tribunal-kit 2.4.6 → 3.1.0

package/.agent/skills/powershell-windows/SKILL.md

@@ -1,230 +1,112 @@
 ---
 name: powershell-windows
-description: PowerShell Windows patterns. Critical pitfalls, operator syntax, error handling.
+description: PowerShell and Windows environment mastery. Object-oriented piping, strict error handling (ErrorActionPreference), PSProviders, active directory querying, credential management, and execution policies. Use when automating Azure, Windows environments, or writing .ps1 scripts.
 allowed-tools: Read, Write, Edit, Glob, Grep
-version: 1.0.0
-last-updated: 2026-03-12
+version: 2.0.0
+last-updated: 2026-04-02
 applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
 ---
 
-# PowerShell on Windows
-
-> PowerShell is not bash with a Windows accent.
-> It is object-based, not text-based. That changes everything.
+# PowerShell — Windows Automation Mastery
 
 ---
 
-## Core Difference: Objects, Not Text
+## 1. The Object Pipeline
 
-Every PowerShell command returns objects, not strings. This is the foundational difference from bash.
+Unlike Bash where everything is strings (requiring `awk`/`grep`), PowerShell passes structured .NET class instances between commands.
 
 ```powershell
-# bash: 'ls' returns text you parse
-ls -la | awk '{print $9}'
-
-# PowerShell: Get-ChildItem returns objects you access directly
-Get-ChildItem | Select-Object Name, Length
-(Get-ChildItem ".\src").Count   # count files directly
-```
-
-This means string parsing (grep, awk, cut) is often unnecessary in PowerShell.
-
----
+# ❌ BAD: Attempting to treat PowerShell like Bash (String Parsing)
+Get-Process | Out-String -Stream | Select-String "node" | ForEach-Object { $id = ($_ -split '\s+')[8]; Stop-Process -Id $id }
 
-## Critical Operator Pitfalls
+# ✅ GOOD: Accessing Object Properties Directly
+Get-Process -Name "node" | Stop-Process -Force
 
-PowerShell comparison operators use letters, not symbols:
+# Filtering objects (Where-Object)
+Get-Service | Where-Object Status -eq 'Running' | Select-Object Name, DisplayName
 
-| Operation | PowerShell | NOT This |
-|---|---|---|
-| Equal | `-eq` | `==` |
-| Not equal | `-ne` | `!=` |
-| Greater than | `-gt` | `>` |
-| Less than | `-lt` | `<` |
-| Like (wildcard) | `-like "*.ts"` | — |
-| Match (regex) | `-match "pattern"` | — |
-| Contains | `-contains "val"` | — |
-
-```powershell
-# ❌ This doesn't compare — it redirects output
-if ($count == 5) { ... }
-
-# ✅ Correct PowerShell comparison
-if ($count -eq 5) { ... }
+# Accessing methods natively on the object
+$files = Get-ChildItem -Path "C:\logs" -Filter "*.log"
+$files | ForEach-Object { $_.Delete() }
 ```
 
 ---
 
-## Path Handling
+## 2. Strict Error Handling (The Windows equivalent of set -e)
 
-Windows paths have backslashes but PowerShell handles both:
+By default, PowerShell prints an error but keeps running. You MUST enforce strict halting for automation scripts.
 
 ```powershell
-# Both work in PowerShell
-$path = "C:\Users\username\project"
-$path = "C:/Users/username/project"
+# Mandatory header for reliable automation scripts
+$ErrorActionPreference = "Stop"
+Set-StrictMode -Version Latest
 
-# Use Join-Path for safe cross-platform joins
-$full = Join-Path $env:USERPROFILE "Desktop\project"
-
-# Resolve to absolute path
-$abs = Resolve-Path ".\relative\path"
-
-# Test existence before using
-if (Test-Path $path) { ... }
-if (Test-Path $path -PathType Container) { ... }  # is it a directory?
-if (Test-Path $path -PathType Leaf) { ... }        # is it a file?
-```
-
----
-
-## Error Handling
-
-PowerShell has two error types: terminating and non-terminating.
-
-```powershell
-# Stop on any error (like bash set -e)
-$ErrorActionPreference = 'Stop'
-
-# Try/Catch only catches terminating errors
 try {
-  Remove-Item "nonexistent.txt" -ErrorAction Stop
+    # If this fails, it jumps straight to catch block instead of continuing
+    Copy-Item "C:\Source\configs.json" -Destination "C:\Dest\"
+    
+    $config = Get-Content "C:\Dest\configs.json" | ConvertFrom-Json
 } catch {
-  Write-Host "Error: $_" -ForegroundColor Red
-  exit 1
-}
-
-# Handle non-terminating errors
-$result = Get-Item "maybe.txt" -ErrorAction SilentlyContinue
-if (-not $result) {
-  Write-Host "File not found"
+    Write-Error "Deployment failed during config copy: $_"
+    exit 1
+} finally {
+    # Cleanup block executes regardless of success or failure
+    Remove-Item "C:\Dest\temp" -Recurse -ErrorAction Ignore
 }
 ```
 
 ---
 
-## String Handling
+## 3. Execution Policies & Execution
 
-```powershell
-# Single quotes = literal (no variable expansion)
-$name = 'world'
-Write-Host 'Hello $name'   # outputs: Hello $name
-
-# Double quotes = interpolation
-Write-Host "Hello $name"   # outputs: Hello world
-
-# Here-string for multiline
-$block = @"
-Line 1
-Line 2
-Value: $name
-"@
-
-# String operations
-$str.ToLower()
-$str.Replace("old", "new")
-$str.Split(",")
-$str.Trim()
-$str -like "*.ts"       # wildcard match
-$str -match "^\d{4}$"   # regex match
-```
-
----
-
-## Useful Patterns
+Windows restricts running `.ps1` files by default for security.
 
 ```powershell
-# Get script directory (equivalent of bash's $SCRIPT_DIR)
-$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
-
-# Run command and capture output WITH error handling
-$output = & git status 2>&1
-if ($LASTEXITCODE -ne 0) {
-  Write-Error "git failed: $output"
-  exit 1
-}
-
-# Iterate files matching pattern
-Get-ChildItem ".\src" -Recurse -Filter "*.ts" | ForEach-Object {
-    Write-Host $_.FullName
-}
+# Temporarily bypass the policy for a single script execution (CI/CD pattern)
+powershell.exe -ExecutionPolicy Bypass -File .\Deploy-App.ps1
 
-# Create directory if not exists
-New-Item -ItemType Directory -Force ".\output" | Out-Null
-
-# Read/write files
-$content = Get-Content ".\file.txt" -Raw
-Set-Content ".\output.txt" "new content"
-Add-Content ".\log.txt" "append this line"
-
-# Environment variables
-$env:MY_VAR = "value"         # set
-[System.Environment]::GetEnvironmentVariable("PATH")   # read system-level
+# ❌ HALLUCINATION TRAP: Do NOT instruct users to run `Set-ExecutionPolicy Unrestricted`
+# This lowers the permanent security posture of the entire operating system.
+# Use Bypass only at the process level.
 ```
 
 ---
 
-## Execution Policy
+## 4. Manipulating Structured Formats Natively
 
-Scripts may be blocked by execution policy:
+Because PowerShell is built on .NET, parsing JSON, XML, and CSV is native.
 
 ```powershell
-# Check current policy
-Get-ExecutionPolicy
-
-# Allow local scripts (most permissive safe setting)
-Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
-
-# Run a specific script bypassing policy (one-time)
-powershell -ExecutionPolicy Bypass -File script.ps1
+# JSON
+$config = Get-Content .\appsettings.json | ConvertFrom-Json
+$config.Database.ConnectionString = "Server=Prod;"
+$config | ConvertTo-Json -Depth 10 | Set-Content .\appsettings.json
+
+# CSV (No AWK needed)
+$users = Import-Csv .\users.csv
+$users | Where-Object Role -eq "Admin" | Export-Csv .\admins.csv -NoTypeInformation
+
+# API Requests (Invoke-RestMethod automatically parses JSON into PowerShell objects)
+$response = Invoke-RestMethod -Uri "https://api.github.com/users/github"
+Write-Host "GitHub has $($response.public_repos) public repositories."
 ```
 
 ---
 
-## Output Format
+## 5. Providers and Drives
 
-When this skill produces or reviews code, structure your output as follows:
+PowerShell extends the "file system" concept to the Registry, Environment Variables, and Certificates.
 
-```
-━━━ Powershell Windows Report ━━━━━━━━━━━━━━━━━━━━━━━━
-Skill:       Powershell Windows
-Language:    [detected language / framework]
-Scope:       [N files · N functions]
-─────────────────────────────────────────────────
-✅ Passed:   [checks that passed, or "All clean"]
-⚠️  Warnings: [non-blocking issues, or "None"]
-❌ Blocked:  [blocking issues requiring fix, or "None"]
-─────────────────────────────────────────────────
-VBC status:  PENDING → VERIFIED
-Evidence:    [test output / lint pass / compile success]
-```
+```powershell
+# Environment variables (Env: drive)
+$env:PATH += ";C:\Custom\Bin"
+Write-Host $env:COMPUTERNAME
 
-**VBC (Verification-Before-Completion) is mandatory.**
-Do not mark status as VERIFIED until concrete terminal evidence is provided.
+# Registry (HKCU: and HKLM: drives)
+Get-ChildItem -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run"
 
+# Certificates (Cert: drive)
+Get-ChildItem -Path "Cert:\LocalMachine\My" | Where-Object Subject -match "example.com"
+```
 
 ---
-
-## 🏛️ Tribunal Integration (Anti-Hallucination)
-
-**Slash command: `/audit` or `/review`**
-**Active reviewers: `logic` · `security` · `devops`**
-
-### ❌ Forbidden AI Tropes in PowerShell
-
-1. **Using Bash Operators** — writing `==` or `!=` instead of `-eq` or `-ne`.
-2. **Text Parsing Over Objects** — extracting properties with regex instead of just accessing `$obj.Property`.
-3. **Ignoring Execution Policies** — writing scripts without considering that they might be blocked on the user's machine.
-4. **Silent Failures** — relying on generic `catch` blocks without understanding terminating vs non-terminating errors.
-5. **Path Separator Errors** — failing to wrap path operations in safe cmdlets like `Join-Path` or `Test-Path`.
-
-### ✅ Pre-Flight Self-Audit
-
-Review these questions before generating PowerShell commands:
-```
-✅ Did I use the correct comparison operators (e.g., `-gt`, `-like`)?
-✅ Did I leverage PowerShell's object pipeline instead of parsing text?
-✅ Are paths safely manipulated (e.g., `Join-Path`) to handle Windows backslashes correctly?
-✅ Are potential non-terminating errors handled explicitly?
-✅ Will this script require an execution policy bypass, and did I note that for the user?
-```

package/.agent/skills/python-patterns/SKILL.md

@@ -9,21 +9,18 @@ applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
 
 # Python Development Principles
 
-> Python's flexibility is its greatest weakness.
-> Without conventions, every project ends up with its own unpredictable shape.
-
 ---
 
 ## Framework Selection
 
-| Use Case | Recommended | When to Use |
+|Use Case|Recommended|When to Use|
 |---|---|---|
-| REST API, general-purpose | FastAPI | Type-safe, async, auto-docs via OpenAPI |
-| REST API, batteries-included | Django + DRF | Rapid development, ORM included, admin panel |
-| Microservice / minimal API | Flask | Simple, no overhead, full control |
-| Data pipeline / ETL | No framework | Standard library + pandas/polars as needed |
-| CLI tool | Click or Typer | Better than argparse for complex CLIs |
-| Async task queue | Celery + Redis | Background jobs, scheduled tasks |
+|REST API, general-purpose|FastAPI|Type-safe, async, auto-docs via OpenAPI|
+|REST API, batteries-included|Django + DRF|Rapid development, ORM included, admin panel|
+|Microservice / minimal API|Flask|Simple, no overhead, full control|
+|Data pipeline / ETL|No framework|Standard library + pandas/polars as needed|
+|CLI tool|Click or Typer|Better than argparse for complex CLIs|
+|Async task queue|Celery + Redis|Background jobs, scheduled tasks|
 
 **Decision question:** Does this need an ORM, admin panel, and auth out of the box? → Django. Does it need type-safe inputs with automatic validation? → FastAPI. Is it small and needs nothing? → Flask.
 
@@ -201,29 +198,4 @@ Evidence:    [test output / lint pass / compile success]
 **VBC (Verification-Before-Completion) is mandatory.**
 Do not mark status as VERIFIED until concrete terminal evidence is provided.
 
-
 ---
-
-## 🏛️ Tribunal Integration (Anti-Hallucination)
-
-**Slash command: `/tribunal-backend`**
-**Active reviewers: `logic` · `security` · `dependency` · `type-safety`**
-
-### ❌ Forbidden AI Tropes in Python
-
-1. **Missing Type Hints** — writing `def func(a, b):` instead of fully typing parameters and return values.
-2. **Bare `except:` blocks** — catching all exceptions blindly without logging or raising `AppError`.
-3. **`requirements.txt` over `pyproject.toml`** — hallucinating outdated dependency management practices.
-4. **Blocking the async event loop** — writing synchronous I/O or `time.sleep()` inside an `async def` FastAPI route.
-5. **Assuming Django for microservices** — defaulting to a massive framework when `FastAPI` or `Flask` fits better.
-
-### ✅ Pre-Flight Self-Audit
-
-Review these questions before generating Python code:
-```
-✅ Are all function parameters and return types strictly typed?
-✅ Did I use the modern toolchain (`uv`/`poetry`, `ruff`, `mypy`)?
-✅ Did I accidentally block the async event loop with sync code?
-✅ Are domain errors properly caught and mapped to HTTP status codes without leaking stack traces?
-✅ Is my dependency selection precise and explicitly declared in `pyproject.toml`?
-```