memory-journal-mcp 7.7.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (531) hide show
  1. package/README.md +126 -56
  2. package/dist/chunk-6OHRCNYW.js +3231 -0
  3. package/dist/chunk-JFMITANR.js +5168 -0
  4. package/dist/{chunk-QCQPAF4I.js → chunk-MWNLAEHR.js} +301 -4321
  5. package/dist/{chunk-ARLYSFSI.js → chunk-UHSO65A4.js} +4242 -6092
  6. package/dist/cli.js +21 -3
  7. package/dist/index.d.ts +16 -13
  8. package/dist/index.js +4 -2
  9. package/dist/resources-IJVKDFGS.js +2 -0
  10. package/dist/tools-44DGXE3V.js +2 -0
  11. package/dist/worker-script.js +201 -20
  12. package/package.json +7 -4
  13. package/skills/README.md +62 -25
  14. package/skills/adversarial-performance/SKILL.md +139 -0
  15. package/skills/adversarial-performance/references/audit-categories.md +462 -0
  16. package/skills/adversarial-performance/references/copilot-performance-prompts.md +44 -0
  17. package/skills/adversarial-performance/references/copilot-usage.md +16 -0
  18. package/skills/adversarial-performance/references/feedback-loop.md +177 -0
  19. package/skills/adversarial-performance/references/multi-pass-performance-protocol.md +398 -0
  20. package/skills/adversarial-planner/SKILL.md +23 -54
  21. package/skills/adversarial-planner/references/copilot-integration.md +25 -40
  22. package/skills/adversarial-planner/references/copilot-usage.md +16 -0
  23. package/skills/adversarial-planner/references/multi-pass-protocol.md +4 -0
  24. package/skills/adversarial-security/SKILL.md +149 -0
  25. package/skills/adversarial-security/references/adversarial-base-protocol.md +44 -0
  26. package/skills/adversarial-security/references/audit-categories.md +723 -0
  27. package/skills/adversarial-security/references/copilot-security-prompts.md +142 -0
  28. package/skills/adversarial-security/references/copilot-usage.md +16 -0
  29. package/skills/adversarial-security/references/feedback-loop.md +206 -0
  30. package/skills/adversarial-security/references/journal-opt-out.md +7 -0
  31. package/skills/adversarial-security/references/multi-pass-security-protocol.md +403 -0
  32. package/skills/adversarial-skill-audit/SKILL.md +118 -0
  33. package/skills/adversarial-skill-audit/references/audit-categories.md +308 -0
  34. package/skills/adversarial-skill-audit/references/copilot-skill-prompts.md +68 -0
  35. package/skills/adversarial-skill-audit/references/copilot-usage.md +16 -0
  36. package/skills/adversarial-skill-audit/references/feedback-loop.md +155 -0
  37. package/skills/adversarial-skill-audit/references/multi-pass-skill-protocol.md +367 -0
  38. package/skills/adversarial-skill-audit/scripts/check-skills.ps1 +48 -0
  39. package/skills/adversarial-skill-audit/scripts/run-copilot.ps1 +52 -0
  40. package/skills/adversarial-workflow-audit/SKILL.md +82 -0
  41. package/skills/adversarial-workflow-audit/references/audit-categories.md +28 -0
  42. package/skills/adversarial-workflow-audit/references/copilot-usage.md +16 -0
  43. package/skills/adversarial-workflow-audit/scripts/check-workflows.ps1 +24 -0
  44. package/skills/agents-sdk/SKILL.md +220 -0
  45. package/skills/agents-sdk/references/callable.md +92 -0
  46. package/skills/agents-sdk/references/codemode.md +209 -0
  47. package/skills/agents-sdk/references/email.md +144 -0
  48. package/skills/agents-sdk/references/mcp/SKILL.md +65 -0
  49. package/skills/agents-sdk/references/mcp/code-mode-reference.md +245 -0
  50. package/skills/agents-sdk/references/mcp/oauth-reference.md +359 -0
  51. package/skills/agents-sdk/references/mcp/references/architecture-reference.md +208 -0
  52. package/skills/agents-sdk/references/mcp/references/cloudflare-quickstart.md +156 -0
  53. package/skills/agents-sdk/references/mcp/references/error-handling.md +343 -0
  54. package/skills/agents-sdk/references/mcp/references/http-security.md +164 -0
  55. package/skills/agents-sdk/references/mcp/references/implementation-guide.md +507 -0
  56. package/skills/agents-sdk/references/mcp/references/testing-reference.md +171 -0
  57. package/skills/agents-sdk/references/mcp.md +157 -0
  58. package/skills/agents-sdk/references/state-scheduling.md +164 -0
  59. package/skills/agents-sdk/references/streaming-chat.md +168 -0
  60. package/skills/agents-sdk/references/workflows.md +136 -0
  61. package/skills/auth-identity/SKILL.md +48 -0
  62. package/skills/autonomous-dev/SKILL.md +46 -23
  63. package/skills/autonomous-dev/references/workflow_orchestration.md +22 -0
  64. package/skills/aws/SKILL.md +39 -0
  65. package/skills/azure/SKILL.md +38 -0
  66. package/skills/bin/sync.js +7 -1
  67. package/skills/biome/SKILL.md +59 -0
  68. package/skills/bun/SKILL.md +8 -2
  69. package/skills/cloudflare/SKILL.md +37 -0
  70. package/skills/cloudflare/references/agents-sdk/README.md +95 -0
  71. package/skills/cloudflare/references/agents-sdk/api.md +195 -0
  72. package/skills/cloudflare/references/agents-sdk/configuration.md +178 -0
  73. package/skills/cloudflare/references/agents-sdk/gotchas.md +173 -0
  74. package/skills/cloudflare/references/agents-sdk/patterns.md +215 -0
  75. package/skills/cloudflare/references/ai-gateway/README.md +176 -0
  76. package/skills/cloudflare/references/ai-gateway/configuration.md +117 -0
  77. package/skills/cloudflare/references/ai-gateway/dynamic-routing.md +88 -0
  78. package/skills/cloudflare/references/ai-gateway/features.md +96 -0
  79. package/skills/cloudflare/references/ai-gateway/sdk-integration.md +110 -0
  80. package/skills/cloudflare/references/ai-gateway/troubleshooting.md +90 -0
  81. package/skills/cloudflare/references/ai-search/README.md +145 -0
  82. package/skills/cloudflare/references/ai-search/api.md +87 -0
  83. package/skills/cloudflare/references/ai-search/configuration.md +91 -0
  84. package/skills/cloudflare/references/ai-search/gotchas.md +92 -0
  85. package/skills/cloudflare/references/ai-search/patterns.md +87 -0
  86. package/skills/cloudflare/references/analytics-engine/README.md +96 -0
  87. package/skills/cloudflare/references/analytics-engine/api.md +112 -0
  88. package/skills/cloudflare/references/analytics-engine/configuration.md +107 -0
  89. package/skills/cloudflare/references/analytics-engine/gotchas.md +87 -0
  90. package/skills/cloudflare/references/analytics-engine/patterns.md +83 -0
  91. package/skills/cloudflare/references/api/README.md +66 -0
  92. package/skills/cloudflare/references/api/api.md +205 -0
  93. package/skills/cloudflare/references/api/configuration.md +158 -0
  94. package/skills/cloudflare/references/api/gotchas.md +231 -0
  95. package/skills/cloudflare/references/api/patterns.md +208 -0
  96. package/skills/cloudflare/references/api-shield/README.md +44 -0
  97. package/skills/cloudflare/references/api-shield/api.md +153 -0
  98. package/skills/cloudflare/references/api-shield/configuration.md +210 -0
  99. package/skills/cloudflare/references/api-shield/gotchas.md +132 -0
  100. package/skills/cloudflare/references/api-shield/patterns.md +185 -0
  101. package/skills/cloudflare/references/argo-smart-routing/README.md +96 -0
  102. package/skills/cloudflare/references/argo-smart-routing/api.md +253 -0
  103. package/skills/cloudflare/references/argo-smart-routing/configuration.md +205 -0
  104. package/skills/cloudflare/references/argo-smart-routing/gotchas.md +115 -0
  105. package/skills/cloudflare/references/argo-smart-routing/patterns.md +107 -0
  106. package/skills/cloudflare/references/bindings/README.md +127 -0
  107. package/skills/cloudflare/references/bindings/api.md +214 -0
  108. package/skills/cloudflare/references/bindings/configuration.md +200 -0
  109. package/skills/cloudflare/references/bindings/gotchas.md +210 -0
  110. package/skills/cloudflare/references/bindings/patterns.md +205 -0
  111. package/skills/cloudflare/references/bot-management/README.md +95 -0
  112. package/skills/cloudflare/references/bot-management/api.md +175 -0
  113. package/skills/cloudflare/references/bot-management/configuration.md +175 -0
  114. package/skills/cloudflare/references/bot-management/gotchas.md +116 -0
  115. package/skills/cloudflare/references/bot-management/patterns.md +181 -0
  116. package/skills/cloudflare/references/browser-rendering/README.md +84 -0
  117. package/skills/cloudflare/references/browser-rendering/api.md +108 -0
  118. package/skills/cloudflare/references/browser-rendering/configuration.md +78 -0
  119. package/skills/cloudflare/references/browser-rendering/gotchas.md +91 -0
  120. package/skills/cloudflare/references/browser-rendering/patterns.md +93 -0
  121. package/skills/cloudflare/references/c3/README.md +111 -0
  122. package/skills/cloudflare/references/c3/api.md +71 -0
  123. package/skills/cloudflare/references/c3/configuration.md +85 -0
  124. package/skills/cloudflare/references/c3/gotchas.md +97 -0
  125. package/skills/cloudflare/references/c3/patterns.md +84 -0
  126. package/skills/cloudflare/references/cache-reserve/README.md +150 -0
  127. package/skills/cloudflare/references/cache-reserve/api.md +184 -0
  128. package/skills/cloudflare/references/cache-reserve/configuration.md +170 -0
  129. package/skills/cloudflare/references/cache-reserve/gotchas.md +136 -0
  130. package/skills/cloudflare/references/cache-reserve/patterns.md +197 -0
  131. package/skills/cloudflare/references/containers/README.md +87 -0
  132. package/skills/cloudflare/references/containers/api.md +197 -0
  133. package/skills/cloudflare/references/containers/configuration.md +191 -0
  134. package/skills/cloudflare/references/containers/gotchas.md +182 -0
  135. package/skills/cloudflare/references/containers/patterns.md +204 -0
  136. package/skills/cloudflare/references/cron-triggers/README.md +101 -0
  137. package/skills/cloudflare/references/cron-triggers/api.md +224 -0
  138. package/skills/cloudflare/references/cron-triggers/configuration.md +190 -0
  139. package/skills/cloudflare/references/cron-triggers/gotchas.md +207 -0
  140. package/skills/cloudflare/references/cron-triggers/patterns.md +274 -0
  141. package/skills/cloudflare/references/d1/README.md +137 -0
  142. package/skills/cloudflare/references/d1/api.md +213 -0
  143. package/skills/cloudflare/references/d1/configuration.md +198 -0
  144. package/skills/cloudflare/references/d1/gotchas.md +98 -0
  145. package/skills/cloudflare/references/d1/patterns.md +240 -0
  146. package/skills/cloudflare/references/ddos/README.md +42 -0
  147. package/skills/cloudflare/references/ddos/api.md +158 -0
  148. package/skills/cloudflare/references/ddos/configuration.md +94 -0
  149. package/skills/cloudflare/references/ddos/gotchas.md +114 -0
  150. package/skills/cloudflare/references/ddos/patterns.md +220 -0
  151. package/skills/cloudflare/references/decision-trees.md +95 -0
  152. package/skills/cloudflare/references/do-storage/README.md +79 -0
  153. package/skills/cloudflare/references/do-storage/api.md +107 -0
  154. package/skills/cloudflare/references/do-storage/configuration.md +114 -0
  155. package/skills/cloudflare/references/do-storage/gotchas.md +153 -0
  156. package/skills/cloudflare/references/do-storage/patterns.md +210 -0
  157. package/skills/cloudflare/references/do-storage/testing.md +186 -0
  158. package/skills/cloudflare/references/durable-objects/README.md +194 -0
  159. package/skills/cloudflare/references/durable-objects/api.md +205 -0
  160. package/skills/cloudflare/references/durable-objects/configuration.md +160 -0
  161. package/skills/cloudflare/references/durable-objects/gotchas.md +200 -0
  162. package/skills/cloudflare/references/durable-objects/patterns.md +205 -0
  163. package/skills/cloudflare/references/email-routing/README.md +89 -0
  164. package/skills/cloudflare/references/email-routing/api.md +192 -0
  165. package/skills/cloudflare/references/email-routing/configuration.md +187 -0
  166. package/skills/cloudflare/references/email-routing/gotchas.md +203 -0
  167. package/skills/cloudflare/references/email-routing/patterns.md +241 -0
  168. package/skills/cloudflare/references/email-workers/README.md +153 -0
  169. package/skills/cloudflare/references/email-workers/api.md +227 -0
  170. package/skills/cloudflare/references/email-workers/configuration.md +115 -0
  171. package/skills/cloudflare/references/email-workers/gotchas.md +133 -0
  172. package/skills/cloudflare/references/email-workers/patterns.md +108 -0
  173. package/skills/cloudflare/references/graphql-api/README.md +147 -0
  174. package/skills/cloudflare/references/graphql-api/api.md +175 -0
  175. package/skills/cloudflare/references/graphql-api/configuration.md +151 -0
  176. package/skills/cloudflare/references/graphql-api/gotchas.md +111 -0
  177. package/skills/cloudflare/references/graphql-api/patterns.md +276 -0
  178. package/skills/cloudflare/references/hyperdrive/README.md +84 -0
  179. package/skills/cloudflare/references/hyperdrive/api.md +149 -0
  180. package/skills/cloudflare/references/hyperdrive/configuration.md +166 -0
  181. package/skills/cloudflare/references/hyperdrive/gotchas.md +77 -0
  182. package/skills/cloudflare/references/hyperdrive/patterns.md +203 -0
  183. package/skills/cloudflare/references/images/README.md +65 -0
  184. package/skills/cloudflare/references/images/api.md +101 -0
  185. package/skills/cloudflare/references/images/configuration.md +206 -0
  186. package/skills/cloudflare/references/images/gotchas.md +106 -0
  187. package/skills/cloudflare/references/images/patterns.md +126 -0
  188. package/skills/cloudflare/references/kv/README.md +90 -0
  189. package/skills/cloudflare/references/kv/api.md +163 -0
  190. package/skills/cloudflare/references/kv/configuration.md +148 -0
  191. package/skills/cloudflare/references/kv/gotchas.md +133 -0
  192. package/skills/cloudflare/references/kv/patterns.md +195 -0
  193. package/skills/cloudflare/references/miniflare/README.md +113 -0
  194. package/skills/cloudflare/references/miniflare/api.md +204 -0
  195. package/skills/cloudflare/references/miniflare/configuration.md +174 -0
  196. package/skills/cloudflare/references/miniflare/gotchas.md +179 -0
  197. package/skills/cloudflare/references/miniflare/patterns.md +187 -0
  198. package/skills/cloudflare/references/network-interconnect/README.md +104 -0
  199. package/skills/cloudflare/references/network-interconnect/api.md +220 -0
  200. package/skills/cloudflare/references/network-interconnect/configuration.md +123 -0
  201. package/skills/cloudflare/references/network-interconnect/gotchas.md +175 -0
  202. package/skills/cloudflare/references/network-interconnect/patterns.md +174 -0
  203. package/skills/cloudflare/references/observability/README.md +93 -0
  204. package/skills/cloudflare/references/observability/api.md +168 -0
  205. package/skills/cloudflare/references/observability/configuration.md +178 -0
  206. package/skills/cloudflare/references/observability/gotchas.md +125 -0
  207. package/skills/cloudflare/references/observability/patterns.md +105 -0
  208. package/skills/cloudflare/references/pages/README.md +92 -0
  209. package/skills/cloudflare/references/pages/api.md +205 -0
  210. package/skills/cloudflare/references/pages/configuration.md +216 -0
  211. package/skills/cloudflare/references/pages/gotchas.md +218 -0
  212. package/skills/cloudflare/references/pages/patterns.md +215 -0
  213. package/skills/cloudflare/references/pages-functions/README.md +104 -0
  214. package/skills/cloudflare/references/pages-functions/api.md +159 -0
  215. package/skills/cloudflare/references/pages-functions/configuration.md +130 -0
  216. package/skills/cloudflare/references/pages-functions/gotchas.md +102 -0
  217. package/skills/cloudflare/references/pages-functions/patterns.md +148 -0
  218. package/skills/cloudflare/references/pipelines/README.md +109 -0
  219. package/skills/cloudflare/references/pipelines/api.md +214 -0
  220. package/skills/cloudflare/references/pipelines/configuration.md +98 -0
  221. package/skills/cloudflare/references/pipelines/gotchas.md +84 -0
  222. package/skills/cloudflare/references/pipelines/patterns.md +87 -0
  223. package/skills/cloudflare/references/product-index.md +112 -0
  224. package/skills/cloudflare/references/pulumi/README.md +113 -0
  225. package/skills/cloudflare/references/pulumi/api.md +230 -0
  226. package/skills/cloudflare/references/pulumi/configuration.md +213 -0
  227. package/skills/cloudflare/references/pulumi/gotchas.md +205 -0
  228. package/skills/cloudflare/references/pulumi/patterns.md +260 -0
  229. package/skills/cloudflare/references/queues/README.md +99 -0
  230. package/skills/cloudflare/references/queues/api.md +211 -0
  231. package/skills/cloudflare/references/queues/configuration.md +151 -0
  232. package/skills/cloudflare/references/queues/gotchas.md +210 -0
  233. package/skills/cloudflare/references/queues/patterns.md +220 -0
  234. package/skills/cloudflare/references/r2/README.md +97 -0
  235. package/skills/cloudflare/references/r2/api.md +235 -0
  236. package/skills/cloudflare/references/r2/configuration.md +176 -0
  237. package/skills/cloudflare/references/r2/gotchas.md +190 -0
  238. package/skills/cloudflare/references/r2/patterns.md +203 -0
  239. package/skills/cloudflare/references/r2-data-catalog/README.md +157 -0
  240. package/skills/cloudflare/references/r2-data-catalog/api.md +199 -0
  241. package/skills/cloudflare/references/r2-data-catalog/configuration.md +205 -0
  242. package/skills/cloudflare/references/r2-data-catalog/gotchas.md +170 -0
  243. package/skills/cloudflare/references/r2-data-catalog/patterns.md +191 -0
  244. package/skills/cloudflare/references/r2-sql/README.md +138 -0
  245. package/skills/cloudflare/references/r2-sql/SKILL.md.backup +512 -0
  246. package/skills/cloudflare/references/r2-sql/api.md +159 -0
  247. package/skills/cloudflare/references/r2-sql/configuration.md +152 -0
  248. package/skills/cloudflare/references/r2-sql/gotchas.md +228 -0
  249. package/skills/cloudflare/references/r2-sql/patterns.md +230 -0
  250. package/skills/cloudflare/references/realtime-sfu/README.md +66 -0
  251. package/skills/cloudflare/references/realtime-sfu/api.md +164 -0
  252. package/skills/cloudflare/references/realtime-sfu/configuration.md +141 -0
  253. package/skills/cloudflare/references/realtime-sfu/gotchas.md +138 -0
  254. package/skills/cloudflare/references/realtime-sfu/patterns.md +187 -0
  255. package/skills/cloudflare/references/realtimekit/README.md +118 -0
  256. package/skills/cloudflare/references/realtimekit/api.md +234 -0
  257. package/skills/cloudflare/references/realtimekit/configuration.md +226 -0
  258. package/skills/cloudflare/references/realtimekit/gotchas.md +206 -0
  259. package/skills/cloudflare/references/realtimekit/patterns.md +240 -0
  260. package/skills/cloudflare/references/sandbox/README.md +104 -0
  261. package/skills/cloudflare/references/sandbox/api.md +200 -0
  262. package/skills/cloudflare/references/sandbox/configuration.md +154 -0
  263. package/skills/cloudflare/references/sandbox/gotchas.md +201 -0
  264. package/skills/cloudflare/references/sandbox/patterns.md +195 -0
  265. package/skills/cloudflare/references/secrets-store/README.md +77 -0
  266. package/skills/cloudflare/references/secrets-store/api.md +199 -0
  267. package/skills/cloudflare/references/secrets-store/configuration.md +187 -0
  268. package/skills/cloudflare/references/secrets-store/gotchas.md +97 -0
  269. package/skills/cloudflare/references/secrets-store/patterns.md +218 -0
  270. package/skills/cloudflare/references/smart-placement/README.md +143 -0
  271. package/skills/cloudflare/references/smart-placement/api.md +192 -0
  272. package/skills/cloudflare/references/smart-placement/configuration.md +202 -0
  273. package/skills/cloudflare/references/smart-placement/gotchas.md +180 -0
  274. package/skills/cloudflare/references/smart-placement/patterns.md +190 -0
  275. package/skills/cloudflare/references/snippets/README.md +74 -0
  276. package/skills/cloudflare/references/snippets/api.md +214 -0
  277. package/skills/cloudflare/references/snippets/configuration.md +239 -0
  278. package/skills/cloudflare/references/snippets/gotchas.md +104 -0
  279. package/skills/cloudflare/references/snippets/patterns.md +135 -0
  280. package/skills/cloudflare/references/spectrum/README.md +52 -0
  281. package/skills/cloudflare/references/spectrum/api.md +184 -0
  282. package/skills/cloudflare/references/spectrum/configuration.md +203 -0
  283. package/skills/cloudflare/references/spectrum/gotchas.md +155 -0
  284. package/skills/cloudflare/references/spectrum/patterns.md +206 -0
  285. package/skills/cloudflare/references/static-assets/README.md +65 -0
  286. package/skills/cloudflare/references/static-assets/api.md +201 -0
  287. package/skills/cloudflare/references/static-assets/configuration.md +186 -0
  288. package/skills/cloudflare/references/static-assets/gotchas.md +164 -0
  289. package/skills/cloudflare/references/static-assets/patterns.md +189 -0
  290. package/skills/cloudflare/references/stream/README.md +123 -0
  291. package/skills/cloudflare/references/stream/api-live.md +202 -0
  292. package/skills/cloudflare/references/stream/api.md +206 -0
  293. package/skills/cloudflare/references/stream/configuration.md +151 -0
  294. package/skills/cloudflare/references/stream/gotchas.md +139 -0
  295. package/skills/cloudflare/references/stream/patterns.md +217 -0
  296. package/skills/cloudflare/references/tail-workers/README.md +92 -0
  297. package/skills/cloudflare/references/tail-workers/api.md +203 -0
  298. package/skills/cloudflare/references/tail-workers/configuration.md +178 -0
  299. package/skills/cloudflare/references/tail-workers/gotchas.md +206 -0
  300. package/skills/cloudflare/references/tail-workers/patterns.md +190 -0
  301. package/skills/cloudflare/references/terraform/README.md +100 -0
  302. package/skills/cloudflare/references/terraform/api.md +178 -0
  303. package/skills/cloudflare/references/terraform/configuration.md +197 -0
  304. package/skills/cloudflare/references/terraform/gotchas.md +150 -0
  305. package/skills/cloudflare/references/terraform/patterns.md +174 -0
  306. package/skills/cloudflare/references/tunnel/README.md +137 -0
  307. package/skills/cloudflare/references/tunnel/api.md +205 -0
  308. package/skills/cloudflare/references/tunnel/configuration.md +163 -0
  309. package/skills/cloudflare/references/tunnel/gotchas.md +159 -0
  310. package/skills/cloudflare/references/tunnel/networking.md +174 -0
  311. package/skills/cloudflare/references/tunnel/patterns.md +199 -0
  312. package/skills/cloudflare/references/turn/README.md +86 -0
  313. package/skills/cloudflare/references/turn/api.md +236 -0
  314. package/skills/cloudflare/references/turn/configuration.md +181 -0
  315. package/skills/cloudflare/references/turn/gotchas.md +236 -0
  316. package/skills/cloudflare/references/turn/patterns.md +228 -0
  317. package/skills/cloudflare/references/turnstile/README.md +102 -0
  318. package/skills/cloudflare/references/turnstile/api.md +253 -0
  319. package/skills/cloudflare/references/turnstile/configuration.md +242 -0
  320. package/skills/cloudflare/references/turnstile/gotchas.md +253 -0
  321. package/skills/cloudflare/references/turnstile/patterns.md +195 -0
  322. package/skills/cloudflare/references/vectorize/README.md +133 -0
  323. package/skills/cloudflare/references/vectorize/api.md +89 -0
  324. package/skills/cloudflare/references/vectorize/configuration.md +91 -0
  325. package/skills/cloudflare/references/vectorize/gotchas.md +83 -0
  326. package/skills/cloudflare/references/vectorize/patterns.md +92 -0
  327. package/skills/cloudflare/references/waf/README.md +125 -0
  328. package/skills/cloudflare/references/waf/api.md +203 -0
  329. package/skills/cloudflare/references/waf/configuration.md +215 -0
  330. package/skills/cloudflare/references/waf/gotchas.md +208 -0
  331. package/skills/cloudflare/references/waf/patterns.md +236 -0
  332. package/skills/cloudflare/references/web-analytics/README.md +149 -0
  333. package/skills/cloudflare/references/web-analytics/configuration.md +81 -0
  334. package/skills/cloudflare/references/web-analytics/gotchas.md +86 -0
  335. package/skills/cloudflare/references/web-analytics/integration.md +63 -0
  336. package/skills/cloudflare/references/web-analytics/patterns.md +98 -0
  337. package/skills/cloudflare/references/workerd/README.md +85 -0
  338. package/skills/cloudflare/references/workerd/api.md +219 -0
  339. package/skills/cloudflare/references/workerd/configuration.md +200 -0
  340. package/skills/cloudflare/references/workerd/gotchas.md +151 -0
  341. package/skills/cloudflare/references/workerd/patterns.md +205 -0
  342. package/skills/cloudflare/references/workers/README.md +110 -0
  343. package/skills/cloudflare/references/workers/api.md +197 -0
  344. package/skills/cloudflare/references/workers/configuration.md +184 -0
  345. package/skills/cloudflare/references/workers/frameworks.md +200 -0
  346. package/skills/cloudflare/references/workers/gotchas.md +145 -0
  347. package/skills/cloudflare/references/workers/patterns.md +220 -0
  348. package/skills/cloudflare/references/workers-ai/README.md +206 -0
  349. package/skills/cloudflare/references/workers-ai/api.md +115 -0
  350. package/skills/cloudflare/references/workers-ai/configuration.md +98 -0
  351. package/skills/cloudflare/references/workers-ai/gotchas.md +130 -0
  352. package/skills/cloudflare/references/workers-ai/patterns.md +122 -0
  353. package/skills/cloudflare/references/workers-for-platforms/README.md +95 -0
  354. package/skills/cloudflare/references/workers-for-platforms/api.md +212 -0
  355. package/skills/cloudflare/references/workers-for-platforms/configuration.md +178 -0
  356. package/skills/cloudflare/references/workers-for-platforms/gotchas.md +134 -0
  357. package/skills/cloudflare/references/workers-for-platforms/patterns.md +210 -0
  358. package/skills/cloudflare/references/workers-playground/README.md +131 -0
  359. package/skills/cloudflare/references/workers-playground/api.md +101 -0
  360. package/skills/cloudflare/references/workers-playground/configuration.md +169 -0
  361. package/skills/cloudflare/references/workers-playground/gotchas.md +88 -0
  362. package/skills/cloudflare/references/workers-playground/patterns.md +134 -0
  363. package/skills/cloudflare/references/workers-vpc/README.md +130 -0
  364. package/skills/cloudflare/references/workers-vpc/api.md +196 -0
  365. package/skills/cloudflare/references/workers-vpc/configuration.md +151 -0
  366. package/skills/cloudflare/references/workers-vpc/gotchas.md +171 -0
  367. package/skills/cloudflare/references/workers-vpc/patterns.md +235 -0
  368. package/skills/cloudflare/references/workflows/README.md +72 -0
  369. package/skills/cloudflare/references/workflows/api.md +237 -0
  370. package/skills/cloudflare/references/workflows/configuration.md +158 -0
  371. package/skills/cloudflare/references/workflows/gotchas.md +97 -0
  372. package/skills/cloudflare/references/workflows/patterns.md +245 -0
  373. package/skills/cloudflare/references/wrangler/README.md +143 -0
  374. package/skills/cloudflare/references/wrangler/api.md +188 -0
  375. package/skills/cloudflare/references/wrangler/configuration.md +198 -0
  376. package/skills/cloudflare/references/wrangler/gotchas.md +212 -0
  377. package/skills/cloudflare/references/wrangler/patterns.md +211 -0
  378. package/skills/cloudflare/references/zaraz/IMPLEMENTATION_SUMMARY.md +131 -0
  379. package/skills/cloudflare/references/zaraz/README.md +114 -0
  380. package/skills/cloudflare/references/zaraz/api.md +118 -0
  381. package/skills/cloudflare/references/zaraz/configuration.md +94 -0
  382. package/skills/cloudflare/references/zaraz/gotchas.md +88 -0
  383. package/skills/cloudflare/references/zaraz/patterns.md +77 -0
  384. package/skills/docker/SKILL.md +7 -101
  385. package/skills/docker/references/advanced-examples.md +71 -0
  386. package/skills/docker/references/templates.md +34 -0
  387. package/skills/docs-marketer/SKILL.md +178 -0
  388. package/skills/docs-marketer/references/audit-categories.md +328 -0
  389. package/skills/docs-marketer/references/copilot-docs-prompts.md +88 -0
  390. package/skills/docs-marketer/references/copilot-usage.md +16 -0
  391. package/skills/docs-marketer/references/feedback-loop.md +155 -0
  392. package/skills/docs-marketer/references/multi-pass-docs-protocol.md +410 -0
  393. package/skills/drizzle-orm/SKILL.md +82 -0
  394. package/skills/durable-objects/SKILL.md +167 -0
  395. package/skills/durable-objects/references/advanced_features.md +29 -0
  396. package/skills/durable-objects/references/rules.md +300 -0
  397. package/skills/durable-objects/references/testing.md +261 -0
  398. package/skills/durable-objects/references/workers.md +336 -0
  399. package/skills/gcp/SKILL.md +37 -0
  400. package/skills/github-actions/SKILL.md +5 -58
  401. package/skills/github-actions/references/templates.md +65 -0
  402. package/skills/github-commander/SKILL.md +13 -21
  403. package/skills/github-commander/workflows/copilot-audit.md +12 -12
  404. package/skills/github-copilot-cli/SKILL.md +21 -26
  405. package/skills/github-repo-setup/SKILL.md +136 -0
  406. package/skills/github-repo-setup/references/community-standards.md +136 -0
  407. package/skills/github-repo-setup/references/github-automation.md +490 -0
  408. package/skills/github-repo-setup/references/inline-templates.md +205 -0
  409. package/skills/github-repo-setup/references/project-config.md +320 -0
  410. package/skills/gitlab/SKILL.md +7 -2
  411. package/skills/gitlab/package-lock.json +389 -389
  412. package/skills/golang/SKILL.md +8 -1
  413. package/skills/graphql/SKILL.md +30 -0
  414. package/skills/hono/SKILL.md +82 -0
  415. package/skills/journal-optimizer/SKILL.md +206 -0
  416. package/skills/journal-optimizer/references/optimizer-scripts.md +169 -0
  417. package/skills/llm-app-engineering/SKILL.md +18 -0
  418. package/skills/monorepo/SKILL.md +56 -0
  419. package/skills/multi-agent-orchestration/SKILL.md +14 -0
  420. package/skills/mysql/SKILL.md +6 -2
  421. package/skills/next-best-practices/SKILL.md +86 -0
  422. package/skills/next-best-practices/references/cache-components-examples.md +234 -0
  423. package/skills/next-best-practices/references/cache-components.md +210 -0
  424. package/skills/next-best-practices/references/upgrade-decision-tree.md +33 -0
  425. package/skills/next-best-practices/references/upgrade.md +43 -0
  426. package/skills/next-cache-components/SKILL.md +441 -0
  427. package/skills/next-upgrade/SKILL.md +43 -0
  428. package/skills/next-upgrade/references/decision-tree.md +33 -0
  429. package/skills/nodejs/SKILL.md +46 -0
  430. package/skills/opentelemetry/SKILL.md +62 -0
  431. package/skills/package.json +39 -4
  432. package/skills/playwright-standard/SKILL.md +6 -11
  433. package/skills/playwright-standard/references/locators.md +7 -0
  434. package/skills/postgres/SKILL.md +6 -1
  435. package/skills/python/SKILL.md +8 -70
  436. package/skills/python/references/advanced-patterns.md +37 -0
  437. package/skills/python/references/config-templates.md +48 -0
  438. package/skills/rag-pipelines/SKILL.md +14 -0
  439. package/skills/redis/SKILL.md +31 -0
  440. package/skills/render/SKILL.md +35 -0
  441. package/skills/rust/SKILL.md +15 -25
  442. package/skills/rust/references/borrow-checker.md +13 -0
  443. package/skills/rust/references/ecosystem.md +11 -0
  444. package/skills/sandbox-sdk/SKILL.md +186 -0
  445. package/skills/sandbox-sdk/references/api-quick-ref.md +113 -0
  446. package/skills/sandbox-sdk/references/examples.md +52 -0
  447. package/skills/shadcn-ui/SKILL.md +22 -57
  448. package/skills/skill-builder/SKILL.md +23 -424
  449. package/skills/skill-builder/references/tutorial.md +457 -0
  450. package/skills/sqlite/SKILL.md +16 -5
  451. package/skills/table.md +59 -0
  452. package/skills/tailwind-css/SKILL.md +11 -60
  453. package/skills/tailwind-css/references/component-patterns.md +52 -0
  454. package/skills/trpc/SKILL.md +56 -0
  455. package/skills/typescript/SKILL.md +30 -433
  456. package/skills/typescript/references/tutorial.md +453 -0
  457. package/skills/vercel-ai-sdk/SKILL.md +48 -0
  458. package/skills/vitest-standard/SKILL.md +5 -11
  459. package/skills/vitest-standard/references/assertions.md +11 -0
  460. package/skills/web-perf/SKILL.md +207 -0
  461. package/skills/workers-best-practices/SKILL.md +120 -0
  462. package/skills/workers-best-practices/references/anti-patterns.md +18 -0
  463. package/skills/workers-best-practices/references/review.md +174 -0
  464. package/skills/workers-best-practices/references/rules.md +485 -0
  465. package/skills/wrangler/SKILL.md +43 -0
  466. package/skills/wrangler/references/cli-commands.md +861 -0
  467. package/skills/zod/SKILL.md +48 -0
  468. package/dist/tools-P4VGG4FH.js +0 -1
  469. package/skills/react-best-practices/AGENTS.md +0 -2883
  470. package/skills/react-best-practices/SKILL.md +0 -138
  471. /package/skills/{react-best-practices → next-best-practices}/README.md +0 -0
  472. /package/skills/{react-best-practices → next-best-practices}/metadata.json +0 -0
  473. /package/skills/{react-best-practices → next-best-practices}/rules/_sections.md +0 -0
  474. /package/skills/{react-best-practices → next-best-practices}/rules/_template.md +0 -0
  475. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-event-handler-refs.md +0 -0
  476. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-init-once.md +0 -0
  477. /package/skills/{react-best-practices → next-best-practices}/rules/advanced-use-latest.md +0 -0
  478. /package/skills/{react-best-practices → next-best-practices}/rules/async-api-routes.md +0 -0
  479. /package/skills/{react-best-practices → next-best-practices}/rules/async-defer-await.md +0 -0
  480. /package/skills/{react-best-practices → next-best-practices}/rules/async-dependencies.md +0 -0
  481. /package/skills/{react-best-practices → next-best-practices}/rules/async-parallel.md +0 -0
  482. /package/skills/{react-best-practices → next-best-practices}/rules/async-suspense-boundaries.md +0 -0
  483. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-barrel-imports.md +0 -0
  484. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-conditional.md +0 -0
  485. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-defer-third-party.md +0 -0
  486. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-dynamic-imports.md +0 -0
  487. /package/skills/{react-best-practices → next-best-practices}/rules/bundle-preload.md +0 -0
  488. /package/skills/{react-best-practices → next-best-practices}/rules/client-event-listeners.md +0 -0
  489. /package/skills/{react-best-practices → next-best-practices}/rules/client-localstorage-schema.md +0 -0
  490. /package/skills/{react-best-practices → next-best-practices}/rules/client-passive-event-listeners.md +0 -0
  491. /package/skills/{react-best-practices → next-best-practices}/rules/client-swr-dedup.md +0 -0
  492. /package/skills/{react-best-practices → next-best-practices}/rules/js-batch-dom-css.md +0 -0
  493. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-function-results.md +0 -0
  494. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-property-access.md +0 -0
  495. /package/skills/{react-best-practices → next-best-practices}/rules/js-cache-storage.md +0 -0
  496. /package/skills/{react-best-practices → next-best-practices}/rules/js-combine-iterations.md +0 -0
  497. /package/skills/{react-best-practices → next-best-practices}/rules/js-early-exit.md +0 -0
  498. /package/skills/{react-best-practices → next-best-practices}/rules/js-hoist-regexp.md +0 -0
  499. /package/skills/{react-best-practices → next-best-practices}/rules/js-index-maps.md +0 -0
  500. /package/skills/{react-best-practices → next-best-practices}/rules/js-length-check-first.md +0 -0
  501. /package/skills/{react-best-practices → next-best-practices}/rules/js-min-max-loop.md +0 -0
  502. /package/skills/{react-best-practices → next-best-practices}/rules/js-set-map-lookups.md +0 -0
  503. /package/skills/{react-best-practices → next-best-practices}/rules/js-tosorted-immutable.md +0 -0
  504. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-activity.md +0 -0
  505. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-animate-svg-wrapper.md +0 -0
  506. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-conditional-render.md +0 -0
  507. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-content-visibility.md +0 -0
  508. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hoist-jsx.md +0 -0
  509. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-no-flicker.md +0 -0
  510. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-hydration-suppress-warning.md +0 -0
  511. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-svg-precision.md +0 -0
  512. /package/skills/{react-best-practices → next-best-practices}/rules/rendering-usetransition-loading.md +0 -0
  513. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-defer-reads.md +0 -0
  514. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-dependencies.md +0 -0
  515. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state-no-effect.md +0 -0
  516. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-derived-state.md +0 -0
  517. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-functional-setstate.md +0 -0
  518. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-lazy-state-init.md +0 -0
  519. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo-with-default-value.md +0 -0
  520. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-memo.md +0 -0
  521. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-move-effect-to-event.md +0 -0
  522. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-simple-expression-in-memo.md +0 -0
  523. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-transitions.md +0 -0
  524. /package/skills/{react-best-practices → next-best-practices}/rules/rerender-use-ref-transient-values.md +0 -0
  525. /package/skills/{react-best-practices → next-best-practices}/rules/server-after-nonblocking.md +0 -0
  526. /package/skills/{react-best-practices → next-best-practices}/rules/server-auth-actions.md +0 -0
  527. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-lru.md +0 -0
  528. /package/skills/{react-best-practices → next-best-practices}/rules/server-cache-react.md +0 -0
  529. /package/skills/{react-best-practices → next-best-practices}/rules/server-dedup-props.md +0 -0
  530. /package/skills/{react-best-practices → next-best-practices}/rules/server-parallel-fetching.md +0 -0
  531. /package/skills/{react-best-practices → next-best-practices}/rules/server-serialization.md +0 -0
package/skills/adversarial-planner/references/copilot-integration.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Copilot Integration
2
2
 
3
3
  Reference for Phase 4 of the adversarial planning protocol — the independent
4
- external validation pass using the GitHub Copilot CLI.
4
+ external validation pass using the GitHub CLI (`gh copilot`).
5
5
 
6
6
  ## Why Copilot?
7
7
 
@@ -12,71 +12,56 @@ blind spots that internal review misses.
12
12
 
13
13
  ## Prerequisites
14
14
 
15
- 1. **Copilot CLI installed**: `npm list -g @github/copilot`
16
- 2. **Authenticated**: `copilot auth` (requires browser approval)
17
- 3. **Skill dependency**: The `github-copilot-cli` skill documents setup details
15
+ 1. **GitHub CLI installed**: `gh --version` (v2.x+)
16
+ 2. **Authenticated**: `gh auth status` passing
17
+ 3. **Copilot available**: `gh copilot --version` — the `copilot` subcommand is built into modern `gh` CLI (no separate extension needed)
18
18
 
19
19
  If Copilot CLI is not available, skip Phase 4 gracefully and note the skip in
20
20
  the journal entry.
21
21
 
22
22
  ## Plan-Specific Prompt Templates
23
23
 
24
- These prompts differ from the full codebase/PR audit prompts in
25
- `github-commander/workflows/copilot-audit.md` they focus on architectural
26
- decisions rather than code diffs.
24
+ > **⚠️ CRITICAL Non-Interactive Mode**: The `gh copilot` CLI must be run in
25
+ > non-interactive mode using the `-p` (or `--prompt`) flag. Interactive mode
26
+ > will hang indefinitely in an automated agent context. Use:
27
+ >
28
+ > ```
29
+ > gh copilot -p "<prompt>" --allow-tool "shell(find,cat,head,grep)"
30
+ > ```
31
+ >
32
+ > The `--allow-tool` flag grants Copilot read access to the repository files.
33
+
34
+ - Expect 60–120 seconds per prompt. In environments with hard synchronous timeouts (like Antigravity's 10s `WaitMsBeforeAsync` limit), allow the command to naturally fall into the background. Use the `schedule` tool or wait for the system notification to retrieve the results. Do not skip execution due to timeout constraints.
27
35
 
28
36
  ### Architecture Review
29
37
 
30
- ```bash
31
- echo "You are a senior systems architect. Review this implementation plan for a software project. Focus on:
38
+ "You are a senior systems architect. Review this implementation plan for a software project. Focus on:
39
+
32
40
  1. Architectural soundness — are the proposed abstractions appropriate?
33
41
  2. Security gaps — are there missing auth checks, injection vectors, or data boundary issues?
34
42
  3. Performance risks — will this scale? Are there N+1 queries or hot-path allocations?
35
43
  4. Missing considerations — what did the planner forget?
36
- 5. Task ordering — are dependencies correctly sequenced?
37
-
38
- Here is the plan:
39
-
40
- $(cat plan.md)
41
-
42
- Output a Markdown table of findings with columns: #, Category, Severity (Critical/Moderate/Low), Finding, Suggestion." | copilot
43
- ```
44
+ 5. Task ordering — are dependencies correctly sequenced?"
44
45
 
45
46
  ### Roadmap/Milestone Review
46
47
 
47
- ```bash
48
- echo "You are a technical program manager reviewing a project roadmap. Evaluate:
48
+ "You are a technical program manager reviewing a project roadmap. Evaluate:
49
+
49
50
  1. Scope creep — are the milestones focused and achievable?
50
51
  2. Risk distribution — are high-risk items front-loaded for early feedback?
51
52
  3. Dependency chains — are there single points of failure in the timeline?
52
53
  4. Resource assumptions — are the estimates realistic?
53
- 5. Missing milestones — what validation checkpoints are missing?
54
-
55
- Here is the roadmap:
56
-
57
- $(cat roadmap.md)
58
-
59
- Output a structured assessment with recommendations." | copilot
60
- ```
54
+ 5. Missing milestones — what validation checkpoints are missing?"
61
55
 
62
56
  ### Targeted Security Review
63
57
 
64
- For plans that touch authentication, data access, or external integrations:
58
+ "You are a security engineer. This implementation plan proposes changes to a system. Review it exclusively for security implications:
65
59
 
66
- ```bash
67
- echo "You are a security engineer. This implementation plan proposes changes to a system. Review it exclusively for security implications:
68
60
  1. New attack surfaces introduced
69
61
  2. Auth/authz gaps
70
62
  3. Data validation boundaries
71
63
  4. Secret management
72
- 5. Supply chain risks from new dependencies
73
-
74
- Plan:
75
-
76
- $(cat plan.md)
77
-
78
- List each finding with severity and a concrete mitigation." | copilot
79
- ```
64
+ 5. Supply chain risks from new dependencies"
80
65
 
81
66
  ## Parsing Copilot Output
82
67
 
@@ -91,8 +76,8 @@ Copilot returns unstructured Markdown. To integrate findings into the protocol:
91
76
 
92
77
  ## Cross-References
93
78
 
94
- - **`github-copilot-cli` skill** — CLI installation, authentication, and
95
- non-interactive piping patterns
79
+ - **GitHub CLI (`gh copilot`)** — built-in subcommand for non-interactive
80
+ reviews; no separate extension or npm package required
96
81
  - **`github-commander/workflows/copilot-audit.md`** — Full repo and PR-level
97
82
  audits; use that workflow for post-implementation validation rather than
98
83
  plan review
package/skills/adversarial-planner/references/copilot-usage.md ADDED
@@ -0,0 +1,16 @@
1
+ # GitHub Copilot External Validation
2
+
3
+ > **⚠️ CRITICAL — Non-Interactive Mode**: The `gh copilot` CLI must be run in
4
+ > non-interactive mode using the `-p` (or `--prompt`) flag. Interactive mode
5
+ > will hang indefinitely in an automated agent context. Use:
6
+ >
7
+ > ```
8
+ > gh copilot -p "Considering these standards from Phase 0 research: [insert findings]. <prompt>" --allow-tool "shell(find,cat,head,grep)"
9
+ > ```
10
+ >
11
+ > The `--allow-tool` flag grants Copilot read access to the repository files.
12
+ > Always `Set-Location` (or `cd`) to the target repository before invoking.
13
+ >
14
+ > **⚠️ TIMEOUT GUIDANCE**: Expect 60–120 seconds per prompt. In environments with hard synchronous timeouts, use the `-s` flag or allow the command to naturally fall into the background.
15
+
16
+ > **⚠️ CRITICAL — No Fabrication**: You MUST actually execute `gh copilot` commands. Do NOT fabricate or predict what Copilot would say.
package/skills/adversarial-planner/references/multi-pass-protocol.md CHANGED
@@ -50,6 +50,10 @@ Group by component. For each file:
50
50
  Numbered sequence with dependencies noted.
51
51
  Which tasks can be parallelized.
52
52
 
53
+ ## Copilot Security & Performance Scan
54
+
55
+ Run a non-interactive `gh copilot` scan (`gh copilot -p "..." --allow-tool "shell(find,cat,head,grep)"`) focusing specifically on performance and security risks for the proposed changes, and embed the raw or summarized findings here.
56
+
53
57
  ## Risk Assessment
54
58
 
55
59
  | Risk | Likelihood | Impact | Mitigation |
package/skills/adversarial-security/SKILL.md ADDED
@@ -0,0 +1,149 @@
1
+ ---
2
+ name: adversarial-security
3
+ description: |
4
+ Multi-pass adversarial security audit for entire repositories. Combines
5
+ structured threat modeling (Agent A) with adversarial attack surface
6
+ analysis (Agent B) through iterative passes. Merges the security-audit
7
+ workflow's 10-category checklist with the adversarial-planner's
8
+ structured critique methodology. Use when running security audits,
9
+ threat modeling, or when the user says "security audit", "adversarial
10
+ security", "threat model this repo", "red team this repo", or "find vulnerabilities". NOT for fixing or remediating known security issues (use autonomous-dev instead). NOT for supply chain dependency scanning. NOT for general workflow audits or code quality. If user says 'fix security issues', ask whether they want to audit first or fix known issues.
11
+ ---
12
+
13
+ # Adversarial Security
14
+
15
+ A multi-pass security auditing system that produces high-confidence
16
+ vulnerability assessments by introducing structured adversarial critique
17
+ stages. Audits pass through an iterative pipeline of reconnaissance,
18
+ red-team attack, remediation planning, and optional external validation —
19
+ producing output optimized for exploitability, impact, and actionable
20
+ remediation.
21
+
22
+ ## When to Load
23
+
24
+ Load this skill when any of these apply:
25
+
26
+ - Running a security audit against an entire repository
27
+ - Performing threat modeling for a new or existing codebase
28
+ - The user asks for an adversarial security review or red-team analysis
29
+ - The user says "security audit", "threat model", "find vulnerabilities",
30
+ "adversarial security", or "red team this repo"
31
+ - Preparing a security posture report for a release or compliance review
32
+ - You want to reduce blind spots in your own security assessment
33
+
34
+ ## Auto-Detection
35
+
36
+ Before starting, auto-detect the project type by scanning the repository:
37
+
38
+ | Signal | Project Type | Extra Categories |
39
+ | ---------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------ |
40
+ | MCP SDK imports (`@modelcontextprotocol/sdk`), `tools/list` handler, tool `description` fields | `mcp-server` | MCP-Specific Security (Category 10) — full depth |
41
+ | Express/Hono/Fastify imports, HTTP route handlers, `listen()` calls | `web-app` | Transport & Network (Category 5) — full depth |
42
+ | `bin` field in `package.json`, CLI arg parsing (`yargs`, `commander`, `meow`) | `cli-tool` | Input Validation (Category 3) — extra CLI focus |
43
+ | No server/CLI signals, only exports | `library` | Supply Chain (Category 9) — extra consumer focus |
44
+
45
+ The MCP-Specific Security category (Category 10) is **always evaluated with
46
+ graceful degradation**. If the target is not an MCP server, findings in this
47
+ category are reported as informational rather than skipped entirely. The
48
+ rationale: even non-MCP projects may expose tool-like interfaces, schema
49
+ descriptions, or configuration metadata that could be poisoned.
50
+
51
+ When signals overlap (e.g., an MCP server that is also a CLI tool), combine
52
+ the extra categories from all matching types.
53
+
54
+ ## Adversarial Protocol
55
+
56
+ This skill follows the standard dual-agent adversarial pattern (Agent A: The Threat Modeler, Agent B: The Red Team).
57
+ For the core pipeline rules, phase definitions, and agent switching protocols, read:
58
+ **[references/adversarial-base-protocol.md](references/adversarial-base-protocol.md)**
59
+
60
+ For the security-specific protocol with review dimensions, scoring weights, and output templates, read:
61
+ **[references/multi-pass-security-protocol.md](references/multi-pass-security-protocol.md)**
62
+
63
+ ## Audit Categories
64
+
65
+ The 10 security categories audited during Phase 1 (Reconnaissance) and
66
+ challenged during Phase 2 (Red Team) are:
67
+
68
+ 1. Dependency Vulnerabilities
69
+ 2. Secret & Credential Exposure
70
+ 3. Input Validation & Injection
71
+ 4. Authentication & Authorization
72
+ 5. Transport & Network Security
73
+ 6. Docker Security
74
+ 7. CI/CD Pipeline Security
75
+ 8. Error Handling & Information Disclosure
76
+ 9. Supply Chain
77
+ 10. MCP-Specific Security (graceful degradation for non-MCP targets)
78
+
79
+ For the full checklist with CWE IDs, vulnerable patterns, and secure
80
+ patterns, read
81
+ [references/audit-categories.md](references/audit-categories.md).
82
+
83
+ ## External Validation (Phase 4)
84
+
85
+ Phase 4 triggers an independent validation pass using the GitHub CLI (`gh copilot`).
86
+ The `copilot` subcommand is built into modern `gh` CLI — no separate extension is
87
+ needed. This provides a fundamentally different model's perspective on the audit,
88
+ reducing confirmation bias that persists even after adversarial self-review.
89
+
90
+ For prompt templates and integration details, read
91
+ [references/copilot-security-prompts.md](references/copilot-security-prompts.md).
92
+
93
+ **Prerequisites:** `gh` CLI v2.x+ with `gh auth status` passing. If `gh copilot`
94
+ is not available, skip Phase 4 gracefully and note the skip in the journal entry.
95
+
96
+ Read [references/copilot-usage.md](references/copilot-usage.md) for critical non-interactive execution requirements.
97
+
98
+ ## Feedback Loop & Documentation
99
+
100
+ Every phase creates a journal entry with structured tags and entry types.
101
+ This builds a searchable audit trail that informs future security reviews.
102
+
103
+ For journal templates, tag conventions, cross-session learning patterns, and
104
+ retrospective templates, read
105
+ [references/feedback-loop.md](references/feedback-loop.md).
106
+
107
+ ### Journal Opt-Out
108
+
109
+ See [references/journal-opt-out.md](references/journal-opt-out.md) for instructions on how to handle explicit opt-outs from journaling.
110
+
111
+ ### Consolidated Report
112
+
113
+ The final deliverable is a **single consolidated artifact** merging all four
114
+ phases into one document, following the template in
115
+ [references/multi-pass-security-protocol.md § Final Report Assembly](references/multi-pass-security-protocol.md).
116
+ Do NOT produce separate artifacts per phase — the user should receive one
117
+ comprehensive document with all findings, remediations, and external
118
+ validation results. Before sharing output outside the audit context, redact or generalize specific exploit details and avoid including live credentials or internal hostnames.
119
+
120
+ ## Configuration
121
+
122
+ | Variable | Default | Description |
123
+ | -------------------- | ---------- | ----------------------------------------------------------------------- |
124
+ | `MAX_AUDIT_PASSES` | `2` | Maximum red-team cycles (phases 2–3 repeat) |
125
+ | `AUDIT_DEPTH` | `standard` | Depth: `recon`, `standard`, or `paranoid` |
126
+ | `COPILOT_VALIDATION` | `true` | Enable/disable the external validation phase (Phase 4, `gh copilot`) |
127
+ | `PROJECT_TYPE` | `auto` | Auto-detect or explicit: `mcp-server`, `web-app`, `cli-tool`, `library` |
128
+
129
+ ### Audit Depth Profiles
130
+
131
+ - **Recon**: Scan for critical and high-severity issues only (Categories 2,
132
+ 3, 4). Best for quick triage or low-risk utility repos.
133
+ - **Standard**: Full 10-category audit with all review dimensions. Default
134
+ for most repositories.
135
+ - **Paranoid**: Extended audit with additional focus on:
136
+ - Supply chain deep dive (lockfile integrity, install scripts, typosquatting)
137
+ - Cross-project impact (shared dependencies, ecosystem blast radius)
138
+ - Advanced attack vectors (prototype pollution chains, ReDoS, timing attacks)
139
+ - Historical git analysis (secrets that were committed then removed)
140
+
141
+ ## Synergies
142
+
143
+ | Skill/Workflow | Relationship |
144
+ | -------------------------- | ----------------------------------------------------------------------------------- |
145
+ | `adversarial-planner` | Applies adversarial pattern to plans; this skill applies it to security posture |
146
+ | `autonomous-dev` | Generator/Evaluator pipeline at code level; use after this skill to implement fixes |
147
+ | GitHub CLI (`gh`) | Built-in `copilot` subcommand used for Phase 4 external validation |
148
+ | `/security-audit` workflow | Provides the category checklist; this skill adds adversarial methodology on top |
149
+ | `skill-builder` | Use to refine this skill's instructions based on observed agent behavior |
package/skills/adversarial-security/references/adversarial-base-protocol.md ADDED
@@ -0,0 +1,44 @@
1
+ # Adversarial Base Protocol
2
+
3
+ This document defines the shared structural boilerplate for all adversarial skills in the ecosystem (`adversarial-security`, `adversarial-performance`, `adversarial-planner`, `adversarial-skill-audit`, `adversarial-workflow-audit`).
4
+
5
+ ## Core Architecture: Dual Agent Roles
6
+
7
+ Adversarial skills operate with two distinct mental models. You are both agents — you must strictly switch perspectives at phase boundaries to counteract confirmation bias.
8
+
9
+ ### Agent A — The Baseline / Recon Agent
10
+
11
+ **Mandate:** Establish ground truth, map the surface area, and catalog existing properties.
12
+
13
+ - Think like a defender, planner, or auditor documenting what _is_ or what _should be_.
14
+ - Focus on completeness, accuracy, and baseline measurement.
15
+ - You are NOT looking for flaws in this phase.
16
+
17
+ ### Agent B — The Adversary / Critique Agent
18
+
19
+ **Mandate:** Break, stress, or invalidate everything Agent A documented.
20
+
21
+ - Switch to a pessimistic, attacker, or stress-tester mindset.
22
+ - Assume Agent A missed something or that the documented properties are brittle.
23
+ - Find bypasses, edge cases, performance bottlenecks, or logical flaws.
24
+ - Provide concrete proof (e.g., attack vectors, quantitative impacts) — no vague concerns.
25
+
26
+ ## The Multi-Pass Protocol Pipeline
27
+
28
+ All adversarial audits follow this iterative pipeline. Each phase must produce a structured journal entry.
29
+
30
+ | Phase | Agent Role | Action |
31
+ | ------------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------- |
32
+ | **0. Research** | Agent A | Use `search_web` or `grep_search` to find latest standards, benchmarks, or ecosystem guidelines before starting. |
33
+ | **1. Recon/Profile** | Agent A | Measure and document the baseline state. Output: Map or Profile artifact. |
34
+ | **2. Adversarial Review** | Agent B | Challenge the baseline. Output: Findings table with severity/impact ratings. |
35
+ | **3. Remediation** | Agent A | Develop a prioritized plan to fix the findings. Output: Remediation Plan. |
36
+ | **4. Copilot Validation** | External | Trigger an independent validation pass using `gh copilot` to reduce self-review bias. Output: Copilot Findings. |
37
+
38
+ ## Journaling & Artifacts
39
+
40
+ - **Phase Isolation**: Do NOT skip phases or merge them. Produce the required journal entry for each phase.
41
+ - **Consolidated Report**: At the end of Phase 4, merge all findings, remediations, and external validation results into a single consolidated artifact for the user. Do not produce scattered phase artifacts outside of the journal.
42
+ - **Journal Opt-Out**: If the user explicitly opts out of journaling, proceed with the phases in memory and output the final consolidated report.
43
+
44
+ _Refer back to the specific `SKILL.md` for the exact definitions of Agent A/B for the given domain and the specific categories to audit._