promptgraph-mcp 2.4.7 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -6
- package/ann.js +23 -51
- package/api.js +200 -0
- package/config.js +7 -0
- package/db.js +20 -0
- package/embedder.js +10 -0
- package/github-import.js +102 -22
- package/indexer.js +45 -11
- package/marketplace.js +47 -5
- package/package.json +9 -3
- package/search.js +84 -20
- package/src/filter/hard-filter.js +2 -0
- package/src/filter/train.js +3 -1
- package/src/store/flat-store.js +61 -0
- package/src/store/hnsw-store.js +187 -0
- package/src/store/index.js +19 -0
- package/src/store/vector-store.js +9 -0
- package/validator.js +7 -1
- package/registry/training/bad/accepts-HISTORY.md +0 -250
- package/registry/training/bad/argparse-CHANGELOG.md +0 -185
- package/registry/training/bad/balanced-match-LICENSE.md +0 -23
- package/registry/training/bad/better-sqlite3-README.md +0 -99
- package/registry/training/bad/bindings-LICENSE.md +0 -22
- package/registry/training/bad/bl-LICENSE.md +0 -13
- package/registry/training/bad/body-parser-README.md +0 -494
- package/registry/training/bad/bytes-HISTORY.md +0 -97
- package/registry/training/bad/camelcase-README.md +0 -135
- package/registry/training/bad/chai-README.md +0 -162
- package/registry/training/bad/cli-progress-LICENSE.md +0 -24
- package/registry/training/bad/content-type-HISTORY.md +0 -29
- package/registry/training/bad/cookie-SECURITY.md +0 -25
- package/registry/training/bad/cookie-signature-HISTORY.md +0 -70
- package/registry/training/bad/cors-README.md +0 -277
- package/registry/training/bad/cross-spawn-README.md +0 -89
- package/registry/training/bad/deep-extend-CHANGELOG.md +0 -46
- package/registry/training/bad/depd-HISTORY.md +0 -103
- package/registry/training/bad/esprima-README.md +0 -46
- package/registry/training/bad/etag-HISTORY.md +0 -83
- package/registry/training/bad/expect-type-SECURITY.md +0 -14
- package/registry/training/bad/finalhandler-HISTORY.md +0 -239
- package/registry/training/bad/fresh-HISTORY.md +0 -80
- package/registry/training/bad/glob-LICENSE.md +0 -63
- package/registry/training/bad/hono-README.md +0 -85
- package/registry/training/bad/http-errors-HISTORY.md +0 -186
- package/registry/training/bad/jose-LICENSE.md +0 -21
- package/registry/training/bad/jose-README.md +0 -153
- package/registry/training/bad/js-yaml-README.md +0 -299
- package/registry/training/bad/json-schema-typed-LICENSE.md +0 -57
- package/registry/training/bad/json-stringify-safe-CHANGELOG.md +0 -14
- package/registry/training/bad/lru-cache-LICENSE.md +0 -55
- package/registry/training/bad/media-typer-HISTORY.md +0 -50
- package/registry/training/bad/minimatch-LICENSE.md +0 -55
- package/registry/training/bad/minimist-CHANGELOG.md +0 -298
- package/registry/training/bad/minimist-README.md +0 -121
- package/registry/training/bad/ms-LICENSE.md +0 -21
- package/registry/training/bad/negotiator-HISTORY.md +0 -114
- package/registry/training/bad/on-finished-HISTORY.md +0 -98
- package/registry/training/bad/pkce-challenge-CHANGELOG.md +0 -114
- package/registry/training/bad/postcss-README.md +0 -28
- package/registry/training/bad/prebuild-install-CHANGELOG.md +0 -131
- package/registry/training/bad/proxy-addr-HISTORY.md +0 -161
- package/registry/training/bad/qs-CHANGELOG.md +0 -822
- package/registry/training/bad/rc-README.md +0 -227
- package/registry/training/bad/readable-stream-CONTRIBUTING.md +0 -38
- package/registry/training/bad/router-HISTORY.md +0 -228
- package/registry/training/bad/semver-README.md +0 -680
- package/registry/training/bad/send-README.md +0 -317
- package/registry/training/bad/serve-static-README.md +0 -253
- package/registry/training/bad/statuses-HISTORY.md +0 -87
- package/registry/training/bad/type-is-HISTORY.md +0 -292
- package/registry/training/bad/vary-HISTORY.md +0 -39
- package/registry/training/bad/vite-LICENSE.md +0 -2230
- package/registry/training/bad/which-CHANGELOG.md +0 -166
- package/registry/training/bad/zod-README.md +0 -191
- package/registry/training/good/skills-store-autopilot.md +0 -85
- package/registry/training/good/skills-store-bot-builder.md +0 -70
- package/registry/training/good/skills-store-chain.md +0 -136
- package/registry/training/good/skills-store-evolve.md +0 -100
- package/registry/training/good/skills-store-game.md +0 -27
- package/registry/training/good/skills-store-hunt.md +0 -102
- package/registry/training/good/skills-store-intel.md +0 -56
- package/registry/training/good/skills-store-memory-gc.md +0 -58
- package/registry/training/good/skills-store-pcsort.md +0 -207
- package/registry/training/good/skills-store-pickup.md +0 -60
- package/registry/training/good/skills-store-recon.md +0 -141
- package/registry/training/good/skills-store-remember.md +0 -64
- package/registry/training/good/skills-store-report.md +0 -117
- package/registry/training/good/skills-store-router.md +0 -225
- package/registry/training/good/skills-store-search.md +0 -168
- package/registry/training/good/skills-store-surface.md +0 -53
- package/registry/training/good/skills-store-token-scan.md +0 -141
- package/registry/training/good/skills-store-triage.md +0 -97
- package/registry/training/good/skills-store-unity.md +0 -733
- package/registry/training/good/skills-store-validate.md +0 -135
- package/registry/training/good/skills-store-web3-audit.md +0 -217
|
@@ -1,100 +0,0 @@
|
|
|
1
|
-
# /evolve — Self-Evolution Loop for dev-os
|
|
2
|
-
|
|
3
|
-
Run the infinite self-improvement loop. Each cycle discovers new tech, analyzes the codebase, generates improvement proposals, runs experiments, and optionally applies safe changes.
|
|
4
|
-
|
|
5
|
-
## Usage
|
|
6
|
-
|
|
7
|
-
```
|
|
8
|
-
/evolve
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
On first invocation, ask the user:
|
|
12
|
-
|
|
13
|
-
1. **Mode**:
|
|
14
|
-
- `once` — Run one evolution cycle now
|
|
15
|
-
- `forever` — Infinite loop (runs every 6 hours)
|
|
16
|
-
- `status` — Show evolution history and stats
|
|
17
|
-
- `focus: llm` — Scan only new LLM models
|
|
18
|
-
- `focus: prompts` — Evolve agent prompts only
|
|
19
|
-
- `focus: features` — Discover new capabilities
|
|
20
|
-
- `focus: tech` — Scan new libraries/tools
|
|
21
|
-
- `focus: experimental` — Run strategy comparisons (ToT vs ReAct, MoA, Constitutional AI, prompt evolution)
|
|
22
|
-
|
|
23
|
-
2. **Auto-apply safe improvements?** — yes / no
|
|
24
|
-
|
|
25
|
-
## Execution by Mode
|
|
26
|
-
|
|
27
|
-
### once
|
|
28
|
-
```powershell
|
|
29
|
-
cd "C:\Users\Sasha\.claude\dev-os"
|
|
30
|
-
$env:PYTHONIOENCODING="utf-8"
|
|
31
|
-
python -c "
|
|
32
|
-
from dev_os.agents.evolution_loop import EvolutionLoop
|
|
33
|
-
loop = EvolutionLoop()
|
|
34
|
-
report = loop.run_once(focus='FOCUS_HERE')
|
|
35
|
-
import json
|
|
36
|
-
print(json.dumps(report, indent=2, ensure_ascii=False, default=str))
|
|
37
|
-
"
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
### forever
|
|
41
|
-
Start background process:
|
|
42
|
-
```powershell
|
|
43
|
-
Start-Process python -ArgumentList '-m dev_os.cli evolve --forever --interval 6' -WorkingDirectory "C:\Users\Sasha\.claude\dev-os" -WindowStyle Hidden
|
|
44
|
-
```
|
|
45
|
-
|
|
46
|
-
Alternatively, use `/loop` skill with this command to run every 6 hours:
|
|
47
|
-
```
|
|
48
|
-
/loop 6h python -c "from dev_os.agents.evolution_loop import EvolutionLoop; loop = EvolutionLoop(); loop.run_cycle(auto_apply=False)"
|
|
49
|
-
```
|
|
50
|
-
|
|
51
|
-
### status
|
|
52
|
-
```powershell
|
|
53
|
-
cd "C:\Users\Sasha\.claude\dev-os"
|
|
54
|
-
$env:PYTHONIOENCODING="utf-8"
|
|
55
|
-
python -c "
|
|
56
|
-
from dev_os.agents.evolution_loop import EvolutionLoop
|
|
57
|
-
import json
|
|
58
|
-
s = EvolutionLoop().status()
|
|
59
|
-
print(json.dumps(s, indent=2, ensure_ascii=False, default=str))
|
|
60
|
-
"
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
### what-changed
|
|
64
|
-
```powershell
|
|
65
|
-
cd "C:\Users\Sasha\.claude\dev-os"
|
|
66
|
-
$env:PYTHONIOENCODING="utf-8"
|
|
67
|
-
python -c "
|
|
68
|
-
from dev_os.agents.evolution_loop import EvolutionLoop
|
|
69
|
-
import json
|
|
70
|
-
changes = EvolutionLoop().what_changed()
|
|
71
|
-
print(json.dumps(changes, indent=2, ensure_ascii=False, default=str))
|
|
72
|
-
"
|
|
73
|
-
```
|
|
74
|
-
|
|
75
|
-
## Focus: experimental — Strategy Details
|
|
76
|
-
|
|
77
|
-
When the user selects `focus: experimental`, Claude MUST run experiments comparing:
|
|
78
|
-
|
|
79
|
-
1. **Tree of Thought vs ReAct** — Compare multi-step reasoning strategies on the LLM router agent
|
|
80
|
-
2. **Mixture of Agents** — Test having multiple agent instances collaborate on a single task
|
|
81
|
-
3. **Constitutional AI self-improvement** — Apply constitutional AI principles to the LLM router's prompt templates
|
|
82
|
-
4. **Prompt evolution** — Evolve prompts on the market analysis agent using the experiment engine
|
|
83
|
-
|
|
84
|
-
Steps for experimental focus:
|
|
85
|
-
1. Run `EvolutionLoop().run_once(focus="experimental")` which calls `ExperimentEngine.compare_strategies()`
|
|
86
|
-
2. Show the comparison results to the user
|
|
87
|
-
3. Recommend which strategy to integrate
|
|
88
|
-
4. If user agrees, implement the winning strategy using `mcp__opencode__opencode_run` or by spawning an agent
|
|
89
|
-
|
|
90
|
-
## Output
|
|
91
|
-
|
|
92
|
-
After any mode, display:
|
|
93
|
-
|
|
94
|
-
- What was discovered (new LLMs, trending repos, arxiv papers, free APIs)
|
|
95
|
-
- What proposals were generated
|
|
96
|
-
- What was applied (if auto_apply)
|
|
97
|
-
- What experiments ran and which ones passed
|
|
98
|
-
- Current system quality score
|
|
99
|
-
- Cycle number and next scheduled run (for `forever` mode)
|
|
100
|
-
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
# Game Dev Skill Router
|
|
2
|
-
|
|
3
|
-
Роутер для всех игровых скиллов из `C:\Users\Sasha\Desktop\SKILLS\`.
|
|
4
|
-
|
|
5
|
-
Invoke: `/game <skill>`
|
|
6
|
-
|
|
7
|
-
## Скиллы
|
|
8
|
-
|
|
9
|
-
| Команда | Файл | Когда |
|
|
10
|
-
|---------|------|-------|
|
|
11
|
-
| `/game resume` | `game-resume.md` | Начало каждой сессии |
|
|
12
|
-
| `/game arch` | `game-architecture-define.md` | Новый проект или хаос |
|
|
13
|
-
| `/game progress` | `game-progress-check.md` | Глубокий анализ состояния |
|
|
14
|
-
| `/game milestone` | `game-milestone-check.md` | Проверка готовности фазы |
|
|
15
|
-
| `/game scope` | `game-scope-guard.md` | Новая идея — брать или нет |
|
|
16
|
-
| `/game velocity` | `game-velocity.md` | Прогноз даты релиза |
|
|
17
|
-
| `/game harvest` | `game-skill-harvest.md` | Создать скилл из фикса |
|
|
18
|
-
| `/game hooks` | `setup-git-hooks.md` | Настройка git хуков |
|
|
19
|
-
| `/game help` | `GUIDE.md` | Краткий гайд |
|
|
20
|
-
|
|
21
|
-
## Выполнение
|
|
22
|
-
|
|
23
|
-
По аргументу `$ARGUMENTS` определи нужный файл из таблицы выше.
|
|
24
|
-
Прочитай `C:\Users\Sasha\Desktop\SKILLS\<файл>` и выполни инструкции.
|
|
25
|
-
|
|
26
|
-
Если аргумент не указан или не распознан → покажи таблицу выше.
|
|
27
|
-
|
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: hunt
|
|
3
|
-
description: Active vulnerability hunting. Two-track dispatcher — asks Red Team vs WAPT, hands off to hunt-dispatch skill and sibling commands. Usage: /hunt target.com | /hunt *.target.com | /hunt targets.txt [--vuln-class X] [--source-code P] [--chrome]
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# /hunt
|
|
7
|
-
|
|
8
|
-
slim two-track dispatcher. one mode question, one branch, delegate. never asks about SOW — invoking `/hunt` implies SOW is signed.
|
|
9
|
-
|
|
10
|
-
## step 0 — parse
|
|
11
|
-
|
|
12
|
-
```
|
|
13
|
-
target.com single target
|
|
14
|
-
*.target.com wildcard — /recon <base> first, then hunt each live host
|
|
15
|
-
targets.txt multi-target — mode question once, applied per line
|
|
16
|
-
--vuln-class <X> skip mode question, load only hunt-<X>
|
|
17
|
-
--source-code <p|url> static + dynamic
|
|
18
|
-
--chrome browser MCP mode
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
wildcard handler: if `$TARGET` begins with `*.`, strip prefix and invoke `/recon <base>` before continuing.
|
|
22
|
-
|
|
23
|
-
## step 1 — mode dispatcher
|
|
24
|
-
|
|
25
|
-
skipped if `--vuln-class` is set.
|
|
26
|
-
|
|
27
|
-
```
|
|
28
|
-
question: "what kind of engagement is this for {target}?"
|
|
29
|
-
header: "engagement"
|
|
30
|
-
options:
|
|
31
|
-
1. Red Team Assessment — critical/high impact, chained findings, client deliverable
|
|
32
|
-
2. WAPT / BugHunting — full OWASP coverage, platform/program report
|
|
33
|
-
```
|
|
34
|
-
|
|
35
|
-
do not prompt for SOW, scope-of-work, engagement letter, or authorization.
|
|
36
|
-
|
|
37
|
-
## step 2a — red team
|
|
38
|
-
|
|
39
|
-
```
|
|
40
|
-
mode: redteam
|
|
41
|
-
severity gate: critical / high · medium only if it chains via /chain
|
|
42
|
-
report: redteam-report-template
|
|
43
|
-
```
|
|
44
|
-
|
|
45
|
-
invoke `hunt-dispatch` skill with `mode=redteam`. hunt-dispatch fingerprints the target, loads platform skills + always-on (`redteam-mindset`, `mid-engagement-ir-detection`), and prints the taxonomy.
|
|
46
|
-
|
|
47
|
-
## step 2b — wapt
|
|
48
|
-
|
|
49
|
-
ask again:
|
|
50
|
-
|
|
51
|
-
```
|
|
52
|
-
question: "black box or grey box?"
|
|
53
|
-
header: "test mode"
|
|
54
|
-
options:
|
|
55
|
-
1. Black Box — no credentials, external perspective
|
|
56
|
-
2. Grey Box — test credentials provided (or skip)
|
|
57
|
-
```
|
|
58
|
-
|
|
59
|
-
grey box → prompt `creds (user/pass or token), or "skip":`. creds live in session memory only — never written, never logged. late-bind: if user later says "now grey box with X/Y", capture creds, do NOT re-fire mode question.
|
|
60
|
-
|
|
61
|
-
```
|
|
62
|
-
mode: wapt / {blackbox|greybox}
|
|
63
|
-
severity gate: all owasp-relevant
|
|
64
|
-
report: report-writing (bugcrowd-reporting if target on bugcrowd)
|
|
65
|
-
```
|
|
66
|
-
|
|
67
|
-
invoke `hunt-dispatch` skill with `mode=wapt box=blackbox|greybox`.
|
|
68
|
-
|
|
69
|
-
## step 3 — sibling delegation
|
|
70
|
-
|
|
71
|
-
```
|
|
72
|
-
before any HTTP touch → /scope (mandatory pre-flight)
|
|
73
|
-
recon empty | wildcard → /recon <target>
|
|
74
|
-
5+ live hosts surfaced → /surface (P1/P2/Kill list)
|
|
75
|
-
confirmed finding → /chain (A→B table lives here, NOT in /hunt)
|
|
76
|
-
before any report → /validate (7-Question Gate)
|
|
77
|
-
findings ready → /report (suggest, never auto)
|
|
78
|
-
session end → /remember (silent)
|
|
79
|
-
```
|
|
80
|
-
|
|
81
|
-
## step 4 — active testing
|
|
82
|
-
|
|
83
|
-
hand off to the loaded `hunt-*` skills. each skill has its own probes, payloads, validation. do not duplicate that logic here. on every confirmed finding, invoke `/chain` to check the A→B signal table.
|
|
84
|
-
|
|
85
|
-
## modes
|
|
86
|
-
|
|
87
|
-
`--source-code <path|url>` — adds hardcoded-secret grep, route mapping, dangerous-function scan before live testing.
|
|
88
|
-
`--chrome` — browser MCP for SPA / OAuth / DOM-XSS / WebSocket / file upload.
|
|
89
|
-
`--vuln-class <X>` — load only `hunt-<X>`, skip mode question.
|
|
90
|
-
|
|
91
|
-
## pacing & isolation
|
|
92
|
-
|
|
93
|
-
20-min rotation: every 20 min ask "am i making progress?" no → rotate. stop signals: 403 everywhere · 20+ payloads identical response · 5+ preconditions · 30+ min stuck on one endpoint.
|
|
94
|
-
|
|
95
|
-
one session per target. for `targets.txt`, mode question fires once; findings scoped per-target in hunt memory.
|
|
96
|
-
|
|
97
|
-
## privacy
|
|
98
|
-
|
|
99
|
-
never prompt for, log, or echo SOW / scope-of-work / engagement-letter content. never persist grey box credentials to disk. client data lives only in `.gitignore`d `targets/<target>/SESSION.md`.
|
|
100
|
-
|
|
101
|
-
at session end, invoke `/remember` silently (non-fatal).
|
|
102
|
-
|
|
@@ -1,56 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: intel
|
|
3
|
-
description: On-demand intelligence fetch for a target — CVEs, disclosed reports, new features. Wraps learn.py + hunt memory context. Usage: /intel target.com
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# /intel
|
|
7
|
-
|
|
8
|
-
Fetch actionable intelligence for a target.
|
|
9
|
-
|
|
10
|
-
## What This Does
|
|
11
|
-
|
|
12
|
-
1. Runs `learn.py` for CVEs and advisories matching the target's tech stack
|
|
13
|
-
2. Fetches HackerOne Hacktivity for the target (via HackerOne MCP if available)
|
|
14
|
-
3. Cross-references with hunt memory — flags untested CVEs and new endpoints
|
|
15
|
-
4. Outputs prioritized intel with hunt recommendations
|
|
16
|
-
|
|
17
|
-
## Usage
|
|
18
|
-
|
|
19
|
-
```
|
|
20
|
-
/intel target.com
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
## Output
|
|
24
|
-
|
|
25
|
-
```
|
|
26
|
-
INTEL: target.com
|
|
27
|
-
═══════════════════════════════════════
|
|
28
|
-
|
|
29
|
-
ALERTS:
|
|
30
|
-
[CRITICAL] CVE-2026-XXXX — Next.js middleware bypass (CVSS 9.1)
|
|
31
|
-
target.com runs Next.js 14.2.3 (vulnerable). Patch: 14.2.4.
|
|
32
|
-
→ You haven't tested this endpoint yet. Hunt candidate.
|
|
33
|
-
|
|
34
|
-
[HIGH] New feature detected: /api/v3/billing/invoices
|
|
35
|
-
Not in your tested_endpoints list. 3 new paths.
|
|
36
|
-
→ New = unreviewed. Priority hunt target.
|
|
37
|
-
|
|
38
|
-
[INFO] 2 new disclosed reports on HackerOne for target.com
|
|
39
|
-
→ Read for methodology insights before hunting.
|
|
40
|
-
|
|
41
|
-
MEMORY CONTEXT:
|
|
42
|
-
Last hunted: 2026-03-24 (2 days ago)
|
|
43
|
-
Tech stack: Next.js 14.2.3, GraphQL, PostgreSQL
|
|
44
|
-
Untested CVEs: 1 critical, 0 high
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
## Data Sources
|
|
48
|
-
|
|
49
|
-
| Source | What | Auth required? |
|
|
50
|
-
|---|---|---|
|
|
51
|
-
| `learn.py` — NVD | CVEs matching tech stack | No |
|
|
52
|
-
| `learn.py` — GitHub Advisory | Security advisories | No |
|
|
53
|
-
| `learn.py` — HackerOne Hacktivity | Disclosed reports | No |
|
|
54
|
-
| HackerOne MCP (if connected) | Program stats, policy | No (public) |
|
|
55
|
-
| Hunt memory | Previously tested endpoints | Local files |
|
|
56
|
-
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: memory-gc
|
|
3
|
-
description: Inspect or rotate hunt-memory JSONL files (audit.jsonl, patterns.jsonl, journal.jsonl). Caps file size and keeps N rotated backups so memory does not grow unbounded.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# /memory-gc
|
|
7
|
-
|
|
8
|
-
Garbage-collect the hunt-memory directory. Reports current sizes, rotates oversized files past a configurable cap, or purges old backups.
|
|
9
|
-
|
|
10
|
-
## Why This Exists
|
|
11
|
-
|
|
12
|
-
Append-only logs grow without bound. On active hunters:
|
|
13
|
-
- `audit.jsonl` can reach 100 MB+ in months (every outbound request)
|
|
14
|
-
- `patterns.jsonl` and `journal.jsonl` accumulate forever
|
|
15
|
-
|
|
16
|
-
This command surfaces that growth and gives you a one-shot fix.
|
|
17
|
-
|
|
18
|
-
## Usage
|
|
19
|
-
|
|
20
|
-
```
|
|
21
|
-
/memory-gc # report only
|
|
22
|
-
/memory-gc --rotate # rotate files above 10 MB (default cap)
|
|
23
|
-
/memory-gc --rotate --max-mb 5 # custom cap
|
|
24
|
-
/memory-gc --purge-backups # delete all .1/.2/.3 backups
|
|
25
|
-
/memory-gc --dir <path> # scan a non-default hunt-memory dir
|
|
26
|
-
```
|
|
27
|
-
|
|
28
|
-
## What It Does
|
|
29
|
-
|
|
30
|
-
1. Walks the hunt-memory directory recursively.
|
|
31
|
-
2. Finds `audit.jsonl`, `patterns.jsonl`, and `journal.jsonl` files at any depth.
|
|
32
|
-
3. Prints a per-file table: live size, total (live + backups), backup count, status.
|
|
33
|
-
4. With `--rotate`: renames oversize files to `<file>.1`, shifting older backups up to `<file>.{keep}`. The oldest is dropped.
|
|
34
|
-
5. With `--purge-backups`: removes every `.1`/`.2`/`.3` backup, keeping only live files.
|
|
35
|
-
|
|
36
|
-
## Implementation
|
|
37
|
-
|
|
38
|
-
The agent shells out to:
|
|
39
|
-
|
|
40
|
-
```bash
|
|
41
|
-
python -m tools.memory_gc [args]
|
|
42
|
-
```
|
|
43
|
-
|
|
44
|
-
from the repo root.
|
|
45
|
-
|
|
46
|
-
## Defaults
|
|
47
|
-
|
|
48
|
-
- **Rotation cap:** 10 MB per file
|
|
49
|
-
- **Backups kept:** 3 (so `<file>.1` newest → `<file>.3` oldest)
|
|
50
|
-
- **Scope:** `hunt-memory/` and any nested target dirs
|
|
51
|
-
|
|
52
|
-
Auto-rotation fires automatically in two places:
|
|
53
|
-
|
|
54
|
-
1. **On every write** — inside `AuditLog.log()` and `PatternDB.save()` when the next append would exceed the cap.
|
|
55
|
-
2. **On session end** — a `Stop` hook in `.claude/settings.json` runs `python3 -m tools.memory_gc --rotate` so long sessions that wrote a lot but never crossed the cap mid-session still get cleaned up.
|
|
56
|
-
|
|
57
|
-
So this slash command is mainly for ad-hoc reporting (`/memory-gc` with no args) and manual cleanup of accumulated backups (`/memory-gc --purge-backups`).
|
|
58
|
-
|
|
@@ -1,207 +0,0 @@
|
|
|
1
|
-
# PC Organizer — File System Sorting
|
|
2
|
-
Activated by: `/pcsort`
|
|
3
|
-
|
|
4
|
-
You are the cognitive core of the PC Organizer. OpenCode agents scan, classify, and plan. You reason about organization strategy and make decisions. **Nothing is moved or deleted without explicit user confirmation.** Dry-run is always first.
|
|
5
|
-
|
|
6
|
-
---
|
|
7
|
-
|
|
8
|
-
## System Rules
|
|
9
|
-
|
|
10
|
-
1. **Dry-run default:** all operations produce a plan and a preview script first. No files move until user types CONFIRM.
|
|
11
|
-
2. **Never delete:** the system never deletes files — only moves, renames, or flags for user review. Deletion is always manual.
|
|
12
|
-
3. **State file:** `.pcsort-state/SCAN_STATE.json` — disk-scanner is sole writer.
|
|
13
|
-
4. **Backup manifest:** before any move operation, write `.pcsort-state/MOVE_MANIFEST.json` listing every source→destination pair. This enables rollback.
|
|
14
|
-
5. **Single OpenCode CLI:** one process with Task subagents inside for parallel scanning.
|
|
15
|
-
6. **Platform:** Windows-first. PowerShell commands. macOS/Linux alternatives noted where relevant.
|
|
16
|
-
7. **User scope:** always confirm the target path(s) before scanning. Default: ask explicitly.
|
|
17
|
-
|
|
18
|
-
---
|
|
19
|
-
|
|
20
|
-
## PC Sort State Schema (`.pcsort-state/SCAN_STATE.json`)
|
|
21
|
-
|
|
22
|
-
```json
|
|
23
|
-
{
|
|
24
|
-
"scanRoot": "",
|
|
25
|
-
"scanDate": "",
|
|
26
|
-
"totalFiles": 0,
|
|
27
|
-
"totalSizeGB": 0,
|
|
28
|
-
"duplicates": [],
|
|
29
|
-
"largeFiles": [],
|
|
30
|
-
"oldFiles": [],
|
|
31
|
-
"emptyDirs": [],
|
|
32
|
-
"tempFiles": [],
|
|
33
|
-
"misplacedFiles": [],
|
|
34
|
-
"folderStats": {},
|
|
35
|
-
"suggestions": []
|
|
36
|
-
}
|
|
37
|
-
```
|
|
38
|
-
|
|
39
|
-
---
|
|
40
|
-
|
|
41
|
-
## Phase 0: Scope Definition
|
|
42
|
-
|
|
43
|
-
Ask user:
|
|
44
|
-
1. **Target path(s):** which drives/folders to scan? (e.g., C:\Users\Name\Downloads, D:\)
|
|
45
|
-
2. **Operation type:** what does "sort" mean here?
|
|
46
|
-
- `analyze` — report only, no changes
|
|
47
|
-
- `duplicates` — find and mark duplicate files
|
|
48
|
-
- `organize` — sort files into logical folders by type
|
|
49
|
-
- `cleanup` — identify junk/temp/old files for review
|
|
50
|
-
- `full` — all of the above
|
|
51
|
-
3. **Exclusions:** folders to skip (node_modules, .git, Windows system folders)
|
|
52
|
-
|
|
53
|
-
Default exclusions: `C:\Windows`, `C:\Program Files`, `C:\Program Files (x86)`, `AppData\Local\Temp`, `node_modules`, `.git`
|
|
54
|
-
|
|
55
|
-
---
|
|
56
|
-
|
|
57
|
-
## Phase 1: Disk Scan
|
|
58
|
-
|
|
59
|
-
```bash
|
|
60
|
-
opencode-cli run --attach http://localhost:4100 --agent disk-scanner \
|
|
61
|
-
"Scan <path(s)>. Exclude: <exclusions>. Collect: total file count, total size, top 20 largest files, files by extension, files by age (>1yr, >2yr, >5yr), empty directories, temp/cache file patterns. Write to .pcsort-state/SCAN_STATE.json. Do NOT use the Task tool."
|
|
62
|
-
```
|
|
63
|
-
|
|
64
|
-
For multiple drives — dispatch parallel scanners via unity-orchestrator.
|
|
65
|
-
|
|
66
|
-
---
|
|
67
|
-
|
|
68
|
-
## Phase 2: Analysis
|
|
69
|
-
|
|
70
|
-
Run analysis agents in parallel based on operation type:
|
|
71
|
-
|
|
72
|
-
### Duplicate detection:
|
|
73
|
-
```bash
|
|
74
|
-
opencode-cli run --attach http://localhost:4100 --agent duplicate-detector \
|
|
75
|
-
"Find duplicate files in scan data from .pcsort-state/SCAN_STATE.json. Group by: exact hash match first, then size+name match. For each group: identify which copy to keep (most recently modified, or in most logical location), list others as duplicates. Write duplicates list to .pcsort-state/SCAN_STATE.json duplicates field. Do NOT use the Task tool."
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
### Organization planning:
|
|
79
|
-
```bash
|
|
80
|
-
opencode-cli run --attach http://localhost:4100 --agent organization-planner \
|
|
81
|
-
"Read .pcsort-state/SCAN_STATE.json. Plan folder structure for <scanRoot>. Apply these classification rules: <rules>. Output a move plan — every source path → destination path. Write to .pcsort-state/MOVE_PLAN.json. Do NOT use the Task tool."
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
---
|
|
85
|
-
|
|
86
|
-
## File Classification Rules
|
|
87
|
-
|
|
88
|
-
| Extension group | Target folder |
|
|
89
|
-
|----------------|---------------|
|
|
90
|
-
| `.jpg .jpeg .png .gif .webp .heic .raw` | `\Photos\<YYYY>\` |
|
|
91
|
-
| `.mp4 .mov .avi .mkv .wmv` | `\Videos\` |
|
|
92
|
-
| `.mp3 .flac .wav .aac .ogg` | `\Music\` |
|
|
93
|
-
| `.pdf` | `\Documents\PDFs\` |
|
|
94
|
-
| `.doc .docx .odt` | `\Documents\Word\` |
|
|
95
|
-
| `.xls .xlsx .csv` | `\Documents\Spreadsheets\` |
|
|
96
|
-
| `.ppt .pptx` | `\Documents\Presentations\` |
|
|
97
|
-
| `.zip .rar .7z .tar .gz` | `\Archives\` |
|
|
98
|
-
| `.exe .msi` | `\Installers\` |
|
|
99
|
-
| `.iso .img` | `\DiskImages\` |
|
|
100
|
-
| `.torrent` | `\Torrents\` |
|
|
101
|
-
| Dev files (`.py .js .ts .cs .cpp .go`) | `\Dev\<ext>\` |
|
|
102
|
-
| Unknown / no extension | `\Unsorted\` |
|
|
103
|
-
|
|
104
|
-
Photo date: read EXIF if available; fall back to file modified date for `\Photos\YYYY\` sorting.
|
|
105
|
-
|
|
106
|
-
---
|
|
107
|
-
|
|
108
|
-
## Temp / Junk File Patterns
|
|
109
|
-
|
|
110
|
-
Flag for user review (never auto-delete):
|
|
111
|
-
- `*.tmp`, `*.temp`, `~*`, `thumbs.db`, `.DS_Store`
|
|
112
|
-
- `*.log` older than 30 days outside `\Logs\` folders
|
|
113
|
-
- Folders named: `temp`, `tmp`, `cache`, `__pycache__`, `.pytest_cache`
|
|
114
|
-
- Chrome/Firefox cache: `AppData\Local\Google\Chrome\User Data\Default\Cache`
|
|
115
|
-
- Windows Update cache: `Windows\SoftwareDistribution\Download` (flag, don't touch)
|
|
116
|
-
- Downloaded installers older than 1 year in `Downloads\`
|
|
117
|
-
|
|
118
|
-
---
|
|
119
|
-
|
|
120
|
-
## Phase 3: Show Plan
|
|
121
|
-
|
|
122
|
-
Present to user:
|
|
123
|
-
|
|
124
|
-
```
|
|
125
|
-
## PC Organization Plan
|
|
126
|
-
Scan root: <path>
|
|
127
|
-
Scanned: <N> files (<GB>)
|
|
128
|
-
|
|
129
|
-
### Summary
|
|
130
|
-
- Duplicates found: <N> files (<GB> recoverable)
|
|
131
|
-
- Largest files: top 5 listed
|
|
132
|
-
- Temp/junk: <N> files (<GB>)
|
|
133
|
-
- Files to move: <N> (<GB>)
|
|
134
|
-
- Empty dirs to remove: <N>
|
|
135
|
-
|
|
136
|
-
### Duplicate Groups (<N> total, <GB> recoverable)
|
|
137
|
-
Group 1: <filename> — 3 copies
|
|
138
|
-
KEEP: C:\Users\...\file.jpg (newest, best location)
|
|
139
|
-
MOVE: C:\Users\...\Copy of file.jpg → .pcsort-state\duplicates-review\
|
|
140
|
-
MOVE: D:\Backup\...\file.jpg → .pcsort-state\duplicates-review\
|
|
141
|
-
|
|
142
|
-
### Move Plan Preview (first 20 of <N>)
|
|
143
|
-
<scan_root>\Downloads\photo_2023.jpg → <scan_root>\Photos\2023\photo_2023.jpg
|
|
144
|
-
<scan_root>\Desktop\report.pdf → <scan_root>\Documents\PDFs\report.pdf
|
|
145
|
-
...
|
|
146
|
-
|
|
147
|
-
### Junk Files (for review only — will NOT be moved automatically)
|
|
148
|
-
<scan_root>\Downloads\installer_v1.0.msi (2 years old, 450MB)
|
|
149
|
-
...
|
|
150
|
-
|
|
151
|
-
Type CONFIRM to generate move script, CANCEL to abort.
|
|
152
|
-
```
|
|
153
|
-
|
|
154
|
-
---
|
|
155
|
-
|
|
156
|
-
## Phase 4: Generate Move Script
|
|
157
|
-
|
|
158
|
-
If CONFIRM → do NOT execute yet. First generate the PowerShell script:
|
|
159
|
-
|
|
160
|
-
```bash
|
|
161
|
-
opencode-cli run --attach http://localhost:4100 --agent move-executor \
|
|
162
|
-
"Generate a PowerShell dry-run script from .pcsort-state/MOVE_PLAN.json. Script must: 1) Create destination directories if needed, 2) Move files with robocopy (not Move-Item — safer for large operations), 3) Log every operation to .pcsort-state/move-log.txt, 4) Skip if destination already exists (no overwrite). Output the .ps1 script to .pcsort-state/execute-moves.ps1. Do NOT use the Task tool."
|
|
163
|
-
```
|
|
164
|
-
|
|
165
|
-
Show user the generated script path. Offer options:
|
|
166
|
-
- `EXECUTE` — run the script now (Claude uses Bash tool)
|
|
167
|
-
- `REVIEW` — open the script for inspection first
|
|
168
|
-
- `CANCEL` — abort
|
|
169
|
-
|
|
170
|
-
---
|
|
171
|
-
|
|
172
|
-
## Phase 5: Execute and Verify
|
|
173
|
-
|
|
174
|
-
If EXECUTE:
|
|
175
|
-
```powershell
|
|
176
|
-
powershell -ExecutionPolicy Bypass -File ".pcsort-state\execute-moves.ps1"
|
|
177
|
-
```
|
|
178
|
-
|
|
179
|
-
After execution:
|
|
180
|
-
- Read `.pcsort-state/move-log.txt`
|
|
181
|
-
- Report: files moved, errors, skipped
|
|
182
|
-
- Check for any errors — if any files failed, list them
|
|
183
|
-
- Write final report to `.pcsort-state/REPORT.md`
|
|
184
|
-
|
|
185
|
-
---
|
|
186
|
-
|
|
187
|
-
## Agent Routing Table
|
|
188
|
-
|
|
189
|
-
| Agent | Use for |
|
|
190
|
-
|-------|---------|
|
|
191
|
-
| `disk-scanner` | File system scanning, size analysis, age analysis |
|
|
192
|
-
| `duplicate-detector` | Hash-based duplicate finding, keep/remove decision |
|
|
193
|
-
| `organization-planner` | File classification, move plan generation |
|
|
194
|
-
| `move-executor` | PowerShell move script generation |
|
|
195
|
-
| `unity-orchestrator` | Parallel multi-drive scanning |
|
|
196
|
-
|
|
197
|
-
---
|
|
198
|
-
|
|
199
|
-
## Core Rules (never violate)
|
|
200
|
-
|
|
201
|
-
1. Never delete files — only move to review folder or mark for user decision.
|
|
202
|
-
2. Dry-run always comes before execution.
|
|
203
|
-
3. Move manifest must be written before any moves execute — enables rollback.
|
|
204
|
-
4. Never touch: `C:\Windows\*`, `C:\Program Files\*`, `AppData\Roaming\*` (system risk).
|
|
205
|
-
5. If a destination file already exists — skip, do not overwrite. Log the conflict.
|
|
206
|
-
6. After execution, provide explicit count of moved files vs. errors vs. skipped.
|
|
207
|
-
|
|
@@ -1,60 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: pickup
|
|
3
|
-
description: Pick up a previous hunt on a target — shows hunt history, untested endpoints, and memory-informed suggestions. Usage: /pickup target.com
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# /pickup
|
|
7
|
-
|
|
8
|
-
Pick up where you left off on a target.
|
|
9
|
-
|
|
10
|
-
> **Renamed from `/resume`** — `/resume` is a reserved Claude Code command. Use `/pickup` to continue a previous hunt.
|
|
11
|
-
|
|
12
|
-
## What This Does
|
|
13
|
-
|
|
14
|
-
1. Reads the target profile from `hunt-memory/targets/<target>.json`
|
|
15
|
-
2. Shows hunt history (sessions, findings, payouts)
|
|
16
|
-
3. Lists untested endpoints from last recon
|
|
17
|
-
4. Suggests techniques based on tech stack + pattern DB
|
|
18
|
-
5. Asks: continue hunting or re-run recon?
|
|
19
|
-
|
|
20
|
-
## Usage
|
|
21
|
-
|
|
22
|
-
```
|
|
23
|
-
/pickup target.com
|
|
24
|
-
```
|
|
25
|
-
|
|
26
|
-
## Output
|
|
27
|
-
|
|
28
|
-
```
|
|
29
|
-
PICKUP: target.com
|
|
30
|
-
═══════════════════════════════════════
|
|
31
|
-
|
|
32
|
-
Hunt History:
|
|
33
|
-
Sessions: 3
|
|
34
|
-
Last hunt: 2026-03-24
|
|
35
|
-
Total time: 2h 00m
|
|
36
|
-
Findings: 1 confirmed (IDOR, $1500 paid)
|
|
37
|
-
|
|
38
|
-
Untested Surface:
|
|
39
|
-
3 endpoints from last recon:
|
|
40
|
-
1. /api/v2/users/{id}/export
|
|
41
|
-
2. /api/v2/users/{id}/share
|
|
42
|
-
3. /api/v2/users/{id}/history
|
|
43
|
-
|
|
44
|
-
Memory Suggestions:
|
|
45
|
-
Tech stack [Next.js, GraphQL, PostgreSQL] matches 2 targets
|
|
46
|
-
where you found auth bypass. Try introspection → mutation pattern.
|
|
47
|
-
|
|
48
|
-
Actions:
|
|
49
|
-
[r] Continue hunting untested endpoints
|
|
50
|
-
[n] Re-run recon first (surface may have changed)
|
|
51
|
-
[s] Show full hunt journal for this target
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
## If No Previous Hunt
|
|
55
|
-
|
|
56
|
-
```
|
|
57
|
-
No previous hunt data for target.com.
|
|
58
|
-
Run /recon target.com first, then /hunt target.com.
|
|
59
|
-
```
|
|
60
|
-
|