devendra-skill-package 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/skills/boiler-project-generator/SKILL.md +103 -0
- package/.github/skills/boiler-project-generator/assets/templates/android/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/angular/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/flutter/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/ios/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/api-setup.ts +76 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/component-primary-button.tsx +29 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/env-config.env +4 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-auth-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-dashboard-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-profile-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/hook-use-app-boot.ts +11 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/navigation-setup.tsx +25 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/project-structure.md +24 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-hooks.ts +5 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-session-slice.ts +29 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-store.ts +15 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/theme-index.ts +23 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/utils-helpers.ts +7 -0
- package/.github/skills/boiler-project-generator/metadata.yaml +29 -0
- package/.github/skills/boiler-project-generator/references/android.md +19 -0
- package/.github/skills/boiler-project-generator/references/angular.md +14 -0
- package/.github/skills/boiler-project-generator/references/flutter.md +17 -0
- package/.github/skills/boiler-project-generator/references/ios.md +17 -0
- package/.github/skills/boiler-project-generator/references/react-native.md +103 -0
- package/.github/skills/boiler-project-generator/references/react.md +17 -0
- package/.github/skills/boiler-project-generator/scripts/angular.js +43 -0
- package/.github/skills/boiler-project-generator/scripts/generate-project.mjs +107 -0
- package/.github/skills/boiler-project-generator/scripts/init.js +105 -0
- package/.github/skills/boiler-project-generator/scripts/react-native.js +1041 -0
- package/.github/skills/boiler-project-generator/scripts/react.js +32 -0
- package/.github/skills/clean-architecture-generator/SKILL.md +235 -0
- package/.github/skills/clean-architecture-generator/references/architecture-core.md +126 -0
- package/.github/skills/clean-architecture-generator/references/platform-angular.md +374 -0
- package/.github/skills/clean-architecture-generator/references/platform-flutter.md +366 -0
- package/.github/skills/clean-architecture-generator/references/platform-react-native.md +590 -0
- package/.github/skills/clean-architecture-generator/references/platform-react.md +261 -0
- package/.github/skills/code-test-coverage-analyzer/SKILL.md +1358 -0
- package/.github/skills/code-test-coverage-analyzer/assets/config-questionnaire.md +118 -0
- package/.github/skills/code-test-coverage-analyzer/assets/conflict-resolution-protocol.md +99 -0
- package/.github/skills/code-test-coverage-analyzer/assets/coverage-calculation-rules.md +294 -0
- package/.github/skills/code-test-coverage-analyzer/assets/multi-strategy-search.md +145 -0
- package/.github/skills/code-test-coverage-analyzer/assets/output-file-contracts.md +651 -0
- package/.github/skills/code-test-coverage-analyzer/assets/status-definitions.md +273 -0
- package/.github/skills/code-test-coverage-analyzer/examples/example-invocation.md +208 -0
- package/.github/skills/code-test-coverage-analyzer/references/android-patterns.md +229 -0
- package/.github/skills/code-test-coverage-analyzer/references/angular-patterns.md +177 -0
- package/.github/skills/code-test-coverage-analyzer/references/backend-patterns.md +383 -0
- package/.github/skills/code-test-coverage-analyzer/references/flutter-patterns.md +254 -0
- package/.github/skills/code-test-coverage-analyzer/references/ios-patterns.md +228 -0
- package/.github/skills/code-test-coverage-analyzer/references/react-native-patterns.md +431 -0
- package/.github/skills/code-test-coverage-analyzer/references/react-patterns.md +206 -0
- package/.github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 +261 -0
- package/.github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 +242 -0
- package/.github/skills/code-test-coverage-analyzer/templates/brd-compliance-row.md +107 -0
- package/.github/skills/code-test-coverage-analyzer/templates/test-case-row.md +130 -0
- package/.github/skills/code-test-coverage-analyzer/templates/user-story-compliance-row.md +170 -0
- package/.github/skills/custom-font-integrator/SKILL.md +373 -0
- package/.github/skills/custom-font-integrator/assets/FontTestScreen.js +150 -0
- package/.github/skills/custom-font-integrator/references/example-info-plist.xml +21 -0
- package/.github/skills/custom-font-integrator/scripts/setup-fonts.sh +99 -0
- package/.github/skills/encryption-decryption-utility/Instructions.md +282 -0
- package/.github/skills/encryption-decryption-utility/README.md +222 -0
- package/.github/skills/encryption-decryption-utility/SKILL.md +645 -0
- package/.github/skills/encryption-decryption-utility/assets/encryption-config-template.json +13 -0
- package/.github/skills/encryption-decryption-utility/assets/platform-matrix.json +180 -0
- package/.github/skills/encryption-decryption-utility/metadata.yaml +51 -0
- package/.github/skills/encryption-decryption-utility/references/android-crypto.md +157 -0
- package/.github/skills/encryption-decryption-utility/references/angular-crypto.md +130 -0
- package/.github/skills/encryption-decryption-utility/references/approach-1-webcrypto.md +95 -0
- package/.github/skills/encryption-decryption-utility/references/approach-2-rsa-aes-cbc.md +111 -0
- package/.github/skills/encryption-decryption-utility/references/approach-3-aes-sharedkey.md +114 -0
- package/.github/skills/encryption-decryption-utility/references/architecture.md +233 -0
- package/.github/skills/encryption-decryption-utility/references/backend-alignment.md +506 -0
- package/.github/skills/encryption-decryption-utility/references/dependency-guidance.md +234 -0
- package/.github/skills/encryption-decryption-utility/references/ec-implementation.md +832 -0
- package/.github/skills/encryption-decryption-utility/references/error-handling-playbook.md +234 -0
- package/.github/skills/encryption-decryption-utility/references/flutter-crypto.md +105 -0
- package/.github/skills/encryption-decryption-utility/references/ios-crypto.md +338 -0
- package/.github/skills/encryption-decryption-utility/references/native-rsa-implementation.md +373 -0
- package/.github/skills/encryption-decryption-utility/references/node-crypto.md +86 -0
- package/.github/skills/encryption-decryption-utility/references/react-crypto.md +105 -0
- package/.github/skills/encryption-decryption-utility/references/react-native-crypto.md +1001 -0
- package/.github/skills/encryption-decryption-utility/references/react-web-crypto.md +668 -0
- package/.github/skills/encryption-decryption-utility/references/security-checklist.md +176 -0
- package/.github/skills/encryption-decryption-utility/references/web-crypto.md +74 -0
- package/.github/skills/encryption-decryption-utility/scripts/detect.js +128 -0
- package/.github/skills/encryption-decryption-utility/scripts/install.js +1713 -0
- package/.github/skills/encryption-decryption-utility/scripts/setup.js +800 -0
- package/.github/skills/encryption-decryption-utility/template.md +241 -0
- package/.github/skills/encryption-decryption-utility/templates/config-questionnaire.md +467 -0
- package/.github/skills/encryption-decryption-utility/templates/delivery-checklist.md +206 -0
- package/.github/skills/encryption-decryption-utility/templates/implementation-plan.md +304 -0
- package/.github/skills/feature-generator/SKILL.MD +2741 -0
- package/.github/skills/feature-generator/assets/fingerprint-schema.json +385 -0
- package/.github/skills/feature-generator/assets/spec-template.md +172 -0
- package/.github/skills/feature-generator/assets/transform-rules.json +82 -0
- package/.github/skills/feature-generator/references/api-envelope-patterns.md +327 -0
- package/.github/skills/feature-generator/references/screen-logic-patterns.md +399 -0
- package/.github/skills/feature-generator/references/state-library-patterns.md +464 -0
- package/.github/skills/figma-ui-mapper/README.md +34 -0
- package/.github/skills/figma-ui-mapper/SKILL.md +101 -0
- package/.github/skills/figma-ui-mapper/assets/templates/component-map-template.md +30 -0
- package/.github/skills/figma-ui-mapper/assets/templates/generation-report-template.md +49 -0
- package/.github/skills/figma-ui-mapper/metadata.yaml +22 -0
- package/.github/skills/figma-ui-mapper/references/android.md +11 -0
- package/.github/skills/figma-ui-mapper/references/angular.md +18 -0
- package/.github/skills/figma-ui-mapper/references/capacitor.md +18 -0
- package/.github/skills/figma-ui-mapper/references/common.md +23 -0
- package/.github/skills/figma-ui-mapper/references/expo.md +18 -0
- package/.github/skills/figma-ui-mapper/references/flutter.md +18 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/angular/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/capacitor/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/expo/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/flutter/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/ionic/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/kotlin-multiplatform/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/native-android/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/native-ios/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/next/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/nuxt/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/react/rules.md +19 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/react-native/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/svelte/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/vue/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/ionic.md +18 -0
- package/.github/skills/figma-ui-mapper/references/ios.md +11 -0
- package/.github/skills/figma-ui-mapper/references/kotlin-multiplatform.md +18 -0
- package/.github/skills/figma-ui-mapper/references/native-android.md +18 -0
- package/.github/skills/figma-ui-mapper/references/native-ios.md +18 -0
- package/.github/skills/figma-ui-mapper/references/next.md +18 -0
- package/.github/skills/figma-ui-mapper/references/nuxt.md +18 -0
- package/.github/skills/figma-ui-mapper/references/react-figma-guideline.md +21 -0
- package/.github/skills/figma-ui-mapper/references/react-native.md +18 -0
- package/.github/skills/figma-ui-mapper/references/react.md +18 -0
- package/.github/skills/figma-ui-mapper/references/script-usage.md +46 -0
- package/.github/skills/figma-ui-mapper/references/svelte.md +18 -0
- package/.github/skills/figma-ui-mapper/references/vue.md +18 -0
- package/.github/skills/figma-ui-mapper/references/workflow.md +74 -0
- package/.github/skills/figma-ui-mapper/scripts/generate-page-through-figma.js +635 -0
- package/.github/skills/figma-ui-mapper/scripts/generate-react-page-through-figma.js +4 -0
- package/.github/skills/frontend-task-breakdown/SKILL.md +734 -0
- package/.github/skills/md-file-converter/SKILL.md +291 -0
- package/.github/skills/md-file-converter/config/formats.json +114 -0
- package/.github/skills/md-file-converter/extractors/extract-docx.sh +120 -0
- package/.github/skills/md-file-converter/extractors/extract-eml.py +108 -0
- package/.github/skills/md-file-converter/extractors/extract-pdf.sh +97 -0
- package/.github/skills/md-file-converter/extractors/extract-pptx.py +143 -0
- package/.github/skills/md-file-converter/extractors/extract-xlsx.py +175 -0
- package/.github/skills/md-file-converter/scripts/check-tools.sh +47 -0
- package/.github/skills/md-file-converter/scripts/extract-archive.sh +83 -0
- package/.github/skills/md-file-converter/scripts/extract-ocr.sh +77 -0
- package/.github/skills/md-file-converter/scripts/get-metadata.sh +57 -0
- package/.github/skills/md-file-converter/templates/output.md +73 -0
- package/.github/skills/md-file-converter/templates/unsupported-object.md +6 -0
- package/.github/skills/mockAPI-contract-generator/SKILL.md +607 -0
- package/.github/skills/test-case-validator/CHANGELOG.md +155 -0
- package/.github/skills/test-case-validator/CONFIGURATION.md +130 -0
- package/.github/skills/test-case-validator/EXAMPLES.md +50 -0
- package/.github/skills/test-case-validator/QUALITY_SCORING.md +98 -0
- package/.github/skills/test-case-validator/README.md +111 -0
- package/.github/skills/test-case-validator/REPORT_TEMPLATE.md +116 -0
- package/.github/skills/test-case-validator/SKILL.md +209 -0
- package/.github/skills/test-case-validator/SYSTEM_PROMPT.md +127 -0
- package/.github/skills/test-case-validator/TRACEABILITY_ENGINE.md +152 -0
- package/.github/skills/test-case-validator/VALIDATION_RULES.md +411 -0
- package/.github/skills/test-case-validator/config/default.config.yaml +62 -0
- package/.github/skills/test-case-validator/docs/ARCHITECTURE.md +66 -0
- package/.github/skills/test-case-validator/docs/EXTENDING.md +85 -0
- package/.github/skills/test-case-validator/docs/FAQ.md +88 -0
- package/.github/skills/test-case-validator/docs/VERSIONING.md +55 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-brd.md +43 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-test-cases.csv +9 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-user-story.md +29 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/output-report.md +303 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-spec.md +43 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-test-files-index.md +56 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/output-report.md +274 -0
- package/.github/skills/test-case-validator/prompts/00-applicability-resolution.md +61 -0
- package/.github/skills/test-case-validator/prompts/01-extraction-user-story.md +58 -0
- package/.github/skills/test-case-validator/prompts/02-extraction-brd.md +64 -0
- package/.github/skills/test-case-validator/prompts/03-extraction-test-cases.md +92 -0
- package/.github/skills/test-case-validator/prompts/04-traceability-matrix.md +41 -0
- package/.github/skills/test-case-validator/prompts/05-coverage-analysis.md +46 -0
- package/.github/skills/test-case-validator/prompts/06-missing-scenario-detection.md +32 -0
- package/.github/skills/test-case-validator/prompts/07-duplicate-detection.md +36 -0
- package/.github/skills/test-case-validator/prompts/08-risk-analysis.md +39 -0
- package/.github/skills/test-case-validator/prompts/09-gated-wiring-validation.md +53 -0
- package/.github/skills/test-case-validator/prompts/10-observation-report.md +56 -0
- package/.github/skills/test-case-validator/prompts/11-final-report-assembly.md +57 -0
- package/.github/skills/test-case-validator/templates/coverage-table.md +25 -0
- package/.github/skills/test-case-validator/templates/executive-summary.md +38 -0
- package/.github/skills/test-case-validator/templates/final-summary-block.md +87 -0
- package/.github/skills/test-case-validator/templates/observation-entry.md +41 -0
- package/.github/skills/test-case-validator/templates/rtm-row.md +25 -0
- package/.github/skills/validation-engine-builder/README.md +50 -0
- package/.github/skills/validation-engine-builder/SKILL.md +241 -0
- package/.github/skills/validation-engine-builder/references/core.md +158 -0
- package/.github/skills/validation-engine-builder/references/platform-angular.md +166 -0
- package/.github/skills/validation-engine-builder/references/platform-flutter.md +118 -0
- package/.github/skills/validation-engine-builder/references/platform-react-native.md +170 -0
- package/.github/skills/validation-engine-builder/references/platform-react.md +94 -0
- package/.github/skills/validation-engine-builder/scripts/apply-to-project.js +80 -0
- package/.github/skills/validation-engine-builder/scripts/generate-angular.js +271 -0
- package/.github/skills/validation-engine-builder/scripts/generate-flutter.js +298 -0
- package/.github/skills/validation-engine-builder/scripts/generate-react-native.js +217 -0
- package/.github/skills/validation-engine-builder/scripts/generate-react.js +163 -0
- package/.github/skills/validation-engine-builder/scripts/install-deps.js +53 -0
- package/.github/skills/validation-engine-builder/scripts/shared/detect-platform.js +68 -0
- package/.github/skills/validation-engine-builder/scripts/shared/npm-deps.js +103 -0
- package/.github/skills/validation-engine-builder/scripts/shared/rhf-hook.js +43 -0
- package/.github/skills/validation-engine-builder/scripts/shared/ts-messages-regex.js +62 -0
- package/.github/skills/validation-engine-builder/scripts/shared/util.js +44 -0
- package/.github/skills/validation-engine-builder/scripts/shared/yup-schemas.js +80 -0
- package/.github/skills/validation-engine-builder/template.md +73 -0
- package/.github/skills/validation-engine-builder/templates/messages.json +22 -0
- package/.github/skills/validation-engine-builder/templates/regex.json +16 -0
- package/.github/skills/validation-engine-builder/templates/schemas.json +48 -0
- package/bin/index.js +145 -0
- package/package.json +22 -0
- package/readme.md +0 -0
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
# Security Checklist
|
|
2
|
+
|
|
3
|
+
Use this checklist before marking any encryption implementation complete.
|
|
4
|
+
Items are tagged by platform/approach scope.
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Crypto — All Platforms
|
|
9
|
+
|
|
10
|
+
- AES key length is 32 bytes (AES-256).
|
|
11
|
+
- IV length is 12 bytes (GCM) or 16 bytes (CBC depending on approach).
|
|
12
|
+
- Auth tag length is 16 bytes when using GCM mode.
|
|
13
|
+
- Random generation uses a cryptographically secure source (`crypto.subtle`, `randomBytes`, `SecureRandom`, `SecRandomCopyBytes`).
|
|
14
|
+
- Selected approach is supported by the target platform (verified against `platform-matrix.json`).
|
|
15
|
+
|
|
16
|
+
## Key Handling — All Platforms
|
|
17
|
+
|
|
18
|
+
- RSA public key format validated (PEM headers present; `BEGIN PUBLIC KEY`).
|
|
19
|
+
- RSA padding is RSA-OAEP. PKCS1 v1.5 only with explicit written approval for legacy systems — not acceptable for new deployments in 2026.
|
|
20
|
+
- RSA key source is HTTPS if API-based.
|
|
21
|
+
- Shared keys (approach 3) are at least 32 characters.
|
|
22
|
+
- No key material written to disk or included in logs.
|
|
23
|
+
|
|
24
|
+
## Transport and API — All Platforms
|
|
25
|
+
|
|
26
|
+
- Encryption applied to POST/PUT/PATCH by default.
|
|
27
|
+
- GET excluded unless explicitly configured.
|
|
28
|
+
- FormData excluded from encryption at all times.
|
|
29
|
+
- URL exclusion list configured and validated (if applicable).
|
|
30
|
+
|
|
31
|
+
---
|
|
32
|
+
|
|
33
|
+
## React Native — Approaches 4 and 5 (Production)
|
|
34
|
+
|
|
35
|
+
### Crypto
|
|
36
|
+
|
|
37
|
+
- AES mode is GCM.
|
|
38
|
+
- IV is 12 bytes.
|
|
39
|
+
- Auth tag is 16 bytes (appended to ciphertext in Base64 output).
|
|
40
|
+
- Per-request AES key generated with `randomBytes(32)` in JS.
|
|
41
|
+
|
|
42
|
+
### Key Handling
|
|
43
|
+
|
|
44
|
+
- RSA key cached only in memory.
|
|
45
|
+
- AES key and IV are never persisted.
|
|
46
|
+
- Request key mapping (`requestId → { aesKey, iv }`) cleared immediately after response processing (success or failure).
|
|
47
|
+
- RSA key fetch retry is bounded (default 3 attempts).
|
|
48
|
+
- `KEY_ID_NOT_FOUND` triggers key refresh and exactly one retry — no retry loop.
|
|
49
|
+
|
|
50
|
+
### Key Handling — Native Mode (Approach 5) Only
|
|
51
|
+
|
|
52
|
+
- Per-request AES keys are generated in JS using `randomBytes(32)` and passed as base64 to native encrypt/decrypt — they are NOT stored in Android Keystore or iOS Secure Enclave.
|
|
53
|
+
- Raw AES key material is never logged.
|
|
54
|
+
- AES key lives only in the JS request map and is deleted immediately after response.
|
|
55
|
+
- No RSA private key material exists on the client.
|
|
56
|
+
- `try!` is NOT present anywhere in Swift bridge code.
|
|
57
|
+
|
|
58
|
+
### Key Handling — EC (ECDH) Mode (Approach 6)
|
|
59
|
+
|
|
60
|
+
- Server EC public key validated on fetch: decoded length MUST be 65 bytes; first byte MUST be `0x04` (uncompressed P-256 point marker).
|
|
61
|
+
- Server EC public key fetched over HTTPS only.
|
|
62
|
+
- Server EC public key cached in memory only (never persisted).
|
|
63
|
+
- Ephemeral EC key pair generated fresh per request using `createECDH('prime256v1')` + `generateKeys()`.
|
|
64
|
+
- Ephemeral EC private key discarded immediately after ECDH `computeSecret()` returns.
|
|
65
|
+
- Derived AES key (from HKDF-SHA256) is never transmitted — only the 65-byte ephemeral public key is sent.
|
|
66
|
+
- HKDF salt is the per-request nonce (unique per request — binds derived key to this request).
|
|
67
|
+
- Derived AES key and IV never persisted; cleared from request map immediately after response.
|
|
68
|
+
- On `KEY_ID_NOT_FOUND` (401): refresh EC public key and retry exactly once — no retry loop.
|
|
69
|
+
|
|
70
|
+
### Key Handling — Session-Init EC Mode (Additional Checks)
|
|
71
|
+
|
|
72
|
+
- Session AES key kept in memory ONLY — never persisted to storage.
|
|
73
|
+
- Session AES key lifetime is separate from auth token lifetime. A persisted token does NOT mean the encryption session is alive after app restart.
|
|
74
|
+
- `device_id` is stable and identical across: init request, HKDF context `info` string, AAD canonical JSON, and all encrypted API calls.
|
|
75
|
+
- HKDF `info` string matches the backend's exact contract (confirm explicitly — do NOT assume `'enc'`).
|
|
76
|
+
- AAD is canonical JSON with alphabetically sorted keys. Both client and server must produce identical byte sequences.
|
|
77
|
+
- `encrypted_shared_aes_key` from session init response: confirm whether it is used or ignored before implementing.
|
|
78
|
+
- Base64url fields (`server_ecdh_pub`, `salt`) are normalized and padded before decoding.
|
|
79
|
+
- Nonce format, length, and character set match the backend's exact contract.
|
|
80
|
+
- **Nonce generator uses CSPRNG** (`randomBytes` from quick-crypto), NOT `Math.random()`. When the nonce IS the AES-GCM IV (session-init EC), a predictable IV breaks GCM confidentiality and authenticity.
|
|
81
|
+
- Response IV source is confirmed from the backend contract (nonce-as-IV, separate `iv` field, or other).
|
|
82
|
+
|
|
83
|
+
### Key Handling — Native Mode (EC)
|
|
84
|
+
|
|
85
|
+
- ECDH + HKDF run in JS; derived `aesKeyBase64` is passed into `nativeEncryptAES` / `nativeDecryptAES`.
|
|
86
|
+
- Derived AES key is ephemeral — passed as a parameter, not stored in native Keystore or Secure Enclave.
|
|
87
|
+
- Validate `NativeModules.NativeCryptoModule` is accessible before first encrypted request.
|
|
88
|
+
|
|
89
|
+
### Interceptor
|
|
90
|
+
|
|
91
|
+
- Request mapping is safe under concurrent requests.
|
|
92
|
+
- Missing request mapping handled with secure fallback — no crash or data leak.
|
|
93
|
+
- Response decryption never leaks plaintext on failure.
|
|
94
|
+
|
|
95
|
+
### Error Handling
|
|
96
|
+
|
|
97
|
+
- Invalid auth tag triggers secure logout/session reset — not a silent fallback.
|
|
98
|
+
- Decryption failure does not leak plaintext or key material in error messages or logs.
|
|
99
|
+
- Key fetch failure blocks encrypted calls until resolved.
|
|
100
|
+
|
|
101
|
+
### Storage
|
|
102
|
+
|
|
103
|
+
- Tokens stored via `react-native-keychain`.
|
|
104
|
+
- No secrets stored in plain `AsyncStorage`.
|
|
105
|
+
- Sensitive persisted fields stored via keychain.
|
|
106
|
+
|
|
107
|
+
### Environment
|
|
108
|
+
|
|
109
|
+
- `ENCRYPTION_ENABLED` supported and defaults to `false` in development unless explicitly set.
|
|
110
|
+
- `ENCRYPTION_MODEL` supported (values: `rsa` / `ec`).
|
|
111
|
+
- `ENCRYPTION_LAYER` supported when using approach 5 or EC+Native (values: `rn` / `native`).
|
|
112
|
+
- `ENCRYPTION_HMAC_SECRET` set as env var at runtime (never written to disk or committed).
|
|
113
|
+
|
|
114
|
+
### Build and Dependency Verification (All JS Modes — Approaches 4, 6)
|
|
115
|
+
|
|
116
|
+
- `react-native-quick-crypto` installed at compatible version.
|
|
117
|
+
- `react-native-nitro-modules` installed explicitly (required peer dep for quick-crypto >= 1.0 / RN >= 0.76).
|
|
118
|
+
- `react-native-worklets` installed explicitly (required peer dep for quick-crypto >= 1.0 / RN >= 0.76).
|
|
119
|
+
- `react-native-quick-base64` present — verify with `npm ls react-native-quick-base64`.
|
|
120
|
+
- `buffer` package installed (>= 6.0.0) — required for EC mode Hermes-safe helpers.
|
|
121
|
+
- No `UNMET PEER DEP` warnings for crypto packages in `npm ls`.
|
|
122
|
+
- Android `.cxx` cache cleared and clean build verified after adding native modules.
|
|
123
|
+
- iOS `pod install` completed successfully.
|
|
124
|
+
|
|
125
|
+
### Native Module Wiring — Approach 5 Only
|
|
126
|
+
|
|
127
|
+
- `NativeCryptoModule` registered in `MainApplication.java` / `MainApplication.kt` (Android).
|
|
128
|
+
- Bridge `.m` file present and linked in Xcode project (iOS).
|
|
129
|
+
- Pod install completed successfully.
|
|
130
|
+
- `NativeModules.NativeCryptoModule` accessible from JS at runtime.
|
|
131
|
+
- `encryptAES`, `decryptAES`, `encryptRSA` callable and return Promises.
|
|
132
|
+
- `ENCRYPTION_LAYER` env flag set and read correctly in interceptor.
|
|
133
|
+
- Tested on a physical device (not emulator/simulator only).
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
|
|
137
|
+
## Angular — Approaches 1, 2, 3
|
|
138
|
+
|
|
139
|
+
- `HTTP_INTERCEPTORS` provider registered (NgModule) or `withInterceptorsFromDi()` added (standalone).
|
|
140
|
+
- `allowedCommonJsDependencies` updated in `angular.json` for `crypto-js` / `jsencrypt` (approaches 2/3).
|
|
141
|
+
- `privateKeyPem` NOT accepted for browser platforms — private keys must stay on the server.
|
|
142
|
+
- Encryption failure falls back silently (never blocks the HTTP request).
|
|
143
|
+
|
|
144
|
+
## Node.js — Approaches 2, 3
|
|
145
|
+
|
|
146
|
+
- Express middleware registered (`app.use(encryptionMiddleware)`).
|
|
147
|
+
- `hmacSecret` read from `ENCRYPTION_HMAC_SECRET` environment variable at runtime.
|
|
148
|
+
- Middleware error path calls `next()` without blocking.
|
|
149
|
+
|
|
150
|
+
## Android — Approaches 2, 3
|
|
151
|
+
|
|
152
|
+
- `EncryptionInterceptor` added to OkHttpClient builder.
|
|
153
|
+
- `minSdkVersion` is sufficient for chosen algorithm.
|
|
154
|
+
- No plaintext logging inside interceptor catch block.
|
|
155
|
+
|
|
156
|
+
## iOS — Approaches 1, 2, 3
|
|
157
|
+
|
|
158
|
+
- `EncryptionInterceptor.intercept()` called before request dispatch.
|
|
159
|
+
- No `try!` in Swift crypto code.
|
|
160
|
+
- Error path returns original request unmodified.
|
|
161
|
+
|
|
162
|
+
## Flutter — Approaches 2, 3
|
|
163
|
+
|
|
164
|
+
- `EncryptionInterceptor` added to Dio instance.
|
|
165
|
+
- Dart `FormData` excluded from encryption.
|
|
166
|
+
- `pubspec.yaml` contains `encrypt: ^5.0.3` and `pointycastle: ^3.7.3`.
|
|
167
|
+
|
|
168
|
+
---
|
|
169
|
+
|
|
170
|
+
## Universal (All Approaches, All Platforms)
|
|
171
|
+
|
|
172
|
+
- No private keys, shared keys, HMAC secrets, or AES keys are hardcoded in source files.
|
|
173
|
+
- No sensitive key material is committed to version control.
|
|
174
|
+
- `encryptionEnabled: false` is the safe default — encryption is opt-in.
|
|
175
|
+
- Build passes without errors after files are written.
|
|
176
|
+
- Generated files do not overwrite existing non-encryption logic.
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# Platform: Web (Vanilla JS / TypeScript SPA)
|
|
2
|
+
|
|
3
|
+
## Overview
|
|
4
|
+
|
|
5
|
+
Web projects use a **fetch wrapper** (`encryptRequest()`) instead of an interceptor.
|
|
6
|
+
The wrapper transparently encrypts the request body before handing off to the native `fetch` API.
|
|
7
|
+
Supports Approaches 1, 2, 3.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## File Naming Convention
|
|
12
|
+
|
|
13
|
+
| Role | Path |
|
|
14
|
+
|----------------|------------------------------------------|
|
|
15
|
+
| Config | `src/encryption.config.ts` |
|
|
16
|
+
| Service | `src/encryption.service.ts` |
|
|
17
|
+
| Interceptor | `src/encryption.interceptor.ts` |
|
|
18
|
+
| Module wiring | `src/main.ts` |
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Module Wiring
|
|
23
|
+
|
|
24
|
+
In `src/main.ts`, replace direct `fetch` calls with `encryptRequest`:
|
|
25
|
+
|
|
26
|
+
```ts
|
|
27
|
+
import { encryptRequest } from './encryption.interceptor.js';
|
|
28
|
+
|
|
29
|
+
// Replace:
|
|
30
|
+
// fetch(url, options)
|
|
31
|
+
// With:
|
|
32
|
+
// encryptRequest(url, options)
|
|
33
|
+
// ENCRYPTION_INTERCEPTOR_PLACEHOLDER
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
The `// ENCRYPTION_INTERCEPTOR_PLACEHOLDER` comment is the marker used by install.js `patchFile()`.
|
|
37
|
+
|
|
38
|
+
---
|
|
39
|
+
|
|
40
|
+
## Fetch Wrapper Pattern
|
|
41
|
+
|
|
42
|
+
```ts
|
|
43
|
+
export async function encryptRequest(url: string, options: RequestInit = {}): Promise<Response> {
|
|
44
|
+
const cfg = encryptionConfig.encryption;
|
|
45
|
+
if (!cfg.enabled || !options.body) return fetch(url, options);
|
|
46
|
+
if (cfg.excludeUrls.some(prefix => url.startsWith(prefix))) return fetch(url, options);
|
|
47
|
+
|
|
48
|
+
try {
|
|
49
|
+
const body = typeof options.body === 'string' ? JSON.parse(options.body) : options.body;
|
|
50
|
+
const encrypted = await encryptionService.encrypt(body);
|
|
51
|
+
options = { ...options, body: JSON.stringify(encrypted), headers: { ...options.headers, 'Content-Type': 'application/json' } };
|
|
52
|
+
} catch {}
|
|
53
|
+
|
|
54
|
+
return fetch(url, options);
|
|
55
|
+
}
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## Dependencies (Approach 2 or 3)
|
|
61
|
+
|
|
62
|
+
```bash
|
|
63
|
+
npm install jsencrypt crypto-js
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Approach 1 uses `crypto.subtle` — supported in all modern browsers without extra packages.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Build Command
|
|
71
|
+
|
|
72
|
+
```bash
|
|
73
|
+
npm run build
|
|
74
|
+
```
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* detect.js - Encryption-Decryption Generator Skill
|
|
4
|
+
*
|
|
5
|
+
* Scans a project for existing encryption logic before any file generation.
|
|
6
|
+
* Exits 0 = ENCRYPTION_NOT_FOUND (safe to proceed)
|
|
7
|
+
* Exits 1 = ENCRYPTION_FOUND (list of matched files printed)
|
|
8
|
+
* Exits 2 = Input error (bad or missing --project-path)
|
|
9
|
+
*
|
|
10
|
+
* Usage:
|
|
11
|
+
* node detect.js --project-path <path> [--platform <platform>]
|
|
12
|
+
* node detect.js --help
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
'use strict';
|
|
16
|
+
|
|
17
|
+
const fs = require('fs');
|
|
18
|
+
const path = require('path');
|
|
19
|
+
|
|
20
|
+
// ── CLI args ──────────────────────────────────────────────────────────────────
|
|
21
|
+
|
|
22
|
+
const args = process.argv.slice(2);
|
|
23
|
+
|
|
24
|
+
if (args.includes('--help') || args.includes('-h')) {
|
|
25
|
+
console.log([
|
|
26
|
+
'Usage: node detect.js --project-path <path> [--platform <platform>]',
|
|
27
|
+
'',
|
|
28
|
+
'Options:',
|
|
29
|
+
' --project-path Path to project root (required)',
|
|
30
|
+
' --platform One of: angular, web, node, android, ios, flutter (optional)',
|
|
31
|
+
' --help Print this help and exit',
|
|
32
|
+
'',
|
|
33
|
+
'Exit codes:',
|
|
34
|
+
' 0 ENCRYPTION_NOT_FOUND',
|
|
35
|
+
' 1 ENCRYPTION_FOUND',
|
|
36
|
+
' 2 Input error',
|
|
37
|
+
].join('\n'));
|
|
38
|
+
process.exit(0);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
const projectIndex = args.indexOf('--project-path');
|
|
42
|
+
if (projectIndex === -1 || !args[projectIndex + 1]) {
|
|
43
|
+
console.error('Error: --project-path is required.');
|
|
44
|
+
console.error('Run with --help for usage.');
|
|
45
|
+
process.exit(2);
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
const projectPath = path.resolve(args[projectIndex + 1]);
|
|
49
|
+
|
|
50
|
+
if (!fs.existsSync(projectPath)) {
|
|
51
|
+
console.error('Error: project path does not exist: ' + projectPath);
|
|
52
|
+
process.exit(2);
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
// ── Encryption detection patterns ─────────────────────────────────────────────
|
|
56
|
+
|
|
57
|
+
const PATTERNS = [
|
|
58
|
+
/EncryptionService/,
|
|
59
|
+
/EncryptionInterceptor/,
|
|
60
|
+
/EncryptionMiddleware/,
|
|
61
|
+
/encryptPayload/,
|
|
62
|
+
/decryptPayload/,
|
|
63
|
+
/crypto\.subtle/,
|
|
64
|
+
/CryptoJS\.AES/,
|
|
65
|
+
/JSEncrypt/,
|
|
66
|
+
/AES-256-GCM/i,
|
|
67
|
+
/AES-256-CBC/i,
|
|
68
|
+
/RSA-OAEP/i,
|
|
69
|
+
/javax\.crypto\.Cipher/,
|
|
70
|
+
/pointycastle/,
|
|
71
|
+
];
|
|
72
|
+
|
|
73
|
+
// ── File scanner ──────────────────────────────────────────────────────────────
|
|
74
|
+
|
|
75
|
+
const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.angular', '.gradle', 'DerivedData']);
|
|
76
|
+
|
|
77
|
+
function scanDir(dir, results) {
|
|
78
|
+
if (!fs.existsSync(dir)) return;
|
|
79
|
+
let entries;
|
|
80
|
+
try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
|
|
81
|
+
for (const entry of entries) {
|
|
82
|
+
if (SKIP_DIRS.has(entry.name)) continue;
|
|
83
|
+
const full = path.join(dir, entry.name);
|
|
84
|
+
if (entry.isDirectory()) {
|
|
85
|
+
scanDir(full, results);
|
|
86
|
+
} else if (/\.(ts|js|kt|swift|dart|java)$/.test(entry.name)) {
|
|
87
|
+
results.push(full);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
function matchedPatterns(filePath) {
|
|
93
|
+
let content;
|
|
94
|
+
try { content = fs.readFileSync(filePath, 'utf8'); } catch { return []; }
|
|
95
|
+
return PATTERNS.filter(p => p.test(content)).map(p => p.toString());
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
// ── Scan ──────────────────────────────────────────────────────────────────────
|
|
99
|
+
|
|
100
|
+
const srcPath = path.join(projectPath, 'src');
|
|
101
|
+
const scanRoot = fs.existsSync(srcPath) ? srcPath : projectPath;
|
|
102
|
+
|
|
103
|
+
const files = [];
|
|
104
|
+
scanDir(scanRoot, files);
|
|
105
|
+
|
|
106
|
+
const matches = [];
|
|
107
|
+
for (const file of files) {
|
|
108
|
+
const hits = matchedPatterns(file);
|
|
109
|
+
if (hits.length > 0) {
|
|
110
|
+
matches.push({ file: path.relative(projectPath, file), patterns: hits });
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
// ── Report ────────────────────────────────────────────────────────────────────
|
|
115
|
+
|
|
116
|
+
if (matches.length === 0) {
|
|
117
|
+
console.log('ENCRYPTION_NOT_FOUND');
|
|
118
|
+
process.exit(0);
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
console.log('ENCRYPTION_FOUND');
|
|
122
|
+
for (const m of matches) {
|
|
123
|
+
console.log(' ' + m.file);
|
|
124
|
+
for (const p of m.patterns) {
|
|
125
|
+
console.log(' matched: ' + p);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
process.exit(1);
|