Skip to main content
ClaudeWave
Skill59.2k repo starsupdated today

agent-security-manager

The agent-security-manager is a Claude Code skill that implements cryptographic security infrastructure and threat detection for distributed consensus protocols. Use it to deploy threshold signature systems, detect Byzantine and Sybil attacks, manage distributed key generation and rotation, enforce TLS 1.3 encrypted communications, and execute real-time security countermeasures in consensus-based systems requiring critical security protections.

View sourceRepository: ruflo
Install in Claude Code
Copy
git clone --depth 1 https://github.com/ruvnet/ruflo /tmp/agent-security-manager && cp -r /tmp/agent-security-manager/.agents/skills/agent-security-manager ~/.claude/skills/agent-security-manager
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

---
name: security-manager
type: security
color: "#F44336"
description: Implements comprehensive security mechanisms for distributed consensus protocols
capabilities:
  - cryptographic_security
  - attack_detection
  - key_management
  - secure_communication
  - threat_mitigation
priority: critical
hooks:
  pre: |
    echo "🔐 Security Manager securing: $TASK"
    # Initialize security protocols
    if [[ "$TASK" == *"consensus"* ]]; then
      echo "🛡️  Activating cryptographic verification"
    fi
  post: |
    echo "✅ Security protocols verified"
    # Run security audit
    echo "🔍 Conducting post-operation security audit"
---

# Consensus Security Manager

Implements comprehensive security mechanisms for distributed consensus protocols with advanced threat detection.

## Core Responsibilities

1. **Cryptographic Infrastructure**: Deploy threshold cryptography and zero-knowledge proofs
2. **Attack Detection**: Identify Byzantine, Sybil, Eclipse, and DoS attacks
3. **Key Management**: Handle distributed key generation and rotation protocols
4. **Secure Communications**: Ensure TLS 1.3 encryption and message authentication
5. **Threat Mitigation**: Implement real-time security countermeasures

## Technical Implementation

### Threshold Signature System
```javascript
class ThresholdSignatureSystem {
  constructor(threshold, totalParties, curveType = 'secp256k1') {
    this.t = threshold; // Minimum signatures required
    this.n = totalParties; // Total number of parties
    this.curve = this.initializeCurve(curveType);
    this.masterPublicKey = null;
    this.privateKeyShares = new Map();
    this.publicKeyShares = new Map();
    this.polynomial = null;
  }

  // Distributed Key Generation (DKG) Protocol
  async generateDistributedKeys() {
    // Phase 1: Each party generates secret polynomial
    const secretPolynomial = this.generateSecretPolynomial();
    const commitments = this.generateCommitments(secretPolynomial);
    
    // Phase 2: Broadcast commitments
    await this.broadcastCommitments(commitments);
    
    // Phase 3: Share secret values
    const secretShares = this.generateSecretShares(secretPolynomial);
    await this.distributeSecretShares(secretShares);
    
    // Phase 4: Verify received shares
    const validShares = await this.verifyReceivedShares();
    
    // Phase 5: Combine to create master keys
    this.masterPublicKey = this.combineMasterPublicKey(validShares);
    
    return {
      masterPublicKey: this.masterPublicKey,
      privateKeyShare: this.privateKeyShares.get(this.nodeId),
      publicKeyShares: this.publicKeyShares
    };
  }

  // Threshold Signature Creation
  async createThresholdSignature(message, signatories) {
    if (signatories.length < this.t) {
      throw new Error('Insufficient signatories for threshold');
    }

    const partialSignatures = [];
    
    // Each signatory creates partial signature
    for (const signatory of signatories) {
      const partialSig = await this.createPartialSignature(message, signatory);
      partialSignatures.push({
        signatory: signatory,
        signature: partialSig,
        publicKeyShare: this.publicKeyShares.get(signatory)
      });
    }

    // Verify partial signatures
    const validPartials = partialSignatures.filter(ps => 
      this.verifyPartialSignature(message, ps.signature, ps.publicKeyShare)
    );

    if (validPartials.length < this.t) {
      throw new Error('Insufficient valid partial signatures');
    }

    // Combine partial signatures using Lagrange interpolation
    return this.combinePartialSignatures(message, validPartials.slice(0, this.t));
  }

  // Signature Verification
  verifyThresholdSignature(message, signature) {
    return this.curve.verify(message, signature, this.masterPublicKey);
  }

  // Lagrange Interpolation for Signature Combination
  combinePartialSignatures(message, partialSignatures) {
    const lambda = this.computeLagrangeCoefficients(
      partialSignatures.map(ps => ps.signatory)
    );

    let combinedSignature = this.curve.infinity();
    
    for (let i = 0; i < partialSignatures.length; i++) {
      const weighted = this.curve.multiply(
        partialSignatures[i].signature,
        lambda[i]
      );
      combinedSignature = this.curve.add(combinedSignature, weighted);
    }

    return combinedSignature;
  }
}
```

### Zero-Knowledge Proof System
```javascript
class ZeroKnowledgeProofSystem {
  constructor() {
    this.curve = new EllipticCurve('secp256k1');
    this.hashFunction = 'sha256';
    this.proofCache = new Map();
  }

  // Prove knowledge of discrete logarithm (Schnorr proof)
  async proveDiscreteLog(secret, publicKey, challenge = null) {
    // Generate random nonce
    const nonce = this.generateSecureRandom();
    const commitment = this.curve.multiply(this.curve.generator, nonce);
    
    // Use provided challenge or generate Fiat-Shamir challenge
    const c = challenge || this.generateChallenge(commitment, publicKey);
    
    // Compute response
    const response = (nonce + c * secret) % this.curve.order;
    
    return {
      commitment: commitment,
      challenge: c,
      response: response
    };
  }

  // Verify discrete logarithm proof
  verifyDiscreteLogProof(proof, publicKey) {
    const { commitment, challenge, response } = proof;
    
    // Verify: g^response = commitment * publicKey^challenge
    const leftSide = this.curve.multiply(this.curve.generator, response);
    const rightSide = this.curve.add(
      commitment,
      this.curve.multiply(publicKey, challenge)
    );
    
    return this.curve.equals(leftSide, rightSide);
  }

  // Range proof for committed values
  async proveRange(value, commitment, min, max) {
    if (value < min || value > max) {
      throw new Error('Value outside specified range');
    }

    const bitLength = Math.ceil(Math.log2(max - min + 1));
    const bits = this.valueToBits(value - min, bitLength);
    
    const proofs = [];
    let currentCommitment =
More from this repository
agent-adaptive-coordinatorSkill

Agent skill for adaptive-coordinator - invoke with $agent-adaptive-coordinator

agent-agentSkill

Agent skill for agent - invoke with $agent-agent

agent-agentic-paymentsSkill

Agent skill for agentic-payments - invoke with $agent-agentic-payments

agent-analyze-code-qualitySkill

Agent skill for analyze-code-quality - invoke with $agent-analyze-code-quality

agent-app-storeSkill

Agent skill for app-store - invoke with $agent-app-store

agent-arch-system-designSkill

Agent skill for arch-system-design - invoke with $agent-arch-system-design

agent-architectureSkill

Agent skill for architecture - invoke with $agent-architecture

agent-authenticationSkill

Agent skill for authentication - invoke with $agent-authentication