omgkit 2.9.1 → 2.10.1

package/plugin/workflows/security/penetration-testing.md

@@ -0,0 +1,150 @@
+---
+name: penetration-testing
+description: Test security through attack simulation
+category: security
+complexity: very-high
+estimated-time: 8-24 hours
+agents:
+  - security-auditor
+  - vulnerability-scanner
+  - researcher
+skills:
+  - owasp
+  - defense-in-depth
+  - security-hardening
+commands:
+  - /quality:security-scan
+  - /planning:research
+prerequisites:
+  - Authorization obtained
+  - Scope defined
+  - Test environment ready
+---
+
+# Penetration Testing Workflow
+
+## Overview
+
+The Penetration Testing workflow simulates attacks to identify security weaknesses. It follows ethical hacking methodology with proper authorization.
+
+## When to Use
+
+- Compliance requirements
+- Pre-production security validation
+- Third-party security assessment
+- After major architecture changes
+
+## Steps
+
+### Step 1: Scope Definition
+**Agent:** security-auditor
+**Duration:** 30-60 minutes
+
+Define scope:
+- Target systems
+- Test boundaries
+- Excluded areas
+- Rules of engagement
+
+**Output:** Scope document
+
+### Step 2: Reconnaissance
+**Agent:** vulnerability-scanner
+**Duration:** 1-2 hours
+
+Information gathering:
+- Network mapping
+- Service enumeration
+- Technology fingerprinting
+- Exposed endpoints
+
+**Output:** Reconnaissance report
+
+### Step 3: Vulnerability Analysis
+**Agent:** vulnerability-scanner
+**Command:** `/quality:security-scan`
+**Duration:** 1-2 hours
+
+Identify vulnerabilities:
+- Automated scanning
+- Manual probing
+- Configuration review
+- Authentication testing
+
+**Output:** Vulnerability list
+
+### Step 4: Exploitation
+**Agent:** security-auditor
+**Duration:** 2-4 hours
+
+Attempt exploitation:
+- Proof of concept attacks
+- Privilege escalation
+- Data access attempts
+- Chained exploits
+
+**Output:** Exploitation results
+
+### Step 5: Post-Exploitation
+**Agent:** security-auditor
+**Duration:** 1-2 hours
+
+Assess impact:
+- Access level achieved
+- Data exposure potential
+- Lateral movement
+- Persistence options
+
+**Output:** Impact assessment
+
+### Step 6: Reporting
+**Agent:** security-auditor
+**Duration:** 1-2 hours
+
+Generate report:
+- Executive summary
+- Technical details
+- Risk ratings
+- Remediation guidance
+
+**Output:** Penetration test report
+
+## Quality Gates
+
+- [ ] Authorization documented
+- [ ] Scope clearly defined
+- [ ] All tests completed
+- [ ] Findings documented
+- [ ] Remediation planned
+- [ ] Report delivered
+
+## Test Categories
+
+```
+Penetration Test Categories
+===========================
+- Network testing
+- Web application testing
+- API security testing
+- Authentication testing
+- Authorization testing
+- Session management
+- Input validation
+- Business logic
+- Client-side attacks
+```
+
+## Example Usage
+
+```bash
+# Full penetration test
+/workflow:penetration-testing "web application scope"
+
+# Focused test
+/workflow:penetration-testing "API endpoints only"
+```
+
+## Related Workflows
+
+- `security-audit` - For compliance audits
+- `api-testing` - For API security

package/plugin/workflows/security/security-audit.md

@@ -0,0 +1,176 @@
+---
+name: security-audit
+description: Comprehensive security review
+category: security
+complexity: high
+estimated-time: 4-8 hours
+agents:
+  - security-auditor
+  - vulnerability-scanner
+  - code-reviewer
+  - fullstack-developer
+  - docs-manager
+skills:
+  - owasp
+  - security-hardening
+  - defense-in-depth
+commands:
+  - /quality:security-scan
+  - /dev:fix
+  - /planning:doc
+prerequisites:
+  - Codebase accessible
+  - Dependencies listed
+---
+
+# Security Audit Workflow
+
+## Overview
+
+The Security Audit workflow provides comprehensive security review including automated scanning, manual review, vulnerability remediation, and documentation.
+
+## When to Use
+
+- Before major releases
+- After adding sensitive features
+- Regular security checkups
+- Compliance requirements
+- After security incidents
+
+## Steps
+
+### Step 1: Automated Scanning
+**Agent:** vulnerability-scanner
+**Command:** `/quality:security-scan`
+**Duration:** 30-60 minutes
+
+Run automated scans:
+- Dependency vulnerabilities
+- Static code analysis
+- Secret detection
+- Configuration audit
+
+**Output:** Scan results
+
+### Step 2: Manual Review
+**Agent:** security-auditor
+**Duration:** 2-4 hours
+
+Manual security review:
+- OWASP Top 10 checklist
+- Authentication review
+- Authorization audit
+- Data handling review
+- API security check
+
+**Output:** Manual review findings
+
+### Step 3: Risk Assessment
+**Agent:** security-auditor
+**Duration:** 30-60 minutes
+
+Assess risks:
+- Prioritize findings
+- Assess impact
+- Rate severity
+- Create remediation plan
+
+**Output:** Risk assessment
+
+### Step 4: Remediation
+**Agent:** fullstack-developer
+**Command:** `/dev:fix`
+**Duration:** 1-4 hours
+
+Fix vulnerabilities:
+- Address critical issues
+- Implement fixes
+- Update configurations
+- Add security controls
+
+**Output:** Fixes implemented
+
+### Step 5: Verification
+**Agent:** security-auditor
+**Duration:** 30-60 minutes
+
+Verify fixes:
+- Re-run scans
+- Verify remediations
+- Confirm no regressions
+- Update status
+
+**Output:** Verification report
+
+### Step 6: Report Generation
+**Agent:** docs-manager
+**Command:** `/planning:doc`
+**Duration:** 30-60 minutes
+
+Generate report:
+- Executive summary
+- Detailed findings
+- Remediation status
+- Recommendations
+
+**Output:** Security report
+
+## Quality Gates
+
+- [ ] All scans completed
+- [ ] OWASP checklist reviewed
+- [ ] Critical vulnerabilities fixed
+- [ ] Fixes verified
+- [ ] Report generated
+- [ ] Stakeholders notified
+
+## OWASP Top 10 Checklist
+
+```
+OWASP Top 10 (2021)
+===================
+[ ] A01: Broken Access Control
+[ ] A02: Cryptographic Failures
+[ ] A03: Injection
+[ ] A04: Insecure Design
+[ ] A05: Security Misconfiguration
+[ ] A06: Vulnerable Components
+[ ] A07: Authentication Failures
+[ ] A08: Data Integrity Failures
+[ ] A09: Logging/Monitoring Failures
+[ ] A10: Server-Side Request Forgery
+```
+
+## Severity Levels
+
+| Level | Description | SLA |
+|-------|-------------|-----|
+| Critical | Active exploit possible | 24 hours |
+| High | Significant risk | 7 days |
+| Medium | Moderate risk | 30 days |
+| Low | Minor risk | 90 days |
+
+## Tips
+
+- Scan dependencies regularly
+- Keep secrets out of code
+- Use parameterized queries
+- Implement proper auth
+- Log security events
+- Update dependencies
+
+## Example Usage
+
+```bash
+# Full security audit
+/workflow:security-audit
+
+# Quick scan only
+/quality:security-scan
+```
+
+## Related Workflows
+
+- `penetration-testing` - For active testing
+- `code-review` - For code quality
+- `authentication` - For auth setup

package/plugin/workflows/sprint/sprint-execution.md

@@ -0,0 +1,168 @@
+---
+name: sprint-execution
+description: Execute sprint with AI team
+category: sprint
+complexity: medium
+estimated-time: sprint duration
+agents:
+  - sprint-master
+  - fullstack-developer
+  - tester
+  - debugger
+  - project-manager
+skills:
+  - omega-sprint
+  - executing-plans
+commands:
+  - /sprint:sprint-current
+  - /sprint:team-run
+  - /sprint:team-status
+  - /dev:fix
+  - /sprint:sprint-end
+prerequisites:
+  - Sprint created and started
+  - Tasks assigned
+---
+
+# Sprint Execution Workflow
+
+## Overview
+
+The Sprint Execution workflow manages the day-to-day running of a sprint using the AI team. It covers task execution, progress monitoring, blocker resolution, and sprint completion.
+
+## When to Use
+
+- Running an active sprint
+- Managing development work
+- Coordinating AI agents
+- Tracking progress
+
+## Steps
+
+### Step 1: Sprint Review
+**Agent:** sprint-master
+**Command:** `/sprint:sprint-current`
+**Duration:** 10-15 minutes
+
+Review current sprint:
+- Check sprint status
+- Review pending tasks
+- Identify priorities
+- Check blockers
+
+**Output:** Sprint status
+
+### Step 2: Team Execution
+**Agent:** AI Team
+**Command:** `/sprint:team-run`
+**Duration:** Ongoing
+
+Run AI team:
+- Execute tasks by priority
+- Use appropriate agents
+- Report progress
+- Flag blockers
+
+**Modes:**
+- `--mode full-auto` - No intervention
+- `--mode semi-auto` - Review at checkpoints
+- `--mode manual` - Approve each step
+
+**Output:** Task progress
+
+### Step 3: Progress Monitoring
+**Agent:** project-manager
+**Command:** `/sprint:team-status`
+**Duration:** Ongoing
+
+Monitor progress:
+- Track velocity
+- Update burndown
+- Identify delays
+- Report status
+
+**Output:** Progress report
+
+### Step 4: Blocker Resolution
+**Agent:** debugger
+**Command:** `/dev:fix`
+**Duration:** As needed
+
+Resolve blockers:
+- Investigate issues
+- Implement fixes
+- Unblock tasks
+- Update status
+
+**Output:** Blockers resolved
+
+### Step 5: Sprint Completion
+**Agent:** sprint-master
+**Command:** `/sprint:sprint-end`
+**Duration:** 15-30 minutes
+
+Complete sprint:
+- Review completed work
+- Update sprint status
+- Calculate velocity
+- Prepare for review
+
+**Output:** Sprint completed
+
+## Quality Gates
+
+- [ ] All high-priority tasks complete
+- [ ] Tests passing
+- [ ] Documentation updated
+- [ ] No critical blockers
+- [ ] Sprint reviewed
+
+## Execution Modes
+
+```
+AI Team Execution Modes
+=======================
+
+FULL-AUTO:
+- Agents work independently
+- Progress reported automatically
+- Minimal human intervention
+- Best for routine tasks
+
+SEMI-AUTO (Default):
+- Review at checkpoints
+- Approve major decisions
+- Human oversight maintained
+- Balanced approach
+
+MANUAL:
+- Approve each action
+- Maximum control
+- Slower execution
+- Best for critical work
+```
+
+## Tips
+
+- Start with semi-auto mode
+- Check status regularly
+- Address blockers quickly
+- Keep tasks focused
+- Celebrate completions
+
+## Example Usage
+
+```bash
+# Run AI team in semi-auto mode
+/workflow:sprint-execution
+
+# Or step by step
+/sprint:team-run --mode semi-auto
+/sprint:team-status
+```
+
+## Related Workflows
+
+- `sprint-setup` - For creating sprints
+- `sprint-retrospective` - For reviewing sprints
+- `feature` - For individual features

package/plugin/workflows/sprint/sprint-retrospective.md

@@ -0,0 +1,168 @@
+---
+name: sprint-retrospective
+description: Analyze sprint and improve process
+category: sprint
+complexity: low
+estimated-time: 30min-2 hours
+agents:
+  - sprint-master
+  - project-manager
+  - journal-writer
+skills:
+  - omega-sprint
+commands:
+  - /sprint:sprint-end
+  - /planning:doc
+prerequisites:
+  - Sprint completed
+---
+
+# Sprint Retrospective Workflow
+
+## Overview
+
+The Sprint Retrospective workflow helps analyze completed sprints, identify improvements, and document learnings for future iterations.
+
+## When to Use
+
+- After sprint completion
+- For process improvement
+- To capture learnings
+- Before planning next sprint
+
+## Steps
+
+### Step 1: Sprint Closure
+**Agent:** sprint-master
+**Command:** `/sprint:sprint-end`
+**Duration:** 15-30 minutes
+
+Close sprint:
+- Mark sprint complete
+- Calculate final velocity
+- Summarize outcomes
+- List incomplete items
+
+**Output:** Sprint closure
+
+### Step 2: Metrics Analysis
+**Agent:** project-manager
+**Duration:** 15-30 minutes
+
+Analyze metrics:
+- Velocity calculation
+- Completion rate
+- Quality metrics
+- Time tracking
+
+**Output:** Metrics report
+
+### Step 3: What Went Well
+**Agent:** sprint-master
+**Duration:** 15-30 minutes
+
+Identify positives:
+- Successful deliveries
+- Good practices
+- Team wins
+- Process improvements
+
+**Output:** Success list
+
+### Step 4: What Could Improve
+**Agent:** sprint-master
+**Duration:** 15-30 minutes
+
+Identify improvements:
+- Challenges faced
+- Process issues
+- Communication gaps
+- Technical debt
+
+**Output:** Improvement list
+
+### Step 5: Action Items
+**Agent:** sprint-master
+**Duration:** 15-30 minutes
+
+Create actions:
+- Concrete improvements
+- Responsible parties
+- Timelines
+- Success criteria
+
+**Output:** Action items
+
+### Step 6: Documentation
+**Agent:** journal-writer
+**Command:** `/planning:doc`
+**Duration:** 15-30 minutes
+
+Document learnings:
+- Retrospective notes
+- Best practices
+- Patterns to repeat
+- Anti-patterns to avoid
+
+**Output:** Retrospective document
+
+## Quality Gates
+
+- [ ] Sprint officially closed
+- [ ] Metrics calculated
+- [ ] Team input gathered
+- [ ] Improvements identified
+- [ ] Actions assigned
+- [ ] Documentation complete
+
+## Retrospective Template
+
+```markdown
+# Sprint [N] Retrospective
+
+## Summary
+- Sprint Duration: [dates]
+- Velocity: [points]
+- Completion Rate: [%]
+
+## What Went Well
+1. [Success 1]
+2. [Success 2]
+
+## What Could Improve
+1. [Issue 1]
+2. [Issue 2]
+
+## Action Items
+| Action | Owner | Due |
+|--------|-------|-----|
+| [Action] | [Owner] | [Date] |
+
+## Learnings
+- [Learning 1]
+- [Learning 2]
+```
+
+## Tips
+
+- Be honest and constructive
+- Focus on process, not people
+- Create specific actions
+- Follow up on actions
+- Celebrate successes
+
+## Example Usage
+
+```bash
+# Run retrospective
+/workflow:sprint-retrospective
+
+# Or manually
+/sprint:sprint-end
+# Then document learnings
+```
+
+## Related Workflows
+
+- `sprint-setup` - For next sprint
+- `sprint-execution` - For running sprints