@aegis-scan/skills 0.1.1 → 0.2.0

package/ATTRIBUTION.md

@@ -41,35 +41,86 @@ rule applies to any incoming updates — no stripping of upstream
 attribution, no removal of AEGIS-added headers, no paper-over of
 upstream format variance.
 
-## Defensive skills — AEGIS-native (skills-v0.2+)
+## Defensive skills — AEGIS-native
 
-Planned: AEGIS-authored defensive methodology skills mirrored from
-the `@aegis-wizard/cli` pattern library under MIT License. Source is
-AEGIS itself; this section will expand when the skills ship.
+All skills under `skills/defensive/aegis-native/` are AEGIS-original
+content under MIT License, mirroring patterns from `@aegis-wizard/cli`'s
+pattern library and remediation guidance for `@aegis-scan/cli` scanner
+findings.
 
-## MITRE-mapped skills — upstream cybersecurity framework-mapped source (skills-v0.2+)
+- **Source:** AEGIS-original
+- **License:** MIT (covered by the AEGIS top-level `LICENSE`)
+- **Skill count at first ship:** 3 (`rls-defense`, `tenant-isolation-defense`, `ssrf-defense`)
+- **First shipped:** post-v0.16.6 work-package WP-A2
 
-Planned: cherry-picked skills from
-[mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills)
-under Apache-2.0 with per-skill quality-audit plus MITRE ATT&CK /
-D3FEND / NIST CSF framework-mappings applied. Section populates when
-skills-v0.2 lands.
+## MITRE-mapped skills — AEGIS-native
 
-## Operations skills — TBD (skills-v0.3+)
+All skills under `skills/mitre-mapped/aegis-native/` are AEGIS-original
+content under MIT License, providing the cross-walk between AEGIS
+scanner findings and MITRE ATT&CK Enterprise / ATLAS / D3FEND / NIST
+CSF 2.0 / NIST AI RMF.
 
-Planned: incident-response, post-build-audit, verify-install-integrity
-modules. Source and attribution TBD.
+- **Source:** AEGIS-original
+- **License:** MIT (covered by the AEGIS top-level `LICENSE`)
+- **Skill count at first ship:** 3 (`mapping-overview`, `t1190-exploit-public-app`, `t1078-valid-accounts`)
+- **First shipped:** post-v0.16.6 work-package WP-A2
+
+The cross-walk references public MITRE frameworks. MITRE ATT&CK is
+copyright © The MITRE Corporation, distributed under their copyright
+statement at https://attack.mitre.org/resources/legal-and-branding/
+which permits factual cross-walk usage. The AEGIS skills do not
+re-distribute MITRE content; they reference public technique IDs and
+descriptions by ID (which are factual identifiers).
+
+## Operations skills — AEGIS-native
+
+All skills under `skills/ops/aegis-native/` are AEGIS-original
+operational runbooks under MIT License.
+
+- **Source:** AEGIS-original
+- **License:** MIT (covered by the AEGIS top-level `LICENSE`)
+- **Skill count at first ship:** 3 (`triage-finding`, `suppress-correctly`, `escalation-runbook`)
+- **First shipped:** post-v0.16.6 work-package WP-A2
+
+## Compliance skills — AEGIS-native
+
+All skills under `skills/compliance/aegis-native/` are AEGIS-original
+adversarial DE/EU compliance content under MIT License.
+
+- **Source:** AEGIS-original
+- **License:** MIT (covered by the AEGIS top-level `LICENSE`)
+- **Skill count at first ship:** 1 (`brutaler-anwalt`, multi-file with 11 supporting `references/*.md`)
+- **First shipped:** v0.2.0
+- **Content domain:** DE/EU compliance audit (DSGVO, DDG, TTDSG, UWG, NIS2, EU AI Act, branchenrecht, strafrecht-steuer). Three-persona self-verification (Hunter / Challenger / Synthesizer) is an AEGIS-original methodology pattern, not derived from upstream content. References cite German/EU statutes (`§`-paragraphs) and BGH/EuGH judgment-IDs (`Az.`) — these are factual legal identifiers, not copyrightable expression.
+
+## Future external sources
+
+The `skills/` tree is designed to grow across sources. Future
+candidates being evaluated for cherry-pick (per the maintainer's
+source-evaluation cycle):
+
+- [mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — Apache-2.0, 754 mixed offensive+defensive skills with MITRE/D3FEND/NIST framework-mappings.
+- [Eyadkelleh/awesome-claude-skills-security](https://github.com/Eyadkelleh/awesome-claude-skills-security) — security-pentesting curated list.
+- [VoltAgent/awesome-agent-skills](https://github.com/VoltAgent/awesome-agent-skills) — MIT, 1000+ mixed agent skills aggregator.
+
+Each future cherry-pick will land in a per-source subdirectory under
+the appropriate category (e.g., `defensive/anthropic-cybersec-pick/`)
+with attribution preserved per the same per-file `<!-- aegis-local: -->`
+header convention as the offensive `snailsploit-fork/` source.
 
 ## License compatibility
 
 AEGIS itself ships under MIT. Offensive skills ship under MIT (via
-upstream). Future cybersecurity-framework-mapped cherry-picks ship
-under Apache-2.0 (via upstream). Both licenses are permissive,
-commercially-redistributable, and require attribution preservation —
-which this file codifies. No license incompatibility.
+upstream). AEGIS-native defensive / mitre-mapped / ops / compliance
+skills ship under MIT (AEGIS-original). Future cybersecurity-framework-
+mapped cherry-picks would ship under Apache-2.0 (via upstream) when
+those land. All these licenses are permissive, commercially-
+redistributable, and require attribution preservation — which this
+file codifies. No license incompatibility.
 
 ## Changes to upstream
 
-See `CHANGELOG.md` for AEGIS-side version history. The only change
-to any forked `SKILL.md` at v0.1.0 is the prepended AEGIS-local HTML
-attribution header documented above.
+See `CHANGELOG.md` for AEGIS-side version history.
+
+- For `snailsploit-fork/` (offensive): the only change to any forked `SKILL.md` is the prepended AEGIS-local HTML attribution header documented above. Quarterly upstream-sync pulls additions and corrections.
+- For `aegis-native/` (defensive / mitre-mapped / ops / compliance): there is no upstream — content is AEGIS-authored. Each `SKILL.md` carries an `<!-- aegis-local: AEGIS-native skill, MIT-licensed; ... -->` header documenting the AEGIS-internal source pattern.

package/CHANGELOG.md

@@ -8,6 +8,49 @@ and quality-audit completion, not by a fixed schedule.
 
 ---
 
+## [Unreleased]
+
+---
+
+## [0.2.0] — 2026-04-27 — "four-category-population + compliance with brutaler-anwalt"
+
+### Added — four category populations (defensive / mitre-mapped / ops / compliance)
+
+Ten new AEGIS-native `SKILL.md` files (MIT) populate four previously-placeholder category directories:
+
+- **`skills/defensive/aegis-native/`** (3 skills) — `rls-defense`, `tenant-isolation-defense`, `ssrf-defense`. Mirror `@aegis-wizard/cli` patterns and provide remediation guidance for `@aegis-scan/cli` scanner findings (`rls-bypass-checker`, `tenant-isolation-checker`, `ssrf-checker`, `taint-analyzer`, `mass-assignment-checker`, `template-sql-checker`).
+- **`skills/mitre-mapped/aegis-native/`** (3 skills) — `mapping-overview`, `t1190-exploit-public-app`, `t1078-valid-accounts`. Cross-walk AEGIS findings to MITRE ATT&CK Enterprise + ATLAS + D3FEND + NIST CSF 2.0 + NIST AI RMF.
+- **`skills/ops/aegis-native/`** (3 skills) — `triage-finding`, `suppress-correctly`, `escalation-runbook`. Operational runbooks for the AEGIS workflow itself.
+- **`skills/compliance/aegis-native/`** (1 skill) — `brutaler-anwalt`. Adversarial DE/EU compliance auditor (DSGVO / DDG / TTDSG / UWG / NIS2 / EU AI Act / branchenrecht / strafrecht-steuer) with three-persona self-verification (Hunter / Challenger / Synthesizer). Slash-command activation via `/anwalt`. Multi-file: ships an 11-file `references/` sibling tree (~120 KB) covering `audit-patterns.md`, `dsgvo.md`, `it-recht.md`, `vertragsrecht.md`, `checklisten.md`, `branchenrecht.md`, `bgh-urteile.md`, `abmahn-templates.md`, `aegis-integration.md`, `international.md`, `strafrecht-steuer.md`. The `aegis-integration.md` reference defines the consume-AEGIS-scanner-output severity-mapping (critical → 🔴 KRITISCH ≥70%, high → 🟡 HOCH 40–70%, etc.) so the skill bridges AEGIS technical findings to the rechtliche Bewertungs-Layer.
+
+Total skills jumps from 37 to 47. All new content is MIT-AEGIS-original; no upstream-fork dependency. The `aegis-native/` source-namespace convention parallels the existing `snailsploit-fork/` for offensive skills, leaving room for future non-AEGIS sources (e.g., `defensive/anthropic-cybersec-pick/`) to slot in without layout churn.
+
+### Added — installer support for multi-file skills (`references/` siblings)
+
+`packages/skills/src/commands/install.ts` extended to copy any sibling `references/` directory next to a `SKILL.md` so multi-file skills stay self-consistent under the install target. The `brutaler-anwalt` skill is the first consumer; any future skill that ships supporting `.md` references inherits the same packaging treatment automatically. `--force` semantics extend naturally — references are overwritten alongside the SKILL.md they belong to. Markdown-only invariant intact (the new code only touches `.md` extensions).
+
+### Added — scrub-test coverage for `references/` siblings
+
+`__tests__/scrub.test.ts` gains a new describe-block (`scrub-clean — sibling references/ directories`) that iterates every SKILL.md, looks for a sibling `references/` dir, and runs the same FORBIDDEN-codename scan over each `.md` reference. Without this block, leaks in references would slip past source-side gates and only fail at the CI tarball-scrub step. Defense-in-depth: this catches them at unit-test time, source-side, before any push.
+
+### Updated
+
+- `skills/defensive/README.md`, `skills/mitre-mapped/README.md`, `skills/ops/README.md` — replace v0.2+ placeholder text with directory-of-shipped-content tables.
+- `ATTRIBUTION.md` — credit the AEGIS-native sources, document the MIT license terms, future-external-source candidate list expanded.
+- `README.md` (this package) — multi-source architecture diagram updated; per-category content tables replace the v0.1.0-only enumeration; new compliance row + brutaler-anwalt mention.
+- `__tests__/manifest.test.ts` — `EXPECTED_TOTAL` 46 → 47, `EXPECTED_CATEGORIES` add `compliance`, `EXPECTED_SOURCES_BY_CATEGORY[compliance]` add `aegis-native`, `EXPECTED_NAMES_BY_CATEGORY[compliance]` add `brutaler-anwalt`.
+
+### Validation
+
+- All 10 new SKILL.md files pass the markdown-only structural invariant.
+- All 10 new SKILL.md files pass the scrub-test (no internal-codename leaks).
+- All 11 brutaler-anwalt `references/*.md` pass the new sibling-references scrub-block.
+- All 3 updated category-README placeholders pass the future-category placeholder scrub-test.
+- `loadAllSkills()` auto-discovers the new content via the existing `<category>/<source>/<name>/SKILL.md` layout — no loader changes needed.
+- 405 / 405 tests pass post-addition (was 386).
+
+---
+
 ## [0.1.1] — 2026-04-23 — "ship-gate-caught-recovery"
 
 First published release. v0.1.0 was tagged but NEVER published to npm —

package/README.md

@@ -41,10 +41,11 @@ After `install` lands the skill files under `~/.claude/skills/user/aegis-skills/
 Claude Code auto-loads each `SKILL.md` based on its trigger-phrases
 whenever you invoke the agent with a relevant prompt.
 
-## What ships in v0.1.0
+## What ships
 
-Thirty-seven offensive-security SKILL.md files under
-`skills/offensive/snailsploit-fork/`, covering:
+### Offensive skills — `skills/offensive/snailsploit-fork/`
+
+Thirty-seven offensive-security `SKILL.md` files covering:
 
 - **Web application:** sqli · xss · ssrf · ssti · xxe · idor · file-upload
   · rce · deserialization · race-condition · request-smuggling ·
@@ -63,30 +64,77 @@ Thirty-seven offensive-security SKILL.md files under
 
 All forked from
 [SnailSploit/Claude-Red](https://github.com/SnailSploit/Claude-Red)
-under MIT License with attribution preserved per-file. See
-[`ATTRIBUTION.md`](./ATTRIBUTION.md) for the full credit chain.
+under MIT License with attribution preserved per-file.
+
+### Defensive skills — `skills/defensive/aegis-native/`
+
+Three AEGIS-native `SKILL.md` files (MIT) mirroring `@aegis-wizard/cli`
+patterns and providing remediation guidance for `@aegis-scan/cli`
+findings:
+
+- **`rls-defense`** — Supabase Row-Level Security hardening (covers `rls-bypass-checker` + `template-sql-checker` findings)
+- **`tenant-isolation-defense`** — multi-tenant SaaS isolation (covers `tenant-isolation-checker` + `mass-assignment-checker` findings)
+- **`ssrf-defense`** — SSRF defense including DNS-rebinding, IPv6, cloud metadata-endpoint protection (covers `ssrf-checker` + cross-file taint findings)
+
+### MITRE-mapped skills — `skills/mitre-mapped/aegis-native/`
+
+Three AEGIS-native `SKILL.md` files (MIT) cross-walking AEGIS findings
+to MITRE frameworks:
+
+- **`mapping-overview`** — top-level per-CWE → ATT&CK technique mapping plus tactic-level coverage summary; ATLAS overlay for AI/LLM threats; D3FEND defensive-countermeasure mapping; NIST CSF 2.0 + NIST AI RMF function-level alignment.
+- **`t1190-exploit-public-app`** — deep-dive on T1190 (the #1 Initial Access vector in Verizon DBIR 2024).
+- **`t1078-valid-accounts`** — deep-dive on T1078 (Valid Accounts) coverage via the AEGIS credential-protection scanner family.
+
+### Operations skills — `skills/ops/aegis-native/`
+
+Three AEGIS-native `SKILL.md` files (MIT) wrapping the AEGIS workflow
+in process-discipline:
+
+- **`triage-finding`** — operational runbook for triaging an AEGIS finding (severity → confidence → verify → fix-vs-suppress-vs-defer).
+- **`suppress-correctly`** — when suppression is appropriate, the structured-rationale syntax, anti-patterns, and audit-trail expectations.
+- **`escalation-runbook`** — what to do when a BLOCKER reaches main, when a finding suggests active exploitation, or when a credential leak is detected.
+
+### Compliance skills — `skills/compliance/aegis-native/`
+
+One AEGIS-native multi-file `SKILL.md` (MIT) for adversarial DE/EU
+compliance audits:
+
+- **`brutaler-anwalt`** — adversarial DE/EU compliance auditor (DSGVO / DDG / TTDSG / UWG / NIS2 / EU AI Act / branchenrecht / strafrecht-steuer) with three-persona self-verification (Hunter / Challenger / Synthesizer). Slash-command activation via `/anwalt`. Ships an 11-file `references/` sibling tree (~120 KB) with per-bereich rules, BGH/EuGH-judgment database, abmahn-templates, and an explicit AEGIS-scanner-output → rechtliche-Bewertung mapping. The installer auto-copies the references tree alongside the SKILL.md.
+
+### Attribution + license
+
+See [`ATTRIBUTION.md`](./ATTRIBUTION.md) for the full credit chain.
+Offensive skills are MIT-via-upstream-fork; defensive / mitre-mapped /
+ops / compliance skills are MIT-AEGIS-original.
 
 ## Multi-source architecture
 
 `@aegis-scan/skills` is designed to grow across sources without
-re-architecting the package. The `skills/` tree carries four
-category-directories from day one, three of which are placeholders
-for future content:
+re-architecting the package. The `skills/` tree carries five
+category-directories:
 
 ```
 skills/
-├── offensive/                    — populated in v0.1.0
-│   └── snailsploit-fork/
-│       └── 37 SKILL.md files
-├── defensive/                    — placeholder for skills-v0.2+
-├── mitre-mapped/                 — placeholder for skills-v0.2+
-└── ops/                          — placeholder for skills-v0.3+
+├── offensive/
+│   └── snailsploit-fork/         — 37 SKILL.md files (MIT, forked from SnailSploit/Claude-Red)
+├── defensive/
+│   └── aegis-native/             — 3 SKILL.md files (MIT, AEGIS-original)
+├── mitre-mapped/
+│   └── aegis-native/             — 3 SKILL.md files (MIT, AEGIS-original — ATT&CK / ATLAS / D3FEND / NIST cross-walk)
+├── ops/
+│   └── aegis-native/             — 3 SKILL.md files (MIT, AEGIS-original — triage / suppress / escalation runbooks)
+└── compliance/
+    └── aegis-native/             — 1 multi-file SKILL.md + 11-file references/ tree (MIT, AEGIS-original — adversarial DE/EU compliance auditor with three-persona self-verification)
 ```
 
-`aegis-skills list --category defensive` today returns an informative
-"coming in v0.2+" message rather than a missing-directory error. When
-future sources land, they slot into the existing tree and the manifest
-metadata expands without layout churn.
+Total: **47 skills** across **5 categories** and **2 source-namespaces**
+(`snailsploit-fork` for the offensive fork; `aegis-native` for the
+defensive / mitre-mapped / ops / compliance AEGIS-original content).
+
+When future external sources land, they slot into the existing tree
+under their own per-source subdirectory (e.g.,
+`defensive/anthropic-cybersec-pick/`) and the manifest metadata
+expands without layout churn.
 
 ## Structural invariant
 

package/dist/commands/install.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AA0BA,MAAM,WAAW,cAAc;IAC7B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,UAAU,CAAC,OAAO,GAAE,cAAmB,GAAG,MAAM,CA6D/D"}
+{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AA4BA,MAAM,WAAW,cAAc;IAC7B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,UAAU,CAAC,OAAO,GAAE,cAAmB,GAAG,MAAM,CA4E/D"}

package/dist/commands/install.js

@@ -15,7 +15,7 @@
  *   --dry-run     Print what would be copied without writing anything.
  */
 import { homedir } from 'node:os';
-import { existsSync, mkdirSync, readFileSync, writeFileSync, } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync, } from 'node:fs';
 import { dirname, join, resolve } from 'node:path';
 import { loadAllSkills } from '../skills-loader.js';
 export function runInstall(options = {}) {
@@ -61,6 +61,22 @@ export function runInstall(options = {}) {
             const content = readFileSync(skill.absolutePath, 'utf-8');
             writeFileSync(targetPath, content, 'utf-8');
             written += 1;
+            // Copy any sibling references/ directory so multi-file skills
+            // (e.g. compliance/aegis-native/brutaler-anwalt) keep their
+            // SKILL.md → references/*.md links intact under the target tree.
+            const sourceRefDir = join(dirname(skill.absolutePath), 'references');
+            if (existsSync(sourceRefDir) && statSync(sourceRefDir).isDirectory()) {
+                const targetRefDir = join(dirname(targetPath), 'references');
+                mkdirSync(targetRefDir, { recursive: true });
+                for (const entry of readdirSync(sourceRefDir)) {
+                    if (!entry.endsWith('.md'))
+                        continue;
+                    const refSrc = join(sourceRefDir, entry);
+                    const refDst = join(targetRefDir, entry);
+                    writeFileSync(refDst, readFileSync(refSrc, 'utf-8'), 'utf-8');
+                    written += 1;
+                }
+            }
         }
         catch (err) {
             console.error(`Error writing ${targetPath}: ${err.message}`);

package/dist/commands/install.js.map

@@ -1 +1 @@
-{"version":3,"file":"install.js","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAoB,MAAM,qBAAqB,CAAC;AAQtE,MAAM,UAAU,UAAU,CAAC,UAA0B,EAAE;IACrD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAEhD,IAAI,MAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,oEAAoE;IACpE,6CAA6C;IAC7C,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;QAClD,OAAO,CAAC,KAAK,CACX,UAAU,QAAQ,CAAC,MAAM,gCAAgC,UAAU,GAAG,CACvE,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;QAClF,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACzB,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;gBAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,MAAM,mBAAmB,UAAU,EAAE,CAAC,CAAC;QACrF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAC1D,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iBAAiB,UAAU,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACxE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,kBAAkB,UAAU,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AACtE,CAAC"}
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAoB,MAAM,qBAAqB,CAAC;AAQtE,MAAM,UAAU,UAAU,CAAC,UAA0B,EAAE;IACrD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAEhD,IAAI,MAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,oEAAoE;IACpE,6CAA6C;IAC7C,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;QAClD,OAAO,CAAC,KAAK,CACX,UAAU,QAAQ,CAAC,MAAM,gCAAgC,UAAU,GAAG,CACvE,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;QAClF,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACzB,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;gBAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,MAAM,mBAAmB,UAAU,EAAE,CAAC,CAAC;QACrF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAC1D,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC,CAAC;YACb,8DAA8D;YAC9D,4DAA4D;YAC5D,iEAAiE;YACjE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC,CAAC;YACrE,IAAI,UAAU,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBACrE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;gBAC7D,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAAE,SAAS;oBACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;oBACzC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;oBACzC,aAAa,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;oBAC9D,OAAO,IAAI,CAAC,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iBAAiB,UAAU,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACxE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,kBAAkB,UAAU,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B;IACpD,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AACtE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/skills",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
@@ -41,7 +41,8 @@
     "README.md",
     "LICENSE",
     "ATTRIBUTION.md",
-    "CHANGELOG.md"
+    "CHANGELOG.md",
+    "sbom.cdx.json"
   ],
   "type": "module",
   "bin": {

package/sbom.cdx.json

@@ -0,0 +1 @@
+{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:cb3f76d2-19cc-48cb-a481-51c8ceecb5d4","version":1,"metadata":{"timestamp":"2026-04-27T22:03:31Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.2.0","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.2.0","bom-ref":"pkg:npm/@aegis-scan/skills@0.2.0","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.2.0"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-04-27T22:03:31Z","text":"This Software Bill-of-Materials (SBOM) document was created on Monday, April 27, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.2.0'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}