MCP HubMCP Hub
Volver a habilidades

shift-camouflage

pjt222
Actualizado 2 days ago
4 vistas
17
2
17
Ver en GitHub
Desarrolloapi

Acerca de

Esta habilidad permite APIs adaptables y polimórficas que presentan diferentes interfaces según el contexto del entorno, similar a cómo un calamar cambia su apariencia. Reduce las superficies de ataque y permite el uso de feature flags al alterar dinámicamente la capa superficial expuesta sin cambiar la lógica central. Úsela para comportamientos sensibles al contexto, despliegues progresivos y para ocultar patrones del sistema a diferentes observadores.

Instalación rápida

Claude Code

Recomendado
Principal
npx skills add pjt222/agent-almanac -a claude-code
Comando PluginAlternativo
/plugin add https://github.com/pjt222/agent-almanac
Git CloneAlternativo
git clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/shift-camouflage

Copia y pega este comando en Claude Code para instalar esta habilidad

Documentación

Shift Camouflage

Adaptive surface transform — polymorphic interfaces, context-aware behavior, dynamic presentation. Cuttlefish chromatophores. Surface adapts → env, core stable. Reduces attack surface + optimizes diverse observer interaction.

Use When

  • Diff interfaces → diff consumers (API ver, multi-tenant, role-based)
  • Reduce attack surface → expose only what observer needs
  • Feature flags, progressive rollout, A/B at interface
  • Adapt behavior → env context w/o core change
  • Protect internal arch from external coupling (observers couple surface, not structure)
  • Complement adapt-architecture when surface enough, deep transform unneeded

In

  • Required: System whose surface adapts
  • Required: Observers + diff interface needs
  • Optional: Current interface design + limits
  • Optional: Threat model (hide what from whom?)
  • Optional: Feature flag | progressive rollout infra
  • Optional: Perf constraints (dynamic surface gen has overhead)

Do

Step 1: Map Observer Landscape

Who interacts + what each needs to see.

  1. Catalog observers:
    • External (end users, API consumers, partners)
    • Internal services (microservices, bg jobs, admin tools)
    • Adversaries (attackers, scrapers, competitors)
    • Regulators (auditors, compliance)
  2. Per observer:
    • Need to see (req surface)
    • Should not see (hidden)
    • Expect to see (compat surface — may differ from need)
    • How interact (protocol, freq, sensitivity)
  3. Build observer-surface matrix:
Observer-Surface Matrix:
┌──────────────┬────────────────────────┬─────────────────┬──────────────┐
│ Observer     │ Required Surface       │ Hidden Surface  │ Threat Level │
├──────────────┼────────────────────────┼─────────────────┼──────────────┤
│ End users    │ Public API v2, UI      │ Internal APIs,  │ Low          │
│              │                        │ admin endpoints │              │
├──────────────┼────────────────────────┼─────────────────┼──────────────┤
│ Partner API  │ Partner API, webhooks  │ Internal logic, │ Medium       │
│              │                        │ user data       │              │
├──────────────┼────────────────────────┼─────────────────┼──────────────┤
│ Admin tools  │ Full API, debug        │ Raw data store  │ Low          │
│              │ endpoints              │ access          │              │
├──────────────┼────────────────────────┼─────────────────┼──────────────┤
│ Adversaries  │ Nothing (minimal)      │ Everything      │ High         │
│              │                        │ possible        │              │
└──────────────┴────────────────────────┴─────────────────┴──────────────┘

Got: Complete observer landscape w/ surface reqs. Drives all camouflage design.

If err: Incomplete obs ID → start two extremes (most privileged: admin; most restricted: adversary). Design surfaces, interpolate between.

Step 2: Design Chromatophore Mapping

Map observer context → surface presentation. "Chromatophore" layer.

  1. Context signals:
    • Auth identity → privilege
    • Origin → geo, network, app
    • Feature flags → enable/disable
    • Time/phase → deploy stage, biz hours, maint
    • Load/health → degraded mode → reduced surface
  2. Surface gen rules. Per context combo, elements are:
    • Visible: in res/interface
    • Hidden: excluded entirely (errs reveal nothing)
    • Transformed: present but modified for observer (diff schema, simpler data)
    • Decoy: deliberately misleading for adversarial contexts
  3. Implement chromatophore layer:
    • Thin middleware/proxy between core + observers
    • Eval context signals each req
    • Apply surface config
    • Never modify core behavior — only filter + transform surface
Chromatophore Architecture:
┌──────────────────────────────────────────────────────┐
│ Observer Request                                      │
│        │                                              │
│        ↓                                              │
│ ┌─────────────────┐                                   │
│ │ Context Extract  │ ← Auth, origin, flags, time      │
│ └────────┬────────┘                                   │
│          ↓                                            │
│ ┌─────────────────┐                                   │
│ │ Surface Select   │ ← Observer-surface matrix lookup  │
│ └────────┬────────┘                                   │
│          ↓                                            │
│ ┌─────────────────┐                                   │
│ │ Core System      │ ← Processes request normally      │
│ └────────┬────────┘                                   │
│          ↓                                            │
│ ┌─────────────────┐                                   │
│ │ Surface Filter   │ ← Remove/transform/add elements   │
│ └────────┬────────┘                                   │
│          ↓                                            │
│ Observer Response (adapted surface)                    │
└──────────────────────────────────────────────────────┘

Got: Mapping translates observer context → surface config. Explicit, auditable, separate from core.

If err: Too complex → simplify to role-based: 3-5 profiles (public, partner, admin, internal, minimal). Map every observer → one.

Step 3: Behavioral Polymorphism

Behavior adapts to context, not just surface.

  1. Context-dep behaviors:
    • Res detail (verbose admin, minimal public)
    • Rate limit (generous partners, strict unknown)
    • Err msgs (detail internal, generic external)
    • Data freshness (real-time premium, cached std)
    • Feature avail (full beta, stable-only general)
  2. Variants:
    • Each = complete tested path
    • Context → which variant runs
    • Variants share core, differ in presentation + policy
  3. Feature flag integration:
    • Flags control active variants
    • Progressive rollout: % of observers, increase over time
    • Circuit breakers: auto-revert safe behavior on err

Got: Behavior adapts → context. Same core → appropriate res for diff audiences. Flags → progressive rollout.

If err: Too many code paths → consolidate pipeline: core → policy layer → presentation layer. Polymorphism in policy + presentation only, core singular.

Step 4: Reduce Attack Surface

Minimize what adversaries observe + interact w/.

  1. Least surface:
    • Each observer sees only what needed
    • Unauth observers see min possible
    • Errs never leak internals (no stack traces, paths, vers)
  2. Active reduction:
    • Remove default pages, headers, endpoints revealing tech stack
    • Randomize non-essential res chars (timing jitter, header order)
    • Disable unused endpoints entirely (off, not hidden)
  3. Pattern disruption:
    • Vary res chars → defeat fingerprint
    • Controlled unpredictability in non-functional aspects
    • Functional behavior deterministic, surface chars vary
  4. Recon monitoring:
    • Detect req patterns probing hidden surface (enum attacks)
    • Alert repeated access to nonexistent endpoints (path fuzz)
    • Track + correlate recon across sessions (see defend-colony)

Got: Min attack surface. Adversaries can't ID stack, internals, hidden caps. Recon detected + tracked.

If err: Reduction breaks legit consumers → matrix incomplete. Review Step 1, update. Randomization issues → reduce to non-functional only (timing, headers), keep functional res deterministic.

Step 5: Surface Coherence

Dynamic surface stays consistent, debuggable, maintainable.

  1. Testing:
    • Each profile explicit (admin sees admin? public sees public?)
    • Transitions (context changes mid-session?)
    • Failure modes (chromatophore layer fails → what surface?)
  2. Docs:
    • Each profile + config
    • Context signals + effects
    • Sync w/ actual behavior (test docs vs reality)
  3. Debug:
    • Admin/debug mode → which profile active + why
    • Logs → which config applied per req
    • Replay req through specific profile
  4. Evolution:
    • Add: appropriate profiles, test, deploy
    • Remove: deprecation warning, then remove
    • Change: flag controlled, progressive rollout

Got: Maintainable, testable, documented system. Dynamic ≠ undebuggable.

If err: Debug nightmare → add transparency: trace header (admin/debug only) → which profile applied + which signals decided.

Check

  • Observer landscape mapped w/ surface reqs
  • Chromatophore translates context → surface config
  • Behavioral polymorphism adapts to context
  • Attack surface min for adversaries
  • Each profile explicit tested
  • Failure mode → safe default (minimal)
  • Debug/admin can inspect active config
  • Docs match behavior

Traps

  • Complexity explosion: Too many profiles + variations. Max 3-5 profiles.
  • Core contamination: Surface logic leaks into core. Chromatophore = separate. If-statements about observer type in core code → arch wrong.
  • Obscurity alone: Surface reduction = defense-in-depth, not auth/authz replacement. Hidden endpoint still needs authn+authz.
  • Inconsistent surfaces: A sees v1, B sees v2, supposed same. Test explicit, matrix authoritative.
  • Failure surface: Chromatophore fails → what does observer see? Default must be safe (minimal), not open (full).

  • assess-form — surface adaptation may resolve form pressure w/o deep transform
  • adapt-architecture — deep structural change when surface insufficient
  • repair-damage — surface can mask damage during repair (caution — don't hide real probs)
  • defend-colony — attack surface reduction = defense layer
  • coordinate-swarm — context-aware in distributed needs coordinated surface
  • configure-api-gateway — API gateways implement chromatophore in practice
  • deploy-to-kubernetes — k8s svc + ingress enable network-level surface control

Repositorio GitHub

pjt222/agent-almanac
Ruta: i18n/caveman-ultra/skills/shift-camouflage
0
agentsagentskillsai-assisted-developmentclaude-codeskillsteams

Habilidades relacionadas

qmd

Desarrollo

qmd es una herramienta CLI de búsqueda e indexación local que permite a los desarrolladores indexar y buscar en archivos locales mediante búsqueda híbrida que combina BM25, embeddings vectoriales y reranking. Es compatible tanto con uso desde la línea de comandos como con modo MCP (Model Context Protocol) para integración con Claude. La herramienta utiliza Ollama para los embeddings y almacena los índices localmente, lo que la hace ideal para buscar documentación o bases de código directamente desde la terminal.

Ver habilidad

subagent-driven-development

Desarrollo

Esta habilidad ejecuta planes de implementación asignando un nuevo subagente para cada tarea independiente, con revisión de código entre tareas. Permite una iteración rápida mientras mantiene controles de calidad a través de este proceso de revisión. Úsala cuando trabajes en tareas mayormente independientes dentro de la misma sesión para garantizar un progreso continuo con verificaciones de calidad integradas.

Ver habilidad

mcporter

Desarrollo

La habilidad mcporter permite a los desarrolladores gestionar y llamar servidores del Protocolo de Contexto de Modelo (MCP) directamente desde Claude. Proporciona comandos para listar servidores disponibles, llamar a sus herramientas con argumentos, y manejar la autenticación y el ciclo de vida del daemon. Utiliza esta habilidad para integrar y probar la funcionalidad de servidores MCP en tu flujo de trabajo de desarrollo.

Ver habilidad

adk-deployment-specialist

Desarrollo

Esta habilidad despliega y orquesta agentes Vertex AI ADK utilizando el protocolo A2A, gestionando el descubrimiento de AgentCard, el envío de tareas y soportando herramientas como el Sandbox de Ejecución de Código y el Banco de Memoria. Permite construir sistemas multiagente con patrones de orquestación secuencial, paralela o en bucle en Python, Java o Go. Úsela cuando se le solicite desplegar agentes ADK u orquestar flujos de trabajo de agentes en Google Cloud.

Ver habilidad