npm - ginskill-init - Versions diffs - 2.7.0 - Mend

ginskill-init 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/.wrangler/cache/pages.json +4 -0
package/.wrangler/cache/wrangler-account.json +6 -0
package/DEVELOPMENT.md +510 -0
package/README.md +104 -0
package/agents/developer.md +56 -0
package/agents/frontend-design.md +69 -0
package/agents/mobile-reviewer.md +36 -0
package/agents/review-code.md +49 -0
package/agents/security-scanner.md +50 -0
package/agents/tester.md +72 -0
package/bin/cli.js +461 -0
package/landing/ai-build-ai.png +0 -0
package/landing/index.html +1495 -0
package/landing/logo.png +0 -0
package/package.json +37 -0
package/skills/active-life-dev/SKILL.md +157 -0
package/skills/active-life-dev/docs/auth.md +187 -0
package/skills/active-life-dev/docs/customers.md +216 -0
package/skills/active-life-dev/docs/integrations.md +209 -0
package/skills/active-life-dev/docs/inventory.md +192 -0
package/skills/active-life-dev/docs/modules.md +181 -0
package/skills/active-life-dev/docs/orders.md +180 -0
package/skills/active-life-dev/docs/patterns.md +319 -0
package/skills/active-life-dev/docs/products.md +216 -0
package/skills/active-life-dev/docs/schema.md +502 -0
package/skills/active-life-dev/docs/setup.md +169 -0
package/skills/active-life-dev/docs/vouchers.md +144 -0
package/skills/ai-asset-generator/SKILL.md +247 -0
package/skills/ai-asset-generator/docs/gen-image.md +274 -0
package/skills/ai-asset-generator/docs/genvideo.md +341 -0
package/skills/ai-asset-generator/docs/remove-background.md +19 -0
package/skills/ai-asset-generator/lib/bg-remove.mjs +34 -0
package/skills/ai-asset-generator/lib/env.mjs +48 -0
package/skills/ai-asset-generator/lib/kie-client.mjs +100 -0
package/skills/ai-build-ai/SKILL.md +127 -0
package/skills/ai-build-ai/docs/agent-teams.md +293 -0
package/skills/ai-build-ai/docs/checkpointing.md +161 -0
package/skills/ai-build-ai/docs/create-agent.md +399 -0
package/skills/ai-build-ai/docs/create-mcp.md +395 -0
package/skills/ai-build-ai/docs/create-skill.md +299 -0
package/skills/ai-build-ai/docs/headless-mode.md +614 -0
package/skills/ai-build-ai/docs/hooks.md +578 -0
package/skills/ai-build-ai/docs/memory-claude-md.md +375 -0
package/skills/ai-build-ai/docs/output-styles.md +208 -0
package/skills/ai-build-ai/docs/overview.md +162 -0
package/skills/ai-build-ai/docs/permissions.md +391 -0
package/skills/ai-build-ai/docs/plugins.md +396 -0
package/skills/ai-build-ai/docs/sandbox.md +262 -0
package/skills/ai-build-ai/docs/team-lead-workflow.md +648 -0
package/skills/ant-design/SKILL.md +323 -0
package/skills/ant-design/docs/components.md +160 -0
package/skills/ant-design/docs/data-entry.md +406 -0
package/skills/ant-design/docs/display.md +594 -0
package/skills/ant-design/docs/feedback.md +451 -0
package/skills/ant-design/docs/key-components.md +414 -0
package/skills/ant-design/docs/navigation.md +310 -0
package/skills/ant-design/docs/pro-components.md +543 -0
package/skills/ant-design/docs/setup.md +213 -0
package/skills/ant-design/docs/theme.md +265 -0
package/skills/flutter-performance/SKILL.md +803 -0
package/skills/flutter-performance/references/flutter-patterns.md +595 -0
package/skills/icon-generator/SKILL.md +270 -0
package/skills/mobile-app-review/SKILL.md +321 -0
package/skills/mobile-app-review/references/apple-review.md +132 -0
package/skills/mobile-app-review/references/google-play-review.md +203 -0
package/skills/mongodb/SKILL.md +667 -0
package/skills/mongodb/references/mongoose-patterns.md +368 -0
package/skills/nestjs-architecture/SKILL.md +1086 -0
package/skills/nestjs-architecture/references/advanced-patterns.md +590 -0
package/skills/performance/SKILL.md +509 -0
package/skills/react-fsd-architecture/SKILL.md +693 -0
package/skills/react-fsd-architecture/references/fsd-patterns.md +747 -0
package/skills/react-native-expo/SKILL.md +128 -0
package/skills/react-native-expo/references/data-layer.md +252 -0
package/skills/react-native-expo/references/design-system.md +252 -0
package/skills/react-native-expo/references/navigation.md +199 -0
package/skills/react-native-expo/references/performance.md +229 -0
package/skills/react-native-expo/references/platform-services.md +179 -0
package/skills/react-native-expo/references/state-management.md +209 -0
package/skills/react-native-expo/references/ui-patterns.md +301 -0
package/skills/react-query/SKILL.md +685 -0
package/skills/react-query/references/query-patterns.md +365 -0
package/skills/review-code/SKILL.md +374 -0
package/skills/review-code/references/clean-code-principles.md +395 -0
package/skills/review-code/references/frontend-patterns.md +136 -0
package/skills/review-code/references/nestjs-patterns.md +184 -0
package/skills/security-scanner/SKILL.md +366 -0
package/skills/security-scanner/references/nestjs-security.md +260 -0
package/skills/security-scanner/references/nextjs-security.md +201 -0
package/skills/security-scanner/references/react-native-security.md +199 -0
package/skills/traefik/SKILL.md +105 -0
package/skills/traefik/docs/advanced-routing.md +186 -0
package/skills/traefik/docs/auth-providers.md +137 -0
package/skills/traefik/docs/cicd-devops.md +396 -0
package/skills/traefik/docs/core-config.md +171 -0
package/skills/traefik/docs/distributed-config.md +96 -0
package/skills/traefik/docs/docker-compose.md +182 -0
package/skills/traefik/docs/ha-performance.md +177 -0
package/skills/traefik/docs/kubernetes.md +278 -0
package/skills/traefik/docs/middleware.md +205 -0
package/skills/traefik/docs/monitoring.md +357 -0
package/skills/traefik/docs/security.md +391 -0
package/skills/traefik/docs/tls-acme.md +155 -0
package/skills/ui-ux-pro-max/SKILL.md +377 -0
package/skills/ui-ux-pro-max/data/charts.csv +26 -0
package/skills/ui-ux-pro-max/data/colors.csv +97 -0
package/skills/ui-ux-pro-max/data/icons.csv +101 -0
package/skills/ui-ux-pro-max/data/landing.csv +31 -0
package/skills/ui-ux-pro-max/data/products.csv +97 -0
package/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
package/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
package/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
package/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
package/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
package/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
package/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
package/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
package/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
package/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
package/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
package/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
package/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
package/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
package/skills/ui-ux-pro-max/data/styles.csv +68 -0
package/skills/ui-ux-pro-max/data/typography.csv +58 -0
package/skills/ui-ux-pro-max/data/ui-reasoning.csv +101 -0
package/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
package/skills/ui-ux-pro-max/data/web-interface.csv +31 -0

package/skills/traefik/docs/security.md ADDED Viewed

@@ -0,0 +1,391 @@
+# Traefik Security Hardening
+## Security Headers (apply globally)
+```yaml
+http:
+  middlewares:
+    security-headers:
+      headers:
+        # XSS Protection
+        browserXssFilter: true
+        # Prevent MIME sniffing
+        contentTypeNosniff: true
+        # Clickjacking protection
+        frameDeny: true
+        customFrameOptionsValue: "SAMEORIGIN"
+        # HSTS
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        # CSP
+        contentSecurityPolicy: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'"
+        # Referrer
+        referrerPolicy: "strict-origin-when-cross-origin"
+        # Permissions
+        permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=()"
+        # Remove server info
+        customResponseHeaders:
+          server: ""
+          X-Powered-By: ""
+```
+## TLS Hardening
+```yaml
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict: true
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+```
+For maximum security (TLS 1.3 only):
+```yaml
+    strict:
+      minVersion: VersionTLS13
+      sniStrict: true
+```
+## Rate Limiting
+```yaml
+http:
+  middlewares:
+    global-rate-limit:
+      rateLimit:
+        average: 100
+        burst: 50
+        period: 1s
+        sourceCriterion:
+          ipStrategy:
+            depth: 1  # Correct depth for your proxy chain
+    api-rate-limit:
+      rateLimit:
+        average: 20
+        burst: 10
+        period: 1s
+    login-rate-limit:
+      rateLimit:
+        average: 5
+        burst: 3
+        period: 1m
+```
+## IP Allowlisting
+```yaml
+http:
+  middlewares:
+    internal-only:
+      ipAllowList:
+        sourceRange:
+          - "10.0.0.0/8"
+          - "172.16.0.0/12"
+          - "192.168.0.0/16"
+        ipStrategy:
+          depth: 1
+```
+## Docker Socket Security
+**Never** mount Docker socket directly in production. Use a socket proxy:
+```yaml
+services:
+  socket-proxy:
+    image: tecnativa/docker-socket-proxy
+    environment:
+      CONTAINERS: 1
+      SERVICES: 0
+      TASKS: 0
+      NETWORKS: 0
+      NODES: 0
+      IMAGES: 0
+      VOLUMES: 0
+      BUILD: 0
+      COMMIT: 0
+      CONFIGS: 0
+      DISTRIBUTION: 0
+      EXEC: 0
+      GRPC: 0
+      INFO: 0
+      PLUGINS: 0
+      POST: 0
+      SECRETS: 0
+      SESSION: 0
+      SWARM: 0
+      SYSTEM: 0
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - socket-proxy
+    restart: unless-stopped
+networks:
+  socket-proxy:
+    internal: true
+```
+## Dashboard Security
+```yaml
+# NEVER use api.insecure: true in production
+# Secure dashboard with ForwardAuth
+labels:
+  - "traefik.http.routers.dashboard.rule=Host(`traefik.internal.example.com`)"
+  - "traefik.http.routers.dashboard.service=api@internal"
+  - "traefik.http.routers.dashboard.middlewares=dashboard-auth,internal-only"
+  - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+```
+## Forwarded Headers Security
+```yaml
+entryPoints:
+  websecure:
+    address: ":443"
+    forwardedHeaders:
+      trustedIPs:
+        - "127.0.0.1/32"
+        - "10.0.0.0/8"
+        # Add your load balancer / CDN IPs
+        # Cloudflare IPs:
+        - "173.245.48.0/20"
+        - "103.21.244.0/22"
+        - "103.22.200.0/22"
+        - "103.31.4.0/22"
+        - "141.101.64.0/18"
+        - "108.162.192.0/18"
+        - "190.93.240.0/20"
+        - "188.114.96.0/20"
+        - "197.234.240.0/22"
+        - "198.41.128.0/17"
+        - "162.158.0.0/15"
+        - "104.16.0.0/13"
+        - "104.24.0.0/14"
+        - "172.64.0.0/13"
+        - "131.0.72.0/22"
+    proxyProtocol:
+      trustedIPs:
+        - "10.0.0.0/8"  # Only trust your LB
+```
+**NEVER** trust `0.0.0.0/0` for proxy protocol or forwarded headers.
+## Container Security
+```yaml
+services:
+  traefik:
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_BIND_SERVICE
+    read_only: true
+    tmpfs:
+      - /tmp
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512M
+        reservations:
+          cpus: "0.1"
+          memory: 128M
+```
+## Known CVEs to Watch
+- **CVE-2026-29054**: Case-sensitive bypass for X-Forwarded header removal (fixed v3.6.9)
+- **CVE-2025-66491**: `Verify=On` actually disabled TLS verification (fixed v3.6.3)
+- Always run latest patch version
+## CORS Configuration
+```yaml
+http:
+  middlewares:
+    cors:
+      headers:
+        accessControlAllowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+        accessControlAllowHeaders: ["Content-Type", "Authorization"]
+        accessControlAllowOriginList:
+          - "https://app.example.com"
+          - "https://admin.example.com"
+        accessControlMaxAge: 86400
+        accessControlAllowCredentials: true
+        addVaryHeader: true
+```
+## Request Size Limits (Buffering)
+```yaml
+http:
+  middlewares:
+    request-limit:
+      buffering:
+        maxRequestBodyBytes: 10485760    # 10MB
+        maxResponseBodyBytes: 10485760
+        memRequestBodyBytes: 2097152     # 2MB in memory
+        memResponseBodyBytes: 2097152
+```
+## WAF Integration (Traefik Hub + Coraza)
+Traefik Hub integrates Coraza WAF with OWASP Core Rule Set:
+```yaml
+# Traefik Hub WAF middleware
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: waf
+spec:
+  plugin:
+    coraza:
+      directives:
+        - "SecRuleEngine On"
+        - "Include @owasp_crs/*.conf"
+        - "SecRule REQUEST_URI \"@rx /etc/passwd\" \"id:1,phase:1,deny,status:403\""
+```
+For open-source Traefik, use the community Coraza plugin or place ModSecurity/Coraza as a sidecar.
+## Secrets Management
+```yaml
+# Docker secrets (preferred over env vars)
+services:
+  traefik:
+    secrets:
+      - cf_api_token
+      - dashboard_password
+    environment:
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
+secrets:
+  cf_api_token:
+    file: ./secrets/cf_api_token.txt     # Docker Compose
+    # external: true                      # Docker Swarm
+  dashboard_password:
+    file: ./secrets/dashboard_password.txt
+```
+Kubernetes:
+```yaml
+# Use External Secrets Operator for Vault/AWS SM integration
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: traefik-certs
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: traefik-tls-secret
+  data:
+    - secretKey: tls.crt
+      remoteRef:
+        key: secret/traefik/tls
+        property: cert
+    - secretKey: tls.key
+      remoteRef:
+        key: secret/traefik/tls
+        property: key
+```
+## Network Segmentation
+```yaml
+# Docker: isolate proxy network from internal networks
+networks:
+  proxy:
+    external: true        # Public-facing services
+  backend:
+    internal: true        # Backend services only
+  socket-proxy:
+    internal: true        # Docker socket proxy only
+  monitoring:
+    internal: true        # Prometheus, Grafana, Loki
+```
+Kubernetes:
+```yaml
+# NetworkPolicy: restrict Traefik egress to app namespaces only
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: traefik-egress
+  namespace: traefik
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  policyTypes: [Egress]
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              traefik-access: "true"
+      ports:
+        - protocol: TCP
+          port: 80
+        - protocol: TCP
+          port: 8080
+    - to:  # Allow DNS
+        - namespaceSelector: {}
+      ports:
+        - protocol: UDP
+          port: 53
+```
+## InFlightReq (Connection Limiting)
+```yaml
+http:
+  middlewares:
+    inflight-limit:
+      inFlightReq:
+        amount: 100  # Max concurrent requests
+        sourceCriterion:
+          ipStrategy:
+            depth: 1
+```
+## Security Checklist
+- [ ] `api.insecure: false`
+- [ ] `exposedByDefault: false`
+- [ ] Docker socket proxy or read-only mount
+- [ ] `forwardedHeaders.trustedIPs` configured
+- [ ] `proxyProtocol.trustedIPs` configured (if behind LB)
+- [ ] Security headers middleware applied globally
+- [ ] Rate limiting on all public routers
+- [ ] TLS min version 1.2+
+- [ ] `sniStrict: true`
+- [ ] Dashboard behind authentication
+- [ ] ACME storage persisted and backed up
+- [ ] Access logs enabled with filtering
+- [ ] Container runs with minimal privileges
+- [ ] Latest Traefik version with security patches
+- [ ] CORS configured (not wildcard `*` with credentials)
+- [ ] Request body size limits set
+- [ ] Network segmentation (internal networks)
+- [ ] Secrets in Docker secrets / K8s secrets (not env vars)
+- [ ] InFlightReq limits on critical endpoints
+- [ ] WAF enabled for public-facing services

package/skills/traefik/docs/tls-acme.md ADDED Viewed

@@ -0,0 +1,155 @@
+# TLS, ACME & Let's Encrypt
+## ACME Certificate Resolvers
+### HTTP-01 Challenge (simplest, no wildcard support)
+```yaml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@example.com
+      storage: /acme.json
+      httpChallenge:
+        entryPoint: web
+```
+### DNS-01 Challenge (required for wildcard certs)
+```yaml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@example.com
+      storage: /acme.json
+      dnsChallenge:
+        provider: cloudflare  # See supported providers below
+        resolvers: ["1.1.1.1:53", "8.8.8.8:53"]
+        delayBeforeCheck: 10s
+```
+Supported DNS providers: cloudflare, route53, googlecloud, azure, digitalocean, namecheap, ovh, gandi, hetzner, linode, vultr, and many more.
+Environment variables per provider (e.g., Cloudflare):
+```bash
+CF_DNS_API_TOKEN=your-api-token
+# OR
+CF_API_EMAIL=your-email
+CF_API_KEY=your-global-api-key
+```
+### TLS-ALPN-01 Challenge
+```yaml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@example.com
+      storage: /acme.json
+      tlsChallenge: {}
+```
+## Wildcard Certificates
+```yaml
+entryPoints:
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: "example.com"
+            sans:
+              - "*.example.com"
+          - main: "example.org"
+            sans:
+              - "*.example.org"
+```
+## TLS Options
+```yaml
+# dynamic/tls.yml
+tls:
+  options:
+    default:  # "default" applies to all routers without explicit tls options
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      sniStrict: true
+    modern:
+      minVersion: VersionTLS13
+```
+Kubernetes CRD:
+```yaml
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: default
+  namespace: traefik
+spec:
+  minVersion: VersionTLS12
+  sniStrict: true
+  cipherSuites:
+    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+```
+## Mutual TLS (mTLS)
+```yaml
+tls:
+  options:
+    mtls:
+      clientAuth:
+        caFiles:
+          - /certs/client-ca.pem
+        clientAuthType: RequireAndVerifyClientCert
+        # Options: NoClientCert, RequestClientCert, RequireAnyClientCert,
+        #          VerifyClientCertIfGiven, RequireAndVerifyClientCert
+```
+## Custom Certificates (no ACME)
+```yaml
+tls:
+  certificates:
+    - certFile: /certs/example.com.crt
+      keyFile: /certs/example.com.key
+    - certFile: /certs/wildcard.example.com.crt
+      keyFile: /certs/wildcard.example.com.key
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certs/default.crt
+        keyFile: /certs/default.key
+```
+## ServersTransport (TLS to backends)
+```yaml
+# Kubernetes CRD
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: mtls-transport
+spec:
+  serverName: "backend.internal"
+  insecureSkipVerify: false
+  rootCAsSecrets:
+    - backend-ca
+  certificatesSecrets:
+    - client-cert
+  maxIdleConnsPerHost: 10
+```
+## Best Practices
+- Use DNS-01 for wildcard certs
+- Set `minVersion: VersionTLS12` minimum
+- Enable `sniStrict: true` to reject unknown domains
+- Persist `acme.json` on a volume (mode 600)
+- Use staging CA for testing: `caServer: https://acme-staging-v02.api.letsencrypt.org/directory`
+- In HA setups, use shared cert storage (Consul KV or Traefik Enterprise)