memory-journal-mcp 7.7.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (531) hide show
  1. package/README.md +126 -56
  2. package/dist/chunk-6OHRCNYW.js +3231 -0
  3. package/dist/chunk-JFMITANR.js +5168 -0
  4. package/dist/{chunk-QCQPAF4I.js → chunk-MWNLAEHR.js} +301 -4321
  5. package/dist/{chunk-ARLYSFSI.js → chunk-UHSO65A4.js} +4242 -6092
  6. package/dist/cli.js +21 -3
  7. package/dist/index.d.ts +16 -13
  8. package/dist/index.js +4 -2
  9. package/dist/resources-IJVKDFGS.js +2 -0
  10. package/dist/tools-44DGXE3V.js +2 -0
  11. package/dist/worker-script.js +201 -20
  12. package/package.json +7 -4
  13. package/skills/README.md +62 -25
  14. package/skills/adversarial-performance/SKILL.md +139 -0
  15. package/skills/adversarial-performance/references/audit-categories.md +462 -0
  16. package/skills/adversarial-performance/references/copilot-performance-prompts.md +44 -0
  17. package/skills/adversarial-performance/references/copilot-usage.md +16 -0
  18. package/skills/adversarial-performance/references/feedback-loop.md +177 -0
  19. package/skills/adversarial-performance/references/multi-pass-performance-protocol.md +398 -0
  20. package/skills/adversarial-planner/SKILL.md +23 -54
  21. package/skills/adversarial-planner/references/copilot-integration.md +25 -40
  22. package/skills/adversarial-planner/references/copilot-usage.md +16 -0
  23. package/skills/adversarial-planner/references/multi-pass-protocol.md +4 -0
  24. package/skills/adversarial-security/SKILL.md +149 -0
  25. package/skills/adversarial-security/references/adversarial-base-protocol.md +44 -0
  26. package/skills/adversarial-security/references/audit-categories.md +723 -0
  27. package/skills/adversarial-security/references/copilot-security-prompts.md +142 -0
  28. package/skills/adversarial-security/references/copilot-usage.md +16 -0
  29. package/skills/adversarial-security/references/feedback-loop.md +206 -0
  30. package/skills/adversarial-security/references/journal-opt-out.md +7 -0
  31. package/skills/adversarial-security/references/multi-pass-security-protocol.md +403 -0
  32. package/skills/adversarial-skill-audit/SKILL.md +118 -0
  33. package/skills/adversarial-skill-audit/references/audit-categories.md +308 -0
  34. package/skills/adversarial-skill-audit/references/copilot-skill-prompts.md +68 -0
  35. package/skills/adversarial-skill-audit/references/copilot-usage.md +16 -0
  36. package/skills/adversarial-skill-audit/references/feedback-loop.md +155 -0
  37. package/skills/adversarial-skill-audit/references/multi-pass-skill-protocol.md +367 -0
  38. package/skills/adversarial-skill-audit/scripts/check-skills.ps1 +48 -0
  39. package/skills/adversarial-skill-audit/scripts/run-copilot.ps1 +52 -0
  40. package/skills/adversarial-workflow-audit/SKILL.md +82 -0
  41. package/skills/adversarial-workflow-audit/references/audit-categories.md +28 -0
  42. package/skills/adversarial-workflow-audit/references/copilot-usage.md +16 -0
  43. package/skills/adversarial-workflow-audit/scripts/check-workflows.ps1 +24 -0
  44. package/skills/agents-sdk/SKILL.md +220 -0
  45. package/skills/agents-sdk/references/callable.md +92 -0
  46. package/skills/agents-sdk/references/codemode.md +209 -0
  47. package/skills/agents-sdk/references/email.md +144 -0
  48. package/skills/agents-sdk/references/mcp/SKILL.md +65 -0
  49. package/skills/agents-sdk/references/mcp/code-mode-reference.md +245 -0
  50. package/skills/agents-sdk/references/mcp/oauth-reference.md +359 -0
  51. package/skills/agents-sdk/references/mcp/references/architecture-reference.md +208 -0
  52. package/skills/agents-sdk/references/mcp/references/cloudflare-quickstart.md +156 -0
  53. package/skills/agents-sdk/references/mcp/references/error-handling.md +343 -0
  54. package/skills/agents-sdk/references/mcp/references/http-security.md +164 -0
  55. package/skills/agents-sdk/references/mcp/references/implementation-guide.md +507 -0
  56. package/skills/agents-sdk/references/mcp/references/testing-reference.md +171 -0
  57. package/skills/agents-sdk/references/mcp.md +157 -0
  58. package/skills/agents-sdk/references/state-scheduling.md +164 -0
  59. package/skills/agents-sdk/references/streaming-chat.md +168 -0
  60. package/skills/agents-sdk/references/workflows.md +136 -0
  61. package/skills/auth-identity/SKILL.md +48 -0
  62. package/skills/autonomous-dev/SKILL.md +46 -23
  63. package/skills/autonomous-dev/references/workflow_orchestration.md +22 -0
  64. package/skills/aws/SKILL.md +39 -0
  65. package/skills/azure/SKILL.md +38 -0
  66. package/skills/bin/sync.js +7 -1
  67. package/skills/biome/SKILL.md +59 -0
  68. package/skills/bun/SKILL.md +8 -2
  69. package/skills/cloudflare/SKILL.md +37 -0
  70. package/skills/cloudflare/references/agents-sdk/README.md +95 -0
  71. package/skills/cloudflare/references/agents-sdk/api.md +195 -0
  72. package/skills/cloudflare/references/agents-sdk/configuration.md +178 -0
  73. package/skills/cloudflare/references/agents-sdk/gotchas.md +173 -0
  74. package/skills/cloudflare/references/agents-sdk/patterns.md +215 -0
  75. package/skills/cloudflare/references/ai-gateway/README.md +176 -0
  76. package/skills/cloudflare/references/ai-gateway/configuration.md +117 -0
  77. package/skills/cloudflare/references/ai-gateway/dynamic-routing.md +88 -0
  78. package/skills/cloudflare/references/ai-gateway/features.md +96 -0
  79. package/skills/cloudflare/references/ai-gateway/sdk-integration.md +110 -0
  80. package/skills/cloudflare/references/ai-gateway/troubleshooting.md +90 -0
  81. package/skills/cloudflare/references/ai-search/README.md +145 -0
  82. package/skills/cloudflare/references/ai-search/api.md +87 -0
  83. package/skills/cloudflare/references/ai-search/configuration.md +91 -0
  84. package/skills/cloudflare/references/ai-search/gotchas.md +92 -0
  85. package/skills/cloudflare/references/ai-search/patterns.md +87 -0
  86. package/skills/cloudflare/references/analytics-engine/README.md +96 -0
  87. package/skills/cloudflare/references/analytics-engine/api.md +112 -0
  88. package/skills/cloudflare/references/analytics-engine/configuration.md +107 -0
  89. package/skills/cloudflare/references/analytics-engine/gotchas.md +87 -0
  90. package/skills/cloudflare/references/analytics-engine/patterns.md +83 -0
  91. package/skills/cloudflare/references/api/README.md +66 -0
  92. package/skills/cloudflare/references/api/api.md +205 -0
  93. package/skills/cloudflare/references/api/configuration.md +158 -0
  94. package/skills/cloudflare/references/api/gotchas.md +231 -0
  95. package/skills/cloudflare/references/api/patterns.md +208 -0
  96. package/skills/cloudflare/references/api-shield/README.md +44 -0
  97. package/skills/cloudflare/references/api-shield/api.md +153 -0
  98. package/skills/cloudflare/references/api-shield/configuration.md +210 -0
  99. package/skills/cloudflare/references/api-shield/gotchas.md +132 -0
  100. package/skills/cloudflare/references/api-shield/patterns.md +185 -0
  101. package/skills/cloudflare/references/argo-smart-routing/README.md +96 -0
  102. package/skills/cloudflare/references/argo-smart-routing/api.md +253 -0
  103. package/skills/cloudflare/references/argo-smart-routing/configuration.md +205 -0
  104. package/skills/cloudflare/references/argo-smart-routing/gotchas.md +115 -0
  105. package/skills/cloudflare/references/argo-smart-routing/patterns.md +107 -0
  106. package/skills/cloudflare/references/bindings/README.md +127 -0
  107. package/skills/cloudflare/references/bindings/api.md +214 -0
  108. package/skills/cloudflare/references/bindings/configuration.md +200 -0
  109. package/skills/cloudflare/references/bindings/gotchas.md +210 -0
  110. package/skills/cloudflare/references/bindings/patterns.md +205 -0
  111. package/skills/cloudflare/references/bot-management/README.md +95 -0
  112. package/skills/cloudflare/references/bot-management/api.md +175 -0
  113. package/skills/cloudflare/references/bot-management/configuration.md +175 -0
  114. package/skills/cloudflare/references/bot-management/gotchas.md +116 -0
  115. package/skills/cloudflare/references/bot-management/patterns.md +181 -0
  116. package/skills/cloudflare/references/browser-rendering/README.md +84 -0
  117. package/skills/cloudflare/references/browser-rendering/api.md +108 -0
  118. package/skills/cloudflare/references/browser-rendering/configuration.md +78 -0
  119. package/skills/cloudflare/references/browser-rendering/gotchas.md +91 -0
  120. package/skills/cloudflare/references/browser-rendering/patterns.md +93 -0
  121. package/skills/cloudflare/references/c3/README.md +111 -0
  122. package/skills/cloudflare/references/c3/api.md +71 -0
  123. package/skills/cloudflare/references/c3/configuration.md +85 -0
  124. package/skills/cloudflare/references/c3/gotchas.md +97 -0
  125. package/skills/cloudflare/references/c3/patterns.md +84 -0
  126. package/skills/cloudflare/references/cache-reserve/README.md +150 -0
  127. package/skills/cloudflare/references/cache-reserve/api.md +184 -0
  128. package/skills/cloudflare/references/cache-reserve/configuration.md +170 -0
  129. package/skills/cloudflare/references/cache-reserve/gotchas.md +136 -0
  130. package/skills/cloudflare/references/cache-reserve/patterns.md +197 -0
  131. package/skills/cloudflare/references/containers/README.md +87 -0
  132. package/skills/cloudflare/references/containers/api.md +197 -0
  133. package/skills/cloudflare/references/containers/configuration.md +191 -0
  134. package/skills/cloudflare/references/containers/gotchas.md +182 -0
  135. package/skills/cloudflare/references/containers/patterns.md +204 -0
  136. package/skills/cloudflare/references/cron-triggers/README.md +101 -0
  137. package/skills/cloudflare/references/cron-triggers/api.md +224 -0
  138. package/skills/cloudflare/references/cron-triggers/configuration.md +190 -0
  139. package/skills/cloudflare/references/cron-triggers/gotchas.md +207 -0
  140. package/skills/cloudflare/references/cron-triggers/patterns.md +274 -0
  141. package/skills/cloudflare/references/d1/README.md +137 -0
  142. package/skills/cloudflare/references/d1/api.md +213 -0
  143. package/skills/cloudflare/references/d1/configuration.md +198 -0
  144. package/skills/cloudflare/references/d1/gotchas.md +98 -0
  145. package/skills/cloudflare/references/d1/patterns.md +240 -0
  146. package/skills/cloudflare/references/ddos/README.md +42 -0
  147. package/skills/cloudflare/references/ddos/api.md +158 -0
  148. package/skills/cloudflare/references/ddos/configuration.md +94 -0
  149. package/skills/cloudflare/references/ddos/gotchas.md +114 -0
  150. package/skills/cloudflare/references/ddos/patterns.md +220 -0
  151. package/skills/cloudflare/references/decision-trees.md +95 -0
  152. package/skills/cloudflare/references/do-storage/README.md +79 -0
  153. package/skills/cloudflare/references/do-storage/api.md +107 -0
  154. package/skills/cloudflare/references/do-storage/configuration.md +114 -0
  155. package/skills/cloudflare/references/do-storage/gotchas.md +153 -0
  156. package/skills/cloudflare/references/do-storage/patterns.md +210 -0
  157. package/skills/cloudflare/references/do-storage/testing.md +186 -0
  158. package/skills/cloudflare/references/durable-objects/README.md +194 -0
  159. package/skills/cloudflare/references/durable-objects/api.md +205 -0
  160. package/skills/cloudflare/references/durable-objects/configuration.md +160 -0
  161. package/skills/cloudflare/references/durable-objects/gotchas.md +200 -0
  162. package/skills/cloudflare/references/durable-objects/patterns.md +205 -0
  163. package/skills/cloudflare/references/email-routing/README.md +89 -0
  164. package/skills/cloudflare/references/email-routing/api.md +192 -0
  165. package/skills/cloudflare/references/email-routing/configuration.md +187 -0
  166. package/skills/cloudflare/references/email-routing/gotchas.md +203 -0
  167. package/skills/cloudflare/references/email-routing/patterns.md +241 -0
  168. package/skills/cloudflare/references/email-workers/README.md +153 -0
  169. package/skills/cloudflare/references/email-workers/api.md +227 -0
  170. package/skills/cloudflare/references/email-workers/configuration.md +115 -0
  171. package/skills/cloudflare/references/email-workers/gotchas.md +133 -0
  172. package/skills/cloudflare/references/email-workers/patterns.md +108 -0
  173. package/skills/cloudflare/references/graphql-api/README.md +147 -0
  174. package/skills/cloudflare/references/graphql-api/api.md +175 -0
  175. package/skills/cloudflare/references/graphql-api/configuration.md +151 -0
  176. package/skills/cloudflare/references/graphql-api/gotchas.md +111 -0
  177. package/skills/cloudflare/references/graphql-api/patterns.md +276 -0
  178. package/skills/cloudflare/references/hyperdrive/README.md +84 -0
  179. package/skills/cloudflare/references/hyperdrive/api.md +149 -0
  180. package/skills/cloudflare/references/hyperdrive/configuration.md +166 -0
  181. package/skills/cloudflare/references/hyperdrive/gotchas.md +77 -0
  182. package/skills/cloudflare/references/hyperdrive/patterns.md +203 -0
  183. package/skills/cloudflare/references/images/README.md +65 -0
  184. package/skills/cloudflare/references/images/api.md +101 -0
  185. package/skills/cloudflare/references/images/configuration.md +206 -0
  186. package/skills/cloudflare/references/images/gotchas.md +106 -0
  187. package/skills/cloudflare/references/images/patterns.md +126 -0
  188. package/skills/cloudflare/references/kv/README.md +90 -0
  189. package/skills/cloudflare/references/kv/api.md +163 -0
  190. package/skills/cloudflare/references/kv/configuration.md +148 -0
  191. package/skills/cloudflare/references/kv/gotchas.md +133 -0
  192. package/skills/cloudflare/references/kv/patterns.md +195 -0
  193. package/skills/cloudflare/references/miniflare/README.md +113 -0
  194. package/skills/cloudflare/references/miniflare/api.md +204 -0
  195. package/skills/cloudflare/references/miniflare/configuration.md +174 -0
  196. package/skills/cloudflare/references/miniflare/gotchas.md +179 -0
  197. package/skills/cloudflare/references/miniflare/patterns.md +187 -0
  198. package/skills/cloudflare/references/network-interconnect/README.md +104 -0
  199. package/skills/cloudflare/references/network-interconnect/api.md +220 -0
  200. package/skills/cloudflare/references/network-interconnect/configuration.md +123 -0
  201. package/skills/cloudflare/references/network-interconnect/gotchas.md +175 -0
  202. package/skills/cloudflare/references/network-interconnect/patterns.md +174 -0
  203. package/skills/cloudflare/references/observability/README.md +93 -0
  204. package/skills/cloudflare/references/observability/api.md +168 -0
  205. package/skills/cloudflare/references/observability/configuration.md +178 -0
  206. package/skills/cloudflare/references/observability/gotchas.md +125 -0
  207. package/skills/cloudflare/references/observability/patterns.md +105 -0
  208. package/skills/cloudflare/references/pages/README.md +92 -0
  209. package/skills/cloudflare/references/pages/api.md +205 -0
  210. package/skills/cloudflare/references/pages/configuration.md +216 -0
  211. package/skills/cloudflare/references/pages/gotchas.md +218 -0
  212. package/skills/cloudflare/references/pages/patterns.md +215 -0
  213. package/skills/cloudflare/references/pages-functions/README.md +104 -0
  214. package/skills/cloudflare/references/pages-functions/api.md +159 -0
  215. package/skills/cloudflare/references/pages-functions/configuration.md +130 -0
  216. package/skills/cloudflare/references/pages-functions/gotchas.md +102 -0
  217. package/skills/cloudflare/references/pages-functions/patterns.md +148 -0
  218. package/skills/cloudflare/references/pipelines/README.md +109 -0
  219. package/skills/cloudflare/references/pipelines/api.md +214 -0
  220. package/skills/cloudflare/references/pipelines/configuration.md +98 -0
  221. package/skills/cloudflare/references/pipelines/gotchas.md +84 -0
  222. package/skills/cloudflare/references/pipelines/patterns.md +87 -0
  223. package/skills/cloudflare/references/product-index.md +112 -0
  224. package/skills/cloudflare/references/pulumi/README.md +113 -0
  225. package/skills/cloudflare/references/pulumi/api.md +230 -0
  226. package/skills/cloudflare/references/pulumi/configuration.md +213 -0
  227. package/skills/cloudflare/references/pulumi/gotchas.md +205 -0
  228. package/skills/cloudflare/references/pulumi/patterns.md +260 -0
  229. package/skills/cloudflare/references/queues/README.md +99 -0
  230. package/skills/cloudflare/references/queues/api.md +211 -0
  231. package/skills/cloudflare/references/queues/configuration.md +151 -0
  232. package/skills/cloudflare/references/queues/gotchas.md +210 -0
  233. package/skills/cloudflare/references/queues/patterns.md +220 -0
  234. package/skills/cloudflare/references/r2/README.md +97 -0
  235. package/skills/cloudflare/references/r2/api.md +235 -0
  236. package/skills/cloudflare/references/r2/configuration.md +176 -0
  237. package/skills/cloudflare/references/r2/gotchas.md +190 -0
  238. package/skills/cloudflare/references/r2/patterns.md +203 -0
  239. package/skills/cloudflare/references/r2-data-catalog/README.md +157 -0
  240. package/skills/cloudflare/references/r2-data-catalog/api.md +199 -0
  241. package/skills/cloudflare/references/r2-data-catalog/configuration.md +205 -0
  242. package/skills/cloudflare/references/r2-data-catalog/gotchas.md +170 -0
  243. package/skills/cloudflare/references/r2-data-catalog/patterns.md +191 -0
  244. package/skills/cloudflare/references/r2-sql/README.md +138 -0
  245. package/skills/cloudflare/references/r2-sql/SKILL.md.backup +512 -0
  246. package/skills/cloudflare/references/r2-sql/api.md +159 -0
  247. package/skills/cloudflare/references/r2-sql/configuration.md +152 -0
  248. package/skills/cloudflare/references/r2-sql/gotchas.md +228 -0
  249. package/skills/cloudflare/references/r2-sql/patterns.md +230 -0
  250. package/skills/cloudflare/references/realtime-sfu/README.md +66 -0
  251. package/skills/cloudflare/references/realtime-sfu/api.md +164 -0
  252. package/skills/cloudflare/references/realtime-sfu/configuration.md +141 -0
  253. package/skills/cloudflare/references/realtime-sfu/gotchas.md +138 -0
  254. package/skills/cloudflare/references/realtime-sfu/patterns.md +187 -0
  255. package/skills/cloudflare/references/realtimekit/README.md +118 -0
  256. package/skills/cloudflare/references/realtimekit/api.md +234 -0
  257. package/skills/cloudflare/references/realtimekit/configuration.md +226 -0
  258. package/skills/cloudflare/references/realtimekit/gotchas.md +206 -0
  259. package/skills/cloudflare/references/realtimekit/patterns.md +240 -0
  260. package/skills/cloudflare/references/sandbox/README.md +104 -0
  261. package/skills/cloudflare/references/sandbox/api.md +200 -0
  262. package/skills/cloudflare/references/sandbox/configuration.md +154 -0
  263. package/skills/cloudflare/references/sandbox/gotchas.md +201 -0
  264. package/skills/cloudflare/references/sandbox/patterns.md +195 -0
  265. package/skills/cloudflare/references/secrets-store/README.md +77 -0
  266. package/skills/cloudflare/references/secrets-store/api.md +199 -0
  267. package/skills/cloudflare/references/secrets-store/configuration.md +187 -0
  268. package/skills/cloudflare/references/secrets-store/gotchas.md +97 -0
  269. package/skills/cloudflare/references/secrets-store/patterns.md +218 -0
  270. package/skills/cloudflare/references/smart-placement/README.md +143 -0
  271. package/skills/cloudflare/references/smart-placement/api.md +192 -0
  272. package/skills/cloudflare/references/smart-placement/configuration.md +202 -0
  273. package/skills/cloudflare/references/smart-placement/gotchas.md +180 -0
  274. package/skills/cloudflare/references/smart-placement/patterns.md +190 -0
  275. package/skills/cloudflare/references/snippets/README.md +74 -0
  276. package/skills/cloudflare/references/snippets/api.md +214 -0
  277. package/skills/cloudflare/references/snippets/configuration.md +239 -0
  278. package/skills/cloudflare/references/snippets/gotchas.md +104 -0
  279. package/skills/cloudflare/references/snippets/patterns.md +135 -0
  280. package/skills/cloudflare/references/spectrum/README.md +52 -0
  281. package/skills/cloudflare/references/spectrum/api.md +184 -0
  282. package/skills/cloudflare/references/spectrum/configuration.md +203 -0
  283. package/skills/cloudflare/references/spectrum/gotchas.md +155 -0
  284. package/skills/cloudflare/references/spectrum/patterns.md +206 -0
  285. package/skills/cloudflare/references/static-assets/README.md +65 -0
  286. package/skills/cloudflare/references/static-assets/api.md +201 -0
  287. package/skills/cloudflare/references/static-assets/configuration.md +186 -0
  288. package/skills/cloudflare/references/static-assets/gotchas.md +164 -0
  289. package/skills/cloudflare/references/static-assets/patterns.md +189 -0
  290. package/skills/cloudflare/references/stream/README.md +123 -0
  291. package/skills/cloudflare/references/stream/api-live.md +202 -0
  292. package/skills/cloudflare/references/stream/api.md +206 -0
  293. package/skills/cloudflare/references/stream/configuration.md +151 -0
  294. package/skills/cloudflare/references/stream/gotchas.md +139 -0
  295. package/skills/cloudflare/references/stream/patterns.md +217 -0
  296. package/skills/cloudflare/references/tail-workers/README.md +92 -0
  297. package/skills/cloudflare/references/tail-workers/api.md +203 -0
  298. package/skills/cloudflare/references/tail-workers/configuration.md +178 -0
  299. package/skills/cloudflare/references/tail-workers/gotchas.md +206 -0
  300. package/skills/cloudflare/references/tail-workers/patterns.md +190 -0
  301. package/skills/cloudflare/references/terraform/README.md +100 -0
  302. package/skills/cloudflare/references/terraform/api.md +178 -0
  303. package/skills/cloudflare/references/terraform/configuration.md +197 -0
  304. package/skills/cloudflare/references/terraform/gotchas.md +150 -0
  305. package/skills/cloudflare/references/terraform/patterns.md +174 -0
  306. package/skills/cloudflare/references/tunnel/README.md +137 -0
  307. package/skills/cloudflare/references/tunnel/api.md +205 -0
  308. package/skills/cloudflare/references/tunnel/configuration.md +163 -0
  309. package/skills/cloudflare/references/tunnel/gotchas.md +159 -0
  310. package/skills/cloudflare/references/tunnel/networking.md +174 -0
  311. package/skills/cloudflare/references/tunnel/patterns.md +199 -0
  312. package/skills/cloudflare/references/turn/README.md +86 -0
  313. package/skills/cloudflare/references/turn/api.md +236 -0
  314. package/skills/cloudflare/references/turn/configuration.md +181 -0
  315. package/skills/cloudflare/references/turn/gotchas.md +236 -0
  316. package/skills/cloudflare/references/turn/patterns.md +228 -0
  317. package/skills/cloudflare/references/turnstile/README.md +102 -0
  318. package/skills/cloudflare/references/turnstile/api.md +253 -0
  319. package/skills/cloudflare/references/turnstile/configuration.md +242 -0
  320. package/skills/cloudflare/references/turnstile/gotchas.md +253 -0
  321. package/skills/cloudflare/references/turnstile/patterns.md +195 -0
  322. package/skills/cloudflare/references/vectorize/README.md +133 -0
  323. package/skills/cloudflare/references/vectorize/api.md +89 -0
  324. package/skills/cloudflare/references/vectorize/configuration.md +91 -0
  325. package/skills/cloudflare/references/vectorize/gotchas.md +83 -0
  326. package/skills/cloudflare/references/vectorize/patterns.md +92 -0
  327. package/skills/cloudflare/references/waf/README.md +125 -0
  328. package/skills/cloudflare/references/waf/api.md +203 -0
  329. package/skills/cloudflare/references/waf/configuration.md +215 -0
  330. package/skills/cloudflare/references/waf/gotchas.md +208 -0
  331. package/skills/cloudflare/references/waf/patterns.md +236 -0
  332. package/skills/cloudflare/references/web-analytics/README.md +149 -0
  333. package/skills/cloudflare/references/web-analytics/configuration.md +81 -0
  334. package/skills/cloudflare/references/web-analytics/gotchas.md +86 -0
  335. package/skills/cloudflare/references/web-analytics/integration.md +63 -0
  336. package/skills/cloudflare/references/web-analytics/patterns.md +98 -0
  337. package/skills/cloudflare/references/workerd/README.md +85 -0
  338. package/skills/cloudflare/references/workerd/api.md +219 -0
  339. package/skills/cloudflare/references/workerd/configuration.md +200 -0
  340. package/skills/cloudflare/references/workerd/gotchas.md +151 -0
  341. package/skills/cloudflare/references/workerd/patterns.md +205 -0
  342. package/skills/cloudflare/references/workers/README.md +110 -0
  343. package/skills/cloudflare/references/workers/api.md +197 -0
  344. package/skills/cloudflare/references/workers/configuration.md +184 -0
  345. package/skills/cloudflare/references/workers/frameworks.md +200 -0
  346. package/skills/cloudflare/references/workers/gotchas.md +145 -0
  347. package/skills/cloudflare/references/workers/patterns.md +220 -0
  348. package/skills/cloudflare/references/workers-ai/README.md +206 -0
  349. package/skills/cloudflare/references/workers-ai/api.md +115 -0
  350. package/skills/cloudflare/references/workers-ai/configuration.md +98 -0
  351. package/skills/cloudflare/references/workers-ai/gotchas.md +130 -0
  352. package/skills/cloudflare/references/workers-ai/patterns.md +122 -0
  353. package/skills/cloudflare/references/workers-for-platforms/README.md +95 -0
  354. package/skills/cloudflare/references/workers-for-platforms/api.md +212 -0
  355. package/skills/cloudflare/references/workers-for-platforms/configuration.md +178 -0
  356. package/skills/cloudflare/references/workers-for-platforms/gotchas.md +134 -0
  357. package/skills/cloudflare/references/workers-for-platforms/patterns.md +210 -0
  358. package/skills/cloudflare/references/workers-playground/README.md +131 -0
  359. package/skills/cloudflare/references/workers-playground/api.md +101 -0
  360. package/skills/cloudflare/references/workers-playground/configuration.md +169 -0
  361. package/skills/cloudflare/references/workers-playground/gotchas.md +88 -0
  362. package/skills/cloudflare/references/workers-playground/patterns.md +134 -0
  363. package/skills/cloudflare/references/workers-vpc/README.md +130 -0
  364. package/skills/cloudflare/references/workers-vpc/api.md +196 -0
  365. package/skills/cloudflare/references/workers-vpc/configuration.md +151 -0
  366. package/skills/cloudflare/references/workers-vpc/gotchas.md +171 -0
  367. package/skills/cloudflare/references/workers-vpc/patterns.md +235 -0
  368. package/skills/cloudflare/references/workflows/README.md +72 -0
  369. package/skills/cloudflare/references/workflows/api.md +237 -0
  370. package/skills/cloudflare/references/workflows/configuration.md +158 -0
  371. package/skills/cloudflare/references/workflows/gotchas.md +97 -0
  372. package/skills/cloudflare/references/workflows/patterns.md +245 -0
  373. package/skills/cloudflare/references/wrangler/README.md +143 -0
  374. package/skills/cloudflare/references/wrangler/api.md +188 -0
  375. package/skills/cloudflare/references/wrangler/configuration.md +198 -0
  376. package/skills/cloudflare/references/wrangler/gotchas.md +212 -0
  377. package/skills/cloudflare/references/wrangler/patterns.md +211 -0
  378. package/skills/cloudflare/references/zaraz/IMPLEMENTATION_SUMMARY.md +131 -0
  379. package/skills/cloudflare/references/zaraz/README.md +114 -0
  380. package/skills/cloudflare/references/zaraz/api.md +118 -0
  381. package/skills/cloudflare/references/zaraz/configuration.md +94 -0
  382. package/skills/cloudflare/references/zaraz/gotchas.md +88 -0
  383. package/skills/cloudflare/references/zaraz/patterns.md +77 -0
  384. package/skills/docker/SKILL.md +7 -101
  385. package/skills/docker/references/advanced-examples.md +71 -0
  386. package/skills/docker/references/templates.md +34 -0
  387. package/skills/docs-marketer/SKILL.md +178 -0
  388. package/skills/docs-marketer/references/audit-categories.md +328 -0
  389. package/skills/docs-marketer/references/copilot-docs-prompts.md +88 -0
  390. package/skills/docs-marketer/references/copilot-usage.md +16 -0
  391. package/skills/docs-marketer/references/feedback-loop.md +155 -0
  392. package/skills/docs-marketer/references/multi-pass-docs-protocol.md +410 -0
  393. package/skills/drizzle-orm/SKILL.md +82 -0
  394. package/skills/durable-objects/SKILL.md +167 -0
  395. package/skills/durable-objects/references/advanced_features.md +29 -0
  396. package/skills/durable-objects/references/rules.md +300 -0
  397. package/skills/durable-objects/references/testing.md +261 -0
  398. package/skills/durable-objects/references/workers.md +336 -0
  399. package/skills/gcp/SKILL.md +37 -0
  400. package/skills/github-actions/SKILL.md +5 -58
  401. package/skills/github-actions/references/templates.md +65 -0
  402. package/skills/github-commander/SKILL.md +13 -21
  403. package/skills/github-commander/workflows/copilot-audit.md +12 -12
  404. package/skills/github-copilot-cli/SKILL.md +21 -26
  405. package/skills/github-repo-setup/SKILL.md +136 -0
  406. package/skills/github-repo-setup/references/community-standards.md +136 -0
  407. package/skills/github-repo-setup/references/github-automation.md +490 -0
  408. package/skills/github-repo-setup/references/inline-templates.md +205 -0
  409. package/skills/github-repo-setup/references/project-config.md +320 -0
  410. package/skills/gitlab/SKILL.md +7 -2
  411. package/skills/gitlab/package-lock.json +389 -389
  412. package/skills/golang/SKILL.md +8 -1
  413. package/skills/graphql/SKILL.md +30 -0
  414. package/skills/hono/SKILL.md +82 -0
  415. package/skills/journal-optimizer/SKILL.md +206 -0
  416. package/skills/journal-optimizer/references/optimizer-scripts.md +169 -0
  417. package/skills/llm-app-engineering/SKILL.md +18 -0
  418. package/skills/monorepo/SKILL.md +56 -0
  419. package/skills/multi-agent-orchestration/SKILL.md +14 -0
  420. package/skills/mysql/SKILL.md +6 -2
  421. package/skills/next-best-practices/SKILL.md +86 -0
  422. package/skills/next-best-practices/references/cache-components-examples.md +234 -0
  423. package/skills/next-best-practices/references/cache-components.md +210 -0
  424. package/skills/next-best-practices/references/upgrade-decision-tree.md +33 -0
  425. package/skills/next-best-practices/references/upgrade.md +43 -0
  426. package/skills/next-cache-components/SKILL.md +441 -0
  427. package/skills/next-upgrade/SKILL.md +43 -0
  428. package/skills/next-upgrade/references/decision-tree.md +33 -0
  429. package/skills/nodejs/SKILL.md +46 -0
  430. package/skills/opentelemetry/SKILL.md +62 -0
  431. package/skills/package.json +39 -4
  432. package/skills/playwright-standard/SKILL.md +6 -11
  433. package/skills/playwright-standard/references/locators.md +7 -0
  434. package/skills/postgres/SKILL.md +6 -1
  435. package/skills/python/SKILL.md +8 -70
  436. package/skills/python/references/advanced-patterns.md +37 -0
  437. package/skills/python/references/config-templates.md +48 -0
  438. package/skills/rag-pipelines/SKILL.md +14 -0
  439. package/skills/redis/SKILL.md +31 -0
  440. package/skills/render/SKILL.md +35 -0
  441. package/skills/rust/SKILL.md +15 -25
  442. package/skills/rust/references/borrow-checker.md +13 -0
  443. package/skills/rust/references/ecosystem.md +11 -0
  444. package/skills/sandbox-sdk/SKILL.md +186 -0
  445. package/skills/sandbox-sdk/references/api-quick-ref.md +113 -0
  446. package/skills/sandbox-sdk/references/examples.md +52 -0
  447. package/skills/shadcn-ui/SKILL.md +22 -57
  448. package/skills/skill-builder/SKILL.md +23 -424
  449. package/skills/skill-builder/references/tutorial.md +457 -0
  450. package/skills/sqlite/SKILL.md +16 -5
  451. package/skills/table.md +59 -0
  452. package/skills/tailwind-css/SKILL.md +11 -60
  453. package/skills/tailwind-css/references/component-patterns.md +52 -0
  454. package/skills/trpc/SKILL.md +56 -0
  455. package/skills/typescript/SKILL.md +30 -433
  456. package/skills/typescript/references/tutorial.md +453 -0
  457. package/skills/vercel-ai-sdk/SKILL.md +48 -0
  458. package/skills/vitest-standard/SKILL.md +5 -11
  459. package/skills/vitest-standard/references/assertions.md +11 -0
  460. package/skills/web-perf/SKILL.md +207 -0
  461. package/skills/workers-best-practices/SKILL.md +120 -0
  462. package/skills/workers-best-practices/references/anti-patterns.md +18 -0
  463. package/skills/workers-best-practices/references/review.md +174 -0
  464. package/skills/workers-best-practices/references/rules.md +485 -0
  465. package/skills/wrangler/SKILL.md +43 -0
  466. package/skills/wrangler/references/cli-commands.md +861 -0
  467. package/skills/zod/SKILL.md +48 -0
  468. package/dist/tools-P4VGG4FH.js +0 -1
  469. package/skills/react-best-practices/AGENTS.md +0 -2883
  470. package/skills/react-best-practices/SKILL.md +0 -138
  471. /package/skills/{react-best-practices → next-best-practices}/README.md +0 -0
  472. /package/skills/{react-best-practices → next-best-practices}/metadata.json +0 -0
  473. /package/skills/{react-best-practices → next-best-practices}/rules/_sections.md +0 -0
  474. /package/skills/{react-best-practices → next-best-practices}/rules/_template.md +0 -0
  475. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-event-handler-refs.md +0 -0
  476. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-init-once.md +0 -0
  477. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-use-latest.md +0 -0
  478. /package/skills/{react-best-practices → next-best-practices}/rules/async-api-routes.md +0 -0
  479. /package/skills/{react-best-practices → next-best-practices}/rules/async-defer-await.md +0 -0
  480. /package/skills/{react-best-practices → next-best-practices}/rules/async-dependencies.md +0 -0
  481. /package/skills/{react-best-practices → next-best-practices}/rules/async-parallel.md +0 -0
  482. /package/skills/{react-best-practices → next-best-practices}/rules/async-suspense-boundaries.md +0 -0
  483. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-barrel-imports.md +0 -0
  484. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-conditional.md +0 -0
  485. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-defer-third-party.md +0 -0
  486. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-dynamic-imports.md +0 -0
  487. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-preload.md +0 -0
  488. /package/skills/{react-best-practices → next-best-practices}/rules/client-event-listeners.md +0 -0
  489. /package/skills/{react-best-practices → next-best-practices}/rules/client-localstorage-schema.md +0 -0
  490. /package/skills/{react-best-practices → next-best-practices}/rules/client-passive-event-listeners.md +0 -0
  491. /package/skills/{react-best-practices → next-best-practices}/rules/client-swr-dedup.md +0 -0
  492. /package/skills/{react-best-practices → next-best-practices}/rules/js-batch-dom-css.md +0 -0
  493. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-function-results.md +0 -0
  494. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-property-access.md +0 -0
  495. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-storage.md +0 -0
  496. /package/skills/{react-best-practices → next-best-practices}/rules/js-combine-iterations.md +0 -0
  497. /package/skills/{react-best-practices → next-best-practices}/rules/js-early-exit.md +0 -0
  498. /package/skills/{react-best-practices → next-best-practices}/rules/js-hoist-regexp.md +0 -0
  499. /package/skills/{react-best-practices → next-best-practices}/rules/js-index-maps.md +0 -0
  500. /package/skills/{react-best-practices → next-best-practices}/rules/js-length-check-first.md +0 -0
  501. /package/skills/{react-best-practices → next-best-practices}/rules/js-min-max-loop.md +0 -0
  502. /package/skills/{react-best-practices → next-best-practices}/rules/js-set-map-lookups.md +0 -0
  503. /package/skills/{react-best-practices → next-best-practices}/rules/js-tosorted-immutable.md +0 -0
  504. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-activity.md +0 -0
  505. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-animate-svg-wrapper.md +0 -0
  506. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-conditional-render.md +0 -0
  507. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-content-visibility.md +0 -0
  508. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hoist-jsx.md +0 -0
  509. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-no-flicker.md +0 -0
  510. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-suppress-warning.md +0 -0
  511. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-svg-precision.md +0 -0
  512. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-usetransition-loading.md +0 -0
  513. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-defer-reads.md +0 -0
  514. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-dependencies.md +0 -0
  515. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state-no-effect.md +0 -0
  516. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state.md +0 -0
  517. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-functional-setstate.md +0 -0
  518. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-lazy-state-init.md +0 -0
  519. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo-with-default-value.md +0 -0
  520. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo.md +0 -0
  521. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-move-effect-to-event.md +0 -0
  522. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-simple-expression-in-memo.md +0 -0
  523. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-transitions.md +0 -0
  524. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-use-ref-transient-values.md +0 -0
  525. /package/skills/{react-best-practices → next-best-practices}/rules/server-after-nonblocking.md +0 -0
  526. /package/skills/{react-best-practices → next-best-practices}/rules/server-auth-actions.md +0 -0
  527. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-lru.md +0 -0
  528. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-react.md +0 -0
  529. /package/skills/{react-best-practices → next-best-practices}/rules/server-dedup-props.md +0 -0
  530. /package/skills/{react-best-practices → next-best-practices}/rules/server-parallel-fetching.md +0 -0
  531. /package/skills/{react-best-practices → next-best-practices}/rules/server-serialization.md +0 -0
package/skills/adversarial-security/references/multi-pass-security-protocol.md ADDED
@@ -0,0 +1,403 @@
1
+ # Multi-Pass Security Protocol
2
+
3
+ Detailed reference for the 4-phase adversarial security audit workflow. Read
4
+ this when executing the protocol for the full review dimensions, scoring
5
+ system, and output templates.
6
+
7
+ ## Phase 1 — Reconnaissance (Agent A: Threat Modeler)
8
+
9
+ ### Inputs
10
+
11
+ Before starting the reconnaissance, gather context from these sources:
12
+
13
+ 1. **Repository structure** — directory layout, entry points, transports,
14
+ data flows, and build configuration
15
+ 2. **Existing security documentation** — `SECURITY.md`, security checklists,
16
+ threat models, and compliance references
17
+ 3. **Prior audits** — search the journal for related security entries:
18
+ ```
19
+ search_entries({
20
+ query: "<repository name> security",
21
+ entry_type: "security_recon",
22
+ tags: ["adversarial-security"]
23
+ })
24
+ ```
25
+ 4. **Dependency manifest** — `package.json`, `package-lock.json`,
26
+ `Dockerfile`, and CI workflow files
27
+ 5. **Project type** — auto-detect or use the explicit `PROJECT_TYPE` setting
28
+ (see SKILL.md § Auto-Detection)
29
+
30
+ ### Reconnaissance Structure
31
+
32
+ Produce a Markdown document with these sections:
33
+
34
+ ```markdown
35
+ # Security Reconnaissance — [Repository Name]
36
+
37
+ ## Project Profile
38
+
39
+ - **Type**: [auto-detected or explicit: mcp-server, web-app, cli-tool, library]
40
+ - **Language/Runtime**: [e.g., TypeScript/Node.js 24]
41
+ - **Transports**: [e.g., stdio, HTTP, SSE]
42
+ - **Auth Model**: [e.g., OAuth 2.1, bearer token, none]
43
+ - **Dependencies**: [total count, direct vs. transitive]
44
+ - **CI/CD**: [e.g., GitHub Actions, 13 workflows]
45
+
46
+ ## Trust Boundaries
47
+
48
+ Diagram or list of trust boundaries:
49
+
50
+ - External → Server (HTTP transport, MCP protocol)
51
+ - Server → Database (SQL queries, file operations)
52
+ - Server → Sandbox (Code Mode execution)
53
+ - [etc.]
54
+
55
+ ## Attack Surface Map
56
+
57
+ For each entry point, document:
58
+
59
+ - Entry point name and location (file:line)
60
+ - Input type (user query, HTTP request, MCP tool call, etc.)
61
+ - Validation present (Zod schema, parameterized query, etc.)
62
+ - Auth required (scope, role, none)
63
+
64
+ ## Existing Defenses (per Category)
65
+
66
+ For each of the 10 audit categories (see audit-categories.md):
67
+
68
+ - What defenses are in place
69
+ - Coverage assessment: full / partial / none
70
+ - Evidence: file paths and code references
71
+
72
+ ## Threat Model Summary
73
+
74
+ | Threat | Entry Point | Existing Defense | Coverage |
75
+ | -------------- | ------------------- | ----------------------------------------------- | -------- |
76
+ | SQL injection | sqlite_read_query | Parameterized queries + identifier sanitization | Full |
77
+ | Code execution | sqlite_execute_code | vm sandbox + blocked patterns + timeout | Partial |
78
+ | [etc.] | | | |
79
+
80
+ ## Gaps Identified
81
+
82
+ Preliminary list of areas where defenses appear weak or absent.
83
+ These are hypotheses — Agent B will validate or refute them.
84
+ ```
85
+
86
+ ### Journal
87
+
88
+ ```
89
+ create_entry({
90
+ content: "<full reconnaissance>",
91
+ entry_type: "security_recon",
92
+ tags: ["adversarial-security", "recon"],
93
+ project_number: <project number>
94
+ })
95
+ ```
96
+
97
+ ---
98
+
99
+ ## Phase 2 — Red Team Review (Agent B: Red Team)
100
+
101
+ Switch mental models. You are now an attacker whose job is to break every
102
+ defense documented in Phase 1. Do not trust the Threat Modeler's coverage
103
+ assessments — verify them by attempting to construct attack scenarios.
104
+
105
+ ### Review Dimensions
106
+
107
+ Score each dimension on a 1–5 scale. Dimensions have different weights
108
+ reflecting their relative importance for security:
109
+
110
+ | Dimension | Weight | Focus Areas |
111
+ | --------------------- | ------ | -------------------------------------------------------------------------------------------------------- |
112
+ | **Exploitability** | 4 | Attack complexity, privileges required, user interaction needed, remote vs. local, automation potential |
113
+ | **Impact** | 3 | Confidentiality (data breach), integrity (data tampering), availability (DoS), privilege escalation, RCE |
114
+ | **Existing Defenses** | 2 | Are mitigations effective? Can they be bypassed? Are there defense-in-depth layers? |
115
+ | **Detection** | 1 | Would exploitation be caught by logging, monitoring, CI gates, or audit trails? |
116
+
117
+ ### Severity Mapping (CVSS-Inspired)
118
+
119
+ | Weighted Score | Severity | Meaning |
120
+ | -------------- | -------- | ------------------------------------------------------------------------------ |
121
+ | 4.0–5.0 | Critical | Exploitable remotely with low complexity, high impact, no effective mitigation |
122
+ | 3.0–3.9 | High | Exploitable with moderate complexity or auth, significant impact |
123
+ | 2.0–2.9 | Medium | Requires specific preconditions or has limited blast radius |
124
+ | 1.0–1.9 | Low | Theoretical risk, defense-in-depth improvement, hardening recommendation |
125
+
126
+ ### Depth Profiles
127
+
128
+ The `AUDIT_DEPTH` configuration controls which categories and dimensions
129
+ receive full scrutiny:
130
+
131
+ - **Recon**: Categories 2 (Secrets), 3 (Injection), 4 (Auth) only. Focus on
132
+ Exploitability + Impact dimensions. Best for quick triage.
133
+ - **Standard**: All 10 categories at stated weights. Default for most audits.
134
+ - **Paranoid**: All 10 categories + extended analysis:
135
+ - Git history scanning for previously committed secrets
136
+ - Prototype pollution chain analysis across dependency tree
137
+ - ReDoS pattern analysis on all regex in codebase
138
+ - Timing attack surface analysis on comparison operations
139
+ - Supply chain deep dive (install scripts, typosquatting checks)
140
+ - Cross-project ecosystem impact assessment
141
+
142
+ ### Critique Output Format
143
+
144
+ ```markdown
145
+ ## Red Team Review — [Repository Name]
146
+
147
+ **Overall Security Score:** [weighted average] / 5.0
148
+ **Posture Grade:** [A–F]
149
+
150
+ ### Grading Scale
151
+
152
+ | Grade | Score Range | Meaning |
153
+ | ----- | ----------- | -------------------------------------------------------------- |
154
+ | A | 4.5–5.0 | Excellent — minimal risk, defense-in-depth present |
155
+ | B | 3.5–4.4 | Good — no critical issues, some hardening opportunities |
156
+ | C | 2.5–3.4 | Acceptable — medium-risk issues present, remediations needed |
157
+ | D | 1.5–2.4 | Poor — high-risk issues found, immediate action required |
158
+ | F | 1.0–1.4 | Failing — critical vulnerabilities, deployment not recommended |
159
+
160
+ ### Findings
161
+
162
+ | # | Category | Severity | CWE | Finding | File:Line | Exploitability | Remediation |
163
+ | --- | ---------------- | -------- | ------- | --------------------------------------- | ------------- | ---------------------- | ----------------------- |
164
+ | 1 | Input Validation | Critical | CWE-89 | SQL interpolation in dynamic query | src/foo.ts:42 | Remote, no auth | Use parameterized query |
165
+ | 2 | Auth | High | CWE-862 | Endpoint accessible without scope check | src/bar.ts:88 | Remote, auth bypass | Add hasScope() guard |
166
+ | 3 | Docker | Medium | CWE-250 | Container runs as root | Dockerfile:1 | Local, post-compromise | Add USER directive |
167
+ | ... | | | | | | | |
168
+
169
+ ### Dimension Scores
170
+
171
+ | Dimension | Score | Weight | Weighted |
172
+ | ----------------- | ----- | ------ | -------------------- |
173
+ | Exploitability | [1–5] | 4 | [score × 4] |
174
+ | Impact | [1–5] | 3 | [score × 3] |
175
+ | Existing Defenses | [1–5] | 2 | [score × 2] |
176
+ | Detection | [1–5] | 1 | [score × 1] |
177
+ | **Total** | | **10** | **[sum]/50 = [avg]** |
178
+
179
+ ### Category Breakdown
180
+
181
+ | Category | Findings | Worst Severity | Coverage |
182
+ | ------------------- | -------- | -------------- | ---------- |
183
+ | 1. Dependencies | 0 | — | ✅ Full |
184
+ | 2. Secrets | 1 | Low | ✅ Full |
185
+ | 3. Input Validation | 2 | Critical | ⚠️ Partial |
186
+ | ... | | | |
187
+
188
+ ### Blocking Issues
189
+
190
+ List any findings that MUST be addressed before deployment or release.
191
+ These are non-negotiable — they represent exploitable vulnerabilities
192
+ with high impact.
193
+
194
+ ### Attack Scenarios
195
+
196
+ For each critical/high finding, provide a concrete attack scenario:
197
+
198
+ #### Scenario: [Finding Title]
199
+
200
+ - **Attacker profile**: [External unauthenticated / Authenticated user / Admin]
201
+ - **Attack vector**: [Step-by-step exploitation path]
202
+ - **Preconditions**: [What must be true for the attack to work]
203
+ - **Impact**: [What the attacker achieves]
204
+ - **Proof of concept**: [Concrete example, payload, or code snippet]
205
+ ```
206
+
207
+ ### Journal
208
+
209
+ ```
210
+ create_entry({
211
+ content: "<full red team critique>",
212
+ entry_type: "security_redteam",
213
+ tags: ["adversarial-security", "redteam"],
214
+ project_number: <project number>
215
+ })
216
+ ```
217
+
218
+ ---
219
+
220
+ ## Phase 3 — Remediation Plan (Agent A: Threat Modeler)
221
+
222
+ Switch back to the Threat Modeler role. Address every finding from the red
223
+ team review with an explicit disposition.
224
+
225
+ ### Disposition Table
226
+
227
+ For each finding, record one of:
228
+
229
+ | Disposition | Meaning |
230
+ | ----------- | ------------------------------------------------------------------- |
231
+ | **Accept** | Implement the suggested remediation |
232
+ | **Reject** | Explain why the finding does not apply or is acceptable risk |
233
+ | **Modify** | Accept the finding but implement a different remediation |
234
+ | **Defer** | Acknowledge the risk but defer to a future milestone (must justify) |
235
+
236
+ ### Remediation Plan Output
237
+
238
+ Produce the remediation plan prioritized by risk (exploitability × impact):
239
+
240
+ ```markdown
241
+ ## Remediation Plan — [Repository Name]
242
+
243
+ ### Disposition Summary
244
+
245
+ | # | Finding | Severity | Disposition | Rationale |
246
+ | --- | ----------------- | -------- | ----------- | ---------------------------------------------- |
247
+ | 1 | SQL interpolation | Critical | Accept | Will switch to parameterized query |
248
+ | 2 | Auth bypass | High | Modify | Using middleware guard instead of inline check |
249
+ | 3 | Root container | Medium | Defer | Tracked in issue #42, post-v2 milestone |
250
+
251
+ ### Quick Wins (< 1 hour each)
252
+
253
+ Remediations that can be implemented immediately with minimal risk:
254
+
255
+ | # | Finding | Fix | Effort |
256
+ | --- | ------- | --- | ------ |
257
+ | ... | ... | ... | ... |
258
+
259
+ ### Architectural Changes
260
+
261
+ Remediations requiring design work or multi-file changes:
262
+
263
+ | # | Finding | Approach | Files Affected | Effort |
264
+ | --- | ------- | -------- | -------------- | ------ |
265
+ | ... | ... | ... | ... | ... |
266
+
267
+ ### Accepted Risks
268
+
269
+ Findings explicitly rejected or deferred with justification:
270
+
271
+ | # | Finding | Disposition | Justification | Review Date |
272
+ | --- | ------- | ----------- | ------------- | ----------- |
273
+ | ... | ... | ... | ... | ... |
274
+
275
+ ### Updated Security Score
276
+
277
+ After applying proposed remediations:
278
+
279
+ - **Before**: [score] / 5.0 (Grade [X])
280
+ - **After (projected)**: [score] / 5.0 (Grade [Y])
281
+ ```
282
+
283
+ ### Iteration Control
284
+
285
+ After remediation planning, check: has `MAX_AUDIT_PASSES` been reached?
286
+
287
+ - **No** → return to Phase 2 for another red team review of the remediation
288
+ plan itself (does the fix introduce new vulnerabilities? Are there gaps in
289
+ the remediation?)
290
+ - **Yes** → proceed to Phase 4
291
+
292
+ The default of 2 passes means: 1 initial red team + 1 review of the
293
+ remediation plan. For most repositories this is sufficient. Increase for
294
+ high-stakes production systems or compliance-critical codebases.
295
+
296
+ ### Journal
297
+
298
+ ```
299
+ create_entry({
300
+ content: "<remediation plan with dispositions>",
301
+ entry_type: "security_remediation",
302
+ tags: ["adversarial-security", "remediation"],
303
+ project_number: <project number>
304
+ })
305
+ ```
306
+
307
+ ---
308
+
309
+ ## Phase 4 — External Validation (GitHub CLI)
310
+
311
+ If `COPILOT_VALIDATION` is enabled (default: `true`) and `gh copilot` is
312
+ available, invoke it for an independent review of the audit findings and
313
+ remediation plan.
314
+
315
+ See [copilot-security-prompts.md](copilot-security-prompts.md) for prompt
316
+ templates, correct CLI syntax, and parsing guidance.
317
+
318
+ > **⚠️ CRITICAL**: You MUST use `gh copilot -p "<prompt>"` (non-interactive
319
+ > mode). Do NOT use `gh copilot explain` which is interactive and will hang.
320
+ > Always `Set-Location` to the target repository before invoking. Include
321
+ > `--allow-tool "shell(find,cat,head,grep)"` so Copilot can read source files.
322
+
323
+ > **⚠️ NO FABRICATION**: You MUST actually execute the `gh copilot` commands
324
+ > and report their real output. Do NOT fabricate or predict Copilot findings.
325
+ > If the command fails or is unavailable, skip Phase 4 and document why.
326
+
327
+ After the Copilot pass, any new findings follow the same disposition process
328
+ from Phase 3. The final audit report is then presented to the user.
329
+
330
+ If `gh copilot` is not available, skip this phase gracefully and note:
331
+
332
+ ```markdown
333
+ > **Phase 4 skipped**: `gh copilot` not available. The audit completed with
334
+ > internal adversarial review only (Phases 1–3). Install the GitHub CLI and
335
+ > authenticate (`gh auth login`) for external validation.
336
+ ```
337
+
338
+ ### Journal
339
+
340
+ ```
341
+ create_entry({
342
+ content: "<copilot findings + final dispositions>",
343
+ entry_type: "security_copilot",
344
+ tags: ["adversarial-security", "copilot"],
345
+ project_number: <project number>
346
+ })
347
+ ```
348
+
349
+ ---
350
+
351
+ ## Final Report Assembly
352
+
353
+ After all phases complete, produce a consolidated report artifact. This is
354
+ the primary deliverable for the user.
355
+
356
+ ```markdown
357
+ # Adversarial Security Audit — [Repository Name]
358
+
359
+ **Date**: [ISO date]
360
+ **Audit Depth**: [recon | standard | paranoid]
361
+ **Project Type**: [auto-detected type]
362
+ **Passes Completed**: [N]
363
+ **External Validation**: [yes | skipped]
364
+
365
+ ## Executive Summary
366
+
367
+ [2–3 sentence summary: overall posture, critical findings count, and
368
+ recommended immediate actions]
369
+
370
+ **Security Score**: [X] / 5.0 — Grade [A–F]
371
+
372
+ ## Findings Summary
373
+
374
+ | Category | Critical | High | Medium | Low | Total |
375
+ | --------------- | -------- | ---- | ------ | --- | ----- |
376
+ | 1. Dependencies | 0 | 0 | 0 | 0 | 0 |
377
+ | 2. Secrets | ... | | | | |
378
+ | ... | | | | | |
379
+ | **Total** | | | | | |
380
+
381
+ ## Top 3 Urgent Remediations
382
+
383
+ 1. [Most critical finding + remediation]
384
+ 2. [Second most critical]
385
+ 3. [Third most critical]
386
+
387
+ ## Full Findings (by severity)
388
+
389
+ [All findings from Phase 2, grouped by severity descending]
390
+
391
+ ## Remediation Plan
392
+
393
+ [From Phase 3 — disposition table + quick wins + architectural changes]
394
+
395
+ ## Accepted Risks
396
+
397
+ [Findings explicitly deferred with justification and review dates]
398
+
399
+ ## Appendix: Reconnaissance
400
+
401
+ [Condensed version of Phase 1 output — project profile, trust boundaries,
402
+ attack surface map]
403
+ ```
package/skills/adversarial-skill-audit/SKILL.md ADDED
@@ -0,0 +1,118 @@
1
+ ---
2
+ name: adversarial-skill-audit
3
+ description: |
4
+ Multi-pass adversarial quality audit for agent skill directories. Combines
5
+ structured evaluation with adversarial stress-testing to assess skill completeness,
6
+ instruction clarity, trigger accuracy, and security. Use when auditing a skills directory.
7
+ ---
8
+
9
+ # Adversarial Skill Audit
10
+
11
+ A multi-pass quality auditing system for agent skill directories. Evaluates
12
+ each skill against the `skill-builder` quality standards through structured
13
+ profiling and adversarial stress-testing — finding gaps in trigger coverage,
14
+ instruction clarity, progressive disclosure, security, and cross-skill
15
+ coherence.
16
+
17
+ ## When to Load
18
+
19
+ Load this skill when any of these apply:
20
+
21
+ - Auditing an entire skills directory for quality and consistency
22
+ - Reviewing a batch of skills before publishing or distributing
23
+ - The user asks for skill quality review, audit, or improvement suggestions
24
+ - The user says "audit my skills", "skill quality check", "review these
25
+ skills", "check my skills", "how good are my skills", or "validate these skills"
26
+ - Preparing a skills directory for npm packaging or distribution
27
+ - You want to identify redundant, incomplete, or poorly triggered skills
28
+
29
+ ## Adversarial Protocol
30
+
31
+ This skill follows the standard dual-agent adversarial pattern (Agent A: The Evaluator, Agent B: The Adversarial User).
32
+ For the core pipeline rules, phase definitions, and agent switching protocols, read:
33
+ **[../adversarial-security/references/adversarial-base-protocol.md](../adversarial-security/references/adversarial-base-protocol.md)**
34
+
35
+ For the skill audit-specific protocol with scoring and templates, read:
36
+ **[references/multi-pass-skill-protocol.md](references/multi-pass-skill-protocol.md)**
37
+
38
+ ## Audit Categories
39
+
40
+ The 8 quality categories evaluated per skill:
41
+
42
+ 1. Frontmatter & Triggering
43
+ 2. Instruction Clarity
44
+ 3. Structure & Progressive Disclosure
45
+ 4. Output Formats & Templates
46
+ 5. Edge Cases & Error Handling
47
+ 6. Security & Safety
48
+ 7. Token Efficiency
49
+ 8. Maintenance & Versioning
50
+
51
+ Additionally, 4 **directory-level** categories assess the collection:
52
+
53
+ 9. Cross-Skill Coherence
54
+ 10. Trigger Collision Detection
55
+ 11. Coverage Gap Analysis
56
+ 12. Ecosystem Consistency
57
+
58
+ For the full checklist, read
59
+ [references/audit-categories.md](references/audit-categories.md).
60
+
61
+ ## External Validation (Phase 4)
62
+
63
+ Phase 4 triggers an independent validation pass using the GitHub CLI (`gh copilot`).
64
+ The `copilot` subcommand is built into modern `gh` CLI — no separate extension is
65
+ needed. This provides a fundamentally different model's perspective on skill
66
+ quality, catching issues that internal review normalizes.
67
+
68
+ For prompts, read
69
+ [references/copilot-skill-prompts.md](references/copilot-skill-prompts.md).
70
+
71
+ **Prerequisites:** `gh` CLI v2.x+ with `gh auth status` passing. If `gh copilot`
72
+ is not available, skip Phase 4 gracefully and note the skip in the journal entry.
73
+
74
+ Read [references/copilot-usage.md](references/copilot-usage.md) for critical non-interactive execution requirements.
75
+
76
+ ## Feedback Loop
77
+
78
+ Every phase creates a journal entry for future retrieval. For templates and
79
+ tag conventions, read
80
+ [references/feedback-loop.md](references/feedback-loop.md).
81
+
82
+ ## Scripts
83
+
84
+ This skill includes automated helper scripts located in the `scripts/` directory:
85
+
86
+ - `scripts/check-skills.ps1`: Automated Phase 1 metric gathering (token count, trigger detection).
87
+ - `scripts/run-copilot.ps1`: Automated Phase 4 Copilot validation pipeline.
88
+
89
+ ## Configuration
90
+
91
+ | Variable | Default | Description |
92
+ | -------------------- | ---------- | ------------------------------------------------- |
93
+ | `MAX_AUDIT_PASSES` | `2` | Maximum stress-test cycles (phases 2–3 repeat) |
94
+ | `AUDIT_DEPTH` | `standard` | Depth: `surface`, `standard`, or `thorough` |
95
+ | `COPILOT_VALIDATION` | `true` | Enable/disable Copilot extension validation phase |
96
+ | `INCLUDE_REFERENCES` | `true` | Whether to read and evaluate reference files too |
97
+
98
+ ### Audit Depth Profiles
99
+
100
+ - **Surface**: Frontmatter + structure only (Categories 1, 3, 7). Quick
101
+ scan for obvious issues. Best for large directories (30+ skills).
102
+ - **Standard**: All 8 per-skill categories + 4 directory-level categories.
103
+ Default for most audits.
104
+ - **Thorough**: Full audit + extended analysis:
105
+ - Read every reference file and evaluate its quality
106
+ - Construct 3 test prompts per skill and evaluate trigger likelihood
107
+ - Analyze description keyword coverage against real user phrasing
108
+ - Compare against `skill-builder/checklist.md` item by item
109
+ - Check for stale content (outdated API references, deprecated tools)
110
+
111
+ ## Synergies
112
+
113
+ | Skill/Workflow | Relationship |
114
+ | ------------------------- | ------------------------------------------------------------ |
115
+ | `skill-builder` | Defines the quality standards this skill audits against |
116
+ | `adversarial-planner` | Parent pattern — plan-level adversarial review |
117
+ | `adversarial-security` | Sibling — audits security posture; this audits skill quality |
118
+ | `adversarial-performance` | Sibling — audits performance; this audits skill quality |