets | Pro Rule Count |
|
|
60
|
-
|-----------|-----------------|-------------------|----------------|
|
|
61
|
-
| `.py` | `p/python` | `p/django`, `p/flask`, `p/fastapi` | 710+ |
|
|
62
|
-
| `.js`, `.jsx` | `p/javascript` | `p/react`, `p/nodejs`, `p/express`, `p/nextjs`, `p/angular` | 250+ (JS), 70+ (JSX) |
|
|
63
|
-
| `.ts`, `.tsx` | `p/typescript` | `p/react`, `p/nodejs`, `p/express`, `p/nextjs`, `p/angular` | 230+ |
|
|
64
|
-
| `.go` | `p/golang` | `p/go` (alias) | 80+ |
|
|
65
|
-
| `.java` | `p/java` | `p/spring`, `p/findsecbugs` | 190+ |
|
|
66
|
-
| `.kt` | `p/kotlin` | `p/spring` | 60+ |
|
|
67
|
-
| `.rb` | `p/ruby` | `p/rails` | 40+ |
|
|
68
|
-
| `.php` | `p/php` | `p/symfony`, `p/laravel`, `p/phpcs-security-audit` | 50+ |
|
|
69
|
-
| `.c`, `.cpp`, `.h` | `p/c` | - | 150+ |
|
|
70
|
-
| `.rs` | `p/rust` | - | 40+ |
|
|
71
|
-
| `.cs` | `p/csharp` | - | 170+ |
|
|
72
|
-
| `.scala` | `p/scala` | - | Community |
|
|
73
|
-
| `.swift` | `p/swift` | - | 60+ |
|
|
74
|
-
|
|
75
|
-
**Beta Languages (Pro recommended):**
|
|
76
|
-
|
|
77
|
-
| Detection | Primary Ruleset | Notes |
|
|
78
|
-
|-----------|-----------------|-------|
|
|
79
|
-
| `.ex`, `.exs` | `p/elixir` | Requires Pro for best coverage |
|
|
80
|
-
| `.cls`, `.trigger` | `p/apex` | Salesforce; requires Pro |
|
|
81
|
-
|
|
82
|
-
**Experimental Languages:**
|
|
83
|
-
|
|
84
|
-
| Detection | Primary Ruleset | Notes |
|
|
85
|
-
|-----------|-----------------|-------|
|
|
86
|
-
| `.sol` | No official ruleset | Use Decurity third-party rules |
|
|
87
|
-
| `Dockerfile` | `p/dockerfile` | Limited rules |
|
|
88
|
-
| `.yaml`, `.yml` | `p/yaml` | K8s, GitHub Actions, docker-compose patterns |
|
|
89
|
-
| `.json` | `r/json.aws` | AWS IAM policies; use `r/json.*` for specific rules |
|
|
90
|
-
| Bash scripts | - | Community support |
|
|
91
|
-
| Cairo, Circom | - | Experimental, smart contracts |
|
|
92
|
-
|
|
93
|
-
**Framework detection hints:**
|
|
94
|
-
|
|
95
|
-
| Framework | Detection Signals | Ruleset |
|
|
96
|
-
|-----------|------------------|---------|
|
|
97
|
-
| Django | `settings.py`, `urls.py`, `django` in requirements | `p/django` |
|
|
98
|
-
| Flask | `flask` in requirements, `@app.route` | `p/flask` |
|
|
99
|
-
| FastAPI | `fastapi` in requirements, `@app.get/post` | `p/fastapi` |
|
|
100
|
-
| React | `package.json` with react dependency, `.jsx`/`.tsx` files | `p/react` |
|
|
101
|
-
| Next.js | `next.config.js`, `pages/` or `app/` directory | `p/nextjs` |
|
|
102
|
-
| Angular | `angular.json`, `@angular/` dependencies | `p/angular` |
|
|
103
|
-
| Express | `express` in package.json, `app.use()` patterns | `p/express` |
|
|
104
|
-
| NestJS | `@nestjs/` dependencies, `@Controller` decorators | `p/nodejs` |
|
|
105
|
-
| Spring | `pom.xml` with spring, `@SpringBootApplication` | `p/spring` |
|
|
106
|
-
| Rails | `Gemfile` with rails, `config/routes.rb` | `p/rails` |
|
|
107
|
-
| Laravel | `composer.json` with laravel, `artisan` | `p/laravel` |
|
|
108
|
-
| Symfony | `composer.json` with symfony, `config/packages/` | `p/symfony` |
|
|
109
|
-
|
|
110
|
-
### Step 3: Add Infrastructure Rulesets
|
|
111
|
-
|
|
112
|
-
| Detection | Ruleset | Description |
|
|
113
|
-
|-----------|---------|-------------|
|
|
114
|
-
| `Dockerfile` | `p/dockerfile` | Container security, best practices |
|
|
115
|
-
| `.tf`, `.hcl` | `p/terraform` | IaC misconfigurations, CIS benchmarks, AWS/Azure/GCP |
|
|
116
|
-
| k8s manifests | `p/kubernetes` | K8s security, RBAC issues |
|
|
117
|
-
| CloudFormation | `p/cloudformation` | AWS infrastructure security |
|
|
118
|
-
| GitHub Actions | `p/github-actions` | CI/CD security, secrets exposure |
|
|
119
|
-
| `.yaml`, `.yml` | `p/yaml` | Generic YAML patterns (K8s, docker-compose) |
|
|
120
|
-
| AWS IAM JSON | `r/json.aws` | IAM policy misconfigurations (use `--config r/json.aws`) |
|
|
121
|
-
|
|
122
|
-
### Step 4: Add Third-Party Rulesets
|
|
123
|
-
|
|
124
|
-
These are **NOT optional**. Include automatically when language matches:
|
|
125
|
-
|
|
126
|
-
| Languages | Source | Why Required |
|
|
127
|
-
|-----------|--------|--------------|
|
|
128
|
-
| Python, Go, Ruby, JS/TS, Terraform, HCL | [Trail of Bits](https://github.com/trailofbits/semgrep-rules) | Security audit patterns from real engagements (AGPLv3) |
|
|
129
|
-
| C, C++ | [0xdea](https://github.com/0xdea/semgrep-rules) | Memory safety, low-level vulnerabilities |
|
|
130
|
-
| Solidity, Cairo, Rust | [Decurity](https://github.com/Decurity/semgrep-smart-contracts) | Smart contract vulnerabilities, DeFi exploits |
|
|
131
|
-
| Go | [dgryski](https://github.com/dgryski/semgrep-go) | Additional Go-specific patterns |
|
|
132
|
-
| Android (Java/Kotlin) | [MindedSecurity](https://github.com/mindedsecurity/semgrep-rules-android-security) | OWASP MASTG-derived mobile security rules |
|
|
133
|
-
| Java, Go, JS/TS, C#, Python, PHP | [elttam](https://github.com/elttam/semgrep-rules) | Security consulting patterns |
|
|
134
|
-
| Dockerfile, PHP, Go, Java | [kondukto](https://github.com/kondukto-io/semgrep-rules) | Container and web app security |
|
|
135
|
-
| PHP, Kotlin, Java | [dotta](https://github.com/federicodotta/semgrep-rules) | Pentest-derived web/mobile app rules |
|
|
136
|
-
| Terraform, HCL | [HashiCorp](https://github.com/hashicorp-forge/semgrep-rules) | HashiCorp infrastructure patterns |
|
|
137
|
-
| Swift, Java, Cobol | [akabe1](https://github.com/akabe1/akabe1-semgrep-rules) | iOS and legacy system patterns |
|
|
138
|
-
| Java | [Atlassian Labs](https://github.com/atlassian-labs/atlassian-sast-ruleset) | Atlassian-maintained Java rules |
|
|
139
|
-
| Python, JS/TS, Java, Ruby, Go, PHP | [Apiiro](https://github.com/apiiro/malicious-code-ruleset) | Malicious code detection, supply chain |
|
|
140
|
-
|
|
141
|
-
### Step 5: Verify Rulesets
|
|
142
|
-
|
|
143
|
-
Before finalizing, verify official rulesets load:
|
|
144
|
-
|
|
145
|
-
```bash
|
|
146
|
-
# Quick validation (exits 0 if valid)
|
|
147
|
-
semgrep --config p/python --validate --metrics=off 2>&1 | head -3
|
|
148
|
-
```
|
|
149
|
-
|
|
150
|
-
Or browse the [Semgrep Registry](https://semgrep.dev/explore).
|
|
151
|
-
|
|
152
|
-
### Output Format
|
|
153
|
-
|
|
154
|
-
```json
|
|
155
|
-
{
|
|
156
|
-
"baseline": ["p/security-audit", "p/secrets"],
|
|
157
|
-
"python": ["p/python", "p/django"],
|
|
158
|
-
"javascript": ["p/javascript", "p/react", "p/nodejs"],
|
|
159
|
-
"docker": ["p/dockerfile"],
|
|
160
|
-
"third_party": ["https://github.com/trailofbits/semgrep-rules"]
|
|
161
|
-
}
|
|
162
|
-
```
|
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
# Scanner Subagent Task Prompt
|
|
2
|
-
|
|
3
|
-
Use this prompt template when spawning scanner Tasks in Step 4. Use `subagent_type: static-analysis:semgrep-scanner`.
|
|
4
|
-
|
|
5
|
-
## Template
|
|
6
|
-
|
|
7
|
-
```
|
|
8
|
-
You are a Semgrep scanner for [LANGUAGE_CATEGORY].
|
|
9
|
-
|
|
10
|
-
## Task
|
|
11
|
-
Run Semgrep scans for [LANGUAGE] files and save results to [OUTPUT_DIR].
|
|
12
|
-
|
|
13
|
-
## Pro Engine Status: [PRO_AVAILABLE: true/false]
|
|
14
|
-
|
|
15
|
-
## APPROVED RULESETS (from user-confirmed plan)
|
|
16
|
-
[LIST EXACT RULESETS USER APPROVED - DO NOT SUBSTITUTE]
|
|
17
|
-
|
|
18
|
-
Example:
|
|
19
|
-
- p/python
|
|
20
|
-
- p/django
|
|
21
|
-
- p/security-audit
|
|
22
|
-
- p/secrets
|
|
23
|
-
- https://github.com/trailofbits/semgrep-rules
|
|
24
|
-
|
|
25
|
-
## Commands to Run (in parallel)
|
|
26
|
-
|
|
27
|
-
### Generate commands for EACH approved ruleset:
|
|
28
|
-
```bash
|
|
29
|
-
semgrep [--pro if available] --metrics=off --config [RULESET] --json -o [OUTPUT_DIR]/[lang]-[ruleset].json --sarif-output=[OUTPUT_DIR]/[lang]-[ruleset].sarif [TARGET] &
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
Wait for all to complete:
|
|
33
|
-
```bash
|
|
34
|
-
wait
|
|
35
|
-
```
|
|
36
|
-
|
|
37
|
-
## Critical Rules
|
|
38
|
-
- Use ONLY the rulesets listed above - do not add or remove any
|
|
39
|
-
- Always use --metrics=off (prevents sending telemetry to Semgrep servers)
|
|
40
|
-
- Use --pro when Pro is available (enables cross-file taint tracking)
|
|
41
|
-
- Run all rulesets in parallel with & and wait
|
|
42
|
-
- For GitHub URLs, clone the repo first if not cached locally
|
|
43
|
-
|
|
44
|
-
## Output
|
|
45
|
-
Report:
|
|
46
|
-
- Number of findings per ruleset
|
|
47
|
-
- Any scan errors
|
|
48
|
-
- File paths of JSON results
|
|
49
|
-
- [If Pro] Note any cross-file findings detected
|
|
50
|
-
```
|
|
51
|
-
|
|
52
|
-
## Variable Substitutions
|
|
53
|
-
|
|
54
|
-
| Variable | Description | Example |
|
|
55
|
-
|----------|-------------|---------|
|
|
56
|
-
| `[LANGUAGE_CATEGORY]` | Language group being scanned | Python, JavaScript, Docker |
|
|
57
|
-
| `[LANGUAGE]` | Specific language | Python, TypeScript, Go |
|
|
58
|
-
| `[OUTPUT_DIR]` | Results directory with run number | semgrep-results-001 |
|
|
59
|
-
| `[PRO_AVAILABLE]` | Whether Pro engine is available | true, false |
|
|
60
|
-
| `[RULESET]` | Semgrep ruleset identifier | p/python, https://github.com/... |
|
|
61
|
-
| `[TARGET]` | Directory to scan | . (current dir) |
|
|
62
|
-
|
|
63
|
-
## Example: Python Scanner Task
|
|
64
|
-
|
|
65
|
-
```
|
|
66
|
-
You are a Semgrep scanner for Python.
|
|
67
|
-
|
|
68
|
-
## Task
|
|
69
|
-
Run Semgrep scans for Python files and save results to semgrep-results-001.
|
|
70
|
-
|
|
71
|
-
## Pro Engine Status: true
|
|
72
|
-
|
|
73
|
-
## APPROVED RULESETS (from user-confirmed plan)
|
|
74
|
-
- p/python
|
|
75
|
-
- p/django
|
|
76
|
-
- p/security-audit
|
|
77
|
-
- p/secrets
|
|
78
|
-
- https://github.com/trailofbits/semgrep-rules
|
|
79
|
-
|
|
80
|
-
## Commands to Run (in parallel)
|
|
81
|
-
```bash
|
|
82
|
-
semgrep --pro --metrics=off --config p/python --json -o semgrep-results-001/python-python.json --sarif-output=semgrep-results-001/python-python.sarif . &
|
|
83
|
-
semgrep --pro --metrics=off --config p/django --json -o semgrep-results-001/python-django.json --sarif-output=semgrep-results-001/python-django.sarif . &
|
|
84
|
-
semgrep --pro --metrics=off --config p/security-audit --json -o semgrep-results-001/python-security-audit.json --sarif-output=semgrep-results-001/python-security-audit.sarif . &
|
|
85
|
-
semgrep --pro --metrics=off --config p/secrets --json -o semgrep-results-001/python-secrets.json --sarif-output=semgrep-results-001/python-secrets.sarif . &
|
|
86
|
-
semgrep --pro --metrics=off --config https://github.com/trailofbits/semgrep-rules --json -o semgrep-results-001/python-trailofbits.json --sarif-output=semgrep-results-001/python-trailofbits.sarif . &
|
|
87
|
-
wait
|
|
88
|
-
```
|
|
89
|
-
|
|
90
|
-
## Critical Rules
|
|
91
|
-
- Use ONLY the rulesets listed above - do not add or remove any
|
|
92
|
-
- Always use --metrics=off
|
|
93
|
-
- Use --pro when Pro is available
|
|
94
|
-
- Run all rulesets in parallel with & and wait
|
|
95
|
-
|
|
96
|
-
## Output
|
|
97
|
-
Report:
|
|
98
|
-
- Number of findings per ruleset
|
|
99
|
-
- Any scan errors
|
|
100
|
-
- File paths of JSON results
|
|
101
|
-
- Note any cross-file findings detected
|
|
102
|
-
```
|