@aegis-scan/skills 0.2.0 → 0.4.0

package/skills/compliance/aegis-native/brutaler-anwalt/SKILL.md

@@ -2,6 +2,13 @@
 ---
 name: brutaler-anwalt
 description: Adversarial DE/EU Compliance-Auditor mit Multi-Persona-Self-Verification fuer DSGVO/UWG/AGB/Impressum/Cookies/AVV/NIS2/AI-Act/Branchen-/Straf-/Steuerrecht. Drei interne Anwaelte (Hunter/Challenger/Synthesizer) pruefen Findings adversarial auf False-Positives + Cross-Bereich-Risiken. Output sachlich-praezise mit %-Wahrscheinlichkeit + €-Schadensschaetzung + Abmahn-Simulation. Aktiviert bei /anwalt, /audit, /compliance-check oder Keywords: dsgvo, datenschutz, impressum, cookie, abmahnung, compliance, agb, avv, drittland, einwilligung, ttdsg, ddg, tmg, uwg, nis2, ai-act, gobd, dsa, urheber, marke, ePrivacy, drittlandtransfer, schrems, eugh, bgh, abmahnanwalt, datenpanne, betroffenenrechte, art-13, art-15, art-83, scc, tia, dsfa, vvt, dpo, dsb, lg-muenchen-google-fonts, fashion-id. KEINE Rechtsberatung i.S.d. RDG.
+model: opus
+license: MIT
+metadata:
+  required_tools: "shell-ops,file-ops,curl,playwright,aegis-scan"
+  required_audit_passes: "2"
+  enforced_quality_gates: "9"
+  pre_done_audit: "true"
 ---
 
 # Brutaler Anwalt — Adversarial DE/EU Compliance Auditor
@@ -10,6 +17,31 @@ description: Adversarial DE/EU Compliance-Auditor mit Multi-Persona-Self-Verific
 
 ---
 
+## HARD-CONSTRAINT — Reference-Loading
+
+Dieser Skill agiert NIE ohne Reference-Backup. Vor jedem Output-Schritt:
+
+1. **Self-Test Reference-State** — habe ich aus `references/` geladen?
+   - Wenn nein → STOP, References laden, dann erneut starten.
+   - Wenn ja → welche? (mind. `audit-patterns.md` + topic-spezifische muessen geladen sein)
+
+2. **Pro Finding mind. 1 Reference-Quelle**:
+   - § / Art. / Az. zitiert
+   - Reference-File-Pfad genannt (z.B. `references/dsgvo.md` Zeile X)
+   - Wenn keine Reference → Finding NICHT ausgeben, stattdessen: „Reference-Luecke — Pattern X nicht in References abgedeckt, manuelle Pruefung empfohlen"
+
+3. **Improvisations-Verbot**:
+   - KEINE %-Schaetzung ohne Begruendungs-Kette aus `audit-patterns.md` Schadens-Diagnose-Formel
+   - KEINE Fix-Empfehlung ohne Risiko-Klassifikation (LOW/MEDIUM/HIGH per `audit-patterns.md`)
+   - KEINE Az.-Nummer ohne Cross-Check in `references/bgh-urteile.md`
+
+4. **Reference-Luecke = Skill-Verbesserungs-Trigger**:
+   - Im Output transparent kennzeichnen
+   - User-Action vorschlagen: Reference erweitern + erneut auditieren
+   - Skill darf KEINE Improvisationen liefern fuer Pattern ohne Reference-Backup
+
+---
+
 ## Mission
 
 Maximaler Rechts-Stress-Test fuer Web-Projekte (Sites, SaaS, Shops, Apps). Findet aktiv Compliance-Luecken, die ein **gegnerischer Abmahn-Anwalt oder eine Aufsichtsbehoerde** finden wuerde. Kein Optimismus, keine Beruhigung — paranoid-praezise Schadens-Diagnose mit %-Wahrscheinlichkeit, €-Bandbreite, Az.+§-Belegen, Abmahn-Simulation.
@@ -41,7 +73,32 @@ Bei jedem Audit fuehrt der Skill drei Personas hintereinander aus. Sie sind kein
 
 ---
 
-## Modi
+## Process
+
+Der Skill folgt einem festen Drei-Persona-Workflow + Vier-Modi-Routing. Pro Audit:
+
+1. **Modus-Erkennung** — siehe Modi-Liste unten (SCAN / HUNT / SIMULATE / CONSULT)
+2. **Reference-Loading** — passende References aus `references/` laden (siehe `Reference-Loading-Map`); HARD-CONSTRAINT-Block oben erzwingt das
+3. **Persona-Pipeline (intern, sequenziell)**:
+   - Phase 1: HUNTER scannt → Findings-Liste mit %, €-Range, §
+   - Phase 2: CHALLENGER falsifiziert jedes Finding → verified | disputed | false-positive
+   - Phase 3: SYNTHESIZER konsolidiert + Cross-Risiken → finales Output
+4. **Output** im 4-Sektionen-Format (siehe `## Output-Format` unten)
+5. **Verification** — Self-Test-Checkliste durchgehen vor Done-Claim (siehe `## Verification / Success Criteria` unten)
+
+### HUNTER-8-Phasen-Workflow (intern, jeder SCAN-Pass)
+
+Per `references/audit-patterns.md`:
+1. HEADER-AUDIT (curl -sSI auf Live-URL)
+2. HTML-LIVE-PROBE (SSR-Inhalt + DOM-Struktur)
+3. IMPRESSUM-AUDIT (DDG §5 + Footer-Link-Resolver)
+4. DSE-AUDIT (DSGVO Art. 13 + Drittland + AVV)
+5. COOKIE-/CONSENT-AUDIT (TTDSG §25 + Pre-consent-Tracking)
+6. BRANCHEN-LAYER (BORA/HWG/LMIV/etc., wenn identifizierbar)
+7. CSP-CODE-CROSS-CHECK (wenn Repo-Zugriff)
+8. SCHADENS-DIAGNOSE-FORMEL (SYNTHESIZER-Konsolidierung)
+
+### Modi
 
 Erkenne den Modus aus dem Kontext oder frage einmal (kurz, nicht romanhaft) nach. Mehrere Modi pro Session moeglich.
 
@@ -194,7 +251,24 @@ Lade nur die passenden References — nicht alle auf einmal. Token-Disziplin.
 
 ---
 
-## Trigger-Pattern
+## Verification / Success Criteria
+
+Vor jedem `done`-Claim oder Output-Abgabe MUSS der Skill diese Checkliste positiv beantworten:
+
+- [ ] References geladen? Mindestens `audit-patterns.md` + topic-spezifische References (z.B. `dsgvo.md` fuer DSGVO-Sachverhalte)
+- [ ] Jedes Finding hat § / Art. + Az. + Reference-File-Pfad?
+- [ ] HUNTER-Phase fuer alle Inputs durchlaufen (Headers, HTML, Impressum, DSE, Cookie, Branche, Code, Schadens-Diagnose)?
+- [ ] CHALLENGER-Phase fuer JEDES Finding (verified | disputed | false-positive markiert)?
+- [ ] SYNTHESIZER-Konsolidierung gemacht (Cross-Bereich-Risiken geprueft, %-Bewertung berechnet)?
+- [ ] Risk-Klassifikation pro Fix-Vorschlag (LOW / MEDIUM / HIGH per audit-patterns.md)?
+- [ ] Disclaimer i.S.d. RDG am Ende des Outputs?
+- [ ] Bei Wahrscheinlichkeit > 60% oder Modus = SIMULATE: Abmahn-Brief generiert?
+
+Wenn auch nur **eine** Checkbox nicht erfuellt: NICHT als `done` deklarieren. Stattdessen melden welche Checkbox offen ist + warum + Empfehlung.
+
+---
+
+## Triggers
 
 ### Slash-Commands
 - `/anwalt` — Default SCAN-Modus auf aktuelles Repo/Branch
@@ -262,7 +336,7 @@ Wenn der User unspezifisch fragt („pruefe meine Site"), stelle **maximal 3 pri
 
 ---
 
-## Anti-Pattern (was der Skill NICHT tut)
+## Anti-Patterns (was der Skill NICHT tut)
 
 - ❌ **Keine Beruhigung**. „Das ist wahrscheinlich OK" gibt es nicht. Entweder verified-low-risk oder verified-risk.
 - ❌ **Keine Theatraliik / Sarkasmus / Beleidigungen**. User-Direktive: Sicherheit, kein Entertainment.
@@ -302,4 +376,27 @@ Wenn Reference-Files aktualisiert werden (neue Urteile, neue Gesetze):
 
 ---
 
+## Extension Points
+
+So erweitert man `brutaler-anwalt` ohne den Kern zu brechen:
+
+- **Neue References** hinzufuegen unter `references/`:
+  - Datei mit Markdown-Sektionen + Az.-Nummern + §-Verweisen
+  - Eintrag in `Reference-Loading-Map` oben anlegen (Sachverhalt → File)
+  - `audit-patterns.md` referenzieren wenn neue Pattern-Klasse hinzukommt
+  - `references/bgh-urteile.md` zentrale Urteils-DB — neue Urteile dort einpflegen, andere References zitieren von dort
+- **Neue Branchen** in `references/branchenrecht.md` ergaenzen:
+  - Neuer Branchen-Block mit Pflicht-Checkliste, branchen-spezifischen §§, typischen Abmahnpunkten
+  - Trigger-Keywords in `Auto-Trigger via Keywords` ergaenzen
+- **Neue Modi** durch `### Modus N` Section unter `### Modi`:
+  - Klar abgrenzen vom bestehenden 4-Modi-Set
+  - `Vorgehen`-Liste konkret + reproduzierbar
+- **Plugin-Hooks** (consumer-side, optional):
+  - SessionStart-Hook in `.claude/settings.json` der `/anwalt scan` automatisch fuer neue Sessions auf Compliance-relevanten Repos triggert
+  - PreToolUse-Hook der vor `git push` einen Quick-Anwalt-Scan laeuft
+- **AEGIS-Integration**: erweitern via `references/aegis-integration.md` wenn neue AEGIS-Module erscheinen (Tier-X Module-Mapping)
+- **AGENTS.md-Routing**: Skill ist via `compliance/_INDEX.md` geroutet — bei neuen Triggern dort eintragen, nicht im SKILL.md duplizieren
+
+---
+
 **Skill aktiviert. Startbereit fuer Audit.**

package/skills/defensive/aegis-native/rls-defense/SKILL.md

@@ -167,6 +167,31 @@ Order of operations:
 
 Run `aegis scan .` on your repo; fix everything `rls-bypass-checker` and `tenant-isolation-checker` flag before going to production.
 
+## Complementary external skill (mandatory)
+
+This AEGIS skill covers the **security-remediation layer** —
+scanner-finding mapping, incident-response, multi-tenant
+isolation invariants. It does **not** cover RLS performance
+optimization in depth, because that is the upstream Supabase
+team's domain and is maintained as a separate skill.
+
+When working on RLS at any depth, install the upstream Supabase
+skill package once, globally:
+
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+
+That ships
+[`supabase-postgres-best-practices`](https://github.com/supabase/agent-skills/tree/main/skills/supabase-postgres-best-practices),
+whose three `security-*` reference files complement this skill:
+
+- `references/security-rls-basics.md` — the canonical RLS-enable + policy pattern as Supabase recommends it.
+- `references/security-rls-performance.md` — the `(select auth.uid())` wrap that turns a per-row function call into a single-evaluation cached call (5–10x faster on large tables), security-definer helper functions for complex membership checks, and the discipline of indexing every column referenced inside an RLS policy.
+- `references/security-privileges.md` — least-privilege role design and GRANT minimization, the layer beneath RLS.
+
+When the AEGIS `rls-bypass-checker` flags a finding and you have a working policy fix, consult the upstream `security-rls-performance.md` next to ensure the fixed policy is also performant on production-sized tables. RLS that is correct but slow gets disabled by stressed engineers, which re-opens the security hole.
+
 ## See also
 
 - AEGIS scaffold's RLS bootstrap migration — `aegis new <project>` ships a `tenants` + `profiles` table + auto-profile-on-signup trigger pre-wired.

package/skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md

@@ -218,6 +218,32 @@ Run this on every CI run. Tenant-isolation regressions silently leak data; you n
 - `mass-assignment-checker` (CWE-915) — flags unvalidated body → `.insert()`.
 - `aegis-wizard/cli` scaffold — ships `secureApiRouteWithTenant`, the `tenants` + `profiles` schema with the auto-profile-on-signup trigger, and an exemplary API route demonstrating the composition pattern.
 
+## Complementary external skill (mandatory)
+
+This skill covers **API-route-level tenant isolation**: the
+`secureApiRouteWithTenant` primitive, JWT-sourced tenant
+injection, request-input rejection, and AEGIS scanner-finding
+remediation. It does not cover the broader Supabase development
+surface (Auth setup, Edge Functions, Realtime, Storage,
+migration workflow, MCP server integration) or Postgres
+performance.
+
+When designing a multi-tenant Supabase project, install the
+upstream Supabase skill package once, globally:
+
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+
+The two skills it ships are complementary to this one:
+
+- [`supabase`](https://github.com/supabase/agent-skills/tree/main/skills/supabase) — the comprehensive Supabase development skill: the JWT vs `app_metadata` vs `user_metadata` security trap (critical for tenant-isolation policies), `WITH (security_invoker = true)` for views (RLS bypass otherwise), Storage upsert needing INSERT+SELECT+UPDATE (silent failures otherwise), CLI / migration / MCP workflow.
+- [`supabase-postgres-best-practices`](https://github.com/supabase/agent-skills/tree/main/skills/supabase-postgres-best-practices) — Postgres performance reference: the `security-rls-performance.md` and `security-privileges.md` files complement this skill's tenant-filtering invariant with performance and least-privilege discipline.
+
+The mandate is documented at the top of the AEGIS repository in
+[`AGENTS.md`](../../../../../../AGENTS.md) and in the skills package
+[`ATTRIBUTION.md`](../../../../ATTRIBUTION.md#required-external-skills-mandatory-complement-not-forked).
+
 ## See also
 
 - `defensive-rls-defense` skill — the RLS counterpart that complements API-route-level isolation.

package/skills/foundation/_INDEX.md

@@ -0,0 +1,73 @@
+# foundation/_INDEX.md — Foundation Skill Trigger-Table
+
+Routes the Foundation's own skills (orchestrator, customer-build, audit, etc.) based on user intent + keyword triggers. Loaded on-demand by the master `AGENTS.md` router when a Foundation-related request arrives.
+
+---
+
+## Skills in this category
+
+| Trigger keywords | → Skill | Frontmatter `model` | Loaded path |
+|---|---|---|---|
+| start, session, bootstrap, phase, handover, weiter, weitermachen, übergabe, recap | `aegis-orchestrator` | opus | `foundation/aegis-native/aegis-orchestrator/SKILL.md` |
+| handover, übergabe, session-ende, fertig, recap, abschluss | `aegis-handover-writer` | sonnet | `foundation/aegis-native/aegis-handover-writer/SKILL.md` |
+| verify, check all gates, quality-gates, audit-gate, pre-commit-check | `aegis-quality-gates` | sonnet | `foundation/aegis-native/aegis-quality-gates/SKILL.md` |
+| build customer, kundenseite, neue site, konfigurator-briefing, autonomous-build, 3h-build | `aegis-customer-build` | opus | `foundation/aegis-native/aegis-customer-build/SKILL.md` |
+| module, feature, db-migration, api-route, refactor, neue funktion, neue api, neues modul | `aegis-module-builder` | sonnet | `foundation/aegis-native/aegis-module-builder/SKILL.md` |
+| audit, paranoid-audit, AAA+++ check, 8-layer, security-audit, full-audit | `aegis-audit` | opus | `foundation/aegis-native/aegis-audit/SKILL.md` |
+| neuer skill, skill erstellen, skill verbessern, skill audit, meta-skill, skillforge | `aegis-skill-creator` | opus | `foundation/aegis-native/aegis-skill-creator/SKILL.md` |
+| consent, retention, art-13, art-15, art-33, datenpanne, drittland, dsgvo-baseline, schrems | `dsgvo-compliance` | opus | `foundation/aegis-native/dsgvo-compliance/SKILL.md` |
+
+---
+
+## Slash-Commands
+
+- `/start` / `/session` / `/bootstrap` — invoke aegis-orchestrator
+- `/verify` / `/check all gates` — invoke aegis-quality-gates
+- `/handover` / `/übergabe` / `/session-ende` — invoke aegis-handover-writer
+- `/build` / `/customer-build` / `/agentur-build` — invoke aegis-customer-build
+- `/module` / `/feature` / `/refactor` — invoke aegis-module-builder
+- `/audit` / `/paranoid-audit` / `/8-layer` — invoke aegis-audit
+- `/skill-creator` / `/new-skill` / `/skill-audit` — invoke aegis-skill-creator
+- `/dsgvo` / `/art-13` / `/art-15` / `/datenpanne` / `/schrems` — invoke dsgvo-compliance
+
+---
+
+## Rules for foundation skills
+
+- Each skill MUST have `metadata.required_tools`, `metadata.pre_done_audit`, `model`, `license` populated per the v0.3.0+ HARD-CONSTRAINT-frontmatter format.
+- Each skill MUST validate `python3 /tmp/SkillForge/scripts/validate-skill.py <skill>` at 16/17 or higher (the 1-warning ceiling allows for "5 phases recommend 1-3" advisories on intentionally-multi-phase skills).
+- Multi-file skills (SKILL.md + sibling `references/`) are auto-installed; references kept under `<skill>/references/`.
+- The master `AGENTS.md` tool-mapping table is canonical — skills reference tool-categories (`shell-ops`, `file-ops`, etc.), the AGENTS.md tells the agent which actual harness-tool to use.
+
+---
+
+## Bootstrap-checklist (called by master AGENTS.md)
+
+When this category is loaded:
+
+1. Verify the matched skill's SKILL.md is in context (read it, don't just assume).
+2. Check the skill's `metadata.required_tools` — confirm those tool-categories are available in the harness (per AGENTS.md tool-mapping table).
+3. If `metadata.pre_done_audit: "true"` — note it; the skill will not be allowed to declare DONE without explicit pre-done-audit completion.
+4. Print: `Loaded foundation skill: <name>, model: <opus|sonnet|haiku>, audit-passes: <N>, gates: <N>`.
+
+---
+
+## Cluster Composition Patterns
+
+The 8 foundation skills compose into use-case clusters per master `AGENTS.md` Use-Case Routing:
+
+| Use-case | Cluster |
+|---|---|
+| customer-build | aegis-orchestrator → aegis-customer-build (multi-agent) → aegis-quality-gates → aegis-handover-writer |
+| compliance-audit | aegis-orchestrator → aegis-audit + brutaler-anwalt (cross-validate) → dsgvo-compliance (fix-templates) → aegis-handover-writer |
+| dev-feature | aegis-orchestrator → aegis-module-builder (TDD) → aegis-quality-gates → aegis-handover-writer |
+| aegis-self-test | aegis-orchestrator → aegis-quality-gates → aegis-audit → aegis-handover-writer |
+| skill-authoring | aegis-orchestrator → aegis-skill-creator → aegis-quality-gates → aegis-handover-writer |
+
+Each cluster ends with `aegis-handover-writer` to ensure the next session starts with full context.
+
+---
+
+## Forward-compat note
+
+`foundation/_INDEX.md` at v0.4.0+ routes the full 8-skill foundation cluster. Future foundation-additions (e.g., `aegis-deploy` for Hetzner-Dokploy automation, `aegis-monitoring` for post-deploy observability) get rows added here + corresponding SKILL.md folders under `foundation/aegis-native/`.

package/skills/foundation/aegis-native/aegis-audit/SKILL.md

@@ -0,0 +1,194 @@
+<!-- aegis-local: AEGIS-native skill, MIT-licensed; 8-Layer paranoid-audit skill. Headers / HTML / Impressum / DSE / Cookie / Branche / Code-Cross-Check / Schadens-Diagnose. Runs against built customer-site, gegen Live-URL, oder gegen lokales Repo. Output 4-section format (Schadens-Diagnose / Findings-Tabelle / Anwalts-Anhang / Abmahn-Simulation). Pattern ported from a private operational reference; this is the public OSS variant. -->
+---
+name: aegis-audit
+description: 8-Layer paranoid-audit skill. Headers / HTML / Impressum / DSE / Cookie / Branche / Code-Cross-Check / Schadens-Diagnose. Runs against built site, live URL, or local repo. Output 4-section - Schadens-Diagnose / Findings-Tabelle / Anwalts-Anhang / Abmahn-Simulation. Trigger keywords - audit, paranoid-audit, AAA+++ check, 8-layer, security-audit, full-audit.
+model: opus
+license: MIT
+metadata:
+  required_tools: "shell-ops,file-ops,curl,playwright,aegis-scan"
+  required_audit_passes: "1"
+  enforced_quality_gates: "0"
+  pre_done_audit: "true"
+---
+
+# aegis-audit — 8-Layer Paranoid Audit
+
+The Foundation's audit skill. Runs an 8-layer audit against a target (customer-site / live URL / local repo), produces a 4-section structured report, classifies findings by severity (KRITISCH / HOCH / MITTEL / LOW), estimates €-risk per finding via the industry × visibility × competitor formula. Used by customer-build's Phase 6 (mid-audit, topic-scoped) and Phase 7 (final, full-pass).
+
+---
+
+## HARD-CONSTRAINT — Layer-Order, Reference-Loading, No Mocks
+
+This skill MUST:
+
+1. **Load all 8 layer-references** in `references/layer-1-headers.md` through `references/layer-8-schadens-diagnose.md` BEFORE producing any finding. Skipping a layer-reference = guaranteed false-negatives or false-positives.
+2. **Execute layers in fixed order** (1 → 8). Earlier layers feed later ones (e.g., Layer 1 HTTP-headers feed Layer 5 cookie-detection). Out-of-order execution skips signal.
+3. **No mocks.** Every layer hits the real target via real HTTP / curl / Playwright. If the target is unreachable — report NO-RESPONSE; never infer findings from chat-context.
+4. **Cross-check with brutaler-anwalt** (`compliance/aegis-native/brutaler-anwalt/SKILL.md`). aegis-audit is the technical pass; brutaler-anwalt is the legal pass. They share Layer 3 (Impressum) + Layer 4 (DSE) + Layer 5 (Cookie). Findings get cross-validated.
+5. **Output the canonical 4-section format.** Schadens-Diagnose / Findings-Tabelle / Anwalts-Anhang / Abmahn-Simulation. No deviation; downstream tooling parses this format.
+6. **Include €-range estimates** per Layer 8 formula (industry × visibility × competitor-pressure). Estimates are advisory, not legal advice — disclaimer required.
+
+If any layer cannot run (e.g., Playwright not installed) — STOP, report which layer + why. Don't silent-skip.
+
+---
+
+## Mission
+
+Eliminate the failure-mode where "the site looks fine" turns into a €15k abmahnung 3 weeks after launch. Catch the legal + technical regressions that scanners-alone miss because they don't cross-correlate (e.g., a tracker loaded before consent + impressum missing VAT-ID + cookie-banner with no equal-prominence reject = composite finding worth €5-15k).
+
+Be the audit that:
+
+- Hits every layer that abmahnanwalts inspect.
+- Cross-correlates findings (a single scanner-hit might be 0 €; a 3-finding-cluster might be €15k).
+- Estimates €-risk (operator can prioritize).
+- Produces a 4-section report that operator + legal + dev can all consume.
+- Distinguishes between "fix-now KRITISCH" and "fix-this-quarter MITTEL".
+
+Production-bar reference: a previous full-audit on a 13-page site (private operational reference) returned 0 KRITISCH / 0 HOCH / 3 MITTEL / 8 LOW with €-range 200-800 €/quarter (very low) — the bar this skill targets.
+
+---
+
+## Triggers
+
+### Slash-commands
+
+- `/audit` — run full 8-layer audit on the configured target
+- `/paranoid-audit` — alias
+- `/8-layer` — alias
+
+### Auto-trigger keywords
+
+- audit, paranoid-audit, AAA+++ check, 8-layer, security-audit, full-audit, abmahn-prevention
+
+### Programmatic invocation
+
+Customer-build Phase 6 invokes via:
+
+```
+Skill: aegis-native/aegis-audit
+Args: --mode=mid --topics=impressum,cookie,dse --target=http://localhost:3000
+```
+
+Phase 7 invokes via:
+
+```
+Skill: aegis-native/aegis-audit
+Args: --mode=full --target=http://localhost:3000 --output=audits/final.md
+```
+
+---
+
+## Process
+
+The 8 layers run in fixed order. Each layer has a dedicated reference under `references/`.
+
+### Layer Summary Table
+
+| # | Layer | Mid-mode | Full-mode | Reference |
+|---|---|---|---|---|
+| 1 | HTTP-Headers | optional | always | layer-1-headers.md |
+| 2 | HTML-Live-Probe | always | always | layer-2-html.md |
+| 3 | Impressum | always | always | layer-3-impressum.md |
+| 4 | DSE (Datenschutzerklärung) | always | always | layer-4-dse.md |
+| 5 | Cookie + Consent | always | always | layer-5-cookie.md |
+| 6 | Branche-Specific | optional | always | layer-6-branche.md |
+| 7 | Code-Cross-Check (when local repo) | full only | always | layer-7-code-cross-check.md |
+| 8 | Schadens-Diagnose (Synthesizer) | always | always | layer-8-schadens-diagnose.md |
+
+### Phase 1: Pre-Audit Setup
+
+```bash
+# Verify target is reachable
+curl -sf -o /dev/null -w "%{http_code}\n" "$TARGET"
+# Expected: 200 / 301 / 302; otherwise abort with NO-RESPONSE finding
+
+# Verify Playwright is available (for Layer 2 + Layer 5 deeper probes)
+npx playwright --version
+# If missing: STOP, ask operator to `npx playwright install chromium`
+```
+
+### Phase 2: Layer Execution (1 → 8)
+
+For each enabled layer (per --mode):
+
+1. Read the layer-reference for the patterns + thresholds.
+2. Execute the probe(s).
+3. Capture findings into the structured findings-list with:
+   - `id`: stable identifier (e.g., `L3-IMPRESSUM-VAT-MISSING`)
+   - `severity`: KRITISCH | HOCH | MITTEL | LOW
+   - `evidence`: the raw observation (URL + HTTP status + HTML snippet + curl output)
+   - `recommendation`: the fix
+   - `citation`: legal-source (Art. paragraph + court-decision when available)
+
+### Phase 3: Cross-Correlation
+
+After all layers run, run the cross-correlation pass:
+
+- Layer 3 + Layer 5 cluster: Impressum-incomplete + cookie-pre-consent → composite KRITISCH (€5-15k abmahn)
+- Layer 4 + Layer 5 cluster: DSE-incomplete + tracker-active → composite KRITISCH
+- Layer 1 + Layer 7 cluster: missing CSP + unsafe-eval in code → composite HOCH
+- Layer 6 + Layer 3 cluster: industry-specific pflichtangabe + impressum-missing → composite KRITISCH
+
+Cross-correlation often elevates 3 individual MITTEL findings to a single composite KRITISCH — the actual abmahn-target.
+
+### Phase 4: Report Generation (Layer 8 — Schadens-Diagnose)
+
+Produce the 4-section report per the canonical template (see `references/layer-8-schadens-diagnose.md`):
+
+1. **Schadens-Diagnose** — top-level summary + €-range estimate
+2. **Findings-Tabelle** — detailed per-finding (severity / layer / evidence / fix / citation)
+3. **Anwalts-Anhang** — legal citations (Art. paragraph + court-decisions)
+4. **Abmahn-Simulation** — likelihood × industry × visibility = probable cost-range
+
+### Phase 5: Output
+
+Write the report to:
+
+- `customers/<slug>/audits/<mode>-<date>.md` (when invoked from customer-build)
+- `audits/<mode>-<date>.md` (when invoked standalone)
+- stdout summary (1-line per finding) + path to full report
+
+---
+
+## Verification / Success Criteria
+
+Before declaring the audit complete:
+
+- [ ] All enabled layers executed (no silent-skip)
+- [ ] Each layer's findings captured with full evidence (no hand-wavy "looks bad")
+- [ ] Cross-correlation pass run after all layers
+- [ ] Schadens-Diagnose €-range computed via Layer 8 formula
+- [ ] 4-section report written + stdout summary printed
+- [ ] No KRITISCH finding without a citation
+- [ ] No HOCH finding without a fix-recommendation
+- [ ] No "TODO" or placeholder text in the final report
+
+If any unmet → audit is incomplete. Re-run failing layers + regenerate report.
+
+---
+
+## Anti-Patterns
+
+- ❌ Skipping a layer "because it doesn't apply to this target" — every layer applies; if none apply, report NOT-APPLICABLE in the layer-section, don't omit.
+- ❌ Mocking HTTP-responses — every probe hits real target.
+- ❌ Inferring findings from chat-context — read the raw output, cite line/byte.
+- ❌ Hand-wavy severities — every severity has a defined criteria (per layer-reference); apply consistently.
+- ❌ Composite findings without explicit cross-correlation logic — Phase 3 is mandatory.
+- ❌ €-range without disclaimer — "Estimates are advisory; not legal advice. Verify with a Fachanwalt."
+- ❌ Skipping Layer 8 (Schadens-Diagnose) "because no findings exist" — Layer 8 still produces a report stating "0 findings, low €-risk".
+- ❌ Out-of-order layer execution — Layer 5 (cookie) needs Layer 1 (headers) data; running L5 before L1 misses signals.
+- ❌ False-positive on a 3rd-party-CDN that's actually 1st-party-CNAME-aliased — verify via `dig CNAME` before reporting.
+- ❌ Missing citation for KRITISCH — no Art./§/court-decision = downgrade to HOCH at most.
+
+---
+
+## Extension Points
+
+- **New layer**: add `references/layer-9-<name>.md` + add to the Layer Summary Table here. Phase 2 reads the layer-references list dynamically.
+- **Industry-specific Layer 6**: per industry (legal, medical, financial, ...) extend `references/layer-6-branche.md` with industry-section. Phase 2 detects industry from the target's NAICS/WZ-code (or briefing.industry field).
+- **Custom severity thresholds**: a project might want stricter KRITISCH thresholds. Override in `aegis.config.json` `audit.severities.kritisch.threshold` per layer.
+- **Different target-types**: this skill audits a URL by default. Extend with `--mode=local-repo` (audits source-code without running build) or `--mode=tarball` (audits a published artifact) by adding probe-implementations per layer.
+- **Multi-language support**: for non-DE/EU jurisdictions, add `references/layer-<N>-<jurisdiction>.md` (e.g., layer-3-impressum-uk.md for UK pflichtangaben). Layer 2 (HTML), Layer 1 (Headers), Layer 7 (Code) are jurisdiction-agnostic and reused.
+- **Output format**: the 4-section format is canonical. Extension-formats (HTML / SARIF / JSON) live in `packages/reporters` and consume the audit's structured findings-list.
+- **Continuous audit**: a project can run aegis-audit on every commit (CI integration) or on every URL-change (production-watch). Add `--mode=ci` (fast, layer 1+2+3+5 only) and `--mode=watch` (Layer 1+2+5).
+- **Whitelisted-finding suppression**: some findings are project-accepted (e.g., a CSP `unsafe-inline` for a specific 3rd-party script). Add to `aegis.config.json` `audit.suppressions[]` with `id` + `rationale` + `expiry-date`. Suppressions expire by default (no permanent suppressions).

package/skills/foundation/aegis-native/aegis-audit/references/layer-1-headers.md

@@ -0,0 +1,138 @@
+# Layer 1 Reference — HTTP-Headers
+
+Layer 1 probes HTTP response-headers for security + privacy + caching headers. Findings here often feed Layer 5 (Cookie) + Layer 7 (Code-Cross-Check). **Time:** ~2-5 min per target.
+
+---
+
+## Probe Pattern
+
+```bash
+# Capture headers (HEAD + GET; some servers strip security headers on HEAD)
+curl -sI "$TARGET" > /tmp/audit-headers-head.txt
+curl -s -I -X GET "$TARGET" > /tmp/audit-headers-get.txt
+
+# Compare (some sites send different headers per method)
+diff /tmp/audit-headers-head.txt /tmp/audit-headers-get.txt
+```
+
+Then check each canonical header per the table below.
+
+---
+
+## Canonical Header Checklist
+
+| Header | Expected | Severity if missing/weak |
+|---|---|---|
+| `Strict-Transport-Security` | `max-age=31536000; includeSubDomains; preload` | HOCH (missing) / MITTEL (max-age < 31536000) |
+| `Content-Security-Policy` | strict (no `unsafe-inline` on `script-src`, no `*` on `frame-ancestors`) | KRITISCH (missing) / HOCH (`unsafe-inline`) |
+| `X-Frame-Options` | `DENY` or `SAMEORIGIN` (or via CSP `frame-ancestors`) | HOCH (missing — clickjacking) |
+| `X-Content-Type-Options` | `nosniff` | MITTEL (missing — MIME-sniffing) |
+| `Referrer-Policy` | `strict-origin-when-cross-origin` or stricter | MITTEL (missing) / LOW (`unsafe-url`) |
+| `Permissions-Policy` | scoped (no `*` defaults) | MITTEL (missing) |
+| `Cross-Origin-Opener-Policy` | `same-origin` | LOW (missing) |
+| `Cross-Origin-Embedder-Policy` | `require-corp` (when applicable) | LOW (missing — only for sensitive sites) |
+| `Cross-Origin-Resource-Policy` | `same-origin` or `same-site` | LOW (missing) |
+| `Cache-Control` (HTML) | `no-store, no-cache, must-revalidate` for auth-pages; `public, max-age=...` for static | MITTEL (auth-page cached) |
+| `Set-Cookie` (auth) | `Secure; HttpOnly; SameSite=Lax` (or `Strict`) | KRITISCH (auth-cookie without HttpOnly) |
+| `Server` | absent or generic (no version-disclosure) | LOW (verbose server-header) |
+| `X-Powered-By` | absent | LOW (verbose framework-disclosure) |
+
+---
+
+## CSP Strictness Check
+
+```bash
+csp=$(grep -i "content-security-policy" /tmp/audit-headers-get.txt | cut -d: -f2-)
+echo "$csp"
+
+# Check for KRITISCH/HOCH patterns
+grep -q "unsafe-inline" <<<"$csp" && echo "L1-CSP-UNSAFE-INLINE: HOCH"
+grep -q "unsafe-eval" <<<"$csp" && echo "L1-CSP-UNSAFE-EVAL: HOCH"
+grep -q "frame-ancestors[^;]*\*" <<<"$csp" && echo "L1-CSP-FRAME-ANCESTORS-WILDCARD: KRITISCH"
+grep -q "default-src[^;]*\*" <<<"$csp" && echo "L1-CSP-DEFAULT-SRC-WILDCARD: KRITISCH"
+```
+
+Strictest CSP pattern (next.js with strict-dynamic + nonce):
+
+```
+default-src 'self'; 
+script-src 'self' 'nonce-<hash>' 'strict-dynamic' https:; 
+style-src 'self' 'unsafe-inline'; 
+img-src 'self' data: https:; 
+connect-src 'self'; 
+frame-ancestors 'none';
+```
+
+`style-src 'unsafe-inline'` is acceptable (CSS injection has lower exploitation impact than JS injection); `script-src 'unsafe-inline'` is not.
+
+---
+
+## HSTS Preload Check
+
+```bash
+# If max-age < 31536000 OR missing includeSubDomains OR missing preload — not preload-eligible
+hsts=$(grep -i "strict-transport-security" /tmp/audit-headers-get.txt | cut -d: -f2-)
+max_age=$(grep -oE "max-age=[0-9]+" <<<"$hsts" | cut -d= -f2)
+[ -z "$max_age" ] && echo "L1-HSTS-MISSING: HOCH"
+[ -n "$max_age" ] && [ "$max_age" -lt 31536000 ] && echo "L1-HSTS-TOO-SHORT: MITTEL"
+grep -qi "includesubdomains" <<<"$hsts" || echo "L1-HSTS-NO-SUBDOMAINS: MITTEL"
+grep -qi "preload" <<<"$hsts" || echo "L1-HSTS-NO-PRELOAD: LOW"
+```
+
+For preload-list eligibility, also verify:
+
+```bash
+# At https://hstspreload.org/ — site must:
+# - Serve HSTS header on root domain + all subdomains
+# - max-age >= 31536000 (1 year)
+# - includeSubDomains
+# - preload
+# - Redirect HTTP to HTTPS on root + subdomains
+```
+
+---
+
+## Cookie Header Cross-Check (feeds Layer 5)
+
+```bash
+# Capture all Set-Cookie lines
+grep -i "^set-cookie:" /tmp/audit-headers-get.txt
+```
+
+For each cookie, check:
+
+- `Secure` flag set (only sent over HTTPS)
+- `HttpOnly` flag set (no JS-access; KRITISCH if missing on auth-cookie)
+- `SameSite` set (`Lax` or `Strict`; `None` requires `Secure`)
+- `Path=/` reasonable scope
+- `Max-Age` or `Expires` set (no session-cookies for tracking that should be persistent)
+
+Layer 5 (Cookie + Consent) cross-references each cookie against the consent-status: any tracking-cookie set BEFORE consent is a TTDSG/TDDDG §25 violation.
+
+---
+
+## Findings Format
+
+Each Layer 1 finding writes to the structured findings-list:
+
+```yaml
+- id: L1-CSP-UNSAFE-INLINE
+  layer: 1
+  severity: HOCH
+  evidence:
+    url: <target>
+    header_name: Content-Security-Policy
+    header_value: "default-src 'self'; script-src 'self' 'unsafe-inline' ..."
+  recommendation: "Replace 'unsafe-inline' with nonce-based CSP per OWASP CSP-3 cheatsheet"
+  citation: "OWASP CSP-3, BSI TR-03116-4 §4.2"
+```
+
+---
+
+## Anti-Patterns specific to Layer 1
+
+- ❌ Reporting "HSTS missing" when site is HTTP-only — first fix HTTP-to-HTTPS redirect; HSTS is moot otherwise.
+- ❌ Reporting "CSP unsafe-inline" without checking if the inline is `style-src` — script-src is the dangerous one; style-src is acceptable.
+- ❌ Skipping cookie-headers — they feed Layer 5; Layer 5 then fails to detect pre-consent trackers.
+- ❌ HEAD-only probe — some sites strip security-headers on HEAD; always run GET too.
+- ❌ Reporting "X-XSS-Protection missing" — that header is deprecated (no longer recommended; modern CSP supersedes).