promptgraph-mcp 2.4.7 → 2.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/README.md +3 -6
  2. package/ann.js +23 -51
  3. package/api.js +200 -0
  4. package/config.js +7 -0
  5. package/db.js +20 -0
  6. package/embedder.js +10 -0
  7. package/github-import.js +102 -22
  8. package/indexer.js +45 -11
  9. package/marketplace.js +47 -5
  10. package/package.json +9 -3
  11. package/search.js +84 -20
  12. package/src/filter/hard-filter.js +2 -0
  13. package/src/filter/train.js +3 -1
  14. package/src/store/flat-store.js +61 -0
  15. package/src/store/hnsw-store.js +187 -0
  16. package/src/store/index.js +19 -0
  17. package/src/store/vector-store.js +9 -0
  18. package/validator.js +7 -1
  19. package/registry/training/bad/accepts-HISTORY.md +0 -250
  20. package/registry/training/bad/argparse-CHANGELOG.md +0 -185
  21. package/registry/training/bad/balanced-match-LICENSE.md +0 -23
  22. package/registry/training/bad/better-sqlite3-README.md +0 -99
  23. package/registry/training/bad/bindings-LICENSE.md +0 -22
  24. package/registry/training/bad/bl-LICENSE.md +0 -13
  25. package/registry/training/bad/body-parser-README.md +0 -494
  26. package/registry/training/bad/bytes-HISTORY.md +0 -97
  27. package/registry/training/bad/camelcase-README.md +0 -135
  28. package/registry/training/bad/chai-README.md +0 -162
  29. package/registry/training/bad/cli-progress-LICENSE.md +0 -24
  30. package/registry/training/bad/content-type-HISTORY.md +0 -29
  31. package/registry/training/bad/cookie-SECURITY.md +0 -25
  32. package/registry/training/bad/cookie-signature-HISTORY.md +0 -70
  33. package/registry/training/bad/cors-README.md +0 -277
  34. package/registry/training/bad/cross-spawn-README.md +0 -89
  35. package/registry/training/bad/deep-extend-CHANGELOG.md +0 -46
  36. package/registry/training/bad/depd-HISTORY.md +0 -103
  37. package/registry/training/bad/esprima-README.md +0 -46
  38. package/registry/training/bad/etag-HISTORY.md +0 -83
  39. package/registry/training/bad/expect-type-SECURITY.md +0 -14
  40. package/registry/training/bad/finalhandler-HISTORY.md +0 -239
  41. package/registry/training/bad/fresh-HISTORY.md +0 -80
  42. package/registry/training/bad/glob-LICENSE.md +0 -63
  43. package/registry/training/bad/hono-README.md +0 -85
  44. package/registry/training/bad/http-errors-HISTORY.md +0 -186
  45. package/registry/training/bad/jose-LICENSE.md +0 -21
  46. package/registry/training/bad/jose-README.md +0 -153
  47. package/registry/training/bad/js-yaml-README.md +0 -299
  48. package/registry/training/bad/json-schema-typed-LICENSE.md +0 -57
  49. package/registry/training/bad/json-stringify-safe-CHANGELOG.md +0 -14
  50. package/registry/training/bad/lru-cache-LICENSE.md +0 -55
  51. package/registry/training/bad/media-typer-HISTORY.md +0 -50
  52. package/registry/training/bad/minimatch-LICENSE.md +0 -55
  53. package/registry/training/bad/minimist-CHANGELOG.md +0 -298
  54. package/registry/training/bad/minimist-README.md +0 -121
  55. package/registry/training/bad/ms-LICENSE.md +0 -21
  56. package/registry/training/bad/negotiator-HISTORY.md +0 -114
  57. package/registry/training/bad/on-finished-HISTORY.md +0 -98
  58. package/registry/training/bad/pkce-challenge-CHANGELOG.md +0 -114
  59. package/registry/training/bad/postcss-README.md +0 -28
  60. package/registry/training/bad/prebuild-install-CHANGELOG.md +0 -131
  61. package/registry/training/bad/proxy-addr-HISTORY.md +0 -161
  62. package/registry/training/bad/qs-CHANGELOG.md +0 -822
  63. package/registry/training/bad/rc-README.md +0 -227
  64. package/registry/training/bad/readable-stream-CONTRIBUTING.md +0 -38
  65. package/registry/training/bad/router-HISTORY.md +0 -228
  66. package/registry/training/bad/semver-README.md +0 -680
  67. package/registry/training/bad/send-README.md +0 -317
  68. package/registry/training/bad/serve-static-README.md +0 -253
  69. package/registry/training/bad/statuses-HISTORY.md +0 -87
  70. package/registry/training/bad/type-is-HISTORY.md +0 -292
  71. package/registry/training/bad/vary-HISTORY.md +0 -39
  72. package/registry/training/bad/vite-LICENSE.md +0 -2230
  73. package/registry/training/bad/which-CHANGELOG.md +0 -166
  74. package/registry/training/bad/zod-README.md +0 -191
  75. package/registry/training/good/skills-store-autopilot.md +0 -85
  76. package/registry/training/good/skills-store-bot-builder.md +0 -70
  77. package/registry/training/good/skills-store-chain.md +0 -136
  78. package/registry/training/good/skills-store-evolve.md +0 -100
  79. package/registry/training/good/skills-store-game.md +0 -27
  80. package/registry/training/good/skills-store-hunt.md +0 -102
  81. package/registry/training/good/skills-store-intel.md +0 -56
  82. package/registry/training/good/skills-store-memory-gc.md +0 -58
  83. package/registry/training/good/skills-store-pcsort.md +0 -207
  84. package/registry/training/good/skills-store-pickup.md +0 -60
  85. package/registry/training/good/skills-store-recon.md +0 -141
  86. package/registry/training/good/skills-store-remember.md +0 -64
  87. package/registry/training/good/skills-store-report.md +0 -117
  88. package/registry/training/good/skills-store-router.md +0 -225
  89. package/registry/training/good/skills-store-search.md +0 -168
  90. package/registry/training/good/skills-store-surface.md +0 -53
  91. package/registry/training/good/skills-store-token-scan.md +0 -141
  92. package/registry/training/good/skills-store-triage.md +0 -97
  93. package/registry/training/good/skills-store-unity.md +0 -733
  94. package/registry/training/good/skills-store-validate.md +0 -135
  95. package/registry/training/good/skills-store-web3-audit.md +0 -217
@@ -1,135 +0,0 @@
1
- ---
2
- name: validate
3
- description: Validate a finding — runs 7-Question Gate + 4-gate checklist. Kills weak findings before report writing. Prevents N/A submissions that hurt validity ratio. Usage: /validate
4
- ---
5
-
6
- # /validate
7
-
8
- Run full validation on the current finding before writing a report.
9
-
10
- ## What This Does
11
-
12
- 1. Runs 7-Question Gate (one wrong answer = kill it)
13
- 2. Checks against the always-rejected list
14
- 3. Runs 4 pre-submission gates
15
- 4. Outputs: PASS (write the report) or KILL (move on)
16
-
17
- ## Usage
18
-
19
- ```
20
- /validate
21
- ```
22
-
23
- Describe the finding when prompted. Include:
24
- - The endpoint
25
- - The bug class
26
- - What the PoC shows
27
- - The target program
28
-
29
- ## The 7-Question Gate
30
-
31
- Answer each. ONE wrong answer = STOP.
32
-
33
- ### Q1: Can I demonstrate this step-by-step RIGHT NOW?
34
-
35
- Write this out:
36
- ```
37
- 1. Setup: I need [own account / another user's ID / no account]
38
- 2. Request: [exact HTTP method, URL, headers, body]
39
- 3. Result: Response shows [exact data / action completed]
40
- 4. Impact: Real consequence is [account takeover / PII exposed / money stolen]
41
- 5. Cost: Time: [X min], Capital: [$0 / $X]
42
- ```
43
-
44
- If step 2 is "I need to look at the code more" → KILL IT.
45
-
46
- ### Q2: Is the impact accepted by this program?
47
-
48
- Check program scope page. Is your bug class listed? Is it excluded?
49
-
50
- ### Q3: Is the vulnerable asset in scope?
51
-
52
- Exact domain in scope? Not staging/dev? Not a third-party service?
53
-
54
- ### Q4: Does it need admin or privileged access that an attacker can't get?
55
-
56
- "Admin can do X" → KILL IT.
57
- "Regular user can do X that only admin should" → valid.
58
-
59
- ### Q5: Is this known or documented behavior?
60
-
61
- Search disclosed reports + changelog + API docs.
62
-
63
- ### Q6: Can you prove impact beyond "technically possible"?
64
-
65
- - XSS → actual cookie value in exfil request, not just alert()
66
- - SSRF → response body from internal service, not just DNS callback
67
- - IDOR → actual other-user's private data in response, not just 200 status
68
-
69
- ### Q7: Is this on the never-submit list?
70
-
71
- ```
72
- Missing headers, GraphQL introspection alone, clickjacking without PoC,
73
- self-XSS, open redirect alone, SSRF DNS-only, logout CSRF, banner disclosure,
74
- rate limit on non-critical forms, missing cookie flags alone...
75
- ```
76
-
77
- If yes → KILL IT unless you have a chain.
78
-
79
- ## Check: Conditionally Valid?
80
-
81
- If it's on the never-submit list, can you chain it?
82
-
83
- | You Have | Chain Available? |
84
- |---|---|
85
- | Open redirect | + OAuth code theft → ATO? |
86
- | SSRF DNS-only | + internal service data? |
87
- | Clickjacking | + sensitive action + PoC? |
88
- | CORS wildcard | + credentialed data exfil? |
89
- | Prompt injection | + IDOR → other user's data? |
90
-
91
- If no chain → KILL IT. If chain confirmed → report both together.
92
-
93
- ## 4 Gates — All Must Pass
94
-
95
- **Gate 0 (30 sec):**
96
- ```
97
- [ ] Confirmed with real HTTP requests (not just code reading)
98
- [ ] In scope (checked program page)
99
- [ ] Reproducible from scratch
100
- [ ] Evidence captured
101
- ```
102
-
103
- **Gate 1 — Impact (2 min):**
104
- ```
105
- [ ] Can answer "What does attacker walk away with?"
106
- [ ] More than "sees non-sensitive data"
107
- [ ] Real victim exists
108
- [ ] No unlikely preconditions
109
- ```
110
-
111
- **Gate 2 — Dedup (5 min):**
112
- ```
113
- [ ] Searched HackerOne Hacktivity for endpoint + bug class
114
- [ ] Searched GitHub issues
115
- [ ] Read 5 most recent disclosed reports
116
- [ ] Not in changelog as known issue
117
- ```
118
-
119
- **Gate 3 — Report quality (10 min):**
120
- ```
121
- [ ] Title formula: [Class] in [Endpoint] allows [actor] to [impact]
122
- [ ] Steps have exact HTTP request
123
- [ ] Evidence shows actual impact
124
- [ ] CVSS calculated
125
- [ ] Fix: 1-2 concrete sentences
126
- ```
127
-
128
- ## Output
129
-
130
- **PASS:** "All 7 questions pass. All 4 gates pass. Proceed to /report."
131
-
132
- **KILL:** "Q[N] fails because [reason]. Kill this finding. Reason: [explanation]. Move on."
133
-
134
- **DOWNGRADE:** "Q6 only shows technical possibility. Downgrade from High to Medium. Requires showing actual data exfil in PoC."
135
-
@@ -1,217 +0,0 @@
1
- ---
2
- name: web3-audit
3
- description: Smart contract security audit — runs through 10 bug class checklist (accounting desync, access control, incomplete path, off-by-one, oracle errors, ERC4626, reentrancy, flash loan, signature replay, proxy/upgrade). Applies pre-dive kill signals first. Generates Foundry PoC template for confirmed findings. Usage: /web3-audit <contract.sol>
4
- ---
5
-
6
- # /web3-audit
7
-
8
- Smart contract security audit using the 10-bug-class methodology.
9
-
10
- ## Usage
11
-
12
- ```
13
- /web3-audit VulnerableContract.sol
14
- /web3-audit https://github.com/protocol/contracts
15
- /web3-audit [paste contract code]
16
- ```
17
-
18
- ## Step 0: Pre-Dive Kill Signals
19
-
20
- ALWAYS check these BEFORE reading any code:
21
-
22
- ```
23
- 1. TVL < $500K → max payout too low for effort → SKIP
24
- 2. 2+ top-tier audits (Halborn, ToB, Cyfrin, OZ) on simple protocol → SKIP
25
- 3. Protocol < 500 lines, single A→B→C flow → minimal attack surface → SKIP
26
- 4. max_payout = min(10% × TVL, program_cap) → if < $10K → SKIP
27
-
28
- Formula: Is [TVL * 10%] > [hours I'll spend * hourly rate]? If not, skip.
29
- ```
30
-
31
- Only proceed if score >= 6/10:
32
- - TVL > $10M: +2
33
- - Immunefi Critical >= $50K: +2
34
- - No top-tier audit on current version: +2
35
- - < 30 days since deploy: +1
36
- - Protocol you've hunted before: +1
37
- - Upgradeable proxies present: +1
38
-
39
- ## Step 1: Accounting State Desynchronization (28% of Criticals)
40
-
41
- ```bash
42
- # Find accounting variables
43
- grep -rn "totalSupply\|totalShares\|totalAssets\|totalDebt\|cumulativeReward" contracts/
44
-
45
- # Find ALL early returns in critical functions
46
- grep -rn "\breturn\b" contracts/ -B3 | grep -B3 "if\b"
47
- ```
48
-
49
- Check: For each early return in claim/redeem/withdraw functions:
50
- - Which state variables are updated in the normal path?
51
- - Are ALL of them also updated in the early return path?
52
- - If A updated but B isn't → potential desync bug
53
-
54
- ## Step 2: Access Control (19% of Criticals)
55
-
56
- ```bash
57
- # Sibling function families — do ALL have same modifier set?
58
- grep -rn "function vote\|function poke\|function reset\|function update\|function claim\|function harvest" contracts/ -A2
59
-
60
- # Ownership check: existence vs ownership
61
- grep -rn "_requireOwned\|ownerOf\|_isApprovedOrOwner" contracts/ -B5
62
-
63
- # Silent modifiers (if without revert)
64
- grep -rn "modifier\b" contracts/ -A8 | grep -B3 "if (" | grep -v "require\|revert"
65
-
66
- # Uninitialized proxy
67
- grep -rn "function initialize\b" contracts/ -A3
68
- grep -rn "_disableInitializers()" contracts/
69
- ```
70
-
71
- Check: Does EVERY sibling function in a family have the SAME modifiers?
72
-
73
- ## Step 3: Incomplete Code Path (17% of Criticals)
74
-
75
- The function family comparison test:
76
- ```
77
- 1. List all state changes in function A (deposit/place/create)
78
- 2. List all state changes in function B (withdraw/update/cancel)
79
- 3. For each state change in A: does B have the corresponding reverse?
80
- 4. For each token transfer in A: does B have the corresponding refund?
81
- ```
82
-
83
- ```bash
84
- grep -rn "safeApprove\b" contracts/ # safeApprove without zero-reset?
85
- grep -rn "delete\b" contracts/ -B5 # delete before operation completes?
86
- grep -rn "function deposit\|function mint\|function withdraw\|function redeem" contracts/ -A10
87
- ```
88
-
89
- ## Step 4: Off-By-One (22% of Highs)
90
-
91
- Mental test: For EVERY `if (A > B)`: "What happens when A == B?" Is that correct?
92
-
93
- ```bash
94
- # Boundary comparisons
95
- grep -rn "Period\|Epoch\|Deadline\|period\|epoch\|deadline" contracts/ -A3 | grep "[<>][^=]"
96
-
97
- # Loop breaks
98
- grep -rn "\bbreak\b" contracts/ -B10
99
-
100
- # Array bounds
101
- grep -rn "\.length\s*-\s*1\|i\s*<=\s*.*\.length\b" contracts/
102
- ```
103
-
104
- ## Step 5: Oracle / Price Manipulation
105
-
106
- ```bash
107
- # Missing staleness check
108
- grep -rn "latestRoundData" contracts/ -A5 | grep -v "updatedAt\|timestamp"
109
-
110
- # Pyth confidence interval
111
- grep -rn "getPriceUnsafe\|getPrice\b" contracts/ -A8 | grep -v "conf\|confidence"
112
-
113
- # TWAP windows
114
- grep -rn "secondsAgo\|TWAP\|cardinality" contracts/ -A5
115
- ```
116
-
117
- Check:
118
- - Is staleness checked? (`require(block.timestamp - updatedAt <= MAX_AGE)`)
119
- - Is Pyth confidence interval checked? (`require(conf * 10 <= price)`)
120
- - Is TWAP window > 1800 seconds (30 min)?
121
-
122
- ## Step 6: ERC4626 Vaults
123
-
124
- ```bash
125
- grep -rn "function deposit\|function mint\|function withdraw\|function redeem" contracts/ -A10
126
- grep -rn "function transfer\|function transferFrom" contracts/ -A15
127
- ```
128
-
129
- Check:
130
- - Does `mint()` call the same validation as `deposit()`?
131
- - Does `transfer()` move lock records along with shares?
132
- - Is there a `_decimalsOffset()` virtual shares defense against first-depositor attack?
133
-
134
- ## Step 7: Reentrancy
135
-
136
- ```bash
137
- # Effects after interactions
138
- grep -rn "\.call{value\|safeTransfer\|transfer(" contracts/ -B10 | grep -v "require\|revert"
139
-
140
- # Missing nonReentrant
141
- grep -rn "function withdraw\|function redeem\|function claim" contracts/ -A2 | grep -v "nonReentrant"
142
- ```
143
-
144
- Check: Does every function that transfers ETH or ERC20 follow CEI order?
145
- (Checks → Effects → Interactions)
146
-
147
- ## Step 8: Flash Loan Oracle Manipulation
148
-
149
- ```bash
150
- grep -rn "getReserves\|getAmountsOut\|slot0\b" contracts/ -A5
151
- ```
152
-
153
- Check: Any spot price reading from Uniswap reserves/slot0? → flash loan manipulatable.
154
-
155
- ## Step 9: Signature Replay
156
-
157
- ```bash
158
- grep -rn "ecrecover\|ECDSA\.recover" contracts/ -B20
159
- grep -rn "nonce\|_nonces\|nonces\[" contracts/
160
- ```
161
-
162
- Check: Does signed hash include: nonce + chainId + contract address?
163
-
164
- ## Step 10: Proxy / Upgrade
165
-
166
- ```bash
167
- grep -rn "function initialize\b\|_disableInitializers\|initializer" contracts/
168
- grep -rn "delegatecall\b" contracts/ -B3
169
- grep -rn "0x360894\|_IMPLEMENTATION_SLOT\|EIP1967" contracts/
170
- ```
171
-
172
- Check:
173
- - `_disableInitializers()` in implementation constructor?
174
- - Implementation can't be initialized directly by attacker?
175
- - Storage layout compatible between versions?
176
-
177
- ## Confirming a Finding
178
-
179
- Apply the 7-Question Gate:
180
- ```
181
- 1. Can I demonstrate this with a Foundry test?
182
- 2. What is the financial impact (quantify in $)?
183
- 3. Is this in the Immunefi scope?
184
- 4. Is it a known issue or acknowledged behavior?
185
- 5. Does my Foundry PoC actually run? (forge test -vvvv)
186
- ```
187
-
188
- ## Foundry PoC Template
189
-
190
- ```solidity
191
- // SPDX-License-Identifier: MIT
192
- pragma solidity ^0.8.0;
193
- import "forge-std/Test.sol";
194
- import "../src/VulnerableContract.sol";
195
-
196
- contract ExploitTest is Test {
197
- VulnerableContract target;
198
- address attacker = makeAddr("attacker");
199
-
200
- function setUp() public {
201
- vm.createSelectFork("mainnet", BLOCK_NUMBER);
202
- target = VulnerableContract(TARGET_ADDRESS);
203
- deal(address(token), attacker, INITIAL_BALANCE);
204
- }
205
-
206
- function test_exploit() public {
207
- uint256 before = token.balanceOf(attacker);
208
- vm.startPrank(attacker);
209
- // Execute exploit
210
- vm.stopPrank();
211
- assertGt(token.balanceOf(attacker), before, "Exploit failed");
212
- }
213
- }
214
- ```
215
-
216
- Run: `forge test --match-test test_exploit -vvvv`
217
-