opencode-skills-antigravity 1.0.11 → 1.0.13

package/bundled-skills/aegisops-ai/SKILL.md

@@ -0,0 +1,127 @@
+---
+name: aegisops-ai
+description: "Autonomous DevSecOps & FinOps Guardrails. 
+Orchestrates Gemini 3 Flash to audit Linux Kernel patches,
+Terraform cost drifts, and K8s compliance."
+risk: safe
+source: community
+author: Champbreed
+date_added: "2026-03-24"
+---
+
+# /aegisops-ai — Autonomous Governance Orchestrator
+
+AegisOps-AI is a professional-grade "Living Pipeline" 
+that integrates advanced AI reasoning directly into 
+the SDLC. It acts as an intelligent gatekeeper for 
+systems-level security, cloud infrastructure costs, 
+and Kubernetes compliance.
+
+## Goal
+
+To automate high-stakes security and financial audits by:
+1. Identifying logic-based vulnerabilities (UAF, Stale 
+State) in Linux Kernel patches.
+2. Detecting massive "Silent Disaster" cost drifts in 
+Terraform plans.
+3. Translating natural language security intent into 
+hardened K8s manifests.
+
+## When to Use
+
+- **Kernel Patch Review:** Auditing raw C-based Git diffs for memory safety.
+- **Pre-Apply IaC Audit:** Analyzing `terraform plan` outputs to prevent bill spikes.
+- **Cluster Hardening:** Generating "Least Privilege" securityContexts for deployments.
+- **CI/CD Quality Gating:** Blocking non-compliant merges via GitHub Actions.
+
+## When Not to Use
+
+- **Web App Logic:** Do not use for standard web vulnerabilities (XSS, SQLi); use dedicated SAST scanners.
+- **Non-C Memory Analysis:** The patch analyzer is optimized for C-logic; avoid using it for high-level languages like Python or JS.
+- **Direct Resource Mutation:** This is an *auditor*, not a deployment tool. It does not execute `terraform apply` or `kubectl apply`.
+- **Post-Mortem Analysis:** For analyzing *why* a previous AI session failed, use `/analyze-project` instead.
+
+---
+## 🤖 Generative AI Integration
+
+AegisOps-AI leverages the **Google GenAI SDK** to implement a "Reasoning Path" for autonomous security and financial audits:
+
+* **Neural Patch Analysis:** Performs semantic code reviews of Linux Kernel patches, moving beyond simple pattern matching to understand complex memory state logic.
+* **Intelligent Cost Synthesis:** Processes raw Terraform plan diffs through a financial reasoning model to detect high-risk resource escalations and "silent" fiscal drifts.
+* **Natural Language Policy Mapping:** Translates human security intent into syntactically correct, hardened Kubernetes `securityContext` configurations.
+
+## 🧭 Core Modules
+
+### 1. 🐧 Kernel Patch Reviewer (`patch_analyzer.py`)
+
+* **Problem:** Manual review of Linux Kernel memory safety is time-consuming and prone to human error.
+* **Solution:** Gemini 3 performs a "Deep Reasoning" audit on raw Git diffs to detect critical memory corruption vulnerabilities (UAF, Stale State) in seconds.
+* **Key Output:** `analysis_results.json`
+
+### 2. 💰 FinOps & Cloud Auditor (`cost_auditor.py`)
+
+* **Problem:** Infrastructure-as-Code (IaC) changes can lead to accidental "Silent Disasters" and massive cloud bill spikes.
+* **Solution:** Analyzes `terraform plan` output to identify cost anomalies—such as accidental upgrades from `t3.micro` to high-performance GPU instances.
+* **Key Output:** `infrastructure_audit_report.json`
+
+### 3. ☸️ K8s Policy Hardener (`k8s_policy_generator.py`)
+
+* **Problem:** Implementing "Least Privilege" security contexts in Kubernetes is complex and often neglected.
+* **Solution:** Translates natural language security requirements into production-ready, hardened YAML manifests (Read-only root FS, Non-root enforcement, etc.).
+* **Key Output:** `hardened_deployment.yaml`
+
+## 🛠️ Setup & Environment
+
+### 1. Clone the Repository
+
+```bash
+git clone https://github.com/Champbreed/AegisOps-AI.git
+cd AegisOps-AI
+```
+## 2. Setup
+
+```bash
+python3 -m venv venv
+source venv/bin/activate
+pip install google-genai python-dotenv
+```
+### 3. API Configuration
+
+Create a `.env` file in the root directory to securely 
+store your credentials:
+
+```bash
+echo "GEMINI_API_KEY='your_api_key_here'" > .env
+```
+## 🏁 Operational Dashboard
+
+To execute the full suite of agents in sequence and generate all security reports:
+
+```bash
+python3 main.py
+```
+### Pattern: Over-Privileged Container
+
+* **Indicators:** `allowPrivilegeEscalation: true` or root user execution.
+* **Investigation:** Pass security intent (e.g., "non-root only") to the K8s Hardener module.
+
+---
+
+## 💡 Best Practices
+
+* **Context is King:** Provide at least 5 lines of context around Git diffs for more accurate neural reasoning.
+* **Continuous Gating:** Run the FinOps auditor before every infrastructure change, not after.
+* **Manual Sign-off:** Use AI findings as a high-fidelity signal, but maintain human-in-the-loop for kernel-level merges.
+
+---
+
+## 🔒 Security & Safety Notes
+
+* **Key Management:** Use CI/CD secrets for `GEMINI_API_KEY` in production.
+* **Least Privilege:** Test "Hardened" manifests in staging first to ensure no functional regressions.
+
+## Links
+
++ - **Repository**: https://github.com/Champbreed/AegisOps-AI
++ - **Documentation**: https://github.com/Champbreed/AegisOps-AI#readme
+

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.309+ skill."
+description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.311+ skill."
 ---
 
-# Jetski/Cortex + Gemini: integrazione sicura con 1.309+ skill
+# Jetski/Cortex + Gemini: integrazione sicura con 1.311+ skill
 
 Questa guida mostra come integrare il repository `antigravity-awesome-skills` con un agente basato su **Jetski/Cortex + Gemini** (o framework simili) **senza superare il context window** del modello.
 
@@ -23,7 +23,7 @@ Non bisogna mai:
 - concatenare il contenuto di tutte le `SKILL.md` in un singolo system prompt;
 - reiniettare l’intera libreria per **ogni** richiesta.
 
-Con oltre 1.309 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
+Con oltre 1.311 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,309+ skills installed.
+This pattern avoids context overflow when you have 1,311+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,309+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,311+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,309+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,311+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,309+ Agentic Skills`;
+- use a clean preview image that says `1,311+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,309+ skills from the skills directory
+- All 1,311+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -579,4 +579,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,309+ | Total Bundles: 36_
+_Last updated: March 2026 | Total Skills: 1,311+ | Total Bundles: 36_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -6,7 +6,7 @@ Antigravity Awesome Skills gives Claude Code users an installable library of `SK
 
 ## Why use this repo for Claude Code
 
-- It includes 1,309+ skills instead of a narrow single-domain starter pack.
+- It includes 1,311+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.
 - It covers both everyday engineering tasks and specialized work like security reviews, infrastructure, product planning, and documentation.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -8,7 +8,7 @@ Antigravity Awesome Skills supports Gemini CLI through the `.gemini/skills/` pat
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,309+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,311+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/getting-started.md

@@ -1,4 +1,4 @@
-# Getting Started with Antigravity Awesome Skills (V8.7.1)
+# Getting Started with Antigravity Awesome Skills (V8.8.0)
 
 **New here? This guide will help you supercharge your AI Agent in 5 minutes.**
 

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,309+ specialized areas
+- **Domain expertise** across 1,311+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -12,7 +12,7 @@ Great question! Here's what just happened and what to do next:
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,309+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
+✅ **Downloaded 1,311+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -32,7 +32,7 @@ Bundles are **recommended lists** of skills grouped by role. They help you decid
 
 **Analogy:**
 
-- You installed a toolbox with 1,309+ tools (✅ done)
+- You installed a toolbox with 1,311+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You don't install bundles—you **pick skills from them**
 
@@ -192,7 +192,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,309+ skills at once. Here's a sensible approach:
+Don't try to use all 1,311+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -323,7 +323,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,309+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,311+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,309+ skills live here
+├── 📁 skills/                          ← 1,311+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,309+ total)
+│   └── ... (1,311+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,309+ SKILLS          │
+                    │  1,311+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,309+ total)                │
+│   └── ... (1,311+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/snowflake-development/SKILL.md

@@ -0,0 +1,228 @@
+---
+name: snowflake-development
+description: "Comprehensive Snowflake development assistant covering SQL best practices, data pipeline design (Dynamic Tables, Streams, Tasks, Snowpipe), Cortex AI functions, Cortex Agents, Snowpark Python, dbt integration, performance tuning, and security hardening."
+category: data-engineering
+risk: safe
+source: community
+date_added: "2026-03-24"
+---
+
+# Snowflake Development
+
+You are a Snowflake development expert. Apply these rules when writing SQL, building data pipelines, using Cortex AI, or working with Snowpark Python on Snowflake.
+
+## SQL Best Practices
+
+### Naming and Style
+
+- Use `snake_case` for all identifiers. Avoid double-quoted identifiers — they create case-sensitive names requiring constant quoting.
+- Use CTEs (`WITH` clauses) over nested subqueries.
+- Use `CREATE OR REPLACE` for idempotent DDL.
+- Use explicit column lists — never `SELECT *` in production (Snowflake's columnar storage scans only referenced columns).
+
+### Stored Procedures — Colon Prefix Rule
+
+In SQL stored procedures (BEGIN...END blocks), variables and parameters **must** use the colon `:` prefix inside SQL statements. Without it, Snowflake raises "invalid identifier" errors.
+
+BAD:
+```sql
+CREATE PROCEDURE my_proc(p_id INT) RETURNS STRING LANGUAGE SQL AS
+BEGIN
+    LET result STRING;
+    SELECT name INTO result FROM users WHERE id = p_id;
+    RETURN result;
+END;
+```
+
+GOOD:
+```sql
+CREATE PROCEDURE my_proc(p_id INT) RETURNS STRING LANGUAGE SQL AS
+BEGIN
+    LET result STRING;
+    SELECT name INTO :result FROM users WHERE id = :p_id;
+    RETURN result;
+END;
+```
+
+### Semi-Structured Data
+
+- VARIANT, OBJECT, ARRAY for JSON/Avro/Parquet/ORC.
+- Access nested fields: `src:customer.name::STRING`. Always cast: `src:price::NUMBER(10,2)`.
+- VARIANT null vs SQL NULL: JSON `null` is stored as `"null"`. Use `STRIP_NULL_VALUE = TRUE` on load.
+- Flatten arrays: `SELECT f.value:name::STRING FROM my_table, LATERAL FLATTEN(input => src:items) f;`
+
+### MERGE for Upserts
+
+```sql
+MERGE INTO target t USING source s ON t.id = s.id
+WHEN MATCHED THEN UPDATE SET t.name = s.name, t.updated_at = CURRENT_TIMESTAMP()
+WHEN NOT MATCHED THEN INSERT (id, name, updated_at) VALUES (s.id, s.name, CURRENT_TIMESTAMP());
+```
+
+## Data Pipelines
+
+### Choosing Your Approach
+
+| Approach | When to Use |
+|----------|-------------|
+| Dynamic Tables | Declarative transformations. **Default choice.** Define the query, Snowflake handles refresh. |
+| Streams + Tasks | Imperative CDC. Use for procedural logic, stored procedure calls. |
+| Snowpipe | Continuous file loading from S3/GCS/Azure. |
+
+### Dynamic Tables
+
+```sql
+CREATE OR REPLACE DYNAMIC TABLE cleaned_events
+    TARGET_LAG = '5 minutes'
+    WAREHOUSE = transform_wh
+    AS
+    SELECT event_id, event_type, user_id, event_timestamp
+    FROM raw_events
+    WHERE event_type IS NOT NULL;
+```
+
+Key rules:
+- Set `TARGET_LAG` progressively: tighter at top, looser at bottom.
+- Incremental DTs **cannot** depend on Full refresh DTs.
+- `SELECT *` breaks on schema changes — use explicit column lists.
+- Change tracking must stay enabled on base tables.
+- Views cannot sit between two Dynamic Tables.
+
+### Streams and Tasks
+
+```sql
+CREATE OR REPLACE STREAM raw_stream ON TABLE raw_events;
+
+CREATE OR REPLACE TASK process_events
+    WAREHOUSE = transform_wh
+    SCHEDULE = 'USING CRON 0 */1 * * * America/Los_Angeles'
+    WHEN SYSTEM$STREAM_HAS_DATA('raw_stream')
+    AS INSERT INTO cleaned_events SELECT ... FROM raw_stream;
+
+-- Tasks start SUSPENDED — you MUST resume them
+ALTER TASK process_events RESUME;
+```
+
+## Cortex AI
+
+### Function Reference
+
+| Function | Purpose |
+|----------|---------|
+| `AI_COMPLETE` | LLM completion (text, images, documents) |
+| `AI_CLASSIFY` | Classify into categories (up to 500 labels) |
+| `AI_FILTER` | Boolean filter on text/images |
+| `AI_EXTRACT` | Structured extraction from text/images/documents |
+| `AI_SENTIMENT` | Sentiment score (-1 to 1) |
+| `AI_PARSE_DOCUMENT` | OCR or layout extraction |
+| `AI_REDACT` | PII removal |
+
+**Deprecated (do NOT use):** `COMPLETE`, `CLASSIFY_TEXT`, `EXTRACT_ANSWER`, `PARSE_DOCUMENT`, `SUMMARIZE`, `TRANSLATE`, `SENTIMENT`, `EMBED_TEXT_768`.
+
+### TO_FILE — Common Error Source
+
+Stage path and filename are **SEPARATE** arguments:
+
+```sql
+-- BAD: TO_FILE('@stage/file.pdf')
+-- GOOD:
+TO_FILE('@db.schema.mystage', 'invoice.pdf')
+```
+
+### Use AI_CLASSIFY for Classification (Not AI_COMPLETE)
+
+```sql
+SELECT AI_CLASSIFY(ticket_text,
+    ['billing', 'technical', 'account']):labels[0]::VARCHAR AS category
+FROM tickets;
+```
+
+### Cortex Agents
+
+```sql
+CREATE OR REPLACE AGENT my_db.my_schema.sales_agent
+FROM SPECIFICATION $spec$
+{
+    "models": {"orchestration": "auto"},
+    "instructions": {
+        "orchestration": "You are SalesBot...",
+        "response": "Be concise."
+    },
+    "tools": [{"tool_spec": {"type": "cortex_analyst_text_to_sql", "name": "Sales", "description": "Queries sales..."}}],
+    "tool_resources": {"Sales": {"semantic_model_file": "@stage/model.yaml"}}
+}
+$spec$;
+```
+
+Agent rules:
+- Use `$spec$` delimiter (not `$$`).
+- `models` must be an object, not an array.
+- `tool_resources` is a separate top-level object, not nested inside tools.
+- Do NOT include empty/null values in edit specs — clears existing values.
+- Tool descriptions are the #1 quality factor.
+- Never modify production agents directly — clone first.
+
+## Snowpark Python
+
+```python
+from snowflake.snowpark import Session
+import os
+
+session = Session.builder.configs({
+    "account": os.environ["SNOWFLAKE_ACCOUNT"],
+    "user": os.environ["SNOWFLAKE_USER"],
+    "password": os.environ["SNOWFLAKE_PASSWORD"],
+    "role": "my_role", "warehouse": "my_wh",
+    "database": "my_db", "schema": "my_schema"
+}).create()
+```
+
+- Never hardcode credentials.
+- DataFrames are lazy — executed on `collect()`/`show()`.
+- Do NOT use `collect()` on large DataFrames — process server-side.
+- Use **vectorized UDFs** (10-100x faster) for batch/ML workloads instead of scalar UDFs.
+
+## dbt on Snowflake
+
+Dynamic table materialization (streaming/near-real-time marts):
+```sql
+{{ config(materialized='dynamic_table', snowflake_warehouse='transforming', target_lag='1 hour') }}
+```
+
+Incremental materialization (large fact tables):
+```sql
+{{ config(materialized='incremental', unique_key='event_id') }}
+```
+
+Snowflake-specific configs (combine with any materialization):
+```sql
+{{ config(transient=true, copy_grants=true, query_tag='team_daily') }}
+```
+
+- Do NOT use `{{ this }}` without `{% if is_incremental() %}` guard.
+- Use `dynamic_table` materialization for streaming/near-real-time marts.
+
+## Performance
+
+- **Cluster keys**: Only multi-TB tables, on WHERE/JOIN/GROUP BY columns.
+- **Search Optimization**: `ALTER TABLE t ADD SEARCH OPTIMIZATION ON EQUALITY(col);`
+- **Warehouse sizing**: Start X-Small, scale up. `AUTO_SUSPEND = 60`, `AUTO_RESUME = TRUE`.
+- **Separate warehouses** per workload.
+- Estimate AI costs first: `SELECT SUM(AI_COUNT_TOKENS('claude-4-sonnet', text)) FROM table;`
+
+## Security
+
+- Follow least-privilege RBAC. Use database roles for object-level grants.
+- Audit ACCOUNTADMIN regularly: `SHOW GRANTS OF ROLE ACCOUNTADMIN;`
+- Use network policies for IP allowlisting.
+- Use masking policies for PII columns and row access policies for multi-tenant isolation.
+
+## Common Error Patterns
+
+| Error | Cause | Fix |
+|-------|-------|-----|
+| "Object does not exist" | Wrong context or missing grants | Fully qualify names, check grants |
+| "Invalid identifier" in proc | Missing colon prefix | Use `:variable_name` |
+| "Numeric value not recognized" | VARIANT not cast | `src:field::NUMBER(10,2)` |
+| Task not running | Forgot to resume | `ALTER TASK ... RESUME` |
+| DT refresh failing | Schema change or tracking disabled | Use explicit columns, check change tracking |