mindforge-cc 11.5.1 → 11.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (214) hide show
  1. package/.agent/mindforge/skill-tdd.md +53 -0
  2. package/.agent/mindforge/skills-index.md +118 -0
  3. package/.agent/mindforge/systematic-debug.md +60 -0
  4. package/.agent/mindforge/wf-catalog.md +37 -0
  5. package/.agent/mindforge/wf-code-audit.md +31 -0
  6. package/.agent/mindforge/wf-competitive-analysis.md +31 -0
  7. package/.agent/mindforge/wf-deep-research.md +32 -0
  8. package/.agent/mindforge/wf-feature-planner.md +31 -0
  9. package/.agent/mindforge/wf-incident-response.md +31 -0
  10. package/.agent/mindforge/wf-onboard-codebase.md +31 -0
  11. package/.agent/mindforge/wf-perf-optimize.md +31 -0
  12. package/.agent/mindforge/wf-pr-review.md +31 -0
  13. package/.agent/mindforge/wf-refactor-plan.md +31 -0
  14. package/.agent/mindforge/wf-release-prep.md +31 -0
  15. package/.agent/mindforge/wf-tdd-sprint.md +31 -0
  16. package/.agent/mindforge/wf-tech-evaluation.md +31 -0
  17. package/.agent/skills/1password-skill/SKILL.md +156 -0
  18. package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
  19. package/.agent/skills/1password-skill/references/get-started.md +21 -0
  20. package/.agent/skills/article-illustrator/SKILL.md +199 -0
  21. package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
  22. package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
  23. package/.agent/skills/article-illustrator/references/styles.md +224 -0
  24. package/.agent/skills/article-illustrator/references/usage.md +50 -0
  25. package/.agent/skills/article-illustrator/references/workflow.md +332 -0
  26. package/.agent/skills/arxiv/SKILL.md +275 -0
  27. package/.agent/skills/blogwatcher/SKILL.md +130 -0
  28. package/.agent/skills/code-wiki/SKILL.md +438 -0
  29. package/.agent/skills/code-wiki/templates/README.md +31 -0
  30. package/.agent/skills/code-wiki/templates/architecture.md +30 -0
  31. package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
  32. package/.agent/skills/code-wiki/templates/module.md +38 -0
  33. package/.agent/skills/codebase-inspection/SKILL.md +109 -0
  34. package/.agent/skills/comic-creator/SKILL.md +240 -0
  35. package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
  36. package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
  37. package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
  38. package/.agent/skills/comic-creator/references/character-template.md +180 -0
  39. package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
  40. package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
  41. package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
  42. package/.agent/skills/comic-creator/references/workflow.md +401 -0
  43. package/.agent/skills/concept-diagrams/SKILL.md +355 -0
  44. package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
  45. package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
  46. package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
  47. package/.agent/skills/creative-ideation/SKILL.md +144 -0
  48. package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
  49. package/.agent/skills/devops-cli/SKILL.md +149 -0
  50. package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
  51. package/.agent/skills/devops-cli/references/authentication.md +59 -0
  52. package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
  53. package/.agent/skills/devops-cli/references/running-apps.md +171 -0
  54. package/.agent/skills/devops-watchers/SKILL.md +103 -0
  55. package/.agent/skills/docker-management/SKILL.md +273 -0
  56. package/.agent/skills/domain-intel/SKILL.md +96 -0
  57. package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
  58. package/.agent/skills/github-auth/SKILL.md +240 -0
  59. package/.agent/skills/github-code-review/SKILL.md +474 -0
  60. package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
  61. package/.agent/skills/github-issues/SKILL.md +363 -0
  62. package/.agent/skills/github-issues/templates/bug-report.md +35 -0
  63. package/.agent/skills/github-issues/templates/feature-request.md +31 -0
  64. package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
  65. package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
  66. package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
  67. package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
  68. package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
  69. package/.agent/skills/github-repo-management/SKILL.md +509 -0
  70. package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
  71. package/.agent/skills/godmode/SKILL.md +396 -0
  72. package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
  73. package/.agent/skills/godmode/references/refusal-detection.md +142 -0
  74. package/.agent/skills/hyperframes/SKILL.md +182 -0
  75. package/.agent/skills/hyperframes/references/cli.md +185 -0
  76. package/.agent/skills/hyperframes/references/composition.md +129 -0
  77. package/.agent/skills/hyperframes/references/features.md +289 -0
  78. package/.agent/skills/hyperframes/references/gsap.md +136 -0
  79. package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
  80. package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
  81. package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
  82. package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
  83. package/.agent/skills/kanban-worker/SKILL.md +188 -0
  84. package/.agent/skills/llm-wiki/SKILL.md +499 -0
  85. package/.agent/skills/meme-generation/SKILL.md +122 -0
  86. package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
  87. package/.agent/skills/obsidian/SKILL.md +60 -0
  88. package/.agent/skills/osint-investigation/SKILL.md +269 -0
  89. package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
  90. package/.agent/skills/oss-forensics/SKILL.md +422 -0
  91. package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
  92. package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
  93. package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
  94. package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
  95. package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
  96. package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
  97. package/.agent/skills/parallel-cli/SKILL.md +384 -0
  98. package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
  99. package/.agent/skills/pixel-art/SKILL.md +209 -0
  100. package/.agent/skills/pixel-art/references/palettes.md +49 -0
  101. package/.agent/skills/plan/SKILL.md +331 -0
  102. package/.agent/skills/polymarket/SKILL.md +75 -0
  103. package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
  104. package/.agent/skills/python-debugpy/SKILL.md +368 -0
  105. package/.agent/skills/requesting-code-review/SKILL.md +273 -0
  106. package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
  107. package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
  108. package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
  109. package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
  110. package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
  111. package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
  112. package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
  113. package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
  114. package/.agent/skills/research-paper-writing/references/sources.md +191 -0
  115. package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
  116. package/.agent/skills/research-paper-writing/templates/README.md +251 -0
  117. package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
  118. package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
  119. package/.agent/skills/scrapling/SKILL.md +328 -0
  120. package/.agent/skills/sherlock/SKILL.md +186 -0
  121. package/.agent/skills/simplify-code/SKILL.md +168 -0
  122. package/.agent/skills/skill-authoring/SKILL.md +158 -0
  123. package/.agent/skills/spike/SKILL.md +190 -0
  124. package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
  125. package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
  126. package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
  127. package/.agent/skills/systematic-debugging/SKILL.md +360 -0
  128. package/.agent/skills/test-driven-development/SKILL.md +336 -0
  129. package/.agent/skills/video-orchestrator/SKILL.md +194 -0
  130. package/.agent/skills/video-orchestrator/references/examples.md +227 -0
  131. package/.agent/skills/video-orchestrator/references/intake.md +166 -0
  132. package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
  133. package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
  134. package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
  135. package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
  136. package/.agent/skills/web-pentest/SKILL.md +332 -0
  137. package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
  138. package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
  139. package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
  140. package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
  141. package/.agent/skills/web-pentest/templates/authorization.md +69 -0
  142. package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
  143. package/.claude/commands/mindforge/skill-tdd.md +53 -0
  144. package/.claude/commands/mindforge/skills-index.md +118 -0
  145. package/.claude/commands/mindforge/systematic-debug.md +60 -0
  146. package/.claude/commands/mindforge/wf-catalog.md +37 -0
  147. package/.claude/commands/mindforge/wf-code-audit.md +31 -0
  148. package/.claude/commands/mindforge/wf-competitive-analysis.md +31 -0
  149. package/.claude/commands/mindforge/wf-deep-research.md +32 -0
  150. package/.claude/commands/mindforge/wf-feature-planner.md +31 -0
  151. package/.claude/commands/mindforge/wf-incident-response.md +31 -0
  152. package/.claude/commands/mindforge/wf-onboard-codebase.md +31 -0
  153. package/.claude/commands/mindforge/wf-perf-optimize.md +31 -0
  154. package/.claude/commands/mindforge/wf-pr-review.md +31 -0
  155. package/.claude/commands/mindforge/wf-refactor-plan.md +31 -0
  156. package/.claude/commands/mindforge/wf-release-prep.md +31 -0
  157. package/.claude/commands/mindforge/wf-tdd-sprint.md +31 -0
  158. package/.claude/commands/mindforge/wf-tech-evaluation.md +31 -0
  159. package/.mindforge/config.json +2 -2
  160. package/.mindforge/dynamic-workflows/REGISTRY.md +65 -0
  161. package/.mindforge/dynamic-workflows/index.json +171 -0
  162. package/.mindforge/dynamic-workflows/scripts/code-audit.js +103 -0
  163. package/.mindforge/dynamic-workflows/scripts/competitive-analysis.js +85 -0
  164. package/.mindforge/dynamic-workflows/scripts/deep-research.js +151 -0
  165. package/.mindforge/dynamic-workflows/scripts/feature-planner.js +104 -0
  166. package/.mindforge/dynamic-workflows/scripts/incident-response.js +106 -0
  167. package/.mindforge/dynamic-workflows/scripts/onboard-codebase.js +102 -0
  168. package/.mindforge/dynamic-workflows/scripts/perf-optimize.js +128 -0
  169. package/.mindforge/dynamic-workflows/scripts/pr-review.js +87 -0
  170. package/.mindforge/dynamic-workflows/scripts/refactor-plan.js +121 -0
  171. package/.mindforge/dynamic-workflows/scripts/release-prep.js +102 -0
  172. package/.mindforge/dynamic-workflows/scripts/tdd-sprint.js +103 -0
  173. package/.mindforge/dynamic-workflows/scripts/tech-evaluation.js +72 -0
  174. package/.mindforge/memory/sync-manifest.json +1 -1
  175. package/.mindforge/skills/arxiv/SKILL.md +294 -0
  176. package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
  177. package/.mindforge/skills/code-wiki/SKILL.md +457 -0
  178. package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
  179. package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
  180. package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
  181. package/.mindforge/skills/domain-intel/SKILL.md +116 -0
  182. package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
  183. package/.mindforge/skills/github-code-review/SKILL.md +493 -0
  184. package/.mindforge/skills/github-issues/SKILL.md +382 -0
  185. package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
  186. package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
  187. package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
  188. package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
  189. package/.mindforge/skills/meme-generation/SKILL.md +141 -0
  190. package/.mindforge/skills/obsidian/SKILL.md +80 -0
  191. package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
  192. package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
  193. package/.mindforge/skills/pixel-art/SKILL.md +228 -0
  194. package/.mindforge/skills/plan/SKILL.md +350 -0
  195. package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
  196. package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
  197. package/.mindforge/skills/scrapling/SKILL.md +345 -0
  198. package/.mindforge/skills/sherlock/SKILL.md +203 -0
  199. package/.mindforge/skills/simplify-code/SKILL.md +187 -0
  200. package/.mindforge/skills/spike/SKILL.md +209 -0
  201. package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
  202. package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
  203. package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
  204. package/.mindforge/skills/web-pentest/SKILL.md +327 -0
  205. package/CHANGELOG.md +71 -0
  206. package/MINDFORGE.md +2 -2
  207. package/README.md +72 -3
  208. package/RELEASENOTES.md +109 -0
  209. package/bin/installer-core.js +6 -2
  210. package/bin/mindforge-cli.js +7 -0
  211. package/bin/workflows/workflow-runner.js +110 -0
  212. package/docs/commands-reference.md +25 -0
  213. package/docs/getting-started.md +42 -5
  214. package/package.json +2 -1
@@ -0,0 +1,178 @@
1
+ # Penetration Test Report
2
+
3
+ **Target:** <name + URL>
4
+ **Engagement ID:** <slug>
5
+ **Engagement window:** <start> – <end>
6
+ **Operator:** <name>
7
+ **Tester:**
8
+ **Report generated:** <ISO 8601 timestamp>
9
+
10
+ ---
11
+
12
+ ## Executive Summary
13
+
14
+ <2-4 paragraph plain-language summary. Focus on:
15
+ - What was tested
16
+ - What was found (count by severity)
17
+ - Most critical finding in one sentence
18
+ - High-level remediation recommendation>
19
+
20
+ | Severity | Count |
21
+ |----------|-------|
22
+ | Critical | 0 |
23
+ | High | 0 |
24
+ | Medium | 0 |
25
+ | Low | 0 |
26
+ | Info | 0 |
27
+
28
+ ---
29
+
30
+ ## Engagement Scope
31
+
32
+ In-scope targets (from `engagement/scope.txt`):
33
+
34
+ - <host or CIDR>
35
+
36
+ Out of scope: see `engagement/authorization.md`.
37
+
38
+ Authorization basis: see `engagement/authorization.md`.
39
+
40
+ ## Methodology
41
+
42
+ Approach was based on the `web-pentest` skill (a
43
+ adaptation of the OWASP Testing Guide with elements of Shannon's
44
+ proof-based methodology). Phases performed:
45
+
46
+ - [ ] Pre-recon (source code review)
47
+ - [ ] Recon (live, read-only)
48
+ - [ ] Vulnerability analysis (one queue per OWASP class)
49
+ - [ ] Exploitation (proof-based)
50
+ - [ ] Reporting
51
+
52
+ Tools used: <nmap, whatweb, curl, browser tool, ...>.
53
+
54
+ ## Findings (L3/L4 — Verified Exploitable)
55
+
56
+ > Every finding in this section has a reproducible proof-of-concept.
57
+ > L1/L2 candidates that were not promoted to confirmed exploitation
58
+ > are listed in the "Not Exploited" section.
59
+
60
+ ### F-001: <Title>
61
+
62
+ - **Severity:** Critical | High | Medium | Low
63
+ - **CVSS 3.1 vector:** `CVSS:3.1/AV:N/AC:L/...`
64
+ - **CVSS 3.1 base score:** N.N
65
+ - **CWE:** CWE-XX
66
+ - **Affected endpoint(s):** `GET https://target.example/api/...`
67
+ - **Affected parameter(s):** `id`
68
+ - **Discovered:** <date>
69
+
70
+ #### Description
71
+
72
+ <What is the bug, in plain language.>
73
+
74
+ #### Proof
75
+
76
+ Request:
77
+
78
+ ```http
79
+ GET /api/items?id=1%27%20OR%201=1-- HTTP/1.1
80
+ Host: target.example
81
+ Cookie: session=...
82
+ ```
83
+
84
+ Response (excerpt):
85
+
86
+ ```http
87
+ HTTP/1.1 200 OK
88
+ Content-Type: application/json
89
+
90
+ [{"id":1,...}, {"id":2,...}, ... <full table dumped>]
91
+ ```
92
+
93
+ #### Reproduction
94
+
95
+ ```bash
96
+ curl -sS 'https://target.example/api/items?id=1%27%20OR%201=1--' \
97
+ -H 'Cookie: session=YOUR_TEST_SESSION'
98
+ ```
99
+
100
+ #### Impact
101
+
102
+ <What an attacker gains. Be specific. "Could allow data extraction" is
103
+ worse than "Allowed extraction of all 4 columns from the `users` table
104
+ in our test (PoC redacted PII), and the same query shape applies to
105
+ any other parameter using the same code path.">
106
+
107
+ #### Remediation
108
+
109
+ <Specific, actionable. "Use parameterized queries" is better than
110
+ "sanitize inputs." Include code example if possible.>
111
+
112
+ #### Verification (post-fix)
113
+
114
+ To verify the fix, re-run the reproduction command. The response
115
+ should be HTTP 400, an empty result, or a result containing only the
116
+ record matching `id=1` literally.
117
+
118
+ ---
119
+
120
+ (repeat per finding)
121
+
122
+ ---
123
+
124
+ ## Not Exploited (L1/L2 candidates)
125
+
126
+ Candidates that pattern-matched but were not promoted to L3 within
127
+ the engagement window. Listed for completeness; do NOT report these
128
+ as confirmed vulnerabilities.
129
+
130
+ | ID | Class | Endpoint | Status | Why not promoted |
131
+ |----|-------|----------|--------|------------------|
132
+ | INJ-002 | SQLi | `/api/search?q=` | L2 partial | Bypass set exhausted; appears to use parameterized binding |
133
+ | XSS-003 | reflected | `/error?msg=` | L1 identified | Could not produce executable context — output is JSON-encoded |
134
+
135
+ ---
136
+
137
+ ## Out-of-Scope Observations
138
+
139
+ (Findings or hints noticed but NOT tested because they were outside
140
+ scope. These are documentation, not findings. The operator decides
141
+ whether to extend scope and re-test.)
142
+
143
+ - The application sends to `https://third-party.example/...` — payload
144
+ could trigger third-party-side bugs but third party is out of scope.
145
+
146
+ ---
147
+
148
+ ## Limitations
149
+
150
+ What was NOT tested, and why:
151
+
152
+ - <Class of test>: <reason>
153
+
154
+ Examples:
155
+ - DDoS / stress testing — explicitly excluded by engagement scope.
156
+ - Authenticated business-logic flows requiring billing — no test
157
+ credit card available.
158
+ - Mobile API surfaces — out of scope.
159
+
160
+ ---
161
+
162
+ ## Appendices
163
+
164
+ - A: `engagement/authorization.md` — authorization on file
165
+ - B: `engagement/scope.txt` — machine-readable scope
166
+ - C: `engagement/request-log.jsonl` — every active request issued
167
+ - D: `findings/*-queue.json` — per-class candidate queues
168
+ - E: `evidence/` — raw captures (request/response pairs)
169
+
170
+ ---
171
+
172
+ ## Disclaimer
173
+
174
+ This report describes vulnerabilities discovered during a
175
+ time-bounded penetration test against the listed targets within the
176
+ listed scope. Absence of a finding in this report does not imply the
177
+ target is secure; only that no exploitable issue was found in scope
178
+ X within time T using methods Y.
@@ -0,0 +1,53 @@
1
+ ---
2
+ description: "Test-Driven Development — RED-GREEN-REFACTOR discipline. Write the failing test first, always."
3
+ ---
4
+
5
+ # MindForge — TDD Skill Command
6
+ # Usage: /mindforge:skill-tdd [feature or bug to implement]
7
+
8
+ Activates the test-driven development skill. The core rule: **if you didn't watch the test fail, you don't know if it tests the right thing.**
9
+
10
+ ## Activation
11
+
12
+ Load `.mindforge/skills/test-driven-development/SKILL.md` immediately.
13
+ Follow its RED-GREEN-REFACTOR cycle strictly for the full duration of this session.
14
+
15
+ ## The Cycle (non-negotiable)
16
+
17
+ ### RED — Write a failing test
18
+ 1. Identify the smallest next behavior to implement.
19
+ 2. Write one test that asserts that behavior.
20
+ 3. Run it — confirm it FAILS for the right reason (not a syntax error, not a missing import — the actual assertion fails).
21
+ 4. Do not proceed until the test fails correctly.
22
+
23
+ ### GREEN — Write minimal code to pass
24
+ 1. Write the simplest code that makes the test pass.
25
+ 2. No gold-plating, no extra features. Minimum viable.
26
+ 3. Run the test — it must pass.
27
+ 4. Run the full suite — no regressions.
28
+
29
+ ### REFACTOR — Clean up
30
+ 1. Improve code structure, naming, and clarity.
31
+ 2. Remove duplication.
32
+ 3. Tests stay green throughout — run after every change.
33
+
34
+ ## Mandatory gates
35
+
36
+ - **Never write code without a failing test.** Not for "obvious" cases, not for "quick" fixes, not for "trivial" implementations.
37
+ - **One cycle at a time.** Complete RED-GREEN-REFACTOR before starting the next behavior.
38
+ - **A passing test suite is always the starting state.** If tests are red when you begin, fix them first.
39
+
40
+ ## When the user asks for a feature
41
+
42
+ 1. Decompose into the smallest testable behavior.
43
+ 2. Start with the first RED step before writing any implementation.
44
+ 3. Repeat the cycle for each behavior.
45
+
46
+ ## When the user asks for a bug fix
47
+
48
+ 1. Write a failing test that reproduces the bug (this is your RED step).
49
+ 2. Confirm it fails.
50
+ 3. Fix the code (GREEN).
51
+ 4. Refactor if needed.
52
+
53
+ The bug test becomes the regression guard — it must remain in the suite permanently.
@@ -0,0 +1,118 @@
1
+ ---
2
+ description: "Browse all available skills by category — discover and activate any skill by name."
3
+ ---
4
+
5
+ # MindForge — Skills Index
6
+ # Usage: /mindforge:skills-index [optional: category or keyword filter]
7
+
8
+ Lists all skills available in this MindForge installation. Skills in the **Engine** tier activate automatically via trigger-matching. Skills in the **Extended** tier require explicit invocation.
9
+
10
+ ---
11
+
12
+ ## How to activate a skill
13
+
14
+ **Engine tier** (auto-triggers from `.mindforge/skills/`): Just describe the task — the skill-loader matches your request against each skill's `triggers:` field and loads the relevant skill automatically.
15
+
16
+ **Extended tier** (explicit from `.agent/skills/`): Ask Claude to "use the [skill-name] skill" or invoke it by name.
17
+
18
+ ---
19
+
20
+ ## Engine Tier Skills (auto-triggered)
21
+
22
+ ### Software Development
23
+ | Skill | Triggers |
24
+ |---|---|
25
+ | `systematic-debugging` | systematic debugging, root cause analysis, debug methodology, 4-phase debug |
26
+ | `test-driven-development` | TDD, red green refactor, write test first, test before code |
27
+ | `plan` | write a plan, plan mode, implementation plan, plan before coding |
28
+ | `simplify-code` | simplify code, clean up code, refactor for clarity, reduce complexity |
29
+ | `requesting-code-review` | request code review, code review protocol, review this PR |
30
+ | `spike` | technical spike, time-boxed spike, explore this problem |
31
+ | `subagent-driven-development` | subagent driven development, delegate to subagent, multi-agent implementation |
32
+ | `code-wiki` | code wiki, document codebase, knowledge wiki, explain codebase |
33
+
34
+ ### DevOps & Orchestration
35
+ | Skill | Triggers |
36
+ |---|---|
37
+ | `kanban-orchestrator` | kanban orchestrator, multi-agent kanban, decompose and route, orchestrate tasks |
38
+ | `kanban-worker` | kanban worker, pick up kanban task, complete kanban card |
39
+
40
+ ### GitHub Workflows
41
+ | Skill | Triggers |
42
+ |---|---|
43
+ | `github-code-review` | github code review, review PR, pull request review workflow |
44
+ | `github-pr-workflow` | github pr workflow, pull request lifecycle, open PR, merge PR |
45
+ | `github-issues` | github issues, create issue, manage issues, issue triage |
46
+ | `codebase-inspection` | codebase inspection, explore codebase, understand repository |
47
+
48
+ ### Research & Intelligence
49
+ | Skill | Triggers |
50
+ |---|---|
51
+ | `research-paper-writing` | research paper, academic paper, write paper, arxiv paper |
52
+ | `arxiv` | arxiv search, find papers, search arxiv, academic literature |
53
+ | `osint-investigation` | OSINT investigation, public records research, entity investigation |
54
+ | `domain-intel` | domain intelligence, investigate domain, domain research |
55
+ | `duckduckgo-search` | duckduckgo search, DDG search, web search |
56
+ | `scrapling` | scrape website, web scraping, extract web content |
57
+ | `blogwatcher` | monitor blog, watch blog, track blog updates |
58
+
59
+ ### Creative
60
+ | Skill | Triggers |
61
+ |---|---|
62
+ | `concept-diagrams` | concept diagram, educational diagram, SVG diagram, visual explanation |
63
+ | `creative-ideation` | creative ideation, brainstorm ideas, creative ideas, generate concepts |
64
+ | `pixel-art` | pixel art, create pixel art, sprite design |
65
+ | `meme-generation` | meme generation, create meme, generate meme |
66
+
67
+ ### Security
68
+ | Skill | Triggers |
69
+ |---|---|
70
+ | `web-pentest` | web penetration test, pentest this app, security test web app, OWASP test |
71
+ | `oss-forensics` | OSS forensics, open source forensics, supply chain audit |
72
+ | `sherlock` | sherlock, username investigation, find accounts, OSINT username |
73
+
74
+ ### Data & Tooling
75
+ | Skill | Triggers |
76
+ |---|---|
77
+ | `jupyter-live-kernel` | jupyter kernel, live jupyter, interactive notebook |
78
+ | `obsidian` | obsidian notes, obsidian vault, obsidian workflow |
79
+
80
+ ---
81
+
82
+ ## Extended Tier Skills (`.agent/skills/`, explicit activation)
83
+
84
+ ### Software Development
85
+ `node-inspect-debugger` · `python-debugpy` · `skill-authoring` · `rest-graphql-debug`
86
+
87
+ ### GitHub
88
+ `github-auth` · `github-repo-management`
89
+
90
+ ### DevOps
91
+ `docker-management` · `devops-cli` · `devops-watchers` · `pinggy-tunnel` · `s6-container-supervision`
92
+
93
+ ### Research
94
+ `llm-wiki` · `polymarket` · `parallel-cli`
95
+
96
+ ### Security
97
+ `godmode` · `1password-skill`
98
+
99
+ ### Creative
100
+ `hyperframes` · `article-illustrator` · `comic-creator` · `video-orchestrator`
101
+
102
+ ---
103
+
104
+ ## Usage examples
105
+
106
+ ```
107
+ "Debug this null pointer — use systematic debugging"
108
+ → Engine tier: systematic-debugging activates automatically
109
+
110
+ "I want to do TDD on this new auth module"
111
+ → Engine tier: test-driven-development activates automatically
112
+
113
+ "Use the docker-management skill to set up my containers"
114
+ → Extended tier: explicit invocation of docker-management
115
+
116
+ "Run an OSINT investigation on this company"
117
+ → Engine tier: osint-investigation activates automatically
118
+ ```
@@ -0,0 +1,60 @@
1
+ ---
2
+ description: "4-phase root cause debugging — understand the bug completely before attempting any fix."
3
+ ---
4
+
5
+ # MindForge — Systematic Debug Command
6
+ # Usage: /mindforge:systematic-debug [problem description]
7
+
8
+ Activates the systematic debugging skill. The iron law: **NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST**. Symptom fixes are failure.
9
+
10
+ ## Activation
11
+
12
+ Load `.mindforge/skills/systematic-debugging/SKILL.md` immediately.
13
+ Follow its 4-phase protocol for the full duration of this session.
14
+
15
+ ## Phase 1 — Understand the Bug
16
+
17
+ Before touching any code:
18
+
19
+ 1. **Reproduce it.** Can you reproduce it in a minimal, isolated environment?
20
+ - If no: document what you tried. Ask the user for more context. Do not guess.
21
+ - If yes: record the exact reproduction steps.
22
+
23
+ 2. **Read the error completely.** Stack trace, logs, error message — read every line.
24
+
25
+ 3. **Identify the invariant.** What assumption is being violated? What should be true that isn't?
26
+
27
+ 4. **Map the control flow.** Trace the path from input to failure point.
28
+
29
+ **Output of Phase 1:** A written statement of the root cause hypothesis with evidence.
30
+
31
+ ## Phase 2 — Isolate the Root Cause
32
+
33
+ 1. Write a failing test that exercises exactly the broken invariant.
34
+ 2. Confirm the test fails for the right reason (not just any reason).
35
+ 3. Narrow scope: is the bug in this file? This function? This line?
36
+ 4. Check: is this a regression? Run `git log --oneline -20` on affected files.
37
+
38
+ **Gate:** Do not proceed to Phase 3 without a failing test that proves the bug.
39
+
40
+ ## Phase 3 — Fix
41
+
42
+ 1. Apply the minimal fix that restores the invariant.
43
+ 2. Do not fix adjacent issues or refactor — single responsibility per fix.
44
+ 3. Run the failing test — it must now pass.
45
+ 4. Run the full test suite — zero new failures allowed.
46
+
47
+ ## Phase 4 — Verify and Document
48
+
49
+ 1. Confirm the original reproduction steps no longer trigger the bug.
50
+ 2. Write a one-paragraph RCA summary: what was broken, why, how it was fixed.
51
+ 3. Commit with a message that explains the root cause, not the symptom.
52
+
53
+ ## When you cannot find the root cause
54
+
55
+ - Add logging/instrumentation at the point of failure.
56
+ - Form 2–3 competing hypotheses and test each independently.
57
+ - Document what you ruled out — negative evidence is evidence.
58
+ - Ask the user for additional context before guessing.
59
+
60
+ Do not apply a fix that "might work." Every fix requires a root cause explanation.
@@ -0,0 +1,37 @@
1
+ ---
2
+ description: "Browse the MindForge dynamic workflow library — 12 pre-built multi-agent workflows"
3
+ ---
4
+ # /mindforge:wf-catalog
5
+
6
+ Browse and discover the MindForge **Dynamic Workflow Library** — 12 pre-built multi-agent workflows that run via Claude Code's Workflow tool.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-catalog` — show all workflows grouped by tier
10
+
11
+ ## Tiers
12
+
13
+ **Research** — Fan-out search, adversarial verification, cited synthesis
14
+ - `/mindforge:wf-deep-research` — Multi-source fact-checked research report
15
+ - `/mindforge:wf-competitive-analysis` — SWOT and positioning summary
16
+ - `/mindforge:wf-tech-evaluation` — Scored technology comparison matrix
17
+
18
+ **Dev** — Coding-assistant power workflows
19
+ - `/mindforge:wf-code-audit` — Parallel security + quality + performance audit
20
+ - `/mindforge:wf-feature-planner` — Brief → PRD → architecture → user stories
21
+ - `/mindforge:wf-pr-review` — 4-dimensional parallel PR review
22
+ - `/mindforge:wf-tdd-sprint` — Strict Red-Green-Refactor TDD loop
23
+ - `/mindforge:wf-refactor-plan` — Technical debt scan → safe refactor plan
24
+
25
+ **Ops** — Infrastructure and release workflows
26
+ - `/mindforge:wf-incident-response` — Parallel investigation → RCA → postmortem
27
+ - `/mindforge:wf-release-prep` — Tests → changelog → version bump → PR
28
+
29
+ **Intelligence** — Deep analysis and optimization
30
+ - `/mindforge:wf-onboard-codebase` — Map → domain → architecture → guided tour
31
+ - `/mindforge:wf-perf-optimize` — Profile → bottleneck hunt → prioritized fix plan
32
+
33
+ ## CLI Discovery
34
+ ```bash
35
+ node bin/mindforge-cli.js workflow list
36
+ node bin/mindforge-cli.js workflow info <name>
37
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Parallel security + quality + performance audit with adversarial finding verification"
3
+ ---
4
+ # /mindforge:wf-code-audit
5
+
6
+ Runs the **Code Audit** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-code-audit [path or 'current git diff']`
10
+
11
+ ## What it does
12
+ - **Scope**: Builds file list from git diff, specified path, or entire codebase
13
+ - **Audit**: 3 parallel auditors — OWASP security, code quality, performance patterns
14
+ - **Verify**: Adversarial 2-vote verification for all high/critical severity findings
15
+ - **Report**: Risk-ranked report with remediation steps for each confirmed finding
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/code-audit.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info code-audit
31
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Multi-angle competitive research producing a SWOT and positioning summary"
3
+ ---
4
+ # /mindforge:wf-competitive-analysis
5
+
6
+ Runs the **Competitive Analysis** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-competitive-analysis <product/company/technology>`
10
+
11
+ ## What it does
12
+ - **Scope**: Defines the competitive landscape target
13
+ - **Research**: 5 parallel angles — product features, pricing, reviews, community, roadmap
14
+ - **SWOT**: Synthesizes strengths, weaknesses, opportunities, threats
15
+ - **Position**: Produces strategic positioning and differentiation recommendations
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/competitive-analysis.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info competitive-analysis
31
+ ```
@@ -0,0 +1,32 @@
1
+ ---
2
+ description: "Fan-out web research with adversarial claim verification and cited synthesis"
3
+ ---
4
+ # /mindforge:wf-deep-research
5
+
6
+ Runs the **Deep Research** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-deep-research <your research question>`
10
+
11
+ ## What it does
12
+ - **Scope**: Decomposes your question into 5 independent search angles
13
+ - **Search**: 5 parallel web search agents, one per angle (~30s)
14
+ - **Fetch**: Deduplicates URLs, fetches top 15 sources, extracts falsifiable claims
15
+ - **Verify**: 3-vote adversarial verification per claim — 2/3 refutes kills a claim
16
+ - **Synthesize**: Merges confirmed findings, ranks by confidence, cites all sources
17
+
18
+ ## Running
19
+
20
+ Invoke via Claude Code's Workflow tool:
21
+
22
+ ```
23
+ Workflow({
24
+ scriptPath: ".mindforge/dynamic-workflows/scripts/deep-research.js",
25
+ args: "<your input>"
26
+ })
27
+ ```
28
+
29
+ Or discover via CLI:
30
+ ```bash
31
+ node bin/mindforge-cli.js workflow info deep-research
32
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Sequential pipeline: brief → PRD → architecture → user stories"
3
+ ---
4
+ # /mindforge:wf-feature-planner
5
+
6
+ Runs the **Feature Planner** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-feature-planner <feature description>`
10
+
11
+ ## What it does
12
+ - **Brief**: Clarifies goals, target users, success criteria, and out-of-scope items
13
+ - **PRD**: Generates functional + non-functional requirements with priorities
14
+ - **Architecture**: Designs technical approach, components, data flow, files to create/modify
15
+ - **Stories**: Breaks feature into user stories with Given/When/Then and t-shirt estimates
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/feature-planner.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info feature-planner
31
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Parallel investigation across logs, metrics, traces, and code → mitigation → RCA → postmortem"
3
+ ---
4
+ # /mindforge:wf-incident-response
5
+
6
+ Runs the **Incident Response** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-incident-response <incident description and symptoms>`
10
+
11
+ ## What it does
12
+ - **Alert**: Characterizes severity (P0-P3), affected systems, and initial hypothesis
13
+ - **Investigate**: 4 parallel agents — logs, metrics, distributed traces, recent code changes
14
+ - **Mitigate**: Identifies immediate mitigation steps with risk level and rollback procedures
15
+ - **RCA**: Blameless postmortem with root cause, timeline, action items, lessons learned
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/incident-response.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info incident-response
31
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Map structure → domain analysis → architecture → generate guided tour and onboarding docs"
3
+ ---
4
+ # /mindforge:wf-onboard-codebase
5
+
6
+ Runs the **Onboard Codebase** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-onboard-codebase [repo path or description]`
10
+
11
+ ## What it does
12
+ - **Map**: Discovers languages, frameworks, entry points, and key directory purposes
13
+ - **Domain**: Identifies business domains, core abstractions, and the software's purpose
14
+ - **Architecture**: Maps layers, data flow, key patterns, and developer gotchas
15
+ - **Tour**: Generates a 5-10 step guided tour, conventions guide, and quick-start
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/onboard-codebase.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info onboard-codebase
31
+ ```
@@ -0,0 +1,31 @@
1
+ ---
2
+ description: "Profile → parallel bottleneck hunt across DB/network/CPU/memory → prioritized fix plan"
3
+ ---
4
+ # /mindforge:wf-perf-optimize
5
+
6
+ Runs the **Perf Optimize** dynamic workflow.
7
+
8
+ ## Usage
9
+ `/mindforge:wf-perf-optimize [application or path description]`
10
+
11
+ ## What it does
12
+ - **Profile**: Establishes baseline, identifies slowest paths, forms bottleneck hypothesis
13
+ - **Identify**: 4 parallel agents — DB queries, network, CPU/compute, memory
14
+ - **Plan**: Prioritizes fixes by impact-to-effort ratio with implementation guidance
15
+ - **Benchmark**: Defines before/after benchmark tests and success criteria for each fix
16
+
17
+ ## Running
18
+
19
+ Invoke via Claude Code's Workflow tool:
20
+
21
+ ```
22
+ Workflow({
23
+ scriptPath: ".mindforge/dynamic-workflows/scripts/perf-optimize.js",
24
+ args: "<your input>"
25
+ })
26
+ ```
27
+
28
+ Or discover via CLI:
29
+ ```bash
30
+ node bin/mindforge-cli.js workflow info perf-optimize
31
+ ```