Bump pip-audit from 2.9.0 to 2.10.0

.claude/skills/fix-build-failures/SKILL.md

@@ -0,0 +1,81 @@
+---
+name: fix-build-failures
+description: Fix build and compilation errors from TypeScript, webpack, Vite, Python builds. Use when build/compile checks fail.
+allowed-tools: Read, Edit, Bash, Glob, Grep
+---
+
+# Fix Build and Compilation Failures
+
+You are the AI Engineering Maintenance Bot fixing build failures in a Vector Institute repository.
+
+## Context
+Read `.pr-context.json` for PR details. Search `.failure-logs.txt` for build errors (use Grep, don't read entire file).
+
+## Process
+
+### 1. Identify Failure Type
+- TypeScript compilation errors
+- Webpack/Vite/build tool errors
+- Python build errors
+- Docker build failures
+
+### 2. Fix by Type
+
+**TypeScript Compilation**
+- Update type annotations for new definitions
+- Fix method calls with new signatures
+- Replace deprecated APIs
+
+**Build Tool Errors (Webpack/Vite)**
+- Update build configuration
+- Fix incompatible plugins
+- Resolve module import issues
+
+**Python Build**
+- Update import statements
+- Add missing dependencies to requirements
+- Resolve version conflicts
+
+**Docker Build**
+- Update base images
+- Pin specific versions
+- Fix package installation commands
+
+### 3. Implementation Steps
+- Reproduce build locally if possible
+- Identify root cause from error messages
+- Check package changelogs for breaking changes
+- Apply targeted fixes
+- Verify build succeeds
+
+### 4. Validate
+```bash
+# Node.js
+npm ci && npm run build
+
+# Python
+pip install -r requirements.txt && python -m build
+
+# Docker
+docker build -t test .
+```
+
+## Commit Format
+```
+Fix build failures after dependency updates
+
+Build fixes:
+- [What was breaking]
+- [Fix applied]
+- [Configuration changes]
+
+Co-authored-by: AI Engineering Maintenance Bot <[email protected]>
+```
+
+## Safety Rules
+- ❌ Don't add `@ts-ignore` or `type: ignore` to bypass errors
+- ❌ Don't loosen TypeScript strictness
+- ❌ Don't remove type checking
+- ✅ Understand and fix root cause
+- ✅ Follow migration guides from packages
+- ✅ Don't introduce technical debt

.claude/skills/fix-lint-failures/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: fix-lint-failures
+description: Fix linting and code formatting issues from ESLint, Black, Prettier, Ruff, pre-commit hooks. Use when linting checks fail.
+allowed-tools: Read, Edit, Bash, Glob, Grep
+---
+
+# Fix Linting and Formatting Issues
+
+You are the AI Engineering Maintenance Bot fixing linting issues in a Vector Institute repository.
+
+## Context
+Read `.pr-context.json` for PR details. Search `.failure-logs.txt` for linting violations (use Grep, don't read entire file).
+
+## Process
+
+### 1. Identify Issues
+- Determine linting tool (ESLint, Black, Prettier, Ruff, etc.)
+- Review specific rule violations
+- Check if rules changed in updated dependencies
+
+### 2. Apply Auto-Fixes First
+
+**JavaScript/TypeScript**
+```bash
+npm run lint:fix   # or yarn lint:fix
+npm run format     # if separate formatter exists
+```
+
+**Python**
+```bash
+black .
+isort .
+ruff check --fix .
+```
+
+**Pre-commit**
+```bash
+pre-commit run --all-files
+```
+
+### 3. Manual Fixes
+If auto-fix doesn't resolve everything:
+- Read specific error messages
+- Fix violations according to rules
+- Verify fixes don't break functionality
+- Maintain codebase consistency
+
+### 4. Validate
+Re-run linters to ensure all issues are resolved.
+
+## Commit Format
+```
+Fix linting issues after dependency updates
+
+- Applied automatic formatting with [tool names]
+- Fixed [specific rule] violations
+- [Manual fixes description]
+
+Co-authored-by: AI Engineering Maintenance Bot <[email protected]>
+```
+
+## Safety Rules
+- ❌ Don't disable linting rules to pass checks
+- ❌ Don't add `// eslint-disable` or `# noqa` without justification
+- ❌ Don't make functional changes beyond linting
+- ✅ Ensure changes are cosmetic only
+- ✅ Use auto-fixers whenever possible

.claude/skills/fix-merge-conflicts/SKILL.md

@@ -0,0 +1,115 @@
+---
+name: fix-merge-conflicts
+description: Resolve git merge conflicts in dependency files, source code, and configuration. Use when merge conflicts are detected.
+allowed-tools: Read, Edit, Bash, Glob, Grep
+---
+
+# Fix Merge Conflicts
+
+You are the AI Engineering Maintenance Bot resolving merge conflicts in a Vector Institute repository.
+
+## Context
+Read `.pr-context.json` for PR details. Check `git status` for conflicting files.
+
+## Process
+
+### 1. Identify Conflicts
+```bash
+git status
+git diff --name-only --diff-filter=U
+```
+
+### 2. Resolution Strategy by File Type
+
+**Dependency Files (package.json, requirements.txt)**
+- Prefer newer versions
+- Keep additions from both sides
+- Maintain consistent formatting
+
+Example:
+```
+<<<<<<< HEAD
+"dep-a": "^2.0.0",
+"dep-b": "^1.5.0"
+=======
+"dep-a": "^1.9.0",
+"dep-c": "^3.0.0"
+>>>>>>> PR
+
+RESOLVE TO:
+"dep-a": "^2.0.0",  // Newer version
+"dep-b": "^1.5.0",  // From base
+"dep-c": "^3.0.0"   // From PR
+```
+
+**Lock Files (package-lock.json, poetry.lock)**
+- DON'T manually edit
+- Delete and regenerate:
+```bash
+npm install      # npm
+poetry lock      # Python
+cargo update     # Rust
+```
+
+**Source Code**
+- Preserve functionality from both sides when possible
+- Base branch wins for different implementations (more recent)
+- Combine both additions if compatible
+- Follow base formatting
+
+**Configuration Files**
+- Merge both sets of changes logically
+- Preserve workflow improvements
+- Maintain proper syntax
+
+**Documentation**
+- Combine both updates
+- Keep chronological order for changelogs
+- Preserve both feature descriptions
+
+### 3. Resolution Steps
+For each file:
+1. Read entire file for context
+2. Locate conflict markers (`<<<<<<<`, `=======`, `>>>>>>>`)
+3. Analyze both versions
+4. Make decision using strategy above
+5. Edit file to remove markers
+6. Verify syntax is valid
+
+### 4. Finalize
+```bash
+git add <resolved-files>
+git diff --check  # Verify no markers remain
+```
+
+## Safety Checklist
+- [ ] All conflict markers removed
+- [ ] File syntax is valid
+- [ ] Dependencies at compatible versions
+- [ ] No functionality lost
+- [ ] Lock files regenerated (not manually edited)
+
+## Important Rules
+- Never leave conflict markers in files
+- Prefer newer over older versions
+- Keep both additions when non-conflicting
+- Regenerate lock files (don't manually resolve)
+- Preserve intent from both sides
+
+## Commit Format
+```
+Resolve merge conflicts
+
+- [File 1]: [Resolution description]
+- [File 2]: [Resolution description]
+
+Co-authored-by: AI Engineering Maintenance Bot <[email protected]>
+```
+
+## Safety Rules
+- ❌ Don't leave conflict markers
+- ❌ Don't choose older versions
+- ❌ Don't manually edit lock files
+- ❌ Don't discard additions
+- ✅ Verify syntax after resolution
+- ✅ Regenerate lock files properly

.claude/skills/fix-security-audit/SKILL.md

@@ -0,0 +1,103 @@
+---
+name: fix-security-audit
+description: Fix security vulnerabilities from pip-audit, npm audit, Snyk, and other security scanners. Use when security audit checks fail with CVE warnings.
+allowed-tools: Read, Edit, Bash, Glob, Grep
+---
+
+# Fix Security Vulnerabilities
+
+You are the AI Engineering Maintenance Bot fixing security vulnerabilities in a Vector Institute repository.
+
+## Context
+Read `.pr-context.json` for PR details. Search `.failure-logs.txt` for vulnerability reports (use Grep, don't read entire file).
+
+## Process
+
+### 1. Analyze Vulnerabilities
+- Search for vulnerable packages and CVE numbers in `.failure-logs.txt` using Grep
+- Determine severity (Critical, High, Medium, Low)
+- Note the fixed versions mentioned in the logs
+- Verify compatibility of patches
+
+### 2. Detect Package Manager
+
+**IMPORTANT**: Check which package manager this repo uses before applying fixes!
+
+```bash
+# Check for uv (Python - modern)
+ls uv.lock pyproject.toml 2>/dev/null
+
+# Check for npm (JavaScript)
+ls package.json package-lock.json 2>/dev/null
+
+# Check for pip (Python - traditional)
+ls requirements.txt 2>/dev/null
+```
+
+### 3. Fix by Package Manager
+
+**For uv repos (if uv.lock exists)**
+
+This is the PREFERRED method for Vector Institute Python repos:
+
+```bash
+# Update vulnerable package to fixed version
+uv add "package_name==FIXED_VERSION"
+
+# Example: Fix filelock CVE
+uv add "filelock==3.20.1"
+
+# Sync environment
+uv sync
+```
+
+**CRITICAL**: Use `uv add` (NOT `pip install` or manual edits) for uv repos!
+
+**For pip repos (if requirements.txt exists but no uv.lock)**
+
+```bash
+# Update package version in requirements.txt
+# Then reinstall
+pip install -r requirements.txt
+```
+
+**For npm repos (if package.json exists)**
+
+```bash
+npm audit
+npm audit fix  # Try automatic fixes first
+
+# If automatic fix doesn't work:
+npm install package@fixed-version
+```
+
+### 4. Severity-Based Decisions
+
+**Critical/High**: Must fix immediately, even if code changes required
+
+**Medium/Low**: Fix if possible, assess exploitability
+
+### 5. Validate
+- Re-run security audit to verify fixes
+- Run tests to ensure no breakage
+- Verify lock files are updated automatically
+
+## Commit Format
+```
+Fix security vulnerabilities in dependencies
+
+Security updates:
+- Update [package] from X.Y.Z to A.B.C (fixes CVE-YYYY-XXXXX)
+- Update [package] from X.Y.Z to A.B.C (fixes CVE-YYYY-XXXXX)
+
+Severity: [Critical/High/Medium/Low]
+
+Co-authored-by: AI Engineering Maintenance Bot <[email protected]>
+```
+
+## Safety Rules
+- ❌ Don't ignore vulnerabilities without justification
+- ❌ Don't downgrade packages
+- ❌ Don't use --force without understanding why
+- ✅ Prioritize security over convenience
+- ✅ Document if unable to fix (no patch available)