npm - specweave - Versions diffs - 0.1.0 - Mend

specweave 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (288) hide show

package/INSTALL.md +848 -0
package/LICENSE +21 -0
package/README.md +675 -0
package/SPECWEAVE.md +665 -0
package/bin/install-agents.sh +57 -0
package/bin/install-all.sh +49 -0
package/bin/install-commands.sh +56 -0
package/bin/install-skills.sh +57 -0
package/bin/specweave.js +81 -0
package/dist/adapters/adapter-base.d.ts +50 -0
package/dist/adapters/adapter-base.d.ts.map +1 -0
package/dist/adapters/adapter-base.js +146 -0
package/dist/adapters/adapter-base.js.map +1 -0
package/dist/adapters/adapter-interface.d.ts +108 -0
package/dist/adapters/adapter-interface.d.ts.map +1 -0
package/dist/adapters/adapter-interface.js +9 -0
package/dist/adapters/adapter-interface.js.map +1 -0
package/dist/adapters/claude/adapter.d.ts +54 -0
package/dist/adapters/claude/adapter.d.ts.map +1 -0
package/dist/adapters/claude/adapter.js +184 -0
package/dist/adapters/claude/adapter.js.map +1 -0
package/dist/adapters/copilot/adapter.d.ts +42 -0
package/dist/adapters/copilot/adapter.d.ts.map +1 -0
package/dist/adapters/copilot/adapter.js +239 -0
package/dist/adapters/copilot/adapter.js.map +1 -0
package/dist/adapters/cursor/adapter.d.ts +42 -0
package/dist/adapters/cursor/adapter.d.ts.map +1 -0
package/dist/adapters/cursor/adapter.js +297 -0
package/dist/adapters/cursor/adapter.js.map +1 -0
package/dist/adapters/generic/adapter.d.ts +40 -0
package/dist/adapters/generic/adapter.d.ts.map +1 -0
package/dist/adapters/generic/adapter.js +155 -0
package/dist/adapters/generic/adapter.js.map +1 -0
package/dist/cli/commands/init.d.ts +6 -0
package/dist/cli/commands/init.d.ts.map +1 -0
package/dist/cli/commands/init.js +247 -0
package/dist/cli/commands/init.js.map +1 -0
package/dist/cli/commands/install.d.ts +7 -0
package/dist/cli/commands/install.d.ts.map +1 -0
package/dist/cli/commands/install.js +160 -0
package/dist/cli/commands/install.js.map +1 -0
package/dist/cli/commands/list.d.ts +6 -0
package/dist/cli/commands/list.d.ts.map +1 -0
package/dist/cli/commands/list.js +154 -0
package/dist/cli/commands/list.js.map +1 -0
package/package.json +90 -0
package/src/adapters/README.md +312 -0
package/src/adapters/adapter-base.ts +146 -0
package/src/adapters/adapter-interface.ts +120 -0
package/src/adapters/claude/README.md +241 -0
package/src/adapters/claude/adapter.ts +157 -0
package/src/adapters/copilot/.github/copilot/instructions.md +376 -0
package/src/adapters/copilot/README.md +200 -0
package/src/adapters/copilot/adapter.ts +210 -0
package/src/adapters/cursor/.cursor/context/docs-context.md +62 -0
package/src/adapters/cursor/.cursor/context/increments-context.md +71 -0
package/src/adapters/cursor/.cursor/context/strategy-context.md +73 -0
package/src/adapters/cursor/.cursor/context/tests-context.md +89 -0
package/src/adapters/cursor/.cursorrules +325 -0
package/src/adapters/cursor/README.md +243 -0
package/src/adapters/cursor/adapter.ts +268 -0
package/src/adapters/generic/README.md +277 -0
package/src/adapters/generic/SPECWEAVE-MANUAL.md +676 -0
package/src/adapters/generic/adapter.ts +159 -0
package/src/adapters/registry.yaml +126 -0
package/src/agents/architect/AGENT.md +416 -0
package/src/agents/devops/AGENT.md +1738 -0
package/src/agents/docs-writer/AGENT.md +239 -0
package/src/agents/performance/AGENT.md +228 -0
package/src/agents/pm/AGENT.md +751 -0
package/src/agents/qa-lead/AGENT.md +150 -0
package/src/agents/security/AGENT.md +179 -0
package/src/agents/sre/AGENT.md +582 -0
package/src/agents/sre/modules/backend-diagnostics.md +481 -0
package/src/agents/sre/modules/database-diagnostics.md +509 -0
package/src/agents/sre/modules/infrastructure.md +561 -0
package/src/agents/sre/modules/monitoring.md +439 -0
package/src/agents/sre/modules/security-incidents.md +421 -0
package/src/agents/sre/modules/ui-diagnostics.md +302 -0
package/src/agents/sre/playbooks/01-high-cpu-usage.md +204 -0
package/src/agents/sre/playbooks/02-database-deadlock.md +241 -0
package/src/agents/sre/playbooks/03-memory-leak.md +252 -0
package/src/agents/sre/playbooks/04-slow-api-response.md +269 -0
package/src/agents/sre/playbooks/05-ddos-attack.md +293 -0
package/src/agents/sre/playbooks/06-disk-full.md +314 -0
package/src/agents/sre/playbooks/07-service-down.md +333 -0
package/src/agents/sre/playbooks/08-data-corruption.md +337 -0
package/src/agents/sre/playbooks/09-cascade-failure.md +430 -0
package/src/agents/sre/playbooks/10-rate-limit-exceeded.md +464 -0
package/src/agents/sre/scripts/health-check.sh +230 -0
package/src/agents/sre/scripts/log-analyzer.py +213 -0
package/src/agents/sre/scripts/metrics-collector.sh +294 -0
package/src/agents/sre/scripts/trace-analyzer.js +257 -0
package/src/agents/sre/templates/incident-report.md +249 -0
package/src/agents/sre/templates/mitigation-plan.md +375 -0
package/src/agents/sre/templates/post-mortem.md +418 -0
package/src/agents/sre/templates/runbook-template.md +412 -0
package/src/agents/tech-lead/AGENT.md +263 -0
package/src/commands/add-tasks.md +176 -0
package/src/commands/close-increment.md +347 -0
package/src/commands/create-increment.md +223 -0
package/src/commands/create-project.md +528 -0
package/src/commands/generate-docs.md +623 -0
package/src/commands/list-increments.md +180 -0
package/src/commands/review-docs.md +331 -0
package/src/commands/start-increment.md +139 -0
package/src/commands/sync-github.md +115 -0
package/src/commands/validate-increment.md +800 -0
package/src/hooks/README.md +252 -0
package/src/hooks/docs-changed.sh +59 -0
package/src/hooks/human-input-required.sh +55 -0
package/src/hooks/post-task-completion.sh +57 -0
package/src/hooks/pre-implementation.sh +47 -0
package/src/skills/ado-sync/README.md +449 -0
package/src/skills/ado-sync/SKILL.md +245 -0
package/src/skills/ado-sync/test-cases/test-1.yaml +9 -0
package/src/skills/ado-sync/test-cases/test-2.yaml +8 -0
package/src/skills/ado-sync/test-cases/test-3.yaml +9 -0
package/src/skills/bmad-method-expert/SKILL.md +628 -0
package/src/skills/bmad-method-expert/scripts/analyze-project.js +318 -0
package/src/skills/bmad-method-expert/scripts/check-setup.js +208 -0
package/src/skills/bmad-method-expert/scripts/generate-template.js +1149 -0
package/src/skills/bmad-method-expert/scripts/validate-documents.js +340 -0
package/src/skills/bmad-method-expert/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/bmad-method-expert/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/bmad-method-expert/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/brownfield-analyzer/SKILL.md +523 -0
package/src/skills/brownfield-analyzer/test-cases/test-1-basic-analysis.yaml +48 -0
package/src/skills/brownfield-analyzer/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/brownfield-analyzer/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/brownfield-onboarder/SKILL.md +625 -0
package/src/skills/brownfield-onboarder/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/brownfield-onboarder/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/brownfield-onboarder/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/calendar-system/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/calendar-system/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/calendar-system/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/context-loader/SKILL.md +734 -0
package/src/skills/context-loader/test-cases/test-1-basic-loading.yaml +39 -0
package/src/skills/context-loader/test-cases/test-2-token-budget-exceeded.yaml +44 -0
package/src/skills/context-loader/test-cases/test-3-section-anchors.yaml +45 -0
package/src/skills/context-optimizer/SKILL.md +618 -0
package/src/skills/context-optimizer/test-cases/test-1-bug-fix-narrow.yaml +97 -0
package/src/skills/context-optimizer/test-cases/test-2-feature-focused.yaml +109 -0
package/src/skills/context-optimizer/test-cases/test-3-architecture-broad.yaml +98 -0
package/src/skills/cost-optimizer/SKILL.md +190 -0
package/src/skills/cost-optimizer/test-cases/test-1-basic-comparison.yaml +75 -0
package/src/skills/cost-optimizer/test-cases/test-2-budget-constraint.yaml +52 -0
package/src/skills/cost-optimizer/test-cases/test-3-scale-requirement.yaml +63 -0
package/src/skills/cost-optimizer/test-results/README.md +46 -0
package/src/skills/design-system-architect/SKILL.md +107 -0
package/src/skills/design-system-architect/test-cases/test-1-token-structure.yaml +23 -0
package/src/skills/design-system-architect/test-cases/test-2-component-hierarchy.yaml +24 -0
package/src/skills/design-system-architect/test-cases/test-3-accessibility-checklist.yaml +23 -0
package/src/skills/diagrams-architect/SKILL.md +763 -0
package/src/skills/diagrams-generator/SKILL.md +25 -0
package/src/skills/diagrams-generator/test-cases/test-1.yaml +9 -0
package/src/skills/diagrams-generator/test-cases/test-2.yaml +9 -0
package/src/skills/diagrams-generator/test-cases/test-3.yaml +8 -0
package/src/skills/docs-updater/README.md +48 -0
package/src/skills/docs-updater/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/docs-updater/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/docs-updater/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/dotnet-backend/SKILL.md +250 -0
package/src/skills/e2e-playwright/README.md +506 -0
package/src/skills/e2e-playwright/SKILL.md +457 -0
package/src/skills/e2e-playwright/execute.js +373 -0
package/src/skills/e2e-playwright/lib/utils.js +514 -0
package/src/skills/e2e-playwright/package.json +33 -0
package/src/skills/e2e-playwright/test-cases/TC-001-basic-navigation.yaml +54 -0
package/src/skills/e2e-playwright/test-cases/TC-002-form-interaction.yaml +64 -0
package/src/skills/e2e-playwright/test-cases/TC-003-specweave-integration.yaml +74 -0
package/src/skills/e2e-playwright/test-cases/TC-004-accessibility-check.yaml +98 -0
package/src/skills/figma-designer/SKILL.md +149 -0
package/src/skills/figma-implementer/SKILL.md +148 -0
package/src/skills/figma-mcp-connector/SKILL.md +136 -0
package/src/skills/figma-mcp-connector/test-cases/test-1-read-file-desktop.yaml +22 -0
package/src/skills/figma-mcp-connector/test-cases/test-2-read-file-framelink.yaml +21 -0
package/src/skills/figma-mcp-connector/test-cases/test-3-error-handling.yaml +18 -0
package/src/skills/figma-to-code/SKILL.md +128 -0
package/src/skills/figma-to-code/test-cases/test-1-token-generation.yaml +29 -0
package/src/skills/figma-to-code/test-cases/test-2-component-generation.yaml +27 -0
package/src/skills/figma-to-code/test-cases/test-3-typescript-generation.yaml +28 -0
package/src/skills/frontend/SKILL.md +177 -0
package/src/skills/github-sync/SKILL.md +252 -0
package/src/skills/github-sync/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/github-sync/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/github-sync/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/hetzner-provisioner/README.md +308 -0
package/src/skills/hetzner-provisioner/SKILL.md +251 -0
package/src/skills/hetzner-provisioner/test-cases/test-1-basic-provision.yaml +71 -0
package/src/skills/hetzner-provisioner/test-cases/test-2-postgres-provision.yaml +85 -0
package/src/skills/hetzner-provisioner/test-cases/test-3-ssl-config.yaml +126 -0
package/src/skills/hetzner-provisioner/test-results/README.md +259 -0
package/src/skills/increment-planner/SKILL.md +889 -0
package/src/skills/increment-planner/scripts/feature-utils.js +250 -0
package/src/skills/increment-planner/test-cases/test-1-basic-feature.yaml +27 -0
package/src/skills/increment-planner/test-cases/test-2-complex-feature.yaml +30 -0
package/src/skills/increment-planner/test-cases/test-3-auto-numbering.yaml +24 -0
package/src/skills/increment-quality-judge/SKILL.md +566 -0
package/src/skills/increment-quality-judge/test-cases/test-1-good-spec.yaml +95 -0
package/src/skills/increment-quality-judge/test-cases/test-2-poor-spec.yaml +108 -0
package/src/skills/increment-quality-judge/test-cases/test-3-export-suggestions.yaml +87 -0
package/src/skills/jira-sync/README.md +328 -0
package/src/skills/jira-sync/SKILL.md +209 -0
package/src/skills/jira-sync/test-cases/test-1.yaml +9 -0
package/src/skills/jira-sync/test-cases/test-2.yaml +9 -0
package/src/skills/jira-sync/test-cases/test-3.yaml +10 -0
package/src/skills/nextjs/SKILL.md +176 -0
package/src/skills/nodejs-backend/SKILL.md +181 -0
package/src/skills/notification-system/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/notification-system/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/notification-system/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/python-backend/SKILL.md +226 -0
package/src/skills/role-orchestrator/README.md +197 -0
package/src/skills/role-orchestrator/SKILL.md +1184 -0
package/src/skills/role-orchestrator/test-cases/test-1-simple-product.yaml +98 -0
package/src/skills/role-orchestrator/test-cases/test-2-quality-gate-failure.yaml +73 -0
package/src/skills/role-orchestrator/test-cases/test-3-security-workflow.yaml +121 -0
package/src/skills/role-orchestrator/test-cases/test-4-parallel-execution.yaml +145 -0
package/src/skills/role-orchestrator/test-cases/test-5-feedback-loops.yaml +149 -0
package/src/skills/skill-creator/LICENSE.txt +202 -0
package/src/skills/skill-creator/SKILL.md +209 -0
package/src/skills/skill-creator/scripts/init_skill.py +303 -0
package/src/skills/skill-creator/scripts/package_skill.py +110 -0
package/src/skills/skill-creator/scripts/quick_validate.py +65 -0
package/src/skills/skill-creator/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/skill-creator/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/skill-creator/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/skill-router/SKILL.md +497 -0
package/src/skills/skill-router/test-cases/test-1-basic-routing.yaml +33 -0
package/src/skills/skill-router/test-cases/test-2-ambiguous-request.yaml +42 -0
package/src/skills/skill-router/test-cases/test-3-nested-orchestration.yaml +50 -0
package/src/skills/spec-driven-brainstorming/README.md +264 -0
package/src/skills/spec-driven-brainstorming/SKILL.md +439 -0
package/src/skills/spec-driven-brainstorming/test-cases/TC-001-simple-idea-to-design.yaml +148 -0
package/src/skills/spec-driven-brainstorming/test-cases/TC-002-complex-ultrathink-design.yaml +190 -0
package/src/skills/spec-driven-brainstorming/test-cases/TC-003-unclear-requirements-socratic.yaml +233 -0
package/src/skills/spec-driven-debugging/README.md +479 -0
package/src/skills/spec-driven-debugging/SKILL.md +652 -0
package/src/skills/spec-driven-debugging/test-cases/TC-001-simple-auth-bug.yaml +212 -0
package/src/skills/spec-driven-debugging/test-cases/TC-002-race-condition-ultrathink.yaml +461 -0
package/src/skills/spec-driven-debugging/test-cases/TC-003-brownfield-missing-spec.yaml +366 -0
package/src/skills/spec-kit-expert/SKILL.md +1012 -0
package/src/skills/spec-kit-expert/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/spec-kit-expert/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/spec-kit-expert/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/specweave-ado-mapper/SKILL.md +501 -0
package/src/skills/specweave-detector/SKILL.md +420 -0
package/src/skills/specweave-detector/test-cases/test-1-basic-detection.yaml +37 -0
package/src/skills/specweave-detector/test-cases/test-2-missing-config.yaml +37 -0
package/src/skills/specweave-detector/test-cases/test-3-non-specweave-project.yaml +34 -0
package/src/skills/specweave-jira-mapper/SKILL.md +500 -0
package/src/skills/stripe-integrator/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/stripe-integrator/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/stripe-integrator/test-cases/test-3-placeholder.yaml +12 -0
package/src/skills/task-builder/README.md +90 -0
package/src/skills/task-builder/test-cases/test-1-placeholder.yaml +12 -0
package/src/skills/task-builder/test-cases/test-2-placeholder.yaml +12 -0
package/src/skills/task-builder/test-cases/test-3-placeholder.yaml +12 -0
package/src/templates/.env.example +144 -0
package/src/templates/.gitignore.template +81 -0
package/src/templates/CLAUDE.md.template +383 -0
package/src/templates/README.md.template +240 -0
package/src/templates/config.yaml +333 -0
package/src/templates/docs/README.md +124 -0
package/src/templates/docs/adr-template.md +118 -0
package/src/templates/docs/hld-template.md +220 -0
package/src/templates/docs/lld-template.md +580 -0
package/src/templates/docs/prd-template.md +132 -0
package/src/templates/docs/rfc-template.md +229 -0
package/src/templates/docs/runbook-template.md +298 -0
package/src/templates/environments/minimal/.env.production +16 -0
package/src/templates/environments/minimal/README.md +54 -0
package/src/templates/environments/minimal/deploy-production.yml +52 -0
package/src/templates/environments/progressive/.env.qa +28 -0
package/src/templates/environments/progressive/README.md +129 -0
package/src/templates/environments/progressive/deploy-production.yml +93 -0
package/src/templates/environments/progressive/deploy-qa.yml +62 -0
package/src/templates/environments/progressive/deploy-staging.yml +67 -0
package/src/templates/environments/standard/.env.development +20 -0
package/src/templates/environments/standard/.env.production +30 -0
package/src/templates/environments/standard/.env.staging +23 -0
package/src/templates/environments/standard/README.md +97 -0
package/src/templates/environments/standard/deploy-production.yml +68 -0
package/src/templates/environments/standard/deploy-staging.yml +61 -0
package/src/templates/environments/standard/docker-compose.yml +43 -0
package/src/templates/increment-metadata-template.yaml +138 -0

package/src/agents/sre/modules/security-incidents.md ADDED Viewed

@@ -0,0 +1,421 @@
+# Security Incidents
+**Purpose**: Respond to security breaches, DDoS attacks, and unauthorized access attempts.
+**IMPORTANT**: For security incidents, SRE Agent collaborates with `security-agent` skill.
+## Incident Response Protocol
+### SEV1 Security Incidents (CRITICAL)
+**Immediate Actions** (First 5 minutes):
+1. **Isolate** affected systems
+2. **Preserve** evidence (logs, snapshots)
+3. **Notify** security team and management
+4. **Assess** scope of breach
+5. **Document** timeline
+**DO NOT**:
+- Delete logs (preserve evidence)
+- Reboot systems (unless absolutely necessary)
+- Make changes without documenting
+---
+## Common Security Incidents
+### 1. DDoS Attack
+**Symptoms**:
+- Sudden traffic spike (10x-100x normal)
+- Legitimate users can't access service
+- High bandwidth usage
+- Server overload
+**Diagnosis**:
+#### Check Traffic Patterns
+```bash
+# Check connections by IP
+netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -20
+# Check HTTP requests by IP (nginx)
+awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -20
+# Check requests per second
+tail -f /var/log/nginx/access.log | awk '{print $4}' | uniq -c
+```
+**Red flags**:
+- Single IP making thousands of requests
+- Requests from suspicious IPs (botnets)
+- High rate of 4xx errors (probing)
+- Unusual traffic patterns
+---
+#### Immediate Mitigation
+```bash
+# 1. Rate limiting (nginx)
+# Add to nginx.conf:
+limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
+limit_req zone=one burst=20 nodelay;
+# 2. Block suspicious IPs (iptables)
+iptables -A INPUT -s <ATTACKER_IP> -j DROP
+# 3. Enable DDoS protection (CloudFlare, AWS Shield)
+# CloudFlare: Enable "I'm Under Attack" mode
+# AWS: Enable AWS Shield Standard/Advanced
+# 4. Increase capacity (auto-scaling)
+# Scale up to handle traffic (if legitimate)
+```
+---
+### 2. Unauthorized Access / Data Breach
+**Symptoms**:
+- Alerts for failed login attempts
+- Successful login from unusual location
+- Unusual data access patterns
+- Data exfiltration detected
+**Diagnosis**:
+#### Check Access Logs
+```bash
+# Check authentication logs (Linux)
+grep "Failed password" /var/log/auth.log | tail -50
+# Check successful logins
+grep "Accepted password" /var/log/auth.log | tail -50
+# Check login attempts by IP
+awk '/Failed password/ {print $(NF-3)}' /var/log/auth.log | sort | uniq -c | sort -nr
+```
+**Red flags**:
+- Hundreds of failed login attempts (brute force)
+- Successful login from suspicious IP/location
+- Login at unusual time (3am)
+- Multiple accounts accessed from same IP
+---
+#### Immediate Response (SEV1)
+```bash
+# 1. ISOLATE: Disable compromised account
+# Application-level:
+UPDATE users SET disabled = true WHERE id = <COMPROMISED_USER_ID>;
+# System-level:
+passwd -l <username>  # Lock account
+# 2. PRESERVE: Copy logs for forensics
+cp /var/log/auth.log /forensics/auth.log.$(date +%Y%m%d)
+cp /var/log/nginx/access.log /forensics/access.log.$(date +%Y%m%d)
+# 3. ASSESS: Check what was accessed
+# Database audit logs
+# Application logs
+# File access logs
+# 4. NOTIFY: Alert security team
+# Email, Slack, PagerDuty
+# 5. DOCUMENT: Create incident timeline
+```
+---
+#### Long-term Mitigation
+- Force password reset for all users
+- Enable 2FA/MFA
+- Review access controls
+- Conduct security audit
+- Update security policies
+- Train users on security
+---
+### 3. SQL Injection Attempt
+**Symptoms**:
+- Unusual SQL queries in logs
+- 500 errors with SQL syntax messages
+- Alerts from WAF (Web Application Firewall)
+**Diagnosis**:
+#### Check Application Logs
+```bash
+# Look for SQL injection patterns
+grep -E "(SELECT|INSERT|UPDATE|DELETE).*FROM.*WHERE" /var/log/application.log
+# Look for SQL errors
+grep "SQLException\|SQL syntax" /var/log/application.log
+# Check for malicious patterns
+grep -E "(\'\s*OR\s*\'|\-\-|UNION\s+SELECT)" /var/log/nginx/access.log
+```
+**Example Malicious Request**:
+```
+GET /api/users?id=1' OR '1'='1
+GET /api/users?id=1; DROP TABLE users;--
+```
+---
+#### Immediate Response
+```bash
+# 1. Block attacker IP
+iptables -A INPUT -s <ATTACKER_IP> -j DROP
+# 2. Enable WAF rule (ModSecurity, AWS WAF)
+# Block requests with SQL keywords
+# 3. Check database for unauthorized changes
+# Compare current schema with backup
+# Check audit logs for suspicious queries
+# 4. Review application code
+# Use parameterized queries, not string concatenation
+```
+**Long-term Fix**:
+```javascript
+// BAD: SQL injection vulnerable
+const query = `SELECT * FROM users WHERE id = ${req.query.id}`;
+// GOOD: Parameterized query
+const query = 'SELECT * FROM users WHERE id = ?';
+db.query(query, [req.query.id]);
+```
+---
+### 4. Malware / Crypto Mining
+**Symptoms**:
+- High CPU usage (100%)
+- Unusual network traffic (to crypto pool)
+- Unknown processes running
+- Server slow
+**Diagnosis**:
+#### Check Running Processes
+```bash
+# Check CPU usage by process
+top -bn1 | head -20
+# Check all processes
+ps aux | sort -nrk 3,3 | head -20
+# Check for suspicious processes
+ps aux | grep -v -E "^(root|www-data|mysql|postgres)"
+# Check network connections
+netstat -tunap | grep ESTABLISHED
+```
+**Red flags**:
+- Unknown process using 100% CPU
+- Connections to crypto mining pools
+- Processes running as unexpected user
+- Processes with random names (xmrig, minerd)
+---
+#### Immediate Response
+```bash
+# 1. Kill malicious process
+kill -9 <PID>
+# 2. Find and remove malware
+find / -name "<PROCESS_NAME>" -delete
+# 3. Check for persistence mechanisms
+crontab -l                    # Cron jobs
+cat /etc/rc.local             # Startup scripts
+systemctl list-unit-files     # Systemd services
+# 4. Change all credentials
+# Root password
+# SSH keys
+# Database passwords
+# API keys
+# 5. Restore from clean backup (if available)
+```
+---
+### 5. Insider Threat / Data Exfiltration
+**Symptoms**:
+- Large data downloads
+- Database dump exports
+- Unusual file transfers
+- After-hours access
+**Diagnosis**:
+#### Check Data Access Logs
+```bash
+# Check database queries (large exports)
+grep "SELECT.*FROM" /var/log/postgresql/postgresql.log | grep -E "LIMIT\s+[0-9]{5,}"
+# Check file downloads (nginx)
+awk '$10 > 10000000 {print $1, $7, $10}' /var/log/nginx/access.log
+# Check SSH file transfers
+grep "sftp\|scp" /var/log/auth.log
+```
+**Red flags**:
+- SELECT with no LIMIT (full table export)
+- Large file downloads (>10MB)
+- Multiple consecutive downloads
+- Access from unusual location
+---
+#### Immediate Response
+```bash
+# 1. Disable account
+UPDATE users SET disabled = true WHERE id = <USER_ID>;
+# 2. Preserve evidence
+cp /var/log/* /forensics/
+# 3. Assess damage
+# What data was accessed?
+# What data was exported?
+# What systems were compromised?
+# 4. Legal/compliance notification
+# GDPR: Notify within 72 hours
+# HIPAA: Notify within 60 days
+# PCI-DSS: Immediate notification
+# 5. Incident report
+```
+---
+## Security Incident Checklist
+**When security incident detected**:
+### Phase 1: Immediate Response (0-5 min)
+- [ ] Classify severity (SEV1/SEV2/SEV3)
+- [ ] Isolate affected systems
+- [ ] Preserve evidence (logs, snapshots)
+- [ ] Notify security team
+- [ ] Document timeline (start timestamp)
+### Phase 2: Assessment (5-30 min)
+- [ ] Identify attack vector
+- [ ] Assess scope (what was compromised?)
+- [ ] Check for data exfiltration
+- [ ] Identify attacker (IP, location, identity)
+- [ ] Determine if ongoing or stopped
+### Phase 3: Containment (30 min - 2 hours)
+- [ ] Block attacker access
+- [ ] Close vulnerability
+- [ ] Revoke compromised credentials
+- [ ] Remove malware/backdoors
+- [ ] Restore from clean backup (if needed)
+### Phase 4: Recovery (2 hours - days)
+- [ ] Restore normal operations
+- [ ] Verify no persistence mechanisms
+- [ ] Monitor for re-infection
+- [ ] Change all credentials
+- [ ] Apply security patches
+### Phase 5: Post-Incident (1 week)
+- [ ] Complete post-mortem
+- [ ] Legal/compliance notifications
+- [ ] Security audit
+- [ ] Update security policies
+- [ ] Train team on lessons learned
+---
+## Collaboration with Security Agent
+**SRE Agent Role**:
+- Initial detection and triage
+- Immediate containment
+- Preserve evidence
+- Restore service
+**Security Agent Role** (handoff):
+- Forensic analysis
+- Legal compliance
+- Security audit
+- Policy updates
+**Handoff Protocol**:
+```
+SRE: Detects security incident → Immediate containment
+SRE: Preserves evidence → Creates incident report
+SRE: Hands off to Security Agent
+Security Agent: Forensic analysis → Legal compliance → Long-term fixes
+SRE: Implements security fixes → Updates runbook
+```
+---
+## Security Metrics
+**Detection Time**:
+- SEV1: <5 minutes from first indicator
+- SEV2: <30 minutes
+- SEV3: <24 hours
+**Response Time**:
+- SEV1: Containment within 30 minutes
+- SEV2: Containment within 2 hours
+- SEV3: Containment within 24 hours
+**False Positives**:
+- Target: <5% of security alerts
+---
+## Related Documentation
+- [SKILL.md](../SKILL.md) - Main SRE agent
+- [infrastructure.md](infrastructure.md) - Server security hardening
+- [monitoring.md](monitoring.md) - Security monitoring setup
+- `security-agent` skill - Full security expertise (handoff for forensics)
+---
+## Important Notes
+**For SRE Agent**:
+- Focus on IMMEDIATE containment and service restoration
+- Preserve evidence (don't delete logs!)
+- Hand off to `security-agent` for forensic analysis
+- Document everything with timestamps
+- Blameless post-mortem (focus on systems, not people)
+**Legal Compliance**:
+- GDPR: Notify within 72 hours of breach
+- HIPAA: Notify within 60 days
+- PCI-DSS: Immediate notification to card brands
+- SOC 2: Document in audit trail
+**Evidence Preservation**:
+- Copy logs before any changes
+- Take disk/memory snapshots
+- Document all actions taken
+- Preserve chain of custody

package/src/agents/sre/modules/ui-diagnostics.md ADDED Viewed

@@ -0,0 +1,302 @@
+# UI/Frontend Diagnostics
+**Purpose**: Troubleshoot frontend performance, rendering, and user experience issues.
+## Common UI Issues
+### 1. Slow Page Load
+**Symptoms**:
+- Users report long loading times
+- Lighthouse score <50
+- Time to Interactive (TTI) >5 seconds
+**Diagnosis**:
+#### Check Bundle Size
+```bash
+# Check JavaScript bundle size
+ls -lh dist/*.js
+# Analyze bundle composition
+npx webpack-bundle-analyzer dist/stats.json
+# Check for large dependencies
+npm ls --depth=0
+```
+**Red flags**:
+- Main bundle >500KB
+- Unused dependencies in bundle
+- Multiple copies of same library
+**Mitigation**:
+- Code splitting: `import()` for dynamic imports
+- Tree shaking: Remove unused code
+- Lazy loading: Load components on demand
+---
+#### Check Network Requests
+```bash
+# Chrome DevTools → Network tab
+# Look for:
+# - Number of requests (>100 = too many)
+# - Large assets (images >200KB)
+# - Slow API calls (>1s)
+```
+**Red flags**:
+- Waterfall pattern (sequential loading)
+- Large uncompressed images
+- Blocking requests
+**Mitigation**:
+- Image optimization: WebP, lazy loading
+- HTTP/2: Multiplexing
+- CDN: Cache static assets
+---
+#### Check Render Performance
+```bash
+# Chrome DevTools → Performance tab
+# Record page load, check:
+# - Long tasks (>50ms)
+# - Layout thrashing
+# - JavaScript execution time
+```
+**Red flags**:
+- Long tasks blocking main thread
+- Multiple layout recalculations
+- Heavy JavaScript computation
+**Mitigation**:
+- Web Workers: Move heavy computation off main thread
+- requestIdleCallback: Defer non-critical work
+- Virtual scrolling: Render only visible items
+---
+### 2. Memory Leak (UI)
+**Symptoms**:
+- Browser tab becomes slow over time
+- Memory usage increases continuously
+- Browser eventually crashes
+**Diagnosis**:
+#### Chrome DevTools → Memory
+```bash
+# Take heap snapshot before/after user interaction
+# Compare snapshots
+# Look for:
+# - Detached DOM nodes
+# - Event listeners not removed
+# - Growing arrays/objects
+```
+**Red flags**:
+- Detached DOM elements increasing
+- Event listeners not garbage collected
+- Timers/intervals not cleared
+**Mitigation**:
+```javascript
+// Clean up event listeners
+componentWillUnmount() {
+  element.removeEventListener('click', handler);
+  clearInterval(this.intervalId);
+  clearTimeout(this.timeoutId);
+}
+// Use WeakMap for DOM references
+const cache = new WeakMap();
+```
+---
+### 3. Unresponsive UI
+**Symptoms**:
+- Clicks don't register
+- Input lag
+- Frozen UI
+**Diagnosis**:
+#### Check Main Thread
+```bash
+# Chrome DevTools → Performance
+# Look for:
+# - Long tasks (>50ms)
+# - Blocking JavaScript
+# - Forced synchronous layout
+```
+**Red flags**:
+- JavaScript blocking >100ms
+- Synchronous XHR requests
+- Layout thrashing (read → write → read)
+**Mitigation**:
+```javascript
+// Break up long tasks
+async function processLargeArray(items) {
+  for (let i = 0; i < items.length; i++) {
+    await processItem(items[i]);
+    // Yield to main thread every 100 items
+    if (i % 100 === 0) {
+      await new Promise(resolve => setTimeout(resolve, 0));
+    }
+  }
+}
+// Use requestIdleCallback
+requestIdleCallback(() => {
+  // Non-critical work
+});
+```
+---
+### 4. White Screen / Failed Render
+**Symptoms**:
+- Blank page
+- Error boundary triggered
+- Console errors
+**Diagnosis**:
+#### Check Console Errors
+```bash
+# Chrome DevTools → Console
+# Look for:
+# - Uncaught exceptions
+# - Network errors (failed chunks)
+# - CORS errors
+```
+**Common causes**:
+- JavaScript error in render
+- Failed to load chunk (code splitting)
+- CORS blocking API calls
+- Missing dependencies
+**Mitigation**:
+```javascript
+// Error boundary
+class ErrorBoundary extends React.Component {
+  componentDidCatch(error, errorInfo) {
+    logErrorToService(error, errorInfo);
+  }
+  render() {
+    if (this.state.hasError) {
+      return <ErrorFallback />;
+    }
+    return this.props.children;
+  }
+}
+// Retry failed chunk loads
+const retryImport = (fn, retriesLeft = 3) => {
+  return new Promise((resolve, reject) => {
+    fn()
+      .then(resolve)
+      .catch(error => {
+        if (retriesLeft === 0) {
+          reject(error);
+        } else {
+          setTimeout(() => {
+            retryImport(fn, retriesLeft - 1).then(resolve, reject);
+          }, 1000);
+        }
+      });
+  });
+};
+```
+---
+## UI Performance Metrics
+**Core Web Vitals**:
+- **LCP** (Largest Contentful Paint): <2.5s (good), <4s (needs improvement), >4s (poor)
+- **FID** (First Input Delay): <100ms (good), <300ms (needs improvement), >300ms (poor)
+- **CLS** (Cumulative Layout Shift): <0.1 (good), <0.25 (needs improvement), >0.25 (poor)
+**Other Metrics**:
+- **TTFB** (Time to First Byte): <200ms
+- **FCP** (First Contentful Paint): <1.8s
+- **TTI** (Time to Interactive): <3.8s
+**Measurement**:
+```javascript
+// Web Vitals library
+import {getLCP, getFID, getCLS} from 'web-vitals';
+getLCP(console.log);
+getFID(console.log);
+getCLS(console.log);
+```
+---
+## Common UI Anti-Patterns
+### 1. Render Everything Upfront
+**Problem**: Rendering 10,000 items at once
+**Solution**: Virtual scrolling, pagination, infinite scroll
+### 2. No Code Splitting
+**Problem**: 5MB JavaScript bundle loaded upfront
+**Solution**: Route-based code splitting, lazy loading
+### 3. Large Images
+**Problem**: 5MB PNG images
+**Solution**: WebP, compression, lazy loading, responsive images
+### 4. Blocking JavaScript
+**Problem**: Heavy computation on main thread
+**Solution**: Web Workers, requestIdleCallback, async/await
+### 5. Memory Leaks
+**Problem**: Event listeners not removed, timers not cleared
+**Solution**: Cleanup in componentWillUnmount, WeakMap
+---
+## UI Diagnostic Checklist
+**When diagnosing slow UI**:
+- [ ] Check bundle size (target: <500KB gzipped)
+- [ ] Check number of network requests (target: <50)
+- [ ] Check Core Web Vitals (LCP <2.5s, FID <100ms, CLS <0.1)
+- [ ] Check for JavaScript errors in console
+- [ ] Check render performance (no long tasks >50ms)
+- [ ] Check memory usage (no continuous growth)
+- [ ] Check for CORS errors
+- [ ] Check for failed chunk loads
+- [ ] Check image sizes (target: <200KB per image)
+- [ ] Check for blocking resources
+**Tools**:
+- Chrome DevTools (Network, Performance, Memory, Console)
+- Lighthouse
+- Web Vitals library
+- webpack-bundle-analyzer
+- React DevTools Profiler
+---
+## Related Documentation
+- [SKILL.md](../SKILL.md) - Main SRE agent
+- [backend-diagnostics.md](backend-diagnostics.md) - Backend troubleshooting
+- [monitoring.md](monitoring.md) - Observability tools