cue-ai 0.5.0 → 0.7.0

package/resources/skills/skills/rust/wasm-rust/SKILL.md

@@ -0,0 +1,27 @@
+---
+name: wasm-rust
+description: Use when building Rust → WASM — modules with JS bindings (wasm-pack), full SPA frontends (trunk + Yew/Leptos/Sycamore), or Dioxus apps.
+allowed-tools: Bash(cargo:*), Bash(wasm-pack:*), Bash(trunk:*), Bash(dioxus:*), Bash(rustup:*)
+---
+
+# Rust → WebAssembly
+
+Pick the toolchain that matches the target.
+
+## When to use
+- **Library for JS to consume** (npm, web, node, deno): `wasm-pack build --target web|nodejs|bundler`
+  - Generates `pkg/` with `.wasm`, `.js`, `.d.ts`, `package.json`
+  - Use `#[wasm_bindgen]` on exported fns/structs
+- **Full Rust SPA** (Yew, Leptos, Sycamore): `trunk serve` (dev) · `trunk build --release` (prod)
+  - Entry is `index.html` with a `<link data-trunk rel="rust" />`
+- **Dioxus app** (web/desktop/mobile from one codebase): `dx new <name>` · `dx serve --platform web`
+
+## Prerequisites
+- WASM target: `rustup target add wasm32-unknown-unknown`
+- wasm-pack, trunk, or dioxus-cli depending on path
+
+## Notes
+- For web SPAs, `wasm-opt` (from binaryen) shaves significant size — trunk runs it automatically in `--release`.
+- `wee_alloc` saves ~10KB but is unmaintained; the default allocator is usually fine.
+- Async works in browser via `wasm-bindgen-futures`; spawn with `spawn_local`.
+- Cargo features: gate native-only code behind `#[cfg(not(target_arch = "wasm32"))]` so the WASM build doesn't pull in tokio's mio.

package/resources/skills/skills/security/agentshield/SKILL.md

@@ -0,0 +1,119 @@
+---
+name: agentshield
+description: Use when the user asks to scan or audit a Claude Code / agent configuration for security issues — hardcoded secrets, overly-permissive Bash allow rules, hook injection, risky MCP servers, agent prompt-injection vectors — or mentions "agentshield", "scan my .claude", "audit my settings.json", "ecc-agentshield", or "miniclaw".
+---
+
+# AgentShield — security auditor for AI agent configurations
+
+`ecc-agentshield` is a CLI scanner from [affaan-m/agentshield](https://github.com/affaan-m/agentshield) that audits `.claude/` directories, `settings.json`, `mcp.json`, hook scripts, and agent definitions for secrets, permission misconfigs, hook injection, MCP supply-chain risks, and prompt-injection vectors. Output is a graded report (A–F, 0–100) with severity-tagged findings.
+
+## When to use
+
+- The user wants to **vet a Claude Code / Codex / agent config** before sharing, committing, or deploying it.
+- After installing a community plugin / skill / MCP — to verify the new surface didn't introduce a vulnerability.
+- In CI on a PR that touches `.claude/`, `.codex/`, `settings.json`, `mcp.json`, hook scripts, or an `agents/` directory.
+- The user mentions the recent agent-marketplace incidents (12% malicious skills, 1.5M leaked tokens) and wants a baseline scan.
+
+## Quick start
+
+```bash
+# Scan the active ~/.claude/ (auto-discovery)
+npx ecc-agentshield scan
+
+# Scan a specific path (a repo's .claude/, .codex/, or a settings.json)
+npx ecc-agentshield scan --path /path/to/project/.claude
+
+# Auto-fix safe findings (env-var references for hardcoded secrets)
+npx ecc-agentshield scan --fix
+
+# Machine-readable
+npx ecc-agentshield scan --format json
+npx ecc-agentshield scan --format html > report.html
+
+# Portable audit bundle (evidence + findings for handoff)
+npx ecc-agentshield scan --evidence-pack ./agentshield-evidence
+
+# Deep three-agent adversarial analysis via Opus (needs ANTHROPIC_API_KEY)
+npx ecc-agentshield scan --opus --stream
+```
+
+Discovery automatically skips `node_modules/`, build output, and `.dmux` worktree mirrors.
+
+## What it catches (5 rule categories, ~102 rules)
+
+| Category | Count | Examples |
+|---|---|---|
+| **secrets** | 10 | hardcoded API keys, tokens, passwords, exposed env values, leaked webhooks, base64-encoded creds, private keys, internal IPs |
+| **permissions** | 10 | `Bash(*)`, dangerous git flags, mutable tools, sensitive path access, network access without deny list |
+| **hooks** | 34 | command injection, exfiltration, persistence, container escape, clipboard reads, log tampering, reverse shells |
+| **mcp** | 23 | risky servers, env override, `npx` supply-chain risk, auto-approve, missing timeouts, bind-all interfaces, CORS misconfig |
+| **agents** | 25 | tool-restriction gaps, prompt-injection vectors, reflection attacks, output manipulation, social-engineering pretexts |
+
+Severity → deductions: `critical` -25, `high` -15, `medium` -5, `low` -2, `info` 0. Grade thresholds: A ≥90, B ≥75, C ≥60, D ≥40, F <40.
+
+## CI / GitHub Action
+
+```yaml
+# .github/workflows/agentshield.yml
+on: [pull_request]
+jobs:
+  agentshield:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: affaan-m/agentshield@v1
+        with:
+          path: .claude
+          fail-on: high   # fail PR if any high/critical findings
+```
+
+A GitHub App ([`ecc-tools`](https://github.com/apps/ecc-tools)) also exists for org-wide PR commenting.
+
+## MiniClaw — sandboxed agent execution server
+
+AgentShield ships a separate sub-tool (`miniclaw`) that runs Claude Code in a hardened HTTP sandbox with tool whitelisting, prompt sanitization, rate limiting, and CORS. Use when the user wants to expose Claude as an internal HTTP API without giving it full shell.
+
+```bash
+npx ecc-agentshield miniclaw start                       # localhost:3000
+npx ecc-agentshield miniclaw start --port 4000 --rate-limit 20
+```
+
+API + dashboard docs: `src/miniclaw/README.md` in the upstream repo.
+
+## How to interpret the report
+
+1. **Critical / high findings** are the only ones that should block a merge. Medium/low surface during a baseline audit.
+2. **Active-runtime** findings (`mcp.json`, `.claude/mcp.json`, `.claude.json`, active `settings.json`) are real exposure. **Template-example** findings (`mcp-configs/`, `config/mcp/`) are catalog risks, not active runtime.
+3. For hardcoded secrets, prefer `--fix` to auto-replace with `${ENV_VAR}` references — then move the actual value to a real env vault (e.g. envoult for Coolify projects).
+4. For `Bash(*)` rules, replace with narrow patterns: `Bash(git *)`, `Bash(npm *)`, `Bash(node *)`.
+5. For risky MCPs (`npx`-launched servers without pinned versions, broad filesystem access), pin a tag or sha and tighten the allowed root path.
+
+## Output reference
+
+```text
+AgentShield Security Report
+Grade: F (0/100)
+Score Breakdown
+  Secrets        ░░░░░░░░░░░░░░░░░░░░ 0
+  Permissions    ░░░░░░░░░░░░░░░░░░░░ 0
+  Hooks          ░░░░░░░░░░░░░░░░░░░░ 0
+  MCP Servers    ░░░░░░░░░░░░░░░░░░░░ 0
+  Agents         ░░░░░░░░░░░░░░░░░░░░ 0
+
+● CRITICAL  Hardcoded Anthropic API key
+  CLAUDE.md:13
+  Fix: Replace with environment variable reference [auto-fixable]
+```
+
+## When NOT to use
+
+- General OWASP / web-app security review of application code → use the `security-review` skill instead.
+- Secret-scanning of arbitrary repos that have nothing to do with agent configs → use `gitleaks` / `trufflehog`.
+- Running it against `node_modules/` or generated dirs — AgentShield already skips these; don't override unless you have a reason.
+
+## Upstream
+
+- Repo: <https://github.com/affaan-m/agentshield>
+- npm: `ecc-agentshield`
+- Author: Affaan Mustafa (built at Claude Code Hackathon, Feb 2026)
+- Part of the [Everything Claude Code](https://github.com/affaan-m/everything-claude-code) ecosystem

package/src/commands/_index.ts

@@ -1,7 +1,7 @@
 /**
  * Subcommand registry.
  *
- * Each entry declares a one-line summary (for `soul --help`) and a lazy
+ * Each entry declares a one-line summary (for `cue --help`) and a lazy
  * loader that returns the command module. Lazy loading keeps cold start
  * fast — only the command actually invoked is imported.
  *
@@ -10,7 +10,7 @@
  */
 
 export interface Command {
-  /** One-line description shown by `soul --help`. */
+  /** One-line description shown by `cue --help`. */
   summary: string;
   /** Lazy import of the command module. Must export `run(args): Promise<number>`. */
   load: () => Promise<{ run: (args: string[]) => Promise<number> }>;
@@ -109,6 +109,10 @@ export const COMMANDS = {
     summary: "Create a new profile.yaml from skills/MCPs (interactive or from agent skill)",
     load: () => import("./create-profile"),
   },
+  profile: {
+    summary: "Profile-scoped operations: `cue profile suggest` audits for regroupings",
+    load: () => import("./profile"),
+  },
   skills: {
     summary: "Manage skills: list, search, add/remove from profiles",
     load: () => import("./skills"),
@@ -141,6 +145,30 @@ export const COMMANDS = {
     summary: "Compare two profiles side-by-side",
     load: () => import("./diff"),
   },
+  eval: {
+    summary: "Benchmark profile performance — token savings, usage, score",
+    load: () => import("./eval"),
+  },
+  debug: {
+    summary: "Trace why skills/MCPs aren't loading — full resolution chain",
+    load: () => import("./debug"),
+  },
+  cli: {
+    summary: "List or install the system CLIs a profile's skills need",
+    load: () => import("./cli"),
+  },
+  "lint-skill": {
+    summary: "Validate a SKILL.md against the skill spec (R001-R008); --fix to auto-correct",
+    load: () => import("./lint-skill"),
+  },
+  "eval-behavior": {
+    summary: "Structural eval — does this profile have the skills/commands/playbooks/gates for its declared scenarios?",
+    load: () => import("./eval-behavior"),
+  },
+  failures: {
+    summary: "Review session-log.jsonl + transcripts for failure patterns per profile",
+    load: () => import("./failures"),
+  },
   snapshot: {
     summary: "Export/restore current profile state as portable YAML",
     load: () => import("./snapshot"),
@@ -253,6 +281,14 @@ export const COMMANDS = {
     summary: "Show GitHub repos that provide skills for a profile",
     load: () => import("./sources"),
   },
+  discover: {
+    summary: "Find hidden gem skill repos on GitHub and export docs/discovered.md",
+    load: () => import("./discover"),
+  },
+  evolve: {
+    summary: "Auto-evolve profiles: detect gaps, suggest skills, prune unused",
+    load: () => import("./evolve"),
+  },
   sponsor: {
     summary: "Star the repo / show support links",
     load: async () => ({
@@ -270,9 +306,17 @@ export const COMMANDS = {
     }),
   },
   "migrate-symlinks": {
-    summary: "Rewrite ~/.codex and ~/.claude-accounts symlinks from soul/ to cue/",
+    summary: "Rewrite ~/.codex and ~/.claude-accounts symlinks from soul/ to cue/ to cue/",
     load: () => import("./migrate-symlinks"),
   },
+  feedback: {
+    summary: "Share what's working / what's missing (local-only, opt-in to share as GitHub issue)",
+    load: () => import("./feedback"),
+  },
+  "submit-profile": {
+    summary: "Fork opencue/cue, branch, commit your profile.yaml, open PR (community contribution)",
+    load: () => import("./submit-profile"),
+  },
 } as const satisfies Record<string, Command>;
 
 export type CommandName = keyof typeof COMMANDS;

package/src/commands/cli.test.ts

@@ -0,0 +1,192 @@
+/**
+ * Tests for `cue cli`. Use JSON mode to assert structure without parsing ANSI.
+ * Install command is exercised only in --dry-run mode (default) — we never
+ * actually exec apt during tests.
+ */
+
+import { describe, expect, test, beforeEach } from "bun:test";
+import { run as cliRun } from "./cli";
+
+beforeEach(() => {
+  delete process.env.CUE_PROFILES_DIR;
+  delete process.env.SOUL_PROFILES_DIR;
+});
+
+async function capture<T>(fn: () => Promise<T>): Promise<{ stdout: string; value: T }> {
+  const orig = process.stdout.write.bind(process.stdout);
+  let buf = "";
+  (process.stdout as any).write = (c: string | Uint8Array) => { buf += String(c); return true; };
+  try {
+    const value = await fn();
+    return { stdout: buf, value };
+  } finally {
+    (process.stdout as any).write = orig;
+  }
+}
+
+describe("cue cli list", () => {
+  test("--json shape: rows with cli + installed + plan", async () => {
+    const { stdout, value } = await capture(() => cliRun(["list", "full", "--json"]));
+    expect(value).toBe(0);
+    const out = JSON.parse(stdout) as { profile: string; rows: Array<{ cli: string; installed: boolean; skillCount: number; plan: { mode: string } }> };
+    expect(out.profile).toBe("full");
+    expect(out.rows.length).toBeGreaterThan(20);
+    for (const r of out.rows) {
+      expect(typeof r.cli).toBe("string");
+      expect(typeof r.installed).toBe("boolean");
+      expect(r.skillCount).toBeGreaterThan(0);
+      expect(typeof r.plan.mode).toBe("string");
+    }
+  });
+
+  test("at least one row has a real install command (apt/pip/script)", async () => {
+    const { stdout } = await capture(() => cliRun(["list", "full", "--json"]));
+    const out = JSON.parse(stdout) as { rows: Array<{ plan: { mode: string; command?: string } }> };
+    const installable = out.rows.filter((r) => r.plan.command);
+    expect(installable.length).toBeGreaterThan(5);
+  });
+
+  test("no positional + no .cue-profile → usage error", async () => {
+    const orig = process.stderr.write.bind(process.stderr);
+    let err = "";
+    (process.stderr as any).write = (c: string | Uint8Array) => { err += String(c); return true; };
+    try {
+      // run from /tmp so no .cue-profile lookup succeeds
+      const cwd = process.cwd();
+      process.chdir("/tmp");
+      try {
+        const exit = await cliRun(["list"]);
+        // either succeeds via parent .cue-profile resolution, or returns 1 with usage
+        if (exit !== 0) expect(err).toContain("Usage");
+      } finally {
+        process.chdir(cwd);
+      }
+    } finally {
+      (process.stderr as any).write = orig;
+    }
+  });
+});
+
+describe("cue cli install", () => {
+  test("dry-run --all is the default (no execution) and produces a plan", async () => {
+    const { stdout, value } = await capture(() => cliRun(["install", "--all", "full", "--json"]));
+    expect(value).toBe(0);
+    const out = JSON.parse(stdout) as { dryRun: boolean; plans: Array<{ cli: string; mode: string; command?: string; hint?: string }> };
+    expect(out.dryRun).toBe(true);
+    expect(out.plans.length).toBeGreaterThan(10);
+    // Every plan has either a command (auto-installable) or a hint (manual).
+    for (const p of out.plans) {
+      expect(p.command || p.hint).toBeTruthy();
+    }
+  });
+
+  test("install <single-tool> without args returns usage error", async () => {
+    const orig = process.stderr.write.bind(process.stderr);
+    let err = "";
+    (process.stderr as any).write = (c: string | Uint8Array) => { err += String(c); return true; };
+    try {
+      const exit = await cliRun(["install"]);
+      expect(exit).toBe(1);
+      expect(err).toContain("Usage");
+    } finally {
+      (process.stderr as any).write = orig;
+    }
+  });
+
+  test("install <known-tool> dry-run produces apt or pip plan", async () => {
+    const { stdout } = await capture(() => cliRun(["install", "nmap", "--json"]));
+    const out = JSON.parse(stdout) as { plans: Array<{ cli: string; mode: string; command?: string }> };
+    expect(out.plans).toHaveLength(1);
+    expect(out.plans[0]!.cli).toBe("nmap");
+    // On Linux with apt available, mode should be apt; otherwise some other available manager.
+    expect(["apt", "brew", "dnf", "pacman", "winget", "manual"]).toContain(out.plans[0]!.mode);
+  });
+
+  test("install <unknown-tool> dry-run reports no recipe", async () => {
+    const { stdout } = await capture(() => cliRun(["install", "definitely-not-a-real-tool-xyz", "--json"]));
+    const out = JSON.parse(stdout) as { plans: Array<{ cli: string; mode: string; hint?: string }> };
+    expect(out.plans[0]!.mode).toBe("unknown");
+    expect(out.plans[0]!.hint).toContain("no recipe");
+  });
+});
+
+describe("cue cli list --all-profiles", () => {
+  test("--json returns flat array with profileCount across all profiles", async () => {
+    const { stdout, value } = await capture(() => cliRun(["list", "--all-profiles", "--json"]));
+    expect(value).toBe(0);
+    const out = JSON.parse(stdout) as { rows: Array<{ cli: string; profileCount: number; profiles: string[]; installed: boolean; plan: { mode: string } }> };
+    expect(out.rows.length).toBeGreaterThan(20);
+    // A CLI used by full AND full should report profileCount >= 2.
+    const multiUse = out.rows.find((r) => r.profileCount >= 2);
+    expect(multiUse).toBeDefined();
+    expect(multiUse!.profiles.length).toBe(multiUse!.profileCount);
+  });
+
+  test("--missing-only filters out installed CLIs", async () => {
+    const { stdout } = await capture(() => cliRun(["list", "--all-profiles", "--missing-only", "--json"]));
+    const out = JSON.parse(stdout) as { rows: Array<{ installed: boolean }> };
+    for (const r of out.rows) expect(r.installed).toBe(false);
+  });
+});
+
+describe("optimizer.parseCLIsFromContent", () => {
+  test("extracts CLIs from allowed-tools frontmatter and Prerequisites", async () => {
+    const { parseCLIsFromContent } = await import("./optimizer");
+    const skillMd = `---
+name: test
+allowed-tools: Bash(nmap:*), Bash(sqlmap:*), Bash(curl arg)
+---
+
+# Test
+
+## Prerequisites
+
+- nmap installed
+- docker
+- random line with no known CLI
+`;
+    const clis = parseCLIsFromContent(skillMd);
+    expect(clis).toContain("nmap");
+    expect(clis).toContain("sqlmap");
+    expect(clis).toContain("curl");
+    expect(clis).toContain("docker");
+  });
+
+  test("empty content returns empty array", async () => {
+    const { parseCLIsFromContent } = await import("./optimizer");
+    expect(parseCLIsFromContent("")).toEqual([]);
+  });
+
+  test("preserves case for binary names (e.g. Xvfb)", async () => {
+    const { parseCLIsFromContent } = await import("./optimizer");
+    const md = `---\nallowed-tools: Bash(Xvfb:*)\n---\n`;
+    expect(parseCLIsFromContent(md)).toContain("Xvfb");
+  });
+});
+
+describe("cue cli (top-level)", () => {
+  test("no subcommand prints usage with exit 0", async () => {
+    const orig = process.stderr.write.bind(process.stderr);
+    let err = "";
+    (process.stderr as any).write = (c: string | Uint8Array) => { err += String(c); return true; };
+    try {
+      const exit = await cliRun([]);
+      expect(exit).toBe(0);
+      expect(err).toContain("cue cli");
+    } finally {
+      (process.stderr as any).write = orig;
+    }
+  });
+
+  test("unknown subcommand exits 1", async () => {
+    const orig = process.stderr.write.bind(process.stderr);
+    let err = "";
+    (process.stderr as any).write = (c: string | Uint8Array) => { err += String(c); return true; };
+    try {
+      const exit = await cliRun(["nonsense"]);
+      expect(exit).toBe(1);
+    } finally {
+      (process.stderr as any).write = orig;
+    }
+  });
+});