From f5-core
Provides code patterns for infrastructure security: headers (Helmet.js CSP/CORS/HSTS), HTTPS/TLS, data encryption (AES-256-GCM), compliance (GDPR/PCI-DSS), secrets management (AWS/Vault).
npx claudepluginhub fujigo-software/f5-framework-claude --plugin f5-coreThis skill uses the workspace's default tool permissions.
Infrastructure security, headers, encryption, and compliance patterns.
Provides security defaults for auth and sessions, OWASP Top 10 prevention strategies, HIPAA PHI handling requirements, and SOC 2 trust principles.
Implements authentication (JWT, sessions, OAuth), authorization (RBAC), encryption, secrets management, CORS, rate limiting, and security hardening patterns for web apps.
Audits HTTP security headers like CSP, HSTS, X-Frame-Options; identifies permissive directives; generates secure policies for web apps on Next.js, Express, Nginx, Vercel.
Share bugs, ideas, or general feedback.
Infrastructure security, headers, encryption, and compliance patterns.
| Header | Purpose | Value |
|---|---|---|
| Content-Security-Policy | XSS prevention | Restrict sources |
| X-Frame-Options | Clickjacking | DENY |
| Strict-Transport-Security | Force HTTPS | max-age=31536000 |
| X-Content-Type-Options | MIME sniffing | nosniff |
| Referrer-Policy | Leak prevention | strict-origin |
import helmet from 'helmet';
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", "data:", "https:"],
objectSrc: ["'none'"],
frameAncestors: ["'none'"],
},
},
hsts: { maxAge: 31536000, includeSubDomains: true },
}));
import crypto from 'crypto';
function encrypt(plaintext: string, key: Buffer): EncryptedData {
const iv = crypto.randomBytes(12);
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
let ciphertext = cipher.update(plaintext, 'utf8', 'base64');
ciphertext += cipher.final('base64');
return {
ciphertext,
iv: iv.toString('base64'),
authTag: cipher.getAuthTag().toString('base64'),
};
}
function decrypt(data: EncryptedData, key: Buffer): string {
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
Buffer.from(data.iv, 'base64')
);
decipher.setAuthTag(Buffer.from(data.authTag, 'base64'));
let plaintext = decipher.update(data.ciphertext, 'base64', 'utf8');
plaintext += decipher.final('utf8');
return plaintext;
}
// Environment variables (basic)
const apiKey = process.env.API_KEY;
// AWS Secrets Manager
import { SecretsManager } from '@aws-sdk/client-secrets-manager';
const client = new SecretsManager({ region: 'us-east-1' });
const secret = await client.getSecretValue({ SecretId: 'my-secret' });
// HashiCorp Vault
import Vault from 'node-vault';
const vault = Vault({ endpoint: process.env.VAULT_ADDR });
const { data } = await vault.read('secret/data/myapp');
import cors from 'cors';
app.use(cors({
origin: ['https://app.example.com'],
methods: ['GET', 'POST', 'PUT', 'DELETE'],
allowedHeaders: ['Content-Type', 'Authorization'],
credentials: true,
maxAge: 86400,
}));
| Gate | Requirement |
|---|---|
| G4 | Security audit completed |
| G5 | Production hardening verified |
| G5 | Compliance checklist passed |