omgkit 2.1.1 → 2.3.0

package/plugin/skills/methodology/defense-in-depth/SKILL.md

@@ -1,51 +1,97 @@
 ---
-name: defense-in-depth
-description: Security defense in depth. Use when designing secure systems.
+name: implementing-defense-in-depth
+description: AI agent designs layered security architecture with multiple independent protective barriers ensuring no single point of failure. Use when building security systems, reviewing architecture, or hardening applications.
 ---
 
-# Defense in Depth Skill
+# Implementing Defense in Depth
 
-## Layers
+## Quick Start
 
-### 1. Perimeter
-- Firewall
-- Rate limiting
-- WAF
+1. **Perimeter** - WAF, DDoS protection, rate limiting, IP filtering
+2. **Network** - VPC, security groups, mTLS, network policies
+3. **Application** - Input validation, output encoding, CSRF, CSP
+4. **Data** - Encryption at rest/transit, access control, classification
+5. **Identity** - MFA, least privilege, session management
+6. **Monitoring** - Logging, alerting, anomaly detection across all layers
 
-### 2. Network
-- VPC
-- Security groups
-- TLS everywhere
+## Features
 
-### 3. Application
-- Input validation
-- Output encoding
-- CSRF protection
+| Feature | Description | Guide |
+|---------|-------------|-------|
+| Layered Protection | 5+ independent security barriers | Each layer catches what others miss |
+| Perimeter Security | First line of defense | WAF rules, rate limits, DDoS protection |
+| Network Isolation | Segment and protect internal comms | VPC subnets, security groups, mTLS |
+| Application Security | Secure code and request handling | Validate input, encode output, CSP headers |
+| Data Protection | Protect data at rest and in transit | AES-256-GCM, field-level encryption |
+| Identity Security | Authentication and authorization | MFA, RBAC, secure sessions |
 
-### 4. Data
-- Encryption at rest
-- Encryption in transit
-- Access control
+## Common Patterns
 
-### 5. Monitoring
-- Logging
-- Alerting
-- Audit trails
-
-## Principle
-> If one layer fails, others protect.
+```
+# Security Layers Architecture
++--------------------------------------------------+
+| LAYER 1: PERIMETER                               |
+| WAF | DDoS | Rate Limiting | IP Filtering        |
++--------------------------------------------------+
+    |
+    v
++--------------------------------------------------+
+| LAYER 2: NETWORK                                 |
+| VPC | Security Groups | TLS Everywhere           |
++--------------------------------------------------+
+    |
+    v
++--------------------------------------------------+
+| LAYER 3: APPLICATION                             |
+| Input Validation | Output Encoding | CSRF | CSP  |
++--------------------------------------------------+
+    |
+    v
++--------------------------------------------------+
+| LAYER 4: DATA                                    |
+| Encryption at Rest | Encryption in Transit       |
++--------------------------------------------------+
+    |
+    v
++--------------------------------------------------+
+| LAYER 5: IDENTITY                                |
+| MFA | Least Privilege | Session Management       |
++--------------------------------------------------+
 
-## Implementation
-```typescript
-// Layer 1: Rate limiting
-app.use(rateLimit({ max: 100 }));
+CROSS-CUTTING: Logging | Alerting | Anomaly Detection
+```
 
-// Layer 2: Input validation
-const validated = schema.parse(input);
+```
+# Network Security Groups (Example)
+loadBalancer:
+  inbound:  [443 from 0.0.0.0/0]
+  outbound: [8080 to application-sg]
 
-// Layer 3: Parameterized query
-db.query('SELECT * FROM users WHERE id = $1', [id]);
+application:
+  inbound:  [8080 from load-balancer-sg]
+  outbound: [5432 to database-sg, 443 to external]
 
-// Layer 4: Output encoding
-res.json(sanitize(data));
+database:
+  inbound:  [5432 from application-sg]
+  outbound: [] # No outbound
 ```
+
+## Best Practices
+
+| Do | Avoid |
+|----|-------|
+| Implement all layers - each provides unique protection | Relying on a single security layer |
+| Fail securely - deny access when in doubt | Trusting user input at any layer |
+| Log security events for detection/forensics | Exposing detailed error messages |
+| Rotate credentials regularly | Storing secrets in code |
+| Validate all inputs at every layer | Skipping security in development |
+| Encrypt sensitive data at rest and in transit | Assuming internal traffic is safe |
+| Use least privilege for all access | Disabling security for "convenience" |
+| Test security controls regularly | Ignoring security alerts |
+
+## Related Skills
+
+- `applying-owasp-security` - OWASP security guidelines
+- `implementing-oauth` - OAuth authentication flows
+- `implementing-better-auth` - Modern auth patterns
+- `verifying-before-completion` - Security verification checklists

package/plugin/skills/methodology/dispatching-parallel-agents/SKILL.md

@@ -1,43 +1,104 @@
 ---
 name: dispatching-parallel-agents
-description: Parallel agent execution. Use when tasks can run concurrently.
+description: AI agent orchestrates parallel task execution through concurrent specialized agents for maximum efficiency. Use when tasks can run independently, multi-concern reviews, or parallel exploration.
 ---
 
-# Dispatching Parallel Agents Skill
+# Dispatching Parallel Agents
 
-## When to Parallelize
-- Independent tasks
-- No shared state
-- Different file scopes
-- Research + implementation
+## Quick Start
+
+1. **Analyze** - Identify independent vs dependent tasks
+2. **Group** - Create parallel groups with no shared dependencies
+3. **Specialize** - Assign agents by expertise (explorer, implementer, reviewer)
+4. **Dispatch** - Fan-out tasks with timeouts and concurrency limits
+5. **Aggregate** - Combine results using merge, consensus, or priority
+6. **Handle Errors** - Retry failed, continue with partial, or fail-fast
+
+## Features
+
+| Feature | Description | Guide |
+|---------|-------------|-------|
+| Task Analysis | Identify parallelizable work | No data deps, no shared files, no state |
+| Agent Specialization | Match agent type to task | Explorer, implementer, tester, reviewer |
+| Fan-Out/Fan-In | Parallel dispatch and aggregation | Promise.all for dispatch, merge results |
+| Concurrency Limits | Control parallel agent count | Prevent resource exhaustion |
+| Timeout Handling | Bound execution time per agent | Race with timeout, handle gracefully |
+| Error Strategies | Handle partial failures | Retry, continue, or fail-fast |
+
+## Common Patterns
 
-## Pattern
 ```
-┌─────────────────────────────────────┐
-│           Main Agent                │
-└──────────────┬──────────────────────┘
-               │
-    ┌──────────┼──────────┐
-    ▼          ▼          ▼
-┌───────┐ ┌───────┐ ┌───────┐
-│Agent A│ │Agent B│ │Agent C│
-│(task1)│ │(task2)│ │(task3)│
-└───────┘ └───────┘ └───────┘
-    │          │          │
-    └──────────┼──────────┘
-               ▼
-       [Aggregate Results]
+# Parallel Execution Model
+         [Main Agent (Orchestrator)]
+                    |
+         [Task Analysis & Distribution]
+                    |
+    +---------------+---------------+
+    |               |               |
+[Agent A]      [Agent B]      [Agent C]
+(Task 1)       (Task 2)       (Task 3)
+    |               |               |
+    +-------+-------+-------+-------+
+            |
+    [Aggregation & Integration]
+            |
+      [Final Response]
+
+TIMING:
+Sequential: ████████████████████████████
+Parallel:   ████████████  (max of tasks)
 ```
 
-## Commands
-```bash
-/spawn "Research authentication options"
-/spawn "Write tests for user module"
-/spawn:collect
+```typescript
+// Fan-out/Fan-in Pattern
+const [security, performance, style] = await Promise.all([
+  spawnAgent({ type: 'reviewer', focus: 'security' }),
+  spawnAgent({ type: 'reviewer', focus: 'performance' }),
+  spawnAgent({ type: 'reviewer', focus: 'style' }),
+]);
+return combineReviews([security, performance, style]);
+
+// Parallelization Criteria
+CAN PARALLELIZE:
+- Independent code changes (different files)
+- Research on different topics
+- Tests for different modules
+- Multi-concern code reviews
+
+CANNOT PARALLELIZE:
+- Tasks with data dependencies
+- Sequential workflow steps
+- Tasks modifying same files
+- Tasks sharing mutable state
+```
+
+```
+# Agent Specialization
+| Type | Strengths | Best For |
+|------|-----------|----------|
+| explorer | Finding files, patterns | Initial exploration |
+| implementer | Writing production code | Features, bug fixes |
+| tester | Test design, edge cases | Unit/integration tests |
+| reviewer | Issue identification | Code review, security |
+| documenter | Clear explanations | Docs, comments |
 ```
 
 ## Best Practices
-- Clear task boundaries
-- Define sync points
-- Aggregate results
-- Handle failures
+
+| Do | Avoid |
+|----|-------|
+| Identify truly independent tasks first | Parallelizing tasks that share state |
+| Use specialized agents for concerns | One agent doing everything |
+| Set appropriate timeouts per agent | Unbounded execution time |
+| Handle partial failures gracefully | Ignoring failed agent results |
+| Use concurrency limits | Spawning unlimited agents |
+| Aggregate results meaningfully | Skipping result combination |
+| Document dependencies between tasks | Assuming order of completion |
+| Clean up agent resources | Resource leaks from agents |
+
+## Related Skills
+
+- `optimizing-tokens` - Efficient context per agent
+- `thinking-sequentially` - Order dependent tasks
+- `writing-plans` - Plan parallel execution phases
+- `executing-plans` - Execute with parallel steps

package/plugin/skills/methodology/executing-plans/SKILL.md

@@ -1,34 +1,123 @@
 ---
 name: executing-plans
-description: Executing implementation plans. Use when implementing from a plan.
+description: AI agent follows implementation plans systematically with progress tracking, quality gates, and blocker resolution. Use when implementing features, following plans, or executing tasks.
 ---
 
-# Executing Plans Skill
-
-## Process
-1. Read the plan completely
-2. Verify understanding
-3. Execute tasks in order
-4. Check off completed tasks
-5. Report blockers immediately
-
-## Per Task
-1. Read task description
-2. Navigate to code location
-3. Implement change
-4. Verify it works
-5. Mark complete
-6. Proceed to next
-
-## Quality Gates
-- After each task: Does it work?
-- After each phase: Run tests
-- After completion: Full verification
-
-## Reporting
-```markdown
-## Progress Update
-- Completed: 5/10 tasks
-- Current: Task 6 - [description]
+# Executing Plans
+
+## Quick Start
+
+1. **Prepare** - Read entire plan, verify understanding, check dependencies
+2. **Execute Task** - Read -> Navigate -> Implement -> Verify -> Complete
+3. **Track Progress** - Update status after each task, report blockers immediately
+4. **Pass Quality Gates** - Validate after task, after phase, before completion
+5. **Handle Deviations** - Document changes, get approval for scope changes
+
+## Features
+
+| Feature | Description | Guide |
+|---------|-------------|-------|
+| Preparation Phase | Understand before starting | Read plan, verify deps, clarify questions |
+| Task Execution | Systematic per-task flow | Read, navigate, implement, verify, complete |
+| Progress Tracking | Real-time status updates | Completed X, In Progress Y, Remaining Z |
+| Quality Gates | Validation checkpoints | Per-task, per-phase, pre-completion |
+| Blocker Resolution | Unblock systematically | Document, assess, attempt, escalate, workaround |
+| Deviation Handling | Adapt to discoveries | Document, assess scope/timeline, get approval |
+
+## Common Patterns
+
+```
+# Task Execution Checklist
+BEFORE STARTING:
+[ ] Read task description completely
+[ ] Understand acceptance criteria
+[ ] Check dependencies completed
+[ ] No blockers present
+
+DURING IMPLEMENTATION:
+[ ] Navigate to specified files
+[ ] Understand existing code context
+[ ] Implement changes incrementally
+[ ] Write tests alongside code
+
+AFTER COMPLETION:
+[ ] All acceptance criteria met
+[ ] Tests pass locally
+[ ] No lint/type errors
+[ ] Task marked complete
+
+# Quality Gates
+AFTER EACH TASK:
+npm run lint && npm run typecheck && npm test -- --related
+
+AFTER EACH PHASE:
+npm run lint && npm run typecheck && npm test && npm run build
+
+BEFORE COMPLETION:
+npm run lint && npm run typecheck && npm test --coverage && npm run build
+```
+
+```
+# Progress Report Template
+## Status: [Date Time]
+
+### Summary
+- Completed: [N] tasks
+- In Progress: [Task name]
+- Remaining: [M] tasks
 - Blockers: [None | Description]
+
+### Current Task
+**[Task Name]:** [Description]
+- Started: [Time]
+- Progress: ~60%
+- Expected completion: [Time]
+
+### ETA
+On track for [date] | Delayed by [reason]
+```
+
+```
+# Blocker Resolution Flow
+BLOCKER DETECTED
+      |
+1. DOCUMENT immediately
+   - What is blocked?
+   - Why is it blocked?
+      |
+2. ASSESS impact
+   - Critical path affected?
+   - Time sensitive?
+      |
+3. ATTEMPT resolution (15-30 min)
+   - Quick research
+   - Alternative approach
+      |
+   +-> RESOLVED -> Continue
+      |
+4. ESCALATE if not resolved
+   - Report with: issue, attempts, ask
+      |
+5. WORK AROUND while waiting
+   - Move to non-blocked tasks
 ```
+
+## Best Practices
+
+| Do | Avoid |
+|----|-------|
+| Read entire plan before starting | Skipping preparation phase |
+| Verify understanding of each task | Assuming task requirements |
+| Execute tasks in sequence (unless parallel) | Ignoring quality gates |
+| Validate after each task completion | Hiding blockers or delays |
+| Report blockers immediately | Deviating without documenting |
+| Document deviations as they occur | Rushing quality for speed |
+| Complete fully before marking done | Leaving tasks partially done |
+| Ask questions early | Skipping testing steps |
+
+## Related Skills
+
+- `writing-plans` - Create plans to execute
+- `verifying-before-completion` - Quality gate checklists
+- `thinking-sequentially` - Track execution progress
+- `solving-problems` - Resolve blockers systematically

package/plugin/skills/methodology/finishing-development-branch/SKILL.md

@@ -1,41 +1,120 @@
 ---
-name: finishing-development-branch
-description: Completing a development branch. Use when wrapping up feature work.
+name: finishing-development-branches
+description: AI agent completes development branches with comprehensive quality gates, clean git history, and thorough PR preparation. Use when wrapping up features, preparing for merge, or finalizing PRs.
 ---
 
-# Finishing Development Branch Skill
+# Finishing Development Branches
 
-## Checklist
+## Quick Start
+
+1. **Code Complete** - All acceptance criteria met, edge cases handled, no TODOs
+2. **Quality Assurance** - Tests pass, coverage met, lint clean, build succeeds
+3. **Documentation** - README, API docs, inline comments updated
+4. **Git Hygiene** - Rebase on main, clean commit history, no conflicts
+5. **PR Ready** - Complete description, screenshots, reviewers assigned
+
+## Features
+
+| Feature | Description | Guide |
+|---------|-------------|-------|
+| Code Completeness | All requirements implemented | Check acceptance criteria, edge cases, cleanup |
+| Quality Gates | Automated validation | Tests, lint, types, security, build |
+| TODO Scanner | Find unaddressed items | `TODO`, `FIXME`, `HACK`, `XXX` patterns |
+| Git Preparation | Clean history for merge | Rebase, squash WIP, conventional commits |
+| PR Generation | Comprehensive description | Summary, changes, testing, screenshots |
+| Verification Script | Final pre-PR check | Run all gates, generate report |
+
+## Common Patterns
+
+```
+# Completion Checklist
+PHASE 1: CODE COMPLETE
+[ ] All acceptance criteria implemented
+[ ] Edge cases handled
+[ ] Error handling complete
+[ ] No TODO/FIXME unaddressed
+[ ] Debug code removed
+
+PHASE 2: QUALITY ASSURANCE
+[ ] All tests passing
+[ ] Coverage meets threshold (80%+)
+[ ] Lint/format passing
+[ ] Type checking passing
+[ ] Security scan passing
+
+PHASE 3: DOCUMENTATION
+[ ] README updated if needed
+[ ] API documentation updated
+[ ] Complex logic commented
+
+PHASE 4: GIT HYGIENE
+[ ] Rebased on latest main
+[ ] Commit history clean
+[ ] Conventional commit messages
+[ ] No merge conflicts
+
+PHASE 5: PR READY
+[ ] Description complete
+[ ] Screenshots for UI changes
+[ ] Reviewers assigned
+```
 
-### Code Complete
-- [ ] All tasks done
-- [ ] Tests written
-- [ ] Docs updated
-- [ ] No TODOs left
-
-### Quality
-- [ ] Tests passing
-- [ ] Lint passing
-- [ ] Type check passing
-- [ ] Self-reviewed
-
-### Git
-- [ ] Clean commit history
-- [ ] Meaningful messages
-- [ ] Rebased on main
-- [ ] No merge conflicts
-
-### PR
-- [ ] Description complete
-- [ ] Reviewers assigned
-- [ ] Labels added
-
-## Final Steps
 ```bash
+# Git Preparation
 git fetch origin main
 git rebase origin/main
-npm test
-npm run build
-git push origin feature-branch
-gh pr create
+
+# Review commits for squashing
+git log --oneline main..HEAD
+# Consider squashing: fix, wip, temp commits
+git rebase -i main
+
+# Push with lease (safe force)
+git push origin feature-branch --force-with-lease
+
+# Quality verification
+npm run lint && npm run typecheck && npm test && npm run build
+```
+
 ```
+# PR Description Template
+## Summary
+[2-3 sentences on what/why]
+
+## Changes
+- [Change 1]
+- [Change 2]
+
+## Testing
+- [x] Unit tests
+- [x] Integration tests
+- [ ] Manual testing
+
+## Screenshots
+[For UI changes]
+
+## Checklist
+- [x] Self-review completed
+- [x] Tests pass
+- [x] Documentation updated
+```
+
+## Best Practices
+
+| Do | Avoid |
+|----|-------|
+| Run all checks locally before pushing | Pushing broken code |
+| Rebase on latest main to avoid conflicts | Force pushing without --force-with-lease |
+| Squash WIP commits into meaningful units | Leaving fix/wip/temp commits |
+| Write clear conventional commit messages | Cryptic commit messages |
+| Include screenshots for UI changes | Creating PRs without descriptions |
+| Self-review your diff before requesting | Leaving debug statements in code |
+| Test in clean environment if possible | Skipping tests to save time |
+| Link to related tickets in PR | Ignoring linting warnings |
+
+## Related Skills
+
+- `requesting-code-reviews` - Write effective review requests
+- `verifying-before-completion` - Quality gate checklists
+- `writing-plans` - Plan completion criteria upfront
+- `executing-plans` - Track progress to completion