add brain

2026-03-12 15:17:52 +07:00
parent fd9f558fa1
commit e7821a7a9d
355 changed files with 93784 additions and 24 deletions
--- a/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_license_report.txt
+++ b/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_license_report.txt
@@ -0,0 +1,37 @@
+============================================================
+LICENSE COMPLIANCE REPORT
+============================================================
+Analysis Date: 2024-02-16T15:30:00.000Z
+Project: /example/sample-web-app
+Project License: MIT
+
+SUMMARY:
+  Total Dependencies: 23
+  Compliance Score: 92.5/100
+  Overall Risk: LOW
+  License Conflicts: 0
+
+LICENSE DISTRIBUTION:
+  Permissive: 21
+  Copyleft_weak: 1
+  Copyleft_strong: 0
+  Proprietary: 0
+  Unknown: 1
+
+RISK BREAKDOWN:
+  Low: 21
+  Medium: 1
+  High: 0
+  Critical: 1
+
+HIGH-RISK DEPENDENCIES:
+------------------------------
+  moment v2.29.4: Unknown (CRITICAL)
+
+RECOMMENDATIONS:
+--------------------
+1. Investigate and clarify licenses for 1 dependencies with unknown licensing
+2. Overall compliance score is high - maintain current practices
+3. Consider updating moment.js which has been deprecated by maintainers
+
+============================================================
--- a/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_upgrade_plan.txt
+++ b/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_upgrade_plan.txt
@@ -0,0 +1,59 @@
+============================================================
+DEPENDENCY UPGRADE PLAN
+============================================================
+Generated: 2024-02-16T15:30:00.000Z
+Timeline: 90 days
+
+UPGRADE SUMMARY:
+  Total Upgrades Available: 12
+  Security Updates: 2
+  Major Version Updates: 3
+  High Risk Updates: 2
+
+RISK ASSESSMENT:
+  Overall Risk Level: MEDIUM
+  Key Risk Factors:
+    • 2 critical risk upgrades requiring careful planning
+    • Core framework upgrades: ['express', 'webpack', 'eslint']
+    • 1 major version upgrades with potential breaking changes
+
+TOP PRIORITY UPGRADES:
+------------------------------
+🔒 lodash: 4.17.20 → 4.17.21 🔒
+   Type: Patch | Risk: Low | Priority: 95.0
+   Security: CVE-2021-23337: Prototype pollution vulnerability
+
+🟡 express: 4.18.1 → 4.18.2
+   Type: Patch | Risk: Low | Priority: 85.0
+
+🟡 webpack: 5.82.1 → 5.88.0
+   Type: Minor | Risk: Medium | Priority: 75.0
+
+🔴 eslint: 8.40.0 → 9.0.0
+   Type: Major | Risk: High | Priority: 65.0
+
+🟢 cors: 2.8.5 → 2.8.7
+   Type: Patch | Risk: Safe | Priority: 80.0
+
+PHASED UPGRADE PLANS:
+------------------------------
+Phase 1: Security & Safe Updates (30 days)
+  Dependencies: lodash, cors, helmet, dotenv, bcrypt
+  Key Steps: Create feature branch; Update dependency versions in manifest files; Run dependency install/update commands
+
+Phase 2: Regular Updates (36 days)
+  Dependencies: express, axios, winston, multer
+  Key Steps: Create feature branch; Update dependency versions in manifest files; Run dependency install/update commands
+
+Phase 3: Major Updates (30 days)
+  Dependencies: webpack, eslint, jest
+  ... and 2 more
+  Key Steps: Create feature branch; Update dependency versions in manifest files; Run dependency install/update commands
+
+RECOMMENDATIONS:
+--------------------
+1. URGENT: 2 security updates available - prioritize immediately
+2. Quick wins: 6 safe updates can be applied with minimal risk
+3. Plan carefully: 2 high-risk upgrades need thorough testing
+
+============================================================
--- a/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_vulnerability_report.json
+++ b/.brain/.agent/skills/engineering-advanced-skills/dependency-auditor/expected_outputs/sample_vulnerability_report.json
@@ -0,0 +1,71 @@
+{
+  "timestamp": "2024-02-16T15:30:00.000Z",
+  "project_path": "/example/sample-web-app",
+  "dependencies": [
+    {
+      "name": "lodash",
+      "version": "4.17.20",
+      "ecosystem": "npm",
+      "direct": true,
+      "license": "MIT",
+      "vulnerabilities": [
+        {
+          "id": "CVE-2021-23337",
+          "summary": "Prototype pollution in lodash",
+          "severity": "HIGH",
+          "cvss_score": 7.2,
+          "affected_versions": "<4.17.21",
+          "fixed_version": "4.17.21",
+          "published_date": "2021-02-15",
+          "references": [
+            "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "axios",
+      "version": "1.5.0",
+      "ecosystem": "npm",
+      "direct": true,
+      "license": "MIT",
+      "vulnerabilities": []
+    },
+    {
+      "name": "express",
+      "version": "4.18.1",
+      "ecosystem": "npm",
+      "direct": true,
+      "license": "MIT",
+      "vulnerabilities": []
+    },
+    {
+      "name": "jsonwebtoken",
+      "version": "8.5.1",
+      "ecosystem": "npm",
+      "direct": true,
+      "license": "MIT",
+      "vulnerabilities": []
+    }
+  ],
+  "vulnerabilities_found": 1,
+  "high_severity_count": 1,
+  "medium_severity_count": 0,
+  "low_severity_count": 0,
+  "ecosystems": ["npm"],
+  "scan_summary": {
+    "total_dependencies": 4,
+    "unique_dependencies": 4,
+    "ecosystems_found": 1,
+    "vulnerable_dependencies": 1,
+    "vulnerability_breakdown": {
+      "high": 1,
+      "medium": 0,
+      "low": 0
+    }
+  },
+  "recommendations": [
+    "URGENT: Address 1 high-severity vulnerabilities immediately",
+    "Update lodash from 4.17.20 to 4.17.21 to fix CVE-2021-23337"
+  ]
+}