miclaw-app 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.next/standalone/.next/BUILD_ID +1 -1
- package/.next/standalone/.next/build-manifest.json +6 -5
- package/.next/standalone/.next/server/app/_global-error/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/_global-error/page.js +6 -4
- package/.next/standalone/.next/server/app/_global-error/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/_global-error/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/_global-error.html +1 -1
- package/.next/standalone/.next/server/app/_global-error.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/_not-found/page.js +6 -4
- package/.next/standalone/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/_not-found.html +3 -3
- package/.next/standalone/.next/server/app/_not-found.rsc +10 -10
- package/.next/standalone/.next/server/app/_not-found.segments/_full.segment.rsc +10 -10
- package/.next/standalone/.next/server/app/_not-found.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/_not-found.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/_not-found.segments/_not-found/__PAGE__.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/_not-found.segments/_not-found.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/_not-found.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/agents/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/agents/page/server-reference-manifest.json +26 -1
- package/.next/standalone/.next/server/app/agents/page.js +10 -6
- package/.next/standalone/.next/server/app/agents/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/agents/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/agents.html +17 -10
- package/.next/standalone/.next/server/app/agents.rsc +19 -24
- package/.next/standalone/.next/server/app/agents.segments/_full.segment.rsc +19 -24
- package/.next/standalone/.next/server/app/agents.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/agents.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/agents.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/agents.segments/agents/__PAGE__.segment.rsc +14 -19
- package/.next/standalone/.next/server/app/agents.segments/agents.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/commands/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/commands/page/server-reference-manifest.json +26 -1
- package/.next/standalone/.next/server/app/commands/page.js +10 -6
- package/.next/standalone/.next/server/app/commands/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/commands/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/commands.html +27 -15
- package/.next/standalone/.next/server/app/commands.rsc +166 -174
- package/.next/standalone/.next/server/app/commands.segments/_full.segment.rsc +166 -174
- package/.next/standalone/.next/server/app/commands.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/commands.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/commands.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/commands.segments/commands/__PAGE__.segment.rsc +161 -169
- package/.next/standalone/.next/server/app/commands.segments/commands.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/hooks/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/hooks/page.js +7 -5
- package/.next/standalone/.next/server/app/hooks/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/hooks/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/hooks.html +3 -3
- package/.next/standalone/.next/server/app/hooks.rsc +11 -11
- package/.next/standalone/.next/server/app/hooks.segments/_full.segment.rsc +11 -11
- package/.next/standalone/.next/server/app/hooks.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/hooks.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/hooks.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/hooks.segments/hooks/__PAGE__.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/hooks.segments/hooks.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/index.html +18 -18
- package/.next/standalone/.next/server/app/index.rsc +12 -12
- package/.next/standalone/.next/server/app/index.segments/__PAGE__.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/index.segments/_full.segment.rsc +12 -12
- package/.next/standalone/.next/server/app/index.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/index.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/index.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/mcp/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/mcp/page.js +7 -5
- package/.next/standalone/.next/server/app/mcp/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/mcp/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/mcp.html +3 -3
- package/.next/standalone/.next/server/app/mcp.rsc +12 -12
- package/.next/standalone/.next/server/app/mcp.segments/_full.segment.rsc +12 -12
- package/.next/standalone/.next/server/app/mcp.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/mcp.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/mcp.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/mcp.segments/mcp/__PAGE__.segment.rsc +7 -8
- package/.next/standalone/.next/server/app/mcp.segments/mcp.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/page.js +7 -5
- package/.next/standalone/.next/server/app/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/projects/[slug]/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/projects/[slug]/page/server-reference-manifest.json +50 -1
- package/.next/standalone/.next/server/app/projects/[slug]/page.js +11 -7
- package/.next/standalone/.next/server/app/projects/[slug]/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/projects/[slug]/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/rules/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/rules/page/server-reference-manifest.json +14 -1
- package/.next/standalone/.next/server/app/rules/page.js +10 -6
- package/.next/standalone/.next/server/app/rules/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/rules/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/rules.html +24 -12
- package/.next/standalone/.next/server/app/rules.rsc +23 -23
- package/.next/standalone/.next/server/app/rules.segments/_full.segment.rsc +23 -23
- package/.next/standalone/.next/server/app/rules.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/rules.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/rules.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/rules.segments/rules/__PAGE__.segment.rsc +15 -15
- package/.next/standalone/.next/server/app/rules.segments/rules.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/settings/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/settings/page.js +7 -5
- package/.next/standalone/.next/server/app/settings/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/settings/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/settings.html +3 -50
- package/.next/standalone/.next/server/app/settings.rsc +44 -229
- package/.next/standalone/.next/server/app/settings.segments/_full.segment.rsc +44 -229
- package/.next/standalone/.next/server/app/settings.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/settings.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/settings.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/settings.segments/settings/__PAGE__.segment.rsc +34 -224
- package/.next/standalone/.next/server/app/settings.segments/settings.segment.rsc +3 -3
- package/.next/standalone/.next/server/app/skills/page/build-manifest.json +3 -2
- package/.next/standalone/.next/server/app/skills/page/server-reference-manifest.json +26 -1
- package/.next/standalone/.next/server/app/skills/page.js +10 -6
- package/.next/standalone/.next/server/app/skills/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/skills/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/skills.html +17 -10
- package/.next/standalone/.next/server/app/skills.rsc +22 -24
- package/.next/standalone/.next/server/app/skills.segments/_full.segment.rsc +22 -24
- package/.next/standalone/.next/server/app/skills.segments/_head.segment.rsc +4 -4
- package/.next/standalone/.next/server/app/skills.segments/_index.segment.rsc +5 -5
- package/.next/standalone/.next/server/app/skills.segments/_tree.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/skills.segments/skills/__PAGE__.segment.rsc +17 -19
- package/.next/standalone/.next/server/app/skills.segments/skills.segment.rsc +3 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0.angw.._.js +19 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0.n_sm9._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__00-fvlp._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/{[root-of-the-server]__0xrk31o._.js → [root-of-the-server]__07-x3pk._.js} +2 -2
- package/.next/standalone/.next/server/chunks/ssr/{[root-of-the-server]__09x1iac._.js → [root-of-the-server]__074ddak._.js} +2 -2
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0762gzw._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0a6fhf4._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0cyn.yv._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0drsnbn._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0gs673v._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0hb8yr6._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0lvdgab._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0pi2cyu._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0pqmw9_._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0qau0oe._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0y_r~bl._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__13f6exv._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_0155~lj._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/_019pxqf._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_04f1jnd._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_075l.9f._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_08ya7_7._.js +18 -0
- package/.next/standalone/.next/server/chunks/ssr/_0_s6zlf._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/_0blw8hh._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/_0d3amaq._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_0henl1i._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/_0n0cdzu._.js +7 -0
- package/.next/standalone/.next/server/chunks/ssr/_0odsblc._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/_0qj6zf~._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/_0~-r05b._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_06ooq~z._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_lucide-react_dist_esm_icons_x_06-w9xa.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_next_dist_05~t7f3._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_next_dist_060d1m.._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_next_dist_0ve2ws3._.js +6 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules_next_dist_compiled_0wewlb4._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/src_components_OverviewClient_tsx_02hf4_.._.js +4 -6
- package/.next/standalone/.next/server/chunks/ssr/src_components_PermissionList_tsx_11auuo4._.js +3 -0
- package/.next/standalone/.next/server/middleware-build-manifest.js +6 -5
- package/.next/standalone/.next/server/pages/404.html +3 -3
- package/.next/standalone/.next/server/pages/500.html +1 -1
- package/.next/standalone/.next/server/server-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/server-reference-manifest.json +98 -1
- package/.next/standalone/AGENTS.md +5 -0
- package/.next/standalone/CLAUDE.md +123 -0
- package/.next/standalone/README.md +80 -0
- package/.next/standalone/package.json +1 -1
- package/.next/static/chunks/04aem330ymbdp.js +1 -0
- package/.next/static/chunks/04oemklgq9z0h.js +2 -0
- package/.next/static/chunks/05aigtet4z44u.js +2 -0
- package/.next/static/chunks/07xsxgej4fv2x.js +2 -0
- package/.next/static/chunks/08fwcb._hc08b.js +2 -0
- package/.next/static/chunks/0_y~i1hg5~4wi.js +1 -0
- package/.next/static/chunks/0g_3.48-9emgq.js +2 -0
- package/.next/static/chunks/0lb3l2a8_251j.css +4 -0
- package/.next/static/chunks/0pokw498xojn-.js +5 -0
- package/.next/static/chunks/13dvyaeya8iqh.js +2 -0
- package/.next/static/chunks/14eh46s-dfy04.js +13 -0
- package/.next/static/chunks/turbopack-0vxtok8kx-1on.js +1 -0
- package/README.md +8 -3
- package/package.json +1 -1
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0-h~dmy._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__03-xb~6._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__05bypkr._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0689aen._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__09jukbl._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__09z7o2x._.js +0 -19
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0beg-.s._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0bm8p5g._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0j~ozdd._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0m45oxh._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0o4fjuz._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0qk5gqw._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0u-t242._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0y_d026._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/_09kkdgy._.js +0 -6
- package/.next/standalone/.next/server/chunks/ssr/_0g8yqoe._.js +0 -7
- package/.next/standalone/.next/server/chunks/ssr/_next-internal_server_app_agents_page_actions_07l1ss4.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/_next-internal_server_app_commands_page_actions_0npst50.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/_next-internal_server_app_projects_[slug]_page_actions_0xg3f7c.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/_next-internal_server_app_rules_page_actions_0xcrbur.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/_next-internal_server_app_skills_page_actions_0cxzzu-.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/node_modules_0sy8gnb._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/src_components_ExpandableBody_tsx_0-ivqwg._.js +0 -3
- package/.next/static/chunks/0hbcy8fff~.ks.js +0 -15
- package/.next/static/chunks/0mmpyn9fv2fjf.js +0 -2
- package/.next/static/chunks/0xlrze18so95w.css +0 -4
- package/.next/static/chunks/0y3~cortx~or~.js +0 -5
- package/.next/static/chunks/12p3iqtw2ohfq.js +0 -1
- package/.next/static/chunks/turbopack-06dy8k5p5cegf.js +0 -1
- /package/.next/static/{vFFhR9bZqGO0pHP7N7NNG → ykykNEJbtAXExgOj13bt9}/_buildManifest.js +0 -0
- /package/.next/static/{vFFhR9bZqGO0pHP7N7NNG → ykykNEJbtAXExgOj13bt9}/_clientMiddlewareManifest.js +0 -0
- /package/.next/static/{vFFhR9bZqGO0pHP7N7NNG → ykykNEJbtAXExgOj13bt9}/_ssgManifest.js +0 -0
|
@@ -1,24 +1,24 @@
|
|
|
1
1
|
1:"$Sreact.fragment"
|
|
2
|
-
2:I[22140,["/_next/static/chunks/
|
|
3
|
-
3:I[39756,["/_next/static/chunks/
|
|
4
|
-
4:I[37457,["/_next/static/chunks/
|
|
5
|
-
6:I[97367,["/_next/static/chunks/
|
|
2
|
+
2:I[22140,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"Sidebar"]
|
|
3
|
+
3:I[39756,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"default"]
|
|
4
|
+
4:I[37457,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"default"]
|
|
5
|
+
6:I[97367,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"OutletBoundary"]
|
|
6
6
|
7:"$Sreact.suspense"
|
|
7
|
-
a:I[97367,["/_next/static/chunks/
|
|
8
|
-
c:I[97367,["/_next/static/chunks/
|
|
9
|
-
e:I[68027,["/_next/static/chunks/
|
|
10
|
-
:HL["/_next/static/chunks/
|
|
7
|
+
a:I[97367,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"ViewportBoundary"]
|
|
8
|
+
c:I[97367,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"MetadataBoundary"]
|
|
9
|
+
e:I[68027,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"default",1]
|
|
10
|
+
:HL["/_next/static/chunks/0lb3l2a8_251j.css","style"]
|
|
11
11
|
:HL["/_next/static/media/166ab60e98aadb0a-s.p.0mka4ru4_bj1d.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
12
12
|
:HL["/_next/static/media/797e433ab948586e-s.p.0.q-h669a_dqa.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
13
13
|
:HL["/_next/static/media/83afe278b6a6bb3c-s.p.0q-301v4kxxnr.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
14
|
-
0:{"P":null,"c":["","commands"],"q":"","i":false,"f":[[["",{"children":["commands",{"children":["__PAGE__",{}]}]},"$undefined","$undefined",16],[["$","$1","c",{"children":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/
|
|
14
|
+
0:{"P":null,"c":["","commands"],"q":"","i":false,"f":[[["",{"children":["commands",{"children":["__PAGE__",{}]}]},"$undefined","$undefined",16],[["$","$1","c",{"children":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/0lb3l2a8_251j.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","script","script-0",{"src":"/_next/static/chunks/08fwcb._hc08b.js","async":true,"nonce":"$undefined"}],["$","script","script-1",{"src":"/_next/static/chunks/0d3shmwh5_nmn.js","async":true,"nonce":"$undefined"}]],["$","html",null,{"lang":"en","className":"inter_fe8b9d92-module__LINzvG__variable geist_mono_8d43a2aa-module__8Li5zG__variable fira_code_d18ac710-module__OladcG__variable","children":["$","body",null,{"className":"bg-surface text-text font-sans antialiased","children":["$","div",null,{"className":"flex h-screen overflow-hidden","children":[["$","$L2",null,{}],["$","main",null,{"className":"flex-1 overflow-y-auto bg-grid","children":["$","$L3",null,{"parallelRouterKey":"children","error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L4",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":[[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":404}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],[]],"forbidden":"$undefined","unauthorized":"$undefined"}]}]]}]}]}]]}],{"children":[["$","$1","c",{"children":[null,["$","$L3",null,{"parallelRouterKey":"children","error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L4",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","forbidden":"$undefined","unauthorized":"$undefined"}]]}],{"children":[["$","$1","c",{"children":["$L5",[["$","script","script-0",{"src":"/_next/static/chunks/04oemklgq9z0h.js","async":true,"nonce":"$undefined"}]],["$","$L6",null,{"children":["$","$7",null,{"name":"Next.MetadataOutlet","children":"$@8"}]}]]}],{},null,false,null]},null,false,"$@9"]},null,false,null],["$","$1","h",{"children":[null,["$","$La",null,{"children":"$Lb"}],["$","div",null,{"hidden":true,"children":["$","$Lc",null,{"children":["$","$7",null,{"name":"Next.Metadata","children":"$Ld"}]}]}],["$","meta",null,{"name":"next-size-adjust","content":""}]]}],false]],"m":"$undefined","G":["$e",[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/0lb3l2a8_251j.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}]]],"S":true,"h":null,"s":"$undefined","l":"$undefined","p":"$undefined","d":"$undefined","b":"ykykNEJbtAXExgOj13bt9"}
|
|
15
15
|
f:[]
|
|
16
16
|
9:"$Wf"
|
|
17
17
|
b:[["$","meta","0",{"charSet":"utf-8"}],["$","meta","1",{"name":"viewport","content":"width=device-width, initial-scale=1"}]]
|
|
18
|
-
10:I[27201,["/_next/static/chunks/
|
|
18
|
+
10:I[27201,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"IconMark"]
|
|
19
19
|
8:null
|
|
20
20
|
d:[["$","title","0",{"children":"MiClaw"}],["$","meta","1",{"name":"description","content":"Claude Code configuration visualizer"}],["$","link","2",{"rel":"icon","href":"/favicon.ico?favicon.0x3dzn~oxb6tn.ico","sizes":"256x256","type":"image/x-icon"}],["$","$L10","3",{}]]
|
|
21
|
-
11:I[
|
|
21
|
+
11:I[47258,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js","/_next/static/chunks/04oemklgq9z0h.js"],"CommandScopeGroup"]
|
|
22
22
|
12:T1810,# Infrastructure Security Audit
|
|
23
23
|
|
|
24
24
|
Scan all AWS infrastructure modules for security issues across four categories: IAM least-privilege, unprotected API routes, encryption, and factory module bypass.
|
|
@@ -131,8 +131,8 @@ Each sub-agent should write its report in this format:
|
|
|
131
131
|
|
|
132
132
|
After the aggregation agent completes, tell the user the full report is at `/tmp/infra-security-audit/SUMMARY.md` and output the brief summary.
|
|
133
133
|
|
|
134
|
-
Read the actual .tf files — don't guess based on module names. When a wildcard resource is found, check if it's a known AWS requirement before flagging.5:["$","div",null,{"className":"mx-auto max-w-5xl px-8 py-10","children":[["$","div",null,{"className":"mb-8","children":[["$","div",null,{"className":"flex items-baseline gap-3","children":[["$","h1",null,{"className":"text-2xl font-medium tracking-tight","children":"Commands"}],["$","span",null,{"className":"text-sm text-text-
|
|
135
|
-
|
|
134
|
+
Read the actual .tf files — don't guess based on module names. When a wildcard resource is found, check if it's a known AWS requirement before flagging.5:["$","div",null,{"className":"mx-auto max-w-5xl px-8 py-10","children":[["$","div",null,{"className":"mb-8","children":[["$","div",null,{"className":"flex items-baseline gap-3","children":[["$","h1",null,{"className":"text-2xl font-mono font-medium tracking-tight","children":"Commands"}],["$","span",null,{"className":"font-mono text-sm text-text-dim","children":12}]]}],["$","p",null,{"className":"mt-1 text-sm text-text-muted","children":"Procedural commands across projects"}]]}],[["$","div","/Users/gabry/Desktop/infrastructure",{"className":"mb-8","children":[["$","div",null,{"className":"flex items-center gap-2 mb-3","children":[["$","span",null,{"className":"font-mono text-xs text-text-dim","children":["[","INFRASTRUCTURE","]"]}],["$","span",null,{"className":"text-xs text-text-dim font-mono","children":"~/Desktop/infrastructure"}]]}],["$","$L11",null,{"commands":[{"name":"security-audit","body":"$12","filePath":"/Users/gabry/Desktop/infrastructure/.claude/commands/security-audit.md","scope":{"type":"project","projectName":"infrastructure","projectPath":"/Users/gabry/Desktop/infrastructure"}}],"scopePath":"/Users/gabry/Desktop/infrastructure"}]]}],"$L13","$L14","$L15"],false]}]
|
|
135
|
+
16:T368e,# Broken Access Control Scan
|
|
136
136
|
|
|
137
137
|
Scan ALL route handlers and Lambda handlers in platform-services for broken access control vulnerabilities beyond IDOR (which is covered by the separate `idor-scan` command).
|
|
138
138
|
|
|
@@ -358,150 +358,7 @@ Write the final report to `access-control-scan-results/SUMMARY.md` with:
|
|
|
358
358
|
|
|
359
359
|
Then output the summary to the user.
|
|
360
360
|
|
|
361
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When checking for role validation, trace the full dependency chain. If a role check happens in a called function or middleware rather than at the route level, note it but don't flag it as a vulnerability.
|
|
362
|
-
1f:T1605,# Investigate WGS Ingestion Failure
|
|
363
|
-
|
|
364
|
-
You are investigating a WGS ingestion Step Function failure in production. Follow each step. Do NOT ask for user input -- work autonomously.
|
|
365
|
-
|
|
366
|
-
## Input
|
|
367
|
-
|
|
368
|
-
$ARGUMENTS
|
|
369
|
-
|
|
370
|
-
## Step 1: Parse the Alert
|
|
371
|
-
|
|
372
|
-
Extract from the input text: `correlationId`, `wgsIngestionId`, `sfnError`, `sfnStatus`.
|
|
373
|
-
|
|
374
|
-
If the input is missing required fields, write a report noting the parse failure and stop.
|
|
375
|
-
|
|
376
|
-
## Step 2: Query Axiom
|
|
377
|
-
|
|
378
|
-
Use `mcp__axiom__queryDataset` with `startTime` = `now-24h` and `endTime` = `now`.
|
|
379
|
-
|
|
380
|
-
Trace the correlationId:
|
|
381
|
-
|
|
382
|
-
```apl
|
|
383
|
-
['bioscope-prod']
|
|
384
|
-
| where correlationId == "<correlationId>"
|
|
385
|
-
| order by _time asc
|
|
386
|
-
```
|
|
387
|
-
|
|
388
|
-
Search by wgsIngestionId:
|
|
389
|
-
|
|
390
|
-
```apl
|
|
391
|
-
['bioscope-prod']
|
|
392
|
-
| where data.wgsIngestionId == "<wgsIngestionId>" or message contains "<wgsIngestionId>"
|
|
393
|
-
| order by _time asc
|
|
394
|
-
```
|
|
395
|
-
|
|
396
|
-
Focus on ERROR-level entries. Record only the key log lines needed to explain the failure -- not the full trace.
|
|
397
|
-
|
|
398
|
-
## Step 3: Cross-Reference Code
|
|
399
|
-
|
|
400
|
-
Read the `PLATFORM_SERVICES_PATH` and `INFRASTRUCTURE_PATH` environment variables to locate the repos.
|
|
401
|
-
|
|
402
|
-
### Application code (platform-services)
|
|
403
|
-
|
|
404
|
-
1. `$PLATFORM_SERVICES_PATH/packages/wgs_ingestion_service/src/wgs_ingestion_service/handlers/handle_sfn_failure.py`
|
|
405
|
-
2. `$PLATFORM_SERVICES_PATH/packages/wgs_ingestion_service/src/wgs_ingestion_service/handlers/handle_initiate_ingestion.py`
|
|
406
|
-
3. `$PLATFORM_SERVICES_PATH/packages/bioscope_types/src/bioscope_types/dynamodb/wgs_ingestions.py`
|
|
407
|
-
|
|
408
|
-
### Infrastructure (Terraform)
|
|
409
|
-
|
|
410
|
-
If the error points to a Step Function state, Lambda config, IAM permissions, or resource limits, cross-reference these files:
|
|
411
|
-
|
|
412
|
-
1. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/sfn.tf` -- Step Function state machine definition and pipeline flow
|
|
413
|
-
2. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/lambda.tf` -- Lambda function configuration (memory, timeout, layers)
|
|
414
|
-
3. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/iam.tf` -- IAM roles and policies for the pipeline
|
|
415
|
-
4. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/eventbridge.tf` -- EventBridge rule that triggers on SFN failures
|
|
416
|
-
5. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/dynamodb.tf` -- DynamoDB table and index definitions
|
|
417
|
-
|
|
418
|
-
The execution name format is `{wgs_ingestion_id}_{kit_id}_{timestamp}`.
|
|
419
|
-
|
|
420
|
-
## Step 4: Classify the Failure
|
|
421
|
-
|
|
422
|
-
**Default to Bug.** Only classify as Transient if you can point to specific evidence (see criteria below).
|
|
423
|
-
|
|
424
|
-
- **Bug**: Code error, unhandled exception, missing IAM permissions, missing config, infrastructure misconfiguration. Requires a code or infra fix. **This is the default classification when the root cause is unclear.**
|
|
425
|
-
- **Transient**: A failure that meets ALL of these criteria:
|
|
426
|
-
1. The error is a network timeout, AWS throttling, or a known transient pattern (see below)
|
|
427
|
-
2. There is no underlying code/config/IAM issue that caused it
|
|
428
|
-
3. A redrive would be expected to succeed WITHOUT any code or infrastructure changes
|
|
429
|
-
- **Data issue**: Bad input, missing files, malformed data. Requires manual intervention.
|
|
430
|
-
|
|
431
|
-
You MUST justify your classification in the Root Cause section. If classifying as Transient, explicitly state why a redrive would fix it without code changes.
|
|
432
|
-
|
|
433
|
-
### Example Transient Errors
|
|
434
|
-
|
|
435
|
-
These LOOK like data issues but are known transient -- classify as **Transient**:
|
|
436
|
-
|
|
437
|
-
- **`INTERSECT_VARIANTS` / `KeyError: 'CHR:POS:A0:A1'` / "No variants in intersection"**: Intermittent failure in `pgsc_calc` during PRS generation. Resolves on redrive.
|
|
438
|
-
|
|
439
|
-
### Example Bug Patterns
|
|
440
|
-
|
|
441
|
-
These may LOOK transient but are bugs -- classify as **Bug**:
|
|
442
|
-
|
|
443
|
-
- **S3 403 Forbidden on HeadObject/GetObject/PutObject**: Usually a missing IAM permission on the task role, not a temporary auth issue. Check the relevant IAM policy in infrastructure. Example: BIOENG-535 where `genomics-bam-subset-processor` was missing `s3:GetObject` on its output bucket.
|
|
444
|
-
- **S3 404 Not Found on expected files**: Could indicate a missing deployment artifact, misconfigured path, or a race condition in the pipeline -- not transient.
|
|
445
|
-
- **Persistent STS/credential errors on FARGATE_SPOT**: If the same error recurs on redrive or appears on non-spot tasks, it is an IAM issue, not credential expiration.
|
|
446
|
-
|
|
447
|
-
## Step 5: Write the Report
|
|
448
|
-
|
|
449
|
-
Write the report file as: `reports/YYYY-MM-DD_<first-8-chars-of-wgsIngestionId>.md`
|
|
450
|
-
|
|
451
|
-
The `reports/` directory is in the current working directory. Verify with `Glob` that the directory exists before writing. If it does not exist, create it.
|
|
452
|
-
|
|
453
|
-
Keep the report concise. Only include log lines that are directly relevant to explaining the failure cause.
|
|
454
|
-
|
|
455
|
-
```
|
|
456
|
-
# WGS Ingestion Failure Report
|
|
457
|
-
|
|
458
|
-
## Summary
|
|
459
|
-
|
|
460
|
-
| Field | Value |
|
|
461
|
-
|-------|-------|
|
|
462
|
-
| Date | YYYY-MM-DD HH:MM UTC |
|
|
463
|
-
| Correlation ID | ... |
|
|
464
|
-
| WGS Ingestion ID | ... |
|
|
465
|
-
| Execution Name | ... |
|
|
466
|
-
| SFN Error | ... |
|
|
467
|
-
| SFN Status | ... |
|
|
468
|
-
|
|
469
|
-
## Key Logs
|
|
470
|
-
|
|
471
|
-
Only the log lines that explain the failure (oldest first):
|
|
472
|
-
|
|
473
|
-
- `TIMESTAMP` [LEVEL] message (logGroup: ...)
|
|
474
|
-
|
|
475
|
-
## Root Cause
|
|
476
|
-
|
|
477
|
-
<1-3 sentences. What failed and why.>
|
|
478
|
-
|
|
479
|
-
## Classification
|
|
480
|
-
|
|
481
|
-
**<Transient | Bug | Data issue>**
|
|
482
|
-
|
|
483
|
-
## Recommended Action
|
|
484
|
-
|
|
485
|
-
<1-2 sentences.>
|
|
486
|
-
|
|
487
|
-
### Redrive JSON
|
|
488
|
-
|
|
489
|
-
If transient, include:
|
|
490
|
-
|
|
491
|
-
{
|
|
492
|
-
"executionIds": ["<execution-name>"]
|
|
493
|
-
}
|
|
494
|
-
|
|
495
|
-
Env-task name: `redrive-wgs-ingestion-execution`
|
|
496
|
-
```
|
|
497
|
-
|
|
498
|
-
## Rules
|
|
499
|
-
|
|
500
|
-
- Do NOT ask for user input. Work fully autonomously.
|
|
501
|
-
- Do NOT include PII/PHI. Only UUIDs, error codes, timestamps, status values.
|
|
502
|
-
- Do NOT use Bash commands. Use only Read, Glob, Grep, Write, and mcp__axiom__queryDataset.
|
|
503
|
-
- If Axiom queries fail, proceed with code analysis and note the gap in the report.14:["$","div","wgs-ingestion-bot",{"className":"mb-8","children":[["$","div",null,{"className":"flex items-center gap-2 mb-3","children":[["$","span",null,{"className":"inline-flex items-center px-2 py-0.5 text-xs font-medium rounded-sm bg-surface-raised text-text-dim","children":"WGS-INGESTION-BOT"}],["$","span",null,{"className":"text-xs text-text-dim font-mono","children":"~/Desktop/wgs-ingestion-bot/.claude/commands"}]]}],["$","div",null,{"className":"space-y-3","children":[["$","div","/Users/gabry/Desktop/wgs-ingestion-bot/.claude/commands/investigate-wgs-ingestion.md",{"id":"investigate-wgs-ingestion","className":"border border-border rounded-sm p-5 scroll-mt-4 ","children":[["$","h3",null,{"className":"text-sm font-medium","children":"investigate-wgs-ingestion"}],["$","$L11",null,{"content":"$1f","previewLines":3}]]}]]}]]}]
|
|
504
|
-
20:Tf1d,# Add a New Model to llm-proxy-service
|
|
361
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When checking for role validation, trace the full dependency chain. If a role check happens in a called function or middleware rather than at the route level, note it but don't flag it as a vulnerability.17:Tf1d,# Add a New Model to llm-proxy-service
|
|
505
362
|
|
|
506
363
|
Add a new LLM model to `llm-proxy-service`, ensuring accurate cost reporting.
|
|
507
364
|
|
|
@@ -587,8 +444,7 @@ If the model requires additional env vars (vertex_ai, groq, or anthropic models)
|
|
|
587
444
|
|
|
588
445
|
1. Run `pnpm exec nx run bioscope-types:type-check` to verify the type is valid
|
|
589
446
|
2. Run `pnpm exec nx run llm-proxy-service:test` to verify tests pass
|
|
590
|
-
3. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`
|
|
591
|
-
21:T1c43,# IDOR & Authorization Vulnerability Scan
|
|
447
|
+
3. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`18:T1c43,# IDOR & Authorization Vulnerability Scan
|
|
592
448
|
|
|
593
449
|
Scan ALL route handlers in platform-services for IDOR (Insecure Direct Object Reference) and authorization vulnerabilities.
|
|
594
450
|
|
|
@@ -685,8 +541,7 @@ Write the final report to `/tmp/idor-scan-results/SUMMARY.md` with:
|
|
|
685
541
|
|
|
686
542
|
Then output the summary to the user.
|
|
687
543
|
|
|
688
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When in doubt about whether a check exists, read the called functions to see if ownership validation happens deeper in the call chain. If validation happens in a called function rather than at the route level, note it but don't flag it as a vulnerability.
|
|
689
|
-
22:T2543,# PHI/PII Data Exposure Scan
|
|
544
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When in doubt about whether a check exists, read the called functions to see if ownership validation happens deeper in the call chain. If validation happens in a called function rather than at the route level, note it but don't flag it as a vulnerability.19:T2543,# PHI/PII Data Exposure Scan
|
|
690
545
|
|
|
691
546
|
Scan ALL application code in platform-services for Protected Health Information (PHI) and Personally Identifiable Information (PII) exposure vulnerabilities. This covers logging, error responses, API over-fetching, and any other channel where sensitive data could leak.
|
|
692
547
|
|
|
@@ -857,8 +712,7 @@ Write the final report to `/tmp/phi-exposure-scan-results/SUMMARY.md` with:
|
|
|
857
712
|
|
|
858
713
|
Then output the summary to the user.
|
|
859
714
|
|
|
860
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When checking log statements, look at what the `extra` dict actually contains. When checking for model dumps, trace the model class to see what fields it includes. If a model only contains safe fields (IDs, timestamps, statuses), it's not a PHI exposure even if it's logged via `model_dump()`.
|
|
861
|
-
23:T1b86,# Upgrade litellm in llm-proxy-service
|
|
715
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When checking log statements, look at what the `extra` dict actually contains. When checking for model dumps, trace the model class to see what fields it includes. If a model only contains safe fields (IDs, timestamps, statuses), it's not a PHI exposure even if it's logged via `model_dump()`.1a:T1b86,# Upgrade litellm in llm-proxy-service
|
|
862
716
|
|
|
863
717
|
Upgrade the `litellm` dependency in `llm-proxy-service` to a new version, validating that all supported models have correct pricing.
|
|
864
718
|
|
|
@@ -971,8 +825,8 @@ After presenting findings to the user and getting their approval:
|
|
|
971
825
|
4. Run `uv sync --all-packages` from the `platform-services/` directory to update the lock file
|
|
972
826
|
5. Run `pnpm exec nx run llm-proxy-service:test` to verify tests pass
|
|
973
827
|
6. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`
|
|
974
|
-
7. Run `pnpm exec nx run embedding-service:test`, `pnpm exec nx run embedding-service:lint`, and `pnpm exec nx run embedding-service:type-check`
|
|
975
|
-
|
|
828
|
+
7. Run `pnpm exec nx run embedding-service:test`, `pnpm exec nx run embedding-service:lint`, and `pnpm exec nx run embedding-service:type-check`13:["$","div","/Users/gabry/Desktop/platform-services",{"className":"mb-8","children":[["$","div",null,{"className":"flex items-center gap-2 mb-3","children":[["$","span",null,{"className":"font-mono text-xs text-text-dim","children":["[","PLATFORM-SERVICES","]"]}],["$","span",null,{"className":"text-xs text-text-dim font-mono","children":"~/Desktop/platform-services"}]]}],["$","$L11",null,{"commands":[{"name":"access-control-scan","body":"$16","filePath":"/Users/gabry/Desktop/platform-services/.claude/commands/access-control-scan.md","scope":{"type":"project","projectName":"platform-services","projectPath":"/Users/gabry/Desktop/platform-services"}},{"name":"add-llm-proxy-service-model","body":"$17","filePath":"/Users/gabry/Desktop/platform-services/.claude/commands/add-llm-proxy-service-model.md","scope":"$13:props:children:1:props:commands:0:scope"},{"name":"idor-scan","body":"$18","filePath":"/Users/gabry/Desktop/platform-services/.claude/commands/idor-scan.md","scope":"$13:props:children:1:props:commands:0:scope"},{"name":"phi-exposure-scan","body":"$19","filePath":"/Users/gabry/Desktop/platform-services/.claude/commands/phi-exposure-scan.md","scope":"$13:props:children:1:props:commands:0:scope"},{"name":"upgrade-litellm","body":"$1a","filePath":"/Users/gabry/Desktop/platform-services/.claude/commands/upgrade-litellm.md","scope":"$13:props:children:1:props:commands:0:scope"}],"scopePath":"/Users/gabry/Desktop/platform-services"}]]}]
|
|
829
|
+
1b:T368e,# Broken Access Control Scan
|
|
976
830
|
|
|
977
831
|
Scan ALL route handlers and Lambda handlers in platform-services for broken access control vulnerabilities beyond IDOR (which is covered by the separate `idor-scan` command).
|
|
978
832
|
|
|
@@ -1198,8 +1052,7 @@ Write the final report to `access-control-scan-results/SUMMARY.md` with:
|
|
|
1198
1052
|
|
|
1199
1053
|
Then output the summary to the user.
|
|
1200
1054
|
|
|
1201
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When checking for role validation, trace the full dependency chain. If a role check happens in a called function or middleware rather than at the route level, note it but don't flag it as a vulnerability.
|
|
1202
|
-
25:Tf1d,# Add a New Model to llm-proxy-service
|
|
1055
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When checking for role validation, trace the full dependency chain. If a role check happens in a called function or middleware rather than at the route level, note it but don't flag it as a vulnerability.1c:Tf1d,# Add a New Model to llm-proxy-service
|
|
1203
1056
|
|
|
1204
1057
|
Add a new LLM model to `llm-proxy-service`, ensuring accurate cost reporting.
|
|
1205
1058
|
|
|
@@ -1285,8 +1138,7 @@ If the model requires additional env vars (vertex_ai, groq, or anthropic models)
|
|
|
1285
1138
|
|
|
1286
1139
|
1. Run `pnpm exec nx run bioscope-types:type-check` to verify the type is valid
|
|
1287
1140
|
2. Run `pnpm exec nx run llm-proxy-service:test` to verify tests pass
|
|
1288
|
-
3. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`
|
|
1289
|
-
26:T1c43,# IDOR & Authorization Vulnerability Scan
|
|
1141
|
+
3. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`1d:T1c43,# IDOR & Authorization Vulnerability Scan
|
|
1290
1142
|
|
|
1291
1143
|
Scan ALL route handlers in platform-services for IDOR (Insecure Direct Object Reference) and authorization vulnerabilities.
|
|
1292
1144
|
|
|
@@ -1383,8 +1235,7 @@ Write the final report to `/tmp/idor-scan-results/SUMMARY.md` with:
|
|
|
1383
1235
|
|
|
1384
1236
|
Then output the summary to the user.
|
|
1385
1237
|
|
|
1386
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When in doubt about whether a check exists, read the called functions to see if ownership validation happens deeper in the call chain. If validation happens in a called function rather than at the route level, note it but don't flag it as a vulnerability.
|
|
1387
|
-
27:T2543,# PHI/PII Data Exposure Scan
|
|
1238
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When in doubt about whether a check exists, read the called functions to see if ownership validation happens deeper in the call chain. If validation happens in a called function rather than at the route level, note it but don't flag it as a vulnerability.1e:T2543,# PHI/PII Data Exposure Scan
|
|
1388
1239
|
|
|
1389
1240
|
Scan ALL application code in platform-services for Protected Health Information (PHI) and Personally Identifiable Information (PII) exposure vulnerabilities. This covers logging, error responses, API over-fetching, and any other channel where sensitive data could leak.
|
|
1390
1241
|
|
|
@@ -1555,8 +1406,7 @@ Write the final report to `/tmp/phi-exposure-scan-results/SUMMARY.md` with:
|
|
|
1555
1406
|
|
|
1556
1407
|
Then output the summary to the user.
|
|
1557
1408
|
|
|
1558
|
-
Be thorough. Read the actual code — don't guess based on function names alone. When checking log statements, look at what the `extra` dict actually contains. When checking for model dumps, trace the model class to see what fields it includes. If a model only contains safe fields (IDs, timestamps, statuses), it's not a PHI exposure even if it's logged via `model_dump()`.
|
|
1559
|
-
28:T1b86,# Upgrade litellm in llm-proxy-service
|
|
1409
|
+
Be thorough. Read the actual code — don't guess based on function names alone. When checking log statements, look at what the `extra` dict actually contains. When checking for model dumps, trace the model class to see what fields it includes. If a model only contains safe fields (IDs, timestamps, statuses), it's not a PHI exposure even if it's logged via `model_dump()`.1f:T1b86,# Upgrade litellm in llm-proxy-service
|
|
1560
1410
|
|
|
1561
1411
|
Upgrade the `litellm` dependency in `llm-proxy-service` to a new version, validating that all supported models have correct pricing.
|
|
1562
1412
|
|
|
@@ -1669,4 +1519,146 @@ After presenting findings to the user and getting their approval:
|
|
|
1669
1519
|
4. Run `uv sync --all-packages` from the `platform-services/` directory to update the lock file
|
|
1670
1520
|
5. Run `pnpm exec nx run llm-proxy-service:test` to verify tests pass
|
|
1671
1521
|
6. Run `pnpm exec nx run llm-proxy-service:lint` and `pnpm exec nx run llm-proxy-service:type-check`
|
|
1672
|
-
7. Run `pnpm exec nx run embedding-service:test`, `pnpm exec nx run embedding-service:lint`, and `pnpm exec nx run embedding-service:type-check`
|
|
1522
|
+
7. Run `pnpm exec nx run embedding-service:test`, `pnpm exec nx run embedding-service:lint`, and `pnpm exec nx run embedding-service:type-check`14:["$","div","/Users/gabry/Desktop/ps-copy/platform-services",{"className":"mb-8","children":[["$","div",null,{"className":"flex items-center gap-2 mb-3","children":[["$","span",null,{"className":"font-mono text-xs text-text-dim","children":["[","PLATFORM-SERVICES","]"]}],["$","span",null,{"className":"text-xs text-text-dim font-mono","children":"~/Desktop/ps-copy/platform-services"}]]}],["$","$L11",null,{"commands":[{"name":"access-control-scan","body":"$1b","filePath":"/Users/gabry/Desktop/ps-copy/platform-services/.claude/commands/access-control-scan.md","scope":{"type":"project","projectName":"platform-services","projectPath":"/Users/gabry/Desktop/ps-copy/platform-services"}},{"name":"add-llm-proxy-service-model","body":"$1c","filePath":"/Users/gabry/Desktop/ps-copy/platform-services/.claude/commands/add-llm-proxy-service-model.md","scope":"$14:props:children:1:props:commands:0:scope"},{"name":"idor-scan","body":"$1d","filePath":"/Users/gabry/Desktop/ps-copy/platform-services/.claude/commands/idor-scan.md","scope":"$14:props:children:1:props:commands:0:scope"},{"name":"phi-exposure-scan","body":"$1e","filePath":"/Users/gabry/Desktop/ps-copy/platform-services/.claude/commands/phi-exposure-scan.md","scope":"$14:props:children:1:props:commands:0:scope"},{"name":"upgrade-litellm","body":"$1f","filePath":"/Users/gabry/Desktop/ps-copy/platform-services/.claude/commands/upgrade-litellm.md","scope":"$14:props:children:1:props:commands:0:scope"}],"scopePath":"/Users/gabry/Desktop/ps-copy/platform-services"}]]}]
|
|
1523
|
+
20:T1605,# Investigate WGS Ingestion Failure
|
|
1524
|
+
|
|
1525
|
+
You are investigating a WGS ingestion Step Function failure in production. Follow each step. Do NOT ask for user input -- work autonomously.
|
|
1526
|
+
|
|
1527
|
+
## Input
|
|
1528
|
+
|
|
1529
|
+
$ARGUMENTS
|
|
1530
|
+
|
|
1531
|
+
## Step 1: Parse the Alert
|
|
1532
|
+
|
|
1533
|
+
Extract from the input text: `correlationId`, `wgsIngestionId`, `sfnError`, `sfnStatus`.
|
|
1534
|
+
|
|
1535
|
+
If the input is missing required fields, write a report noting the parse failure and stop.
|
|
1536
|
+
|
|
1537
|
+
## Step 2: Query Axiom
|
|
1538
|
+
|
|
1539
|
+
Use `mcp__axiom__queryDataset` with `startTime` = `now-24h` and `endTime` = `now`.
|
|
1540
|
+
|
|
1541
|
+
Trace the correlationId:
|
|
1542
|
+
|
|
1543
|
+
```apl
|
|
1544
|
+
['bioscope-prod']
|
|
1545
|
+
| where correlationId == "<correlationId>"
|
|
1546
|
+
| order by _time asc
|
|
1547
|
+
```
|
|
1548
|
+
|
|
1549
|
+
Search by wgsIngestionId:
|
|
1550
|
+
|
|
1551
|
+
```apl
|
|
1552
|
+
['bioscope-prod']
|
|
1553
|
+
| where data.wgsIngestionId == "<wgsIngestionId>" or message contains "<wgsIngestionId>"
|
|
1554
|
+
| order by _time asc
|
|
1555
|
+
```
|
|
1556
|
+
|
|
1557
|
+
Focus on ERROR-level entries. Record only the key log lines needed to explain the failure -- not the full trace.
|
|
1558
|
+
|
|
1559
|
+
## Step 3: Cross-Reference Code
|
|
1560
|
+
|
|
1561
|
+
Read the `PLATFORM_SERVICES_PATH` and `INFRASTRUCTURE_PATH` environment variables to locate the repos.
|
|
1562
|
+
|
|
1563
|
+
### Application code (platform-services)
|
|
1564
|
+
|
|
1565
|
+
1. `$PLATFORM_SERVICES_PATH/packages/wgs_ingestion_service/src/wgs_ingestion_service/handlers/handle_sfn_failure.py`
|
|
1566
|
+
2. `$PLATFORM_SERVICES_PATH/packages/wgs_ingestion_service/src/wgs_ingestion_service/handlers/handle_initiate_ingestion.py`
|
|
1567
|
+
3. `$PLATFORM_SERVICES_PATH/packages/bioscope_types/src/bioscope_types/dynamodb/wgs_ingestions.py`
|
|
1568
|
+
|
|
1569
|
+
### Infrastructure (Terraform)
|
|
1570
|
+
|
|
1571
|
+
If the error points to a Step Function state, Lambda config, IAM permissions, or resource limits, cross-reference these files:
|
|
1572
|
+
|
|
1573
|
+
1. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/sfn.tf` -- Step Function state machine definition and pipeline flow
|
|
1574
|
+
2. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/lambda.tf` -- Lambda function configuration (memory, timeout, layers)
|
|
1575
|
+
3. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/iam.tf` -- IAM roles and policies for the pipeline
|
|
1576
|
+
4. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/eventbridge.tf` -- EventBridge rule that triggers on SFN failures
|
|
1577
|
+
5. `$INFRASTRUCTURE_PATH/modules/aws/wgs_ingestion/dynamodb.tf` -- DynamoDB table and index definitions
|
|
1578
|
+
|
|
1579
|
+
The execution name format is `{wgs_ingestion_id}_{kit_id}_{timestamp}`.
|
|
1580
|
+
|
|
1581
|
+
## Step 4: Classify the Failure
|
|
1582
|
+
|
|
1583
|
+
**Default to Bug.** Only classify as Transient if you can point to specific evidence (see criteria below).
|
|
1584
|
+
|
|
1585
|
+
- **Bug**: Code error, unhandled exception, missing IAM permissions, missing config, infrastructure misconfiguration. Requires a code or infra fix. **This is the default classification when the root cause is unclear.**
|
|
1586
|
+
- **Transient**: A failure that meets ALL of these criteria:
|
|
1587
|
+
1. The error is a network timeout, AWS throttling, or a known transient pattern (see below)
|
|
1588
|
+
2. There is no underlying code/config/IAM issue that caused it
|
|
1589
|
+
3. A redrive would be expected to succeed WITHOUT any code or infrastructure changes
|
|
1590
|
+
- **Data issue**: Bad input, missing files, malformed data. Requires manual intervention.
|
|
1591
|
+
|
|
1592
|
+
You MUST justify your classification in the Root Cause section. If classifying as Transient, explicitly state why a redrive would fix it without code changes.
|
|
1593
|
+
|
|
1594
|
+
### Example Transient Errors
|
|
1595
|
+
|
|
1596
|
+
These LOOK like data issues but are known transient -- classify as **Transient**:
|
|
1597
|
+
|
|
1598
|
+
- **`INTERSECT_VARIANTS` / `KeyError: 'CHR:POS:A0:A1'` / "No variants in intersection"**: Intermittent failure in `pgsc_calc` during PRS generation. Resolves on redrive.
|
|
1599
|
+
|
|
1600
|
+
### Example Bug Patterns
|
|
1601
|
+
|
|
1602
|
+
These may LOOK transient but are bugs -- classify as **Bug**:
|
|
1603
|
+
|
|
1604
|
+
- **S3 403 Forbidden on HeadObject/GetObject/PutObject**: Usually a missing IAM permission on the task role, not a temporary auth issue. Check the relevant IAM policy in infrastructure. Example: BIOENG-535 where `genomics-bam-subset-processor` was missing `s3:GetObject` on its output bucket.
|
|
1605
|
+
- **S3 404 Not Found on expected files**: Could indicate a missing deployment artifact, misconfigured path, or a race condition in the pipeline -- not transient.
|
|
1606
|
+
- **Persistent STS/credential errors on FARGATE_SPOT**: If the same error recurs on redrive or appears on non-spot tasks, it is an IAM issue, not credential expiration.
|
|
1607
|
+
|
|
1608
|
+
## Step 5: Write the Report
|
|
1609
|
+
|
|
1610
|
+
Write the report file as: `reports/YYYY-MM-DD_<first-8-chars-of-wgsIngestionId>.md`
|
|
1611
|
+
|
|
1612
|
+
The `reports/` directory is in the current working directory. Verify with `Glob` that the directory exists before writing. If it does not exist, create it.
|
|
1613
|
+
|
|
1614
|
+
Keep the report concise. Only include log lines that are directly relevant to explaining the failure cause.
|
|
1615
|
+
|
|
1616
|
+
```
|
|
1617
|
+
# WGS Ingestion Failure Report
|
|
1618
|
+
|
|
1619
|
+
## Summary
|
|
1620
|
+
|
|
1621
|
+
| Field | Value |
|
|
1622
|
+
|-------|-------|
|
|
1623
|
+
| Date | YYYY-MM-DD HH:MM UTC |
|
|
1624
|
+
| Correlation ID | ... |
|
|
1625
|
+
| WGS Ingestion ID | ... |
|
|
1626
|
+
| Execution Name | ... |
|
|
1627
|
+
| SFN Error | ... |
|
|
1628
|
+
| SFN Status | ... |
|
|
1629
|
+
|
|
1630
|
+
## Key Logs
|
|
1631
|
+
|
|
1632
|
+
Only the log lines that explain the failure (oldest first):
|
|
1633
|
+
|
|
1634
|
+
- `TIMESTAMP` [LEVEL] message (logGroup: ...)
|
|
1635
|
+
|
|
1636
|
+
## Root Cause
|
|
1637
|
+
|
|
1638
|
+
<1-3 sentences. What failed and why.>
|
|
1639
|
+
|
|
1640
|
+
## Classification
|
|
1641
|
+
|
|
1642
|
+
**<Transient | Bug | Data issue>**
|
|
1643
|
+
|
|
1644
|
+
## Recommended Action
|
|
1645
|
+
|
|
1646
|
+
<1-2 sentences.>
|
|
1647
|
+
|
|
1648
|
+
### Redrive JSON
|
|
1649
|
+
|
|
1650
|
+
If transient, include:
|
|
1651
|
+
|
|
1652
|
+
{
|
|
1653
|
+
"executionIds": ["<execution-name>"]
|
|
1654
|
+
}
|
|
1655
|
+
|
|
1656
|
+
Env-task name: `redrive-wgs-ingestion-execution`
|
|
1657
|
+
```
|
|
1658
|
+
|
|
1659
|
+
## Rules
|
|
1660
|
+
|
|
1661
|
+
- Do NOT ask for user input. Work fully autonomously.
|
|
1662
|
+
- Do NOT include PII/PHI. Only UUIDs, error codes, timestamps, status values.
|
|
1663
|
+
- Do NOT use Bash commands. Use only Read, Glob, Grep, Write, and mcp__axiom__queryDataset.
|
|
1664
|
+
- If Axiom queries fail, proceed with code analysis and note the gap in the report.15:["$","div","/Users/gabry/Desktop/wgs-ingestion-bot",{"className":"mb-8","children":[["$","div",null,{"className":"flex items-center gap-2 mb-3","children":[["$","span",null,{"className":"font-mono text-xs text-text-dim","children":["[","WGS-INGESTION-BOT","]"]}],["$","span",null,{"className":"text-xs text-text-dim font-mono","children":"~/Desktop/wgs-ingestion-bot"}]]}],["$","$L11",null,{"commands":[{"name":"investigate-wgs-ingestion","body":"$20","filePath":"/Users/gabry/Desktop/wgs-ingestion-bot/.claude/commands/investigate-wgs-ingestion.md","scope":{"type":"project","projectName":"wgs-ingestion-bot","projectPath":"/Users/gabry/Desktop/wgs-ingestion-bot"}}],"scopePath":"/Users/gabry/Desktop/wgs-ingestion-bot"}]]}]
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
1:"$Sreact.fragment"
|
|
2
|
-
2:I[97367,["/_next/static/chunks/
|
|
3
|
-
3:I[97367,["/_next/static/chunks/
|
|
2
|
+
2:I[97367,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"ViewportBoundary"]
|
|
3
|
+
3:I[97367,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"MetadataBoundary"]
|
|
4
4
|
4:"$Sreact.suspense"
|
|
5
|
-
5:I[27201,["/_next/static/chunks/
|
|
6
|
-
0:{"rsc":["$","$1","h",{"children":[null,["$","$L2",null,{"children":[["$","meta","0",{"charSet":"utf-8"}],["$","meta","1",{"name":"viewport","content":"width=device-width, initial-scale=1"}]]}],["$","div",null,{"hidden":true,"children":["$","$L3",null,{"children":["$","$4",null,{"name":"Next.Metadata","children":[["$","title","0",{"children":"MiClaw"}],["$","meta","1",{"name":"description","content":"Claude Code configuration visualizer"}],["$","link","2",{"rel":"icon","href":"/favicon.ico?favicon.0x3dzn~oxb6tn.ico","sizes":"256x256","type":"image/x-icon"}],["$","$L5","3",{}]]}]}]}],["$","meta",null,{"name":"next-size-adjust","content":""}]]}],"isPartial":false,"staleTime":300,"varyParams":null,"buildId":"
|
|
5
|
+
5:I[27201,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"IconMark"]
|
|
6
|
+
0:{"rsc":["$","$1","h",{"children":[null,["$","$L2",null,{"children":[["$","meta","0",{"charSet":"utf-8"}],["$","meta","1",{"name":"viewport","content":"width=device-width, initial-scale=1"}]]}],["$","div",null,{"hidden":true,"children":["$","$L3",null,{"children":["$","$4",null,{"name":"Next.Metadata","children":[["$","title","0",{"children":"MiClaw"}],["$","meta","1",{"name":"description","content":"Claude Code configuration visualizer"}],["$","link","2",{"rel":"icon","href":"/favicon.ico?favicon.0x3dzn~oxb6tn.ico","sizes":"256x256","type":"image/x-icon"}],["$","$L5","3",{}]]}]}]}],["$","meta",null,{"name":"next-size-adjust","content":""}]]}],"isPartial":false,"staleTime":300,"varyParams":null,"buildId":"ykykNEJbtAXExgOj13bt9"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
1:"$Sreact.fragment"
|
|
2
|
-
2:I[22140,["/_next/static/chunks/
|
|
3
|
-
3:I[39756,["/_next/static/chunks/
|
|
4
|
-
4:I[37457,["/_next/static/chunks/
|
|
5
|
-
:HL["/_next/static/chunks/
|
|
6
|
-
0:{"rsc":["$","$1","c",{"children":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/
|
|
2
|
+
2:I[22140,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"Sidebar"]
|
|
3
|
+
3:I[39756,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"default"]
|
|
4
|
+
4:I[37457,["/_next/static/chunks/08fwcb._hc08b.js","/_next/static/chunks/0d3shmwh5_nmn.js"],"default"]
|
|
5
|
+
:HL["/_next/static/chunks/0lb3l2a8_251j.css","style"]
|
|
6
|
+
0:{"rsc":["$","$1","c",{"children":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/0lb3l2a8_251j.css","precedence":"next"}],["$","script","script-0",{"src":"/_next/static/chunks/08fwcb._hc08b.js","async":true}],["$","script","script-1",{"src":"/_next/static/chunks/0d3shmwh5_nmn.js","async":true}]],["$","html",null,{"lang":"en","className":"inter_fe8b9d92-module__LINzvG__variable geist_mono_8d43a2aa-module__8Li5zG__variable fira_code_d18ac710-module__OladcG__variable","children":["$","body",null,{"className":"bg-surface text-text font-sans antialiased","children":["$","div",null,{"className":"flex h-screen overflow-hidden","children":[["$","$L2",null,{}],["$","main",null,{"className":"flex-1 overflow-y-auto bg-grid","children":["$","$L3",null,{"parallelRouterKey":"children","template":["$","$L4",null,{}],"notFound":[[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":404}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],[]]}]}]]}]}]}]]}],"isPartial":false,"staleTime":300,"varyParams":null,"buildId":"ykykNEJbtAXExgOj13bt9"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
:HL["/_next/static/chunks/
|
|
1
|
+
:HL["/_next/static/chunks/0lb3l2a8_251j.css","style"]
|
|
2
2
|
:HL["/_next/static/media/166ab60e98aadb0a-s.p.0mka4ru4_bj1d.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
3
3
|
:HL["/_next/static/media/797e433ab948586e-s.p.0.q-h669a_dqa.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
4
4
|
:HL["/_next/static/media/83afe278b6a6bb3c-s.p.0q-301v4kxxnr.woff2","font",{"crossOrigin":"","type":"font/woff2"}]
|
|
5
|
-
0:{"tree":{"name":"","param":null,"prefetchHints":16,"slots":{"children":{"name":"commands","param":null,"prefetchHints":0,"slots":{"children":{"name":"__PAGE__","param":null,"prefetchHints":0,"slots":null}}}}},"staleTime":300,"buildId":"
|
|
5
|
+
0:{"tree":{"name":"","param":null,"prefetchHints":16,"slots":{"children":{"name":"commands","param":null,"prefetchHints":0,"slots":{"children":{"name":"__PAGE__","param":null,"prefetchHints":0,"slots":null}}}}},"staleTime":300,"buildId":"ykykNEJbtAXExgOj13bt9"}
|