PyPI - kollabor - Versions diffs - 0.4.9__py3-none-any.whl → 0.4.15__py3-none-any.whl - Mend

kollabor 0.4.9py3-none-any.whl → 0.4.15py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

agents/__init__.py +2 -0
agents/coder/__init__.py +0 -0
agents/coder/agent.json +4 -0
agents/coder/api-integration.md +2150 -0
agents/coder/cli-pretty.md +765 -0
agents/coder/code-review.md +1092 -0
agents/coder/database-design.md +1525 -0
agents/coder/debugging.md +1102 -0
agents/coder/dependency-management.md +1397 -0
agents/coder/git-workflow.md +1099 -0
agents/coder/refactoring.md +1454 -0
agents/coder/security-hardening.md +1732 -0
agents/coder/system_prompt.md +1448 -0
agents/coder/tdd.md +1367 -0
agents/creative-writer/__init__.py +0 -0
agents/creative-writer/agent.json +4 -0
agents/creative-writer/character-development.md +1852 -0
agents/creative-writer/dialogue-craft.md +1122 -0
agents/creative-writer/plot-structure.md +1073 -0
agents/creative-writer/revision-editing.md +1484 -0
agents/creative-writer/system_prompt.md +690 -0
agents/creative-writer/worldbuilding.md +2049 -0
agents/data-analyst/__init__.py +30 -0
agents/data-analyst/agent.json +4 -0
agents/data-analyst/data-visualization.md +992 -0
agents/data-analyst/exploratory-data-analysis.md +1110 -0
agents/data-analyst/pandas-data-manipulation.md +1081 -0
agents/data-analyst/sql-query-optimization.md +881 -0
agents/data-analyst/statistical-analysis.md +1118 -0
agents/data-analyst/system_prompt.md +928 -0
agents/default/__init__.py +0 -0
agents/default/agent.json +4 -0
agents/default/dead-code.md +794 -0
agents/default/explore-agent-system.md +585 -0
agents/default/system_prompt.md +1448 -0
agents/kollabor/__init__.py +0 -0
agents/kollabor/analyze-plugin-lifecycle.md +175 -0
agents/kollabor/analyze-terminal-rendering.md +388 -0
agents/kollabor/code-review.md +1092 -0
agents/kollabor/debug-mcp-integration.md +521 -0
agents/kollabor/debug-plugin-hooks.md +547 -0
agents/kollabor/debugging.md +1102 -0
agents/kollabor/dependency-management.md +1397 -0
agents/kollabor/git-workflow.md +1099 -0
agents/kollabor/inspect-llm-conversation.md +148 -0
agents/kollabor/monitor-event-bus.md +558 -0
agents/kollabor/profile-performance.md +576 -0
agents/kollabor/refactoring.md +1454 -0
agents/kollabor/system_prompt copy.md +1448 -0
agents/kollabor/system_prompt.md +757 -0
agents/kollabor/trace-command-execution.md +178 -0
agents/kollabor/validate-config.md +879 -0
agents/research/__init__.py +0 -0
agents/research/agent.json +4 -0
agents/research/architecture-mapping.md +1099 -0
agents/research/codebase-analysis.md +1077 -0
agents/research/dependency-audit.md +1027 -0
agents/research/performance-profiling.md +1047 -0
agents/research/security-review.md +1359 -0
agents/research/system_prompt.md +492 -0
agents/technical-writer/__init__.py +0 -0
agents/technical-writer/agent.json +4 -0
agents/technical-writer/api-documentation.md +2328 -0
agents/technical-writer/changelog-management.md +1181 -0
agents/technical-writer/readme-writing.md +1360 -0
agents/technical-writer/style-guide.md +1410 -0
agents/technical-writer/system_prompt.md +653 -0
agents/technical-writer/tutorial-creation.md +1448 -0
core/__init__.py +0 -2
core/application.py +343 -88
core/cli.py +229 -10
core/commands/menu_renderer.py +463 -59
core/commands/registry.py +14 -9
core/commands/system_commands.py +2461 -14
core/config/loader.py +151 -37
core/config/service.py +18 -6
core/events/bus.py +29 -9
core/events/executor.py +205 -75
core/events/models.py +27 -8
core/fullscreen/command_integration.py +20 -24
core/fullscreen/components/__init__.py +10 -1
core/fullscreen/components/matrix_components.py +1 -2
core/fullscreen/components/space_shooter_components.py +654 -0
core/fullscreen/plugin.py +5 -0
core/fullscreen/renderer.py +52 -13
core/fullscreen/session.py +52 -15
core/io/__init__.py +29 -5
core/io/buffer_manager.py +6 -1
core/io/config_status_view.py +7 -29
core/io/core_status_views.py +267 -347
core/io/input/__init__.py +25 -0
core/io/input/command_mode_handler.py +711 -0
core/io/input/display_controller.py +128 -0
core/io/input/hook_registrar.py +286 -0
core/io/input/input_loop_manager.py +421 -0
core/io/input/key_press_handler.py +502 -0
core/io/input/modal_controller.py +1011 -0
core/io/input/paste_processor.py +339 -0
core/io/input/status_modal_renderer.py +184 -0
core/io/input_errors.py +5 -1
core/io/input_handler.py +211 -2452
core/io/key_parser.py +7 -0
core/io/layout.py +15 -3
core/io/message_coordinator.py +111 -2
core/io/message_renderer.py +129 -4
core/io/status_renderer.py +147 -607
core/io/terminal_renderer.py +97 -51
core/io/terminal_state.py +21 -4
core/io/visual_effects.py +816 -165
core/llm/agent_manager.py +1063 -0
core/llm/api_adapters/__init__.py +44 -0
core/llm/api_adapters/anthropic_adapter.py +432 -0
core/llm/api_adapters/base.py +241 -0
core/llm/api_adapters/openai_adapter.py +326 -0
core/llm/api_communication_service.py +167 -113
core/llm/conversation_logger.py +322 -16
core/llm/conversation_manager.py +556 -30
core/llm/file_operations_executor.py +84 -32
core/llm/llm_service.py +934 -103
core/llm/mcp_integration.py +541 -57
core/llm/message_display_service.py +135 -18
core/llm/plugin_sdk.py +1 -2
core/llm/profile_manager.py +1183 -0
core/llm/response_parser.py +274 -56
core/llm/response_processor.py +16 -3
core/llm/tool_executor.py +6 -1
core/logging/__init__.py +2 -0
core/logging/setup.py +34 -6
core/models/resume.py +54 -0
core/plugins/__init__.py +4 -2
core/plugins/base.py +127 -0
core/plugins/collector.py +23 -161
core/plugins/discovery.py +37 -3
core/plugins/factory.py +6 -12
core/plugins/registry.py +5 -17
core/ui/config_widgets.py +128 -28
core/ui/live_modal_renderer.py +2 -1
core/ui/modal_actions.py +5 -0
core/ui/modal_overlay_renderer.py +0 -60
core/ui/modal_renderer.py +268 -7
core/ui/modal_state_manager.py +29 -4
core/ui/widgets/base_widget.py +7 -0
core/updates/__init__.py +10 -0
core/updates/version_check_service.py +348 -0
core/updates/version_comparator.py +103 -0
core/utils/config_utils.py +685 -526
core/utils/plugin_utils.py +1 -1
core/utils/session_naming.py +111 -0
fonts/LICENSE +21 -0
fonts/README.md +46 -0
fonts/SymbolsNerdFont-Regular.ttf +0 -0
fonts/SymbolsNerdFontMono-Regular.ttf +0 -0
fonts/__init__.py +44 -0
{kollabor-0.4.9.dist-info → kollabor-0.4.15.dist-info}/METADATA +54 -4
kollabor-0.4.15.dist-info/RECORD +228 -0
{kollabor-0.4.9.dist-info → kollabor-0.4.15.dist-info}/top_level.txt +2 -0
plugins/agent_orchestrator/__init__.py +39 -0
plugins/agent_orchestrator/activity_monitor.py +181 -0
plugins/agent_orchestrator/file_attacher.py +77 -0
plugins/agent_orchestrator/message_injector.py +135 -0
plugins/agent_orchestrator/models.py +48 -0
plugins/agent_orchestrator/orchestrator.py +403 -0
plugins/agent_orchestrator/plugin.py +976 -0
plugins/agent_orchestrator/xml_parser.py +191 -0
plugins/agent_orchestrator_plugin.py +9 -0
plugins/enhanced_input/box_styles.py +1 -0
plugins/enhanced_input/color_engine.py +19 -4
plugins/enhanced_input/config.py +2 -2
plugins/enhanced_input_plugin.py +61 -11
plugins/fullscreen/__init__.py +6 -2
plugins/fullscreen/example_plugin.py +1035 -222
plugins/fullscreen/setup_wizard_plugin.py +592 -0
plugins/fullscreen/space_shooter_plugin.py +131 -0
plugins/hook_monitoring_plugin.py +436 -78
plugins/query_enhancer_plugin.py +66 -30
plugins/resume_conversation_plugin.py +1494 -0
plugins/save_conversation_plugin.py +98 -32
plugins/system_commands_plugin.py +70 -56
plugins/tmux_plugin.py +154 -78
plugins/workflow_enforcement_plugin.py +94 -92
system_prompt/default.md +952 -886
core/io/input_mode_manager.py +0 -402
core/io/modal_interaction_handler.py +0 -315
core/io/raw_input_processor.py +0 -946
core/storage/__init__.py +0 -5
core/storage/state_manager.py +0 -84
core/ui/widget_integration.py +0 -222
core/utils/key_reader.py +0 -171
kollabor-0.4.9.dist-info/RECORD +0 -128
{kollabor-0.4.9.dist-info → kollabor-0.4.15.dist-info}/WHEEL +0 -0
{kollabor-0.4.9.dist-info → kollabor-0.4.15.dist-info}/entry_points.txt +0 -0
{kollabor-0.4.9.dist-info → kollabor-0.4.15.dist-info}/licenses/LICENSE +0 -0

agents/research/dependency-audit.md ADDED Viewed

@@ -0,0 +1,1027 @@
+<!-- Dependency Audit skill - security and compliance investigation of project dependencies -->
+dependency-audit mode: READ ONLY SECURITY AUDIT
+when this skill is active, you follow systematic dependency investigation.
+this is a comprehensive guide to auditing project dependencies.
+PHASE 0: ENVIRONMENT AND PACKAGE MANAGER VERIFICATION
+before auditing ANY dependencies, identify the package manager and tools.
+identify the package manager
+  check for python package managers:
+    <terminal>ls -la | grep -E "(requirements\.txt|pyproject\.toml|setup\.py|Pipfile|poetry\.lock|pyproject\.toml)"</terminal>
+  check for node package managers:
+    <terminal>ls -la | grep -E "(package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml)"</terminal>
+  check for rust:
+    <terminal>ls -la | grep -E "Cargo\.toml|Cargo\.lock"</terminal>
+  check for go:
+    <terminal>ls -la | grep -E "go\.mod|go\.sum"</terminal>
+  check for java/maven:
+    <terminal>ls -la | grep -E "pom\.xml"</terminal>
+  check for java/gradle:
+    <terminal>ls -la | grep -E "build\.gradle|gradle\.lockfile"</terminal>
+  check for ruby:
+    <terminal>ls -la | grep -E "Gemfile|gemfile\.lock"</terminal>
+  check for php/composer:
+    <terminal>ls -la | grep -E "composer\.json|composer\.lock"</terminal>
+verify audit tools availability
+  python vulnerability scanners:
+    <terminal>which pip-audit</terminal>
+    <terminal>pip-audit --version 2>/dev/null || echo "pip-audit not installed"</terminal>
+    <terminal>which safety</terminal>
+    <terminal>safety --version 2>/dev/null || echo "safety not installed"</terminal>
+    <terminal>which bandit</terminal>
+    <terminal>bandit --version 2>/dev/null || echo "bandit not installed"</terminal>
+  node vulnerability scanners:
+    <terminal>which npm</terminal>
+    <terminal>npm --version</terminal>
+    <terminal>which yarn</terminal>
+    <terminal>yarn --version 2>/dev/null || echo "yarn not installed"</terminal>
+  general scanners:
+    <terminal>which snyk</terminal>
+    <terminal>snyk --version 2>/dev/null || echo "snyk not installed"</terminal>
+    <terminal>which grype</terminal>
+    <terminal>grype --version 2>/dev/null || echo "grype not installed"</terminal>
+    <terminal>which trivy</terminal>
+    <terminal>trivy --version 2>/dev/null || echo "trivy not installed"</terminal>
+install missing tools if authorized
+  for python projects:
+    <terminal>pip install pip-audit safety bandit 2>/dev/null || echo "install failed"</terminal>
+  for container scanning:
+    <terminal>brew install grype trivy 2>/dev/null || echo "install failed"</terminal>
+  note: research agent reports tool availability, does not force installation.
+verify lock files exist
+  lock files are critical for accurate audits:
+  python:
+    <terminal>ls -la pipenv.lock poetry.lock requirements.txt 2>/dev/null</terminal>
+  node:
+    <terminal>ls -la package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null</terminal>
+  rust:
+    <terminal>ls -la Cargo.lock 2>/dev/null</terminal>
+  go:
+    <terminal>ls -la go.sum 2>/dev/null</terminal>
+PHASE 1: DEPENDENCY INVENTORY
+list all direct dependencies
+  python - requirements.txt:
+    <read><file>requirements.txt</file></read>
+  python - pyproject.toml:
+    <terminal>cat pyproject.toml 2>/dev/null | grep -A50 "dependencies"</terminal>
+  python - setup.py:
+    <terminal>cat setup.py 2>/dev/null | grep -A30 "install_requires"</terminal>
+  python - pipenv:
+    <terminal>cat Pipfile 2>/dev/null | grep -A20 "\[packages\]"</terminal>
+  python - poetry:
+    <terminal>cat pyproject.toml 2>/dev/null | grep -A50 "\[tool.poetry.dependencies\]"</terminal>
+  node - package.json:
+    <terminal>cat package.json 2>/dev/null | grep -A100 '"dependencies"'</terminal>
+  rust - cargo.toml:
+    <terminal>cat Cargo.toml 2>/dev/null | grep -A50 "\[dependencies\]"</terminal>
+  go - go.mod:
+    <terminal>cat go.mod 2>/dev/null | grep -A100 "require"</terminal>
+list all transitive dependencies
+  python:
+    <terminal>pip list 2>/dev/null | head -50</terminal>
+    <terminal>pip freeze 2>/dev/null | head -50</terminal>
+  node:
+    <terminal>npm list 2>/dev/null | head -50</terminal>
+    <terminal>npm list --all 2>/dev/null | wc -l</terminal>
+  rust:
+    <terminal>cargo tree 2>/dev/null | head -50</terminal>
+  go:
+    <terminal>go list -m all 2>/dev/null | head -50</terminal>
+count dependencies by category
+  python:
+    <terminal>pip list 2>/dev/null | wc -l</terminal>
+    <terminal>pip freeze 2>/dev/null | wc -l</terminal>
+  node:
+    <terminal>npm list --all 2>/dev/null | grep -v "extraneous" | wc -l</terminal>
+  count direct dependencies:
+    <terminal>cat package.json 2>/dev/null | grep -A100 '"dependencies"' | grep '":' | grep -v '"dependencies"' | wc -l</terminal>
+  count dev dependencies:
+    <terminal>cat package.json 2>/dev/null | grep -A100 '"devDependencies"' | grep '":' | grep -v '"devDependencies"' | wc -l</terminal>
+document dependency inventory
+  direct dependencies: [count]
+  transitive dependencies: [count]
+  total: [count]
+  largest dependency trees:
+    - [package] - [transitive count]
+  dependency sources:
+    - [registry 1] - [count]
+    - [registry 2] - [count]
+PHASE 2: VULNERABILITY SCANNING
+run pip-audit for python projects
+  basic scan:
+    <terminal>pip-audit 2>/dev/null || pip-audit --requirement requirements.txt 2>/dev/null</terminal>
+  scan with lock file:
+    <terminal>pip-audit --requirement requirements.txt 2>/dev/null</terminal>
+  scan installed packages:
+    <terminal>pip-audit --local 2>/dev/null</terminal>
+  detailed output:
+    <terminal>pip-audit --format json 2>/dev/null</terminal>
+  strict mode (fail on any vuln):
+    <terminal>pip-audit --strict 2>/dev/null</terminal>
+run safety for python projects
+  basic scan:
+    <terminal>safety check --file requirements.txt 2>/dev/null || safety check 2>/dev/null</terminal>
+  json output:
+    <terminal>safety check --json 2>/dev/null</terminal>
+  detailed report:
+    <terminal>safety check --full-report 2>/dev/null</terminal>
+  scan installed packages:
+    <terminal>safety check 2>/dev/null</terminal>
+run npm audit for node projects
+  basic scan:
+    <terminal>npm audit 2>/dev/null</terminal>
+  json output:
+    <terminal>npm audit --json 2>/dev/null</terminal>
+  fixable vulnerabilities:
+    <terminal>npm audit --fix --dry-run 2>/dev/null</terminal>
+  production dependencies only:
+    <terminal>npm audit --production 2>/dev/null>
+run yarn audit for node projects
+  basic scan:
+    <terminal>yarn audit 2>/dev/null</terminal>
+  json output:
+    <terminal>yarn audit --json 2>/dev/null</terminal>
+run cargo audit for rust projects
+  <terminal>cargo audit 2>/dev/null || echo "cargo-audit not installed"</terminal>
+  install if needed:
+    <terminal>cargo install cargo-audit 2>/dev/null</terminal>
+run go vulnerability checks
+  <terminal>govulncheck ./... 2>/dev/null || echo "govulncheck not installed"</terminal>
+run snyk if available
+  authenticate first:
+    <terminal>snyk auth 2>/dev/null || echo "authentication required"</terminal>
+  test for vulnerabilities:
+    <terminal>snyk test 2>/dev/null</terminal>
+  monitor dependencies:
+    <terminal>snyk monitor 2>/v/null || echo "monitoring requires auth"</terminal>
+run container scanning if dockerfiles exist
+  <terminal>find . -name "Dockerfile*" -o -name "docker-compose*" | head -5</terminal>
+  with grype:
+    <terminal>grype . 2>/dev/null || echo "grype scan failed"</terminal>
+  with trivy:
+    <terminal>trivy fs . 2>/dev/null || echo "trivy scan failed"</terminal>
+document vulnerability findings
+  critical: [count] - [package names]
+  high: [count] - [package names]
+  medium: [count] - [package names]
+  low: [count] - [package names]
+  vulnerable packages:
+    - [package] - [version] - [cve id] - [severity] - [fix available]
+PHASE 3: LICENSE COMPLIANCE
+extract license information
+  python:
+    <terminal>pip show [package-name] 2>/dev/null | grep -i license</terminal>
+    <terminal>pip-licenses 2>/dev/null || pip install pip-licenses 2>/dev/null && pip-licenses 2>/dev/null</terminal>
+    <terminal>pip-licenses --format=json 2>/dev/null</terminal>
+  node:
+    <terminal>npm list --json --depth=0 2>/dev/null | grep -i license</terminal>
+    <terminal>cat package.json 2>/dev/null | grep -A3 "license"</terminal>
+    <terminal>npm ls --long 2>/dev/null | grep -i license</terminal>
+  rust:
+    <terminal>cato about 2>/dev/null | grep -i license</terminal>
+identify license types in use
+  python:
+    <terminal>pip-licenses --from=classification 2>/dev/null</terminal>
+    <terminal>pip-licenses --only-classifier 2>/dev/null</terminal>
+  common license types to look for:
+    - mit (permissive, widely compatible)
+    - apache-2.0 (permissive, patent clause)
+    - bsd-3-clause (permissive)
+    - gplv3 (copyleft, requires derivative works to be gpl)
+    - lgplv3 (lesser gpl, allows linking)
+    - mpl-2.0 (weak copyleft)
+    - unlicense (public domain)
+    - proprietary/commercial (restrictive)
+check for problematic licenses
+  gpl/agpl/lgpl detection:
+    <terminal>pip-licenses --grep=gpl 2>/dev/null || echo "pip-licenses not available"</terminal>
+    <terminal>pip-licenses --grep=affero 2>/dev/null</terminal>
+  sspl (server side public license) detection:
+    <terminal>grep -ri "sspl" package.json README.md LICENSE* 2>/dev/null</terminal>
+  proprietary licenses:
+    <terminal>pip-licenses --fail-on="proprietary" --format=csv 2>/dev/null || echo "check failed"</terminal>
+generate license report
+  python - full license report:
+    <terminal>pip-licenses --format=markdown --output-file=LICENSES.md 2>/dev/null</terminal>
+    <terminal>pip-licenses --format=csv --output-file=LICENSES.csv 2>/dev/null</terminal>
+  node:
+    <terminal>npm install -g license-report 2>/dev/null && license-report --output=csv 2>/dev/null</terminal>
+    <terminal>npm install -g nlf && nlf 2>/dev/null</terminal>
+check project license compatibility
+  read project license:
+    <read><file>LICENSE</file></read>
+    <read><file>LICENSE.txt</file></read>
+    <read><file>LICENSE.md</file></read>
+  check license declaration:
+    <terminal>cat pyproject.toml 2>/dev/null | grep -i license</terminal>
+    <terminal>cat package.json 2>/dev/null | grep -i license</terminal>
+document license findings
+  project license: [license type]
+  dependency licenses:
+    - mit: [count]
+    - apache-2.0: [count]
+    - bsd: [count]
+    - gpl/gplv3/lgpl: [count]
+    - other: [count]
+  compatibility concerns:
+    - [package] - [license] - [compatibility issue]
+PHASE 4: DEPENDENCY FRESHNESS
+identify outdated dependencies
+  python:
+    <terminal>pip list --outdated 2>/dev/null | head -30</terminal>
+    <terminal>pip list --outdated --format=json 2>/dev/null</terminal>
+  node:
+    <terminal>npm outdated 2>/dev/null | head -30</terminal>
+    <terminal>yarn outdated 2>/dev/null | head -30</terminal>
+  rust:
+    <terminal>cargo outdated 2>/dev/null || echo "cargo-outdated not installed"</terminal>
+  go:
+    <terminal>go list -u -m all 2>/dev/null | head -30</terminal>
+check version pinning
+  python - analyze version constraints:
+    <terminal>grep -E "^[a-zA-Z].*==" requirements.txt 2>/dev/null | head -20</terminal>
+    <terminal>grep -E "^[a-zA-Z].*[>=<>{]" requirements.txt 2>/dev/null | head -20</terminal>
+    <terminal>grep -E "^[a-zA-Z].*[^=><{]$]" requirements.txt 2>/dev/null | head -20</terminal>
+  node - analyze semver ranges:
+    <terminal>cat package.json 2>/dev/null | grep -A50 '"dependencies"' | grep -E '\^|~|\*|>=|x'</terminal>
+  check for caret (^) - minor updates allowed:
+    <terminal>cat package.json 2>/dev/null | grep '": "\^' | head -20</terminal>
+  check for tilde (~) - patch updates only:
+    <terminal>cat package.json 2>/dev/null | grep '": "~' | head -20</terminal>
+  check for wildcard (*) - any version:
+    <terminal>cat package.json 2>/dev/null | grep '": "\*'|'": "*"' | head -20</terminal>
+check for unmaintained dependencies
+  python:
+    <terminal>pip index versions [package-name] 2>/dev/null | grep -E "WARNING:|Available versions:"</terminal>
+    check last published date on pypi for critical packages
+  node:
+    <terminal>npm view [package-name] time 2>/dev/null | tail -5</terminal>
+    <terminal>npm view [package-name] --json 2>/dev/null | grep -E '"time"|"version"'</terminal>
+check for deprecated packages
+  python:
+    <terminal>pip show [package-name] 2>/dev/null | grep -i "warning:\|deprecated"</terminal>
+  node:
+    <terminal>npm view [package-name] 2>/dev/null | grep -i "deprecated"</terminal>
+    <terminal>npm deprecate 2>/dev/null || echo "check npm registry directly"</terminal>
+check for security advisories
+  python:
+    <terminal>pip-audit --format json 2>/dev/null | grep -i "advisory"</terminal>
+  node:
+    <terminal>npm audit --json 2>/dev/null | grep -i "advisory"</terminal>
+check for abandoned projects
+  indicators:
+    - no commits in 2+ years
+    - open issues not addressed
+    - no response to prs
+    - depends on unmaintained transitive deps
+  check github activity:
+    <terminal>gh repo view [owner]/[repo] 2>/dev/null || echo "gh cli not available"</terminal>
+document freshness findings
+  severely outdated (major versions behind):
+    - [package] - [current] - [latest]
+  moderately outdated (minor versions behind):
+    - [package] - [current] - [latest]
+  unmaintained packages:
+    - [package] - [last update date] - [impact]
+  deprecated packages:
+    - [package] - [replacement]
+PHASE 5: UNUSED DEPENDENCY ANALYSIS
+identify potentially unused dependencies
+  python:
+    <terminal>pip install pipdeptree 2>/dev/null</terminal>
+    <terminal>pipdeptree 2>/dev/null | grep -v "==" | head -50</terminal>
+    find deps not imported anywhere:
+      <terminal>grep -r "^import\|^from" --include="*.py" . 2>/dev/null | sed 's/from //' | sed 's/ import.*//' | sort | uniq</terminal>
+  node:
+    <terminal>npm install -g depcheck 2>/dev/null</terminal>
+    <terminal>depcheck 2>/dev/null || echo "depcheck not available"</terminal>
+    <terminal>npx depcheck 2>/dev/null</terminal>
+    <terminal>npm ls --depth=0 2>/dev/null</terminal>
+find dev dependencies in production
+  python:
+    <terminal>grep -i "pytest\|test\|lint\|black\|flake8\|mypy" requirements.txt 2>/dev/null</terminal>
+  node:
+    <terminal>cat package.json 2>/dev/null | grep -A20 '"dependencies"' | grep -E "jest|test|vitest|cypress|eslint|prettier|webpack"</terminal>
+find duplicate functionality
+  multiple http clients:
+    <terminal>grep -r "requests\|httpx\|urllib\|aiohttp" --include="*.py" . 2>/dev/null | wc -l</terminal>
+  multiple cli frameworks:
+    <terminal>grep -r "click\|typer\|argparse\|fire" --include="*.py" . 2>/dev/null | wc -l</terminal>
+  multiple testing frameworks:
+    <terminal>grep -r "pytest\|unittest\|nose" --include="*.py" . 2>/dev/null | wc -l</terminal>
+  node:
+    <terminal>cat package.json 2>/dev/null | grep -E "lodash|underscore|ramda"</terminal>
+    <terminal>cat package.json 2>/dev/null | grep -E "moment|date-fns|dayjs|luxon"</terminal>
+document unused dependencies
+  potentially unused:
+    - [package] - [not imported, 0 references]
+  dev deps in production:
+    - [package] - [should be devdependency]
+  duplicate functionality:
+    - [package 1] + [package 2] - [same purpose]
+PHASE 6: DEPENDENCY SIZE ANALYSIS
+analyze bundle/package size
+  node:
+    <terminal>npm install -g cost-of-modules 2>/dev/null</terminal>
+    <terminal>cost-of-modules 2>/dev/null || npx cost-of-modules 2>/dev/null</terminal>
+    <terminal>du -sh node_modules/ 2>/dev/null</terminal>
+    find largest packages:
+      <terminal>du -sh node_modules/*/ 2>/dev/null | sort -rh | head -20</terminal>
+  python:
+    <terminal>pip install pip-disk 2>/dev/null</terminal>
+    <terminal>pip disk 2>/dev/null || echo "pip-disk not available"</terminal>
+    find largest packages:
+      <terminal>pip show -f [package-name] 2>/dev/null | grep "Location:" | head -1</terminal>
+      <terminal>du -sh $(pip show [package-name] 2>/dev/null | grep Location: | cut -d' ' -f2)/*/[package-name]* 2>/dev/null</terminal>
+find oversized dependencies
+  node:
+    <terminal>ls -lh node_modules/ | head -30</terminal>
+    check for webpacked dependencies:
+      <terminal>find node_modules -name "*.umd.min.js" -o -name "*.bundle.js" 2>/dev/null | xargs ls -lh 2>/dev/null | head -20</terminal>
+check for tree-shaking potential
+  node:
+    <terminal>cat package.json 2>/dev/null | grep -A50 '"dependencies"' | grep -E "lodash|moment"</terminal>
+    lodash individual imports vs full:
+      <terminal>grep -r "from 'lodash'" --include="*.js" --include="*.ts" . 2>/dev/null | wc -l</terminal>
+      <terminal>grep -r "from 'lodash/" --include="*.js" --include="*.ts" . 2>/dev/null | wc -l</terminal>
+document size findings
+  total dependency size: [disk usage]
+  largest packages:
+    - [package] - [size] - [purpose]
+  optimization opportunities:
+    - [package] - [lighter alternative available]
+PHASE 7: TRANSITIVE DEPENDENCY ANALYZIS
+visualize dependency trees
+  python:
+    <terminal>pipdeptree --graph 2>/dev/null | head -50</terminal>
+    <terminal>pipdeptree --packages 2>/dev/null | head -30</terminal>
+  node:
+    <terminal>npm ls 2>/dev/null | head -50</terminal>
+    <terminal>npm ls --json 2>/dev/null | head -100</terminal>
+  rust:
+    <terminal>cargo tree 2>/dev/null | head -50</terminal>
+    <terminal>cargo tree --duplicates 2>/dev/null</terminal>
+find duplicate dependencies
+  rust:
+    <terminal>cargo tree --duplicates 2>/dev/null</terminal>
+  node:
+    <terminal>npm ls --json 2>/dev/null | grep -E '"deduped"' | wc -l</terminal>
+  python:
+    <terminal>pipdeptree --json 2>/dev/null | grep -E '"key".*:"[^"]+",' | sort | uniq -d</terminal>
+find conflicting version requirements
+  python:
+    <terminal>pip install pip-check 2>/dev/null</terminal>
+    <terminal>pip-check 2>/dev/null || echo "pip-check not available"</terminal>
+  node:
+    <terminal>npm ls --json 2>/dev/null | grep -A2 '"extraneous"'</terminal>
+identify dependency hell risks
+  circular dependency indicators:
+    <terminal>pipdeptree --graph 2>/dev/null | grep -B2 -A2 "cycle"</terminal>
+  version conflicts:
+    <terminal>pipdeptree --packages --json 2>/dev/null | python -c "import sys,json; d=json.load(sys.stdin); [print(p['key']) for p in d if p.get('dependencies')]" 2>/dev/null</terminal>
+document transitive issues
+  dependency depth:
+    - shallowest: [package] - [depth]
+    - deepest: [package] - [depth]
+  duplicate versions:
+    - [package] - [count of different versions]
+  version conflicts:
+    - [package 1] requires [package 2] [version a]
+    - [package 3] requires [package 2] [version b]
+PHASE 8: SECURITY BEST PRACTICES REVIEW
+check for hardcoded credentials in dependencies
+  scan node_modules for secrets:
+    <terminal>grep -r "api_key\|apikey\|api-key\|password\|secret\|token" node_modules/ 2>/dev/null | grep -v node_modules/.bin | head -20</terminal>
+  scan site-packages for secrets:
+    <terminal>grep -r "api_key\|apikey\|api-key\|password\|secret\|token" $(pip show pip 2>/dev/null | grep Location | cut -d' ' -f2) 2>/dev/null | head -20</terminal>
+check for known malicious packages
+  python:
+    <terminal>pip-audit --no-deps 2>/dev/null</terminal>
+    cross-reference with:
+    - https://github.com/pypa/advisory-database
+    - https://pysec.io
+  node:
+    <terminal>npm audit 2>/dev/null</terminal>
+    cross-reference with:
+    - https://github.com/nodejs/security-wg
+    - https://npmjs.com/advisories
+check for typosquatting attacks
+  look for suspicious package names:
+    - slight misspellings of popular packages
+    - packages with similar names to official ones
+  python:
+    <terminal>pip list 2>/dev/null | grep -E "requets|reqeusts|djanggo|flaskk|numpyy"</terminal>
+  node:
+    <terminal>npm ls 2>/dev/null | grep -E "expreess|reactt|nodemonn|babel|wekpack"</terminal>
+  verify official packages:
+    <terminal>npm view [package-name] 2>/dev/null | grep -E "author|maintainer|license"</terminal>
+check for scripts in dependencies
+  node - examine install scripts:
+    <terminal>cat node_modules/[package-name]/package.json 2>/dev/null | grep -A10 '"scripts"'</terminal>
+    <terminal>find node_modules -name "package.json" -exec grep -l "preinstall\|postinstall\|prepublish" {} \; 2>/dev/null | head -20</terminal>
+  python - check for post-install hooks:
+    <terminal>pip show -f [package-name] 2>/dev/null | grep -E "\.exe$|\.sh$|\.bat$"</terminal>
+document security concerns
+  critical vulnerabilities:
+    - [cve-id] - [package] - [severity] - [exploitability]
+  suspicious packages:
+    - [package] - [reason for concern]
+  risky scripts:
+    - [package] - [script type] - [what it does]
+PHASE 9: SUPPLY CHAIN ANALYSIS
+check for signed packages
+  python:
+    <terminal>pip install -q certifi 2>/dev/null</terminal>
+    check if downloads are verified:
+      <terminal>pip install [package-name] --dry-run --verbose 2>/dev/null | grep -i "verified\|signed"</terminal>
+  node:
+    <terminal>npm config get registry 2>/dev/null</terminal>
+    <terminal>npm audit --json 2>/dev/null | grep -i "integrity"</terminal>
+check for checksum verification
+  verify package integrity:
+    <terminal>cat package-lock.json 2>/dev/null | grep -i "integrity\|sha512"</terminal>
+    <terminal>cat yarn.lock 2>/dev/null | grep -i "checksum\|integrity"</terminal>
+    <terminal>cat Cargo.lock 2>/dev/null | grep -i "checksum"</terminal>
+    <terminal>cat go.sum 2>/dev/null | head -20</terminal>
+check for provenance
+  node - npm provenance:
+    <terminal>npm view [package-name] --json 2>/dev/null | grep -E "provenance|attestation"</terminal>
+  python - PyPI provenance:
+    check package page on pypi.org for provenance badges
+identify subdependency risks
+  scan for dependencies from unknown sources:
+    <terminal>pipdeptree --json 2>/dev/null | python -c "import sys,json; d=json.load(sys.stdin); deps=set(); [deps.add(p.get('package_name','')) for p in d]; print('\n'.join(sorted(deps)))" 2>/dev/null</terminal>
+  check registry sources:
+    <terminal>cat .npmrc 2>/dev/null | grep -i registry</terminal>
+    <terminal>cat pip.conf 2>/dev/null || cat pip.ini 2>/dev/null || cat ~/.pip/pip.conf 2>/dev/null | grep -i index-url</terminal>
+document supply chain status
+  verified packages: [count] / [total]
+  unsigned packages:
+    - [package] - [no signature]
+  registry security:
+    - source registry: [url]
+    - tls: [yes/no]
+    - verified: [yes/no]
+PHASE 10: COMPLIANCE AND POLICY CHECKS
+check against organizational policies
+  common policy violations:
+  gpl/agpl in commercial products:
+    <terminal>pip-licenses --grep=gpl --fail-on="gpl" 2>/dev/null || echo "no gpl found"</terminal>
+  weak cryptographic algorithms:
+    <terminal>grep -r "md5\|sha1" --include="*.py" --include="*.js" . 2>/dev/null | wc -l</terminal>
+  deprecated tls versions:
+    <terminal>grep -r "tlsv1\|tlsv1\.1" --include="*.py" --include="*.js" . 2>/dev/null | wc -l</terminal>
+check for data collection/telemetry
+  scan for telemetry code:
+    <terminal>grep -r "telemetry\|analytics\|segment\|mixpanel\|amplitude" --include="*.py" --include="*.js" node_modules/ site-packages/ 2>/dev/null | grep -v "__pycache__" | head -20</terminal>
+  check package metadata:
+    <terminal>npm view [package-name] --json 2>/dev/null | grep -E "segment|analytics|telemetry"</terminal>
+check for gdpr/ccpa compliance
+  identify data processing packages:
+    <terminal>pip list 2>/dev/null | grep -i "analytics|tracking|monitoring|telemetry"</terminal>
+  check privacy policy references:
+    <terminal>grep -r "privacy\|gdpr\|data.*collect" node_modules/*/README.md 2>/dev/null | head -10</terminal>
+document compliance status
+  policy compliance:
+    - gpl-free: [yes/no]
+    - encryption standards: [met/violated]
+    - telemetry: [present/absent]
+    - data collection: [identified packages]
+  legal risks:
+    - [package] - [license] - [restriction]
+PHASE 11: AUDIT REPORT TEMPLATE
+use this template to structure your findings:
+dependency audit report
+generated: [timestamp]
+summary:
+  total dependencies: [direct] + [transitive]
+  critical vulnerabilities: [count]
+  high vulnerabilities: [count]
+  license issues: [count]
+  outdated packages: [count]
+vulnerability findings:
+  critical:
+    - [cve-id] - [package] [version] - [description] - [fix version]
+  high:
+    - [cve-id] - [package] [version] - [description] - [fix version]
+  medium:
+    - [cve-id] - [package] [version] - [description] - [fix version]
+  low:
+    - [cve-id] - [package] [version] - [description] - [fix version]
+license compliance:
+  project license: [type]
+  dependency licenses:
+    - mit: [count]
+    - apache-2.0: [count]
+    - bsd: [count]
+    - gpl/gplv3/lgpl: [count] - [list if any]
+    - other: [count]
+  compatibility concerns:
+    - [package] - [license] - [issue]
+freshness assessment:
+  severely outdated (major versions):
+    - [package] - [current] - [latest] - [risk]
+  unmaintained:
+    - [package] - [last update] - [impact]
+  deprecated:
+    - [package] - [replacement]
+unused/unnecessary:
+  unused dependencies:
+    - [package] - [no imports found]
+  dev deps in production:
+    - [package] - [should be devdependency]
+  duplicate functionality:
+    - [package 1] + [package 2] - [both do x]
+size analysis:
+  total dependency size: [disk usage]
+  largest packages:
+    - [package] - [size]
+  optimization candidates:
+    - [package] - [lighter alternative]
+supply chain:
+  signed packages: [count] / [total]
+  verified integrity: [yes/no]
+  suspicious packages:
+    - [package] - [concern]
+recommendations:
+  immediate actions:
+    [1] [action] - [package affected]
+    [2] [action] - [package affected]
+  short term:
+    [1] [action] - [reason]
+    [2] [action] - [reason]
+  long term:
+    [1] [action] - [reason]
+PHASE 12: AUDIT RULES (STRICT MODE)
+while this skill is active, these rules are MANDATORY:
+  [1] NEVER modify files
+      research agent only reads and reports
+      use <terminal> and <read> tags only
+      no <edit> or <create> tags
+  [2] never auto-fix vulnerabilities
+      report findings only
+      let the user decide remediation
+      note available fixes
+  [3] verify findings from multiple sources
+      cross-reference vulnerability databases
+      check advisory links
+      confirm severity ratings
+  [4] document evidence
+      include cve ids
+      include advisory links
+      include version numbers
+  [5] prioritize by risk
+      critical > high > medium > low
+      consider exploitability
+      consider project exposure
+  [6] note uncertainty
+      if tool is unavailable, say so
+      if check cannot be performed, explain why
+      distinguish between confirmed and suspected issues
+  [7] be thorough but concise
+      scan all dependencies
+      summarize findings in report
+      include actionable recommendations
+FINAL REMINDERS
+dependency auditing is security reconnaissance
+you are finding risks, not fixing them.
+clear reporting enables remediation.
+context matters
+a vulnerability in a dev-only tool
+is different from one in production code.
+consider usage context when reporting.
+the report drives action
+prioritize clearly.
+provide evidence.
+include fix information.
+you enable security
+your thoroughness prevents breaches.
+your attention to detail protects users.
+your reporting informs decisions.
+now go audit some dependencies.

kollabor 0.4.9__py3-none-any.whl → 0.4.15__py3-none-any.whl

kollabor 0.4.9py3-none-any.whl → 0.4.15py3-none-any.whl