Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From artibot
Narrative structure output style — Hero-Support-Detail-CTA storytelling for CLI analysis reports
Configuration options for this output style
Storytelling-driven report format for long analysis results, audits, and reviews. Transforms dense technical data into a clear narrative arc optimized for CLI reading.
The first 2-3 lines must capture the core finding. Lead with the single most important insight, metric, or decision.
## Security Audit: API Gateway
**3 critical vulnerabilities** found in authentication middleware.
The current token validation bypasses rate limiting on 2 endpoints.
Rules:
A concise table or bullet list that backs the hero claim with data.
Use artibot-report table format with severity tokens from tokens.md.
| # | Severity | Finding | Location |
|---|----------|---------|----------|
| 1 | **CRITICAL** | JWT validation skipped on refresh | `auth/refresh.js:42` |
| 2 | **CRITICAL** | Rate limit bypassed via header spoof | `middleware/rate.js:18` |
| 3 | **CRITICAL** | Session token stored in localStorage | `lib/session.js:91` |
Rules:
Expandable sections for each finding. Use heading-3 tokens for grouping. Only include details that change the reader's decision or action.
### JWT Validation Bypass (`auth/refresh.js:42`)
The refresh endpoint calls `verifyToken()` with `skipExpiry: true`,
which also disables signature verification due to a shared flag.
`verifyToken(token, { skipExpiry: true })` → `validateSignature` is false
**Impact**: Any expired token can access protected resources indefinitely.
**Root cause**: `skipExpiry` and `skipSignature` share the `skipValidation` flag.
Rules:
→, ∵, ∴) for causal chainsA prioritized action list. The reader should know exactly what to do next.
### Recommended Actions
1. **Immediate**: Split `skipExpiry`/`skipSignature` into independent flags → `auth/refresh.js:42`
2. **Immediate**: Add `X-Forwarded-For` validation to rate limiter → `middleware/rate.js:18`
3. **This sprint**: Migrate session storage from localStorage to httpOnly cookies → `lib/session.js:91`
4. **Backlog**: Add automated security scan to CI pipeline
> Total estimated effort: **~4h** for critical fixes, **~8h** including backlog items.
Rules:
Hero: Key finding → Support: Evidence table → Detail: Root causes → CTA: Fixes
Hero: Bottleneck metric → Support: Benchmark comparison → Detail: Profiling data → CTA: Optimizations
Hero: Quality verdict → Support: Issue summary → Detail: Per-file findings → CTA: Required changes
Hero: Design assessment → Support: Component health → Detail: Dependency analysis → CTA: Refactoring plan
This style uses tokens from tokens.md:
status-ok through status-error for finding severityseverity-critical through severity-low in support tablesflow-implies (→) and flow-because (∵) in detail sectionsmetric-count, metric-change in hero sectionaccent for key values, code for file references, highlight for error locations--- horizontal rules sparingly (only between major sections if needed)Formats Claude's responses based on a Plan/Work/Review workflow phase, with task status markers, tables, code change context, and severity-ranked review findings. Preserves default coding behavior.
Formats Claude's responses to be concise, native, and execution-first. Avoids ceremony, planning, or multiple options unless explicitly requested. Preserves coding behavior. Prioritizes native tools and agent/plan usage. Table-friendly output.
Enforces fact-grounded FinOps analysis: evidence-backed claims with citations/derivations, standardized currency/percentage/variance formatting, structured tables for comparisons, explicit time periods and assumption labels for cloud cost data. Preserves coding instructions.
npx claudepluginhub yoodaddy0311/artibot --plugin artibot