npm - ilumin-cli - Versions diffs - 1.1.1 → 1.1.2 - Mend

ilumin-cli 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/commands/mcp-add.d.ts.map +1 -1
package/dist/commands/mcp-add.js +0 -10
package/dist/commands/mcp-add.js.map +1 -1
package/dist/commands/skills-install.js +1 -1
package/dist/commands/skills-install.js.map +1 -1
package/package.json +3 -4
package/skills/ilumin-cloud/SKILL.md +0 -217
package/skills/ilumin-cloud/references/compose.md +0 -425
package/skills/ilumin-cloud/references/recommended-stack.md +0 -179
package/skills/ilumin-security/SKILL.md +0 -355

package/dist/commands/mcp-add.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mcp-add.d.ts","sourceRoot":"","sources":["../../src/commands/mcp-add.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AAwBH~~,UAAU,aAAa;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,IAAI,~~CAuEtE~~"}
1	+ {"version":3,"file":"mcp-add.d.ts","sourceRoot":"","sources":["../../src/commands/mcp-add.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuBH,UAAU,aAAa;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,IAAI,CA8DtE"}

package/dist/commands/mcp-add.js CHANGED Viewed

@@ -11,7 +11,6 @@ import { installClaudeDesktop } from "../clients/claude-desktop.js";
 import { installGemini } from "../clients/gemini.js";
 import { installCursor } from "../clients/cursor.js";
 import { installCodex } from "../clients/codex.js";
-import { installSkillsForClient } from "../utils/install-skills.js";
 // Clientes disponíveis com metadados
 const SUPPORTED_CLIENTS = {
     "claude-code": { label: "Claude Code" },
@@ -67,15 +66,6 @@ export function runMcpAdd(server, options) {
             hasError = true;
             const msg = err instanceof Error ? err.message : String(err);
             printError(`${label}: ${msg}`);
-            continue;
-        }
-        try {
-            const skillsDir = installSkillsForClient(client);
-            printSuccess(`Skills instaladas em ${skillsDir}`);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            printWarning(`${label}: skills não instaladas — ${msg}`);
         }
     }
     console.log();

package/dist/commands/mcp-add.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mcp-add.js","sourceRoot":"","sources":["../../src/commands/mcp-add.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;~~AACnD~~,~~OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGpE,~~qCAAqC;AACrC,MAAM,iBAAiB,GAA+C;IAClE,aAAa,EAAK,EAAE,KAAK,EAAE,aAAa,EAAE;IAC1C,gBAAgB,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC7C,QAAQ,EAAU,EAAE,KAAK,EAAE,YAAY,EAAE;IACzC,QAAQ,EAAU,EAAE,KAAK,EAAE,QAAQ,EAAE;IACrC,OAAO,EAAW,EAAE,KAAK,EAAE,cAAc,EAAE;CAC9C,CAAC;AAEF,+CAA+C;AAC/C,MAAM,iBAAiB,GAAG,CAAC,QAAQ,CAAC,CAAC;AAOrC,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,OAAsB;IAC5D,oBAAoB;IACpB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACpD,UAAU,CAAC,2BAA2B,MAAM,mBAAmB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,mBAAmB;IACnB,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,UAAU,CAAC,mCAAmC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC,CAAC;QACpH,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,8BAA8B;IAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACxD,IAAI,OAAO,GAAsB,EAAE,CAAC;IAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;QACd,iCAAiC;QACjC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAsB,CAAC;QAC9D,SAAS,CAAC,8EAA8E,CAAC,CAAC;IAC9F,CAAC;SAAM,CAAC;QACJ,iDAAiD;QACjD,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAsB,CAAC;QAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,iBAAiB,CAAC,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,UAAU,CAAC,2BAA2B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC;QAC9C,IAAI,CAAC;YACD,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACjC,YAAY,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,GAAG,IAAI,CAAC;YAChB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,UAAU,CAAC,GAAG,KAAK,KAAK,GAAG,EAAE,CAAC,CAAC;~~YAC/B~~,~~SAAS;QACb,~~CAAC;QAED,IAAI,CAAC;YACD,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;YACjD,YAAY,CAAC,wBAAwB,SAAS,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,YAAY,CAAC,GAAG,KAAK,6BAA6B,GAAG,EAAE,CAAC,CAAC;QAC7D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,YAAY,CAAC,iDAAiD,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACpD,CAAC;SAAM,CAAC;QACJ,YAAY,CAAC,+DAA+D,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAuB,EAAE,MAAc;IAC7D,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,aAAa,CAAC,CAAI,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACxD,KAAK,gBAAgB,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAC3D,KAAK,QAAQ,CAAC,CAAS,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;QACpD,KAAK,QAAQ,CAAC,CAAS,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;QACpD,KAAK,OAAO,CAAC,CAAU,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}
1	+ {"version":3,"file":"mcp-add.js","sourceRoot":"","sources":["../../src/commands/mcp-add.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,qCAAqC;AACrC,MAAM,iBAAiB,GAA+C;IAClE,aAAa,EAAK,EAAE,KAAK,EAAE,aAAa,EAAE;IAC1C,gBAAgB,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC7C,QAAQ,EAAU,EAAE,KAAK,EAAE,YAAY,EAAE;IACzC,QAAQ,EAAU,EAAE,KAAK,EAAE,QAAQ,EAAE;IACrC,OAAO,EAAW,EAAE,KAAK,EAAE,cAAc,EAAE;CAC9C,CAAC;AAEF,+CAA+C;AAC/C,MAAM,iBAAiB,GAAG,CAAC,QAAQ,CAAC,CAAC;AAOrC,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,OAAsB;IAC5D,oBAAoB;IACpB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACpD,UAAU,CAAC,2BAA2B,MAAM,mBAAmB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,mBAAmB;IACnB,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,UAAU,CAAC,mCAAmC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC,CAAC;QACpH,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,8BAA8B;IAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACxD,IAAI,OAAO,GAAsB,EAAE,CAAC;IAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;QACd,iCAAiC;QACjC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAsB,CAAC;QAC9D,SAAS,CAAC,8EAA8E,CAAC,CAAC;IAC9F,CAAC;SAAM,CAAC;QACJ,iDAAiD;QACjD,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAsB,CAAC;QAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,iBAAiB,CAAC,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,UAAU,CAAC,2BAA2B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC;QAC9C,IAAI,CAAC;YACD,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACjC,YAAY,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,GAAG,IAAI,CAAC;YAChB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,UAAU,CAAC,GAAG,KAAK,KAAK,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,YAAY,CAAC,iDAAiD,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACpD,CAAC;SAAM,CAAC;QACJ,YAAY,CAAC,+DAA+D,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAuB,EAAE,MAAc;IAC7D,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,aAAa,CAAC,CAAI,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACxD,KAAK,gBAAgB,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAC3D,KAAK,QAAQ,CAAC,CAAS,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;QACpD,KAAK,QAAQ,CAAC,CAAS,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;QACpD,KAAK,OAAO,CAAC,CAAU,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}

package/dist/commands/skills-install.js CHANGED Viewed

@@ -10,7 +10,7 @@ import { spawnSync } from "child_process";
 import kleur from "kleur";
 import { printInfo, printSuccess, printError } from "../utils/logger.js";
 export function runSkillsInstall(options) {
-    const repo = "IluminClients/ilumin-cli";
+    const repo = "IluminClients/ilumin-skills";
     const args = ["skills", "add", repo, "-g"];
     if (options.agent) {
         for (const agent of options.agent.split(",").map(a => a.trim())) {

package/dist/commands/skills-install.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"skills-install.js","sourceRoot":"","sources":["../../src/commands/skills-install.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMzE,MAAM,UAAU,gBAAgB,CAAC,OAA6B;IAC1D,MAAM,IAAI,GAAG,~~0BAA0B~~,CAAC;~~IAExC~~,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE3C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;IACL,CAAC;IAED,SAAS,CAAC,wCAAwC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAClC,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,KAAK;KACf,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,UAAU,CAAC,oEAAoE,CAAC,CAAC;QACjF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,YAAY,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC"}
1	+ {"version":3,"file":"skills-install.js","sourceRoot":"","sources":["../../src/commands/skills-install.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMzE,MAAM,UAAU,gBAAgB,CAAC,OAA6B;IAC1D,MAAM,IAAI,GAAG,6BAA6B,CAAC;IAE3C,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE3C,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;IACL,CAAC;IAED,SAAS,CAAC,wCAAwC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAClC,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,KAAK;KACf,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,UAAU,CAAC,oEAAoE,CAAC,CAAC;QACjF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,YAAY,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "ilumin-cli",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "description": "Ilumin Cloud CLI — instala e gerencia o MCP da Ilumin em vários clientes de IA",
     "type": "module",
     "main": "dist/index.js",
@@ -9,13 +9,12 @@
         "ilumin-cli": "dist/index.js"
     },
     "scripts": {
-        "build": "tsc && chmod +x dist/index.js && node scripts/copy-skills.js",
+        "build": "tsc && chmod +x dist/index.js",
         "dev": "tsc --watch",
         "start": "node dist/index.js"
     },
     "files": [
-        "dist",
-        "skills"
+        "dist"
     ],
     "dependencies": {
         "commander": "^14.0.2",

package/skills/ilumin-cloud/SKILL.md DELETED Viewed

@@ -1,217 +0,0 @@
----
-name: ilumin-cloud-developer
-description: Use this skill when managing deployments, servers, custom domains, or installing and integrating applications using the Ilumin Cloud Model Context Protocol (MCP). Useful for building code, deploying, updating, and setting up catalog integrations like WhatsApp, databases, queues, and more.
----
-# Ilumin Cloud Developer
-This skill provides the comprehensive workflow, tools, best practices, and contextual knowledge for interacting with Ilumin Cloud infrastructure via the Ilumin MCP Server.
-## What is Ilumin Cloud?
-**Ilumin Cloud** is a Brazilian PaaS (Platform as a Service) focused on simplifying self-hosted application deployment. It provides:
-- **Managed VPS Servers** — The user has one or more cloud servers (e.g., `srv1.user.ilumin.app`) pre-configured with Docker, Traefik (reverse proxy), and SSL termination.
-- **App Catalog** — A curated collection of ready-to-deploy open-source applications (databases, messaging APIs, automation tools, etc.) that can be installed with a single command — no Docker knowledge required from the user.
-- **CI/CD Pipeline** — Users can push their own source code, which is built via Docker into an image, versioned with a timestamp tag, and deployed as a container.
-- **Automatic HTTPS** — Every deployed app automatically gets a subdomain with SSL (e.g., `myapp.srv1.user.ilumin.app`), and custom domains can also be pointed via CNAME.
-- **Traefik Routing** — All traffic is routed by a Traefik reverse proxy running on the server. Compose files must follow Ilumin's label conventions for routing to work correctly.
-The Ilumin MCP connects AI agents directly to this infrastructure, enabling autonomous deployment, integration, and maintenance operations without requiring the user to use SSH or the Ilumin web dashboard manually.
----
-## Common Use Cases
-Understanding real-world scenarios where this skill is most valuable:
-### Deploying a Custom Application
-The user has a web app (Node.js, Python/FastAPI, Next.js, etc.) in a repository and wants it live on the internet. The AI uses `deploy_project` to build and push it, then `install_app` to deploy it for the first time, or `update_app` for subsequent deployments.
-### Adding WhatsApp to a Project
-The user wants to send/receive WhatsApp messages in their app. The AI installs the **Evolution API** from the catalog, then uses `get_catalog_app_documentation` to obtain its endpoint and API key, and writes the integration code into the user's project.
-### Adding a Database
-The user needs a PostgreSQL or Redis instance. The AI finds the appropriate app in the catalog and installs it on the same server, exposing the internal connection string for the user's application to consume.
-### Integrating Automation Workflows
-The user wants to automate tasks (email, webhooks, AI pipelines). The AI installs **n8n** or a similar tool from the catalog, which then connects to the user's app via webhooks or APIs.
-### Connecting a Custom Domain
-After deploying an app, the user wants it accessible at `app.mycompany.com` instead of the Ilumin subdomain. The AI uses `manage_domain` and instructs the user on configuring the CNAME at their DNS provider.
-### Rolling Updates Without Downtime
-The user has pushed new code. The AI runs `deploy_project` to build the new image, captures the timestamp tag, and runs `update_app` with the specific tag, ensuring Docker pulls the fresh layer and not a cached one.
----
-## App Catalog Overview
-The catalog contains popular open-source services. When the user's need matches one of these, always prefer installing from the catalog instead of building from scratch:
-| Category | Examples |
-|---|---|
-| **Messaging / WhatsApp** | Evolution API, Chatwoot |
-| **Automation / Workflows** | n8n, Typebot |
-| **Databases** | PostgreSQL, MySQL, Redis, MongoDB |
-| **AI / LLMs** | Open WebUI, Flowise |
-| **CMS / Web** | WordPress, Ghost, Strapi |
-| **Analytics** | Metabase, Plausible |
-| **Storage** | MinIO |
-| **Email** | Mailu, Stalwart |
-> Always run `list_catalog` to get the current up-to-date list and check if a specific app is available before suggesting a custom implementation.
----
-## Architecture Reference
-Understanding Ilumin's infrastructure prevents misconfiguration:
-```
-[Internet] → [Traefik (reverse proxy on server)] → [Docker Containers]
-                     ↑
-           Reads routing rules from Docker labels
-           Handles SSL termination automatically
-```
-- **Each app is a Docker container** with a `docker-compose.yml` defining the service, network, and Traefik labels.
-- **All containers** must be on the `network: ilumin-network` (or `external: true`) for Traefik to discover them and for containers to communicate internally.
-- **Internal container-to-container communication** uses the container/service name as the hostname (e.g., a Python app connects to `postgres-service:5432` on the shared network).
-- **`get_compose_guidelines`** returns the exact label templates and network definitions required — always use it before writing a compose file.
----
-## Available MCP Tools
-The Ilumin MCP server exposes specialized tools for the complete application lifecycle. Prioritize these whenever the objective involves Ilumin Cloud resources:
-### Information & Discovery
-- **`list_servers`** — Discover the user's available servers, domains, and currently active applications. *Always use this to verify the environment state before proposing an installation.*
-- **`list_deploys`** — Check historical build logs and image tags of past deployments.
-- **`list_catalog`** — List official and community applications available for 1-click installation.
-### Building & Versioning
-- **`deploy_project`** — Zip and push the current project source code, triggering a Docker build in the cloud. Returns a specific image tag (timestamp format, e.g., `20260407130809`) on success.
-- **`update_app`** — Update an existing application to a new version. **IMPORTANT**: Always use specific timestamp tags instead of `latest` to force Docker to pull the fresh image rather than using cached layers.
-### Installation & Configuration
-- **`install_app`** — Install a custom app onto a server for the first time. Requires a `docker-compose.yml` string formatted to Ilumin standards.
-- **`get_compose_guidelines`** — **MANDATORY** before generating any Docker Compose file. Returns the Traefik labels, network standards, and variable placeholders required for correct domain mapping.
-- **`manage_domain`** — Point a custom external domain (e.g., `app.mysite.com`) to an application. Always remind the user to create a CNAME at their DNS provider pointing to the server's primary domain.
-- **`get_app_env`** — Fetches the detailed environment variables (ENVs) for a specific application. Essential when an AI needs to retrieve credentials (like an API Key, database password, or URL) natively configured in the application environment (e.g., retrieving Evolution API credentials).
-### Catalog & Integrations
-- **`install_catalog_app`** — Install a complete application from the catalog without building source code (e.g., installing a WhatsApp API or database).
-- **`get_catalog_app_documentation`** — **MANDATORY** after installing a catalog app (or when integrating an existing one). Fetches connection data, API structure, and context needed to write integration code correctly. If this fails, fall back to Context7 or web search.
----
-## Core Best Practices and Workflows
-### 1. The "Memory" File (`ilumin.md`)
-Always act as the primary state manager for the project's deployment.
-- **Always maintain a file named `ilumin.md` in the user's project root.**
-- **Record**: Every successful installation, specific timestamp image tags used, the server domain (e.g., `srv1.user.ilumin.app`), custom domains configured, environment variables set, and any architectural notes.
-- **Before any action**: Check `ilumin.md` first to determine whether to call `install_app` (first time) or `update_app` (subsequent deployments) — this prevents destructive duplicate installations.
-### 2. Proactive Application Integrations Workflow
-When the user asks to build features requiring complex backend services (WhatsApp, queues, databases, automation), follow this pattern:
-1. Run `list_catalog` to check if an off-the-shelf app fulfills the requirement.
-2. Present the finding to the user and request permission to install it.
-3. If approved, run `install_catalog_app` to deploy the integration.
-4. Run `get_catalog_app_documentation` with the app's slug to learn the exact integration endpoints, credentials, and variables exposed.
-5. Use that documentation to write the precise integration code inside the user's main project.
-6. Record the installation details in `ilumin.md`.
-### 3. New Application Deployment Workflow
-1. Check `ilumin.md` and/or `list_servers` to confirm the app doesn't already exist.
-2. Run `deploy_project` to build the Docker image and obtain the image tag.
-3. Run `get_compose_guidelines` to learn the Traefik standards and network config.
-4. Run `install_app` using the obtained image tag and the generated compose file.
-5. Record the server, tag, app name, and URL in `ilumin.md`.
-### 4. Sending Environment Variables (ENVs) to Apps
-**A) Catalog Apps — only the 4 predefined variables**
-Catalog apps have their `docker-compose.yml` pre-built by the platform. The only ENVs you can pass are the 4 standard platform variables — and only the ones the app actually requires (as listed by `list_catalog`):
-- `APP_USER` — username/login
-- `APP_PASSWORD` — password
-- `APP_EMAIL` — admin email
-- `APP_API_KEY` — api key or token
-Pass them via `envVars` in `install_catalog_app`. You **cannot** send arbitrary custom ENV names — they will be ignored. Always ask the user to provide the values; never invent them.
-```
-install_catalog_app(
-  serverDomain: "srv1.user.com",
-  slug: "waha",
-  envVars: {
-    "APP_USER": "admin",
-    "APP_PASSWORD": "strongpassword"
-  }
-)
-```
-**B) Custom Apps — any ENVs via the compose `environment` block**
-When using `install_app` with a custom `docker-compose.yml`, you can freely define any environment variables needed by the application in the `environment` section:
-```yaml
-services:
-  my-app:
-    image: ghcr.io/user/my-app:20260407130809
-    environment:
-      DATABASE_URL: "postgresql://user:pass@postgres:5432/mydb"
-      SECRET_KEY: "my-secret"
-      DEBUG: "false"
-```
-Always ask the user for sensitive values before writing them into the compose. Never hardcode guessed values.
-**C) Reading ENVs from an Existing App — via `get_app_env`**
-If the AI needs credentials from an already-installed app (e.g., the Evolution API key or a database password), use `get_app_env` to fetch the live ENV values directly. This avoids asking the user for information they may not remember.
-### 4. Updating an Existing Application
-1. Verify it exists via `list_servers` or `ilumin.md`.
-2. Run `deploy_project` to commit changes and obtain the new timestamp version tag (e.g., `20260407130809`).
-3. Run `update_app` supplying the `app_name` and the new specific version tag. **Never use `latest`.**
-4. Update `ilumin.md` with the new tag and date.
-### 5. Custom Domain Configuration
-When using `manage_domain`, always:
-- Explicitly inform the user to create a **CNAME record** at their DNS provider pointing their custom domain to the server's primary domain (e.g., `srv1.user.ilumin.app`).
-- Check `ilumin.md` to verify if a custom domain is already established, preventing accidental overwrites without user confirmation.
-- Note that DNS propagation can take up to 24–48 hours, though it's typically much faster.
----
-## Common Errors and Troubleshooting
-| Symptom | Likely Cause | Resolution |
-|---|---|---|
-| App unreachable after install | Missing or incorrect Traefik labels | Re-run `get_compose_guidelines`, regenerate compose file |
-| Docker pulls old image after update | Used `latest` tag instead of specific tag | Always use timestamp tags from `deploy_project` output |
-| Container exits immediately | Missing required env var or misconfigured port | Review compose file; check logs via server SSH or Ilumin dashboard |
-| Custom domain returns 404 | CNAME not yet propagated or `manage_domain` not called | Verify DNS, re-run `manage_domain` if needed |
-| `install_app` fails with "already exists" | App installed previously | Use `update_app` instead |
-| Catalog app missing credentials | Env vars not passed during `install_catalog_app` | Check `list_catalog` for required `env_vars`, provide them |
-| Inter-container connection refused | Containers on different networks | Ensure all services share `ilumin-network` as an external network |
----
-## Additional Resources
-- For Docker Compose formatting rules, Traefik labels, network configuration, and reference examples, see [references/compose.md](references/compose.md)
-- For the recommended default stack (NocoDB, Redis, BullMQ) when the user hasn't specified infrastructure, see [references/recommended-stack.md](references/recommended-stack.md)

package/skills/ilumin-cloud/references/compose.md DELETED Viewed

@@ -1,425 +0,0 @@
-# Ilumin Compose Formatter
-This skill defines the mandatory rules and patterns for writing `docker-compose.yml` files compatible with the Ilumin Cloud platform. Follow every rule — small mistakes like a fixed router name or a wrong network definition are the most common causes of deployment failures.
----
-## How Ilumin's Infrastructure Works
-Understanding the infrastructure prevents 90% of errors:
-```
-[Internet] → [Traefik v3 on port 80/443] → [Docker containers via labels]
-                                                      ↑
-                                          Reads routing rules from labels
-                                          Handles SSL via Let's Encrypt
-                                          Routes by hostname or path
-```
-- Traefik runs as a separate container on the `traefik` **external** Docker network.
-- All app containers that need public access must join the `traefik` network.
-- Containers that must stay private (databases, caches) must join only the `internal` network.
-- Containers on the same `internal` network communicate using the **service name** as hostname (e.g., `postgres:5432`).
----
-## Mandatory Formatting Rules
-### 1. No Comments
-Remove **all** comments (lines starting with `#`) from the final compose file.
-### 2. No Resource Limits
-Remove any `deploy`, `resources`, `limits`, or `reservations` sections — Ilumin manages these at the infrastructure level.
-### 3. Image Version Variable
-Replace the image tag of the **main application** with `${APP_VERSION}`.
-```yml
-# ❌ Wrong
-image: n8n:latest
-image: ghost:5.82.2
-image: myapp:v2.1.0
-# ✅ Correct
-image: n8n:${APP_VERSION}
-image: ghost:${APP_VERSION}
-image: myapp:${APP_VERSION}
-```
-> **Critical:** `APP_VERSION` replaces the **entire tag** after the colon, including any `v` prefix. Never write `v${APP_VERSION}`.
-### 4. Database Password Variable
-Replace **all** database passwords with `${DB_PASSWORD}`:
-```yml
-# Applies to: POSTGRES_PASSWORD, MYSQL_ROOT_PASSWORD, MYSQL_PASSWORD, MARIADB_ROOT_PASSWORD, etc.
-- POSTGRES_PASSWORD=${DB_PASSWORD}
-- MYSQL_ROOT_PASSWORD=${DB_PASSWORD}
-- MYSQL_PASSWORD=${DB_PASSWORD}
-```
-### 5. Optional Admin Credentials
-If the app supports initial admin setup, use these standard variables:
-- `${APP_USERNAME}` — admin username
-- `${APP_PASSWORD}` — admin password
-- `${APP_EMAIL}` — admin email
-### 6. No Backslashes in URLs
-Never use `\` before `$` in URLs inside the compose file.
-```yml
-# ❌ Wrong
-- APP_URL=https://\${BASE_DOMAIN}
-# ✅ Correct
-- APP_URL=https://${BASE_DOMAIN}
-```
----
-## Network Rules (Critical)
-```yml
-# ✅ Main app service (public-facing) — both networks
-networks:
-  - traefik
-  - internal
-# ✅ Dependency services (db, redis, queue) — internal only
-networks:
-  - internal
-```
-**Always define networks at the bottom of the file exactly like this:**
-```yml
-networks:
-  traefik:
-    external: true
-  internal:
-```
-> ⚠️ The `traefik` network must be `external: true`. Forgetting this causes Traefik to be unable to discover the container.
----
-## Traefik Labels (Critical)
-Every public-facing service needs these labels. **Copy this block exactly** and replace `<appname>` with a unique identifier for the app.
-```yml
-labels:
-  - traefik.enable=true
-  - traefik.docker.network=traefik
-  - traefik.http.routers.<appname>.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-  - traefik.http.routers.<appname>.entrypoints=websecure
-  - traefik.http.routers.<appname>.tls=true
-  - traefik.http.routers.<appname>.tls.certresolver=letsencrypt
-  - traefik.http.services.<appname>.loadbalancer.server.port=<PORT>
-```
-### Router Naming Rules (Most Common Error)
-The router/service name in Traefik labels **must be unique across all apps on the server**. Using generic names like `backend` or `frontend` causes conflicts when multiple apps are deployed.
-**Formula:** `{appname}{role}` — always prefix with the app name.
-```yml
-# ❌ WRONG — will conflict with any other app using the same generic name
-- traefik.http.routers.backend.rule=...
-- traefik.http.routers.frontend.rule=...
-# ✅ CORRECT — unique per app
-- traefik.http.routers.n8nmain.rule=...
-- traefik.http.routers.ghostblog.rule=...
-- traefik.http.routers.myappfrontend.rule=...
-- traefik.http.routers.myappbackend.rule=...
-```
-### Domain Rule Syntax
-The domain rule must use this exact syntax — it supports both the Ilumin base domain and an optional custom domain:
-```
-Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-```
-> **Why this syntax?** `${CUSTOM_DOMAIN:+ || Host(...)}` is a shell parameter expansion that only adds the custom domain rule if the variable is set. This allows the platform to manage domain routing dynamically without requiring a compose file change.
----
-## Multi-Service Compose Rules
-### Two Services, One Domain (Path Routing — Frontend + Backend)
-When your app has a frontend and a backend on the **same domain**:
-```yml
-# Frontend: answers on /  (no path prefix needed)
-labels:
-  - traefik.http.routers.myappfrontend.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-  - traefik.http.services.myappfrontend.loadbalancer.server.port=3000
-# Backend: answers on /api
-labels:
-  - traefik.http.routers.myappbackend.rule=(Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}) && PathPrefix(`/api`)
-  - traefik.http.services.myappbackend.loadbalancer.server.port=8000
-```
-### Two Services, Two Subdomains
-When you need separate subdomains for backend and frontend:
-```yml
-# Frontend — base domain
-labels:
-  - traefik.http.routers.myappfrontend.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-# Backend — api subdomain prefix
-labels:
-  - traefik.http.routers.myappbackend.rule=Host(`api.${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`api.${CUSTOM_DOMAIN}`)}
-# Other services follow the same prefix pattern:
-# db.${BASE_DOMAIN}, admin.${BASE_DOMAIN}, etc.
-```
----
-## HTTP → HTTPS Redirect (Optional but Recommended)
-To redirect HTTP traffic to HTTPS, add these labels alongside the main router:
-```yml
-labels:
-  # ... (main HTTPS router labels above) ...
-  # HTTP redirect router
-  - traefik.http.routers.<appname>-http.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-  - traefik.http.routers.<appname>-http.entrypoints=web
-  - traefik.http.routers.<appname>-http.middlewares=redirect-to-https
-  - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
-```
----
-## Architecture Options
-### Option 1: Unified Build (Recommended) ✅
-Serve the compiled frontend through the backend. One container, no CORS issues.
-- Build the frontend in Stage 1 of the Dockerfile.
-- Copy `dist/` into the backend Stage 2.
-- Backend serves static files from `/` and API from `/api`.
-- Only one Traefik router needed.
-### Option 2: Separate Containers
-Use path routing or subdomains. Requires proper CORS config on the backend.
-> The browser **cannot** access `http://backend:8000` — the Docker internal network is not accessible from the user's browser. The frontend must call the public domain (e.g., `/api` relative path or `https://api.domain.com`).
----
-## Common Errors and Fixes
-| Error | Cause | Fix |
-|---|---|---|
-| App unreachable (502 Bad Gateway) | Wrong port in `loadbalancer.server.port` | Set the port the container actually listens on |
-| App unreachable (no SSL / cert error) | Missing `tls=true` or `certresolver=letsencrypt` | Add both TLS labels |
-| Two apps conflict (first works, second doesn't) | Duplicate router names in Traefik labels | Use unique names: `{appname}{role}` |
-| Database not reachable from app | DB container not on `internal` network | Ensure both app and DB are on `internal` |
-| Traefik can't discover container | `traefik` network not set as `external: true` | Fix the network definition at the bottom |
-| URL contains `v${APP_VERSION}` | Manually adding `v` before the variable | Remove the `v` — `APP_VERSION` already includes it |
-| URL contains backslash `\$` | Escaping `$` in compose | Remove `\` — dollar signs don't need escaping in compose YAML |
-| Custom domain not working | `manage_domain` not called after install | Call `manage_domain` and configure CNAME at DNS provider |
----
-## Reference Examples
-### Minimal Single App (Uptime Kuma)
-```yml
-services:
-  uptime-kuma:
-    image: louislam/uptime-kuma:${APP_VERSION}
-    volumes:
-      - uptime_data:/app/data
-    networks:
-      - traefik
-      - internal
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik
-      - traefik.http.routers.uptimekuma.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-      - traefik.http.routers.uptimekuma.entrypoints=websecure
-      - traefik.http.routers.uptimekuma.tls=true
-      - traefik.http.routers.uptimekuma.tls.certresolver=letsencrypt
-      - traefik.http.services.uptimekuma.loadbalancer.server.port=3001
-    restart: unless-stopped
-volumes:
-  uptime_data:
-networks:
-  traefik:
-    external: true
-  internal:
-```
-### App + Database (WordPress + MySQL)
-```yml
-services:
-  wordpress:
-    image: wordpress:${APP_VERSION}
-    depends_on:
-      - mysql
-    environment:
-      - WORDPRESS_DB_HOST=mysql
-      - WORDPRESS_DB_USER=wordpress
-      - WORDPRESS_DB_PASSWORD=${DB_PASSWORD}
-      - WORDPRESS_DB_NAME=wordpress
-    volumes:
-      - wordpress_data:/var/www/html
-    networks:
-      - traefik
-      - internal
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik
-      - traefik.http.routers.wordpress.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-      - traefik.http.routers.wordpress.entrypoints=websecure
-      - traefik.http.routers.wordpress.tls=true
-      - traefik.http.routers.wordpress.tls.certresolver=letsencrypt
-      - traefik.http.services.wordpress.loadbalancer.server.port=80
-    restart: unless-stopped
-  mysql:
-    image: mysql:5.7
-    environment:
-      - MYSQL_ROOT_PASSWORD=${DB_PASSWORD}
-      - MYSQL_DATABASE=wordpress
-      - MYSQL_USER=wordpress
-      - MYSQL_PASSWORD=${DB_PASSWORD}
-    volumes:
-      - mysql_data:/var/lib/mysql
-    networks:
-      - internal
-    restart: unless-stopped
-volumes:
-  wordpress_data:
-  mysql_data:
-networks:
-  traefik:
-    external: true
-  internal:
-```
-### App + Database (Baserow + PostgreSQL)
-```yml
-services:
-  baserow:
-    image: baserow/baserow:${APP_VERSION}
-    depends_on:
-      - postgres
-    volumes:
-      - baserow_data:/baserow/data
-    environment:
-      - BASEROW_PUBLIC_URL=https://${BASE_DOMAIN}
-      - DATABASE_HOST=postgres
-      - DATABASE_NAME=baserow
-      - DATABASE_USER=postgres
-      - DATABASE_PASSWORD=${DB_PASSWORD}
-    networks:
-      - traefik
-      - internal
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik
-      - traefik.http.routers.baserow.rule=Host(`${BASE_DOMAIN}`)${CUSTOM_DOMAIN:+ || Host(`${CUSTOM_DOMAIN}`)}
-      - traefik.http.routers.baserow.entrypoints=websecure
-      - traefik.http.routers.baserow.tls=true
-      - traefik.http.routers.baserow.tls.certresolver=letsencrypt
-      - traefik.http.routers.baserow.service=baserow
-      - traefik.http.services.baserow.loadbalancer.server.port=80
-    restart: unless-stopped
-  postgres:
-    image: postgres:16
-    environment:
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=${DB_PASSWORD}
-      - POSTGRES_DB=baserow
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-    networks:
-      - internal
-    restart: unless-stopped
-volumes:
-  baserow_data:
-  postgres_data:
-networks:
-  traefik:
-    external: true
-  internal:
-```
-### Custom App (Fixed Domain, No Variables)
-Used when the user wants to hardcode a specific domain. Inform the user that Ilumin's domain management panel will NOT work in this mode — they must manage DNS manually.
-```yml
-services:
-  app:
-    image: myapp:${APP_VERSION}
-    container_name: myapp
-    restart: unless-stopped
-    environment:
-      - NODE_ENV=production
-    networks:
-      - traefik
-      - internal
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik
-      - traefik.http.routers.myapp.rule=Host(`app.mycompany.com`)
-      - traefik.http.routers.myapp.entrypoints=websecure
-      - traefik.http.routers.myapp.tls=true
-      - traefik.http.routers.myapp.tls.certresolver=letsencrypt
-      - traefik.http.routers.myapp-http.rule=Host(`app.mycompany.com`)
-      - traefik.http.routers.myapp-http.entrypoints=web
-      - traefik.http.routers.myapp-http.middlewares=redirect-to-https
-      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
-      - traefik.http.services.myapp.loadbalancer.server.port=3000
-networks:
-  traefik:
-    external: true
-  internal:
-```
----
-## Pre-Deploy Compose Checklist
-- [ ] All image versions replaced with `${APP_VERSION}` (no `v` prefix before the variable)
-- [ ] All database passwords replaced with `${DB_PASSWORD}`
-- [ ] No hardcoded secrets or credentials in the file
-- [ ] Main service is on both `traefik` and `internal` networks
-- [ ] Database/cache services are on `internal` network only
-- [ ] Network definitions at the bottom: `traefik` is `external: true`, `internal` has no extra config
-- [ ] Traefik router name is unique (format: `{appname}{role}`)
-- [ ] Domain rule uses exact syntax with `${BASE_DOMAIN}` and `${CUSTOM_DOMAIN:+ ...}` expansion
-- [ ] `loadbalancer.server.port` matches the actual port the container listens on
-- [ ] TLS labels present: `tls=true` + `tls.certresolver=letsencrypt`
-- [ ] No `\` backslashes before `$` in URLs
-- [ ] No comments (`#`) in the final file
-- [ ] No `deploy`, `resources`, `limits`, or `reservations` sections
-- [ ] All volumes declared in the `volumes:` section at the bottom

package/skills/ilumin-cloud/references/recommended-stack.md DELETED Viewed

@@ -1,179 +0,0 @@
-# Ilumin Recommended Stack
-When the user hasn't specified which infrastructure services to use, follow this recommended stack. These services are optimized for Ilumin Cloud — they are lightweight, self-hosted, and integrate well with each other via the `internal` Docker network.
----
-## How Internal Communication Works
-All services in the same `docker-compose.yml` (or on the same `internal` Docker network) can communicate using the **service name as the hostname**.
-```
-App Container  →  [internal network]  →  postgres:5432
-App Container  →  [internal network]  →  redis:6379
-NocoDB         →  [internal network]  →  postgres:5432
-```
-> The key rule: **both the app and the service it connects to must share the same network** (always `internal`). The public internet never touches these internal services — only the main app container is exposed via Traefik.
----
-## 1. 🗄️ Database: NocoDB + PostgreSQL
-**NocoDB** is the recommended database layer for Ilumin apps. It is a lightweight, self-hosted Airtable alternative that sits on top of PostgreSQL and exposes a full REST + GraphQL API, a visual UI, and programmatic table creation via API — no raw SQL required for most operations.
-### Why NocoDB?
-- Full REST API to read/write/create tables from any app or AI agent
-- Visual interface for non-developers to manage data
-- Integrates with webhooks, automations, and third-party tools
-- JWT-based API authentication via `NC_AUTH_JWT_SECRET`
-### Connecting Your App to NocoDB
-NocoDB exposes an HTTP API. Your app does **not** connect to NocoDB as a database directly — it makes API calls to NocoDB's REST endpoint.
-If your app is in the **same compose** or **same `internal` network**, use the internal hostname:
-```bash
-# Internal (same internal network) — preferred
-NOCODB_URL=http://nocodb:8080
-# External (different server or no shared network)
-NOCODB_URL=https://your-nocodb-domain.com
-```
-```python
-# Python example — connecting via internal network
-import httpx
-NOCODB_URL = os.getenv("NOCODB_URL", "http://nocodb:8080")
-NOCODB_API_KEY = os.getenv("NOCODB_API_KEY")  # = NC_AUTH_JWT_SECRET value
-headers = {
-    "xc-auth": NOCODB_API_KEY,
-    "Content-Type": "application/json"
-}
-# List records from a table
-response = httpx.get(f"{NOCODB_URL}/api/v1/db/data/noco/{{TABLE_ID}}/{{VIEW_ID}}", headers=headers)
-```
-### If NocoDB Is Already Installed
-Before installing a new NocoDB, check if one is already running on the server:
-1. Run `list_servers` to see installed apps.
-2. If NocoDB is already there, retrieve its `NC_AUTH_JWT_SECRET` env var — this is the API key your app uses to authenticate.
-3. Use the internal URL `http://nocodb:8080` if your app is in the same compose, or the public domain if separate.
----
-## 2. ⚡ Cache & Sessions: Redis + RedisInsight
-**Redis** is the recommended solution for caching, session storage, and rate limiting. **RedisInsight** is the official Redis visual UI — install them together for observability.
-### Connecting Your App to Redis
-```bash
-# Internal connection string (same internal network)
-REDIS_URL=redis://redis:6379
-```
-```typescript
-// Node.js / TypeScript — ioredis
-import Redis from 'ioredis';
-const redis = new Redis(process.env.REDIS_URL || 'redis://redis:6379');
-// Cache example
-await redis.set('key', 'value', 'EX', 3600); // expires in 1 hour
-const value = await redis.get('key');
-```
-```python
-# Python — redis-py
-import redis
-import os
-r = redis.from_url(os.getenv("REDIS_URL", "redis://redis:6379"))
-r.set("key", "value", ex=3600)
-value = r.get("key")
-```
-> **Network rule:** Redis is on `internal` only — it is **never** exposed publicly. RedisInsight (the UI) is on `traefik + internal` so it can be accessed via browser. Your app connects to `redis:6379` on the `internal` network.
----
-## 3. 🔄 Job Queues: BullMQ (uses Redis)
-**BullMQ** is the recommended job queue solution. It uses Redis as its backend — so if Redis is already installed (from item 2), BullMQ is ready to use with no extra infrastructure.
-**BullMQ is a library, not a separate service.** It runs inside your application code.
-### When to use BullMQ
-- Sending emails asynchronously
-- Processing uploaded files or images
-- Scheduling recurring tasks (cron-like)
-- Handling webhooks with retry logic
-- Any long-running task that shouldn't block an HTTP response
-### BullMQ Integration (Node.js / TypeScript)
-```typescript
-import { Queue, Worker } from 'bullmq';
-import IORedis from 'ioredis';
-const connection = new IORedis(process.env.REDIS_URL || 'redis://redis:6379', {
-  maxRetriesPerRequest: null, // required for BullMQ
-});
-// --- Producer (add jobs to the queue) ---
-const emailQueue = new Queue('emails', { connection });
-await emailQueue.add('send-welcome', {
-  to: 'user@example.com',
-  subject: 'Welcome!',
-});
-// --- Worker (process jobs from the queue) ---
-const worker = new Worker('emails', async (job) => {
-  const { to, subject } = job.data;
-  await sendEmail(to, subject); // your email logic
-}, { connection });
-worker.on('completed', (job) => console.log(`Job ${job.id} completed`));
-worker.on('failed', (job, err) => console.error(`Job ${job?.id} failed:`, err));
-```
-### BullMQ Integration (Python — with rq or celery as alternatives)
-> BullMQ is Node.js-native. For Python apps, use **Celery + Redis** or **rq + Redis** instead — same Redis instance, same connection string.
-```python
-# Python — Celery with Redis broker
-from celery import Celery
-app = Celery('tasks', broker=os.getenv('REDIS_URL', 'redis://redis:6379/0'))
-@app.task
-def send_email(to: str, subject: str):
-    # your email logic
-    pass
-# Calling the task (async)
-send_email.delay('user@example.com', 'Welcome!')
-```
----
-## Decision Guide
-| Need | Recommended Solution |
-|---|---|
-| Store and query structured data | NocoDB + PostgreSQL |
-| Cache API responses, store sessions | Redis |
-| Background jobs, async tasks, retries | BullMQ (Node.js) / Celery (Python) — both use Redis |
-| Visual database management | NocoDB UI (built-in) |
-| Visual Redis inspection | RedisInsight |
-| All of the above | Full stack compose above |

package/skills/ilumin-security/SKILL.md DELETED Viewed

@@ -1,355 +0,0 @@
----
-name: ilumin-security-reviewer
-description: Use this skill before deploying any application to production. It covers mandatory security practices including authentication, frontend/backend separation, input validation, secrets management, dependency hygiene, and audit logging. Apply these checks on every new feature or deployment.
----
-# Application Security Reviewer
-This skill defines the mandatory security standards that must be verified **before deploying any application to production**. Apply each section as a checklist. Missing any item can expose user data, allow unauthorized access, or compromise the entire platform.
----
-## 1. Authentication & Session Management
-### Bearer Token / JWT
-All protected API routes **must** require an `Authorization: Bearer <token>` header. Unauthenticated requests must return `401 Unauthorized` immediately — no partial data should ever be returned.
-```python
-# Correct — FastAPI example
-from fastapi import Depends, HTTPException, status
-from fastapi.security import HTTPBearer
-security = HTTPBearer()
-@app.get("/api/protected")
-def protected_route(token = Depends(security)):
-    user = verify_jwt(token.credentials)
-    if not user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
-```
-```typescript
-// Correct — Express.js example
-app.use('/api', (req, res, next) => {
-  const token = req.headers.authorization?.split(' ')[1];
-  if (!token || !verifyJWT(token)) return res.status(401).json({ error: 'Unauthorized' });
-  next();
-});
-```
-### Password Storage
-- **NEVER** store passwords in plain text or use MD5/SHA-1.
-- Use **Argon2id** (preferred) or **BCrypt** with a minimum work factor of 10.
-- Or use PostgreSQL's `pgCrypto` extension:
-  ```sql
-  -- Store: crypt('user_password', gen_salt('bf', 10))
-  -- Verify: SELECT (password_hash = crypt('attempt', password_hash)) AS match FROM users WHERE id = $1;
-  ```
-### Cookie Security Flags
-All session cookies **must** include:
-- `HttpOnly` — prevents `document.cookie` access (mitigates XSS).
-- `Secure` — transmits cookies over HTTPS only.
-- `SameSite=Lax` or `Strict` — protects against CSRF attacks.
----
-## 2. Frontend/Backend Separation
-**The frontend must NEVER make direct calls to third-party APIs with sensitive credentials.** Any API key, auth header, or secret that's placed in frontend code is exposed to every user via browser dev tools.
-### The Correct Pattern
-```
-User Browser → Frontend (no secrets) → Your Backend API → Third-Party API (with secrets)
-```
-**Why this matters:** If your app calls the Evolution API, an AI API, or any service with an API key directly from the frontend, the user can open the Network tab in DevTools and steal that key.
-```typescript
-// WRONG — API key exposed in frontend
-const response = await fetch('https://api.openai.com/v1/chat', {
-  headers: { 'Authorization': `Bearer ${OPENAI_KEY}` } // USER CAN SEE THIS
-});
-// CORRECT — Frontend calls your own backend
-const response = await fetch('/api/chat', {
-  headers: { 'Authorization': `Bearer ${userJwtToken}` }
-});
-// Your backend then calls OpenAI with the secret key stored in env vars
-```
-### What Belongs Where
-| Layer | Allowed | Forbidden |
-|---|---|---|
-| **Frontend** | User JWT tokens, public config, UI logic | API keys, DB credentials, internal service URLs |
-| **Backend** | All secrets, third-party API calls, DB queries | Returning raw sensitive data without filtering |
----
-## 3. GOLDEN RULE — Input Validation & Sanitization
-> **Never trust user input. Always validate on the backend.**
-Frontend validation is for UX only. A malicious user can bypass it entirely. Every piece of data entering your backend must be validated for **type, size, and format** before use.
-### SQL Injection Prevention
-Always use **Prepared Statements** or ORM parameterized queries. Never interpolate user input into SQL strings.
-```python
-# WRONG — SQL Injection vulnerability
-query = f"SELECT * FROM users WHERE email = '{user_email}'"
-# CORRECT — Parameterized query
-query = "SELECT * FROM users WHERE email = $1"
-result = await db.fetch(query, user_email)
-```
-### XSS Prevention
-- Use template engines with **auto-escaping** enabled (React does this by default for JSX).
-- Never use `dangerouslySetInnerHTML` with unescaped user content.
-- Sanitize HTML input with a library like `DOMPurify` if rich text is required.
-### Input Schema Validation (Backend)
-Validate every request body with a schema library before processing:
-```python
-# FastAPI + Pydantic — automatic type and size validation
-from pydantic import BaseModel, EmailStr, constr
-class CreateUserRequest(BaseModel):
-    name: constr(min_length=2, max_length=100)
-    email: EmailStr
-    password: constr(min_length=8, max_length=128)
-```
-```typescript
-// Node.js + Zod
-import { z } from 'zod';
-const schema = z.object({
-  name: z.string().min(2).max(100),
-  email: z.string().email(),
-  password: z.string().min(8).max(128),
-});
-const data = schema.parse(req.body); // throws if invalid
-```
-### IDOR (Insecure Direct Object Reference) Prevention
-Never trust the resource ID from the request alone. Always verify ownership:
-```sql
--- WRONG: assumes the user owns order 500
-SELECT * FROM orders WHERE id = $1;
--- CORRECT: validates ownership using the authenticated user's ID from the session
-SELECT * FROM orders WHERE id = $1 AND customer_id = $2;
-```
----
-## 4. Secrets & Environment Variables
-### Zero Hardcoding Rule
-No secret must **ever** appear in source code or be committed to Git.
-```bash
-# WRONG — hardcoded secret in code
-DATABASE_URL = "postgresql://user:SuperSecret123@db:5432/mydb"
-API_KEY = "sk-abc123..."
-# CORRECT — read from environment
-import os
-DATABASE_URL = os.getenv("DATABASE_URL")
-API_KEY = os.getenv("API_KEY")
-```
-### .env File Rules
-- **Commit `.env.example`** (with placeholder values) — never the actual `.env`.
-- Add `.env` to `.gitignore` on day one of the project.
-- On Ilumin Cloud, configure secrets as environment variables in the compose file using the `${VAR_NAME}` syntax.
-```yaml
-# Correct use in docker-compose.yml for Ilumin Cloud
-environment:
-  DATABASE_URL: ${DATABASE_URL}
-  SECRET_KEY: ${SECRET_KEY}
-  API_KEY: ${API_KEY}
-```
-### Git Leak Prevention
-Before any `git push`, verify no secrets were accidentally staged:
-- Use `git diff --staged` to review what's being committed.
-- Optionally install `gitleaks` or `trufflehog` as a pre-commit hook.
----
-## 5. Dependency Hygiene
-Outdated dependencies are a common attack vector. Old versions frequently contain known CVEs (Common Vulnerabilities and Exposures).
-### Regular Audit Commands
-Run these before every production deployment:
-```bash
-# Node.js / npm
-npm audit
-npm audit fix
-# Python
-pip-audit
-# or
-safety check -r requirements.txt
-# Check for outdated packages
-npm outdated
-pip list --outdated
-```
-### Lock Files
-Always commit your lock file to guarantee reproducible and secure builds:
-- `package-lock.json` or `yarn.lock` for Node.js
-- `poetry.lock` or `requirements.txt` with pinned versions for Python
-```txt
-# Pin exact versions in requirements.txt
-fastapi==0.111.0
-pydantic==2.7.1
-httpx==0.27.0
-# Avoid unpinned versions in production
-fastapi>=0.100
-```
----
-## 6. Audit Logging
-Log security-critical events to enable forensic analysis in case of an incident:
-| Event | Must be logged |
-|---|---|
-| Failed login attempts | Yes |
-| Successful logins | Yes |
-| Permission/role changes | Yes |
-| Access to sensitive data (PII) | Yes |
-| Validation errors that look like attacks | Yes |
-| Password resets | Yes |
-> **WARNING:** Never log passwords, full credit card numbers, or complete authentication tokens. Log only partial data (e.g., last 4 digits, masked email).
-```python
-# Safe logging example
-import logging
-logger = logging.getLogger("security")
-def on_failed_login(email: str, ip: str):
-    masked_email = email[:3] + "***@" + email.split("@")[-1]
-    logger.warning(f"Failed login attempt | email={masked_email} | ip={ip}")
-```
----
-## 7. Access Control (RBAC)
-Apply the **Principle of Least Privilege**: users should only access what they need for their role.
-- Define roles explicitly: `admin`, `editor`, `viewer`, etc.
-- Enforce role checks **on the backend**, never just on frontend route guards.
-- For SaaS/multi-tenant apps: always scope queries to the authenticated user's `tenant_id` or `organization_id` — never return cross-tenant data.
-```python
-# Role check middleware example
-def require_role(required_role: str):
-    def decorator(user = Depends(get_current_user)):
-        if user.role != required_role:
-            raise HTTPException(status_code=403, detail="Forbidden")
-        return user
-    return decorator
-@app.delete("/api/users/{id}", dependencies=[Depends(require_role("admin"))])
-def delete_user(id: int): ...
-```
----
-## 8. Rate Limiting & Abuse Prevention (Frontend + Backend)
-To prevent users from creating automations (like malicious scripts or spamming clicks) that overwhelm the database—such as creating 500 rows per second and overloading the CPU and storage—you **MUST** implement rate limiting at both layers:
-### Frontend Defenses
-While frontend protections can be bypassed by advanced users, they prevent accidental spam and simple UI-based automations:
-- **Disable Buttons on Submit:** Always disable the submit button and show a loading state while a request is in flight.
-- **Debounce / Throttle:** Use debouncing for rapid events (like search inputs) to prevent firing an API call on every keystroke.
-- **Cooldowns:** For specific actions (e.g., "Send SMS", "Generate Image"), implement a visual cooldown timer.
-```tsx
-// Correct — Disable button while loading to prevent double-clicks / spam
-const [isLoading, setIsLoading] = useState(false);
-const handleSubmit = async () => {
-  if (isLoading) return;
-  setIsLoading(true);
-  try {
-    await api.post('/data', payload);
-  } finally {
-    setIsLoading(false);
-  }
-};
-return (
-  <button disabled={isLoading} onClick={handleSubmit}>
-    {isLoading ? 'Processing...' : 'Submit'}
-  </button>
-);
-```
-### Backend Rate Limiting (The Real Shield)
-Since frontend limits can be bypassed via direct API calls (e.g., cURL, Postman), the backend **MUST** enforce the ultimate rate limit per IP or User ID.
-- Apply strict limits to all `POST`, `PUT`, `PATCH`, and `DELETE` endpoints.
-- E.g., Limit data creation (posts, comments) to a reasonable amount per minute to protect database IO and CPU.
----
-## Pre-Deployment Security Checklist
-Run through every item before a production deploy:
-### Authentication & Authorization
-- [ ] All protected routes require a valid Bearer token
-- [ ] JWT expiration is set (recommended: ≤ 24h for access tokens)
-- [ ] Passwords are hashed with BCrypt/Argon2 or pgCrypto — never stored plain
-- [ ] Session cookies have `HttpOnly`, `Secure`, and `SameSite` flags set
-### Frontend/Backend Separation
-- [ ] No API keys or secrets exist in frontend code
-- [ ] All sensitive third-party calls are proxied through the backend
-- [ ] Frontend only stores the user's own JWT — nothing else sensitive
-### Input Validation (Golden Rule)
-- [ ] All request bodies are validated with a schema (Pydantic, Zod, Joi, etc.)
-- [ ] All database queries use parameterized statements / ORM methods
-- [ ] Ownership is verified for every resource access (IDOR prevention)
-- [ ] All user-generated content rendered in HTML is escaped
-### Rate Limiting & Abuse Prevention
-- [ ] Frontend UI disables buttons/inputs while requests are pending
-- [ ] Backend strictly implements rate limits on mutation endpoints (`POST`, `PUT`, `DELETE`) to avoid database stuffing
-### Secrets & Environment
-- [ ] No hardcoded secrets in source code
-- [ ] `.env` is in `.gitignore` and not committed
-- [ ] `.env.example` exists with placeholder values for team reference
-- [ ] All production secrets are configured as environment variables
-### Dependencies
-- [ ] `npm audit` / `pip-audit` ran with no critical vulnerabilities
-- [ ] Lock file is committed and up to date
-- [ ] No dependency is significantly outdated with known CVEs
-### Logging
-- [ ] Failed login events are being logged
-- [ ] No sensitive data (passwords, tokens, card numbers) appears in logs