foliko 1.0.80 → 1.0.81

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (235) hide show
  1. package/.agent/agents/code-assistant.json +14 -0
  2. package/.agent/agents/email-assistant.json +14 -0
  3. package/.agent/agents/file-assistant.json +15 -0
  4. package/.agent/agents/system-assistant.json +15 -0
  5. package/.agent/agents/web-assistant.json +12 -0
  6. package/.agent/data/ambient/goals.json +50 -0
  7. package/.agent/data/ambient/memories.json +7 -0
  8. package/.agent/data/default.json +15 -31894
  9. package/.agent/data/plugins-state.json +146 -181
  10. package/.agent/data/scheduler/tasks.json +1 -0
  11. package/.agent/mcp_config.json +1 -0
  12. package/.agent/package.json +8 -0
  13. package/.agent/plugins/__pycache__/test_plugin.cpython-312.pyc +0 -0
  14. package/.agent/plugins/system-info/index.js +387 -0
  15. package/.agent/plugins/system-info/package.json +4 -0
  16. package/.agent/plugins/system-info/test.js +40 -0
  17. package/.agent/plugins/test_plugin.py +304 -0
  18. package/.agent/plugins.json +14 -5
  19. package/.agent/python-scripts/test_sample.py +24 -0
  20. package/.agent/skills/sysinfo/SKILL.md +38 -0
  21. package/.agent/skills/sysinfo/system-info.sh +130 -0
  22. package/.agent/skills/workflow/SKILL.md +324 -0
  23. package/.agent/workflows/email-digest.json +50 -0
  24. package/.agent/workflows/file-backup.json +21 -0
  25. package/.agent/workflows/get-ip-notify.json +32 -0
  26. package/.agent/workflows/news-aggregator.json +93 -0
  27. package/.agent/workflows/news-dashboard-v2.json +94 -0
  28. package/.agent/workflows/notification-batch.json +32 -0
  29. package/.claude/settings.local.json +171 -171
  30. package/.env.example +56 -56
  31. package/cli/bin/foliko.js +12 -12
  32. package/cli/src/commands/chat.js +143 -143
  33. package/cli/src/commands/list.js +93 -93
  34. package/cli/src/index.js +75 -75
  35. package/cli/src/ui/chat-ui.js +201 -201
  36. package/cli/src/utils/ansi.js +40 -40
  37. package/cli/src/utils/markdown.js +292 -292
  38. package/examples/ambient-example.js +194 -194
  39. package/examples/basic.js +115 -115
  40. package/examples/bootstrap.js +121 -121
  41. package/examples/mcp-example.js +56 -56
  42. package/examples/skill-example.js +49 -49
  43. package/examples/test-chat.js +137 -137
  44. package/examples/test-mcp.js +85 -85
  45. package/examples/test-reload.js +59 -59
  46. package/examples/test-telegram.js +50 -50
  47. package/examples/test-tg-bot.js +45 -45
  48. package/examples/test-tg-simple.js +47 -47
  49. package/examples/test-tg.js +62 -62
  50. package/examples/test-think.js +43 -43
  51. package/examples/test-web-plugin.js +103 -103
  52. package/examples/test-weixin-feishu.js +103 -103
  53. package/examples/workflow.js +158 -158
  54. package/package.json +83 -83
  55. package/plugins/ai-plugin.js +102 -102
  56. package/plugins/ambient-agent/EventWatcher.js +113 -113
  57. package/plugins/ambient-agent/ExplorerLoop.js +640 -640
  58. package/plugins/ambient-agent/GoalManager.js +197 -197
  59. package/plugins/ambient-agent/Reflector.js +95 -95
  60. package/plugins/ambient-agent/StateStore.js +90 -90
  61. package/plugins/ambient-agent/constants.js +101 -101
  62. package/plugins/ambient-agent/index.js +579 -579
  63. package/plugins/audit-plugin.js +187 -187
  64. package/plugins/default-plugins.js +548 -548
  65. package/plugins/email/constants.js +64 -64
  66. package/plugins/email/handlers.js +461 -461
  67. package/plugins/email/index.js +278 -278
  68. package/plugins/email/monitor.js +269 -269
  69. package/plugins/email/parser.js +138 -138
  70. package/plugins/email/reply.js +151 -151
  71. package/plugins/email/utils.js +124 -124
  72. package/plugins/extension-executor-plugin.js +326 -326
  73. package/plugins/feishu-plugin.js +481 -481
  74. package/plugins/file-system-plugin.js +920 -877
  75. package/plugins/gate-trading.js +747 -747
  76. package/plugins/install-plugin.js +199 -199
  77. package/plugins/python-executor-plugin.js +367 -367
  78. package/plugins/python-plugin-loader.js +651 -651
  79. package/plugins/rules-plugin.js +294 -294
  80. package/plugins/scheduler-plugin.js +691 -691
  81. package/plugins/session-plugin.js +494 -494
  82. package/plugins/shell-executor-plugin.js +197 -197
  83. package/plugins/storage-plugin.js +263 -263
  84. package/plugins/subagent-plugin.js +845 -845
  85. package/plugins/telegram-plugin.js +482 -482
  86. package/plugins/think-plugin.js +345 -345
  87. package/plugins/tools-plugin.js +196 -196
  88. package/plugins/web-plugin.js +637 -637
  89. package/plugins/weixin-plugin.js +545 -545
  90. package/skills/find-skills/AGENTS.md +162 -162
  91. package/skills/find-skills/SKILL.md +133 -133
  92. package/skills/foliko-dev/SKILL.md +563 -583
  93. package/skills/python-plugin-dev/SKILL.md +238 -238
  94. package/src/capabilities/index.js +11 -11
  95. package/src/capabilities/skill-manager.js +609 -609
  96. package/src/capabilities/workflow-engine.js +1109 -1109
  97. package/src/core/agent-chat.js +141 -134
  98. package/src/core/agent.js +958 -958
  99. package/src/core/framework.js +465 -465
  100. package/src/core/index.js +19 -19
  101. package/src/core/plugin-base.js +262 -262
  102. package/src/core/plugin-manager.js +863 -863
  103. package/src/core/provider.js +114 -114
  104. package/src/core/sub-agent-config.js +264 -264
  105. package/src/core/system-prompt-builder.js +120 -120
  106. package/src/core/tool-registry.js +517 -517
  107. package/src/core/tool-router.js +297 -297
  108. package/src/executors/executor-base.js +58 -58
  109. package/src/executors/mcp-executor.js +845 -845
  110. package/src/index.js +25 -25
  111. package/src/utils/circuit-breaker.js +301 -301
  112. package/src/utils/error-boundary.js +363 -363
  113. package/src/utils/error.js +374 -374
  114. package/src/utils/event-emitter.js +97 -97
  115. package/src/utils/id.js +133 -133
  116. package/src/utils/index.js +217 -217
  117. package/src/utils/logger.js +181 -181
  118. package/src/utils/plugin-helpers.js +90 -90
  119. package/src/utils/retry.js +122 -122
  120. package/src/utils/sandbox.js +292 -292
  121. package/test/tool-registry-validation.test.js +218 -218
  122. package/website/script.js +136 -136
  123. package/.agent/.shared/ui-ux-pro-max/data/charts.csv +0 -26
  124. package/.agent/.shared/ui-ux-pro-max/data/colors.csv +0 -97
  125. package/.agent/.shared/ui-ux-pro-max/data/icons.csv +0 -101
  126. package/.agent/.shared/ui-ux-pro-max/data/landing.csv +0 -31
  127. package/.agent/.shared/ui-ux-pro-max/data/products.csv +0 -97
  128. package/.agent/.shared/ui-ux-pro-max/data/prompts.csv +0 -24
  129. package/.agent/.shared/ui-ux-pro-max/data/react-performance.csv +0 -45
  130. package/.agent/.shared/ui-ux-pro-max/data/stacks/flutter.csv +0 -53
  131. package/.agent/.shared/ui-ux-pro-max/data/stacks/html-tailwind.csv +0 -56
  132. package/.agent/.shared/ui-ux-pro-max/data/stacks/jetpack-compose.csv +0 -53
  133. package/.agent/.shared/ui-ux-pro-max/data/stacks/nextjs.csv +0 -53
  134. package/.agent/.shared/ui-ux-pro-max/data/stacks/nuxt-ui.csv +0 -51
  135. package/.agent/.shared/ui-ux-pro-max/data/stacks/nuxtjs.csv +0 -59
  136. package/.agent/.shared/ui-ux-pro-max/data/stacks/react-native.csv +0 -52
  137. package/.agent/.shared/ui-ux-pro-max/data/stacks/react.csv +0 -54
  138. package/.agent/.shared/ui-ux-pro-max/data/stacks/shadcn.csv +0 -61
  139. package/.agent/.shared/ui-ux-pro-max/data/stacks/svelte.csv +0 -54
  140. package/.agent/.shared/ui-ux-pro-max/data/stacks/swiftui.csv +0 -51
  141. package/.agent/.shared/ui-ux-pro-max/data/stacks/vue.csv +0 -50
  142. package/.agent/.shared/ui-ux-pro-max/data/styles.csv +0 -59
  143. package/.agent/.shared/ui-ux-pro-max/data/typography.csv +0 -58
  144. package/.agent/.shared/ui-ux-pro-max/data/ui-reasoning.csv +0 -101
  145. package/.agent/.shared/ui-ux-pro-max/data/ux-guidelines.csv +0 -100
  146. package/.agent/.shared/ui-ux-pro-max/data/web-interface.csv +0 -31
  147. package/.agent/.shared/ui-ux-pro-max/scripts/__pycache__/core.cpython-313.pyc +0 -0
  148. package/.agent/.shared/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-313.pyc +0 -0
  149. package/.agent/.shared/ui-ux-pro-max/scripts/core.py +0 -258
  150. package/.agent/.shared/ui-ux-pro-max/scripts/design_system.py +0 -1067
  151. package/.agent/.shared/ui-ux-pro-max/scripts/search.py +0 -106
  152. package/.agent/ARCHITECTURE.md +0 -288
  153. package/.agent/agents/ambient-agent.md +0 -57
  154. package/.agent/agents/debugger.md +0 -55
  155. package/.agent/agents/email-assistant.md +0 -49
  156. package/.agent/agents/file-manager.md +0 -42
  157. package/.agent/agents/python-developer.md +0 -60
  158. package/.agent/agents/scheduler.md +0 -59
  159. package/.agent/agents/web-developer.md +0 -45
  160. package/.agent/mcp_config_updated.json +0 -12
  161. package/.agent/rules/GEMINI.md +0 -273
  162. package/.agent/rules/allow-rule.md +0 -77
  163. package/.agent/rules/log-rule.md +0 -83
  164. package/.agent/rules/security-rule.md +0 -93
  165. package/.agent/scripts/auto_preview.py +0 -148
  166. package/.agent/scripts/checklist.py +0 -217
  167. package/.agent/scripts/session_manager.py +0 -120
  168. package/.agent/scripts/verify_all.py +0 -327
  169. package/.agent/skills/api-patterns/SKILL.md +0 -81
  170. package/.agent/skills/api-patterns/api-style.md +0 -42
  171. package/.agent/skills/api-patterns/auth.md +0 -24
  172. package/.agent/skills/api-patterns/documentation.md +0 -26
  173. package/.agent/skills/api-patterns/graphql.md +0 -41
  174. package/.agent/skills/api-patterns/rate-limiting.md +0 -31
  175. package/.agent/skills/api-patterns/response.md +0 -37
  176. package/.agent/skills/api-patterns/rest.md +0 -40
  177. package/.agent/skills/api-patterns/scripts/api_validator.py +0 -211
  178. package/.agent/skills/api-patterns/security-testing.md +0 -122
  179. package/.agent/skills/api-patterns/trpc.md +0 -41
  180. package/.agent/skills/api-patterns/versioning.md +0 -22
  181. package/.agent/skills/app-builder/SKILL.md +0 -75
  182. package/.agent/skills/app-builder/agent-coordination.md +0 -71
  183. package/.agent/skills/app-builder/feature-building.md +0 -53
  184. package/.agent/skills/app-builder/project-detection.md +0 -34
  185. package/.agent/skills/app-builder/scaffolding.md +0 -118
  186. package/.agent/skills/app-builder/tech-stack.md +0 -40
  187. package/.agent/skills/app-builder/templates/SKILL.md +0 -39
  188. package/.agent/skills/app-builder/templates/astro-static/TEMPLATE.md +0 -76
  189. package/.agent/skills/app-builder/templates/chrome-extension/TEMPLATE.md +0 -92
  190. package/.agent/skills/app-builder/templates/cli-tool/TEMPLATE.md +0 -88
  191. package/.agent/skills/app-builder/templates/electron-desktop/TEMPLATE.md +0 -88
  192. package/.agent/skills/app-builder/templates/express-api/TEMPLATE.md +0 -83
  193. package/.agent/skills/app-builder/templates/flutter-app/TEMPLATE.md +0 -90
  194. package/.agent/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +0 -90
  195. package/.agent/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +0 -122
  196. package/.agent/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +0 -122
  197. package/.agent/skills/app-builder/templates/nextjs-static/TEMPLATE.md +0 -169
  198. package/.agent/skills/app-builder/templates/nuxt-app/TEMPLATE.md +0 -134
  199. package/.agent/skills/app-builder/templates/python-fastapi/TEMPLATE.md +0 -83
  200. package/.agent/skills/app-builder/templates/react-native-app/TEMPLATE.md +0 -119
  201. package/.agent/skills/architecture/SKILL.md +0 -55
  202. package/.agent/skills/architecture/context-discovery.md +0 -43
  203. package/.agent/skills/architecture/examples.md +0 -94
  204. package/.agent/skills/architecture/pattern-selection.md +0 -68
  205. package/.agent/skills/architecture/patterns-reference.md +0 -50
  206. package/.agent/skills/architecture/trade-off-analysis.md +0 -77
  207. package/.agent/skills/clean-code/SKILL.md +0 -201
  208. package/.agent/skills/doc.md +0 -177
  209. package/.agent/skills/frontend-design/SKILL.md +0 -418
  210. package/.agent/skills/frontend-design/animation-guide.md +0 -331
  211. package/.agent/skills/frontend-design/color-system.md +0 -311
  212. package/.agent/skills/frontend-design/decision-trees.md +0 -418
  213. package/.agent/skills/frontend-design/motion-graphics.md +0 -306
  214. package/.agent/skills/frontend-design/scripts/accessibility_checker.py +0 -183
  215. package/.agent/skills/frontend-design/scripts/ux_audit.py +0 -722
  216. package/.agent/skills/frontend-design/typography-system.md +0 -345
  217. package/.agent/skills/frontend-design/ux-psychology.md +0 -1116
  218. package/.agent/skills/frontend-design/visual-effects.md +0 -383
  219. package/.agent/skills/i18n-localization/SKILL.md +0 -154
  220. package/.agent/skills/i18n-localization/scripts/i18n_checker.py +0 -241
  221. package/.agent/skills/mcp-builder/SKILL.md +0 -176
  222. package/.agent/skills/web-design-guidelines/SKILL.md +0 -57
  223. package/.agent/workflows/brainstorm.md +0 -113
  224. package/.agent/workflows/create.md +0 -59
  225. package/.agent/workflows/debug.md +0 -103
  226. package/.agent/workflows/deploy.md +0 -176
  227. package/.agent/workflows/enhance.md +0 -63
  228. package/.agent/workflows/orchestrate.md +0 -237
  229. package/.agent/workflows/plan.md +0 -89
  230. package/.agent/workflows/preview.md +0 -81
  231. package/.agent/workflows/simple-test.md +0 -42
  232. package/.agent/workflows/status.md +0 -86
  233. package/.agent/workflows/structured-orchestrate.md +0 -180
  234. package/.agent/workflows/test.md +0 -144
  235. package/.agent/workflows/ui-ux-pro-max.md +0 -296
@@ -1,211 +0,0 @@
1
- #!/usr/bin/env python3
2
- """
3
- API Validator - Checks API endpoints for best practices.
4
- Validates OpenAPI specs, response formats, and common issues.
5
- """
6
- import sys
7
- import json
8
- import re
9
- from pathlib import Path
10
-
11
- # Fix Windows console encoding for Unicode output
12
- try:
13
- sys.stdout.reconfigure(encoding='utf-8', errors='replace')
14
- sys.stderr.reconfigure(encoding='utf-8', errors='replace')
15
- except AttributeError:
16
- pass # Python < 3.7
17
-
18
- def find_api_files(project_path: Path) -> list:
19
- """Find API-related files."""
20
- patterns = [
21
- "**/*api*.ts", "**/*api*.js", "**/*api*.py",
22
- "**/routes/*.ts", "**/routes/*.js", "**/routes/*.py",
23
- "**/controllers/*.ts", "**/controllers/*.js",
24
- "**/endpoints/*.ts", "**/endpoints/*.py",
25
- "**/*.openapi.json", "**/*.openapi.yaml",
26
- "**/swagger.json", "**/swagger.yaml",
27
- "**/openapi.json", "**/openapi.yaml"
28
- ]
29
-
30
- files = []
31
- for pattern in patterns:
32
- files.extend(project_path.glob(pattern))
33
-
34
- # Exclude node_modules, etc.
35
- return [f for f in files if not any(x in str(f) for x in ['node_modules', '.git', 'dist', 'build', '__pycache__'])]
36
-
37
- def check_openapi_spec(file_path: Path) -> dict:
38
- """Check OpenAPI/Swagger specification."""
39
- issues = []
40
- passed = []
41
-
42
- try:
43
- content = file_path.read_text(encoding='utf-8')
44
-
45
- if file_path.suffix == '.json':
46
- spec = json.loads(content)
47
- else:
48
- # Basic YAML check
49
- if 'openapi:' in content or 'swagger:' in content:
50
- passed.append("[OK] OpenAPI/Swagger version defined")
51
- else:
52
- issues.append("[X] No OpenAPI version found")
53
-
54
- if 'paths:' in content:
55
- passed.append("[OK] Paths section exists")
56
- else:
57
- issues.append("[X] No paths defined")
58
-
59
- if 'components:' in content or 'definitions:' in content:
60
- passed.append("[OK] Schema components defined")
61
-
62
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
63
-
64
- # JSON OpenAPI checks
65
- if 'openapi' in spec or 'swagger' in spec:
66
- passed.append("[OK] OpenAPI version defined")
67
-
68
- if 'info' in spec:
69
- if 'title' in spec['info']:
70
- passed.append("[OK] API title defined")
71
- if 'version' in spec['info']:
72
- passed.append("[OK] API version defined")
73
- if 'description' not in spec['info']:
74
- issues.append("[!] API description missing")
75
-
76
- if 'paths' in spec:
77
- path_count = len(spec['paths'])
78
- passed.append(f"[OK] {path_count} endpoints defined")
79
-
80
- # Check each path
81
- for path, methods in spec['paths'].items():
82
- for method, details in methods.items():
83
- if method in ['get', 'post', 'put', 'patch', 'delete']:
84
- if 'responses' not in details:
85
- issues.append(f"[X] {method.upper()} {path}: No responses defined")
86
- if 'summary' not in details and 'description' not in details:
87
- issues.append(f"[!] {method.upper()} {path}: No description")
88
-
89
- except Exception as e:
90
- issues.append(f"[X] Parse error: {e}")
91
-
92
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
93
-
94
- def check_api_code(file_path: Path) -> dict:
95
- """Check API code for common issues."""
96
- issues = []
97
- passed = []
98
-
99
- try:
100
- content = file_path.read_text(encoding='utf-8')
101
-
102
- # Check for error handling
103
- error_patterns = [
104
- r'try\s*{', r'try:', r'\.catch\(',
105
- r'except\s+', r'catch\s*\('
106
- ]
107
- has_error_handling = any(re.search(p, content) for p in error_patterns)
108
- if has_error_handling:
109
- passed.append("[OK] Error handling present")
110
- else:
111
- issues.append("[X] No error handling found")
112
-
113
- # Check for status codes
114
- status_patterns = [
115
- r'status\s*\(\s*\d{3}\s*\)', r'statusCode\s*[=:]\s*\d{3}',
116
- r'HttpStatus\.', r'status_code\s*=\s*\d{3}',
117
- r'\.status\(\d{3}\)', r'res\.status\('
118
- ]
119
- has_status = any(re.search(p, content) for p in status_patterns)
120
- if has_status:
121
- passed.append("[OK] HTTP status codes used")
122
- else:
123
- issues.append("[!] No explicit HTTP status codes")
124
-
125
- # Check for validation
126
- validation_patterns = [
127
- r'validate', r'schema', r'zod', r'joi', r'yup',
128
- r'pydantic', r'@Body\(', r'@Query\('
129
- ]
130
- has_validation = any(re.search(p, content, re.I) for p in validation_patterns)
131
- if has_validation:
132
- passed.append("[OK] Input validation present")
133
- else:
134
- issues.append("[!] No input validation detected")
135
-
136
- # Check for auth middleware
137
- auth_patterns = [
138
- r'auth', r'jwt', r'bearer', r'token',
139
- r'middleware', r'guard', r'@Authenticated'
140
- ]
141
- has_auth = any(re.search(p, content, re.I) for p in auth_patterns)
142
- if has_auth:
143
- passed.append("[OK] Authentication/authorization detected")
144
-
145
- # Check for rate limiting
146
- rate_patterns = [r'rateLimit', r'throttle', r'rate.?limit']
147
- has_rate = any(re.search(p, content, re.I) for p in rate_patterns)
148
- if has_rate:
149
- passed.append("[OK] Rate limiting present")
150
-
151
- # Check for logging
152
- log_patterns = [r'console\.log', r'logger\.', r'logging\.', r'log\.']
153
- has_logging = any(re.search(p, content) for p in log_patterns)
154
- if has_logging:
155
- passed.append("[OK] Logging present")
156
-
157
- except Exception as e:
158
- issues.append(f"[X] Read error: {e}")
159
-
160
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'code'}
161
-
162
- def main():
163
- target = sys.argv[1] if len(sys.argv) > 1 else "."
164
- project_path = Path(target)
165
-
166
- print("\n" + "=" * 60)
167
- print(" API VALIDATOR - Endpoint Best Practices Check")
168
- print("=" * 60 + "\n")
169
-
170
- api_files = find_api_files(project_path)
171
-
172
- if not api_files:
173
- print("[!] No API files found.")
174
- print(" Looking for: routes/, controllers/, api/, openapi.json/yaml")
175
- sys.exit(0)
176
-
177
- results = []
178
- for file_path in api_files[:15]: # Limit
179
- if 'openapi' in file_path.name.lower() or 'swagger' in file_path.name.lower():
180
- result = check_openapi_spec(file_path)
181
- else:
182
- result = check_api_code(file_path)
183
- results.append(result)
184
-
185
- # Print results
186
- total_issues = 0
187
- total_passed = 0
188
-
189
- for result in results:
190
- print(f"\n[FILE] {result['file']} [{result['type']}]")
191
- for item in result['passed']:
192
- print(f" {item}")
193
- total_passed += 1
194
- for item in result['issues']:
195
- print(f" {item}")
196
- if item.startswith("[X]"):
197
- total_issues += 1
198
-
199
- print("\n" + "=" * 60)
200
- print(f"[RESULTS] {total_passed} passed, {total_issues} critical issues")
201
- print("=" * 60)
202
-
203
- if total_issues == 0:
204
- print("[OK] API validation passed")
205
- sys.exit(0)
206
- else:
207
- print("[X] Fix critical issues before deployment")
208
- sys.exit(1)
209
-
210
- if __name__ == "__main__":
211
- main()
@@ -1,122 +0,0 @@
1
- # API Security Testing
2
-
3
- > Principles for testing API security. OWASP API Top 10, authentication, authorization testing.
4
-
5
- ---
6
-
7
- ## OWASP API Security Top 10
8
-
9
- | Vulnerability | Test Focus |
10
- |---------------|------------|
11
- | **API1: BOLA** | Access other users' resources |
12
- | **API2: Broken Auth** | JWT, session, credentials |
13
- | **API3: Property Auth** | Mass assignment, data exposure |
14
- | **API4: Resource Consumption** | Rate limiting, DoS |
15
- | **API5: Function Auth** | Admin endpoints, role bypass |
16
- | **API6: Business Flow** | Logic abuse, automation |
17
- | **API7: SSRF** | Internal network access |
18
- | **API8: Misconfiguration** | Debug endpoints, CORS |
19
- | **API9: Inventory** | Shadow APIs, old versions |
20
- | **API10: Unsafe Consumption** | Third-party API trust |
21
-
22
- ---
23
-
24
- ## Authentication Testing
25
-
26
- ### JWT Testing
27
-
28
- | Check | What to Test |
29
- |-------|--------------|
30
- | Algorithm | None, algorithm confusion |
31
- | Secret | Weak secrets, brute force |
32
- | Claims | Expiration, issuer, audience |
33
- | Signature | Manipulation, key injection |
34
-
35
- ### Session Testing
36
-
37
- | Check | What to Test |
38
- |-------|--------------|
39
- | Generation | Predictability |
40
- | Storage | Client-side security |
41
- | Expiration | Timeout enforcement |
42
- | Invalidation | Logout effectiveness |
43
-
44
- ---
45
-
46
- ## Authorization Testing
47
-
48
- | Test Type | Approach |
49
- |-----------|----------|
50
- | **Horizontal** | Access peer users' data |
51
- | **Vertical** | Access higher privilege functions |
52
- | **Context** | Access outside allowed scope |
53
-
54
- ### BOLA/IDOR Testing
55
-
56
- 1. Identify resource IDs in requests
57
- 2. Capture request with user A's session
58
- 3. Replay with user B's session
59
- 4. Check for unauthorized access
60
-
61
- ---
62
-
63
- ## Input Validation Testing
64
-
65
- | Injection Type | Test Focus |
66
- |----------------|------------|
67
- | SQL | Query manipulation |
68
- | NoSQL | Document queries |
69
- | Command | System commands |
70
- | LDAP | Directory queries |
71
-
72
- **Approach:** Test all parameters, try type coercion, test boundaries, check error messages.
73
-
74
- ---
75
-
76
- ## Rate Limiting Testing
77
-
78
- | Aspect | Check |
79
- |--------|-------|
80
- | Existence | Is there any limit? |
81
- | Bypass | Headers, IP rotation |
82
- | Scope | Per-user, per-IP, global |
83
-
84
- **Bypass techniques:** X-Forwarded-For, different HTTP methods, case variations, API versioning.
85
-
86
- ---
87
-
88
- ## GraphQL Security
89
-
90
- | Test | Focus |
91
- |------|-------|
92
- | Introspection | Schema disclosure |
93
- | Batching | Query DoS |
94
- | Nesting | Depth-based DoS |
95
- | Authorization | Field-level access |
96
-
97
- ---
98
-
99
- ## Security Testing Checklist
100
-
101
- **Authentication:**
102
- - [ ] Test for bypass
103
- - [ ] Check credential strength
104
- - [ ] Verify token security
105
-
106
- **Authorization:**
107
- - [ ] Test BOLA/IDOR
108
- - [ ] Check privilege escalation
109
- - [ ] Verify function access
110
-
111
- **Input:**
112
- - [ ] Test all parameters
113
- - [ ] Check for injection
114
-
115
- **Config:**
116
- - [ ] Check CORS
117
- - [ ] Verify headers
118
- - [ ] Test error handling
119
-
120
- ---
121
-
122
- > **Remember:** APIs are the backbone of modern apps. Test them like attackers will.
@@ -1,41 +0,0 @@
1
- # tRPC Principles
2
-
3
- > End-to-end type safety for TypeScript monorepos.
4
-
5
- ## When to Use
6
-
7
- ```
8
- ✅ Perfect fit:
9
- ├── TypeScript on both ends
10
- ├── Monorepo structure
11
- ├── Internal tools
12
- ├── Rapid development
13
- └── Type safety critical
14
-
15
- ❌ Poor fit:
16
- ├── Non-TypeScript clients
17
- ├── Public API
18
- ├── Need REST conventions
19
- └── Multiple language backends
20
- ```
21
-
22
- ## Key Benefits
23
-
24
- ```
25
- Why tRPC:
26
- ├── Zero schema maintenance
27
- ├── End-to-end type inference
28
- ├── IDE autocomplete across stack
29
- ├── Instant API changes reflected
30
- └── No code generation step
31
- ```
32
-
33
- ## Integration Patterns
34
-
35
- ```
36
- Common setups:
37
- ├── Next.js + tRPC (most common)
38
- ├── Monorepo with shared types
39
- ├── Remix + tRPC
40
- └── Any TS frontend + backend
41
- ```
@@ -1,22 +0,0 @@
1
- # Versioning Strategies
2
-
3
- > Plan for API evolution from day one.
4
-
5
- ## Decision Factors
6
-
7
- | Strategy | Implementation | Trade-offs |
8
- |----------|---------------|------------|
9
- | **URI** | /v1/users | Clear, easy caching |
10
- | **Header** | Accept-Version: 1 | Cleaner URLs, harder discovery |
11
- | **Query** | ?version=1 | Easy to add, messy |
12
- | **None** | Evolve carefully | Best for internal, risky for public |
13
-
14
- ## Versioning Philosophy
15
-
16
- ```
17
- Consider:
18
- ├── Public API? → Version in URI
19
- ├── Internal only? → May not need versioning
20
- ├── GraphQL? → Typically no versions (evolve schema)
21
- ├── tRPC? → Types enforce compatibility
22
- ```
@@ -1,75 +0,0 @@
1
- ---
2
- name: app-builder
3
- description: Main application building orchestrator. Creates full-stack applications from natural language requests. Determines project type, selects tech stack, coordinates agents.
4
- allowed-tools: Read, Write, Edit, Glob, Grep, Bash, Agent
5
- ---
6
-
7
- # App Builder - Application Building Orchestrator
8
-
9
- > Analyzes user's requests, determines tech stack, plans structure, and coordinates agents.
10
-
11
- ## 🎯 Selective Reading Rule
12
-
13
- **Read ONLY files relevant to the request!** Check the content map, find what you need.
14
-
15
- | File | Description | When to Read |
16
- |------|-------------|--------------|
17
- | `project-detection.md` | Keyword matrix, project type detection | Starting new project |
18
- | `tech-stack.md` | 2026 default stack, alternatives | Choosing technologies |
19
- | `agent-coordination.md` | Agent pipeline, execution order | Coordinating multi-agent work |
20
- | `scaffolding.md` | Directory structure, core files | Creating project structure |
21
- | `feature-building.md` | Feature analysis, error handling | Adding features to existing project |
22
- | `templates/SKILL.md` | **Project templates** | Scaffolding new project |
23
-
24
- ---
25
-
26
- ## 📦 Templates (13)
27
-
28
- Quick-start scaffolding for new projects. **Read the matching template only!**
29
-
30
- | Template | Tech Stack | When to Use |
31
- |----------|------------|-------------|
32
- | [nextjs-fullstack](templates/nextjs-fullstack/TEMPLATE.md) | Next.js + Prisma | Full-stack web app |
33
- | [nextjs-saas](templates/nextjs-saas/TEMPLATE.md) | Next.js + Stripe | SaaS product |
34
- | [nextjs-static](templates/nextjs-static/TEMPLATE.md) | Next.js + Framer | Landing page |
35
- | [nuxt-app](templates/nuxt-app/TEMPLATE.md) | Nuxt 3 + Pinia | Vue full-stack app |
36
- | [express-api](templates/express-api/TEMPLATE.md) | Express + JWT | REST API |
37
- | [python-fastapi](templates/python-fastapi/TEMPLATE.md) | FastAPI | Python API |
38
- | [react-native-app](templates/react-native-app/TEMPLATE.md) | Expo + Zustand | Mobile app |
39
- | [flutter-app](templates/flutter-app/TEMPLATE.md) | Flutter + Riverpod | Cross-platform mobile |
40
- | [electron-desktop](templates/electron-desktop/TEMPLATE.md) | Electron + React | Desktop app |
41
- | [chrome-extension](templates/chrome-extension/TEMPLATE.md) | Chrome MV3 | Browser extension |
42
- | [cli-tool](templates/cli-tool/TEMPLATE.md) | Node.js + Commander | CLI app |
43
- | [monorepo-turborepo](templates/monorepo-turborepo/TEMPLATE.md) | Turborepo + pnpm | Monorepo |
44
-
45
- ---
46
-
47
- ## 🔗 Related Agents
48
-
49
- | Agent | Role |
50
- |-------|------|
51
- | `project-planner` | Task breakdown, dependency graph |
52
- | `frontend-specialist` | UI components, pages |
53
- | `backend-specialist` | API, business logic |
54
- | `database-architect` | Schema, migrations |
55
- | `devops-engineer` | Deployment, preview |
56
-
57
- ---
58
-
59
- ## Usage Example
60
-
61
- ```
62
- User: "Make an Instagram clone with photo sharing and likes"
63
-
64
- App Builder Process:
65
- 1. Project type: Social Media App
66
- 2. Tech stack: Next.js + Prisma + Cloudinary + Clerk
67
- 3. Create plan:
68
- ├─ Database schema (users, posts, likes, follows)
69
- ├─ API routes (12 endpoints)
70
- ├─ Pages (feed, profile, upload)
71
- └─ Components (PostCard, Feed, LikeButton)
72
- 4. Coordinate agents
73
- 5. Report progress
74
- 6. Start preview
75
- ```
@@ -1,71 +0,0 @@
1
- # Agent Coordination
2
-
3
- > How App Builder orchestrates specialist agents.
4
-
5
- ## Agent Pipeline
6
-
7
- ```
8
- ┌─────────────────────────────────────────────────────────────┐
9
- │ APP BUILDER (Orchestrator) │
10
- └─────────────────────────────────────────────────────────────┘
11
-
12
-
13
- ┌─────────────────────────────────────────────────────────────┐
14
- │ PROJECT PLANNER │
15
- │ • Task breakdown │
16
- │ • Dependency graph │
17
- │ • File structure planning │
18
- │ • Create {task-slug}.md in project root (MANDATORY) │
19
- └─────────────────────────────────────────────────────────────┘
20
-
21
-
22
- ┌─────────────────────────────────────────────────────────────┐
23
- │ CHECKPOINT: PLAN VERIFICATION │
24
- │ 🔴 VERIFY: Does {task-slug}.md exist in project root? │
25
- │ 🔴 If NO → STOP → Create plan file first │
26
- │ 🔴 If YES → Proceed to specialist agents │
27
- └─────────────────────────────────────────────────────────────┘
28
-
29
- ┌───────────────────┼───────────────────┐
30
- ▼ ▼ ▼
31
- ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
32
- │ DATABASE │ │ BACKEND │ │ FRONTEND │
33
- │ ARCHITECT │ │ SPECIALIST │ │ SPECIALIST │
34
- │ │ │ │ │ │
35
- │ • Schema design │ │ • API routes │ │ • Components │
36
- │ • Migrations │ │ • Controllers │ │ • Pages │
37
- │ • Seed data │ │ • Middleware │ │ • Styling │
38
- └─────────────────┘ └─────────────────┘ └─────────────────┘
39
- │ │ │
40
- └───────────────────┼───────────────────┘
41
-
42
- ┌─────────────────────────────────────────────────────────────┐
43
- │ PARALLEL PHASE (Optional) │
44
- │ • Security Auditor → Vulnerability check │
45
- │ • Test Engineer → Unit tests │
46
- │ • Performance Optimizer → Bundle analysis │
47
- └─────────────────────────────────────────────────────────────┘
48
-
49
-
50
- ┌─────────────────────────────────────────────────────────────┐
51
- │ DEVOPS ENGINEER │
52
- │ • Environment setup │
53
- │ • Preview deployment │
54
- │ • Health check │
55
- └─────────────────────────────────────────────────────────────┘
56
- ```
57
-
58
- ## Execution Order
59
-
60
- | Phase | Agent(s) | Parallel? | Prerequisite | CHECKPOINT |
61
- |-------|----------|-----------|--------------|------------|
62
- | 0 | Socratic Gate | ❌ | - | ✅ Ask 3 questions |
63
- | 1 | Project Planner | ❌ | Questions answered | ✅ **PLAN.md created** |
64
- | 1.5 | **PLAN VERIFICATION** | ❌ | PLAN.md exists | ✅ **File exists in root** |
65
- | 2 | Database Architect | ❌ | Plan ready | Schema defined |
66
- | 3 | Backend Specialist | ❌ | Schema ready | API routes created |
67
- | 4 | Frontend Specialist | ✅ | API ready (partial) | UI components ready |
68
- | 5 | Security Auditor, Test Engineer | ✅ | Code ready | Tests & audit pass |
69
- | 6 | DevOps Engineer | ❌ | All code ready | Deployment ready |
70
-
71
- > 🔴 **CRITICAL:** Phase 1.5 is MANDATORY. No specialist agents proceed without PLAN.md verification.
@@ -1,53 +0,0 @@
1
- # Feature Building
2
-
3
- > How to analyze and implement new features.
4
-
5
- ## Feature Analysis
6
-
7
- ```
8
- Request: "add payment system"
9
-
10
- Analysis:
11
- ├── Required Changes:
12
- │ ├── Database: orders, payments tables
13
- │ ├── Backend: /api/checkout, /api/webhooks/stripe
14
- │ ├── Frontend: CheckoutForm, PaymentSuccess
15
- │ └── Config: Stripe API keys
16
-
17
- ├── Dependencies:
18
- │ ├── stripe package
19
- │ └── Existing user authentication
20
-
21
- └── Estimated Time: 15-20 minutes
22
- ```
23
-
24
- ## Iterative Enhancement Process
25
-
26
- ```
27
- 1. Analyze existing project
28
- 2. Create change plan
29
- 3. Present plan to user
30
- 4. Get approval
31
- 5. Apply changes
32
- 6. Test
33
- 7. Show preview
34
- ```
35
-
36
- ## Error Handling
37
-
38
- | Error Type | Solution Strategy |
39
- |------------|-------------------|
40
- | TypeScript Error | Fix type, add missing import |
41
- | Missing Dependency | Run npm install |
42
- | Port Conflict | Suggest alternative port |
43
- | Database Error | Check migration, validate connection |
44
-
45
- ## Recovery Strategy
46
-
47
- ```
48
- 1. Detect error
49
- 2. Try automatic fix
50
- 3. If failed, report to user
51
- 4. Suggest alternative
52
- 5. Rollback if necessary
53
- ```
@@ -1,34 +0,0 @@
1
- # Project Type Detection
2
-
3
- > Analyze user requests to determine project type and template.
4
-
5
- ## Keyword Matrix
6
-
7
- | Keywords | Project Type | Template |
8
- |----------|--------------|----------|
9
- | blog, post, article | Blog | astro-static |
10
- | e-commerce, product, cart, payment | E-commerce | nextjs-saas |
11
- | dashboard, panel, management | Admin Dashboard | nextjs-fullstack |
12
- | api, backend, service, rest | API Service | express-api |
13
- | python, fastapi, django | Python API | python-fastapi |
14
- | mobile, android, ios, react native | Mobile App (RN) | react-native-app |
15
- | flutter, dart | Mobile App (Flutter) | flutter-app |
16
- | portfolio, personal, cv | Portfolio | nextjs-static |
17
- | crm, customer, sales | CRM | nextjs-fullstack |
18
- | saas, subscription, stripe | SaaS | nextjs-saas |
19
- | landing, promotional, marketing | Landing Page | nextjs-static |
20
- | docs, documentation | Documentation | astro-static |
21
- | extension, plugin, chrome | Browser Extension | chrome-extension |
22
- | desktop, electron | Desktop App | electron-desktop |
23
- | cli, command line, terminal | CLI Tool | cli-tool |
24
- | monorepo, workspace | Monorepo | monorepo-turborepo |
25
-
26
- ## Detection Process
27
-
28
- ```
29
- 1. Tokenize user request
30
- 2. Extract keywords
31
- 3. Determine project type
32
- 4. Detect missing information → forward to conversation-manager
33
- 5. Suggest tech stack
34
- ```