myaidev-method 0.2.24-1 → 0.2.24-2

package/skills/openstack-manager/SKILL.md

@@ -0,0 +1,213 @@
+---
+name: openstack-manager
+description: Manage OpenStack virtual machines and infrastructure
+argument-hint: [action] [--name=vm-name]
+allowed-tools: [Read, Write, Bash, mcp__openstack__*]
+user-invocable: true
+category: infrastructure
+version: 1.0.0
+platforms: [claude-code, gemini-cli, codex-cli]
+---
+
+# OpenStack Manager Skill
+
+Manage OpenStack virtual machines, networks, and infrastructure through the OpenStack API with full MCP integration.
+
+## Capabilities
+
+- Create and manage virtual machines
+- Configure networks and security groups
+- Manage floating IPs
+- Handle volumes and storage
+- Monitor instance status
+- Cloud-init configuration
+
+## Prerequisites
+
+Configure OpenStack credentials:
+
+```bash
+/myai-configure openstack
+```
+
+Or set environment variables:
+```
+OS_AUTH_URL=https://your-openstack.com:5000/v3
+OS_USERNAME=your_username
+OS_PASSWORD=your_password
+OS_PROJECT_NAME=your_project
+OS_REGION_NAME=your_region
+OS_USER_DOMAIN_NAME=Default
+OS_PROJECT_DOMAIN_NAME=Default
+```
+
+## MCP Tools Available
+
+| Tool | Description |
+|------|-------------|
+| `os_session_create` | Create authenticated session |
+| `os_health_check` | Verify connection |
+| `os_server_list` | List instances |
+| `os_server_create` | Create new instance |
+| `os_server_delete` | Delete instance |
+| `os_server_start` | Start instance |
+| `os_server_stop` | Stop instance |
+| `os_server_reboot` | Reboot instance |
+| `os_server_console` | Get console output |
+| `os_floating_ip_create` | Create floating IP |
+| `os_server_add_floating_ip` | Assign floating IP |
+| `os_image_list` | List available images |
+| `os_flavor_list` | List instance sizes |
+| `os_network_list` | List networks |
+| `os_security_group_list` | List security groups |
+| `os_keypair_list` | List SSH keypairs |
+| `os_keypair_create` | Create keypair |
+| `os_volume_list` | List volumes |
+| `os_volume_create` | Create volume |
+| `os_server_add_volume` | Attach volume |
+| `os_cloud_init_info` | Get cloud-init templates |
+| `os_operation_history` | View operation history |
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `list` | List all instances |
+| `create` | Create new instance |
+| `delete` | Delete instance |
+| `start` | Start stopped instance |
+| `stop` | Stop running instance |
+| `reboot` | Reboot instance |
+| `console` | Get console output |
+| `ssh` | Connect via SSH |
+
+## Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `action` | Action to perform | list |
+| `--name` | Instance name | Required for create |
+| `--image` | OS image to use | Ubuntu 22.04 |
+| `--flavor` | Instance size | m1.small |
+| `--network` | Network to attach | default |
+| `--key` | SSH keypair name | default |
+| `--security-group` | Security group | default |
+| `--floating-ip` | Assign floating IP | false |
+| `--cloud-init` | Cloud-init script | none |
+
+## Example Usage
+
+```bash
+# List all instances
+/myaidev-method:openstack list
+
+# Create new instance
+/myaidev-method:openstack create --name=webserver --image="Ubuntu 22.04" --flavor=m1.medium
+
+# Create with floating IP
+/myaidev-method:openstack create --name=api-server --floating-ip
+
+# Start/stop instance
+/myaidev-method:openstack start --name=webserver
+/myaidev-method:openstack stop --name=webserver
+
+# Get console output
+/myaidev-method:openstack console --name=webserver
+
+# Delete instance
+/myaidev-method:openstack delete --name=webserver
+
+# Legacy command
+/myai-openstack
+```
+
+## Cloud-Init Configuration
+
+Create instances with custom initialization:
+
+```yaml
+# cloud-init.yaml
+#cloud-config
+package_update: true
+packages:
+  - nginx
+  - docker.io
+
+runcmd:
+  - systemctl start nginx
+  - systemctl enable docker
+
+users:
+  - name: deploy
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ssh-rsa AAAA...
+```
+
+```bash
+/myaidev-method:openstack create --name=webserver --cloud-init=./cloud-init.yaml
+```
+
+## Instance Output
+
+```markdown
+# Instance Details
+
+## webserver
+- **ID**: abc-123-def
+- **Status**: ACTIVE
+- **IP (Private)**: 192.168.1.100
+- **IP (Floating)**: 203.0.113.50
+- **Image**: Ubuntu 22.04
+- **Flavor**: m1.medium (2 vCPU, 4GB RAM)
+- **Created**: 2025-01-15 10:30:00
+- **Key**: my-keypair
+- **Security Groups**: default, web
+
+## Connection
+```bash
+ssh ubuntu@203.0.113.50
+```
+```
+
+## Common Workflows
+
+### Web Server Setup
+```bash
+# Create instance with nginx
+/myaidev-method:openstack create \
+  --name=webserver \
+  --flavor=m1.medium \
+  --floating-ip \
+  --security-group=web \
+  --cloud-init=./nginx-setup.yaml
+```
+
+### Database Server
+```bash
+# Create with extra volume
+/myaidev-method:openstack create \
+  --name=db-server \
+  --flavor=m1.large \
+  --cloud-init=./postgresql-setup.yaml
+
+# Add data volume
+/myaidev-method:openstack volume create --name=db-data --size=100
+/myaidev-method:openstack volume attach --server=db-server --volume=db-data
+```
+
+## Integration
+
+- Works with deployment workflows
+- Supports infrastructure-as-code patterns
+- Integrates with monitoring systems
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| Auth failed | Check credentials and endpoint URL |
+| Quota exceeded | Request quota increase |
+| Network unavailable | Check network configuration |
+| Image not found | Use `os_image_list` to find available |
+| Flavor not found | Use `os_flavor_list` to find available |

package/skills/security-auditor/SKILL.md

@@ -0,0 +1,180 @@
+---
+name: security-auditor
+description: Security compliance auditing and code security review
+argument-hint: [path] [--standard=owasp]
+allowed-tools: [Read, Glob, Grep, Task, WebSearch]
+user-invocable: true
+category: security
+version: 1.0.0
+platforms: [claude-code, gemini-cli, codex-cli]
+---
+
+# Security Auditor Skill
+
+Perform security compliance audits, code security reviews, and generate compliance reports against industry standards.
+
+## Capabilities
+
+- Code security review
+- Dependency vulnerability scanning
+- Configuration security audit
+- Compliance assessment (OWASP, SOC2, HIPAA, PCI-DSS)
+- Security policy review
+- Infrastructure security assessment
+
+## Compliance Standards
+
+| Standard | Focus |
+|----------|-------|
+| OWASP | Web application security |
+| SOC2 | Service organization controls |
+| HIPAA | Healthcare data protection |
+| PCI-DSS | Payment card security |
+| GDPR | Data protection (EU) |
+| ISO 27001 | Information security management |
+| NIST | Cybersecurity framework |
+
+## Audit Categories
+
+| Category | Checks |
+|----------|--------|
+| **Authentication** | Password policies, MFA, session management |
+| **Authorization** | Access controls, RBAC, least privilege |
+| **Data Protection** | Encryption, PII handling, data retention |
+| **Logging** | Audit trails, monitoring, alerting |
+| **Dependencies** | Known vulnerabilities, outdated packages |
+| **Configuration** | Security headers, TLS, hardening |
+| **Secrets** | Key management, credential storage |
+
+## Process
+
+1. **Scope Definition**
+   - Define audit boundaries
+   - Identify applicable standards
+   - Gather documentation
+
+2. **Evidence Collection**
+   - Code review
+   - Configuration analysis
+   - Documentation review
+   - Dependency scanning
+
+3. **Gap Analysis**
+   - Compare against standard
+   - Identify non-compliance
+   - Assess risk levels
+
+4. **Report Generation**
+   - Document findings
+   - Provide recommendations
+   - Create remediation roadmap
+
+## Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `path` | Path to audit | Required |
+| `--standard` | Compliance standard | owasp |
+| `--scope` | code, config, deps, full | full |
+| `--output` | Report output path | ./audit-reports |
+| `--severity` | Minimum severity to report | low |
+
+## Example Usage
+
+```bash
+# Full OWASP audit
+/myaidev-method:security-auditor ./src --standard=owasp
+
+# Dependency audit only
+/myaidev-method:security-auditor ./ --scope=deps
+
+# SOC2 compliance check
+/myaidev-method:security-auditor ./ --standard=soc2
+
+# Code security review
+/myaidev-method:security-auditor ./src --scope=code
+
+# Legacy command
+/sc:security-report
+```
+
+## Audit Report Format
+
+```markdown
+# Security Audit Report
+
+## Overview
+- **Audit Date**: [Date]
+- **Standard**: [Standard Name]
+- **Scope**: [What was audited]
+- **Overall Compliance**: [X%]
+
+## Compliance Summary
+
+| Control Area | Status | Findings |
+|--------------|--------|----------|
+| Authentication | ⚠️ Partial | 2 findings |
+| Authorization | ✅ Compliant | 0 findings |
+| Data Protection | ❌ Non-compliant | 5 findings |
+
+## Findings
+
+### [OWASP-A01] Broken Access Control
+- **Severity**: High
+- **Status**: Non-compliant
+- **Evidence**: [Location and details]
+- **Recommendation**: [How to fix]
+- **References**: [Standard section]
+
+## Remediation Plan
+
+### Critical (Fix within 7 days)
+1. [Finding and fix]
+
+### High (Fix within 30 days)
+1. [Finding and fix]
+
+### Medium (Fix within 90 days)
+1. [Finding and fix]
+
+## Appendices
+- A: Evidence collected
+- B: Tools used
+- C: Interview notes
+```
+
+## Common Findings
+
+### Code Security
+- Hardcoded credentials
+- SQL injection vulnerabilities
+- XSS vulnerabilities
+- Insecure deserialization
+- Missing input validation
+
+### Configuration
+- Default credentials
+- Unnecessary services
+- Missing security headers
+- Insecure TLS configuration
+- Debug mode enabled
+
+### Dependencies
+- Known CVEs
+- Outdated packages
+- Unmaintained libraries
+- License compliance issues
+
+## Integration
+
+- Works with `/myaidev-method:security-tester` for active testing
+- Complements `/myaidev-method:reviewer` code review
+- Reports can be tracked in issue trackers
+
+## Best Practices
+
+1. **Regular Audits**: Schedule periodic security reviews
+2. **Automation**: Use automated tools to supplement manual review
+3. **Documentation**: Maintain evidence and audit trails
+4. **Follow-up**: Track remediation progress
+5. **Continuous Improvement**: Update policies based on findings

package/skills/security-tester/SKILL.md

@@ -0,0 +1,171 @@
+---
+name: security-tester
+description: Penetration testing and security assessment following PTES methodology
+argument-hint: [target] [--scope=webapp] [--phase=recon]
+allowed-tools: [Read, Write, Edit, Bash, Task, WebSearch, WebFetch]
+user-invocable: true
+category: security
+version: 1.0.0
+platforms: [claude-code, gemini-cli, codex-cli]
+---
+
+# Security Tester Skill
+
+Perform authorized penetration testing and security assessments following the Penetration Testing Execution Standard (PTES) methodology.
+
+## Important Notice
+
+This skill is for **authorized security testing only**. Always ensure you have:
+- Written authorization to test the target
+- Clearly defined scope and rules of engagement
+- Emergency contact information
+- Legal agreements in place
+
+## PTES Methodology
+
+| Phase | Description |
+|-------|-------------|
+| 1. Pre-engagement | Scope, authorization, rules of engagement |
+| 2. Intelligence Gathering | OSINT, reconnaissance, target profiling |
+| 3. Threat Modeling | Identify attack vectors, prioritize targets |
+| 4. Vulnerability Analysis | Identify weaknesses, validate findings |
+| 5. Exploitation | Controlled exploitation, proof of concept |
+| 6. Post-Exploitation | Assess impact, lateral movement |
+| 7. Reporting | Document findings, recommendations |
+
+## Capabilities
+
+- Web application security testing
+- API security assessment
+- Infrastructure scanning
+- OSINT and reconnaissance
+- Vulnerability identification
+- Security report generation
+
+## Test Categories
+
+| Category | Focus Areas |
+|----------|-------------|
+| **Web App** | OWASP Top 10, authentication, authorization |
+| **API** | REST/GraphQL security, rate limiting, auth |
+| **Network** | Port scanning, service enumeration |
+| **Cloud** | Misconfiguration, IAM, exposed resources |
+| **Mobile** | App security, API calls, data storage |
+
+## OWASP Top 10 Coverage
+
+1. Broken Access Control
+2. Cryptographic Failures
+3. Injection
+4. Insecure Design
+5. Security Misconfiguration
+6. Vulnerable Components
+7. Authentication Failures
+8. Software Integrity Failures
+9. Logging/Monitoring Failures
+10. Server-Side Request Forgery
+
+## Process
+
+1. **Pre-engagement**
+   - Define scope and boundaries
+   - Obtain authorization
+   - Set up testing environment
+
+2. **Reconnaissance**
+   - Passive information gathering
+   - Active enumeration
+   - Technology fingerprinting
+
+3. **Vulnerability Assessment**
+   - Automated scanning
+   - Manual testing
+   - False positive validation
+
+4. **Controlled Exploitation**
+   - Proof of concept development
+   - Impact assessment
+   - Documentation
+
+5. **Reporting**
+   - Finding documentation
+   - Risk ratings
+   - Remediation guidance
+
+## Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `target` | Target URL or IP | Required |
+| `--scope` | webapp, api, network, full | webapp |
+| `--phase` | recon, vuln, exploit, report | recon |
+| `--auth-file` | Authorization document | none |
+| `--output` | Report output directory | ./security-reports |
+
+## Example Usage
+
+```bash
+# Start reconnaissance phase
+/myaidev-method:security-tester "https://app.example.com" --phase=recon
+
+# Web application assessment
+/myaidev-method:security-tester "https://app.example.com" --scope=webapp
+
+# API security testing
+/myaidev-method:security-tester "https://api.example.com" --scope=api
+
+# Generate report
+/myaidev-method:security-tester "https://app.example.com" --phase=report
+
+# Legacy commands
+/sc:security-setup
+/sc:security-recon "example.com"
+/sc:security-scan "https://app.example.com"
+```
+
+## Report Format
+
+```markdown
+# Security Assessment Report
+
+## Executive Summary
+- **Target**: [Target]
+- **Assessment Date**: [Date]
+- **Scope**: [Scope]
+- **Risk Rating**: [Critical/High/Medium/Low]
+
+## Findings Summary
+| ID | Title | Severity | Status |
+|----|-------|----------|--------|
+| V-001 | [Title] | Critical | Open |
+
+## Detailed Findings
+
+### V-001: [Vulnerability Title]
+- **Severity**: Critical
+- **CVSS**: 9.8
+- **Location**: [Affected component]
+- **Description**: [What's wrong]
+- **Impact**: [Business impact]
+- **Proof of Concept**: [Steps to reproduce]
+- **Remediation**: [How to fix]
+- **References**: [CVE, CWE, OWASP]
+
+## Remediation Roadmap
+1. [Priority 1 actions]
+2. [Priority 2 actions]
+```
+
+## Integration
+
+- Works with `/myaidev-method:security-auditor` for compliance
+- Reports can be published via content workflow
+- Part of comprehensive security workflow
+
+## Ethical Guidelines
+
+1. **Authorization First**: Never test without explicit written permission
+2. **Scope Adherence**: Stay within defined boundaries
+3. **Do No Harm**: Minimize impact on production systems
+4. **Confidentiality**: Protect sensitive findings
+5. **Responsible Disclosure**: Follow coordinated disclosure

package/skills/sparc-architect/SKILL.md

@@ -0,0 +1,146 @@
+---
+name: sparc-architect
+description: SPARC Specification phase - System architecture and design planning
+argument-hint: [requirement] [--scope=module]
+allowed-tools: [Read, Write, Edit, Glob, Grep, Task, WebSearch]
+user-invocable: true
+category: development
+version: 1.0.0
+platforms: [claude-code, gemini-cli, codex-cli]
+---
+
+# SPARC Architect Skill
+
+The Specification phase of the SPARC methodology. Analyze requirements, design system architecture, and create technical specifications.
+
+## SPARC Methodology
+
+**S**pecification → **P**seudocode → **A**rchitecture → **R**efinement → **C**ompletion
+
+This skill handles the **Specification (S)** phase, focusing on understanding requirements and designing the solution architecture before any code is written.
+
+## Capabilities
+
+- Requirements analysis and decomposition
+- System architecture design
+- Component interface definition
+- Data flow and state management planning
+- Technology stack recommendations
+- Risk identification and mitigation strategies
+- Integration point mapping
+
+## Process
+
+1. **Requirement Analysis**
+   - Parse and understand the requirement
+   - Identify stakeholders and constraints
+   - Define acceptance criteria
+   - List assumptions and dependencies
+
+2. **Architecture Design**
+   - Design high-level system architecture
+   - Define component boundaries
+   - Specify interfaces and contracts
+   - Plan data models and schemas
+
+3. **Technical Specification**
+   - Create detailed technical spec
+   - Document API endpoints (if applicable)
+   - Define error handling strategies
+   - Plan for scalability and performance
+
+4. **Review Preparation**
+   - Generate architecture diagrams (descriptions)
+   - Create implementation roadmap
+   - Identify testing requirements
+   - Document security considerations
+
+## Output Format
+
+```markdown
+# Technical Specification: [Feature Name]
+
+## Overview
+[Brief description of the feature/requirement]
+
+## Requirements
+- FR-1: [Functional requirement]
+- FR-2: [Functional requirement]
+- NFR-1: [Non-functional requirement]
+
+## Architecture
+
+### Components
+- **[Component A]**: [Description and responsibility]
+- **[Component B]**: [Description and responsibility]
+
+### Interfaces
+```typescript
+interface ComponentA {
+  method(): ReturnType;
+}
+```
+
+### Data Flow
+1. [Step 1]
+2. [Step 2]
+3. [Step 3]
+
+## Implementation Plan
+1. Phase 1: [Description]
+2. Phase 2: [Description]
+3. Phase 3: [Description]
+
+## Testing Strategy
+- Unit tests for: [components]
+- Integration tests for: [flows]
+- E2E tests for: [scenarios]
+
+## Security Considerations
+- [Consideration 1]
+- [Consideration 2]
+
+## Open Questions
+- [ ] [Question 1]
+- [ ] [Question 2]
+```
+
+## Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `requirement` | The feature or requirement to design | Required |
+| `--scope` | file, module, project, system | module |
+| `--depth` | shallow, standard, deep | standard |
+| `--output` | Output file path | ./specs/[name].md |
+
+## Example Usage
+
+```bash
+# Design a new feature
+/myaidev-method:architect "User authentication with OAuth2 support"
+
+# System-level architecture
+/myaidev-method:architect "Migrate monolith to microservices" --scope=system --depth=deep
+
+# Quick module design
+/myaidev-method:architect "Add caching layer" --scope=module
+
+# Legacy command
+/myai-dev-architect "Payment processing integration"
+```
+
+## Integration
+
+- Output feeds into `/myaidev-method:coder` for implementation
+- Works with `/myaidev-method:sparc` for full workflow orchestration
+- Specifications stored in `specs/` or `docs/` directory
+
+## Best Practices
+
+1. **Start with Why**: Understand the business value before diving into technical details
+2. **Keep It Simple**: Choose the simplest architecture that meets requirements
+3. **Plan for Change**: Design for extensibility and maintainability
+4. **Document Decisions**: Record why choices were made, not just what was chosen
+5. **Consider Constraints**: Account for time, budget, and technical limitations
+6. **Think Security First**: Include security considerations from the start