@aegis-scan/skills 0.2.0 → 0.4.0

package/ATTRIBUTION.md

@@ -93,10 +93,66 @@ adversarial DE/EU compliance content under MIT License.
 - **First shipped:** v0.2.0
 - **Content domain:** DE/EU compliance audit (DSGVO, DDG, TTDSG, UWG, NIS2, EU AI Act, branchenrecht, strafrecht-steuer). Three-persona self-verification (Hunter / Challenger / Synthesizer) is an AEGIS-original methodology pattern, not derived from upstream content. References cite German/EU statutes (`§`-paragraphs) and BGH/EuGH judgment-IDs (`Az.`) — these are factual legal identifiers, not copyrightable expression.
 
-## Future external sources
-
-The `skills/` tree is designed to grow across sources. Future
-candidates being evaluated for cherry-pick (per the maintainer's
+## Required external skills (mandatory complement, not forked)
+
+Some upstream skill packages are higher-value when consumed
+**directly from the upstream maintainer** rather than forked into
+this tree. AEGIS treats them as **mandatory complements** —
+required for full Supabase / Postgres coverage when working on a
+project that uses those technologies — but installed via the
+upstream's own distribution channel rather than re-shipped here.
+
+This avoids:
+
+- License-attribution drift across forks
+- Stale upstream versions when the maintainer ships fixes
+- Duplicate maintenance burden when the upstream package is the
+  single source of truth
+
+### `supabase/agent-skills` — Postgres + Supabase development best-practices
+
+- **Upstream:** https://github.com/supabase/agent-skills
+- **License:** MIT
+- **Skills shipped:** `supabase` (comprehensive Supabase dev skill — Auth, Edge Functions, Realtime, Storage, MCP, CLI, schema-change workflow) + `supabase-postgres-best-practices` (8-category Postgres performance guide with 30+ reference files: query, conn, security, schema, lock, data, monitor, advanced).
+- **Installation (mandatory when working on this repo):**
+
+  ```bash
+  npx skills add supabase/agent-skills -g -y
+  ```
+
+  Installs both skills globally to `~/.agents/skills/` and
+  symlinks them into `~/.claude/skills/` for Claude Code
+  auto-discovery. Compatible with 18+ AI agents (Claude Code,
+  Cursor, GitHub Copilot, Cline, etc.) — universal Agent Skills
+  Open Standard format.
+
+- **Why mandatory and not forked:** the AEGIS skills package
+  covers the **security layer** (RLS-bypass remediation,
+  tenant-isolation, IDOR-defense, scanner-finding mapping). The
+  upstream Supabase skills cover the **dev-productivity layer**
+  (CLI commands, migration workflow, MCP server config, query
+  performance optimization, indexing patterns, connection
+  pooling, JSONB indexing, full-text search, etc.). The two are
+  complementary and non-overlapping — see the cross-reference
+  blocks at the bottom of `skills/defensive/aegis-native/rls-defense/SKILL.md`
+  and `skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md`.
+
+- **Why not cherry-pick into AEGIS:** Supabase ships frequent
+  updates to its own skills (core principles, CLI gotchas, MCP
+  troubleshooting steps change between Supabase CLI versions).
+  Forking would freeze the AEGIS copy at a fork-SHA and require
+  quarterly upstream-sync work for content the AEGIS team has
+  no special insight into. Routing users to the upstream package
+  ensures they always pull the freshest Supabase-team-maintained
+  guidance.
+
+## Future external cherry-pick candidates
+
+The `skills/` tree is also designed to grow across sources via
+**fork-mode** (the same pattern as `skills/offensive/snailsploit-fork/`)
+when the content is security-domain and benefits from AEGIS-side
+sanitization, scanner-mapping headers, or quarterly review.
+Candidates being evaluated for cherry-pick (per the maintainer's
 source-evaluation cycle):
 
 - [mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — Apache-2.0, 754 mixed offensive+defensive skills with MITRE/D3FEND/NIST framework-mappings.

package/CHANGELOG.md

@@ -10,6 +10,84 @@ and quality-audit completion, not by a fixed schedule.
 
 ## [Unreleased]
 
+### Added
+
+- **External-skills mandate-without-fork integration** with [supabase/agent-skills](https://github.com/supabase/agent-skills) (MIT). Two upstream skills (`supabase` + `supabase-postgres-best-practices`) are now declared **mandatory complements** to the AEGIS-native security layer for any project using Supabase or Postgres. Installation via the upstream's own distribution channel (`npx skills add supabase/agent-skills -g -y`) — not re-shipped here. Rationale: upstream is actively maintained by the Supabase team with frequent updates the AEGIS team has no special insight into, so fork-mode would freeze content at a fork-SHA + create unnecessary quarterly upstream-sync work for content that benefits from staying current.
+  - `ATTRIBUTION.md` — new "Required external skills (mandatory complement, not forked)" section documenting the rationale, install command, and license-compatibility chain.
+  - `README.md` — new "Required external skills (mandatory complement, not forked)" section under "What ships" with explicit install instructions and the cross-reference map.
+  - `skills/defensive/aegis-native/rls-defense/SKILL.md` — new "Complementary external skill (mandatory)" section pointing to upstream `security-rls-basics.md`, `security-rls-performance.md`, and `security-privileges.md` reference files.
+  - `skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md` — new "Complementary external skill (mandatory)" section pointing to upstream `supabase` and `supabase-postgres-best-practices` skills.
+  - AEGIS repository root — new `AGENTS.md` documents the repo-wide mandate for AI coding-agents working in this repo and the layer-split between AEGIS-native security and upstream Supabase dev/perf coverage.
+
+This establishes a second integration-pattern alongside the existing fork-mode (used by `skills/offensive/snailsploit-fork/`): mandate-without-fork. Future external sources will pick per-source based on stability and maintenance-economics.
+
+---
+
+## [0.4.0] — 2026-04-28 — "Full foundation cluster (Phase 2 of AEGIS Agent Foundation)"
+
+### Added — 5 new foundation skills
+
+The remaining 5 of 8 foundation skills land in this minor, completing the v0.4.0 foundation cluster started in v0.3.0 (which shipped orchestrator + handover-writer + quality-gates).
+
+- **`aegis-customer-build`** (multi-file, `model: opus`) — library-engine-driven autonomous customer-website builder. Ingests a configurator-output briefing.md, runs Pre-Build-Validation + 7 phases (Recon / Architecture / Component-Build / Content / Integration / Mid-Audit / Final-Verify) + Post-Build status-report. Multi-agent orchestration via subagent-dispatch (Master + Research + Executor + Strategist). Hits production-bar 994/S/FORTRESS + Lighthouse 98+ + briefing-coverage 100% or returns INCOMPLETE-Status. SKILL.md + 7 phase-references (`phase-1-recon` through `phase-7-final-verify` covering briefing-parser-checklist, architecture-decisions, component-build pattern, copy/SEO/Schema, API-route + DSGVO-form pattern, mid-audit repair-loop, 9-gate final-verify + briefing-coverage). validate 17/18 (1 advisory warning on 7 intentional phases).
+- **`aegis-module-builder`** (single-file, `model: sonnet`) — Generic feature-dev workflow with TDD-first discipline. Six-phase pipeline: Plan / Test (red) / Implement (green) / Verify (gates 1-4) / Polish / Commit. Wraps DB-migration + API-route (secureApiRoute + Zod-strict + requireRole) + Service-Layer + UI-Component + Tests + Optimistic-Updates. References `superpowers:test-driven-development` for TDD-mechanics. validate 16/18 (intentional 6-phase + intentional single-file design).
+- **`aegis-audit`** (multi-file, `model: opus`) — 8-Layer paranoid-audit skill. Layers: HTTP-Headers / HTML-Live-Probe / Impressum / DSE / Cookie+Consent / Branche-Specific / Code-Cross-Check / Schadens-Diagnose. Runs against built customer-site, live URL, or local repo. Output 4-section format (Schadens-Diagnose / Findings-Tabelle / Anwalts-Anhang / Abmahn-Simulation) with €-range estimates per industry × visibility × competitor formula. SKILL.md + 8 layer-references (`layer-1-headers` through `layer-8-schadens-diagnose`). Cross-checks with brutaler-anwalt at shared layers (Impressum / DSE / Cookie). validate 16/17 (1 advisory).
+- **`aegis-skill-creator`** (multi-file, `model: opus`) — Meta-skill that builds new skills via SkillForge methodology (tripleyak/SkillForge MIT) + AEGIS HARD-CONSTRAINT-format. Five-phase pipeline: Triage (USE_EXISTING / IMPROVE / CREATE_NEW / COMPOSE) / Scaffold (init_skill.py-style) / Iterate (11-Lens-Analysis) / Validate (auto-iterate to 16/17+) / Commit. SKILL.md + 2 references (`skillforge-methodology.md` with attribution + `hard-constraint-template.md` per-skill-type templates: orchestrator / builder / auditor / writer / verifier / meta). validate 17/18 (1 advisory on 5 phases).
+- **`dsgvo-compliance`** (multi-file, `model: opus`) — DSGVO baseline-checks for AEGIS-bootstrapped projects. Five-phase pipeline: Consent-mapping / Retention-policy / Art. 13 info-templates / Datenpanne 72h-runbook / Schrems-II TIA. Sister-skill to brutaler-anwalt (audit findings vs fix-templates). SKILL.md + 2 references (`art-13-15-templates.md` covering full DSE template + Art. 15 Auskunftsanfrage-Antwort + per-form short-form Art. 13; `datenpanne-runbook.md` covering Sofortmaßnahmen + 72h-Timeline + Risiko-Bewertung + Art. 33/34 templates + Aufsichtsbehörden-Kontakte per Bundesland). RDG-Linie respected: templates + runbooks, not individual legal advice. validate 16/17 (1 advisory).
+
+### Updated — Master AGENTS.md + foundation/_INDEX.md (full activation)
+
+- **`packages/skills/AGENTS.md`** — removes all `_(post-0.4.0)_` placeholder-markers from Use-Case Routing table. Adds rows for module-builder / skill-creator / dsgvo-compliance use-cases. Adds Tool-Category Mapping rows for `library-engine` / `aegis-scan` / `lighthouse` / `playwright` / `curl` (the domain-specific tool-categories required by the new foundation skills). Adds Cluster Composition Reference table mapping each use-case to its multi-skill cluster (every cluster ends with aegis-handover-writer for next-session bootstrap).
+- **`packages/skills/skills/foundation/_INDEX.md`** — removes all `_(post-0.4.0)_` markers, adds full path + slash-command surface for all 8 skills. Adds Cluster Composition Patterns table.
+
+### Updated — manifest test
+
+- **`__tests__/manifest.test.ts`** — `EXPECTED_TOTAL` 50 → 55 (5 new foundation skills auto-detected by `loadAllSkills()`). `EXPECTED_NAMES_BY_CATEGORY['foundation']` adds the 5 new names alphabetically: `aegis-audit`, `aegis-customer-build`, `aegis-module-builder`, `aegis-skill-creator`, `dsgvo-compliance` (joining the 3 v0.3.0 skills).
+
+### Validation
+
+- All 5 new SKILL.md files pass SkillForge `validate-skill.py` ≥ 16/17 (the 1-warning ceiling per the `foundation/_INDEX.md` rule allows for advisory warnings on intentionally-multi-phase skills).
+- All 16 new `references/*.md` files pass scrub-clean (no internal-codename leaks). Total references-files added: 7 (customer-build phases) + 8 (audit layers) + 2 (skill-creator) + 2 (dsgvo-compliance) − 1 single-file = 18 reference-files plus 5 SKILL.md = 23 new markdown files.
+- `tsc --noEmit` clean. **486 / 486 tests pass post-addition** (was 432, +54 auto-generated for 5 new skills + 18 new references). Test breakdown: scrub 92 (was 68, +24), attribution 150 (was 140, +10), frontmatter 227 (was 207, +20), manifest 17 (unchanged count, EXPECTED_TOTAL bumped).
+- All scrub-test FORBIDDEN-codename patterns clean across new content (the canonical scrub-list lives in `__tests__/scrub.test.ts` plus the CI tarball-scrub gate). The customer-build skill uses the `library-engine` tool-category placeholder consistently per the foundation-spec privacy-residue convention, not any private-engine codename.
+
+### Notes
+
+- Hierarchical loading via the v0.4.0 master AGENTS.md plus foundation/_INDEX.md: token-budget reduction estimate ≥70% versus a flat skill-pool now applies for the full foundation cluster (was just brutaler-anwalt at v0.3.0).
+- 5 cluster-composition patterns documented in AGENTS.md + _INDEX.md (customer-build / compliance-audit / dev-feature / aegis-self-test / skill-authoring) — each cluster terminates with aegis-handover-writer per the discipline that no session ends without writing a handover.
+- HARD-CONSTRAINT-frontmatter format from v0.3.0 applied uniformly to all 5 new skills under `metadata:` nesting per the SkillForge validator's allowlist constraint. `parseHardConstraintFrontmatter()` from `skills-loader.ts` reads them without code change.
+- Phase 3 of the AEGIS Agent Foundation (CLI + agent-framework package) follows in `@aegis-scan/cli@0.18.0` + `@aegis-scan/agent-framework@0.18.0` (separate publishes).
+
+---
+
+## [0.3.0] — 2026-04-28 — "HARD-CONSTRAINT-frontmatter + AGENTS.md router (Phase 1 of AEGIS Agent Foundation)"
+
+### Added
+
+- **HARD-CONSTRAINT frontmatter format** — adds the v0.3.0 metadata-nested fields used by the AEGIS Agent Foundation (`metadata.required_tools`, `metadata.required_audit_passes`, `metadata.enforced_quality_gates`, `metadata.pre_done_audit`) plus top-level `model` (opus|sonnet|haiku) and `license` (typically MIT). The fields are visible to agents reading the SKILL.md content as the un-skippable Reference-Loading + Pre-Done-Audit gate. Loader-compatible: comma-separated strings stay parser-stable; YAML-array-form deferred until at least three skills need true arrays. Per spec §2 Component 3 + §13.3 + §8 dec 7 of the Foundation design.
+- **`parseHardConstraintFrontmatter()`** exported from `skills-loader.ts`. Reads top-level `name` / `description` / `model` / `license` plus the four metadata-nested HARD-CONSTRAINT fields. Backward-compat: top-level form still accepted as transitional fallback. Includes `extractMetadataField()` helper for two-level YAML extraction. 5 new unit-tests in `__tests__/frontmatter.test.ts` (canonical metadata-nested + flat-fallback + leading-aegis-local-comment-tolerance + missing-frontmatter graceful-empty + complete-skill-roundtrip). Total: 410 tests passing.
+- **`brutaler-anwalt` upgraded** with HARD-CONSTRAINT-frontmatter (under `metadata:`) + 5 missing structural sections — `## Triggers` (renamed from `## Trigger-Pattern`), `## Process` (new — wraps the 4 Modi + 8-Phasen-HUNTER-Workflow), `## Verification / Success Criteria` (new — 8-checkbox pre-done gate), `## Anti-Patterns` (renamed from singular `## Anti-Pattern`), `## Extension Points` (new — extension-paths for references / branchen / modi / hooks). Plus a HARD-CONSTRAINT — Reference-Loading block that forbids improvisation: every finding must cite § / Art. + Az. + reference-file-path. SkillForge `validate-skill.py` against the consumer-side install-path: 9/16 → **17/17 ALL CHECKS PASSED**.
+- **`packages/skills/AGENTS.md`** (new at the package root) — universal router skeleton covering Bootstrap-checklist, Tool-Category Mapping table (Claude Code / Codex / Copilot CLI columns), Use-Case Routing, and Skill Categories overview. Forward-compat note flags v0.4.0 expansion to the full `aegis-native/` cluster.
+- **`packages/skills/skills/compliance/_INDEX.md`** (new) — trigger-table for the compliance category, routing brutaler-anwalt today + a forward-compat slot for `dsgvo-compliance` post-v0.4.0. Slash-command surface documented (`/anwalt` with `hunt`/`simulate`/`consult` sub-modes plus `/audit` and `/compliance-check` aliases). Bootstrap-checklist for category-loaders.
+
+### Notes
+
+- Hierarchical skill-loading per the Foundation spec §2 Component 2 + §13.4. Token-budget reduction estimate ≥70% versus a flat skill-pool once the full v0.4.0 cluster lands. The tool-mapping table in AGENTS.md establishes the universal alias set (`shell-ops` / `file-ops` / `task-tracking` / `subagent-dispatch`) so skills stay harness-agnostic in their HARD-CONSTRAINT-blocks.
+- No CLI-surface changes in this minor — `aegis-skills list --category compliance` continues to surface brutaler-anwalt; the new metadata fields are extracted from the SKILL.md when consumers call `parseHardConstraintFrontmatter()` directly. Loader's existing `loadAllSkills()` is unchanged.
+- `tsc --noEmit` clean. All 410 tests passing across scrub / attribution / frontmatter / manifest suites.
+
+---
+
+## [0.2.1] — 2026-04-28 — "list --category compliance hotfix"
+
+### Fixed
+
+- **`aegis-skills list --category compliance` was rejected** by the CLI's hardcoded `VALID_CATEGORIES` whitelist in `packages/skills/src/commands/list.ts:19`. The whitelist still listed only the four pre-v0.2.0 categories (`offensive`, `defensive`, `mitre-mapped`, `ops`) and mismatched the actual on-disk category set, so callers filtering to the new `compliance` category got `Error: --category must be one of …` instead of the brutaler-anwalt entry. Added `compliance` to the whitelist + updated the JSDoc + updated the `--help` text in `bin.ts`. The unit-tests already covered category-filter happy-path on the existing categories; this hotfix relies on the post-publish manual smoke (`npx -y @aegis-scan/skills@0.2.1 list --category compliance` returns brutaler-anwalt) for evidence.
+
+### Meta
+
+- Same-day patch on top of `0.2.0`. The bug was caught by a post-publish manual install + run, not by source-side tests — class-lesson logged: every new category-string surface needs an end-to-end CLI smoke before tag-push, not just a manifest-test.
+
 ---
 
 ## [0.2.0] — 2026-04-27 — "four-category-population + compliance with brutaler-anwalt"

package/README.md

@@ -101,6 +101,33 @@ compliance audits:
 
 - **`brutaler-anwalt`** — adversarial DE/EU compliance auditor (DSGVO / DDG / TTDSG / UWG / NIS2 / EU AI Act / branchenrecht / strafrecht-steuer) with three-persona self-verification (Hunter / Challenger / Synthesizer). Slash-command activation via `/anwalt`. Ships an 11-file `references/` sibling tree (~120 KB) with per-bereich rules, BGH/EuGH-judgment database, abmahn-templates, and an explicit AEGIS-scanner-output → rechtliche-Bewertung mapping. The installer auto-copies the references tree alongside the SKILL.md.
 
+### Required external skills (mandatory complement, not forked)
+
+For full Supabase / Postgres coverage, AEGIS users **must** also
+install the upstream Supabase skill package — installed once,
+globally, via the upstream maintainer's distribution channel:
+
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+
+This installs two MIT-licensed skills from
+[supabase/agent-skills](https://github.com/supabase/agent-skills):
+
+- **`supabase`** — comprehensive Supabase development skill: Auth / Edge Functions / Realtime / Storage / Vectors, client libraries (`supabase-js`, `@supabase/ssr`) integration into Next.js / SvelteKit / Astro / Remix, JWT and session security, Supabase CLI workflow (`migration new`, `db query`, advisors), MCP server troubleshooting, schema-change workflow (`execute_sql` vs `apply_migration`), Postgres-extension setup (`pg_graphql` / `pg_cron` / `pg_vector`).
+- **`supabase-postgres-best-practices`** — 8-category Postgres performance guide (30+ reference files): query optimization (covering / partial / composite indexes), connection management (pooling / limits / prepared statements / idle timeout), schema design (primary keys / FK indexes / partitioning / constraints), concurrency & locking (advisory / deadlock prevention / skip-locked), data access (batch inserts / N+1 / pagination / upsert), monitoring (`EXPLAIN ANALYZE` / `pg_stat_statements` / vacuum), and advanced features (full-text search / JSONB indexing).
+
+The AEGIS-native defensive skills (`rls-defense`,
+`tenant-isolation-defense`) cross-reference the upstream
+`security-rls-basics.md`, `security-rls-performance.md`, and
+`security-privileges.md` reference files for performance-tuned RLS
+patterns and least-privilege role design — install the upstream
+package so those cross-references resolve at use-time.
+
+See [`ATTRIBUTION.md`](./ATTRIBUTION.md#required-external-skills-mandatory-complement-not-forked)
+for the full rationale on why these skills are mandate-via-upstream
+rather than forked into this tree.
+
 ### Attribution + license
 
 See [`ATTRIBUTION.md`](./ATTRIBUTION.md) for the full credit chain.

package/dist/bin.js

@@ -34,7 +34,7 @@ Commands:
             Default target: ~/.claude/skills/user/aegis-skills/
 
 List options:
-  --category <cat>   Filter to offensive / defensive / mitre-mapped / ops / all
+  --category <cat>   Filter to offensive / defensive / mitre-mapped / ops / compliance / all
   --source <src>     Filter to one source-namespace (e.g. snailsploit-fork)
   --json             Machine-readable output
 

package/dist/commands/list.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAID,wBAAgB,OAAO,CAAC,OAAO,GAAE,WAAgB,GAAG,MAAM,CA6DzD"}
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAWD,wBAAgB,OAAO,CAAC,OAAO,GAAE,WAAgB,GAAG,MAAM,CA6DzD"}

package/dist/commands/list.js

@@ -3,13 +3,20 @@
  *
  * Flags:
  *   --category <name>  Filter to a single category: offensive / defensive
- *                      / mitre-mapped / ops / all (default).
+ *                      / mitre-mapped / ops / compliance / all (default).
  *   --source <name>    Filter to a single source-namespace within a
  *                      category (e.g. snailsploit-fork). Default: all.
  *   --json             Machine-readable output for scripts or tests.
  */
 import { loadAllSkills } from '../skills-loader.js';
-const VALID_CATEGORIES = new Set(['all', 'offensive', 'defensive', 'mitre-mapped', 'ops']);
+const VALID_CATEGORIES = new Set([
+    'all',
+    'offensive',
+    'defensive',
+    'mitre-mapped',
+    'ops',
+    'compliance',
+]);
 export function runList(options = {}) {
     const categoryFilter = (options.category ?? 'all').toLowerCase();
     if (!VALID_CATEGORIES.has(categoryFilter)) {

package/dist/commands/list.js.map

@@ -1 +1 @@
-{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,aAAa,EAAoB,MAAM,qBAAqB,CAAC;AAQtE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;AAE3F,MAAM,UAAU,OAAO,CAAC,UAAuB,EAAE;IAC/C,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACjE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,MAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;QAC7B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,iBAAiB;SAC9B,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,wCAAwC,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3H,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,iBAAiB,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5D,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,MAAM,YAAY,CAAC,CAAC;IACjD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,OAAO,CAAO,KAAmB,EAAE,GAAgB;IAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QACpB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;YAC7B,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,aAAa,EAAoB,MAAM,qBAAqB,CAAC;AAQtE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,KAAK;IACL,WAAW;IACX,WAAW;IACX,cAAc;IACd,KAAK;IACL,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,UAAU,OAAO,CAAC,UAAuB,EAAE;IAC/C,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACjE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,MAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;QAC7B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,iBAAiB;SAC9B,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,wCAAwC,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3H,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,iBAAiB,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5D,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,MAAM,YAAY,CAAC,CAAC;IACjD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,OAAO,CAAO,KAAmB,EAAE,GAAgB;IAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QACpB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;YAC7B,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/skills-loader.d.ts

@@ -20,4 +20,47 @@ export interface LoadedSkill {
 }
 export declare function resolveSkillsRoot(): string;
 export declare function loadAllSkills(root?: string): LoadedSkill[];
+/**
+ * HARD-CONSTRAINT frontmatter fields introduced in @aegis-scan/skills@0.3.0
+ * for the AEGIS Agent Foundation. All fields are strings (comma-separated for
+ * lists) so that the minimal YAML-scalar parser can extract them without a
+ * full YAML-array implementation. YAML-array support is deferred to a later
+ * minor when 3+ skills need true arrays.
+ *
+ * Backward-compatible: pre-0.3.0 skills without these fields return undefined
+ * for each, and the loader continues to function unchanged.
+ */
+export interface HardConstraintFrontmatter {
+    /** Skill identifier from frontmatter `name:`. Required. */
+    name: string;
+    /** One-line description from frontmatter `description:`. Required. */
+    description: string;
+    /** Comma-separated tool-categories the skill needs at runtime. */
+    required_tools?: string;
+    /** Numeric-as-string — how many audit-passes before pre-done. */
+    required_audit_passes?: string;
+    /** Numeric-as-string — how many quality-gates the skill enforces. */
+    enforced_quality_gates?: string;
+    /** "true" | "false" — must run pre-done audit before declaring done. */
+    pre_done_audit?: string;
+    /** "opus" | "sonnet" | "haiku" — model selection hint. */
+    model?: string;
+    /** SPDX license id, typically "MIT". */
+    license?: string;
+}
+/**
+ * Parse HARD-CONSTRAINT frontmatter fields from a SKILL.md raw content.
+ * Returns name + description + model + license (top-level allowed by the
+ * SkillForge / Anthropic skill spec) plus optional v0.3.0+ HARD-CONSTRAINT
+ * fields nested under `metadata:` when the skill declares them.
+ *
+ * Backward-compat: also accepts the same fields at top-level (pre-canonical
+ * v0.3.0-rc layout). Top-level wins if both are present.
+ *
+ * Tolerates a leading `<!-- aegis-local … -->` HTML header per the upstream
+ * convention and ignores trailing body content. Designed to be used by the
+ * agent-framework `skill-frontmatter-validator` independently of the broader
+ * `loadAllSkills()` directory walker.
+ */
+export declare function parseHardConstraintFrontmatter(raw: string): HardConstraintFrontmatter;
 //# sourceMappingURL=skills-loader.d.ts.map

package/dist/skills-loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skills-loader.d.ts","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,EAAE,EAAE,MAAM,CAAC;IACX,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,CAAC;IACjB,sFAAsF;IACtF,MAAM,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAC;IACpB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,oFAAoF;IACpF,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED,wBAAgB,aAAa,CAAC,IAAI,GAAE,MAA4B,GAAG,WAAW,EAAE,CA6B/E"}
+{"version":3,"file":"skills-loader.d.ts","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,EAAE,EAAE,MAAM,CAAC;IACX,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,CAAC;IACjB,sFAAsF;IACtF,MAAM,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAC;IACpB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,oFAAoF;IACpF,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED,wBAAgB,aAAa,CAAC,IAAI,GAAE,MAA4B,GAAG,WAAW,EAAE,CA6B/E;AA2HD;;;;;;;;;GASG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,WAAW,EAAE,MAAM,CAAC;IACpB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iEAAiE;IACjE,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qEAAqE;IACrE,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0DAA0D;IAC1D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoDD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,8BAA8B,CAAC,GAAG,EAAE,MAAM,GAAG,yBAAyB,CA+BrF"}

package/dist/skills-loader.js

@@ -167,6 +167,108 @@ function extractScalarField(yaml, field) {
         value = value.slice(1, -1);
     return value;
 }
+/**
+ * Extract a scalar field from a nested `metadata:` block in YAML frontmatter.
+ *
+ * Looks for an indented `<field>: <value>` line that follows a top-level
+ * `metadata:` line. Indentation is two-or-more spaces (typical block style).
+ * Returns the value as a string, with optional surrounding quotes stripped.
+ * Returns '' if the metadata block or the requested field is absent.
+ *
+ * This is a minimal extractor matched to the conservative shape SkillForge's
+ * Anthropic-skill-spec accepts: `metadata:` is the canonical container for
+ * fields outside the small allowlist (agent, allowed-tools, context,
+ * description, hooks, license, model, name, user-invocable). True YAML
+ * nested-mapping support is deferred until at least one skill needs deeper
+ * nesting than two levels.
+ */
+function extractMetadataField(yaml, field) {
+    const lines = yaml.split(/\r?\n/);
+    let inMetadata = false;
+    let metadataIndent = -1;
+    for (const line of lines) {
+        if (/^metadata\s*:\s*$/.test(line)) {
+            inMetadata = true;
+            metadataIndent = -1;
+            continue;
+        }
+        if (!inMetadata)
+            continue;
+        if (line.trim() === '')
+            continue;
+        const indentMatch = /^(\s+)\S/.exec(line);
+        if (!indentMatch) {
+            // De-dented back to a top-level key — the metadata block has ended.
+            inMetadata = false;
+            continue;
+        }
+        const indent = indentMatch[1].length;
+        if (metadataIndent === -1)
+            metadataIndent = indent;
+        if (indent < metadataIndent) {
+            inMetadata = false;
+            continue;
+        }
+        const fieldMatch = new RegExp(`^\\s+${field}\\s*:\\s*(.*)$`).exec(line);
+        if (fieldMatch) {
+            let value = fieldMatch[1].trim();
+            if (value.startsWith('"') && value.endsWith('"'))
+                value = value.slice(1, -1);
+            if (value.startsWith("'") && value.endsWith("'"))
+                value = value.slice(1, -1);
+            return value;
+        }
+    }
+    return '';
+}
+/**
+ * Parse HARD-CONSTRAINT frontmatter fields from a SKILL.md raw content.
+ * Returns name + description + model + license (top-level allowed by the
+ * SkillForge / Anthropic skill spec) plus optional v0.3.0+ HARD-CONSTRAINT
+ * fields nested under `metadata:` when the skill declares them.
+ *
+ * Backward-compat: also accepts the same fields at top-level (pre-canonical
+ * v0.3.0-rc layout). Top-level wins if both are present.
+ *
+ * Tolerates a leading `<!-- aegis-local … -->` HTML header per the upstream
+ * convention and ignores trailing body content. Designed to be used by the
+ * agent-framework `skill-frontmatter-validator` independently of the broader
+ * `loadAllSkills()` directory walker.
+ */
+export function parseHardConstraintFrontmatter(raw) {
+    const withoutHeader = stripLeadingHeader(raw);
+    const yaml = extractYamlFrontmatter(withoutHeader);
+    if (!yaml) {
+        return { name: '', description: '' };
+    }
+    const out = {
+        name: extractScalarField(yaml, 'name'),
+        description: extractScalarField(yaml, 'description'),
+    };
+    // Top-level allowed-list fields per Anthropic skill spec.
+    const model = extractScalarField(yaml, 'model');
+    if (model)
+        out.model = model;
+    const license = extractScalarField(yaml, 'license');
+    if (license)
+        out.license = license;
+    // HARD-CONSTRAINT fields: prefer metadata-nested (canonical v0.3.0), fall
+    // back to top-level (transitional support).
+    const pickField = (field) => extractScalarField(yaml, field) || extractMetadataField(yaml, field);
+    const required_tools = pickField('required_tools');
+    if (required_tools)
+        out.required_tools = required_tools;
+    const required_audit_passes = pickField('required_audit_passes');
+    if (required_audit_passes)
+        out.required_audit_passes = required_audit_passes;
+    const enforced_quality_gates = pickField('enforced_quality_gates');
+    if (enforced_quality_gates)
+        out.enforced_quality_gates = enforced_quality_gates;
+    const pre_done_audit = pickField('pre_done_audit');
+    if (pre_done_audit)
+        out.pre_done_audit = pre_done_audit;
+    return out;
+}
 function extractFirstH1(body) {
     // Walk lines and track code-fence state so `# comment` inside a bash
     // or similar code-block is not mistaken for a markdown H1 heading.

package/dist/skills-loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"skills-loader.js","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAuBzC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2CAA2C,SAAS,OAAO,QAAQ,IAAI;QACrE,uEAAuE,CAC1E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,iBAAiB,EAAE;IAC9D,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzC,sEAAsE;QACtE,iEAAiE;QACjE,qEAAqE;QACrE,yCAAyC;QACzC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC9E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,iEAAiE;YACjE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACvC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,WAAW,CAAC,GAAG,CAAC;aACpB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;aACzC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CACnB,IAAY,EACZ,YAAoB,EACpB,QAAgB,EAChB,MAAc,EACd,IAAY,EACZ,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;IAC5E,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,OAAO;QACL,EAAE;QACF,QAAQ;QACR,MAAM;QACN,IAAI;QACJ,KAAK;QACL,WAAW;QACX,iBAAiB;QACjB,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,GAAG;KAClB,CAAC;AACJ,CAAC;AAQD,SAAS,gBAAgB,CAAC,GAAW,EAAE,YAAoB;IACzD,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE9C,uEAAuE;IACvE,wEAAwE;IACxE,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,IAAI,GAAG,aAAa,CAAC;IACzB,IAAI,IAAI,EAAE,CAAC;QACT,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACtD,IAAI,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,YAAY,CAAC;IAE/D,yEAAyE;IACzE,2EAA2E;IAC3E,qBAAqB;IACrB,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAEzD,4EAA4E;IAC5E,mBAAmB;IACnB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;QACnB,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE;QAC/B,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,sEAAsE;IACtE,wEAAwE;IACxE,kBAAkB;IAClB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,CAAC,EAAE,CAAC;QACtD,CAAC,EAAE,CAAC,CAAC,kCAAkC;QACvC,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,CAAC,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAa;IACrD,+EAA+E;IAC/E,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,4CAA4C;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,OAAO,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,OAAO;YAAE,SAAS;QACtB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,KAAa;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU;SACpB,KAAK,CAAC,eAAe,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,oEAAoE;IACpE,uEAAuE;IACvE,0EAA0E;IAC1E,iDAAiD;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;IACpD,MAAM,KAAK,GACT,2FAA2F,CAAC,IAAI,CAC9F,OAAO,CACR,CAAC;IACJ,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC"}
+{"version":3,"file":"skills-loader.js","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAuBzC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2CAA2C,SAAS,OAAO,QAAQ,IAAI;QACrE,uEAAuE,CAC1E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,iBAAiB,EAAE;IAC9D,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzC,sEAAsE;QACtE,iEAAiE;QACjE,qEAAqE;QACrE,yCAAyC;QACzC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC9E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,iEAAiE;YACjE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACvC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,WAAW,CAAC,GAAG,CAAC;aACpB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;aACzC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CACnB,IAAY,EACZ,YAAoB,EACpB,QAAgB,EAChB,MAAc,EACd,IAAY,EACZ,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;IAC5E,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,OAAO;QACL,EAAE;QACF,QAAQ;QACR,MAAM;QACN,IAAI;QACJ,KAAK;QACL,WAAW;QACX,iBAAiB;QACjB,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,GAAG;KAClB,CAAC;AACJ,CAAC;AAQD,SAAS,gBAAgB,CAAC,GAAW,EAAE,YAAoB;IACzD,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE9C,uEAAuE;IACvE,wEAAwE;IACxE,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,IAAI,GAAG,aAAa,CAAC;IACzB,IAAI,IAAI,EAAE,CAAC;QACT,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACtD,IAAI,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,YAAY,CAAC;IAE/D,yEAAyE;IACzE,2EAA2E;IAC3E,qBAAqB;IACrB,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAEzD,4EAA4E;IAC5E,mBAAmB;IACnB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;QACnB,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE;QAC/B,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,sEAAsE;IACtE,wEAAwE;IACxE,kBAAkB;IAClB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,CAAC,EAAE,CAAC;QACtD,CAAC,EAAE,CAAC,CAAC,kCAAkC;QACvC,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,CAAC,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAa;IACrD,+EAA+E;IAC/E,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC;AACf,CAAC;AA+BD;;;;;;;;;;;;;;GAcG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,KAAa;IACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,cAAc,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,UAAU,GAAG,IAAI,CAAC;YAClB,cAAc,GAAG,CAAC,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,SAAS;QACjC,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,oEAAoE;YACpE,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACrC,IAAI,cAAc,KAAK,CAAC,CAAC;YAAE,cAAc,GAAG,MAAM,CAAC;QACnD,IAAI,MAAM,GAAG,cAAc,EAAE,CAAC;YAC5B,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,QAAQ,KAAK,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxE,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,8BAA8B,CAAC,GAAW;IACxD,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IACD,MAAM,GAAG,GAA8B;QACrC,IAAI,EAAE,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;QACtC,WAAW,EAAE,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC;KACrD,CAAC;IACF,0DAA0D;IAC1D,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChD,IAAI,KAAK;QAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;IAC7B,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACpD,IAAI,OAAO;QAAE,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IAEnC,0EAA0E;IAC1E,4CAA4C;IAC5C,MAAM,SAAS,GAAG,CAAC,KAAa,EAAU,EAAE,CAC1C,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAEvE,MAAM,cAAc,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACnD,IAAI,cAAc;QAAE,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC;IACxD,MAAM,qBAAqB,GAAG,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACjE,IAAI,qBAAqB;QAAE,GAAG,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;IAC7E,MAAM,sBAAsB,GAAG,SAAS,CAAC,wBAAwB,CAAC,CAAC;IACnE,IAAI,sBAAsB;QAAE,GAAG,CAAC,sBAAsB,GAAG,sBAAsB,CAAC;IAChF,MAAM,cAAc,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACnD,IAAI,cAAc;QAAE,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC;IAExD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,4CAA4C;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,OAAO,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,OAAO;YAAE,SAAS;QACtB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,KAAa;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU;SACpB,KAAK,CAAC,eAAe,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,oEAAoE;IACpE,uEAAuE;IACvE,0EAA0E;IAC1E,iDAAiD;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;IACpD,MAAM,KAAK,GACT,2FAA2F,CAAC,IAAI,CAC9F,OAAO,CACR,CAAC;IACJ,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/skills",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",

package/sbom.cdx.json

@@ -1 +1 @@
-{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:cb3f76d2-19cc-48cb-a481-51c8ceecb5d4","version":1,"metadata":{"timestamp":"2026-04-27T22:03:31Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.2.0","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.2.0","bom-ref":"pkg:npm/@aegis-scan/skills@0.2.0","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.2.0"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-04-27T22:03:31Z","text":"This Software Bill-of-Materials (SBOM) document was created on Monday, April 27, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.2.0'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}
+{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:b093e1cf-2e77-446b-afa4-a3739edff36a","version":1,"metadata":{"timestamp":"2026-04-28T13:28:27Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.4.0","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.4.0","bom-ref":"pkg:npm/@aegis-scan/skills@0.4.0","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.4.0"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-04-28T13:28:27Z","text":"This Software Bill-of-Materials (SBOM) document was created on Tuesday, April 28, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.4.0'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}

package/skills/compliance/_INDEX.md

@@ -0,0 +1,49 @@
+# compliance/_INDEX.md — Compliance Skill Trigger-Table
+
+Routes `compliance/` category skills based on user intent + keyword triggers. Loaded on-demand by AGENTS.md when a compliance-related request arrives. Each row points at a specific SKILL.md to load.
+
+---
+
+## Skills in this category
+
+| Trigger keywords | → Skill | Loaded path |
+|---|---|---|
+| dsgvo, datenschutz, impressum, cookie, abmahnung, compliance, agb, avv, drittland, einwilligung, ttdsg, ddg, tmg, uwg, nis2, ai-act, gobd, dsa, urheber, marke, ePrivacy, drittlandtransfer, schrems, eugh, bgh, abmahnanwalt, datenpanne, betroffenenrechte, art-13, art-15, art-83, scc, tia, dsfa, vvt, dpo, dsb, lg-muenchen-google-fonts, fashion-id | `brutaler-anwalt` | `compliance/aegis-native/brutaler-anwalt/SKILL.md` |
+
+> **Note:** `dsgvo-compliance` (consent-management + Art. 13/15 templates + Datenpanne-Runbook) ships in the `foundation/` category as of v0.4.0, not under `compliance/`. The `foundation/_INDEX.md` router routes `consent / retention / art-13 / art-15 / datenpanne / schrems` triggers there. The `brutaler-anwalt` audit-skill (this row) and `dsgvo-compliance` fix-templates skill complement each other; users typically invoke both in a compliance-audit cluster.
+
+---
+
+## Slash-Commands
+
+- `/anwalt` — invoke brutaler-anwalt SCAN-mode on current repo or live URL
+- `/anwalt hunt <topic>` — HUNT-mode focused on one topic (cookie banner / drittland / impressum / etc.)
+- `/anwalt simulate` — full SIMULATE-mode incl. fictional Abmahn-letter or Behörden-Anhörung
+- `/anwalt consult <document>` — CONSULT-mode for review of one document (AGB / AVV / DSE / contract)
+- `/audit` — alias for `/anwalt`
+- `/compliance-check` — alias for `/anwalt`
+
+---
+
+## Rules for compliance skills
+
+- **Reference-Loading is mandatory** per HARD-CONSTRAINT-block in each skill's SKILL.md. The skill MUST refuse to operate without loading at least `audit-patterns.md` + topic-specific references.
+- **All references are MIT-licensed** (own work, AEGIS-native namespace). Each reference cites § / Art. + Az. + Reference-File-Pfad — no improvisation.
+- **Disclaimer is non-negotiable** (RDG § 2 — keine Rechtsberatung). Each output ends with the standard RDG-disclaimer.
+
+---
+
+## Bootstrap-checklist (called by AGENTS.md)
+
+When this category is loaded:
+
+1. Verify the matched skill's SKILL.md is in context.
+2. Check the skill's frontmatter `metadata.required_tools` — confirm those tool-categories are available in the harness (per AGENTS.md tool-mapping table).
+3. If `metadata.pre_done_audit: "true"` — note it; the skill will not be allowed to declare DONE without explicit pre-done-audit completion (the Verification / Success Criteria checklist).
+4. Print: `Loaded compliance skill: <name>, model: <opus|sonnet|haiku>, audit-passes: <N>, gates: <N>`.
+
+---
+
+## Forward-compat note
+
+`compliance/_INDEX.md` routes regulatory + legal-audit skills under the `compliance/` category. v0.3.0 ships `brutaler-anwalt`. The dsgvo-compliance fix-templates skill ships under `foundation/` (v0.4.0+) and is routed from `foundation/_INDEX.md` — see the note in the trigger-table above. Future compliance-audit additions land here without breaking the router-shape.