create-vasvibe 2.4.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +170 -167
- package/bin/cli.mjs +9 -9
- package/package.json +45 -45
- package/src/git.mjs +47 -47
- package/src/index.mjs +228 -228
- package/src/prompts.mjs +113 -113
- package/src/scaffold.mjs +74 -74
- package/src/upgrade.mjs +121 -121
- package/src/utils.mjs +91 -91
- package/template/.agents/agents/analyst/agent.json +43 -43
- package/template/.agents/agents/backend/agent.json +44 -44
- package/template/.agents/agents/data-architect/agent.json +43 -43
- package/template/.agents/agents/devops/agent.json +44 -44
- package/template/.agents/agents/discovery/agent.json +43 -43
- package/template/.agents/agents/document/agent.json +43 -43
- package/template/.agents/agents/fixer/agent.json +44 -44
- package/template/.agents/agents/frontend/agent.json +44 -44
- package/template/.agents/agents/fullstack/agent.json +44 -44
- package/template/.agents/agents/initiator/agent.json +41 -41
- package/template/.agents/agents/{explorer → manual-tester}/agent.json +4 -3
- package/template/.agents/agents/orchestrator/agent.json +44 -44
- package/template/.agents/agents/pm/agent.json +42 -42
- package/template/.agents/agents/qa/agent.json +44 -44
- package/template/.agents/agents/reliability/agent.json +44 -44
- package/template/.agents/agents/security/agent.json +44 -44
- package/template/.agents/agents/sysarch/agent.json +44 -44
- package/template/.agents/agents/tester/agent.json +44 -44
- package/template/.agents/agents/toolsmith/agent.json +44 -44
- package/template/.agents/agents/ux-designer/agent.json +43 -43
- package/template/.agents/skills/find-skills/SKILL.md +142 -142
- package/template/.agents/skills/fullstack/SKILL.md +89 -89
- package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
- package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.agents/skills/pm/SKILL.md +170 -170
- package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.agents/workflows/build-feature.md +21 -21
- package/template/.agents/workflows/daily-standup.md +16 -16
- package/template/.agents/workflows/deliver-feature.md +16 -16
- package/template/.agents/workflows/harden-release.md +21 -21
- package/template/.agents/workflows/plan-project.md +25 -25
- package/template/.agents/workflows/release.md +18 -18
- package/template/.agents/workflows/security-audit.md +19 -19
- package/template/.agents/workflows/setup-workspace.md +21 -21
- package/template/.agents/workflows/start-fix.md +17 -18
- package/template/.agents/workflows/test-feature.md +17 -17
- package/template/.claude/agents/analyst.md +75 -104
- package/template/.claude/agents/backend.md +61 -61
- package/template/.claude/agents/data-architect.md +43 -43
- package/template/.claude/agents/devops.md +44 -43
- package/template/.claude/agents/discovery.md +51 -51
- package/template/.claude/agents/document.md +51 -51
- package/template/.claude/agents/fixer.md +83 -81
- package/template/.claude/agents/frontend.md +58 -60
- package/template/.claude/agents/fullstack.md +84 -85
- package/template/.claude/agents/initiator.md +74 -74
- package/template/.claude/agents/manual-tester.md +108 -0
- package/template/.claude/agents/orchestrator.md +115 -133
- package/template/.claude/agents/pm.md +199 -199
- package/template/.claude/agents/qa.md +66 -65
- package/template/.claude/agents/reliability.md +48 -47
- package/template/.claude/agents/security.md +107 -106
- package/template/.claude/agents/sysarch.md +301 -301
- package/template/.claude/agents/tester.md +100 -100
- package/template/.claude/agents/toolsmith.md +77 -76
- package/template/.claude/agents/ux-designer.md +45 -45
- package/template/.claude/commands/build-feature.md +22 -22
- package/template/.claude/commands/daily-standup.md +16 -16
- package/template/.claude/commands/deliver-feature.md +17 -17
- package/template/.claude/commands/harden-release.md +22 -22
- package/template/.claude/commands/manual-test.md +19 -0
- package/template/.claude/commands/plan-project.md +26 -26
- package/template/.claude/commands/release.md +19 -19
- package/template/.claude/commands/security-audit.md +20 -20
- package/template/.claude/commands/setup-workspace.md +22 -22
- package/template/.claude/commands/start-fix.md +18 -19
- package/template/.claude/commands/test-feature.md +18 -18
- package/template/.claude/skills/find-skills +1 -0
- package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
- package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.github/prompts/analyst.prompt.md +58 -104
- package/template/.github/prompts/backend.prompt.md +44 -44
- package/template/.github/prompts/data-architect.prompt.md +38 -38
- package/template/.github/prompts/devops.prompt.md +32 -32
- package/template/.github/prompts/discovery.prompt.md +39 -39
- package/template/.github/prompts/document.prompt.md +14 -14
- package/template/.github/prompts/fixer.prompt.md +91 -81
- package/template/.github/prompts/frontend.prompt.md +43 -60
- package/template/.github/prompts/fullstack.prompt.md +92 -86
- package/template/.github/prompts/initiator.prompt.md +55 -55
- package/template/.github/prompts/manual-tester.prompt.md +103 -0
- package/template/.github/prompts/orchestrator.prompt.md +75 -133
- package/template/.github/prompts/pm.prompt.md +186 -186
- package/template/.github/prompts/qa.prompt.md +57 -57
- package/template/.github/prompts/reliability.prompt.md +44 -44
- package/template/.github/prompts/security.prompt.md +41 -41
- package/template/.github/prompts/sysarch.prompt.md +351 -351
- package/template/.github/prompts/tester.prompt.md +107 -107
- package/template/.github/prompts/toolsmith.prompt.md +46 -46
- package/template/.github/prompts/ux-designer.prompt.md +41 -41
- package/template/.opencode/agents/analyst.md +75 -104
- package/template/.opencode/agents/backend.md +61 -61
- package/template/.opencode/agents/data-architect.md +43 -43
- package/template/.opencode/agents/devops.md +44 -44
- package/template/.opencode/agents/discovery.md +51 -51
- package/template/.opencode/agents/document.md +51 -51
- package/template/.opencode/agents/fixer.md +83 -81
- package/template/.opencode/agents/frontend.md +59 -61
- package/template/.opencode/agents/fullstack.md +84 -85
- package/template/.opencode/agents/initiator.md +74 -74
- package/template/.opencode/agents/manual-tester.md +107 -0
- package/template/.opencode/agents/orchestrator.md +116 -131
- package/template/.opencode/agents/pm.md +199 -199
- package/template/.opencode/agents/qa.md +66 -65
- package/template/.opencode/agents/reliability.md +48 -48
- package/template/.opencode/agents/security.md +107 -107
- package/template/.opencode/agents/sysarch.md +301 -301
- package/template/.opencode/agents/tester.md +100 -100
- package/template/.opencode/agents/toolsmith.md +77 -77
- package/template/.opencode/agents/ux-designer.md +45 -45
- package/template/.opencode/commands/build-feature.md +21 -21
- package/template/.opencode/commands/daily-standup.md +16 -16
- package/template/.opencode/commands/deliver-feature.md +16 -16
- package/template/.opencode/commands/harden-release.md +21 -21
- package/template/.opencode/commands/manual-test.md +18 -0
- package/template/.opencode/commands/plan-project.md +25 -25
- package/template/.opencode/commands/release.md +18 -18
- package/template/.opencode/commands/security-audit.md +19 -19
- package/template/.opencode/commands/setup-workspace.md +21 -21
- package/template/.opencode/commands/start-fix.md +17 -18
- package/template/.opencode/commands/test-feature.md +17 -17
- package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
- package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/AGENT_PERSONAS.md +595 -551
- package/template/GIT_STRUCTURE_GUIDE.md +270 -270
- package/template/PROJECT_README.example.md +81 -81
- package/template/QUICK-START.md +134 -131
- package/template/README.md +1942 -1919
- package/template/_gitignore +141 -138
- package/template/agent/workflows/_shared/change-management.md +70 -70
- package/template/agent/workflows/_shared/git-branch-management.md +25 -25
- package/template/agent/workflows/_shared/phases.md +88 -88
- package/template/agent/workflows/_shared/state-management.md +87 -87
- package/template/agent/workflows/_shared/work-depth.md +46 -46
- package/template/agent/workflows/analyst.md +75 -104
- package/template/agent/workflows/backend.md +61 -61
- package/template/agent/workflows/data-architect.md +43 -43
- package/template/agent/workflows/devops.md +44 -44
- package/template/agent/workflows/discovery.md +51 -51
- package/template/agent/workflows/document.md +51 -51
- package/template/agent/workflows/fixer.md +83 -81
- package/template/agent/workflows/frontend.md +58 -60
- package/template/agent/workflows/fullstack.md +84 -86
- package/template/agent/workflows/initiator.md +74 -74
- package/template/agent/workflows/manual-tester.md +103 -0
- package/template/agent/workflows/orchestrator.md +114 -133
- package/template/agent/workflows/pm.md +199 -199
- package/template/agent/workflows/qa.md +66 -66
- package/template/agent/workflows/reliability.md +48 -48
- package/template/agent/workflows/security.md +107 -107
- package/template/agent/workflows/sysarch.md +301 -301
- package/template/agent/workflows/tester.md +100 -100
- package/template/agent/workflows/toolsmith.md +77 -77
- package/template/agent/workflows/ux-designer.md +45 -45
- package/template/codes/.gitkeep +1 -1
- package/template/project_overview_example.md +54 -54
- package/template/schemas/adr.template.md +36 -36
- package/template/schemas/changelog.template.md +34 -34
- package/template/schemas/data-model.template.md +57 -57
- package/template/schemas/design-system.template.md +63 -63
- package/template/schemas/dev_log.template.md +20 -20
- package/template/schemas/product-ci.template.yml +50 -50
- package/template/schemas/requirements.template.md +64 -64
- package/template/schemas/security-standards.template.md +58 -58
- package/template/schemas/security_report.template.md +89 -89
- package/template/schemas/specification.template.md +57 -71
- package/template/schemas/style_guide.template.md +29 -29
- package/template/schemas/task_list.template.md +28 -28
- package/template/schemas/workspace-manifest.template.json +24 -24
- package/template/schemas/workspace-registry.json +94 -95
- package/template/skills-lock.json +11 -11
- package/template/specifications/.gitkeep +1 -3
- package/template/state/knowledge_base/.gitkeep +1 -1
- package/template/state/knowledge_base/requirements/.gitkeep +1 -1
- package/template/tests/.gitkeep +1 -1
- package/template/.agents/agents/logger/agent.json +0 -43
- package/template/.agents/workflows/build-prototype.md +0 -32
- package/template/.agents/workflows/explorer.md +0 -78
- package/template/.agents/workflows/logger.md +0 -117
- package/template/.agents/workflows/plan-feature.md +0 -30
- package/template/.claude/agents/explorer.md +0 -138
- package/template/.claude/agents/logger.md +0 -143
- package/template/.claude/commands/build-prototype.md +0 -33
- package/template/.claude/commands/plan-feature.md +0 -31
- package/template/.claude/settings.local.json +0 -44
- package/template/.claude/skills/find-skills/SKILL.md +0 -142
- package/template/.github/prompts/explorer.prompt.md +0 -133
- package/template/.github/prompts/logger.prompt.md +0 -138
- package/template/.opencode/agents/explorer.md +0 -137
- package/template/.opencode/agents/logger.md +0 -142
- package/template/.opencode/commands/build-prototype.md +0 -32
- package/template/.opencode/commands/plan-feature.md +0 -30
- package/template/agent/workflows/explorer.md +0 -133
- package/template/agent/workflows/logger.md +0 -138
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Manual/headful UAT testing dengan Playwright — scenario matrix, screenshot evidence, dan defect triage (Major/Minor). Opsional, berdampingan dengan /test-feature.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Manual/Headful UAT Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
1. **Manual Tester** → generate scenario matrix (Normal + Abnormal case) per fitur/fungsi, lalu eksekusi headful Playwright dengan screenshot tiap skenario, update Pass/Fail + Severity (Major/Minor) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
|
|
9
|
+
2. Jika ada temuan **Major** → rekomendasikan **Fixer** untuk memperbaiki, lalu jalankan ulang `/manual-test` untuk retest (iterasi bertambah otomatis, histori iterasi sebelumnya tetap tersimpan).
|
|
10
|
+
3. **GATE — UAT hijau:** semua skenario Pass, atau temuan Minor yang tersisa sudah didokumentasikan dan diterima human.
|
|
11
|
+
|
|
12
|
+
**Catatan integrasi (PENTING):**
|
|
13
|
+
- Command ini **independen/opsional** dari `/test-feature` (scripted E2E oleh Tester Agent) — bisa dijalankan berdampingan kapan saja, **tidak mengubah** gate Fase 3 atau alur `/deliver-feature` yang sudah ada.
|
|
14
|
+
- Manual Tester **tidak pernah mengubah** `Current Status` di `task/task_list.md` — hanya menambah baris di `Status Logs:`. Ini menjaga state machine Tester/Fixer tetap konsisten walau `/manual-test` dipanggil terpisah.
|
|
15
|
+
- Definisi lengkap agent: `agent/workflows/manual-tester.md`.
|
|
16
|
+
- Screenshot tersimpan di `tests/screenshots/[TASK-ID]/iteration-[N]/`, laporan (scenario matrix + summary) di `task/[TASK-ID]_[nama-task]/manual_test_report.md`.
|
|
17
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
+
- Jika muncul perubahan scope di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Langkah:
|
|
8
|
-
0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
|
|
9
|
-
1. **GATE:** Human sign-off `requirements.md`
|
|
10
|
-
2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
|
|
11
|
-
3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
|
|
12
|
-
4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
|
|
13
|
-
5. **Data Architect** → `state/knowledge_base/data-model/`
|
|
14
|
-
6. **UX Designer** → `state/knowledge_base/design-system/`
|
|
15
|
-
7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
|
|
16
|
-
8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
|
|
17
|
-
9. **DevOps** → environment setup (jika dibutuhkan)
|
|
18
|
-
10. **GATE — Blueprint disetujui:** API Contract wajib final.
|
|
19
|
-
|
|
20
|
-
**Aturan orkestrasi (WAJIB):**
|
|
21
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
22
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
23
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
24
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
25
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Jalankan Fase 1 (Perencanaan) — hasilkan semua blueprint/acuan dengan human gate.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Fase 1 — Perencanaan** untuk: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
0. **Discovery (INTERAKTIF — JANGAN delegasikan ke subagent)** → kamu sendiri di thread utama wawancara human (tanya-jawab bertahap), hasilkan `state/knowledge_base/requirements/requirements.md`. Ikuti metodologi di `agent/workflows/discovery.md`.
|
|
9
|
+
1. **GATE:** Human sign-off `requirements.md`
|
|
10
|
+
2. **Initiator** (delegasi) → `project_overview.md` (sintesis dari requirements, termasuk `WORK_DEPTH`)
|
|
11
|
+
3. **CHECKPOINT:** Human review tech stack, UI vibe, work depth
|
|
12
|
+
4. **SysArch** → `state/knowledge_base/architecture/` (jika ada infra requirement)
|
|
13
|
+
5. **Data Architect** → `state/knowledge_base/data-model/`
|
|
14
|
+
6. **UX Designer** → `state/knowledge_base/design-system/`
|
|
15
|
+
7. **Security (Mode S)** → `state/knowledge_base/security/security-standards.md`
|
|
16
|
+
8. **Analyst** → `specifications/000_spec_environment_setup.md` + backlog user story (termasuk **API Contract**)
|
|
17
|
+
9. **DevOps** → environment setup (jika dibutuhkan)
|
|
18
|
+
10. **GATE — Blueprint disetujui:** API Contract wajib final.
|
|
19
|
+
|
|
20
|
+
**Aturan orkestrasi (WAJIB):**
|
|
21
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
22
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
23
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
24
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
25
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
1. **PM** → summarize semua task `done` sejak release terakhir
|
|
8
|
-
2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
|
|
9
|
-
3. **Document** → update `CHANGELOG.md`
|
|
10
|
-
4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
|
|
11
|
-
5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
|
|
12
|
-
|
|
13
|
-
**Aturan orkestrasi (WAJIB):**
|
|
14
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
16
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Rangkaian akhir ke produksi: hardening → changelog → version tag.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan rangkaian rilis untuk versi: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. **PM** → summarize semua task `done` sejak release terakhir
|
|
8
|
+
2. Jalankan **/harden-release "$ARGUMENTS"** (Fase 4) — berhenti di gate-nya
|
|
9
|
+
3. **Document** → update `CHANGELOG.md`
|
|
10
|
+
4. **DevOps** → bump version, buat git tag `v$ARGUMENTS`
|
|
11
|
+
5. **CHECKPOINT:** Human review CHANGELOG & approve release tag.
|
|
12
|
+
|
|
13
|
+
**Aturan orkestrasi (WAJIB):**
|
|
14
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
15
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
16
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
17
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
18
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,19 +1,19 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Audit keamanan ad-hoc di luar siklus release.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan security audit untuk scope: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
1. **Security (Mode A)** → Threat Modeling
|
|
8
|
-
2. **Security (Mode B)** → Vulnerability Scan
|
|
9
|
-
3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
|
|
10
|
-
4. **Security (Mode C)** → fix CRITICAL & HIGH
|
|
11
|
-
5. **Tester** → regression test
|
|
12
|
-
6. **CHECKPOINT:** Human sign-off.
|
|
13
|
-
|
|
14
|
-
**Aturan orkestrasi (WAJIB):**
|
|
15
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
16
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
17
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
18
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
19
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Audit keamanan ad-hoc di luar siklus release.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan security audit untuk scope: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. **Security (Mode A)** → Threat Modeling
|
|
8
|
+
2. **Security (Mode B)** → Vulnerability Scan
|
|
9
|
+
3. **CHECKPOINT:** Human review findings (approve fix plan / accepted risk)
|
|
10
|
+
4. **Security (Mode C)** → fix CRITICAL & HIGH
|
|
11
|
+
5. **Tester** → regression test
|
|
12
|
+
6. **CHECKPOINT:** Human sign-off.
|
|
13
|
+
|
|
14
|
+
**Aturan orkestrasi (WAJIB):**
|
|
15
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
16
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
17
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
18
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
19
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
|
|
8
|
-
|
|
9
|
-
Langkah:
|
|
10
|
-
1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
|
|
11
|
-
2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
|
|
12
|
-
3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
|
|
13
|
-
4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
|
|
14
|
-
5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
|
|
15
|
-
6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
|
|
16
|
-
|
|
17
|
-
**Aturan:**
|
|
18
|
-
- Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
|
|
19
|
-
- **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
|
|
20
|
-
- Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
|
|
21
|
-
- Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
|
|
1
|
+
---
|
|
2
|
+
description: Setup/optimasi workspace agentik — install skills & konfigurasi MCP untuk tool AI yang dipakai. Re-callable saat pindah tool.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Toolsmith** (Agentic Workspace Provisioner) untuk: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Tujuan: menyiapkan perkakas si AI agent (skills + MCP) agar bekerja optimal — **bukan** infra produk (itu DevOps).
|
|
8
|
+
|
|
9
|
+
Langkah:
|
|
10
|
+
1. **Deteksi mode** dari argumen (`init` default jika `state/workspace-manifest.json` belum ada; `switch` saat pindah tool; `sync` untuk perbaiki drift).
|
|
11
|
+
2. **Deteksi tool aktif** dari penanda (`.claude/`, `.opencode/`, `.agents/`, `.github/prompts/`/`.vscode/`). Ambigu → tanya human.
|
|
12
|
+
3. **Mode `init`:** tentukan kebutuhan (hybrid: `schemas/workspace-registry.json` `stackMappings` dari tech stack di `project_overview.md`/`requirements.md` + baseline + augmentasi `find-skills`) → tulis `state/workspace-manifest.json` → **tunjukkan ringkasan, minta approve human**.
|
|
13
|
+
4. **Mode `switch`/`sync`:** baca manifest yang ada (jangan hitung ulang), apply ke tool target.
|
|
14
|
+
5. **Apply declarative:** tulis MCP ke file config tool (`.mcp.json` / `opencode.json` / `.vscode/mcp.json` / `.agents/mcp.json`) sesuai `platformTargets`; install skills ke `skillsDir` via `npx skills add`. **Merge, jangan timpa. Secrets → placeholder `${VAR}`.**
|
|
15
|
+
6. **Update `appliedTo[tool]`** = timestamp; laporkan langkah manual tersisa.
|
|
16
|
+
|
|
17
|
+
**Aturan:**
|
|
18
|
+
- Definisi kanonik agen: `agent/workflows/toolsmith.md`. Registry: `schemas/workspace-registry.json`.
|
|
19
|
+
- **JANGAN hardcode kredensial** — gunakan placeholder env var dan instruksikan human mengisi `.env`.
|
|
20
|
+
- Perubahan daftar skill/MCP dicatat di manifest `revisionHistory` (No Silent Changes).
|
|
21
|
+
- Bisa dipanggil kapan saja — termasuk di tengah fase saat developer pindah tool AI.
|
|
@@ -1,18 +1,17 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Perbaikan bug terarah: fix → review → regression.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Tangani bug: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
**
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
**
|
|
14
|
-
-
|
|
15
|
-
-
|
|
16
|
-
-
|
|
17
|
-
-
|
|
18
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Perbaikan bug terarah: fix → review → regression.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Tangani bug: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
1. **Fixer** → analyze root cause & fix
|
|
8
|
+
2. **QA** → quick review pada kode yang diubah
|
|
9
|
+
3. **Tester** → regression test
|
|
10
|
+
4. **CHECKPOINT:** Human validation.
|
|
11
|
+
|
|
12
|
+
**Aturan orkestrasi (WAJIB):**
|
|
13
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
14
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
15
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
16
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
17
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
-
|
|
7
|
-
Langkah:
|
|
8
|
-
1. **Tester** → buat & jalankan E2E test berdasarkan spec
|
|
9
|
-
2. Jika FAIL → **Fixer** → loop balik ke langkah 1
|
|
10
|
-
3. **GATE — Fungsional hijau:** semua test pass.
|
|
11
|
-
|
|
12
|
-
**Aturan orkestrasi (WAJIB):**
|
|
13
|
-
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
14
|
-
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
15
|
-
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
16
|
-
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
17
|
-
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
1
|
+
---
|
|
2
|
+
description: Jalankan Fase 3 (Testing) — E2E test fungsional terhadap spesifikasi.
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Jalankan **Fase 3 — Testing** untuk fitur: **$ARGUMENTS**
|
|
6
|
+
|
|
7
|
+
Langkah:
|
|
8
|
+
1. **Tester** → buat & jalankan E2E test berdasarkan spec
|
|
9
|
+
2. Jika FAIL → **Fixer** → loop balik ke langkah 1
|
|
10
|
+
3. **GATE — Fungsional hijau:** semua test pass.
|
|
11
|
+
|
|
12
|
+
**Aturan orkestrasi (WAJIB):**
|
|
13
|
+
- Kamu adalah **Orchestrator** di thread utama. Delegasikan tiap langkah ke subagent yang disebut menggunakan Task tool (Claude Code) / agent invocation (OpenCode).
|
|
14
|
+
- **BERHENTI di setiap GATE / CHECKPOINT** dan minta persetujuan human secara eksplisit sebelum lanjut.
|
|
15
|
+
- Definisi kanonik pipeline: baca `agent/workflows/orchestrator.md`. Model fase & kepemilikan dokumen: `agent/workflows/_shared/phases.md`.
|
|
16
|
+
- Hormati `WORK_DEPTH` dari `project_overview.md` (override dengan `depth=` di argumen jika ada).
|
|
17
|
+
- Jika muncul perubahan di tengah pipeline, ikuti `agent/workflows/_shared/change-management.md` (No Silent Changes).
|
|
@@ -1,94 +1,94 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: penetration-testing
|
|
3
|
-
description: >
|
|
4
|
-
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
-
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
-
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# Penetration Testing
|
|
10
|
-
|
|
11
|
-
## Table of Contents
|
|
12
|
-
|
|
13
|
-
- [Overview](#overview)
|
|
14
|
-
- [When to Use](#when-to-use)
|
|
15
|
-
- [Quick Start](#quick-start)
|
|
16
|
-
- [Reference Guides](#reference-guides)
|
|
17
|
-
- [Best Practices](#best-practices)
|
|
18
|
-
|
|
19
|
-
## Overview
|
|
20
|
-
|
|
21
|
-
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
-
|
|
23
|
-
## When to Use
|
|
24
|
-
|
|
25
|
-
- Pre-production security validation
|
|
26
|
-
- Annual security assessments
|
|
27
|
-
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
-
- Post-incident security review
|
|
29
|
-
- Third-party security audits
|
|
30
|
-
- Red team exercises
|
|
31
|
-
|
|
32
|
-
## Quick Start
|
|
33
|
-
|
|
34
|
-
Minimal working example:
|
|
35
|
-
|
|
36
|
-
```python
|
|
37
|
-
# pentest_framework.py
|
|
38
|
-
import requests
|
|
39
|
-
import socket
|
|
40
|
-
import subprocess
|
|
41
|
-
import json
|
|
42
|
-
from typing import List, Dict
|
|
43
|
-
from dataclasses import dataclass, asdict
|
|
44
|
-
from datetime import datetime
|
|
45
|
-
|
|
46
|
-
@dataclass
|
|
47
|
-
class Finding:
|
|
48
|
-
severity: str
|
|
49
|
-
category: str
|
|
50
|
-
target: str
|
|
51
|
-
vulnerability: str
|
|
52
|
-
evidence: str
|
|
53
|
-
remediation: str
|
|
54
|
-
cvss_score: float
|
|
55
|
-
|
|
56
|
-
class PenetrationTester:
|
|
57
|
-
def __init__(self, target: str):
|
|
58
|
-
self.target = target
|
|
59
|
-
self.findings: List[Finding] = []
|
|
60
|
-
|
|
61
|
-
def test_sql_injection(self, url: str) -> None:
|
|
62
|
-
// ... (see reference guides for full implementation)
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
## Reference Guides
|
|
66
|
-
|
|
67
|
-
Detailed implementations in the `references/` directory:
|
|
68
|
-
|
|
69
|
-
| Guide | Contents |
|
|
70
|
-
|---|---|
|
|
71
|
-
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
-
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
-
|
|
74
|
-
## Best Practices
|
|
75
|
-
|
|
76
|
-
### ✅ DO
|
|
77
|
-
|
|
78
|
-
- Get written authorization
|
|
79
|
-
- Define clear scope
|
|
80
|
-
- Use controlled environments
|
|
81
|
-
- Document all findings
|
|
82
|
-
- Follow responsible disclosure
|
|
83
|
-
- Provide remediation guidance
|
|
84
|
-
- Verify fixes after patching
|
|
85
|
-
- Maintain chain of custody
|
|
86
|
-
|
|
87
|
-
### ❌ DON'T
|
|
88
|
-
|
|
89
|
-
- Test production without approval
|
|
90
|
-
- Cause service disruption
|
|
91
|
-
- Exfiltrate sensitive data
|
|
92
|
-
- Share findings publicly
|
|
93
|
-
- Exceed authorized scope
|
|
94
|
-
- Use destructive payloads
|
|
1
|
+
---
|
|
2
|
+
name: penetration-testing
|
|
3
|
+
description: >
|
|
4
|
+
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
+
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
+
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Penetration Testing
|
|
10
|
+
|
|
11
|
+
## Table of Contents
|
|
12
|
+
|
|
13
|
+
- [Overview](#overview)
|
|
14
|
+
- [When to Use](#when-to-use)
|
|
15
|
+
- [Quick Start](#quick-start)
|
|
16
|
+
- [Reference Guides](#reference-guides)
|
|
17
|
+
- [Best Practices](#best-practices)
|
|
18
|
+
|
|
19
|
+
## Overview
|
|
20
|
+
|
|
21
|
+
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
+
|
|
23
|
+
## When to Use
|
|
24
|
+
|
|
25
|
+
- Pre-production security validation
|
|
26
|
+
- Annual security assessments
|
|
27
|
+
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
+
- Post-incident security review
|
|
29
|
+
- Third-party security audits
|
|
30
|
+
- Red team exercises
|
|
31
|
+
|
|
32
|
+
## Quick Start
|
|
33
|
+
|
|
34
|
+
Minimal working example:
|
|
35
|
+
|
|
36
|
+
```python
|
|
37
|
+
# pentest_framework.py
|
|
38
|
+
import requests
|
|
39
|
+
import socket
|
|
40
|
+
import subprocess
|
|
41
|
+
import json
|
|
42
|
+
from typing import List, Dict
|
|
43
|
+
from dataclasses import dataclass, asdict
|
|
44
|
+
from datetime import datetime
|
|
45
|
+
|
|
46
|
+
@dataclass
|
|
47
|
+
class Finding:
|
|
48
|
+
severity: str
|
|
49
|
+
category: str
|
|
50
|
+
target: str
|
|
51
|
+
vulnerability: str
|
|
52
|
+
evidence: str
|
|
53
|
+
remediation: str
|
|
54
|
+
cvss_score: float
|
|
55
|
+
|
|
56
|
+
class PenetrationTester:
|
|
57
|
+
def __init__(self, target: str):
|
|
58
|
+
self.target = target
|
|
59
|
+
self.findings: List[Finding] = []
|
|
60
|
+
|
|
61
|
+
def test_sql_injection(self, url: str) -> None:
|
|
62
|
+
// ... (see reference guides for full implementation)
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## Reference Guides
|
|
66
|
+
|
|
67
|
+
Detailed implementations in the `references/` directory:
|
|
68
|
+
|
|
69
|
+
| Guide | Contents |
|
|
70
|
+
|---|---|
|
|
71
|
+
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
+
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
+
|
|
74
|
+
## Best Practices
|
|
75
|
+
|
|
76
|
+
### ✅ DO
|
|
77
|
+
|
|
78
|
+
- Get written authorization
|
|
79
|
+
- Define clear scope
|
|
80
|
+
- Use controlled environments
|
|
81
|
+
- Document all findings
|
|
82
|
+
- Follow responsible disclosure
|
|
83
|
+
- Provide remediation guidance
|
|
84
|
+
- Verify fixes after patching
|
|
85
|
+
- Maintain chain of custody
|
|
86
|
+
|
|
87
|
+
### ❌ DON'T
|
|
88
|
+
|
|
89
|
+
- Test production without approval
|
|
90
|
+
- Cause service disruption
|
|
91
|
+
- Exfiltrate sensitive data
|
|
92
|
+
- Share findings publicly
|
|
93
|
+
- Exceed authorized scope
|
|
94
|
+
- Use destructive payloads
|