omgkit 2.1.1 → 2.3.0

package/plugin/skills/omega/omega-thinking/SKILL.md

@@ -1,54 +1,266 @@
 ---
-name: omega-thinking
-description: 7 modes of Omega thinking. Use for deep analysis, problem solving, finding 10x improvements.
+name: thinking-in-omega-modes
+description: Applies 7 systematic thinking modes for breakthrough problem-solving and 10x improvements. Use when tackling complex problems, seeking transformative insights, or escaping conventional thinking traps.
+category: omega
+triggers:
+  - omega thinking
+  - deep analysis
+  - 10x improvement
+  - transformative thinking
+  - breakthrough ideas
 ---
 
-# Omega Thinking Skill
-
-## The 7 Modes
-
-### 🔭 TELESCOPIC
-Zoom out to see the big picture.
-- Task → Feature → Product → Market → Industry → World
-- **Ask**: "What's the ultimate impact?"
-
-### 🔬 MICROSCOPIC
-First principles analysis.
-- Why? → Why? → Why? → Why? → Why?
-- **Ask**: "What's fundamentally true?"
-
-### ↔️ LATERAL
-Different angles and approaches.
-- How would [X industry] solve this?
-- What's the opposite approach?
-- **Ask**: "What are we not seeing?"
-
-### 🔄 INVERSION
-Learn through failure.
-- How to guarantee failure?
-- Avoid those things.
-- **Ask**: "What would make this fail?"
-
-### ⏳ TEMPORAL
-Time dimension analysis.
-- Historical patterns?
-- Relevant in 10 years?
-- **Ask**: "How does time affect this?"
-
-### 🕸️ SYSTEMIC
-Interconnections and emergence.
-- Components and connections?
-- Feedback loops?
-- **Ask**: "What system dynamics are at play?"
-
-### ⚛️ QUANTUM
-Multiple possibilities.
-- All possible solutions?
-- How to test quickly?
-- **Ask**: "What are all the possibilities?"
-
-## Application
-For any problem:
-1. Apply all 7 modes
-2. Synthesize insights
-3. Find the 10x opportunity
+# Thinking in Omega Modes
+
+Master the **7 modes of Omega thinking** for breakthrough problem-solving, transformative insights, and 10x improvements.
+
+## Quick Start
+
+```yaml
+# Apply all 7 modes to any significant problem
+Problem: "API performance issues"
+
+Modes:
+  Telescopic: "Zoom out - what's the biggest picture?"
+  Microscopic: "First principles - what's fundamentally true?"
+  Lateral: "Different angle - how would Netflix solve this?"
+  Inversion: "Failure mode - how to guarantee failure?"
+  Temporal: "Time dimension - past, present, future impact?"
+  Systemic: "Connections - what are the feedback loops?"
+  Quantum: "Possibilities - what are ALL options?"
+
+Synthesis:
+  10x_Opportunity: "Shift from request-response to event-driven real-time"
+```
+
+## Features
+
+| Feature | Description | Guide |
+|---------|-------------|-------|
+| Telescopic | Zoom out to biggest picture | Task to ultimate impact |
+| Microscopic | First principles analysis | 5 Whys to root cause |
+| Lateral | Different angles and perspectives | Industry translation |
+| Inversion | Learn through failure analysis | Pre-mortem planning |
+| Temporal | Time dimension analysis | Past, present, future effects |
+| Systemic | Interconnections and emergence | Feedback loops mapping |
+| Quantum | Multiple possibilities simultaneously | Scenario planning |
+
+## Common Patterns
+
+### The 7 Omega Thinking Modes
+
+```
+TELESCOPIC    - Zoom out to see the big picture
+MICROSCOPIC   - First principles analysis
+LATERAL       - Different angles and approaches
+INVERSION     - Learn through failure analysis
+TEMPORAL      - Time dimension analysis
+SYSTEMIC      - Interconnections and emergence
+QUANTUM       - Multiple possibilities simultaneously
+```
+
+### Telescopic: Zoom Out
+
+```markdown
+## The Zoom Ladder
+
+Current task     -> What feature does this enable?
+Feature          -> What product capability?
+Product          -> What business outcome?
+Business         -> What market need?
+Market           -> What industry trend?
+Industry         -> What societal shift?
+
+## Example
+Task: Optimize database query
+-> Feature: Faster page load
+-> Product: Better UX
+-> Business: Higher conversion
+-> Market: Real-time expectation
+-> Insight: Need real-time architecture, not just query fixes
+```
+
+### Microscopic: First Principles
+
+```markdown
+## The 5 Whys
+
+Problem: Users complain about slow app
+
+Why 1? -> Page load takes 5 seconds
+Why 2? -> Large JavaScript bundle
+Why 3? -> All dependencies loaded upfront
+Why 4? -> No code splitting implemented
+Why 5? -> Architecture assumed fast connections
+
+Root cause: Architecture assumptions don't match reality
+
+## Fundamental Truths Checklist
+- Physics constraints (speed of light)
+- Mathematical certainties (complexity bounds)
+- Human constants (attention span, cognitive load)
+- Economic principles (supply/demand)
+- Network effects (Metcalfe's law)
+```
+
+### Lateral: Different Angles
+
+```markdown
+## Industry Translation
+How would [other industry] solve this?
+
+- Netflix: Aggressive caching, CDN, predictive loading
+- Tesla: OTA updates, feature flagging, A/B testing
+- Amazon: Predictive stocking, distributed warehouses
+- Spotify: Collaborative filtering, taste profiles
+
+## Opposite Day Analysis
+Current: Push notifications to users
+Opposite: Let users pull when ready
+Insight: Less is more - reduce notification fatigue
+
+## Random Stimulus
+Pick random word: "Butterfly"
+- Metamorphosis -> Transform architecture gradually
+- Wings -> Lightweight, distributed components
+- Effect -> Small changes, big impact
+```
+
+### Inversion: Failure Analysis
+
+```markdown
+## How to Guarantee Failure
+
+Goal: Build a highly reliable system
+
+Guaranteed Failures:
+1. No monitoring -> Add comprehensive monitoring
+2. Single points of failure -> Build redundancy
+3. No testing -> Implement thorough testing
+4. Hardcode secrets -> Use secret management
+5. No backups -> Implement backup strategy
+
+## Pre-Mortem Template
+Imagine it's 6 months from now and the project failed.
+
+Technical Failures: [List what went wrong]
+Process Failures: [List what went wrong]
+People Failures: [List what went wrong]
+External Failures: [List what went wrong]
+
+Prevention Plan: [For each, identify prevention]
+```
+
+### Temporal: Time Dimension
+
+```markdown
+## Time Horizon Analysis
+
+Past: Has this been tried before? What patterns repeat?
+Present: What is true today? What constraints exist?
+Near (1yr): What trends are emerging?
+Medium (5yr): What technologies will mature?
+Long (10yr+): What is inevitable? What will endure?
+
+## Second-Order Effects
+
+First-order: [Immediate effect]
+Second-order (1yr): [Effects of first-order effects]
+Third-order (3yr): [Effects of second-order effects]
+Fourth-order (5yr+): [Long-term cascading effects]
+
+Example: Choosing microservices
+- First: More deployment complexity
+- Second: Team reorganization
+- Third: Different hiring needs (DevOps)
+- Fourth: Company culture shifts
+```
+
+### Systemic: Interconnections
+
+```markdown
+## Feedback Loop Analysis
+
+Reinforcing Loops (Amplify):
+A increases -> B increases -> A increases more
+Type: Virtuous or Vicious?
+
+Balancing Loops (Stabilize):
+A increases -> B decreases -> A stabilizes
+
+Intervention Points:
+Where can we intervene for maximum effect?
+1. High leverage point
+2. Medium leverage point
+3. Low leverage point
+
+## Emergent Properties
+What appears only when components combine:
+- Properties no single component has
+- Behaviors that emerge from interaction
+- Capabilities that only exist as whole
+```
+
+### Quantum: Multiple Possibilities
+
+```markdown
+## Possibility Explosion
+
+Conventional: Option A or Option B
+
+Expanded:
+- A + B: Combination
+- Neither: Completely different approach
+- Sequence: A then B
+- Parallel: Both simultaneously
+- Delegate: Someone else decides
+- Defer: Decide later with more info
+- Eliminate: Remove need for decision
+
+## Scenario Planning Matrix
+                    Uncertainty 2
+                    Low         High
+              +-------------+-------------+
+      High    | Scenario A  | Scenario B  |
+Uncertainty 1 |             |             |
+              +-------------+-------------+
+      Low     | Scenario C  | Scenario D  |
+              |             |             |
+              +-------------+-------------+
+
+Robust Strategies: What works in ALL scenarios?
+Contingent Strategies: If Scenario X, do Y
+```
+
+### Full Omega Analysis Example
+
+```markdown
+## Problem: API Performance
+
+TELESCOPIC: Need real-time first, not request-response
+MICROSCOPIC: Architecture drift from evolving requirements
+LATERAL: Consider push-based architecture with caching
+INVERSION: Add monitoring, caching, go async
+TEMPORAL: Solve for future scale, not just current pain
+SYSTEMIC: Cache layer breaks bottleneck loop
+QUANTUM: Start with caching, plan for rearchitecture
+
+## Synthesis
+10x Opportunity: Shift from request-response to
+event-driven real-time architecture with edge caching.
+```
+
+## Best Practices
+
+| Do | Avoid |
+|----|-------|
+| Apply ALL 7 modes systematically | Stopping at surface level |
+| Document insights from each mode | Using only one thinking mode |
+| Look for 10x opportunities, not 10% | Accepting first solution |
+| Synthesize across modes | Ignoring temporal effects |
+| Challenge assumptions explicitly | Missing systemic connections |
+| Consider unintended consequences | Limiting possibilities too early |
+| Map systems and feedback loops | Forgetting to zoom out |
+| Think across time horizons | Forgetting to zoom in |
+| Generate many possibilities | Skipping the inversion check |
+| Seek first principles truths | Rushing the analysis |

package/plugin/skills/security/better-auth/SKILL.md

@@ -1,53 +1,102 @@
 ---
-name: better-auth
-description: Better Auth library. Use for authentication in TypeScript projects.
+name: Implementing Better Auth
+description: Claude implements enterprise TypeScript authentication with Better Auth. Use when building auth systems, adding OAuth providers, enabling MFA, or managing sessions in TypeScript/Next.js projects.
 ---
 
-# Better Auth Skill
+# Implementing Better Auth
+
+## Quick Start
 
-## Setup
 ```typescript
-import { betterAuth } from 'better-auth';
+// lib/auth.ts
+import { betterAuth } from "better-auth";
+import { prismaAdapter } from "better-auth/adapters/prisma";
 
 export const auth = betterAuth({
-  database: {
-    provider: 'postgresql',
-    url: process.env.DATABASE_URL,
-  },
-  emailAndPassword: {
-    enabled: true,
-  },
+  database: prismaAdapter(prisma, { provider: "postgresql" }),
+  emailAndPassword: { enabled: true, requireEmailVerification: true },
+  session: { expiresIn: 60 * 60 * 24 * 7 },
   socialProviders: {
-    google: {
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    },
+    google: { clientId: process.env.GOOGLE_CLIENT_ID!, clientSecret: process.env.GOOGLE_CLIENT_SECRET! },
   },
 });
 ```
 
-## Client Usage
-```typescript
-import { createAuthClient } from 'better-auth/client';
+## Features
 
-const authClient = createAuthClient();
+| Feature | Description | Reference |
+|---------|-------------|-----------|
+| Email/Password Auth | Secure registration, login, password validation | [Auth Guide](https://www.better-auth.com/docs/authentication/email-password) |
+| Social OAuth | Google, GitHub, Discord provider integration | [Social Providers](https://www.better-auth.com/docs/authentication/social-providers) |
+| Two-Factor Auth | TOTP-based MFA with backup codes | [2FA Plugin](https://www.better-auth.com/docs/plugins/two-factor) |
+| Session Management | Secure cookie-based sessions with refresh | [Sessions](https://www.better-auth.com/docs/concepts/sessions) |
+| Rate Limiting | Configurable limits per endpoint | [Rate Limiting](https://www.better-auth.com/docs/concepts/rate-limit) |
+| Organizations | Multi-tenant support with roles | [Organizations Plugin](https://www.better-auth.com/docs/plugins/organization) |
 
-// Sign up
-await authClient.signUp.email({
-  email: 'user@example.com',
-  password: 'password',
-  name: 'User',
-});
+## Common Patterns
+
+### Client Setup with Plugins
 
-// Sign in
-await authClient.signIn.email({
-  email: 'user@example.com',
-  password: 'password',
+```typescript
+// lib/auth-client.ts
+import { createAuthClient } from "better-auth/client";
+import { twoFactorClient, organizationClient } from "better-auth/client/plugins";
+
+export const authClient = createAuthClient({
+  baseURL: process.env.NEXT_PUBLIC_API_URL,
+  plugins: [twoFactorClient(), organizationClient()],
 });
+
+export const { signIn, signUp, signOut, useSession } = authClient;
+```
+
+### Protected Routes Middleware
+
+```typescript
+// middleware.ts
+import { auth } from "@/lib/auth";
+import { NextRequest, NextResponse } from "next/server";
+
+export async function middleware(request: NextRequest) {
+  const session = await auth.api.getSession({ headers: request.headers });
+
+  if (!session && !request.nextUrl.pathname.startsWith("/login")) {
+    return NextResponse.redirect(new URL("/login", request.url));
+  }
+  return NextResponse.next();
+}
+```
+
+### Two-Factor Authentication Flow
+
+```typescript
+// Handle 2FA during sign-in
+const { data, error } = await authClient.signIn.email({ email, password });
+
+if (error?.code === "TWO_FACTOR_REQUIRED") {
+  // Show 2FA input
+  const { data: verified } = await authClient.twoFactor.verify({ code: totpCode });
+}
+
+// Enable 2FA for user
+const { data } = await authClient.twoFactor.enable();
+// data.totpURI contains QR code data
+// data.backupCodes contains recovery codes
 ```
 
 ## Best Practices
-- Enable rate limiting
-- Use secure cookies
-- Implement email verification
-- Add MFA option
+
+| Do | Avoid |
+|----|-------|
+| Require email verification for new accounts | Storing plain-text passwords |
+| Enable rate limiting on auth endpoints | Exposing detailed error messages |
+| Use httpOnly, secure cookies | Using predictable session tokens |
+| Set strong password requirements (12+ chars) | Allowing unlimited login attempts |
+| Implement proper session expiration | Storing sensitive data in JWT |
+| Log authentication events for auditing | Skipping CSRF protection |
+
+## References
+
+- [Better Auth Documentation](https://www.better-auth.com/docs)
+- [Better Auth Plugins](https://www.better-auth.com/docs/plugins)
+- [OWASP Authentication Guidelines](https://owasp.org/www-project-web-security-testing-guide/)

package/plugin/skills/security/oauth/SKILL.md

@@ -1,50 +1,133 @@
 ---
-name: oauth
-description: OAuth 2.0 / OIDC. Use for third-party authentication, social login.
+name: Implementing OAuth
+description: Claude implements OAuth 2.0 and OpenID Connect authorization flows. Use when adding social login, integrating OAuth providers, managing tokens, or securing APIs with OAuth.
 ---
 
-# OAuth Skill
+# Implementing OAuth
 
-## Authorization Code Flow
+## Quick Start
+
+```typescript
+// lib/oauth/client.ts
+import crypto from "crypto";
+
+export function generatePKCE() {
+  const codeVerifier = crypto.randomBytes(32).toString("base64url");
+  const codeChallenge = crypto.createHash("sha256").update(codeVerifier).digest("base64url");
+  const state = crypto.randomBytes(16).toString("hex");
+  return { codeVerifier, codeChallenge, state };
+}
+
+export function buildAuthUrl(config: OAuthConfig, pkce: PKCEPair) {
+  const params = new URLSearchParams({
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri,
+    response_type: "code",
+    scope: config.scopes.join(" "),
+    state: pkce.state,
+    code_challenge: pkce.codeChallenge,
+    code_challenge_method: "S256",
+  });
+  return `${config.authorizationEndpoint}?${params}`;
+}
 ```
-1. Redirect to provider
-   /authorize?client_id=X&redirect_uri=Y&scope=Z&response_type=code
 
-2. User authorizes
+## Features
+
+| Feature | Description | Reference |
+|---------|-------------|-----------|
+| Authorization Code + PKCE | Secure flow for public/confidential clients | [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636) |
+| Token Management | Access/refresh token handling and storage | [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749) |
+| OpenID Connect | Identity layer with ID tokens and claims | [OIDC Core](https://openid.net/specs/openid-connect-core-1_0.html) |
+| Provider Integration | Google, GitHub, Microsoft configurations | [OIDC Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) |
+| JWT Validation | ID token signature and claims verification | [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) |
+
+## Common Patterns
+
+### Token Exchange
+
+```typescript
+async function exchangeCodeForTokens(code: string, codeVerifier: string) {
+  const response = await fetch(config.tokenEndpoint, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: config.redirectUri,
+      client_id: config.clientId,
+      code_verifier: codeVerifier,
+    }),
+  });
+
+  const data = await response.json();
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    expiresIn: data.expires_in,
+    idToken: data.id_token,
+  };
+}
+```
 
-3. Callback with code
-   /callback?code=ABC
+### Provider Configuration
 
-4. Exchange code for token
-   POST /token
-   { code, client_id, client_secret, redirect_uri }
+```typescript
+// Google OAuth
+const googleConfig = {
+  authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
+  tokenEndpoint: "https://oauth2.googleapis.com/token",
+  userInfoEndpoint: "https://openidconnect.googleapis.com/v1/userinfo",
+  scopes: ["openid", "email", "profile"],
+};
 
-5. Use access token
-   Authorization: Bearer <token>
+// GitHub OAuth
+const githubConfig = {
+  authorizationEndpoint: "https://github.com/login/oauth/authorize",
+  tokenEndpoint: "https://github.com/login/oauth/access_token",
+  userInfoEndpoint: "https://api.github.com/user",
+  scopes: ["read:user", "user:email"],
+};
 ```
 
-## Implementation
+### Token Refresh Middleware
+
 ```typescript
-// Redirect to OAuth provider
-app.get('/auth/google', (req, res) => {
-  const url = new URL('https://accounts.google.com/o/oauth2/v2/auth');
-  url.searchParams.set('client_id', CLIENT_ID);
-  url.searchParams.set('redirect_uri', REDIRECT_URI);
-  url.searchParams.set('response_type', 'code');
-  url.searchParams.set('scope', 'openid email profile');
-  res.redirect(url.toString());
-});
-
-// Handle callback
-app.get('/auth/callback', async (req, res) => {
-  const { code } = req.query;
-  const tokens = await exchangeCodeForTokens(code);
-  // Create session
-});
+async function ensureFreshToken(req: Request, res: Response, next: NextFunction) {
+  const token = await tokenStore.get(req.session.userId);
+  if (!token) return next();
+
+  const timeUntilExpiry = token.expiresAt - Date.now();
+  if (timeUntilExpiry > 5 * 60 * 1000) {
+    req.accessToken = token.accessToken;
+    return next();
+  }
+
+  // Refresh token
+  const newTokens = await client.refreshTokens(token.refreshToken);
+  await tokenStore.save(req.session.userId, {
+    ...newTokens,
+    expiresAt: Date.now() + newTokens.expiresIn * 1000,
+  });
+  req.accessToken = newTokens.accessToken;
+  next();
+}
 ```
 
 ## Best Practices
-- Use PKCE for public clients
-- Validate state parameter
-- Use short-lived tokens
-- Store tokens securely
+
+| Do | Avoid |
+|----|-------|
+| Always use PKCE for authorization code flow | Using implicit flow for new apps |
+| Validate state parameter to prevent CSRF | Storing tokens in localStorage |
+| Store tokens securely (encrypted, httpOnly) | Exposing client secrets in frontend |
+| Implement token refresh before expiration | Ignoring token expiration |
+| Validate ID token signatures with JWKS | Trusting unverified ID tokens |
+| Use short-lived access tokens | Reusing authorization codes |
+
+## References
+
+- [OAuth 2.0 RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749)
+- [OAuth 2.0 PKCE RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636)
+- [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html)
+- [OAuth 2.0 Security Best Practices](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)