mindforge-cc 11.5.1 → 11.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/mindforge/skill-tdd.md +53 -0
- package/.agent/mindforge/skills-index.md +118 -0
- package/.agent/mindforge/systematic-debug.md +60 -0
- package/.agent/skills/1password-skill/SKILL.md +156 -0
- package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
- package/.agent/skills/1password-skill/references/get-started.md +21 -0
- package/.agent/skills/article-illustrator/SKILL.md +199 -0
- package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
- package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
- package/.agent/skills/article-illustrator/references/styles.md +224 -0
- package/.agent/skills/article-illustrator/references/usage.md +50 -0
- package/.agent/skills/article-illustrator/references/workflow.md +332 -0
- package/.agent/skills/arxiv/SKILL.md +275 -0
- package/.agent/skills/blogwatcher/SKILL.md +130 -0
- package/.agent/skills/code-wiki/SKILL.md +438 -0
- package/.agent/skills/code-wiki/templates/README.md +31 -0
- package/.agent/skills/code-wiki/templates/architecture.md +30 -0
- package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
- package/.agent/skills/code-wiki/templates/module.md +38 -0
- package/.agent/skills/codebase-inspection/SKILL.md +109 -0
- package/.agent/skills/comic-creator/SKILL.md +240 -0
- package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
- package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
- package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
- package/.agent/skills/comic-creator/references/character-template.md +180 -0
- package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
- package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
- package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
- package/.agent/skills/comic-creator/references/workflow.md +401 -0
- package/.agent/skills/concept-diagrams/SKILL.md +355 -0
- package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
- package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
- package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
- package/.agent/skills/creative-ideation/SKILL.md +144 -0
- package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
- package/.agent/skills/devops-cli/SKILL.md +149 -0
- package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
- package/.agent/skills/devops-cli/references/authentication.md +59 -0
- package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
- package/.agent/skills/devops-cli/references/running-apps.md +171 -0
- package/.agent/skills/devops-watchers/SKILL.md +103 -0
- package/.agent/skills/docker-management/SKILL.md +273 -0
- package/.agent/skills/domain-intel/SKILL.md +96 -0
- package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
- package/.agent/skills/github-auth/SKILL.md +240 -0
- package/.agent/skills/github-code-review/SKILL.md +474 -0
- package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
- package/.agent/skills/github-issues/SKILL.md +363 -0
- package/.agent/skills/github-issues/templates/bug-report.md +35 -0
- package/.agent/skills/github-issues/templates/feature-request.md +31 -0
- package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
- package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
- package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
- package/.agent/skills/github-repo-management/SKILL.md +509 -0
- package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
- package/.agent/skills/godmode/SKILL.md +396 -0
- package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
- package/.agent/skills/godmode/references/refusal-detection.md +142 -0
- package/.agent/skills/hyperframes/SKILL.md +182 -0
- package/.agent/skills/hyperframes/references/cli.md +185 -0
- package/.agent/skills/hyperframes/references/composition.md +129 -0
- package/.agent/skills/hyperframes/references/features.md +289 -0
- package/.agent/skills/hyperframes/references/gsap.md +136 -0
- package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
- package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
- package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
- package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
- package/.agent/skills/kanban-worker/SKILL.md +188 -0
- package/.agent/skills/llm-wiki/SKILL.md +499 -0
- package/.agent/skills/meme-generation/SKILL.md +122 -0
- package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
- package/.agent/skills/obsidian/SKILL.md +60 -0
- package/.agent/skills/osint-investigation/SKILL.md +269 -0
- package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
- package/.agent/skills/oss-forensics/SKILL.md +422 -0
- package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
- package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
- package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
- package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
- package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
- package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
- package/.agent/skills/parallel-cli/SKILL.md +384 -0
- package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
- package/.agent/skills/pixel-art/SKILL.md +209 -0
- package/.agent/skills/pixel-art/references/palettes.md +49 -0
- package/.agent/skills/plan/SKILL.md +331 -0
- package/.agent/skills/polymarket/SKILL.md +75 -0
- package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
- package/.agent/skills/python-debugpy/SKILL.md +368 -0
- package/.agent/skills/requesting-code-review/SKILL.md +273 -0
- package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
- package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
- package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
- package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
- package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
- package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
- package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
- package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
- package/.agent/skills/research-paper-writing/references/sources.md +191 -0
- package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
- package/.agent/skills/research-paper-writing/templates/README.md +251 -0
- package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
- package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
- package/.agent/skills/scrapling/SKILL.md +328 -0
- package/.agent/skills/sherlock/SKILL.md +186 -0
- package/.agent/skills/simplify-code/SKILL.md +168 -0
- package/.agent/skills/skill-authoring/SKILL.md +158 -0
- package/.agent/skills/spike/SKILL.md +190 -0
- package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
- package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
- package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
- package/.agent/skills/systematic-debugging/SKILL.md +360 -0
- package/.agent/skills/test-driven-development/SKILL.md +336 -0
- package/.agent/skills/video-orchestrator/SKILL.md +194 -0
- package/.agent/skills/video-orchestrator/references/examples.md +227 -0
- package/.agent/skills/video-orchestrator/references/intake.md +166 -0
- package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
- package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
- package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
- package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
- package/.agent/skills/web-pentest/SKILL.md +332 -0
- package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
- package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
- package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
- package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
- package/.agent/skills/web-pentest/templates/authorization.md +69 -0
- package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
- package/.claude/commands/mindforge/skill-tdd.md +53 -0
- package/.claude/commands/mindforge/skills-index.md +118 -0
- package/.claude/commands/mindforge/systematic-debug.md +60 -0
- package/.mindforge/config.json +2 -2
- package/.mindforge/memory/sync-manifest.json +1 -1
- package/.mindforge/skills/arxiv/SKILL.md +294 -0
- package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
- package/.mindforge/skills/code-wiki/SKILL.md +457 -0
- package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
- package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
- package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
- package/.mindforge/skills/domain-intel/SKILL.md +116 -0
- package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
- package/.mindforge/skills/github-code-review/SKILL.md +493 -0
- package/.mindforge/skills/github-issues/SKILL.md +382 -0
- package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
- package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
- package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
- package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
- package/.mindforge/skills/meme-generation/SKILL.md +141 -0
- package/.mindforge/skills/obsidian/SKILL.md +80 -0
- package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
- package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
- package/.mindforge/skills/pixel-art/SKILL.md +228 -0
- package/.mindforge/skills/plan/SKILL.md +350 -0
- package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
- package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
- package/.mindforge/skills/scrapling/SKILL.md +345 -0
- package/.mindforge/skills/sherlock/SKILL.md +203 -0
- package/.mindforge/skills/simplify-code/SKILL.md +187 -0
- package/.mindforge/skills/spike/SKILL.md +209 -0
- package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
- package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
- package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
- package/.mindforge/skills/web-pentest/SKILL.md +327 -0
- package/CHANGELOG.md +43 -0
- package/MINDFORGE.md +2 -2
- package/README.md +39 -3
- package/RELEASENOTES.md +55 -0
- package/docs/getting-started.md +42 -5
- package/package.json +1 -1
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
# Penetration Test Report
|
|
2
|
+
|
|
3
|
+
**Target:** <name + URL>
|
|
4
|
+
**Engagement ID:** <slug>
|
|
5
|
+
**Engagement window:** <start> – <end>
|
|
6
|
+
**Operator:** <name>
|
|
7
|
+
**Tester:**
|
|
8
|
+
**Report generated:** <ISO 8601 timestamp>
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## Executive Summary
|
|
13
|
+
|
|
14
|
+
<2-4 paragraph plain-language summary. Focus on:
|
|
15
|
+
- What was tested
|
|
16
|
+
- What was found (count by severity)
|
|
17
|
+
- Most critical finding in one sentence
|
|
18
|
+
- High-level remediation recommendation>
|
|
19
|
+
|
|
20
|
+
| Severity | Count |
|
|
21
|
+
|----------|-------|
|
|
22
|
+
| Critical | 0 |
|
|
23
|
+
| High | 0 |
|
|
24
|
+
| Medium | 0 |
|
|
25
|
+
| Low | 0 |
|
|
26
|
+
| Info | 0 |
|
|
27
|
+
|
|
28
|
+
---
|
|
29
|
+
|
|
30
|
+
## Engagement Scope
|
|
31
|
+
|
|
32
|
+
In-scope targets (from `engagement/scope.txt`):
|
|
33
|
+
|
|
34
|
+
- <host or CIDR>
|
|
35
|
+
|
|
36
|
+
Out of scope: see `engagement/authorization.md`.
|
|
37
|
+
|
|
38
|
+
Authorization basis: see `engagement/authorization.md`.
|
|
39
|
+
|
|
40
|
+
## Methodology
|
|
41
|
+
|
|
42
|
+
Approach was based on the `web-pentest` skill (a
|
|
43
|
+
adaptation of the OWASP Testing Guide with elements of Shannon's
|
|
44
|
+
proof-based methodology). Phases performed:
|
|
45
|
+
|
|
46
|
+
- [ ] Pre-recon (source code review)
|
|
47
|
+
- [ ] Recon (live, read-only)
|
|
48
|
+
- [ ] Vulnerability analysis (one queue per OWASP class)
|
|
49
|
+
- [ ] Exploitation (proof-based)
|
|
50
|
+
- [ ] Reporting
|
|
51
|
+
|
|
52
|
+
Tools used: <nmap, whatweb, curl, browser tool, ...>.
|
|
53
|
+
|
|
54
|
+
## Findings (L3/L4 — Verified Exploitable)
|
|
55
|
+
|
|
56
|
+
> Every finding in this section has a reproducible proof-of-concept.
|
|
57
|
+
> L1/L2 candidates that were not promoted to confirmed exploitation
|
|
58
|
+
> are listed in the "Not Exploited" section.
|
|
59
|
+
|
|
60
|
+
### F-001: <Title>
|
|
61
|
+
|
|
62
|
+
- **Severity:** Critical | High | Medium | Low
|
|
63
|
+
- **CVSS 3.1 vector:** `CVSS:3.1/AV:N/AC:L/...`
|
|
64
|
+
- **CVSS 3.1 base score:** N.N
|
|
65
|
+
- **CWE:** CWE-XX
|
|
66
|
+
- **Affected endpoint(s):** `GET https://target.example/api/...`
|
|
67
|
+
- **Affected parameter(s):** `id`
|
|
68
|
+
- **Discovered:** <date>
|
|
69
|
+
|
|
70
|
+
#### Description
|
|
71
|
+
|
|
72
|
+
<What is the bug, in plain language.>
|
|
73
|
+
|
|
74
|
+
#### Proof
|
|
75
|
+
|
|
76
|
+
Request:
|
|
77
|
+
|
|
78
|
+
```http
|
|
79
|
+
GET /api/items?id=1%27%20OR%201=1-- HTTP/1.1
|
|
80
|
+
Host: target.example
|
|
81
|
+
Cookie: session=...
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
Response (excerpt):
|
|
85
|
+
|
|
86
|
+
```http
|
|
87
|
+
HTTP/1.1 200 OK
|
|
88
|
+
Content-Type: application/json
|
|
89
|
+
|
|
90
|
+
[{"id":1,...}, {"id":2,...}, ... <full table dumped>]
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
#### Reproduction
|
|
94
|
+
|
|
95
|
+
```bash
|
|
96
|
+
curl -sS 'https://target.example/api/items?id=1%27%20OR%201=1--' \
|
|
97
|
+
-H 'Cookie: session=YOUR_TEST_SESSION'
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
#### Impact
|
|
101
|
+
|
|
102
|
+
<What an attacker gains. Be specific. "Could allow data extraction" is
|
|
103
|
+
worse than "Allowed extraction of all 4 columns from the `users` table
|
|
104
|
+
in our test (PoC redacted PII), and the same query shape applies to
|
|
105
|
+
any other parameter using the same code path.">
|
|
106
|
+
|
|
107
|
+
#### Remediation
|
|
108
|
+
|
|
109
|
+
<Specific, actionable. "Use parameterized queries" is better than
|
|
110
|
+
"sanitize inputs." Include code example if possible.>
|
|
111
|
+
|
|
112
|
+
#### Verification (post-fix)
|
|
113
|
+
|
|
114
|
+
To verify the fix, re-run the reproduction command. The response
|
|
115
|
+
should be HTTP 400, an empty result, or a result containing only the
|
|
116
|
+
record matching `id=1` literally.
|
|
117
|
+
|
|
118
|
+
---
|
|
119
|
+
|
|
120
|
+
(repeat per finding)
|
|
121
|
+
|
|
122
|
+
---
|
|
123
|
+
|
|
124
|
+
## Not Exploited (L1/L2 candidates)
|
|
125
|
+
|
|
126
|
+
Candidates that pattern-matched but were not promoted to L3 within
|
|
127
|
+
the engagement window. Listed for completeness; do NOT report these
|
|
128
|
+
as confirmed vulnerabilities.
|
|
129
|
+
|
|
130
|
+
| ID | Class | Endpoint | Status | Why not promoted |
|
|
131
|
+
|----|-------|----------|--------|------------------|
|
|
132
|
+
| INJ-002 | SQLi | `/api/search?q=` | L2 partial | Bypass set exhausted; appears to use parameterized binding |
|
|
133
|
+
| XSS-003 | reflected | `/error?msg=` | L1 identified | Could not produce executable context — output is JSON-encoded |
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
|
|
137
|
+
## Out-of-Scope Observations
|
|
138
|
+
|
|
139
|
+
(Findings or hints noticed but NOT tested because they were outside
|
|
140
|
+
scope. These are documentation, not findings. The operator decides
|
|
141
|
+
whether to extend scope and re-test.)
|
|
142
|
+
|
|
143
|
+
- The application sends to `https://third-party.example/...` — payload
|
|
144
|
+
could trigger third-party-side bugs but third party is out of scope.
|
|
145
|
+
|
|
146
|
+
---
|
|
147
|
+
|
|
148
|
+
## Limitations
|
|
149
|
+
|
|
150
|
+
What was NOT tested, and why:
|
|
151
|
+
|
|
152
|
+
- <Class of test>: <reason>
|
|
153
|
+
|
|
154
|
+
Examples:
|
|
155
|
+
- DDoS / stress testing — explicitly excluded by engagement scope.
|
|
156
|
+
- Authenticated business-logic flows requiring billing — no test
|
|
157
|
+
credit card available.
|
|
158
|
+
- Mobile API surfaces — out of scope.
|
|
159
|
+
|
|
160
|
+
---
|
|
161
|
+
|
|
162
|
+
## Appendices
|
|
163
|
+
|
|
164
|
+
- A: `engagement/authorization.md` — authorization on file
|
|
165
|
+
- B: `engagement/scope.txt` — machine-readable scope
|
|
166
|
+
- C: `engagement/request-log.jsonl` — every active request issued
|
|
167
|
+
- D: `findings/*-queue.json` — per-class candidate queues
|
|
168
|
+
- E: `evidence/` — raw captures (request/response pairs)
|
|
169
|
+
|
|
170
|
+
---
|
|
171
|
+
|
|
172
|
+
## Disclaimer
|
|
173
|
+
|
|
174
|
+
This report describes vulnerabilities discovered during a
|
|
175
|
+
time-bounded penetration test against the listed targets within the
|
|
176
|
+
listed scope. Absence of a finding in this report does not imply the
|
|
177
|
+
target is secure; only that no exploitable issue was found in scope
|
|
178
|
+
X within time T using methods Y.
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Test-Driven Development — RED-GREEN-REFACTOR discipline. Write the failing test first, always."
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# MindForge — TDD Skill Command
|
|
6
|
+
# Usage: /mindforge:skill-tdd [feature or bug to implement]
|
|
7
|
+
|
|
8
|
+
Activates the test-driven development skill. The core rule: **if you didn't watch the test fail, you don't know if it tests the right thing.**
|
|
9
|
+
|
|
10
|
+
## Activation
|
|
11
|
+
|
|
12
|
+
Load `.mindforge/skills/test-driven-development/SKILL.md` immediately.
|
|
13
|
+
Follow its RED-GREEN-REFACTOR cycle strictly for the full duration of this session.
|
|
14
|
+
|
|
15
|
+
## The Cycle (non-negotiable)
|
|
16
|
+
|
|
17
|
+
### RED — Write a failing test
|
|
18
|
+
1. Identify the smallest next behavior to implement.
|
|
19
|
+
2. Write one test that asserts that behavior.
|
|
20
|
+
3. Run it — confirm it FAILS for the right reason (not a syntax error, not a missing import — the actual assertion fails).
|
|
21
|
+
4. Do not proceed until the test fails correctly.
|
|
22
|
+
|
|
23
|
+
### GREEN — Write minimal code to pass
|
|
24
|
+
1. Write the simplest code that makes the test pass.
|
|
25
|
+
2. No gold-plating, no extra features. Minimum viable.
|
|
26
|
+
3. Run the test — it must pass.
|
|
27
|
+
4. Run the full suite — no regressions.
|
|
28
|
+
|
|
29
|
+
### REFACTOR — Clean up
|
|
30
|
+
1. Improve code structure, naming, and clarity.
|
|
31
|
+
2. Remove duplication.
|
|
32
|
+
3. Tests stay green throughout — run after every change.
|
|
33
|
+
|
|
34
|
+
## Mandatory gates
|
|
35
|
+
|
|
36
|
+
- **Never write code without a failing test.** Not for "obvious" cases, not for "quick" fixes, not for "trivial" implementations.
|
|
37
|
+
- **One cycle at a time.** Complete RED-GREEN-REFACTOR before starting the next behavior.
|
|
38
|
+
- **A passing test suite is always the starting state.** If tests are red when you begin, fix them first.
|
|
39
|
+
|
|
40
|
+
## When the user asks for a feature
|
|
41
|
+
|
|
42
|
+
1. Decompose into the smallest testable behavior.
|
|
43
|
+
2. Start with the first RED step before writing any implementation.
|
|
44
|
+
3. Repeat the cycle for each behavior.
|
|
45
|
+
|
|
46
|
+
## When the user asks for a bug fix
|
|
47
|
+
|
|
48
|
+
1. Write a failing test that reproduces the bug (this is your RED step).
|
|
49
|
+
2. Confirm it fails.
|
|
50
|
+
3. Fix the code (GREEN).
|
|
51
|
+
4. Refactor if needed.
|
|
52
|
+
|
|
53
|
+
The bug test becomes the regression guard — it must remain in the suite permanently.
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Browse all available skills by category — discover and activate any skill by name."
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# MindForge — Skills Index
|
|
6
|
+
# Usage: /mindforge:skills-index [optional: category or keyword filter]
|
|
7
|
+
|
|
8
|
+
Lists all skills available in this MindForge installation. Skills in the **Engine** tier activate automatically via trigger-matching. Skills in the **Extended** tier require explicit invocation.
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## How to activate a skill
|
|
13
|
+
|
|
14
|
+
**Engine tier** (auto-triggers from `.mindforge/skills/`): Just describe the task — the skill-loader matches your request against each skill's `triggers:` field and loads the relevant skill automatically.
|
|
15
|
+
|
|
16
|
+
**Extended tier** (explicit from `.agent/skills/`): Ask Claude to "use the [skill-name] skill" or invoke it by name.
|
|
17
|
+
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
## Engine Tier Skills (auto-triggered)
|
|
21
|
+
|
|
22
|
+
### Software Development
|
|
23
|
+
| Skill | Triggers |
|
|
24
|
+
|---|---|
|
|
25
|
+
| `systematic-debugging` | systematic debugging, root cause analysis, debug methodology, 4-phase debug |
|
|
26
|
+
| `test-driven-development` | TDD, red green refactor, write test first, test before code |
|
|
27
|
+
| `plan` | write a plan, plan mode, implementation plan, plan before coding |
|
|
28
|
+
| `simplify-code` | simplify code, clean up code, refactor for clarity, reduce complexity |
|
|
29
|
+
| `requesting-code-review` | request code review, code review protocol, review this PR |
|
|
30
|
+
| `spike` | technical spike, time-boxed spike, explore this problem |
|
|
31
|
+
| `subagent-driven-development` | subagent driven development, delegate to subagent, multi-agent implementation |
|
|
32
|
+
| `code-wiki` | code wiki, document codebase, knowledge wiki, explain codebase |
|
|
33
|
+
|
|
34
|
+
### DevOps & Orchestration
|
|
35
|
+
| Skill | Triggers |
|
|
36
|
+
|---|---|
|
|
37
|
+
| `kanban-orchestrator` | kanban orchestrator, multi-agent kanban, decompose and route, orchestrate tasks |
|
|
38
|
+
| `kanban-worker` | kanban worker, pick up kanban task, complete kanban card |
|
|
39
|
+
|
|
40
|
+
### GitHub Workflows
|
|
41
|
+
| Skill | Triggers |
|
|
42
|
+
|---|---|
|
|
43
|
+
| `github-code-review` | github code review, review PR, pull request review workflow |
|
|
44
|
+
| `github-pr-workflow` | github pr workflow, pull request lifecycle, open PR, merge PR |
|
|
45
|
+
| `github-issues` | github issues, create issue, manage issues, issue triage |
|
|
46
|
+
| `codebase-inspection` | codebase inspection, explore codebase, understand repository |
|
|
47
|
+
|
|
48
|
+
### Research & Intelligence
|
|
49
|
+
| Skill | Triggers |
|
|
50
|
+
|---|---|
|
|
51
|
+
| `research-paper-writing` | research paper, academic paper, write paper, arxiv paper |
|
|
52
|
+
| `arxiv` | arxiv search, find papers, search arxiv, academic literature |
|
|
53
|
+
| `osint-investigation` | OSINT investigation, public records research, entity investigation |
|
|
54
|
+
| `domain-intel` | domain intelligence, investigate domain, domain research |
|
|
55
|
+
| `duckduckgo-search` | duckduckgo search, DDG search, web search |
|
|
56
|
+
| `scrapling` | scrape website, web scraping, extract web content |
|
|
57
|
+
| `blogwatcher` | monitor blog, watch blog, track blog updates |
|
|
58
|
+
|
|
59
|
+
### Creative
|
|
60
|
+
| Skill | Triggers |
|
|
61
|
+
|---|---|
|
|
62
|
+
| `concept-diagrams` | concept diagram, educational diagram, SVG diagram, visual explanation |
|
|
63
|
+
| `creative-ideation` | creative ideation, brainstorm ideas, creative ideas, generate concepts |
|
|
64
|
+
| `pixel-art` | pixel art, create pixel art, sprite design |
|
|
65
|
+
| `meme-generation` | meme generation, create meme, generate meme |
|
|
66
|
+
|
|
67
|
+
### Security
|
|
68
|
+
| Skill | Triggers |
|
|
69
|
+
|---|---|
|
|
70
|
+
| `web-pentest` | web penetration test, pentest this app, security test web app, OWASP test |
|
|
71
|
+
| `oss-forensics` | OSS forensics, open source forensics, supply chain audit |
|
|
72
|
+
| `sherlock` | sherlock, username investigation, find accounts, OSINT username |
|
|
73
|
+
|
|
74
|
+
### Data & Tooling
|
|
75
|
+
| Skill | Triggers |
|
|
76
|
+
|---|---|
|
|
77
|
+
| `jupyter-live-kernel` | jupyter kernel, live jupyter, interactive notebook |
|
|
78
|
+
| `obsidian` | obsidian notes, obsidian vault, obsidian workflow |
|
|
79
|
+
|
|
80
|
+
---
|
|
81
|
+
|
|
82
|
+
## Extended Tier Skills (`.agent/skills/`, explicit activation)
|
|
83
|
+
|
|
84
|
+
### Software Development
|
|
85
|
+
`node-inspect-debugger` · `python-debugpy` · `skill-authoring` · `rest-graphql-debug`
|
|
86
|
+
|
|
87
|
+
### GitHub
|
|
88
|
+
`github-auth` · `github-repo-management`
|
|
89
|
+
|
|
90
|
+
### DevOps
|
|
91
|
+
`docker-management` · `devops-cli` · `devops-watchers` · `pinggy-tunnel` · `s6-container-supervision`
|
|
92
|
+
|
|
93
|
+
### Research
|
|
94
|
+
`llm-wiki` · `polymarket` · `parallel-cli`
|
|
95
|
+
|
|
96
|
+
### Security
|
|
97
|
+
`godmode` · `1password-skill`
|
|
98
|
+
|
|
99
|
+
### Creative
|
|
100
|
+
`hyperframes` · `article-illustrator` · `comic-creator` · `video-orchestrator`
|
|
101
|
+
|
|
102
|
+
---
|
|
103
|
+
|
|
104
|
+
## Usage examples
|
|
105
|
+
|
|
106
|
+
```
|
|
107
|
+
"Debug this null pointer — use systematic debugging"
|
|
108
|
+
→ Engine tier: systematic-debugging activates automatically
|
|
109
|
+
|
|
110
|
+
"I want to do TDD on this new auth module"
|
|
111
|
+
→ Engine tier: test-driven-development activates automatically
|
|
112
|
+
|
|
113
|
+
"Use the docker-management skill to set up my containers"
|
|
114
|
+
→ Extended tier: explicit invocation of docker-management
|
|
115
|
+
|
|
116
|
+
"Run an OSINT investigation on this company"
|
|
117
|
+
→ Engine tier: osint-investigation activates automatically
|
|
118
|
+
```
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "4-phase root cause debugging — understand the bug completely before attempting any fix."
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# MindForge — Systematic Debug Command
|
|
6
|
+
# Usage: /mindforge:systematic-debug [problem description]
|
|
7
|
+
|
|
8
|
+
Activates the systematic debugging skill. The iron law: **NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST**. Symptom fixes are failure.
|
|
9
|
+
|
|
10
|
+
## Activation
|
|
11
|
+
|
|
12
|
+
Load `.mindforge/skills/systematic-debugging/SKILL.md` immediately.
|
|
13
|
+
Follow its 4-phase protocol for the full duration of this session.
|
|
14
|
+
|
|
15
|
+
## Phase 1 — Understand the Bug
|
|
16
|
+
|
|
17
|
+
Before touching any code:
|
|
18
|
+
|
|
19
|
+
1. **Reproduce it.** Can you reproduce it in a minimal, isolated environment?
|
|
20
|
+
- If no: document what you tried. Ask the user for more context. Do not guess.
|
|
21
|
+
- If yes: record the exact reproduction steps.
|
|
22
|
+
|
|
23
|
+
2. **Read the error completely.** Stack trace, logs, error message — read every line.
|
|
24
|
+
|
|
25
|
+
3. **Identify the invariant.** What assumption is being violated? What should be true that isn't?
|
|
26
|
+
|
|
27
|
+
4. **Map the control flow.** Trace the path from input to failure point.
|
|
28
|
+
|
|
29
|
+
**Output of Phase 1:** A written statement of the root cause hypothesis with evidence.
|
|
30
|
+
|
|
31
|
+
## Phase 2 — Isolate the Root Cause
|
|
32
|
+
|
|
33
|
+
1. Write a failing test that exercises exactly the broken invariant.
|
|
34
|
+
2. Confirm the test fails for the right reason (not just any reason).
|
|
35
|
+
3. Narrow scope: is the bug in this file? This function? This line?
|
|
36
|
+
4. Check: is this a regression? Run `git log --oneline -20` on affected files.
|
|
37
|
+
|
|
38
|
+
**Gate:** Do not proceed to Phase 3 without a failing test that proves the bug.
|
|
39
|
+
|
|
40
|
+
## Phase 3 — Fix
|
|
41
|
+
|
|
42
|
+
1. Apply the minimal fix that restores the invariant.
|
|
43
|
+
2. Do not fix adjacent issues or refactor — single responsibility per fix.
|
|
44
|
+
3. Run the failing test — it must now pass.
|
|
45
|
+
4. Run the full test suite — zero new failures allowed.
|
|
46
|
+
|
|
47
|
+
## Phase 4 — Verify and Document
|
|
48
|
+
|
|
49
|
+
1. Confirm the original reproduction steps no longer trigger the bug.
|
|
50
|
+
2. Write a one-paragraph RCA summary: what was broken, why, how it was fixed.
|
|
51
|
+
3. Commit with a message that explains the root cause, not the symptom.
|
|
52
|
+
|
|
53
|
+
## When you cannot find the root cause
|
|
54
|
+
|
|
55
|
+
- Add logging/instrumentation at the point of failure.
|
|
56
|
+
- Form 2–3 competing hypotheses and test each independently.
|
|
57
|
+
- Document what you ruled out — negative evidence is evidence.
|
|
58
|
+
- Ask the user for additional context before guessing.
|
|
59
|
+
|
|
60
|
+
Do not apply a fix that "might work." Every fix requires a root cause explanation.
|
package/.mindforge/config.json
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
{
|
|
2
|
-
"version": "11.
|
|
2
|
+
"version": "11.6.0",
|
|
3
3
|
"environment": "development",
|
|
4
4
|
"governance": {
|
|
5
5
|
"drift_threshold": 0.75,
|
|
6
6
|
"critical_drift_threshold": 0.5,
|
|
7
7
|
"res_threshold": 0.8,
|
|
8
|
-
"active_did": "did:mindforge:
|
|
8
|
+
"active_did": "did:mindforge:9c7c1685-aa97-4317-974c-d782fb64005c"
|
|
9
9
|
},
|
|
10
10
|
"revops": {
|
|
11
11
|
"market_registry": {
|