claude-mpm 4.16.0__py3-none-any.whl → 4.25.10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of claude-mpm might be problematic. Click here for more details.
- claude_mpm/VERSION +1 -1
- claude_mpm/agents/BASE_ENGINEER.md +286 -0
- claude_mpm/agents/BASE_PM.md +272 -23
- claude_mpm/agents/OUTPUT_STYLE.md +3 -48
- claude_mpm/agents/PM_INSTRUCTIONS.md +1821 -32
- claude_mpm/agents/WORKFLOW.md +75 -2
- claude_mpm/agents/agent_loader.py +4 -4
- claude_mpm/agents/base_agent.json +6 -3
- claude_mpm/agents/frontmatter_validator.py +1 -1
- claude_mpm/agents/templates/api_qa.json +5 -2
- claude_mpm/agents/templates/circuit_breakers.md +108 -2
- claude_mpm/agents/templates/documentation.json +33 -6
- claude_mpm/agents/templates/engineer.json +5 -1
- claude_mpm/agents/templates/javascript_engineer_agent.json +380 -0
- claude_mpm/agents/templates/php-engineer.json +10 -4
- claude_mpm/agents/templates/pm_red_flags.md +89 -19
- claude_mpm/agents/templates/project_organizer.json +7 -3
- claude_mpm/agents/templates/python_engineer.json +8 -3
- claude_mpm/agents/templates/qa.json +2 -1
- claude_mpm/agents/templates/react_engineer.json +1 -0
- claude_mpm/agents/templates/research.json +82 -12
- claude_mpm/agents/templates/rust_engineer.json +12 -7
- claude_mpm/agents/templates/security.json +4 -4
- claude_mpm/agents/templates/svelte-engineer.json +225 -0
- claude_mpm/agents/templates/tauri_engineer.json +274 -0
- claude_mpm/agents/templates/ticketing.json +10 -6
- claude_mpm/agents/templates/version_control.json +4 -2
- claude_mpm/agents/templates/web_qa.json +2 -1
- claude_mpm/cli/README.md +253 -0
- claude_mpm/cli/__init__.py +11 -1
- claude_mpm/cli/commands/__init__.py +2 -0
- claude_mpm/cli/commands/aggregate.py +1 -1
- claude_mpm/cli/commands/analyze.py +3 -3
- claude_mpm/cli/commands/cleanup.py +1 -1
- claude_mpm/cli/commands/configure_agent_display.py +4 -4
- claude_mpm/cli/commands/debug.py +12 -12
- claude_mpm/cli/commands/hook_errors.py +277 -0
- claude_mpm/cli/commands/mcp_install_commands.py +1 -1
- claude_mpm/cli/commands/mcp_install_commands.py.backup +284 -0
- claude_mpm/cli/commands/mpm_init/README.md +365 -0
- claude_mpm/cli/commands/mpm_init/__init__.py +73 -0
- claude_mpm/cli/commands/mpm_init/core.py +573 -0
- claude_mpm/cli/commands/mpm_init/display.py +341 -0
- claude_mpm/cli/commands/mpm_init/git_activity.py +427 -0
- claude_mpm/cli/commands/mpm_init/modes.py +397 -0
- claude_mpm/cli/commands/mpm_init/prompts.py +442 -0
- claude_mpm/cli/commands/mpm_init_cli.py +396 -0
- claude_mpm/cli/commands/mpm_init_handler.py +67 -1
- claude_mpm/cli/commands/run.py +124 -128
- claude_mpm/cli/commands/skills.py +922 -0
- claude_mpm/cli/executor.py +58 -0
- claude_mpm/cli/interactive/agent_wizard.py +5 -5
- claude_mpm/cli/parsers/base_parser.py +35 -0
- claude_mpm/cli/parsers/mpm_init_parser.py +42 -0
- claude_mpm/cli/parsers/skills_parser.py +275 -0
- claude_mpm/cli/startup.py +168 -8
- claude_mpm/cli/startup_display.py +480 -0
- claude_mpm/cli/utils.py +1 -1
- claude_mpm/cli_module/commands.py +1 -1
- claude_mpm/cli_module/refactoring_guide.md +253 -0
- claude_mpm/commands/mpm-auto-configure.md +52 -0
- claude_mpm/commands/mpm-help.md +6 -0
- claude_mpm/commands/mpm-init.md +130 -8
- claude_mpm/commands/mpm-resume.md +372 -0
- claude_mpm/commands/mpm-tickets.md +56 -7
- claude_mpm/commands/mpm-version.md +113 -0
- claude_mpm/commands/mpm.md +2 -0
- claude_mpm/config/agent_capabilities.yaml +658 -0
- claude_mpm/config/agent_config.py +2 -2
- claude_mpm/config/async_logging_config.yaml +145 -0
- claude_mpm/constants.py +24 -0
- claude_mpm/core/.claude-mpm/logs/hooks_20250730.log +34 -0
- claude_mpm/core/api_validator.py +1 -1
- claude_mpm/core/claude_runner.py +14 -1
- claude_mpm/core/config.py +50 -0
- claude_mpm/core/constants.py +1 -1
- claude_mpm/core/factories.py +1 -1
- claude_mpm/core/framework/processors/metadata_processor.py +1 -1
- claude_mpm/core/hook_error_memory.py +381 -0
- claude_mpm/core/hook_manager.py +41 -2
- claude_mpm/core/interactive_session.py +48 -3
- claude_mpm/core/interfaces.py +56 -1
- claude_mpm/core/logger.py +3 -1
- claude_mpm/core/oneshot_session.py +39 -0
- claude_mpm/core/optimized_agent_loader.py +3 -3
- claude_mpm/d2/.gitignore +22 -0
- claude_mpm/d2/ARCHITECTURE_COMPARISON.md +273 -0
- claude_mpm/d2/FLASK_INTEGRATION.md +156 -0
- claude_mpm/d2/IMPLEMENTATION_SUMMARY.md +452 -0
- claude_mpm/d2/QUICKSTART.md +186 -0
- claude_mpm/d2/README.md +232 -0
- claude_mpm/d2/STORE_FIX_SUMMARY.md +167 -0
- claude_mpm/d2/SVELTE5_STORES_GUIDE.md +180 -0
- claude_mpm/d2/TESTING.md +288 -0
- claude_mpm/d2/index.html +118 -0
- claude_mpm/d2/package.json +19 -0
- claude_mpm/d2/src/App.svelte +110 -0
- claude_mpm/d2/src/components/Header.svelte +153 -0
- claude_mpm/d2/src/components/MainContent.svelte +74 -0
- claude_mpm/d2/src/components/Sidebar.svelte +85 -0
- claude_mpm/d2/src/components/tabs/EventsTab.svelte +326 -0
- claude_mpm/d2/src/lib/socketio.js +144 -0
- claude_mpm/d2/src/main.js +7 -0
- claude_mpm/d2/src/stores/events.js +114 -0
- claude_mpm/d2/src/stores/socket.js +108 -0
- claude_mpm/d2/src/stores/theme.js +65 -0
- claude_mpm/d2/svelte.config.js +12 -0
- claude_mpm/d2/vite.config.js +15 -0
- claude_mpm/dashboard/.claude-mpm/memories/README.md +36 -0
- claude_mpm/dashboard/BUILD_NUMBER +1 -0
- claude_mpm/dashboard/README.md +121 -0
- claude_mpm/dashboard/VERSION +1 -0
- claude_mpm/dashboard/react/components/DataInspector/DataInspector.tsx +273 -0
- claude_mpm/dashboard/react/components/ErrorBoundary.tsx +75 -0
- claude_mpm/dashboard/react/components/EventViewer/EventViewer.tsx +141 -0
- claude_mpm/dashboard/react/components/shared/ConnectionStatus.tsx +36 -0
- claude_mpm/dashboard/react/components/shared/FilterBar.tsx +89 -0
- claude_mpm/dashboard/react/contexts/DashboardContext.tsx +215 -0
- claude_mpm/dashboard/react/entries/events.tsx +165 -0
- claude_mpm/dashboard/react/hooks/useEvents.ts +191 -0
- claude_mpm/dashboard/react/hooks/useSocket.ts +225 -0
- claude_mpm/dashboard/static/built/REFACTORING_SUMMARY.md +170 -0
- claude_mpm/dashboard/static/built/components/activity-tree.js.map +1 -0
- claude_mpm/dashboard/static/built/components/agent-hierarchy.js +101 -101
- claude_mpm/dashboard/static/built/components/agent-inference.js.map +1 -0
- claude_mpm/dashboard/static/built/components/build-tracker.js +59 -59
- claude_mpm/dashboard/static/built/components/code-simple.js +107 -107
- claude_mpm/dashboard/static/built/components/code-tree/tree-breadcrumb.js +29 -29
- claude_mpm/dashboard/static/built/components/code-tree/tree-constants.js +24 -24
- claude_mpm/dashboard/static/built/components/code-tree/tree-search.js +27 -27
- claude_mpm/dashboard/static/built/components/code-tree/tree-utils.js +25 -25
- claude_mpm/dashboard/static/built/components/code-tree.js.map +1 -0
- claude_mpm/dashboard/static/built/components/code-viewer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/connection-debug.js +101 -101
- claude_mpm/dashboard/static/built/components/diff-viewer.js +113 -113
- claude_mpm/dashboard/static/built/components/event-processor.js.map +1 -0
- claude_mpm/dashboard/static/built/components/event-viewer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/export-manager.js.map +1 -0
- claude_mpm/dashboard/static/built/components/file-change-tracker.js +57 -57
- claude_mpm/dashboard/static/built/components/file-change-viewer.js +74 -74
- claude_mpm/dashboard/static/built/components/file-tool-tracker.js.map +1 -0
- claude_mpm/dashboard/static/built/components/file-viewer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/hud-library-loader.js.map +1 -0
- claude_mpm/dashboard/static/built/components/hud-manager.js.map +1 -0
- claude_mpm/dashboard/static/built/components/hud-visualizer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/module-viewer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/session-manager.js.map +1 -0
- claude_mpm/dashboard/static/built/components/socket-manager.js.map +1 -0
- claude_mpm/dashboard/static/built/components/ui-state-manager.js.map +1 -0
- claude_mpm/dashboard/static/built/components/unified-data-viewer.js.map +1 -0
- claude_mpm/dashboard/static/built/components/working-directory.js.map +1 -0
- claude_mpm/dashboard/static/built/connection-manager.js +76 -76
- claude_mpm/dashboard/static/built/dashboard.js.map +1 -0
- claude_mpm/dashboard/static/built/extension-error-handler.js +22 -22
- claude_mpm/dashboard/static/built/react/events.js.map +1 -0
- claude_mpm/dashboard/static/built/shared/dom-helpers.js +9 -9
- claude_mpm/dashboard/static/built/shared/event-bus.js +5 -5
- claude_mpm/dashboard/static/built/shared/logger.js +16 -16
- claude_mpm/dashboard/static/built/shared/tooltip-service.js +6 -6
- claude_mpm/dashboard/static/built/socket-client.js.map +1 -0
- claude_mpm/dashboard/static/css/activity.css +69 -69
- claude_mpm/dashboard/static/css/connection-status.css +10 -10
- claude_mpm/dashboard/static/css/dashboard.css +15 -15
- claude_mpm/dashboard/static/index.html +22 -22
- claude_mpm/dashboard/static/js/REFACTORING_SUMMARY.md +170 -0
- claude_mpm/dashboard/static/js/components/activity-tree.js +178 -178
- claude_mpm/dashboard/static/js/components/agent-hierarchy.js +101 -101
- claude_mpm/dashboard/static/js/components/agent-inference.js +31 -31
- claude_mpm/dashboard/static/js/components/build-tracker.js +59 -59
- claude_mpm/dashboard/static/js/components/code-simple.js +107 -107
- claude_mpm/dashboard/static/js/components/connection-debug.js +101 -101
- claude_mpm/dashboard/static/js/components/diff-viewer.js +113 -113
- claude_mpm/dashboard/static/js/components/event-viewer.js +12 -12
- claude_mpm/dashboard/static/js/components/file-change-tracker.js +57 -57
- claude_mpm/dashboard/static/js/components/file-change-viewer.js +74 -74
- claude_mpm/dashboard/static/js/components/file-tool-tracker.js +6 -6
- claude_mpm/dashboard/static/js/components/file-viewer.js +42 -42
- claude_mpm/dashboard/static/js/components/module-viewer.js +27 -27
- claude_mpm/dashboard/static/js/components/session-manager.js +14 -14
- claude_mpm/dashboard/static/js/components/socket-manager.js +1 -1
- claude_mpm/dashboard/static/js/components/ui-state-manager.js +14 -14
- claude_mpm/dashboard/static/js/components/unified-data-viewer.js +110 -110
- claude_mpm/dashboard/static/js/components/working-directory.js +8 -8
- claude_mpm/dashboard/static/js/connection-manager.js +76 -76
- claude_mpm/dashboard/static/js/dashboard.js +76 -58
- claude_mpm/dashboard/static/js/extension-error-handler.js +22 -22
- claude_mpm/dashboard/static/js/shared/dom-helpers.js +9 -9
- claude_mpm/dashboard/static/js/shared/event-bus.js +5 -5
- claude_mpm/dashboard/static/js/shared/logger.js +16 -16
- claude_mpm/dashboard/static/js/shared/tooltip-service.js +6 -6
- claude_mpm/dashboard/static/js/socket-client.js +138 -121
- claude_mpm/dashboard/static/navigation-test-results.md +118 -0
- claude_mpm/dashboard/static/production/main.html +21 -21
- claude_mpm/dashboard/static/test-archive/dashboard.html +22 -22
- claude_mpm/dashboard/templates/.claude-mpm/memories/README.md +36 -0
- claude_mpm/dashboard/templates/.claude-mpm/memories/engineer_agent.md +39 -0
- claude_mpm/dashboard/templates/.claude-mpm/memories/version_control_agent.md +38 -0
- claude_mpm/dashboard/templates/code_simple.html +23 -23
- claude_mpm/dashboard/templates/index.html +18 -18
- claude_mpm/hooks/README.md +143 -0
- claude_mpm/hooks/__init__.py +8 -0
- claude_mpm/hooks/claude_hooks/event_handlers.py +3 -1
- claude_mpm/hooks/claude_hooks/hook_handler.py +24 -7
- claude_mpm/hooks/claude_hooks/installer.py +45 -0
- claude_mpm/hooks/claude_hooks/response_tracking.py +35 -1
- claude_mpm/hooks/session_resume_hook.py +121 -0
- claude_mpm/hooks/templates/README.md +180 -0
- claude_mpm/hooks/templates/pre_tool_use_simple.py +78 -0
- claude_mpm/hooks/templates/pre_tool_use_template.py +323 -0
- claude_mpm/hooks/templates/settings.json.example +147 -0
- claude_mpm/models/resume_log.py +340 -0
- claude_mpm/schemas/agent_schema.json +596 -0
- claude_mpm/schemas/frontmatter_schema.json +165 -0
- claude_mpm/scripts/claude-hook-handler.sh +3 -3
- claude_mpm/scripts/start_activity_logging.py +3 -1
- claude_mpm/services/agents/auto_config_manager.py +1 -1
- claude_mpm/services/agents/deployment/agent_configuration_manager.py +1 -1
- claude_mpm/services/agents/deployment/agent_format_converter.py +1 -1
- claude_mpm/services/agents/deployment/agent_metrics_collector.py +3 -3
- claude_mpm/services/agents/deployment/agent_record_service.py +1 -1
- claude_mpm/services/agents/deployment/agent_validator.py +17 -1
- claude_mpm/services/agents/deployment/async_agent_deployment.py +1 -1
- claude_mpm/services/agents/deployment/facade/deployment_facade.py +3 -3
- claude_mpm/services/agents/deployment/local_template_deployment.py +1 -1
- claude_mpm/services/agents/deployment/pipeline/pipeline_executor.py +2 -2
- claude_mpm/services/agents/loading/framework_agent_loader.py +8 -8
- claude_mpm/services/agents/local_template_manager.py +4 -2
- claude_mpm/services/agents/recommender.py +47 -0
- claude_mpm/services/cli/resume_service.py +617 -0
- claude_mpm/services/cli/session_manager.py +87 -0
- claude_mpm/services/cli/session_pause_manager.py +504 -0
- claude_mpm/services/cli/session_resume_helper.py +372 -0
- claude_mpm/services/cli/unified_dashboard_manager.py +1 -1
- claude_mpm/services/core/base.py +26 -11
- claude_mpm/services/core/interfaces.py +56 -1
- claude_mpm/services/core/models/agent_config.py +3 -0
- claude_mpm/services/core/models/process.py +4 -0
- claude_mpm/services/core/path_resolver.py +1 -1
- claude_mpm/services/diagnostics/checks/agent_check.py +0 -2
- claude_mpm/services/diagnostics/checks/instructions_check.py +1 -2
- claude_mpm/services/diagnostics/checks/mcp_check.py +0 -1
- claude_mpm/services/diagnostics/checks/monitor_check.py +0 -1
- claude_mpm/services/diagnostics/doctor_reporter.py +6 -4
- claude_mpm/services/diagnostics/models.py +21 -0
- claude_mpm/services/event_bus/README.md +244 -0
- claude_mpm/services/event_bus/direct_relay.py +3 -3
- claude_mpm/services/event_bus/event_bus.py +36 -3
- claude_mpm/services/event_bus/relay.py +23 -7
- claude_mpm/services/events/README.md +303 -0
- claude_mpm/services/events/consumers/logging.py +1 -2
- claude_mpm/services/framework_claude_md_generator/README.md +119 -0
- claude_mpm/services/infrastructure/monitoring/resources.py +1 -1
- claude_mpm/services/infrastructure/resume_log_generator.py +439 -0
- claude_mpm/services/local_ops/__init__.py +2 -0
- claude_mpm/services/local_ops/process_manager.py +1 -1
- claude_mpm/services/local_ops/resource_monitor.py +2 -2
- claude_mpm/services/mcp_config_manager.py +7 -131
- claude_mpm/services/mcp_gateway/README.md +185 -0
- claude_mpm/services/mcp_gateway/auto_configure.py +31 -25
- claude_mpm/services/mcp_gateway/config/configuration.py +1 -1
- claude_mpm/services/mcp_gateway/core/process_pool.py +19 -10
- claude_mpm/services/mcp_gateway/server/stdio_server.py +0 -2
- claude_mpm/services/mcp_gateway/tools/document_summarizer.py +1 -1
- claude_mpm/services/mcp_gateway/tools/external_mcp_services.py +26 -21
- claude_mpm/services/mcp_gateway/tools/kuzu_memory_service.py +6 -2
- claude_mpm/services/memory/failure_tracker.py +19 -4
- claude_mpm/services/memory/optimizer.py +1 -1
- claude_mpm/services/model/model_router.py +8 -9
- claude_mpm/services/monitor/daemon.py +1 -1
- claude_mpm/services/monitor/server.py +2 -2
- claude_mpm/services/native_agent_converter.py +356 -0
- claude_mpm/services/port_manager.py +1 -1
- claude_mpm/services/project/documentation_manager.py +2 -1
- claude_mpm/services/project/toolchain_analyzer.py +3 -1
- claude_mpm/services/runner_configuration_service.py +1 -0
- claude_mpm/services/self_upgrade_service.py +165 -7
- claude_mpm/services/session_manager.py +205 -1
- claude_mpm/services/skills_config.py +547 -0
- claude_mpm/services/skills_deployer.py +955 -0
- claude_mpm/services/socketio/handlers/connection.py +1 -1
- claude_mpm/services/socketio/handlers/connection.py.backup +217 -0
- claude_mpm/services/socketio/handlers/git.py +2 -2
- claude_mpm/services/socketio/handlers/hook.py.backup +154 -0
- claude_mpm/services/static/.gitkeep +2 -0
- claude_mpm/services/system_instructions_service.py +1 -3
- claude_mpm/services/unified/analyzer_strategies/performance_analyzer.py +0 -3
- claude_mpm/services/unified/analyzer_strategies/security_analyzer.py +0 -1
- claude_mpm/services/unified/deployment_strategies/cloud_strategies.py +1 -1
- claude_mpm/services/unified/deployment_strategies/local.py +1 -1
- claude_mpm/services/version_control/VERSION +1 -0
- claude_mpm/services/version_control/conflict_resolution.py +6 -4
- claude_mpm/services/version_service.py +104 -1
- claude_mpm/services/visualization/mermaid_generator.py +2 -3
- claude_mpm/skills/__init__.py +21 -0
- claude_mpm/skills/agent_skills_injector.py +324 -0
- claude_mpm/skills/bundled/.gitkeep +2 -0
- claude_mpm/skills/bundled/LICENSE_ATTRIBUTIONS.md +79 -0
- claude_mpm/skills/bundled/api-documentation.md +393 -0
- claude_mpm/skills/bundled/async-testing.md +571 -0
- claude_mpm/skills/bundled/code-review.md +143 -0
- claude_mpm/skills/bundled/collaboration/brainstorming/SKILL.md +79 -0
- claude_mpm/skills/bundled/collaboration/dispatching-parallel-agents/SKILL.md +178 -0
- claude_mpm/skills/bundled/collaboration/dispatching-parallel-agents/references/agent-prompts.md +577 -0
- claude_mpm/skills/bundled/collaboration/dispatching-parallel-agents/references/coordination-patterns.md +467 -0
- claude_mpm/skills/bundled/collaboration/dispatching-parallel-agents/references/examples.md +537 -0
- claude_mpm/skills/bundled/collaboration/dispatching-parallel-agents/references/troubleshooting.md +730 -0
- claude_mpm/skills/bundled/collaboration/git-worktrees.md +317 -0
- claude_mpm/skills/bundled/collaboration/requesting-code-review/SKILL.md +112 -0
- claude_mpm/skills/bundled/collaboration/requesting-code-review/references/code-reviewer-template.md +146 -0
- claude_mpm/skills/bundled/collaboration/requesting-code-review/references/review-examples.md +412 -0
- claude_mpm/skills/bundled/collaboration/stacked-prs.md +251 -0
- claude_mpm/skills/bundled/collaboration/writing-plans/SKILL.md +81 -0
- claude_mpm/skills/bundled/collaboration/writing-plans/references/best-practices.md +362 -0
- claude_mpm/skills/bundled/collaboration/writing-plans/references/plan-structure-templates.md +312 -0
- claude_mpm/skills/bundled/database-migration.md +199 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/SKILL.md +152 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/find-polluter.sh +63 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/references/advanced-techniques.md +668 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/references/examples.md +587 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/references/integration.md +438 -0
- claude_mpm/skills/bundled/debugging/root-cause-tracing/references/tracing-techniques.md +391 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/CREATION-LOG.md +119 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/SKILL.md +148 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/references/anti-patterns.md +483 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/references/examples.md +452 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/references/troubleshooting.md +449 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/references/workflow.md +411 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/test-academic.md +14 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/test-pressure-1.md +58 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/test-pressure-2.md +68 -0
- claude_mpm/skills/bundled/debugging/systematic-debugging/test-pressure-3.md +69 -0
- claude_mpm/skills/bundled/debugging/verification-before-completion/SKILL.md +131 -0
- claude_mpm/skills/bundled/debugging/verification-before-completion/references/gate-function.md +325 -0
- claude_mpm/skills/bundled/debugging/verification-before-completion/references/integration-and-workflows.md +490 -0
- claude_mpm/skills/bundled/debugging/verification-before-completion/references/red-flags-and-failures.md +425 -0
- claude_mpm/skills/bundled/debugging/verification-before-completion/references/verification-patterns.md +499 -0
- claude_mpm/skills/bundled/docker-containerization.md +194 -0
- claude_mpm/skills/bundled/express-local-dev.md +1429 -0
- claude_mpm/skills/bundled/fastapi-local-dev.md +1199 -0
- claude_mpm/skills/bundled/git-workflow.md +414 -0
- claude_mpm/skills/bundled/imagemagick.md +204 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/INTEGRATION.md +611 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/README.md +596 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/SKILL.md +260 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/examples/nextjs-env-structure.md +315 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/references/frameworks.md +436 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/references/security.md +433 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/references/synchronization.md +452 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/references/troubleshooting.md +404 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/references/validation.md +420 -0
- claude_mpm/skills/bundled/infrastructure/env-manager/scripts/validate_env.py +576 -0
- claude_mpm/skills/bundled/json-data-handling.md +223 -0
- claude_mpm/skills/bundled/main/artifacts-builder/LICENSE.txt +202 -0
- claude_mpm/skills/bundled/main/artifacts-builder/SKILL.md +86 -0
- claude_mpm/skills/bundled/main/artifacts-builder/scripts/bundle-artifact.sh +54 -0
- claude_mpm/skills/bundled/main/artifacts-builder/scripts/init-artifact.sh +322 -0
- claude_mpm/skills/bundled/main/artifacts-builder/scripts/shadcn-components.tar.gz +0 -0
- claude_mpm/skills/bundled/main/internal-comms/LICENSE.txt +202 -0
- claude_mpm/skills/bundled/main/internal-comms/SKILL.md +43 -0
- claude_mpm/skills/bundled/main/internal-comms/examples/3p-updates.md +47 -0
- claude_mpm/skills/bundled/main/internal-comms/examples/company-newsletter.md +65 -0
- claude_mpm/skills/bundled/main/internal-comms/examples/faq-answers.md +30 -0
- claude_mpm/skills/bundled/main/internal-comms/examples/general-comms.md +16 -0
- claude_mpm/skills/bundled/main/mcp-builder/LICENSE.txt +202 -0
- claude_mpm/skills/bundled/main/mcp-builder/SKILL.md +160 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/design_principles.md +412 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/evaluation.md +602 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/mcp_best_practices.md +915 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/node_mcp_server.md +916 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/python_mcp_server.md +752 -0
- claude_mpm/skills/bundled/main/mcp-builder/reference/workflow.md +1237 -0
- claude_mpm/skills/bundled/main/mcp-builder/scripts/connections.py +157 -0
- claude_mpm/skills/bundled/main/mcp-builder/scripts/evaluation.py +425 -0
- claude_mpm/skills/bundled/main/mcp-builder/scripts/example_evaluation.xml +22 -0
- claude_mpm/skills/bundled/main/mcp-builder/scripts/requirements.txt +2 -0
- claude_mpm/skills/bundled/main/skill-creator/LICENSE.txt +202 -0
- claude_mpm/skills/bundled/main/skill-creator/SKILL.md +189 -0
- claude_mpm/skills/bundled/main/skill-creator/references/best-practices.md +500 -0
- claude_mpm/skills/bundled/main/skill-creator/references/creation-workflow.md +464 -0
- claude_mpm/skills/bundled/main/skill-creator/references/examples.md +619 -0
- claude_mpm/skills/bundled/main/skill-creator/references/progressive-disclosure.md +437 -0
- claude_mpm/skills/bundled/main/skill-creator/references/skill-structure.md +231 -0
- claude_mpm/skills/bundled/main/skill-creator/scripts/init_skill.py +303 -0
- claude_mpm/skills/bundled/main/skill-creator/scripts/package_skill.py +113 -0
- claude_mpm/skills/bundled/main/skill-creator/scripts/quick_validate.py +72 -0
- claude_mpm/skills/bundled/nextjs-local-dev.md +807 -0
- claude_mpm/skills/bundled/pdf.md +141 -0
- claude_mpm/skills/bundled/performance-profiling.md +573 -0
- claude_mpm/skills/bundled/php/espocrm-development/SKILL.md +170 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/architecture.md +602 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/common-tasks.md +821 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/development-workflow.md +742 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/frontend-customization.md +726 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/hooks-and-services.md +764 -0
- claude_mpm/skills/bundled/php/espocrm-development/references/testing-debugging.md +831 -0
- claude_mpm/skills/bundled/react/flexlayout-react.md +742 -0
- claude_mpm/skills/bundled/refactoring-patterns.md +180 -0
- claude_mpm/skills/bundled/rust/desktop-applications/SKILL.md +226 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/architecture-patterns.md +901 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/native-gui-frameworks.md +901 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/platform-integration.md +775 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/state-management.md +937 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/tauri-framework.md +770 -0
- claude_mpm/skills/bundled/rust/desktop-applications/references/testing-deployment.md +961 -0
- claude_mpm/skills/bundled/security-scanning.md +327 -0
- claude_mpm/skills/bundled/systematic-debugging.md +473 -0
- claude_mpm/skills/bundled/tauri/tauri-async-patterns.md +495 -0
- claude_mpm/skills/bundled/tauri/tauri-build-deploy.md +599 -0
- claude_mpm/skills/bundled/tauri/tauri-command-patterns.md +535 -0
- claude_mpm/skills/bundled/tauri/tauri-error-handling.md +613 -0
- claude_mpm/skills/bundled/tauri/tauri-event-system.md +648 -0
- claude_mpm/skills/bundled/tauri/tauri-file-system.md +673 -0
- claude_mpm/skills/bundled/tauri/tauri-frontend-integration.md +767 -0
- claude_mpm/skills/bundled/tauri/tauri-performance.md +669 -0
- claude_mpm/skills/bundled/tauri/tauri-state-management.md +573 -0
- claude_mpm/skills/bundled/tauri/tauri-testing.md +384 -0
- claude_mpm/skills/bundled/tauri/tauri-window-management.md +628 -0
- claude_mpm/skills/bundled/test-driven-development.md +378 -0
- claude_mpm/skills/bundled/testing/condition-based-waiting/SKILL.md +119 -0
- claude_mpm/skills/bundled/testing/condition-based-waiting/example.ts +158 -0
- claude_mpm/skills/bundled/testing/condition-based-waiting/references/patterns-and-implementation.md +253 -0
- claude_mpm/skills/bundled/testing/test-driven-development/SKILL.md +145 -0
- claude_mpm/skills/bundled/testing/test-driven-development/references/anti-patterns.md +543 -0
- claude_mpm/skills/bundled/testing/test-driven-development/references/examples.md +741 -0
- claude_mpm/skills/bundled/testing/test-driven-development/references/integration.md +470 -0
- claude_mpm/skills/bundled/testing/test-driven-development/references/philosophy.md +458 -0
- claude_mpm/skills/bundled/testing/test-driven-development/references/workflow.md +639 -0
- claude_mpm/skills/bundled/testing/test-quality-inspector/SKILL.md +458 -0
- claude_mpm/skills/bundled/testing/test-quality-inspector/examples/example-inspection-report.md +411 -0
- claude_mpm/skills/bundled/testing/test-quality-inspector/references/assertion-quality.md +317 -0
- claude_mpm/skills/bundled/testing/test-quality-inspector/references/inspection-checklist.md +270 -0
- claude_mpm/skills/bundled/testing/test-quality-inspector/references/red-flags.md +436 -0
- claude_mpm/skills/bundled/testing/testing-anti-patterns/SKILL.md +140 -0
- claude_mpm/skills/bundled/testing/testing-anti-patterns/references/completeness-anti-patterns.md +572 -0
- claude_mpm/skills/bundled/testing/testing-anti-patterns/references/core-anti-patterns.md +411 -0
- claude_mpm/skills/bundled/testing/testing-anti-patterns/references/detection-guide.md +569 -0
- claude_mpm/skills/bundled/testing/testing-anti-patterns/references/tdd-connection.md +695 -0
- claude_mpm/skills/bundled/testing/webapp-testing/LICENSE.txt +202 -0
- claude_mpm/skills/bundled/testing/webapp-testing/SKILL.md +184 -0
- claude_mpm/skills/bundled/testing/webapp-testing/decision-tree.md +459 -0
- claude_mpm/skills/bundled/testing/webapp-testing/examples/console_logging.py +35 -0
- claude_mpm/skills/bundled/testing/webapp-testing/examples/element_discovery.py +44 -0
- claude_mpm/skills/bundled/testing/webapp-testing/examples/static_html_automation.py +34 -0
- claude_mpm/skills/bundled/testing/webapp-testing/playwright-patterns.md +479 -0
- claude_mpm/skills/bundled/testing/webapp-testing/reconnaissance-pattern.md +687 -0
- claude_mpm/skills/bundled/testing/webapp-testing/scripts/with_server.py +129 -0
- claude_mpm/skills/bundled/testing/webapp-testing/server-management.md +758 -0
- claude_mpm/skills/bundled/testing/webapp-testing/troubleshooting.md +868 -0
- claude_mpm/skills/bundled/vite-local-dev.md +1061 -0
- claude_mpm/skills/bundled/web-performance-optimization.md +2305 -0
- claude_mpm/skills/bundled/xlsx.md +157 -0
- claude_mpm/skills/registry.py +97 -9
- claude_mpm/skills/skills_registry.py +347 -0
- claude_mpm/skills/skills_service.py +739 -0
- claude_mpm/templates/questions/EXAMPLES.md +501 -0
- claude_mpm/templates/questions/__init__.py +43 -0
- claude_mpm/templates/questions/base.py +193 -0
- claude_mpm/templates/questions/pr_strategy.py +314 -0
- claude_mpm/templates/questions/project_init.py +388 -0
- claude_mpm/templates/questions/ticket_mgmt.py +397 -0
- claude_mpm/tools/README_SOCKETIO_DEBUG.md +224 -0
- claude_mpm/tools/__main__.py +8 -8
- claude_mpm/tools/code_tree_analyzer/README.md +64 -0
- claude_mpm/tools/code_tree_analyzer/__init__.py +45 -0
- claude_mpm/tools/code_tree_analyzer/analysis.py +299 -0
- claude_mpm/tools/code_tree_analyzer/cache.py +131 -0
- claude_mpm/tools/code_tree_analyzer/core.py +380 -0
- claude_mpm/tools/code_tree_analyzer/discovery.py +403 -0
- claude_mpm/tools/code_tree_analyzer/events.py +168 -0
- claude_mpm/tools/code_tree_analyzer/gitignore.py +308 -0
- claude_mpm/tools/code_tree_analyzer/models.py +39 -0
- claude_mpm/tools/code_tree_analyzer/multilang_analyzer.py +224 -0
- claude_mpm/tools/code_tree_analyzer/python_analyzer.py +284 -0
- claude_mpm/utils/agent_dependency_loader.py +5 -5
- claude_mpm/utils/dependency_cache.py +3 -1
- claude_mpm/utils/gitignore.py +241 -0
- claude_mpm/utils/log_cleanup.py +3 -3
- claude_mpm/utils/robust_installer.py +3 -5
- claude_mpm/utils/structured_questions.py +619 -0
- claude_mpm-4.25.10.dist-info/METADATA +789 -0
- {claude_mpm-4.16.0.dist-info → claude_mpm-4.25.10.dist-info}/RECORD +485 -240
- claude_mpm/agents/INSTRUCTIONS_OLD_DEPRECATED.md +0 -602
- claude_mpm/agents/templates/.claude-mpm/memories/README.md +0 -17
- claude_mpm/agents/templates/.claude-mpm/memories/engineer_memories.md +0 -3
- claude_mpm/agents/templates/logs/prompts/agent_engineer_20250826_014258_728.md +0 -39
- claude_mpm/agents/templates/logs/prompts/agent_engineer_20250901_010124_142.md +0 -400
- claude_mpm/cli/commands/mpm_init.py +0 -2008
- claude_mpm/dashboard/.claude-mpm/socketio-instances.json +0 -1
- claude_mpm/dashboard/static/archive/activity_dashboard_test.html +0 -61
- claude_mpm/dashboard/static/archive/test_activity_connection.html +0 -179
- claude_mpm/dashboard/static/archive/test_claude_tree_tab.html +0 -68
- claude_mpm/dashboard/static/archive/test_dashboard.html +0 -409
- claude_mpm/dashboard/static/archive/test_dashboard_fixed.html +0 -519
- claude_mpm/dashboard/static/archive/test_dashboard_verification.html +0 -181
- claude_mpm/dashboard/static/archive/test_file_data.html +0 -315
- claude_mpm/dashboard/static/archive/test_file_tree_empty_state.html +0 -243
- claude_mpm/dashboard/static/archive/test_file_tree_fix.html +0 -234
- claude_mpm/dashboard/static/archive/test_file_tree_rename.html +0 -117
- claude_mpm/dashboard/static/archive/test_file_tree_tab.html +0 -115
- claude_mpm/dashboard/static/archive/test_file_viewer.html +0 -224
- claude_mpm/dashboard/static/archive/test_final_activity.html +0 -220
- claude_mpm/dashboard/static/archive/test_tab_fix.html +0 -139
- claude_mpm/dashboard/static/dist/assets/events.DjpNxWNo.css +0 -1
- claude_mpm/dashboard/static/dist/components/activity-tree.js +0 -2
- claude_mpm/dashboard/static/dist/components/agent-inference.js +0 -2
- claude_mpm/dashboard/static/dist/components/code-tree.js +0 -2
- claude_mpm/dashboard/static/dist/components/code-viewer.js +0 -2
- claude_mpm/dashboard/static/dist/components/event-processor.js +0 -2
- claude_mpm/dashboard/static/dist/components/event-viewer.js +0 -2
- claude_mpm/dashboard/static/dist/components/export-manager.js +0 -2
- claude_mpm/dashboard/static/dist/components/file-tool-tracker.js +0 -2
- claude_mpm/dashboard/static/dist/components/file-viewer.js +0 -2
- claude_mpm/dashboard/static/dist/components/hud-library-loader.js +0 -2
- claude_mpm/dashboard/static/dist/components/hud-manager.js +0 -2
- claude_mpm/dashboard/static/dist/components/hud-visualizer.js +0 -2
- claude_mpm/dashboard/static/dist/components/module-viewer.js +0 -2
- claude_mpm/dashboard/static/dist/components/session-manager.js +0 -2
- claude_mpm/dashboard/static/dist/components/socket-manager.js +0 -2
- claude_mpm/dashboard/static/dist/components/ui-state-manager.js +0 -2
- claude_mpm/dashboard/static/dist/components/unified-data-viewer.js +0 -2
- claude_mpm/dashboard/static/dist/components/working-directory.js +0 -2
- claude_mpm/dashboard/static/dist/dashboard.js +0 -2
- claude_mpm/dashboard/static/dist/react/events.js +0 -30
- claude_mpm/dashboard/static/dist/socket-client.js +0 -2
- claude_mpm/dashboard/static/test-archive/test_debug.html +0 -25
- claude_mpm/tools/code_tree_analyzer.py +0 -1825
- claude_mpm-4.16.0.dist-info/METADATA +0 -453
- {claude_mpm-4.16.0.dist-info → claude_mpm-4.25.10.dist-info}/WHEEL +0 -0
- {claude_mpm-4.16.0.dist-info → claude_mpm-4.25.10.dist-info}/entry_points.txt +0 -0
- {claude_mpm-4.16.0.dist-info → claude_mpm-4.25.10.dist-info}/licenses/LICENSE +0 -0
- {claude_mpm-4.16.0.dist-info → claude_mpm-4.25.10.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,433 @@
|
|
|
1
|
+
# Environment Security Patterns
|
|
2
|
+
|
|
3
|
+
> **Part of**: [env-manager](../SKILL.md)
|
|
4
|
+
> **Category**: infrastructure
|
|
5
|
+
> **Reading Level**: Advanced
|
|
6
|
+
|
|
7
|
+
## Purpose
|
|
8
|
+
|
|
9
|
+
Comprehensive security patterns for environment variables: secret detection, exposure scanning, git history validation, and format verification.
|
|
10
|
+
|
|
11
|
+
## Security Principles
|
|
12
|
+
|
|
13
|
+
### Never Log Secrets
|
|
14
|
+
**Critical Rule**: NEVER log, print, or display actual secret values in any output.
|
|
15
|
+
|
|
16
|
+
```python
|
|
17
|
+
# ❌ NEVER DO THIS
|
|
18
|
+
print(f"API_KEY: {api_key}")
|
|
19
|
+
logging.info(f"Database password: {db_pass}")
|
|
20
|
+
error(f"Failed to connect with {credentials}")
|
|
21
|
+
|
|
22
|
+
# ✅ ALWAYS DO THIS
|
|
23
|
+
print(f"API_KEY: {'*' * len(api_key)}")
|
|
24
|
+
logging.info(f"Database credentials present: {bool(db_pass)}")
|
|
25
|
+
error(f"Failed to connect (credentials masked)")
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
### Defense in Depth
|
|
29
|
+
Multiple layers of secret protection:
|
|
30
|
+
1. **Prevention**: .gitignore, pre-commit hooks
|
|
31
|
+
2. **Detection**: Pattern scanning, entropy analysis
|
|
32
|
+
3. **Response**: Rotation procedures, incident handling
|
|
33
|
+
4. **Audit**: Git history scanning, access logs
|
|
34
|
+
|
|
35
|
+
## Secret Pattern Detection
|
|
36
|
+
|
|
37
|
+
### Common Secret Patterns
|
|
38
|
+
|
|
39
|
+
**AWS Credentials:**
|
|
40
|
+
```python
|
|
41
|
+
AWS_PATTERNS = {
|
|
42
|
+
'aws_access_key': re.compile(r'AKIA[0-9A-Z]{16}'),
|
|
43
|
+
'aws_secret_key': re.compile(r'[0-9a-zA-Z/+=]{40}'),
|
|
44
|
+
'aws_account_id': re.compile(r'\d{12}')
|
|
45
|
+
}
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**GitHub Tokens:**
|
|
49
|
+
```python
|
|
50
|
+
GITHUB_PATTERNS = {
|
|
51
|
+
'personal_token': re.compile(r'ghp_[0-9a-zA-Z]{36}'),
|
|
52
|
+
'oauth_token': re.compile(r'gho_[0-9a-zA-Z]{36}'),
|
|
53
|
+
'app_token': re.compile(r'(ghu|ghs)_[0-9a-zA-Z]{36}')
|
|
54
|
+
}
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
**API Keys and Tokens:**
|
|
58
|
+
```python
|
|
59
|
+
GENERIC_PATTERNS = {
|
|
60
|
+
'jwt': re.compile(r'eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+'),
|
|
61
|
+
'slack': re.compile(r'xox[baprs]-[0-9A-Za-z-]{10,72}'),
|
|
62
|
+
'stripe': re.compile(r'sk_(test|live)_[0-9a-zA-Z]{24,}'),
|
|
63
|
+
'mailgun': re.compile(r'key-[0-9a-z]{32}'),
|
|
64
|
+
'twilio': re.compile(r'SK[0-9a-f]{32}')
|
|
65
|
+
}
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
### Entropy-Based Detection
|
|
69
|
+
|
|
70
|
+
High entropy strings often indicate secrets:
|
|
71
|
+
|
|
72
|
+
```python
|
|
73
|
+
import math
|
|
74
|
+
from collections import Counter
|
|
75
|
+
|
|
76
|
+
def calculate_entropy(data: str) -> float:
|
|
77
|
+
"""Calculate Shannon entropy of a string."""
|
|
78
|
+
if not data:
|
|
79
|
+
return 0.0
|
|
80
|
+
|
|
81
|
+
entropy = 0
|
|
82
|
+
counter = Counter(data)
|
|
83
|
+
length = len(data)
|
|
84
|
+
|
|
85
|
+
for count in counter.values():
|
|
86
|
+
probability = count / length
|
|
87
|
+
entropy -= probability * math.log2(probability)
|
|
88
|
+
|
|
89
|
+
return entropy
|
|
90
|
+
|
|
91
|
+
def is_high_entropy_secret(value: str, threshold: float = 4.5) -> bool:
|
|
92
|
+
"""Check if value has high entropy (likely a secret)."""
|
|
93
|
+
# Skip short values
|
|
94
|
+
if len(value) < 20:
|
|
95
|
+
return False
|
|
96
|
+
|
|
97
|
+
# Calculate entropy
|
|
98
|
+
entropy = calculate_entropy(value)
|
|
99
|
+
|
|
100
|
+
# High entropy suggests random generation
|
|
101
|
+
return entropy > threshold
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
### Secret Scanner Implementation
|
|
105
|
+
|
|
106
|
+
```python
|
|
107
|
+
from pathlib import Path
|
|
108
|
+
from typing import List, Dict
|
|
109
|
+
import re
|
|
110
|
+
|
|
111
|
+
class SecretScanner:
|
|
112
|
+
"""Scan for exposed secrets in code and config files."""
|
|
113
|
+
|
|
114
|
+
def __init__(self):
|
|
115
|
+
self.patterns = {
|
|
116
|
+
**AWS_PATTERNS,
|
|
117
|
+
**GITHUB_PATTERNS,
|
|
118
|
+
**GENERIC_PATTERNS
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
def scan_file(self, file_path: Path) -> List[Dict]:
|
|
122
|
+
"""Scan a single file for secrets."""
|
|
123
|
+
findings = []
|
|
124
|
+
|
|
125
|
+
try:
|
|
126
|
+
with open(file_path) as f:
|
|
127
|
+
for line_num, line in enumerate(f, 1):
|
|
128
|
+
# Check against patterns
|
|
129
|
+
for secret_type, pattern in self.patterns.items():
|
|
130
|
+
matches = pattern.finditer(line)
|
|
131
|
+
for match in matches:
|
|
132
|
+
findings.append({
|
|
133
|
+
'file': str(file_path),
|
|
134
|
+
'line': line_num,
|
|
135
|
+
'type': secret_type,
|
|
136
|
+
'matched': self._mask_secret(match.group()),
|
|
137
|
+
'context': line[:50] + '...' if len(line) > 50 else line
|
|
138
|
+
})
|
|
139
|
+
|
|
140
|
+
# Check entropy
|
|
141
|
+
if '=' in line:
|
|
142
|
+
key, value = line.split('=', 1)
|
|
143
|
+
value = value.strip().strip('"\'')
|
|
144
|
+
if is_high_entropy_secret(value):
|
|
145
|
+
findings.append({
|
|
146
|
+
'file': str(file_path),
|
|
147
|
+
'line': line_num,
|
|
148
|
+
'type': 'high_entropy',
|
|
149
|
+
'key': key.strip(),
|
|
150
|
+
'entropy': calculate_entropy(value)
|
|
151
|
+
})
|
|
152
|
+
|
|
153
|
+
except Exception as e:
|
|
154
|
+
logging.error(f"Error scanning {file_path}: {e}")
|
|
155
|
+
|
|
156
|
+
return findings
|
|
157
|
+
|
|
158
|
+
def _mask_secret(self, secret: str) -> str:
|
|
159
|
+
"""Mask a secret for display."""
|
|
160
|
+
if len(secret) <= 4:
|
|
161
|
+
return '*' * len(secret)
|
|
162
|
+
return secret[:2] + '*' * (len(secret) - 4) + secret[-2:]
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
## Git History Scanning
|
|
166
|
+
|
|
167
|
+
### Check for Historical Exposures
|
|
168
|
+
|
|
169
|
+
```python
|
|
170
|
+
def scan_git_history(repo_path: Path, patterns: Dict) -> List[Dict]:
|
|
171
|
+
"""Scan git history for exposed secrets."""
|
|
172
|
+
try:
|
|
173
|
+
import git
|
|
174
|
+
except ImportError:
|
|
175
|
+
logging.warning("GitPython not installed, skipping history scan")
|
|
176
|
+
return []
|
|
177
|
+
|
|
178
|
+
findings = []
|
|
179
|
+
repo = git.Repo(repo_path)
|
|
180
|
+
|
|
181
|
+
# Scan last 100 commits
|
|
182
|
+
for commit in repo.iter_commits(max_count=100):
|
|
183
|
+
for file_path in commit.stats.files:
|
|
184
|
+
if file_path.endswith('.env'):
|
|
185
|
+
findings.append({
|
|
186
|
+
'commit': commit.hexsha[:8],
|
|
187
|
+
'file': file_path,
|
|
188
|
+
'author': commit.author.name,
|
|
189
|
+
'date': commit.committed_datetime,
|
|
190
|
+
'message': 'SECURITY: .env file in commit history'
|
|
191
|
+
})
|
|
192
|
+
|
|
193
|
+
return findings
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
## Gitignore Validation
|
|
197
|
+
|
|
198
|
+
### Ensure Proper Gitignore Coverage
|
|
199
|
+
|
|
200
|
+
```python
|
|
201
|
+
def validate_gitignore(project_dir: Path) -> Dict:
|
|
202
|
+
"""Validate .gitignore covers sensitive files."""
|
|
203
|
+
gitignore_path = project_dir / '.gitignore'
|
|
204
|
+
|
|
205
|
+
if not gitignore_path.exists():
|
|
206
|
+
return {
|
|
207
|
+
'valid': False,
|
|
208
|
+
'errors': ['.gitignore file not found']
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
required_patterns = [
|
|
212
|
+
'.env',
|
|
213
|
+
'.env.local',
|
|
214
|
+
'.env.*.local',
|
|
215
|
+
'*.env'
|
|
216
|
+
]
|
|
217
|
+
|
|
218
|
+
with open(gitignore_path) as f:
|
|
219
|
+
gitignore_content = f.read()
|
|
220
|
+
|
|
221
|
+
missing = []
|
|
222
|
+
for pattern in required_patterns:
|
|
223
|
+
if pattern not in gitignore_content:
|
|
224
|
+
missing.append(pattern)
|
|
225
|
+
|
|
226
|
+
# Check if any .env files are tracked
|
|
227
|
+
tracked_env_files = []
|
|
228
|
+
try:
|
|
229
|
+
import git
|
|
230
|
+
repo = git.Repo(project_dir)
|
|
231
|
+
for item in repo.tree().traverse():
|
|
232
|
+
if '.env' in item.path and not item.path.endswith('.example'):
|
|
233
|
+
tracked_env_files.append(item.path)
|
|
234
|
+
except:
|
|
235
|
+
pass
|
|
236
|
+
|
|
237
|
+
return {
|
|
238
|
+
'valid': len(missing) == 0 and len(tracked_env_files) == 0,
|
|
239
|
+
'missing_patterns': missing,
|
|
240
|
+
'tracked_env_files': tracked_env_files
|
|
241
|
+
}
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
## Format Validation
|
|
245
|
+
|
|
246
|
+
### Validate Secret Formats
|
|
247
|
+
|
|
248
|
+
```python
|
|
249
|
+
def validate_secret_formats(env_file: Path) -> List[Dict]:
|
|
250
|
+
"""Validate that secrets match expected formats."""
|
|
251
|
+
errors = []
|
|
252
|
+
|
|
253
|
+
format_rules = {
|
|
254
|
+
'DATABASE_URL': r'^(postgres|mysql|mongodb)://',
|
|
255
|
+
'JWT_SECRET': lambda v: len(v) >= 32,
|
|
256
|
+
'API_KEY': lambda v: len(v) >= 20,
|
|
257
|
+
'STRIPE_KEY': r'^sk_(test|live)_',
|
|
258
|
+
'AWS_ACCESS_KEY_ID': r'^AKIA[0-9A-Z]{16}$'
|
|
259
|
+
}
|
|
260
|
+
|
|
261
|
+
with open(env_file) as f:
|
|
262
|
+
for line_num, line in enumerate(f, 1):
|
|
263
|
+
line = line.strip()
|
|
264
|
+
if not line or line.startswith('#') or '=' not in line:
|
|
265
|
+
continue
|
|
266
|
+
|
|
267
|
+
key, value = line.split('=', 1)
|
|
268
|
+
value = value.strip().strip('"\'')
|
|
269
|
+
|
|
270
|
+
if key in format_rules:
|
|
271
|
+
rule = format_rules[key]
|
|
272
|
+
|
|
273
|
+
if callable(rule):
|
|
274
|
+
if not rule(value):
|
|
275
|
+
errors.append({
|
|
276
|
+
'line': line_num,
|
|
277
|
+
'key': key,
|
|
278
|
+
'error': f'{key} validation failed'
|
|
279
|
+
})
|
|
280
|
+
elif isinstance(rule, str):
|
|
281
|
+
if not re.match(rule, value):
|
|
282
|
+
errors.append({
|
|
283
|
+
'line': line_num,
|
|
284
|
+
'key': key,
|
|
285
|
+
'error': f'{key} format invalid'
|
|
286
|
+
})
|
|
287
|
+
|
|
288
|
+
return errors
|
|
289
|
+
```
|
|
290
|
+
|
|
291
|
+
## Security Best Practices
|
|
292
|
+
|
|
293
|
+
### Environment-Specific Secrets
|
|
294
|
+
|
|
295
|
+
**Development**:
|
|
296
|
+
```bash
|
|
297
|
+
# .env.local (gitignored, local development only)
|
|
298
|
+
DATABASE_URL=postgres://localhost:5432/dev
|
|
299
|
+
JWT_SECRET=dev-secret-not-for-production
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
**Production**:
|
|
303
|
+
```bash
|
|
304
|
+
# Set via platform (Vercel, Railway, etc.)
|
|
305
|
+
# NEVER commit production secrets
|
|
306
|
+
DATABASE_URL=<from_secret_manager>
|
|
307
|
+
JWT_SECRET=<from_secret_manager>
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
### Secret Rotation Procedures
|
|
311
|
+
|
|
312
|
+
```python
|
|
313
|
+
def check_secret_age(env_file: Path) -> Dict:
|
|
314
|
+
"""Check when secrets were last rotated."""
|
|
315
|
+
import os
|
|
316
|
+
from datetime import datetime, timedelta
|
|
317
|
+
|
|
318
|
+
file_modified = datetime.fromtimestamp(os.path.getmtime(env_file))
|
|
319
|
+
age_days = (datetime.now() - file_modified).days
|
|
320
|
+
|
|
321
|
+
recommendations = []
|
|
322
|
+
if age_days > 90:
|
|
323
|
+
recommendations.append({
|
|
324
|
+
'severity': 'warning',
|
|
325
|
+
'message': f'Secrets are {age_days} days old. Consider rotation.'
|
|
326
|
+
})
|
|
327
|
+
if age_days > 180:
|
|
328
|
+
recommendations.append({
|
|
329
|
+
'severity': 'error',
|
|
330
|
+
'message': f'Secrets are {age_days} days old. MUST rotate.'
|
|
331
|
+
})
|
|
332
|
+
|
|
333
|
+
return {
|
|
334
|
+
'last_modified': file_modified.isoformat(),
|
|
335
|
+
'age_days': age_days,
|
|
336
|
+
'recommendations': recommendations
|
|
337
|
+
}
|
|
338
|
+
```
|
|
339
|
+
|
|
340
|
+
## Incident Response
|
|
341
|
+
|
|
342
|
+
### Secret Exposure Recovery
|
|
343
|
+
|
|
344
|
+
**If secrets are exposed**:
|
|
345
|
+
|
|
346
|
+
1. **Immediate Actions**:
|
|
347
|
+
```bash
|
|
348
|
+
# Revoke exposed credentials
|
|
349
|
+
# Rotate all affected secrets
|
|
350
|
+
# Check access logs for unauthorized use
|
|
351
|
+
```
|
|
352
|
+
|
|
353
|
+
2. **Git History Cleanup**:
|
|
354
|
+
```bash
|
|
355
|
+
# Use BFG Repo-Cleaner to remove secrets from history
|
|
356
|
+
bfg --replace-text passwords.txt
|
|
357
|
+
git reflog expire --expire=now --all
|
|
358
|
+
git gc --prune=now --aggressive
|
|
359
|
+
```
|
|
360
|
+
|
|
361
|
+
3. **Platform Updates**:
|
|
362
|
+
```bash
|
|
363
|
+
# Update all deployment platforms
|
|
364
|
+
python scripts/sync_secrets.py --platform vercel --sync
|
|
365
|
+
python scripts/sync_secrets.py --platform railway --sync
|
|
366
|
+
```
|
|
367
|
+
|
|
368
|
+
## Validation Error Messages
|
|
369
|
+
|
|
370
|
+
### CRITICAL: Never Expose Values in Error Messages
|
|
371
|
+
|
|
372
|
+
**Security Fix (2025-11-13)**: All validation error messages have been hardened to prevent accidental secret exposure.
|
|
373
|
+
|
|
374
|
+
**Problem**: Error messages that include actual variable values can leak secrets in:
|
|
375
|
+
- CI/CD logs
|
|
376
|
+
- Error tracking systems (Sentry, etc.)
|
|
377
|
+
- Terminal output screenshots
|
|
378
|
+
- Bug reports
|
|
379
|
+
|
|
380
|
+
**Solution**: Error messages NEVER include actual values, only validation criteria.
|
|
381
|
+
|
|
382
|
+
```python
|
|
383
|
+
# ❌ NEVER DO THIS - Exposes actual value
|
|
384
|
+
f'Invalid value "{vars_dict["NODE_ENV"]}", expected one of {valid_values}'
|
|
385
|
+
|
|
386
|
+
# ✅ ALWAYS DO THIS - Safe message
|
|
387
|
+
f'Invalid value for NODE_ENV, expected one of {valid_values}'
|
|
388
|
+
```
|
|
389
|
+
|
|
390
|
+
**Validation Script Protection**:
|
|
391
|
+
The `validate_env.py` script has been hardened against value exposure:
|
|
392
|
+
- Line 365: NODE_ENV validation error message sanitized
|
|
393
|
+
- All error messages verified to exclude variable values
|
|
394
|
+
- Test coverage added: `test_no_secret_exposure_in_errors`
|
|
395
|
+
|
|
396
|
+
**Testing**:
|
|
397
|
+
```bash
|
|
398
|
+
# Verify no secret exposure
|
|
399
|
+
echo 'NODE_ENV=sk-proj-fake-secret' > test.env
|
|
400
|
+
python validate_env.py test.env --framework nodejs
|
|
401
|
+
# Output: "Invalid value for NODE_ENV, expected..."
|
|
402
|
+
# NOT: "Invalid value 'sk-proj-fake-secret', expected..."
|
|
403
|
+
```
|
|
404
|
+
|
|
405
|
+
## Summary
|
|
406
|
+
|
|
407
|
+
**Security Checklist**:
|
|
408
|
+
- [ ] Never log actual secret values
|
|
409
|
+
- [ ] Never expose values in error messages
|
|
410
|
+
- [ ] .env files in .gitignore
|
|
411
|
+
- [ ] No secrets in git history
|
|
412
|
+
- [ ] Pattern-based scanning enabled
|
|
413
|
+
- [ ] Entropy analysis for unknowns
|
|
414
|
+
- [ ] Secret format validation
|
|
415
|
+
- [ ] Regular secret rotation (90 days)
|
|
416
|
+
- [ ] Incident response plan ready
|
|
417
|
+
|
|
418
|
+
**Key Patterns**:
|
|
419
|
+
- ✅ Pattern-based detection (AWS, GitHub, etc.)
|
|
420
|
+
- ✅ Entropy analysis for random secrets
|
|
421
|
+
- ✅ Git history scanning
|
|
422
|
+
- ✅ .gitignore validation
|
|
423
|
+
- ✅ Format validation
|
|
424
|
+
- ✅ Secret masking in output
|
|
425
|
+
|
|
426
|
+
## Related References
|
|
427
|
+
|
|
428
|
+
- [Validation](validation.md): Environment validation workflows
|
|
429
|
+
- [Synchronization](synchronization.md): Secure platform sync
|
|
430
|
+
- [Troubleshooting](troubleshooting.md): Security issue recovery
|
|
431
|
+
|
|
432
|
+
---
|
|
433
|
+
**Lines**: 267 ✓ 200-280 range
|