feat: CRM Clinicas SaaS - MVP completo

- Auth: Login/Register con creacion de clinica - Dashboard: KPIs reales, graficas recharts - Pacientes: CRUD completo con busqueda - Agenda: FullCalendar, drag-and-drop, vista recepcion - Expediente: Notas SOAP, signos vitales, CIE-10 - Facturacion: Facturas con IVA, campos CFDI SAT - Inventario: Productos, stock, movimientos, alertas - Configuracion: Clinica, equipo, catalogo servicios - Supabase self-hosted: 18 tablas con RLS multi-tenant - Docker + Nginx para produccion Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-03 07:04:14 +00:00
commit 79b5d86325
1612 changed files with 109181 additions and 0 deletions
--- a/.claude/skills/v3-security-overhaul/SKILL.md
+++ b/.claude/skills/v3-security-overhaul/SKILL.md
@@ -0,0 +1,82 @@
+---
+name: "V3 Security Overhaul"
+description: "Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation."
+---
+
+# V3 Security Overhaul
+
+## What This Skill Does
+
+Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.
+
+## Quick Start
+
+```bash
+# Initialize V3 security domain (parallel)
+Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect")
+Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor")
+Task("Security testing", "Implement TDD London School security framework", "test-architect")
+```
+
+## Critical Security Fixes
+
+### CVE-1: Vulnerable Dependencies
+```bash
+npm update @anthropic-ai/claude-code@^2.0.31
+npm audit --audit-level high
+```
+
+### CVE-2: Weak Password Hashing
+```typescript
+// ❌ Old: SHA-256 with hardcoded salt
+const hash = crypto.createHash('sha256').update(password + salt).digest('hex');
+
+// ✅ New: bcrypt with 12 rounds
+import bcrypt from 'bcrypt';
+const hash = await bcrypt.hash(password, 12);
+```
+
+### CVE-3: Hardcoded Credentials
+```typescript
+// ✅ Generate secure random credentials
+const apiKey = crypto.randomBytes(32).toString('hex');
+```
+
+## Security Patterns
+
+### Input Validation (Zod)
+```typescript
+import { z } from 'zod';
+
+const TaskSchema = z.object({
+  taskId: z.string().uuid(),
+  content: z.string().max(10000),
+  agentType: z.enum(['security', 'core', 'integration'])
+});
+```
+
+### Path Sanitization
+```typescript
+function securePath(userPath: string, allowedPrefix: string): string {
+  const resolved = path.resolve(allowedPrefix, userPath);
+  if (!resolved.startsWith(path.resolve(allowedPrefix))) {
+    throw new SecurityError('Path traversal detected');
+  }
+  return resolved;
+}
+```
+
+### Safe Command Execution
+```typescript
+import { execFile } from 'child_process';
+
+// ✅ Safe: No shell interpretation
+const { stdout } = await execFile('git', [userInput], { shell: false });
+```
+
+## Success Metrics
+
+- **Security Score**: 90/100 (npm audit + custom scans)
+- **CVE Resolution**: 100% of critical vulnerabilities fixed
+- **Test Coverage**: >95% security-critical code
+- **Implementation**: All secure patterns documented and tested