moai-adk 0.3.13__py3-none-any.whl → 0.4.1__py3-none-any.whl

moai_adk/templates/.claude/skills/moai-domain-data-science/SKILL.md

@@ -0,0 +1,98 @@
+---
+
+name: moai-domain-data-science
+description: Data analysis, visualization, statistical modeling, and reproducible research workflows. Use when working on data science workflows scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# Data Science Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for analytics and DS work |
+| Trigger cues | Notebook workflows, data pipelines, feature engineering, experimentation plans. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in data analysis workflows, statistical modeling, data visualization, and reproducible research practices using Python (pandas, scikit-learn) or R (tidyverse).
+
+## When to use
+
+- Engages when analytics, experimentation, or data science implementation is requested.
+- “Data analysis”, “Visualization”, “Statistical modeling”, “Reproducible research”
+- Automatically invoked when working with data science projects
+- Data science SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**Data Analysis (Python)**:
+- **pandas**: Data manipulation (DataFrames, groupby, merge)
+- **numpy**: Numerical computing
+- **scipy**: Scientific computing, statistics
+- **statsmodels**: Statistical modeling
+
+**Data Analysis (R)**:
+- **tidyverse**: dplyr, ggplot2, tidyr
+- **data.table**: High-performance data manipulation
+- **caret**: Machine learning framework
+
+**Visualization**:
+- **matplotlib/seaborn**: Python plotting
+- **plotly**: Interactive visualizations
+- **ggplot2**: R grammar of graphics
+- **D3.js**: Web-based visualizations
+
+**Statistical Modeling**:
+- **Hypothesis testing**: t-tests, ANOVA, chi-square
+- **Regression**: Linear, logistic, polynomial
+- **Time series**: ARIMA, seasonal decomposition
+- **Bayesian inference**: PyMC3, Stan
+
+**Reproducible Research**:
+- **Jupyter notebooks**: Interactive analysis
+- **R Markdown**: Literate programming
+- **Version control**: Git for notebooks (nbstripout)
+- **Environment management**: conda, renv
+
+## Examples
+```markdown
+- Orchestrate data prep → training → evaluation steps.
+- Export metrics (precision/recall) to the Quality Report.
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Google. "Rules of Machine Learning." https://developers.google.com/machine-learning/guides/rules-of-ml (accessed 2025-03-29).
+- Netflix. "Metaflow: Human-Centric Framework for Data Science." https://metaflow.org/ (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (analysis testing)
+- python-expert/r-expert (implementation)
+- ml-expert (advanced modeling)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-database/SKILL.md

@@ -0,0 +1,100 @@
+---
+
+name: moai-domain-database
+description: Database design, schema optimization, indexing strategies, and migration management. Use when working on database integration tasks scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# Database Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for data layer design |
+| Trigger cues | Schema modeling, migration planning, query optimization, indexing strategy. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in database design, schema normalization, indexing strategies, query optimization, and safe migration management for SQL and NoSQL databases.
+
+## When to use
+
+- Engages when the conversation focuses on database design or tuning.
+- “Database design”, “Schema optimization”, “Index strategy”, “Migration”
+- Automatically invoked when working with database projects
+- Database SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**Schema Design**:
+- **Normalization**: 1NF, 2NF, 3NF, BCNF
+- **Denormalization**: Performance trade-offs
+- **Constraints**: Primary keys, foreign keys, unique, check
+- **Data types**: Choosing appropriate types
+
+**Indexing Strategies**:
+- **B-tree indices**: General-purpose indexing
+- **Hash indices**: Exact match queries
+- **Full-text indices**: Text search
+- **Composite indices**: Multi-column indexing
+- **Index maintenance**: REINDEX, VACUUM
+
+**Query Optimization**:
+- **EXPLAIN/EXPLAIN ANALYZE**: Query plan analysis
+- **JOIN optimization**: INNER, LEFT, RIGHT, FULL
+- **Subquery vs JOIN**: Performance comparison
+- **N+1 query problem**: Eager loading
+- **Query caching**: Redis, Memcached
+
+**Migration Management**:
+- **Version control**: Flyway, Liquibase, Alembic
+- **Rollback strategies**: Backward compatibility
+- **Zero-downtime migrations**: Expand-contract pattern
+- **Data migrations**: Safe data transformations
+
+**Database Types**:
+- **SQL**: PostgreSQL, MySQL, SQLite
+- **NoSQL**: MongoDB, Redis, Cassandra
+- **NewSQL**: CockroachDB, Vitess
+
+## Examples
+```bash
+$ alembic upgrade head
+$ psql -f audits/verify_constraints.sql
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Fowler, Martin. "Evolutionary Database Design." https://martinfowler.com/articles/evodb.html (accessed 2025-03-29).
+- AWS. "Database Tuning Best Practices." https://aws.amazon.com/blogs/database/ (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (migration testing)
+- sql-expert (SQL implementation)
+- backend-expert (ORM integration)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-devops/SKILL.md

@@ -0,0 +1,100 @@
+---
+
+name: moai-domain-devops
+description: CI/CD pipelines, Docker containerization, Kubernetes orchestration, and infrastructure as code. Use when working on DevOps automation scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# DevOps Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for platform and CI/CD topics |
+| Trigger cues | Infrastructure as code, pipeline design, release automation, observability setup. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in continuous integration/deployment (CI/CD), Docker containerization, Kubernetes orchestration, and infrastructure as code (IaC) for automated deployment workflows.
+
+## When to use
+
+- Engages when DevOps, CI/CD, or infrastructure automation is required.
+- “CI/CD pipeline”, “Docker containerization”, “Kubernetes deployment”, “infrastructure code”
+- Automatically invoked when working with DevOps projects
+- DevOps SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**CI/CD Pipelines**:
+- **GitHub Actions**: Workflow automation (.github/workflows)
+- **GitLab CI**: .gitlab-ci.yml configuration
+- **Jenkins**: Pipeline as code (Jenkinsfile)
+- **CircleCI**: .circleci/config.yml
+- **Pipeline stages**: Build → Test → Deploy
+
+**Docker Containerization**:
+- **Dockerfile**: Multi-stage builds for optimization
+- **docker-compose**: Local development environments
+- **Image optimization**: Layer caching, alpine base images
+- **Container registries**: Docker Hub, GitHub Container Registry
+
+**Kubernetes Orchestration**:
+- **Deployments**: Rolling updates, rollbacks
+- **Services**: LoadBalancer, ClusterIP, NodePort
+- **ConfigMaps/Secrets**: Configuration management
+- **Helm charts**: Package management
+- **Ingress**: Traffic routing
+
+**Infrastructure as Code (IaC)**:
+- **Terraform**: Cloud-agnostic provisioning
+- **Ansible**: Configuration management
+- **CloudFormation**: AWS-specific IaC
+- **Pulumi**: Programmatic infrastructure
+
+**Monitoring & Logging**:
+- **Prometheus**: Metrics collection
+- **Grafana**: Visualization
+- **ELK Stack**: Logging (Elasticsearch, Logstash, Kibana)
+
+## Examples
+```bash
+$ terraform fmt && terraform validate
+$ ansible-playbook deploy.yml --check
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Google SRE. "Site Reliability Engineering." https://sre.google/books/ (accessed 2025-03-29).
+- HashiCorp. "Terraform Best Practices." https://developer.hashicorp.com/terraform/intro (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (deployment validation)
+- shell-expert (shell scripting for automation)
+- security-expert (secure deployments)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-frontend/SKILL.md

@@ -0,0 +1,99 @@
+---
+
+name: moai-domain-frontend
+description: React/Vue/Angular development with state management, performance optimization, and accessibility. Use when working on frontend interfaces scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# Frontend Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for frontend delivery |
+| Trigger cues | Component architecture, design systems, accessibility, performance budgets. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in modern frontend development using React, Vue, or Angular, including state management patterns, performance optimization techniques, and accessibility (a11y) best practices.
+
+## When to use
+
+- Engages when building or reviewing UI/front-end experiences.
+- “Front-end development”, “React components”, “state management”, “performance optimization”
+- Automatically invoked when working with frontend projects
+- Frontend SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**React Development**:
+- **Functional components**: Hooks (useState, useEffect, useMemo)
+- **State management**: Redux, Zustand, Jotai
+- **Performance**: React.memo, useCallback, code splitting
+- **Testing**: React Testing Library
+
+**Vue Development**:
+- **Composition API**: setup(), reactive(), computed()
+- **State management**: Pinia, Vuex
+- **Performance**: Virtual scrolling, lazy loading
+- **Testing**: Vue Test Utils
+
+**Angular Development**:
+- **Components**: TypeScript classes with decorators
+- **State management**: NgRx, Akita
+- **Performance**: OnPush change detection, lazy loading
+- **Testing**: Jasmine, Karma
+
+**Performance Optimization**:
+- **Code splitting**: Dynamic imports, route-based splitting
+- **Lazy loading**: Images, components
+- **Bundle optimization**: Tree shaking, minification
+- **Web Vitals**: LCP, FID, CLS optimization
+
+**Accessibility (a11y)**:
+- **Semantic HTML**: Proper use of HTML5 elements
+- **ARIA attributes**: Roles, labels, descriptions
+- **Keyboard navigation**: Focus management
+- **Screen reader support**: Alt text, aria-live
+
+## Examples
+```bash
+$ npm run lint && npm run test
+$ npm run build -- --profiling
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Google. "Web.dev Performance Guidelines." https://web.dev/fast/ (accessed 2025-03-29).
+- W3C. "Web Content Accessibility Guidelines (WCAG) 2.2." https://www.w3.org/TR/WCAG22/ (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (frontend testing)
+- typescript-expert (type-safe React/Vue)
+- alfred-performance-optimizer (performance profiling)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-ml/SKILL.md

@@ -0,0 +1,99 @@
+---
+
+name: moai-domain-ml
+description: Machine learning model training, evaluation, deployment, and MLOps workflows. Use when working on machine learning pipelines scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# ML Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for ML lifecycle |
+| Trigger cues | Model training, evaluation, deployment, MLOps guardrails. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in machine learning model development, training, evaluation, hyperparameter tuning, deployment, and MLOps workflows for production ML systems.
+
+## When to use
+
+- Engages when machine learning workflows or model operations are discussed.
+- “Machine learning model development”, “model training”, “model deployment”, “MLOps”
+- Automatically invoked when working with ML projects
+- ML SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**Model Training**:
+- **scikit-learn**: Classical ML (RandomForest, SVM, KNN)
+- **TensorFlow/Keras**: Deep learning (CNN, RNN, Transformers)
+- **PyTorch**: Research-oriented deep learning
+- **XGBoost/LightGBM**: Gradient boosting
+
+**Model Evaluation**:
+- **Classification**: Accuracy, precision, recall, F1, ROC-AUC
+- **Regression**: RMSE, MAE, R²
+- **Cross-validation**: k-fold, stratified k-fold
+- **Confusion matrix**: Error analysis
+
+**Hyperparameter Tuning**:
+- **Grid search**: Exhaustive search
+- **Random search**: Stochastic search
+- **Bayesian optimization**: Optuna, Hyperopt
+- **AutoML**: Auto-sklearn, TPOT
+
+**Model Deployment**:
+- **Serialization**: pickle, joblib, ONNX
+- **Serving**: FastAPI, TensorFlow Serving, TorchServe
+- **Containerization**: Docker for reproducibility
+- **Versioning**: MLflow, DVC
+
+**MLOps Workflows**:
+- **Experiment tracking**: MLflow, Weights & Biases
+- **Feature store**: Feast, Tecton
+- **Model registry**: Centralized model management
+- **Monitoring**: Data drift detection, model performance
+
+## Examples
+```markdown
+- Trigger model training pipeline (e.g., `dvc repro`).
+- Register artifact path in Completion Report.
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Google Cloud. "MLOps Continuous Delivery." https://cloud.google.com/architecture/mlops-continuous-delivery-and-automation-pipelines (accessed 2025-03-29).
+- NVIDIA. "MLOps Best Practices." https://developer.nvidia.com/blog/category/ai/ (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (model testing)
+- python-expert (ML implementation)
+- data-science-expert (data preparation)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-mobile-app/SKILL.md

@@ -0,0 +1,93 @@
+---
+
+name: moai-domain-mobile-app
+description: Mobile app development with Flutter and React Native, state management, and native integration. Use when working on mobile application flows scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# Mobile App Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand for mobile flows |
+| Trigger cues | iOS/Android releases, cross-platform tooling, app store compliance, mobile UX. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in cross-platform mobile app development using Flutter (Dart) and React Native (TypeScript), including state management patterns and native module integration.
+
+## When to use
+
+- Engages when mobile application development or release pipelines are in scope.
+- “Mobile app development”, “Flutter widgets”, “React Native components”, “state management”
+- Automatically invoked when working with mobile app projects
+- Mobile app SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**Flutter Development**:
+- **Widget tree**: StatelessWidget, StatefulWidget
+- **State management**: Provider, Riverpod, BLoC
+- **Navigation**: Navigator 2.0, go_router
+- **Platform-specific code**: MethodChannel
+
+**React Native Development**:
+- **Components**: Functional components with hooks
+- **State management**: Redux, MobX, Zustand
+- **Navigation**: React Navigation
+- **Native modules**: Turbo modules, JSI
+
+**Cross-Platform Patterns**:
+- **Responsive design**: Adaptive layouts for phone/tablet
+- **Performance optimization**: Lazy loading, memoization
+- **Offline support**: Local storage, sync strategies
+- **Testing**: Widget tests (Flutter), component tests (RN)
+
+**Native Integration**:
+- **Plugins**: Platform channels, native modules
+- **Permissions**: Camera, location, notifications
+- **Deep linking**: Universal links, app links
+- **Push notifications**: FCM, APNs
+
+## Examples
+```markdown
+- Generate platform-specific builds (`flutter build`, `xcodebuild`).
+- Capture store submission checklist as Todo items.
+```
+
+## Inputs
+- Domain-specific design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- Apple. "Human Interface Guidelines." https://developer.apple.com/design/human-interface-guidelines/ (accessed 2025-03-29).
+- Google. "Material Design." https://m3.material.io/ (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (mobile testing)
+- dart-expert (Flutter development)
+- typescript-expert (React Native development)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.

moai_adk/templates/.claude/skills/moai-domain-security/SKILL.md

@@ -0,0 +1,105 @@
+---
+
+name: moai-domain-security
+description: OWASP Top 10, static analysis (SAST), dependency security, and secrets management. Use when working on security and compliance reviews scenarios.
+allowed-tools:
+  - Read
+  - Bash
+---
+
+# Security Expert
+
+## Skill Metadata
+| Field | Value |
+| ----- | ----- |
+| Allowed tools | Read (read_file), Bash (terminal) |
+| Auto-load | On demand when security keywords appear |
+| Trigger cues | Threat modeling, OWASP findings, secrets management, compliance reviews. |
+| Tier | 4 |
+
+## What it does
+
+Provides expertise in application security, including OWASP Top 10 vulnerabilities, static application security testing (SAST), dependency vulnerability scanning, and secrets management.
+
+## When to use
+
+- Engages when the team asks about security posture or mitigation steps.
+- “Security vulnerability analysis”, “OWASP verification”, “Secret management”, “Dependency security”
+- Automatically invoked when security concerns arise
+- Security SPEC implementation (`/alfred:2-run`)
+
+## How it works
+
+**OWASP Top 10 (2021)**:
+1. **Broken Access Control**: Authorization checks
+2. **Cryptographic Failures**: Encryption at rest/transit
+3. **Injection**: SQL injection, XSS prevention
+4. **Insecure Design**: Threat modeling
+5. **Security Misconfiguration**: Secure defaults
+6. **Vulnerable Components**: Dependency scanning
+7. **Identification/Authentication Failures**: MFA, password policies
+8. **Software/Data Integrity Failures**: Code signing
+9. **Security Logging/Monitoring Failures**: Audit logs
+10. **Server-Side Request Forgery (SSRF)**: Input validation
+
+**Static Analysis (SAST)**:
+- **Semgrep**: Multi-language static analysis
+- **SonarQube**: Code quality + security
+- **Bandit**: Python security linter
+- **ESLint security plugins**: JavaScript security
+
+**Dependency Security**:
+- **Snyk**: Vulnerability scanning
+- **Dependabot**: Automated dependency updates
+- **npm audit**: Node.js vulnerabilities
+- **safety**: Python dependency checker
+
+**Secrets Management**:
+- **Never commit secrets**: .gitignore for .env files
+- **Vault**: Secrets storage (HashiCorp Vault)
+- **Environment variables**: Runtime configuration
+- **Secret scanning**: git-secrets, trufflehog
+
+**Secure Coding Practices**:
+- Input validation and sanitization
+- Parameterized queries (SQL injection prevention)
+- CSP (Content Security Policy) headers
+- HTTPS enforcement
+
+## Examples
+```markdown
+- Run SAST/DAST tools and attach findings summary.
+- Update risk matrix with severity/owner/ETA.
+```
+
+## Inputs
+- Domain-related design documents and user requirements.
+- Project technology stack and operational constraints.
+
+## Outputs
+- Domain-specific architecture or implementation guidelines.
+- Recommended list of associated sub-agents/skills.
+
+## Failure Modes
+- When the domain document does not exist or is ambiguous.
+- When the project strategy is unconfirmed and cannot be specified.
+
+## Dependencies
+- `.moai/project/` document and latest technical briefing are required.
+
+## References
+- OWASP. "Top 10 Web Application Security Risks." https://owasp.org/www-project-top-ten/ (accessed 2025-03-29).
+- NIST. "Secure Software Development Framework." https://csrc.nist.gov/publications/detail/sp/800-218/final (accessed 2025-03-29).
+
+## Changelog
+- 2025-03-29: Codified input/output and failure responses for domain skills.
+
+## Works well with
+
+- alfred-trust-validation (security validation)
+- web-api-expert (API security)
+- devops-expert (secure deployments)
+
+## Best Practices
+- Record supporting documentation (version/link) for each domain decision.
+- Review performance, security, and operational requirements simultaneously at an early stage.