@aegis-scan/skills 0.2.1 → 0.5.0

package/ATTRIBUTION.md

@@ -41,6 +41,53 @@ rule applies to any incoming updates — no stripping of upstream
 attribution, no removal of AEGIS-added headers, no paper-over of
 upstream format variance.
 
+## Offensive skills — matty69v/Bug-Bounty-Agents (selective fork)
+
+A subset of skills under `skills/offensive/matty-fork/` are forked from
+[matty69v/Bug-Bounty-Agents](https://github.com/matty69v/Bug-Bounty-Agents)
+under MIT License. The upstream is a 43-agent prompt library — AEGIS pulls
+only the five that fill documented coverage gaps and otherwise have no
+overlap with the existing `snailsploit-fork/` content.
+
+- **Upstream author:** matty69v
+- **SPDX:** MIT
+- **Fork-SHA:** `5f8b8301b1bfbbe3aece4f38337cef69d52af0dc`
+- **Fork date:** 2026-05-01
+- **Skill count at fork:** 5 (selective):
+  - `cicd-redteam` (529 lines) — closes CI/CD pipeline analysis gap
+  - `cloud-security` (104 lines) — closes Cloud Security Posture gap (AWS/GCP/Azure)
+  - `container-escape` (172 lines) — closes container/k8s breakout gap
+  - `mobile-pentester` (355 lines) — closes Mobile (APK/IPA) analysis gap
+  - `subdomain-takeover` (152 lines) — closes subdomain-takeover detection gap
+- **Upstream-attribution format:** YAML frontmatter (`name:`, `description:`,
+  `tools:`, `model:`). All five files preserved byte-identically inside the
+  body; AEGIS-local provenance header added above the YAML opener.
+
+### AEGIS-side modifications
+
+- Per-file `<!-- aegis-local: forked … from matty69v/Bug-Bounty-Agents@<sha> -->`
+  HTML header prepended above the YAML frontmatter on each `SKILL.md`.
+- The other 38 upstream skills overlap with existing AEGIS coverage
+  (`snailsploit-fork/`, programmatic scanners, or LLM-DAST-wrappers) and are
+  intentionally NOT forked.
+- Upstream's `_scope-guard.md` is a routing-excluded shared pre-flight prompt
+  that several main agents reference. The five forked skills retain those
+  textual references intact (byte-identical body), but the `_scope-guard.md`
+  itself is NOT shipped — AEGIS skill-loader requires kebab-case names that
+  cannot start with an underscore. Operators can fetch the upstream file
+  directly from the source repo if needed; AEGIS' own `--confirm` gate +
+  `evaluateActiveModeAuthorization()` (see `packages/cli/src/active-mode-
+  disclaimer.ts`) provides the equivalent enforced safety floor.
+
+### Why selective rather than full fork
+
+The upstream `_scope-guard.md` model is prompt-level (advisory, agent-
+referenced). AEGIS' active-mode disclaimer + `--confirm` gate is CLI-level
+(enforced, Commander.js-validated). Pulling all 43 agents would bloat the
+skill catalog with content that either duplicates AEGIS' programmatic
+checks or duplicates `snailsploit-fork/` coverage. The five selected fill
+documented gaps that no other AEGIS surface covers today.
+
 ## Defensive skills — AEGIS-native
 
 All skills under `skills/defensive/aegis-native/` are AEGIS-original
@@ -93,10 +140,130 @@ adversarial DE/EU compliance content under MIT License.
 - **First shipped:** v0.2.0
 - **Content domain:** DE/EU compliance audit (DSGVO, DDG, TTDSG, UWG, NIS2, EU AI Act, branchenrecht, strafrecht-steuer). Three-persona self-verification (Hunter / Challenger / Synthesizer) is an AEGIS-original methodology pattern, not derived from upstream content. References cite German/EU statutes (`§`-paragraphs) and BGH/EuGH judgment-IDs (`Az.`) — these are factual legal identifiers, not copyrightable expression.
 
-## Future external sources
-
-The `skills/` tree is designed to grow across sources. Future
-candidates being evaluated for cherry-pick (per the maintainer's
+## Required external skills (mandatory complement, not forked)
+
+Some upstream skill packages are higher-value when consumed
+**directly from the upstream maintainer** rather than forked into
+this tree. AEGIS treats them as **mandatory complements** —
+required for full Supabase / Postgres coverage when working on a
+project that uses those technologies — but installed via the
+upstream's own distribution channel rather than re-shipped here.
+
+This avoids:
+
+- License-attribution drift across forks
+- Stale upstream versions when the maintainer ships fixes
+- Duplicate maintenance burden when the upstream package is the
+  single source of truth
+
+### `Chachamaru127/claude-code-harness` — concept-only adoption (no fork, no install)
+
+- **Upstream:** https://github.com/Chachamaru127/claude-code-harness
+- **License:** MIT
+- **Adoption mode:** **concept-only** — AEGIS adopts two patterns from this project's design but ships zero copied code or assets:
+  1. **Plans.md as a Live Working-Plan SSOT** — adapted into `aegis-orchestrator/SKILL.md` as the format for `.aegis/Plans.md`. AEGIS-specific: integrated into the existing 8-skill foundation cluster lifecycle (orchestrator initializes, specialist skills update, handover-writer summarizes), uses pure markdown, no Go binary or `/harness-*` verb-commands.
+  2. **`harness doctor --residue` stale-reference detection** — adapted into `aegis-quality-gates/SKILL.md` as Gate 10 (residue-check). AEGIS-specific: pure shell + grep methodology integrated as a gate of the existing 10-gate verifier sequence (was 9-gate pre-adoption), with the AEGIS classes of residue documented (stale commit-SHAs in handovers, broken markdown cross-links in shipped SKILL.md, orphan path references, phantom `_INDEX.md` skill rows, dead `<!-- aegis-local: -->` provenance refs). The motivating bug-class: handover docs that cite commit-SHAs invalidated by a `git rebase`.
+
+- **What was NOT adopted:** the Go-native runtime engine, the 5 `/harness-plan|work|review|release|setup` verb-commands, the 13 R01-R13 declarative guardrails, the 3-agent worker/reviewer/scaffolder split, the marketplace plugin distribution. AEGIS already has equivalents for or alternatives to each (repo rulesets, scrub-gates, supply-chain CI gates, 8 specialist foundation skills, npm direct distribution).
+
+- **Why concept-only and not fork or mandate:** the two adopted patterns are **methodology**, not code — they fit AEGIS's existing skill-cluster architecture verbatim once described in markdown. Forking would buy nothing (no shared code paths) and adding a mandate would burden users with installing a tool they don't need. Documenting the inspiration in this file + the relevant SKILL.md sections preserves attribution while staying lean.
+
+### `supabase/agent-skills` — Postgres + Supabase development best-practices
+
+- **Upstream:** https://github.com/supabase/agent-skills
+- **License:** MIT
+- **Skills shipped:** `supabase` (comprehensive Supabase dev skill — Auth, Edge Functions, Realtime, Storage, MCP, CLI, schema-change workflow) + `supabase-postgres-best-practices` (8-category Postgres performance guide with 30+ reference files: query, conn, security, schema, lock, data, monitor, advanced).
+- **Installation (mandatory when working on this repo):**
+
+  ```bash
+  npx skills add supabase/agent-skills -g -y
+  ```
+
+  Installs both skills globally to `~/.agents/skills/` and
+  symlinks them into `~/.claude/skills/` for Claude Code
+  auto-discovery. Compatible with 18+ AI agents (Claude Code,
+  Cursor, GitHub Copilot, Cline, etc.) — universal Agent Skills
+  Open Standard format.
+
+- **Why mandatory and not forked:** the AEGIS skills package
+  covers the **security layer** (RLS-bypass remediation,
+  tenant-isolation, IDOR-defense, scanner-finding mapping). The
+  upstream Supabase skills cover the **dev-productivity layer**
+  (CLI commands, migration workflow, MCP server config, query
+  performance optimization, indexing patterns, connection
+  pooling, JSONB indexing, full-text search, etc.). The two are
+  complementary and non-overlapping — see the cross-reference
+  blocks at the bottom of `skills/defensive/aegis-native/rls-defense/SKILL.md`
+  and `skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md`.
+
+- **Why not cherry-pick into AEGIS:** Supabase ships frequent
+  updates to its own skills (core principles, CLI gotchas, MCP
+  troubleshooting steps change between Supabase CLI versions).
+  Forking would freeze the AEGIS copy at a fork-SHA and require
+  quarterly upstream-sync work for content the AEGIS team has
+  no special insight into. Routing users to the upstream package
+  ensures they always pull the freshest Supabase-team-maintained
+  guidance.
+
+## OSINT skills — elementalsouls/Claude-OSINT
+
+All skills under `skills/osint/` are forked from
+[elementalsouls/Claude-OSINT](https://github.com/elementalsouls/Claude-OSINT)
+under MIT License (with offensive-security ethical-use notice).
+
+- **Upstream author:** Cyanide (elementalsouls)
+- **SPDX:** MIT
+- **Fork-SHA:** `ea42241d068e8112da0e4e28006207125c835c2e`
+- **Fork date:** 2026-05-01
+- **Skill count at fork:** 2 (`offensive-osint`, `osint-methodology`)
+- **Upstream-attribution format:** YAML frontmatter (`name:`, `description:`,
+  `version:`, `triggers:`). Both files preserved byte-identically inside the
+  body; AEGIS-local provenance header added above the YAML opener.
+
+### AEGIS-side modifications
+
+- Per-file `<!-- aegis-local: forked … from elementalsouls/Claude-OSINT@<sha> -->`
+  HTML header prepended above the YAML frontmatter on both `SKILL.md` files.
+- `offensive-osint/SKILL.md` carries an additional **PORT-NOTE** inside its
+  fork header explaining that the upstream `secret_scan.py` helper script is
+  NOT shipped (`@aegis-scan/skills` enforces a markdown-only invariant via
+  CI). The helper is scheduled for port to a TypeScript scanner module under
+  **F-EXTERNAL-SECRETS-1** (planned v0.18.x). Until then, operators run
+  AEGIS' existing `gitleaks` / `trufflehog` wrappers, or fetch the helper
+  directly from the upstream repository.
+- `offensive-osint/README.md` *Loading*, *Helper script*, *Self-test* and
+  *License* sections updated to reflect the AEGIS package layout (no manual
+  `cp` of `scripts/secret_scan.py` since the script is not shipped; smoke
+  tests referenced as upstream-only pending F-SKILL-SYNC-CI-1).
+- `osint-methodology/README.md` *Self-test* and *License* sections updated
+  similarly.
+- Upstream `LICENSE` and `tests/smoke-test-prompts.md` are NOT shipped — the
+  AEGIS root `LICENSE` covers all of `@aegis-scan/skills`, and the smoke
+  tests will land under `packages/skills/__tests__/skill-prompts/` when the
+  skill-validation CI is built (F-SKILL-SYNC-CI-1).
+
+### Why a separate top-level category instead of merging into `offensive/`
+
+`osint/` is intel-gathering tradecraft (collection + correlation + scoring),
+distinct from `offensive/` which encodes exploit-side red-team patterns
+(SSRF / SQLi / XSS / RCE / etc.). The `snailsploit-fork/` already contains
+much smaller `osint/` (399 lines) and `osint-methodology/` (434 lines)
+skills that overlap topically but are subset by content. Both kept side-by-
+side: the `snailsploit-fork/` versions remain available for operators who
+prefer the lighter checklist style; the `osint/` top-level category
+provides the operational arsenal (~5,800 lines of probe paths, regexes,
+validators, identity-fabric methodology, vendor fingerprints) that the
+`snailsploit-fork/` intentionally does not include. Frontmatter `name:`
+collisions across categories are acceptable — Claude Code skill-routing
+keys on path-relative identifiers, not the bare `name:` field.
+
+## Future external cherry-pick candidates
+
+The `skills/` tree is also designed to grow across sources via
+**fork-mode** (the same pattern as `skills/offensive/snailsploit-fork/`)
+when the content is security-domain and benefits from AEGIS-side
+sanitization, scanner-mapping headers, or quarterly review.
+Candidates being evaluated for cherry-pick (per the maintainer's
 source-evaluation cycle):
 
 - [mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — Apache-2.0, 754 mixed offensive+defensive skills with MITRE/D3FEND/NIST framework-mappings.

package/CHANGELOG.md

@@ -8,7 +8,118 @@ and quality-audit completion, not by a fixed schedule.
 
 ---
 
-## [Unreleased]
+## [0.5.0] — 2026-05-01 — "External-research extension: NEW osint/ category + 5 selective offensive skills"
+
+Minor bump for the v0.18.0 scanner-family release-cut. Adds NEW `osint/` top-level skill category (2 skills, 5861 lines) and selective fork from a second offensive upstream (5 gap-filling skills, 1322 lines). Skill-count grows from 55 to 62; source-namespaces grow from 2 (`snailsploit-fork`, `aegis-native`) to 4 (+`elementalsouls-fork`, +`matty-fork`).
+
+### Added (NEW category — F-OSINT-SKILL-PACK-1)
+
+- **`skills/osint/`** — NEW top-level category for intel-gathering tradecraft (distinct from `offensive/` exploit-side patterns). Forked from elementalsouls' upstream OSINT pack (MIT, fork-SHA `ea42241d068e8112da0e4e28006207125c835c2e`):
+  - `osint/elementalsouls-fork/offensive-osint/SKILL.md` (4168 lines, 204KB) — operational arsenal: 43+-pattern modern-AI-API-key catalog, 80+-template dork corpus, vendor edge-appliance fingerprints, identity-fabric concrete endpoints, 9 read-only credential validators, 27 attack-path templates.
+  - `osint/elementalsouls-fork/osint-methodology/SKILL.md` (1693 lines, 93KB) — 5-stage recon pipeline, asset-graph discipline, breach × identity correlation, email-security audit, vulnerability prioritization (CVE × EPSS × KEV).
+- PORT-NOTE: upstream `secret_scan.py` helper script NOT shipped (`@aegis-scan/skills` markdown-only CI invariant). Helper queued for port to `packages/scanners/src/recon/external-secret-scan.ts` under F-EXTERNAL-SECRETS-1 (planned v0.18.x).
+
+### Added (selective fork — F-SKILL-PACK-MATTY-1)
+
+- **5 skills under `skills/offensive/matty-fork/`** — selective fork of matty69v's upstream Bug-Bounty-Agents (MIT, fork-SHA `5f8b8301b1bfbbe3aece4f38337cef69d52af0dc`). Pulled 5 of 43 upstream agents that fill documented AEGIS coverage gaps; the other 38 overlap with existing snailsploit-fork content or programmatic scanners and are intentionally not pulled.
+  - `cicd-redteam` (529 lines) — CI/CD pipeline analysis (GH Actions / GitLab CI / Jenkins / Argo / Tekton)
+  - `cloud-security` (104 lines) — CSPM (AWS / GCP / Azure)
+  - `container-escape` (172 lines) — container / k8s breakout
+  - `mobile-pentester` (355 lines) — Mobile (APK / IPA) — OWASP MASTG / MASVS
+  - `subdomain-takeover` (152 lines) — dangling-CNAME detection
+- Upstream's `_scope-guard.md` advisory prompt is NOT shipped — AEGIS skill-loader requires kebab-case names that cannot start with underscore, and the safety floor is already enforced at the CLI gate (`evaluateActiveModeAuthorization()` + `--confirm` in active-mode-disclaimer.ts). The 5 forked skills retain their textual scope-guard references byte-identical (per snailsploit-fork preservation precedent).
+
+### Updated (compliance/aegis-native/brutaler-anwalt → v3.4.0 sync)
+
+- **`brutaler-anwalt` skill enriched** to its current locally-maintained version: 5-persona self-verification (Hunter / Challenger / Synthesizer + Devil's-Advocate + Live-Probe), reconciled v3.4.0 audit-pattern set (Multi-Surface Origin-Regression / File-Storage in Production-Container / DKIM Specific-over-Wildcard + Multi-Selector / Operator-DNS-View Pflicht-Check / Granulare Try-Catch um Persist + Mail-Send), README version sync 3.2.0 → 3.4.0, expanded `references/` tree (+`gesetze/` 11 sub-folders, +`stack-patterns/` 10 sub-folders, +`templates/` 10 example files), shipped `scripts/health-check.sh` with operator-customizable brand-deny-list (reads `scripts/brand-deny-list.local.txt` when present, falls back to placeholder pattern). All shipped content sanitized for OSS — zero brand / personal-name leaks (verified by sanitize-grep + health-check). The skill's `LICENSE` is MIT, matching AEGIS root.
+- **Operator note**: customize `scripts/brand-deny-list.local.txt` (gitignored sibling) with your own internal codenames; the health-check uses it to scan SKILL.md / references / templates for accidental brand bleed before each release.
+
+### Added (Plans.md SSOT pattern)
+
+- **Plans.md — Live Working-Plan SSOT pattern** in `aegis-orchestrator/SKILL.md`. Defines `.aegis/Plans.md` as the single source of truth for in-flight tasks + acceptance criteria + blockers, complementing `state.json` (machine-readable phase) and handover docs (point-in-time snapshots). Lifecycle: orchestrator initializes, specialist skills update, handover-writer summarizes at session-end. AC-discipline: every task carries observable + independently verifiable acceptance criteria; task is DONE only when all AC are checked; blocked tasks keep AC unchanged and document the blocker. Concept adapted from [Chachamaru127/claude-code-harness](https://github.com/Chachamaru127/claude-code-harness) (MIT) — pure markdown integration, no fork, no Go binary, no install.
+
+### Validation
+
+- **Unit tests: 536 / 536** (was 491 — +45 across new sources).
+- **Manifest invariants** updated: EXPECTED_TOTAL 55 → 62; EXPECTED_CATEGORIES adds `osint`; EXPECTED_SOURCES_BY_CATEGORY adds `elementalsouls-fork` (osint) + `matty-fork` (offensive); EXPECTED_NAMES_BY_CATEGORY extends offensive (+5) and adds osint (+2).
+- **Attribution invariants** updated: HEADER_RE_BY_SOURCE +2 entries.
+- **Gate 10 — Residue-Check** added to `aegis-quality-gates/SKILL.md`. Detects stale commit-SHAs in handover docs (caught the v0.4.0 publish-procedure bug where rebase invalidated cited SHAs), broken markdown cross-links in shipped SKILL.md content, orphan path references, phantom `_INDEX.md` skill rows pointing at non-existent paths, dead `<!-- aegis-local: -->` provenance refs. Pure shell + grep methodology — runs in both `--quick` and `--final` modes, plus a new `--residue` operator-on-demand mode for post-rebase / post-merge checks. Concept adapted from claude-code-harness's `harness doctor --residue` (MIT).
+- **Plans.md task-discipline** referenced from `aegis-module-builder/SKILL.md`. Module-builder feature-specs map their acceptance-criteria 1:1 onto the Plans.md AC-checkbox format defined in aegis-orchestrator. Module-build phases 2-6 check off AC as they progress; task moves DONE only when all AC are checked.
+
+### Updated
+
+- `aegis-quality-gates`: description + frontmatter `enforced_quality_gates` bumped from 9 → 10 to reflect the new residue-check gate.
+- `aegis-orchestrator`: bootstrap-checklist extended from 6 to 8 steps (added Plans.md read at step 6, expanded print at step 7).
+- `packages/skills/ATTRIBUTION.md` — new "concept-only" attribution section for claude-code-harness documenting both pattern adoptions, what was NOT adopted, and why concept-only beats fork-or-mandate for methodology adoption.
+
+- **External-skills mandate-without-fork integration** with [supabase/agent-skills](https://github.com/supabase/agent-skills) (MIT). Two upstream skills (`supabase` + `supabase-postgres-best-practices`) are now declared **mandatory complements** to the AEGIS-native security layer for any project using Supabase or Postgres. Installation via the upstream's own distribution channel (`npx skills add supabase/agent-skills -g -y`) — not re-shipped here. Rationale: upstream is actively maintained by the Supabase team with frequent updates the AEGIS team has no special insight into, so fork-mode would freeze content at a fork-SHA + create unnecessary quarterly upstream-sync work for content that benefits from staying current.
+  - `ATTRIBUTION.md` — new "Required external skills (mandatory complement, not forked)" section documenting the rationale, install command, and license-compatibility chain.
+  - `README.md` — new "Required external skills (mandatory complement, not forked)" section under "What ships" with explicit install instructions and the cross-reference map.
+  - `skills/defensive/aegis-native/rls-defense/SKILL.md` — new "Complementary external skill (mandatory)" section pointing to upstream `security-rls-basics.md`, `security-rls-performance.md`, and `security-privileges.md` reference files.
+  - `skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md` — new "Complementary external skill (mandatory)" section pointing to upstream `supabase` and `supabase-postgres-best-practices` skills.
+  - AEGIS repository root — new `AGENTS.md` documents the repo-wide mandate for AI coding-agents working in this repo and the layer-split between AEGIS-native security and upstream Supabase dev/perf coverage.
+
+### Notes
+
+- This [Unreleased] entry establishes **three external-source integration-patterns** that AEGIS now uses, picked per-source based on stability + maintenance-economics:
+  1. **Fork-mode** (`snailsploit-fork`) — content forked into `skills/<category>/<source>/` with attribution headers; quarterly upstream-sync.
+  2. **Mandate-without-fork** (`supabase/agent-skills`) — install via upstream's own distribution channel; cross-reference from AEGIS skills.
+  3. **Concept-only adoption** (`Chachamaru127/claude-code-harness`) — methodology adapted into existing AEGIS skills via prose; zero code, zero install, attribution preserved in this CHANGELOG + ATTRIBUTION.md.
+
+---
+
+## [0.4.0] — 2026-04-28 — "Full foundation cluster (Phase 2 of AEGIS Agent Foundation)"
+
+### Added — 5 new foundation skills
+
+The remaining 5 of 8 foundation skills land in this minor, completing the v0.4.0 foundation cluster started in v0.3.0 (which shipped orchestrator + handover-writer + quality-gates).
+
+- **`aegis-customer-build`** (multi-file, `model: opus`) — library-engine-driven autonomous customer-website builder. Ingests a configurator-output briefing.md, runs Pre-Build-Validation + 7 phases (Recon / Architecture / Component-Build / Content / Integration / Mid-Audit / Final-Verify) + Post-Build status-report. Multi-agent orchestration via subagent-dispatch (Master + Research + Executor + Strategist). Hits production-bar 994/S/FORTRESS + Lighthouse 98+ + briefing-coverage 100% or returns INCOMPLETE-Status. SKILL.md + 7 phase-references (`phase-1-recon` through `phase-7-final-verify` covering briefing-parser-checklist, architecture-decisions, component-build pattern, copy/SEO/Schema, API-route + DSGVO-form pattern, mid-audit repair-loop, 9-gate final-verify + briefing-coverage). validate 17/18 (1 advisory warning on 7 intentional phases).
+- **`aegis-module-builder`** (single-file, `model: sonnet`) — Generic feature-dev workflow with TDD-first discipline. Six-phase pipeline: Plan / Test (red) / Implement (green) / Verify (gates 1-4) / Polish / Commit. Wraps DB-migration + API-route (secureApiRoute + Zod-strict + requireRole) + Service-Layer + UI-Component + Tests + Optimistic-Updates. References `superpowers:test-driven-development` for TDD-mechanics. validate 16/18 (intentional 6-phase + intentional single-file design).
+- **`aegis-audit`** (multi-file, `model: opus`) — 8-Layer paranoid-audit skill. Layers: HTTP-Headers / HTML-Live-Probe / Impressum / DSE / Cookie+Consent / Branche-Specific / Code-Cross-Check / Schadens-Diagnose. Runs against built customer-site, live URL, or local repo. Output 4-section format (Schadens-Diagnose / Findings-Tabelle / Anwalts-Anhang / Abmahn-Simulation) with €-range estimates per industry × visibility × competitor formula. SKILL.md + 8 layer-references (`layer-1-headers` through `layer-8-schadens-diagnose`). Cross-checks with brutaler-anwalt at shared layers (Impressum / DSE / Cookie). validate 16/17 (1 advisory).
+- **`aegis-skill-creator`** (multi-file, `model: opus`) — Meta-skill that builds new skills via SkillForge methodology (tripleyak/SkillForge MIT) + AEGIS HARD-CONSTRAINT-format. Five-phase pipeline: Triage (USE_EXISTING / IMPROVE / CREATE_NEW / COMPOSE) / Scaffold (init_skill.py-style) / Iterate (11-Lens-Analysis) / Validate (auto-iterate to 16/17+) / Commit. SKILL.md + 2 references (`skillforge-methodology.md` with attribution + `hard-constraint-template.md` per-skill-type templates: orchestrator / builder / auditor / writer / verifier / meta). validate 17/18 (1 advisory on 5 phases).
+- **`dsgvo-compliance`** (multi-file, `model: opus`) — DSGVO baseline-checks for AEGIS-bootstrapped projects. Five-phase pipeline: Consent-mapping / Retention-policy / Art. 13 info-templates / Datenpanne 72h-runbook / Schrems-II TIA. Sister-skill to brutaler-anwalt (audit findings vs fix-templates). SKILL.md + 2 references (`art-13-15-templates.md` covering full DSE template + Art. 15 Auskunftsanfrage-Antwort + per-form short-form Art. 13; `datenpanne-runbook.md` covering Sofortmaßnahmen + 72h-Timeline + Risiko-Bewertung + Art. 33/34 templates + Aufsichtsbehörden-Kontakte per Bundesland). RDG-Linie respected: templates + runbooks, not individual legal advice. validate 16/17 (1 advisory).
+
+### Updated — Master AGENTS.md + foundation/_INDEX.md (full activation)
+
+- **`packages/skills/AGENTS.md`** — removes all `_(post-0.4.0)_` placeholder-markers from Use-Case Routing table. Adds rows for module-builder / skill-creator / dsgvo-compliance use-cases. Adds Tool-Category Mapping rows for `library-engine` / `aegis-scan` / `lighthouse` / `playwright` / `curl` (the domain-specific tool-categories required by the new foundation skills). Adds Cluster Composition Reference table mapping each use-case to its multi-skill cluster (every cluster ends with aegis-handover-writer for next-session bootstrap).
+- **`packages/skills/skills/foundation/_INDEX.md`** — removes all `_(post-0.4.0)_` markers, adds full path + slash-command surface for all 8 skills. Adds Cluster Composition Patterns table.
+
+### Updated — manifest test
+
+- **`__tests__/manifest.test.ts`** — `EXPECTED_TOTAL` 50 → 55 (5 new foundation skills auto-detected by `loadAllSkills()`). `EXPECTED_NAMES_BY_CATEGORY['foundation']` adds the 5 new names alphabetically: `aegis-audit`, `aegis-customer-build`, `aegis-module-builder`, `aegis-skill-creator`, `dsgvo-compliance` (joining the 3 v0.3.0 skills).
+
+### Validation
+
+- All 5 new SKILL.md files pass SkillForge `validate-skill.py` ≥ 16/17 (the 1-warning ceiling per the `foundation/_INDEX.md` rule allows for advisory warnings on intentionally-multi-phase skills).
+- All 16 new `references/*.md` files pass scrub-clean (no internal-codename leaks). Total references-files added: 7 (customer-build phases) + 8 (audit layers) + 2 (skill-creator) + 2 (dsgvo-compliance) − 1 single-file = 18 reference-files plus 5 SKILL.md = 23 new markdown files.
+- `tsc --noEmit` clean. **486 / 486 tests pass post-addition** (was 432, +54 auto-generated for 5 new skills + 18 new references). Test breakdown: scrub 92 (was 68, +24), attribution 150 (was 140, +10), frontmatter 227 (was 207, +20), manifest 17 (unchanged count, EXPECTED_TOTAL bumped).
+- All scrub-test FORBIDDEN-codename patterns clean across new content (the canonical scrub-list lives in `__tests__/scrub.test.ts` plus the CI tarball-scrub gate). The customer-build skill uses the `library-engine` tool-category placeholder consistently per the foundation-spec privacy-residue convention, not any private-engine codename.
+
+### Notes
+
+- Hierarchical loading via the v0.4.0 master AGENTS.md plus foundation/_INDEX.md: token-budget reduction estimate ≥70% versus a flat skill-pool now applies for the full foundation cluster (was just brutaler-anwalt at v0.3.0).
+- 5 cluster-composition patterns documented in AGENTS.md + _INDEX.md (customer-build / compliance-audit / dev-feature / aegis-self-test / skill-authoring) — each cluster terminates with aegis-handover-writer per the discipline that no session ends without writing a handover.
+- HARD-CONSTRAINT-frontmatter format from v0.3.0 applied uniformly to all 5 new skills under `metadata:` nesting per the SkillForge validator's allowlist constraint. `parseHardConstraintFrontmatter()` from `skills-loader.ts` reads them without code change.
+- Phase 3 of the AEGIS Agent Foundation (CLI + agent-framework package) follows in `@aegis-scan/cli@0.18.0` + `@aegis-scan/agent-framework@0.18.0` (separate publishes).
+
+---
+
+## [0.3.0] — 2026-04-28 — "HARD-CONSTRAINT-frontmatter + AGENTS.md router (Phase 1 of AEGIS Agent Foundation)"
+
+### Added
+
+- **HARD-CONSTRAINT frontmatter format** — adds the v0.3.0 metadata-nested fields used by the AEGIS Agent Foundation (`metadata.required_tools`, `metadata.required_audit_passes`, `metadata.enforced_quality_gates`, `metadata.pre_done_audit`) plus top-level `model` (opus|sonnet|haiku) and `license` (typically MIT). The fields are visible to agents reading the SKILL.md content as the un-skippable Reference-Loading + Pre-Done-Audit gate. Loader-compatible: comma-separated strings stay parser-stable; YAML-array-form deferred until at least three skills need true arrays. Per spec §2 Component 3 + §13.3 + §8 dec 7 of the Foundation design.
+- **`parseHardConstraintFrontmatter()`** exported from `skills-loader.ts`. Reads top-level `name` / `description` / `model` / `license` plus the four metadata-nested HARD-CONSTRAINT fields. Backward-compat: top-level form still accepted as transitional fallback. Includes `extractMetadataField()` helper for two-level YAML extraction. 5 new unit-tests in `__tests__/frontmatter.test.ts` (canonical metadata-nested + flat-fallback + leading-aegis-local-comment-tolerance + missing-frontmatter graceful-empty + complete-skill-roundtrip). Total: 410 tests passing.
+- **`brutaler-anwalt` upgraded** with HARD-CONSTRAINT-frontmatter (under `metadata:`) + 5 missing structural sections — `## Triggers` (renamed from `## Trigger-Pattern`), `## Process` (new — wraps the 4 Modi + 8-Phasen-HUNTER-Workflow), `## Verification / Success Criteria` (new — 8-checkbox pre-done gate), `## Anti-Patterns` (renamed from singular `## Anti-Pattern`), `## Extension Points` (new — extension-paths for references / branchen / modi / hooks). Plus a HARD-CONSTRAINT — Reference-Loading block that forbids improvisation: every finding must cite § / Art. + Az. + reference-file-path. SkillForge `validate-skill.py` against the consumer-side install-path: 9/16 → **17/17 ALL CHECKS PASSED**.
+- **`packages/skills/AGENTS.md`** (new at the package root) — universal router skeleton covering Bootstrap-checklist, Tool-Category Mapping table (Claude Code / Codex / Copilot CLI columns), Use-Case Routing, and Skill Categories overview. Forward-compat note flags v0.4.0 expansion to the full `aegis-native/` cluster.
+- **`packages/skills/skills/compliance/_INDEX.md`** (new) — trigger-table for the compliance category, routing brutaler-anwalt today + a forward-compat slot for `dsgvo-compliance` post-v0.4.0. Slash-command surface documented (`/anwalt` with `hunt`/`simulate`/`consult` sub-modes plus `/audit` and `/compliance-check` aliases). Bootstrap-checklist for category-loaders.
+
+### Notes
+
+- Hierarchical skill-loading per the Foundation spec §2 Component 2 + §13.4. Token-budget reduction estimate ≥70% versus a flat skill-pool once the full v0.4.0 cluster lands. The tool-mapping table in AGENTS.md establishes the universal alias set (`shell-ops` / `file-ops` / `task-tracking` / `subagent-dispatch`) so skills stay harness-agnostic in their HARD-CONSTRAINT-blocks.
+- No CLI-surface changes in this minor — `aegis-skills list --category compliance` continues to surface brutaler-anwalt; the new metadata fields are extracted from the SKILL.md when consumers call `parseHardConstraintFrontmatter()` directly. Loader's existing `loadAllSkills()` is unchanged.
+- `tsc --noEmit` clean. All 410 tests passing across scrub / attribution / frontmatter / manifest suites.
 
 ---
 

package/README.md

@@ -101,6 +101,33 @@ compliance audits:
 
 - **`brutaler-anwalt`** — adversarial DE/EU compliance auditor (DSGVO / DDG / TTDSG / UWG / NIS2 / EU AI Act / branchenrecht / strafrecht-steuer) with three-persona self-verification (Hunter / Challenger / Synthesizer). Slash-command activation via `/anwalt`. Ships an 11-file `references/` sibling tree (~120 KB) with per-bereich rules, BGH/EuGH-judgment database, abmahn-templates, and an explicit AEGIS-scanner-output → rechtliche-Bewertung mapping. The installer auto-copies the references tree alongside the SKILL.md.
 
+### Required external skills (mandatory complement, not forked)
+
+For full Supabase / Postgres coverage, AEGIS users **must** also
+install the upstream Supabase skill package — installed once,
+globally, via the upstream maintainer's distribution channel:
+
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+
+This installs two MIT-licensed skills from
+[supabase/agent-skills](https://github.com/supabase/agent-skills):
+
+- **`supabase`** — comprehensive Supabase development skill: Auth / Edge Functions / Realtime / Storage / Vectors, client libraries (`supabase-js`, `@supabase/ssr`) integration into Next.js / SvelteKit / Astro / Remix, JWT and session security, Supabase CLI workflow (`migration new`, `db query`, advisors), MCP server troubleshooting, schema-change workflow (`execute_sql` vs `apply_migration`), Postgres-extension setup (`pg_graphql` / `pg_cron` / `pg_vector`).
+- **`supabase-postgres-best-practices`** — 8-category Postgres performance guide (30+ reference files): query optimization (covering / partial / composite indexes), connection management (pooling / limits / prepared statements / idle timeout), schema design (primary keys / FK indexes / partitioning / constraints), concurrency & locking (advisory / deadlock prevention / skip-locked), data access (batch inserts / N+1 / pagination / upsert), monitoring (`EXPLAIN ANALYZE` / `pg_stat_statements` / vacuum), and advanced features (full-text search / JSONB indexing).
+
+The AEGIS-native defensive skills (`rls-defense`,
+`tenant-isolation-defense`) cross-reference the upstream
+`security-rls-basics.md`, `security-rls-performance.md`, and
+`security-privileges.md` reference files for performance-tuned RLS
+patterns and least-privilege role design — install the upstream
+package so those cross-references resolve at use-time.
+
+See [`ATTRIBUTION.md`](./ATTRIBUTION.md#required-external-skills-mandatory-complement-not-forked)
+for the full rationale on why these skills are mandate-via-upstream
+rather than forked into this tree.
+
 ### Attribution + license
 
 See [`ATTRIBUTION.md`](./ATTRIBUTION.md) for the full credit chain.

package/dist/skills-loader.d.ts

@@ -20,4 +20,47 @@ export interface LoadedSkill {
 }
 export declare function resolveSkillsRoot(): string;
 export declare function loadAllSkills(root?: string): LoadedSkill[];
+/**
+ * HARD-CONSTRAINT frontmatter fields introduced in @aegis-scan/skills@0.3.0
+ * for the AEGIS Agent Foundation. All fields are strings (comma-separated for
+ * lists) so that the minimal YAML-scalar parser can extract them without a
+ * full YAML-array implementation. YAML-array support is deferred to a later
+ * minor when 3+ skills need true arrays.
+ *
+ * Backward-compatible: pre-0.3.0 skills without these fields return undefined
+ * for each, and the loader continues to function unchanged.
+ */
+export interface HardConstraintFrontmatter {
+    /** Skill identifier from frontmatter `name:`. Required. */
+    name: string;
+    /** One-line description from frontmatter `description:`. Required. */
+    description: string;
+    /** Comma-separated tool-categories the skill needs at runtime. */
+    required_tools?: string;
+    /** Numeric-as-string — how many audit-passes before pre-done. */
+    required_audit_passes?: string;
+    /** Numeric-as-string — how many quality-gates the skill enforces. */
+    enforced_quality_gates?: string;
+    /** "true" | "false" — must run pre-done audit before declaring done. */
+    pre_done_audit?: string;
+    /** "opus" | "sonnet" | "haiku" — model selection hint. */
+    model?: string;
+    /** SPDX license id, typically "MIT". */
+    license?: string;
+}
+/**
+ * Parse HARD-CONSTRAINT frontmatter fields from a SKILL.md raw content.
+ * Returns name + description + model + license (top-level allowed by the
+ * SkillForge / Anthropic skill spec) plus optional v0.3.0+ HARD-CONSTRAINT
+ * fields nested under `metadata:` when the skill declares them.
+ *
+ * Backward-compat: also accepts the same fields at top-level (pre-canonical
+ * v0.3.0-rc layout). Top-level wins if both are present.
+ *
+ * Tolerates a leading `<!-- aegis-local … -->` HTML header per the upstream
+ * convention and ignores trailing body content. Designed to be used by the
+ * agent-framework `skill-frontmatter-validator` independently of the broader
+ * `loadAllSkills()` directory walker.
+ */
+export declare function parseHardConstraintFrontmatter(raw: string): HardConstraintFrontmatter;
 //# sourceMappingURL=skills-loader.d.ts.map

package/dist/skills-loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skills-loader.d.ts","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,EAAE,EAAE,MAAM,CAAC;IACX,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,CAAC;IACjB,sFAAsF;IACtF,MAAM,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAC;IACpB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,oFAAoF;IACpF,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED,wBAAgB,aAAa,CAAC,IAAI,GAAE,MAA4B,GAAG,WAAW,EAAE,CA6B/E"}
+{"version":3,"file":"skills-loader.d.ts","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,EAAE,EAAE,MAAM,CAAC;IACX,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,CAAC;IACjB,sFAAsF;IACtF,MAAM,EAAE,MAAM,CAAC;IACf,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAC;IACpB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,oFAAoF;IACpF,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED,wBAAgB,aAAa,CAAC,IAAI,GAAE,MAA4B,GAAG,WAAW,EAAE,CA6B/E;AA2HD;;;;;;;;;GASG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,WAAW,EAAE,MAAM,CAAC;IACpB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iEAAiE;IACjE,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qEAAqE;IACrE,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0DAA0D;IAC1D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoDD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,8BAA8B,CAAC,GAAG,EAAE,MAAM,GAAG,yBAAyB,CA+BrF"}

package/dist/skills-loader.js

@@ -167,6 +167,108 @@ function extractScalarField(yaml, field) {
         value = value.slice(1, -1);
     return value;
 }
+/**
+ * Extract a scalar field from a nested `metadata:` block in YAML frontmatter.
+ *
+ * Looks for an indented `<field>: <value>` line that follows a top-level
+ * `metadata:` line. Indentation is two-or-more spaces (typical block style).
+ * Returns the value as a string, with optional surrounding quotes stripped.
+ * Returns '' if the metadata block or the requested field is absent.
+ *
+ * This is a minimal extractor matched to the conservative shape SkillForge's
+ * Anthropic-skill-spec accepts: `metadata:` is the canonical container for
+ * fields outside the small allowlist (agent, allowed-tools, context,
+ * description, hooks, license, model, name, user-invocable). True YAML
+ * nested-mapping support is deferred until at least one skill needs deeper
+ * nesting than two levels.
+ */
+function extractMetadataField(yaml, field) {
+    const lines = yaml.split(/\r?\n/);
+    let inMetadata = false;
+    let metadataIndent = -1;
+    for (const line of lines) {
+        if (/^metadata\s*:\s*$/.test(line)) {
+            inMetadata = true;
+            metadataIndent = -1;
+            continue;
+        }
+        if (!inMetadata)
+            continue;
+        if (line.trim() === '')
+            continue;
+        const indentMatch = /^(\s+)\S/.exec(line);
+        if (!indentMatch) {
+            // De-dented back to a top-level key — the metadata block has ended.
+            inMetadata = false;
+            continue;
+        }
+        const indent = indentMatch[1].length;
+        if (metadataIndent === -1)
+            metadataIndent = indent;
+        if (indent < metadataIndent) {
+            inMetadata = false;
+            continue;
+        }
+        const fieldMatch = new RegExp(`^\\s+${field}\\s*:\\s*(.*)$`).exec(line);
+        if (fieldMatch) {
+            let value = fieldMatch[1].trim();
+            if (value.startsWith('"') && value.endsWith('"'))
+                value = value.slice(1, -1);
+            if (value.startsWith("'") && value.endsWith("'"))
+                value = value.slice(1, -1);
+            return value;
+        }
+    }
+    return '';
+}
+/**
+ * Parse HARD-CONSTRAINT frontmatter fields from a SKILL.md raw content.
+ * Returns name + description + model + license (top-level allowed by the
+ * SkillForge / Anthropic skill spec) plus optional v0.3.0+ HARD-CONSTRAINT
+ * fields nested under `metadata:` when the skill declares them.
+ *
+ * Backward-compat: also accepts the same fields at top-level (pre-canonical
+ * v0.3.0-rc layout). Top-level wins if both are present.
+ *
+ * Tolerates a leading `<!-- aegis-local … -->` HTML header per the upstream
+ * convention and ignores trailing body content. Designed to be used by the
+ * agent-framework `skill-frontmatter-validator` independently of the broader
+ * `loadAllSkills()` directory walker.
+ */
+export function parseHardConstraintFrontmatter(raw) {
+    const withoutHeader = stripLeadingHeader(raw);
+    const yaml = extractYamlFrontmatter(withoutHeader);
+    if (!yaml) {
+        return { name: '', description: '' };
+    }
+    const out = {
+        name: extractScalarField(yaml, 'name'),
+        description: extractScalarField(yaml, 'description'),
+    };
+    // Top-level allowed-list fields per Anthropic skill spec.
+    const model = extractScalarField(yaml, 'model');
+    if (model)
+        out.model = model;
+    const license = extractScalarField(yaml, 'license');
+    if (license)
+        out.license = license;
+    // HARD-CONSTRAINT fields: prefer metadata-nested (canonical v0.3.0), fall
+    // back to top-level (transitional support).
+    const pickField = (field) => extractScalarField(yaml, field) || extractMetadataField(yaml, field);
+    const required_tools = pickField('required_tools');
+    if (required_tools)
+        out.required_tools = required_tools;
+    const required_audit_passes = pickField('required_audit_passes');
+    if (required_audit_passes)
+        out.required_audit_passes = required_audit_passes;
+    const enforced_quality_gates = pickField('enforced_quality_gates');
+    if (enforced_quality_gates)
+        out.enforced_quality_gates = enforced_quality_gates;
+    const pre_done_audit = pickField('pre_done_audit');
+    if (pre_done_audit)
+        out.pre_done_audit = pre_done_audit;
+    return out;
+}
 function extractFirstH1(body) {
     // Walk lines and track code-fence state so `# comment` inside a bash
     // or similar code-block is not mistaken for a markdown H1 heading.

package/dist/skills-loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"skills-loader.js","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAuBzC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2CAA2C,SAAS,OAAO,QAAQ,IAAI;QACrE,uEAAuE,CAC1E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,iBAAiB,EAAE;IAC9D,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzC,sEAAsE;QACtE,iEAAiE;QACjE,qEAAqE;QACrE,yCAAyC;QACzC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC9E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,iEAAiE;YACjE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACvC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,WAAW,CAAC,GAAG,CAAC;aACpB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;aACzC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CACnB,IAAY,EACZ,YAAoB,EACpB,QAAgB,EAChB,MAAc,EACd,IAAY,EACZ,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;IAC5E,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,OAAO;QACL,EAAE;QACF,QAAQ;QACR,MAAM;QACN,IAAI;QACJ,KAAK;QACL,WAAW;QACX,iBAAiB;QACjB,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,GAAG;KAClB,CAAC;AACJ,CAAC;AAQD,SAAS,gBAAgB,CAAC,GAAW,EAAE,YAAoB;IACzD,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE9C,uEAAuE;IACvE,wEAAwE;IACxE,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,IAAI,GAAG,aAAa,CAAC;IACzB,IAAI,IAAI,EAAE,CAAC;QACT,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACtD,IAAI,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,YAAY,CAAC;IAE/D,yEAAyE;IACzE,2EAA2E;IAC3E,qBAAqB;IACrB,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAEzD,4EAA4E;IAC5E,mBAAmB;IACnB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;QACnB,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE;QAC/B,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,sEAAsE;IACtE,wEAAwE;IACxE,kBAAkB;IAClB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,CAAC,EAAE,CAAC;QACtD,CAAC,EAAE,CAAC,CAAC,kCAAkC;QACvC,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,CAAC,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAa;IACrD,+EAA+E;IAC/E,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,4CAA4C;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,OAAO,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,OAAO;YAAE,SAAS;QACtB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,KAAa;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU;SACpB,KAAK,CAAC,eAAe,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,oEAAoE;IACpE,uEAAuE;IACvE,0EAA0E;IAC1E,iDAAiD;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;IACpD,MAAM,KAAK,GACT,2FAA2F,CAAC,IAAI,CAC9F,OAAO,CACR,CAAC;IACJ,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC"}
+{"version":3,"file":"skills-loader.js","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAuBzC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2CAA2C,SAAS,OAAO,QAAQ,IAAI;QACrE,uEAAuE,CAC1E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,iBAAiB,EAAE;IAC9D,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzC,sEAAsE;QACtE,iEAAiE;QACjE,qEAAqE;QACrE,yCAAyC;QACzC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC9E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,iEAAiE;YACjE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACvC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/E,IAAI,KAAK;oBAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,WAAW,CAAC,GAAG,CAAC;aACpB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;aACzC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CACnB,IAAY,EACZ,YAAoB,EACpB,QAAgB,EAChB,MAAc,EACd,IAAY,EACZ,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;IAC5E,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,OAAO;QACL,EAAE;QACF,QAAQ;QACR,MAAM;QACN,IAAI;QACJ,KAAK;QACL,WAAW;QACX,iBAAiB;QACjB,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,GAAG;KAClB,CAAC;AACJ,CAAC;AAQD,SAAS,gBAAgB,CAAC,GAAW,EAAE,YAAoB;IACzD,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE9C,uEAAuE;IACvE,wEAAwE;IACxE,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,IAAI,GAAG,aAAa,CAAC;IACzB,IAAI,IAAI,EAAE,CAAC;QACT,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACtD,IAAI,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,YAAY,CAAC;IAE/D,yEAAyE;IACzE,2EAA2E;IAC3E,qBAAqB;IACrB,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAEzD,4EAA4E;IAC5E,mBAAmB;IACnB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;QACnB,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE;QAC/B,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,sEAAsE;IACtE,wEAAwE;IACxE,kBAAkB;IAClB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,CAAC,EAAE,CAAC;QACtD,CAAC,EAAE,CAAC,CAAC,kCAAkC;QACvC,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,CAAC,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,KAAa;IACrD,+EAA+E;IAC/E,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC;AACf,CAAC;AA+BD;;;;;;;;;;;;;;GAcG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,KAAa;IACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,cAAc,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,UAAU,GAAG,IAAI,CAAC;YAClB,cAAc,GAAG,CAAC,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,SAAS;QACjC,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,oEAAoE;YACpE,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACrC,IAAI,cAAc,KAAK,CAAC,CAAC;YAAE,cAAc,GAAG,MAAM,CAAC;QACnD,IAAI,MAAM,GAAG,cAAc,EAAE,CAAC;YAC5B,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,QAAQ,KAAK,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxE,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,8BAA8B,CAAC,GAAW;IACxD,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IACD,MAAM,GAAG,GAA8B;QACrC,IAAI,EAAE,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;QACtC,WAAW,EAAE,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC;KACrD,CAAC;IACF,0DAA0D;IAC1D,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChD,IAAI,KAAK;QAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;IAC7B,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACpD,IAAI,OAAO;QAAE,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IAEnC,0EAA0E;IAC1E,4CAA4C;IAC5C,MAAM,SAAS,GAAG,CAAC,KAAa,EAAU,EAAE,CAC1C,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAEvE,MAAM,cAAc,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACnD,IAAI,cAAc;QAAE,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC;IACxD,MAAM,qBAAqB,GAAG,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACjE,IAAI,qBAAqB;QAAE,GAAG,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;IAC7E,MAAM,sBAAsB,GAAG,SAAS,CAAC,wBAAwB,CAAC,CAAC;IACnE,IAAI,sBAAsB;QAAE,GAAG,CAAC,sBAAsB,GAAG,sBAAsB,CAAC;IAChF,MAAM,cAAc,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACnD,IAAI,cAAc;QAAE,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC;IAExD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,4CAA4C;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,OAAO,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,OAAO;YAAE,SAAS;QACtB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,KAAa;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU;SACpB,KAAK,CAAC,eAAe,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,oEAAoE;IACpE,uEAAuE;IACvE,0EAA0E;IAC1E,iDAAiD;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;IACpD,MAAM,KAAK,GACT,2FAA2F,CAAC,IAAI,CAC9F,OAAO,CACR,CAAC;IACJ,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/skills",
-  "version": "0.2.1",
+  "version": "0.5.0",
   "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",

package/skills/compliance/_INDEX.md

@@ -0,0 +1,49 @@
+# compliance/_INDEX.md — Compliance Skill Trigger-Table
+
+Routes `compliance/` category skills based on user intent + keyword triggers. Loaded on-demand by AGENTS.md when a compliance-related request arrives. Each row points at a specific SKILL.md to load.
+
+---
+
+## Skills in this category
+
+| Trigger keywords | → Skill | Loaded path |
+|---|---|---|
+| dsgvo, datenschutz, impressum, cookie, abmahnung, compliance, agb, avv, drittland, einwilligung, ttdsg, ddg, tmg, uwg, nis2, ai-act, gobd, dsa, urheber, marke, ePrivacy, drittlandtransfer, schrems, eugh, bgh, abmahnanwalt, datenpanne, betroffenenrechte, art-13, art-15, art-83, scc, tia, dsfa, vvt, dpo, dsb, lg-muenchen-google-fonts, fashion-id | `brutaler-anwalt` | `compliance/aegis-native/brutaler-anwalt/SKILL.md` |
+
+> **Note:** `dsgvo-compliance` (consent-management + Art. 13/15 templates + Datenpanne-Runbook) ships in the `foundation/` category as of v0.4.0, not under `compliance/`. The `foundation/_INDEX.md` router routes `consent / retention / art-13 / art-15 / datenpanne / schrems` triggers there. The `brutaler-anwalt` audit-skill (this row) and `dsgvo-compliance` fix-templates skill complement each other; users typically invoke both in a compliance-audit cluster.
+
+---
+
+## Slash-Commands
+
+- `/anwalt` — invoke brutaler-anwalt SCAN-mode on current repo or live URL
+- `/anwalt hunt <topic>` — HUNT-mode focused on one topic (cookie banner / drittland / impressum / etc.)
+- `/anwalt simulate` — full SIMULATE-mode incl. fictional Abmahn-letter or Behörden-Anhörung
+- `/anwalt consult <document>` — CONSULT-mode for review of one document (AGB / AVV / DSE / contract)
+- `/audit` — alias for `/anwalt`
+- `/compliance-check` — alias for `/anwalt`
+
+---
+
+## Rules for compliance skills
+
+- **Reference-Loading is mandatory** per HARD-CONSTRAINT-block in each skill's SKILL.md. The skill MUST refuse to operate without loading at least `audit-patterns.md` + topic-specific references.
+- **All references are MIT-licensed** (own work, AEGIS-native namespace). Each reference cites § / Art. + Az. + Reference-File-Pfad — no improvisation.
+- **Disclaimer is non-negotiable** (RDG § 2 — keine Rechtsberatung). Each output ends with the standard RDG-disclaimer.
+
+---
+
+## Bootstrap-checklist (called by AGENTS.md)
+
+When this category is loaded:
+
+1. Verify the matched skill's SKILL.md is in context.
+2. Check the skill's frontmatter `metadata.required_tools` — confirm those tool-categories are available in the harness (per AGENTS.md tool-mapping table).
+3. If `metadata.pre_done_audit: "true"` — note it; the skill will not be allowed to declare DONE without explicit pre-done-audit completion (the Verification / Success Criteria checklist).
+4. Print: `Loaded compliance skill: <name>, model: <opus|sonnet|haiku>, audit-passes: <N>, gates: <N>`.
+
+---
+
+## Forward-compat note
+
+`compliance/_INDEX.md` routes regulatory + legal-audit skills under the `compliance/` category. v0.3.0 ships `brutaler-anwalt`. The dsgvo-compliance fix-templates skill ships under `foundation/` (v0.4.0+) and is routed from `foundation/_INDEX.md` — see the note in the trigger-table above. Future compliance-audit additions land here without breaking the router-shape.