npm - @aegis-scan/skills - Versions diffs - 0.2.1 → 0.5.0 - Mend

@aegis-scan/skills 0.2.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/README.md ADDED Viewed

@@ -0,0 +1,33 @@
+---
+license: MIT
+purpose: Anonymized teaching snippets referenced by audit-patterns.md / dsgvo.md / checklisten.md.
+---
+# Templates — anonymisierte Lehrbuch-Snippets
+Diese Templates sind brand-agnostische Vorlagen, die in den References als
+konkrete Lehrbuch-Beispiele zitiert werden. Sie ersetzen die in fruehen
+Skill-Versionen direkt eingebetteten Brand-spezifischen Snippets.
+**Konvention:**
+- `<placeholder>` = vom Operator zu ersetzen (z.B. `<brand>`, `<your-domain>`)
+- `<...>` in Code-Snippets sind absichtlich syntactically-invalid, damit
+  copy-paste-Hygiene erzwungen wird
+- Alle `.example`-Files sind **keine** lauffaehigen Module — Build-Tools
+  sollen sie ignorieren
+## Index
+| Template | Referenced from | Use case |
+|----------|----------------|----------|
+| `DSFA-template.md` | `dsgvo.md` DSFA-Trigger | Datenschutz-Folgenabschaetzung Doc-Vorlage |
+| `VVT-template.md` | `dsgvo.md` VVT | Verzeichnis Verarbeitungstaetigkeiten Vorlage |
+| `COMPLIANCE-AUDIT-TRAIL-template.md` | (Skill-Output-Pattern) | Audit-Trail-Doku-Vorlage fuer eigene Audits |
+| `AffiliateDisclaimer.tsx.example` | `checklisten.md` 3c | React-Component-Vorlage UWG § 5a Abs. 4 |
+| `proxy-strict-dynamic.ts.example` | `audit-patterns.md` HIGH-RISK-CSP | Next.js proxy-CSP Strict-Dynamic-Pattern |
+| `data-retention-cron.ts.example` | `audit-patterns.md` Phase 4 | Bearer-auth Retention-Cleanup Route |
+| `data-retention-workflow.yml.example` | `audit-patterns.md` Phase 4 | GitHub Actions Cron-Trigger |
+| `UmamiScript.tsx.example` | `audit-patterns.md` env-driven Tracking | env-driven Tracking-Component |
+| `security.txt.example` | `audit-patterns.md` Phase 2 | RFC 9116 (kein Placeholder-Bug) |
+| `DSE-Section-UGC.md.example` | `audit-patterns.md` Phase 5c | Vermisst-/Marketplace-DSE-Block |
+| `LostFoundReportForm-consent.tsx.example` | `audit-patterns.md` Phase 5c | Consent-Toggle-Pattern UGC-Posts |

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/UmamiScript.tsx.example ADDED Viewed

@@ -0,0 +1,64 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md env-driven Tracking-Component
+// Pattern: env-driven Umami / Plausible / Fathom Tracking-Snippet
+// File: src/components/analytics/UmamiScript.tsx
+// Use: include in app/layout.tsx (root layout). Loads only after consent OR
+//      if the tracker is configured "cookieless + IP-anon + DNT respect".
+import Script from 'next/script';
+interface UmamiScriptProps {
+  /** override the env-default; pass site-id explicitly when SSR-safe */
+  websiteId?: string;
+}
+export function UmamiScript({ websiteId }: UmamiScriptProps) {
+  // 1. host: env-driven; default = your own analytics subdomain (NOT vendor-default cloud).
+  //    NEVER hardcode a vendor cloud URL — that's a Drittland-Trigger.
+  const host = (
+    process.env.NEXT_PUBLIC_ANALYTICS_HOST ??
+    'https://<your-analytics-subdomain>'
+  ).replace(/\/+$/, '');
+  // 2. site-id from env (or prop override)
+  const id = websiteId ?? process.env.NEXT_PUBLIC_ANALYTICS_SITE_ID;
+  // 3. fail-soft: no tracking if env not configured (better than fallback to default-cloud)
+  if (!id) {
+    return null;
+  }
+  return (
+    <Script
+      strategy="afterInteractive"
+      src={`${host}/script.js`}
+      data-website-id={id}
+      data-host-url={host}
+      // Privacy-Hardening: respect DNT and GPC client-side (server-side opt: track-DNT off)
+      data-do-not-track="true"
+      // Cookieless mode + IP-anonymisation are server-side settings.
+      // The DSE statement MUST match the actual server-config — verify with admin-panel.
+      async
+    />
+  );
+}
+// USAGE in app/layout.tsx:
+//
+//   import { UmamiScript } from '@/components/analytics/UmamiScript';
+//   export default function RootLayout({ children }) {
+//     return (
+//       <html><body>{children}<UmamiScript /></body></html>
+//     );
+//   }
+//
+// VERIFY:
+//   curl -s https://<your-domain> | grep -oE 'data-host-url="[^"]+"'
+//   # erwarte: dein operator-eigener Analytics-Host, nie ein Vendor-Cloud-Default
+//
+// DSE-PFLICHT (analog dazu):
+//   "Wir nutzen das selbstgehostete Analyse-Tool [Tool-Name] auf <your-analytics-subdomain>.
+//    Verarbeitung erfolgt cookieless mit serverseitiger IP-Anonymisierung. DNT/GPC werden
+//    respektiert. Rechtsgrundlage: Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an
+//    aggregierter Reichweitenmessung). Widerspruch jederzeit moeglich..."

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/VVT-template.md ADDED Viewed

@@ -0,0 +1,60 @@
+---
+license: MIT
+purpose: Generische VVT-Vorlage (Art. 30 DSGVO). KMU-best-practice.
+references: dsgvo.md (VVT-Block)
+sources: Art. 30 Abs. 1 DSGVO + BayLDA-VVT-Hinweise
+---
+# Verzeichnis von Verarbeitungstaetigkeiten (VVT) — Vorlage
+> Diese Vorlage entspricht Art. 30 Abs. 1 DSGVO. KMU mit < 250 MA und
+> gelegentlicher Verarbeitung ohne Sonderkategorien sind nicht VVT-pflichtig
+> (Art. 30 Abs. 5), aber BayLDA empfiehlt VVT auch fuer KMU zur Erfuellung
+> Rechenschaftspflicht Art. 5 Abs. 2.
+## Stammblatt
+| Feld | Wert |
+|------|------|
+| Verantwortlicher | `<Operator-Firma>` |
+| Anschrift | `<vollstaendige-Anschrift>` |
+| Vertreter (Art. 27) | `<falls EU-Drittland-Sitz>` |
+| DSB | `<falls bestellt>` |
+| Stand | `<YYYY-MM-DD>` |
+| Version | `<vN.N>` |
+## Verarbeitungstaetigkeiten
+Pro Verarbeitung ein Block.
+### VT-001: `<Bezeichnung>`
+| Pflicht-Feld (Art. 30 Abs. 1) | Wert |
+|------------------------------|------|
+| **a) Name + Kontaktdaten Verantwortlicher** | siehe Stammblatt |
+| **b) Zwecke der Verarbeitung** | `<Zweck>` (Rechtsgrundlage Art. 6 Abs. 1 lit. `<a/b/c/d/e/f>`) |
+| **c) Kategorien betroffener Personen** | `<Kunden / Mitarbeiter / Lieferanten / ...>` |
+| **c) Kategorien personenbezogener Daten** | `<Stammdaten / Kontaktdaten / Nutzungsdaten / besondere Kategorien>` |
+| **d) Kategorien von Empfaengern** | `<intern / Auftragsverarbeiter / Drittland>` |
+| **e) Drittlandtransfer** | `<keine / USA / UK / ...>` (mit Mechanismus: SCC + TIA / Adequacy / DPF) |
+| **f) Speicherdauer / Loeschfristen** | `<Frist>` (gesetzlicher Anker, z.B. § 257 HGB / § 147 AO) |
+| **g) Allgemeine Beschreibung TOMs** | siehe `<TOMs-Doku-Verweis>` |
+### VT-002: `<naechste Verarbeitung>`
+(analog)
+## Auftragsverarbeiter (Art. 28)
+| Auftragsverarbeiter | Zweck | AVV-Status | Drittland | Standort |
+|---------------------|-------|-----------|-----------|----------|
+| `<Anbieter>` | `<Zweck>` | `<abgeschlossen YYYY-MM-DD>` | `<DE/EU/USA>` | `<Region>` |
+## Review
+VVT bei wesentlichen Aenderungen sofort updaten, ansonsten jaehrlich.
+Naechstes Review: `<YYYY-MM-DD>`.
+---
+*Disclaimer: technisch-indikative Vorlage, keine Rechtsberatung i.S.d. § 2 RDG.*

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/data-retention-cron.ts.example ADDED Viewed

@@ -0,0 +1,52 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md Phase 4 DSE-Drift-Audit Style 2 (DSE-Aussage "wir loeschen nach X")
+// Pattern: Next.js API-Route mit Bearer-Auth, idempotent, audit-logged
+// File: src/app/api/cron/data-retention/route.ts (Next.js App-Router)
+import { NextRequest, NextResponse } from 'next/server';
+const RETENTION_DAYS = Number(process.env.DATA_RETENTION_DAYS ?? '180');
+export async function POST(req: NextRequest) {
+  // 1. Bearer-Auth — Cron-Secret aus env, nicht hardcoded
+  const authHeader = req.headers.get('authorization') ?? '';
+  const expected = `Bearer ${process.env.CRON_SECRET}`;
+  if (!process.env.CRON_SECRET || authHeader !== expected) {
+    return NextResponse.json({ error: 'unauthorized' }, { status: 401 });
+  }
+  // 2. Compute cutoff
+  const cutoff = new Date(Date.now() - RETENTION_DAYS * 24 * 60 * 60 * 1000);
+  // 3. Delete-Logik — pro Tabelle / Collection / Bucket einzeln
+  const results = {
+    cutoff: cutoff.toISOString(),
+    deleted: {} as Record<string, number>,
+  };
+  try {
+    // Pseudocode — durch echten DB-Client ersetzen
+    // results.deleted.session_logs = await db.sessionLogs.deleteMany({ created_at: { lt: cutoff } });
+    // results.deleted.lost_found_posts = await db.lostFoundPosts.deleteMany({ expires_at: { lt: new Date() } });
+    // results.deleted.unverified_signups = await db.users.deleteMany({ verified: false, created_at: { lt: cutoff } });
+  } catch (err) {
+    console.error('[retention-cron] error', err);
+    return NextResponse.json({ error: 'cleanup-failed', details: String(err) }, { status: 500 });
+  }
+  // 4. Audit-Log — Pflicht fuer Rechenschafts-Nachweis Art. 5 Abs. 2 DSGVO
+  console.log(JSON.stringify({
+    event: 'data_retention_cleanup',
+    timestamp: new Date().toISOString(),
+    cutoff: results.cutoff,
+    deleted: results.deleted,
+  }));
+  return NextResponse.json(results);
+}
+// VERIFY:
+//   curl -X POST https://<your-domain>/api/cron/data-retention \
+//     -H "Authorization: Bearer $CRON_SECRET"
+//   # erwarte 200 + JSON mit deleted-counts; ohne Auth 401.

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/data-retention-workflow.yml.example ADDED Viewed

@@ -0,0 +1,47 @@
+## MIT-License — anonymized teaching snippet for brutaler-anwalt
+## References: audit-patterns.md Phase 4 DSE-Drift-Audit Style 2
+## Pattern: GitHub Actions Cron-Trigger fuer DSGVO-Retention-Cleanup
+# File: .github/workflows/data-retention.yml
+name: data-retention-cleanup
+on:
+  schedule:
+    # tgl. 03:00 UTC = 04:00 CET (low-traffic-window)
+    - cron: '0 3 * * *'
+  workflow_dispatch: {}
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    steps:
+      - name: Trigger retention API
+        env:
+          CRON_SECRET: ${{ secrets.CRON_SECRET }}
+          API_URL: ${{ secrets.RETENTION_API_URL }}  # https://<your-domain>/api/cron/data-retention
+        run: |
+          if [ -z "$CRON_SECRET" ] || [ -z "$API_URL" ]; then
+            echo "::error::CRON_SECRET or RETENTION_API_URL not set in GH secrets"
+            exit 1
+          fi
+          response=$(curl -sS -w "\n%{http_code}" -X POST "$API_URL" \
+            -H "Authorization: Bearer $CRON_SECRET" \
+            -H "Content-Type: application/json" \
+            --max-time 60)
+          body=$(echo "$response" | sed '$d')
+          status=$(echo "$response" | tail -n1)
+          echo "::group::API response"
+          echo "$body"
+          echo "::endgroup::"
+          if [ "$status" != "200" ]; then
+            echo "::error::retention API returned status $status"
+            exit 1
+          fi
+# VERIFY in repo:
+#   gh workflow run data-retention-cleanup
+#   gh run list --workflow=data-retention-cleanup --limit 5

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/proxy-strict-dynamic.ts.example ADDED Viewed

@@ -0,0 +1,80 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md HIGH-RISK CSP unsafe-inline Migration
+// Pattern: Next.js (App Router) middleware.ts / proxy.ts mit Strict-Dynamic-CSP
+// File: src/middleware.ts (oder src/proxy.ts) — Next.js 14+
+// Pattern: per-request nonce → CSP-Header → propagate via x-nonce request-header.
+// Layout liest x-nonce via headers().get('x-nonce') und gibt es an inline-Scripts.
+import { NextRequest, NextResponse } from 'next/server';
+const cspDirectives = (nonce: string) => [
+  `default-src 'self'`,
+  // Strict-Dynamic + nonce: ersetzt unsafe-inline ohne legitime inline-scripts zu brechen
+  `script-src 'self' 'nonce-${nonce}' 'strict-dynamic' https:`,
+  // Style: nonce + self; unsafe-inline weiterhin nur zugelassen wenn unvermeidbar
+  `style-src 'self' 'nonce-${nonce}'`,
+  `img-src 'self' data: https://<your-cdn-domain>`,
+  `font-src 'self' data:`,
+  // Connect: API-Endpoints + 3rd-party-Services aus DSE
+  `connect-src 'self' https://<api-domain> https://<analytics-host>`,
+  `frame-src 'self' https://<embed-domains>`,
+  `object-src 'none'`,
+  `base-uri 'self'`,
+  `form-action 'self'`,
+  `frame-ancestors 'none'`,
+  `upgrade-insecure-requests`,
+].join('; ');
+export function middleware(req: NextRequest) {
+  // 1. Generate per-request nonce (16 random bytes, base64)
+  const nonce = btoa(crypto.getRandomValues(new Uint8Array(16)).join(''));
+  // 2. Forward via request-header so layout/components can read it
+  const requestHeaders = new Headers(req.headers);
+  requestHeaders.set('x-nonce', nonce);
+  // 3. Build response with CSP-Header
+  const response = NextResponse.next({ request: { headers: requestHeaders } });
+  response.headers.set('Content-Security-Policy', cspDirectives(nonce));
+  // 4. Defense-in-depth headers
+  response.headers.set('X-Frame-Options', 'DENY');
+  response.headers.set('X-Content-Type-Options', 'nosniff');
+  response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
+  response.headers.set(
+    'Strict-Transport-Security',
+    'max-age=63072000; includeSubDomains; preload',
+  );
+  response.headers.set(
+    'Permissions-Policy',
+    'camera=(), microphone=(), geolocation=(self), interest-cohort=()',
+  );
+  return response;
+}
+export const config = {
+  matcher: '/:path*',
+};
+// USAGE in layout.tsx:
+//
+//   import { headers } from 'next/headers';
+//   export default function RootLayout({ children }) {
+//     const nonce = headers().get('x-nonce') ?? '';
+//     return (
+//       <html>
+//         <body>
+//           <Script id="bootstrap" nonce={nonce} strategy="beforeInteractive">
+//             {`/* inline bootstrap */`}
+//           </Script>
+//           {children}
+//         </body>
+//       </html>
+//     );
+//   }
+//
+// VERIFY:
+//   curl -sIS https://<your-domain> | grep -i 'content-security-policy'
+//   # erwarte: 'nonce-...' + 'strict-dynamic' enthalten, KEIN 'unsafe-inline'

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/security.txt.example ADDED Viewed

@@ -0,0 +1,26 @@
+# MIT-License — anonymized teaching snippet for brutaler-anwalt
+# References: audit-patterns.md Phase 2 Public-Static-File-Audit
+# Spec: RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
+#
+# File: public/.well-known/security.txt
+# Critical: KEINE Placeholder-Tokens (`{{...}}`, `<...>`, `YOUR_*`, `AGENT:`,
+#           `TODO:`, `FIXME:`) im Production-Build. Die folgenden Werte sind
+#           OPERATOR-VERANTWORTUNG, vor Deploy konkret zu setzen.
+Contact: mailto:security@<your-domain>
+Contact: https://<your-domain>/security/contact
+Expires: 2027-12-31T23:59:59Z
+Encryption: https://<your-domain>/.well-known/pgp-key.txt
+Acknowledgments: https://<your-domain>/security/hall-of-fame
+Preferred-Languages: de, en
+Canonical: https://<your-domain>/.well-known/security.txt
+Policy: https://<your-domain>/security/responsible-disclosure
+Hiring: https://<your-domain>/karriere
+# Pre-Deploy-Verify:
+#   curl -s https://<your-domain>/.well-known/security.txt | \
+#     grep -E '\{\{|<[A-Z_]+>|YOUR_|AGENT:|ASSISTANT:|TODO:|FIXME:|placeholder' && \
+#     echo "🔴 KRITISCH — unrendered Template" || echo "✓ clean"
+#
+# Expires-Datum: alle 6-12 Monate updaten. Das Datum ist hier ein Lehrbuch-Wert
+# und MUSS vom Operator vor Deploy gesetzt werden. RFC 9116 verlangt < 1 Jahr.

package/skills/compliance/aegis-native/brutaler-anwalt/scripts/health-check.sh ADDED Viewed

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# brutaler-anwalt — Health-Check for skill consistency.
+# Usage: bash scripts/health-check.sh
+# Exit:  0 healthy · 1 issues found
+set -euo pipefail
+SKILL_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+issues=0
+echo "▎ brutaler-anwalt Health-Check"
+echo "▎ Skill-Dir: $SKILL_DIR"
+echo
+# 1. Brand-Leak-Check — operator-customizable deny-list of brand-codenames
+# that must NOT appear in shipped skill content (SKILL.md / references / etc).
+#
+# CUSTOMIZATION: edit BRAND_PATTERN below to add your own brand-codenames
+# (single-bar-separated, regex-syntax). Example: if your projects are named
+# `acme-saas` and `bluefin`, set:
+#     BRAND_PATTERN="acme-saas|bluefin|your-internal-codename"
+# Defaults are placeholder examples; replace before relying on the check.
+#
+# The check reads the deny-list from a gitignored sibling file when present,
+# so operators can keep their real codenames out of the public skill repo.
+echo "1/5  Brand-Leak-Check…"
+LOCAL_DENY_FILE="$SKILL_DIR/scripts/brand-deny-list.local.txt"
+if [[ -f "$LOCAL_DENY_FILE" ]]; then
+  # one pattern per line, joined with | for grep -E
+  BRAND_PATTERN=$(grep -vE '^[[:space:]]*(#|$)' "$LOCAL_DENY_FILE" | tr '\n' '|' | sed 's/|$//')
+  if [[ -z "$BRAND_PATTERN" ]]; then
+    BRAND_PATTERN="placeholder-codename-example"
+  fi
+else
+  BRAND_PATTERN="placeholder-codename-example|placeholder-internal-project"
+fi
+brand_hits=$( (grep -rEnli "$BRAND_PATTERN" \
+  "$SKILL_DIR/SKILL.md" "$SKILL_DIR/README.md" "$SKILL_DIR/LICENSE" "$SKILL_DIR/CHANGELOG.md" "$SKILL_DIR/references/" 2>/dev/null || true) \
+  | wc -l | tr -d ' ')
+if [[ "$brand_hits" == "0" ]]; then
+  echo "     ✓ keine Brand-Leaks (Pattern: $BRAND_PATTERN)"
+else
+  echo "     ✗ $brand_hits Brand-Leak-Treffer:"
+  grep -rEni "$BRAND_PATTERN" \
+    "$SKILL_DIR/SKILL.md" "$SKILL_DIR/README.md" "$SKILL_DIR/LICENSE" "$SKILL_DIR/CHANGELOG.md" "$SKILL_DIR/references/" 2>/dev/null | head -10 || true
+  issues=$((issues + 1))
+fi
+# 2. Az.-Provenance — every entry should have a Source-URL
+echo "2/5  Az.-Provenance-Check…"
+az_count=$( (grep -cE "^### " "$SKILL_DIR/references/bgh-urteile.md" 2>/dev/null || echo 0) | head -1)
+# Source-Verlinkung in beliebigem Markdown-Format: **Source**, "Source:", oder eingebetteter http(s)-Link.
+src_count=$( (grep -cE "\*\*Source\*\*|Source:|https?://(juris|curia|dejure|openjur|rewis|edpb|gesetze-im-internet|eur-lex|bverwg|bag-urteil|nrwe|wettbewerbszentrale|noerr|twobirds|bird-bird|alro-recht)" "$SKILL_DIR/references/bgh-urteile.md" 2>/dev/null || echo 0) | head -1)
+echo "     Az.-Eintraege: $az_count · Source-Verlinkungen: $src_count"
+if [[ "$src_count" -lt "$az_count" ]]; then
+  diff=$((az_count - src_count))
+  echo "     ⚠ $diff Eintraege ohne Source-Verlinkung — Provenance-Disziplin §5 pruefen"
+  issues=$((issues + 1))
+else
+  echo "     ✓ alle Eintraege haben Source-Verlinkung"
+fi
+# 3. Verzeichnis-Vollstaendigkeit
+echo "3/5  Verzeichnis-Vollstaendigkeit…"
+required=("SKILL.md" "README.md" "LICENSE" "CHANGELOG.md" \
+  "references/audit-patterns.md" "references/dsgvo.md" "references/it-recht.md" \
+  "references/vertragsrecht.md" "references/checklisten.md" "references/branchenrecht.md" \
+  "references/bgh-urteile.md" "references/abmahn-templates.md" "references/aegis-integration.md" \
+  "references/international.md" "references/strafrecht-steuer.md" \
+  "references/templates/README.md" \
+  "references/gesetze/INDEX.md" \
+  "references/stack-patterns/INDEX.md")
+missing=0
+for f in "${required[@]}"; do
+  if [[ ! -f "$SKILL_DIR/$f" ]]; then
+    echo "     ✗ fehlt: $f"
+    missing=$((missing + 1))
+  fi
+done
+if [[ "$missing" == "0" ]]; then
+  echo "     ✓ alle ${#required[@]} Pflicht-Files vorhanden"
+else
+  echo "     ✗ $missing Pflicht-Files fehlen"
+  issues=$((issues + 1))
+fi
+# 4. SKILL.md Reference-Loading-Map → File-Vorhandensein
+echo "4/5  Reference-Loading-Map konsistent…"
+map_files=$(grep -oE 'references/[a-z_-]+\.md' "$SKILL_DIR/SKILL.md" 2>/dev/null | sort -u)
+for f in $map_files; do
+  if [[ ! -f "$SKILL_DIR/$f" ]]; then
+    echo "     ✗ SKILL.md verlinkt $f, aber Datei fehlt"
+    issues=$((issues + 1))
+  fi
+done
+echo "     ✓ alle in SKILL.md referenzierten Files vorhanden"
+# 5. Templates ohne Brand-Leak — re-uses the BRAND_PATTERN configured above
+# in section 1. Templates must not contain any operator-specific codename.
+echo "5/5  Templates anonymisiert…"
+template_brand_hits=$( (grep -rEnli "$BRAND_PATTERN" \
+  "$SKILL_DIR/references/templates/" 2>/dev/null || true) | wc -l | tr -d ' ')
+if [[ "$template_brand_hits" == "0" ]]; then
+  echo "     ✓ alle Templates anonymisiert"
+else
+  echo "     ✗ Templates enthalten Brand-Refs (sollten anonym sein):"
+  grep -rEni "$BRAND_PATTERN" \
+    "$SKILL_DIR/references/templates/" 2>/dev/null | head -10 || true
+  issues=$((issues + 1))
+fi
+echo
+if [[ "$issues" == "0" ]]; then
+  echo "✓ Health-Check passed — Skill ist konsistent."
+  exit 0
+else
+  echo "✗ Health-Check failed — $issues Issues gefunden."
+  exit 1
+fi

package/skills/defensive/aegis-native/rls-defense/SKILL.md CHANGED Viewed

@@ -129,6 +129,91 @@ $$;
 **SECURITY DEFINER without `SET search_path` is a search-path-poisoning vulnerability** — the function inherits the caller's search_path and an attacker who can prepend their own schema can hijack the function.
+### 4a. SECURITY DEFINER RPC + `p_user_id` parameter — canonical authz guard
+Pattern surfaced in production audits (CWE-863, IDOR via RPC): SECURITY DEFINER RPCs in the `public` schema accept a `p_user_id` parameter without verifying it equals `auth.uid()`. Every signed-in user can then call the RPC with any other user's id and act on their data:
+- spend OTHER users' loyalty points (`purchase_item(other_uid, ...)`)
+- award themselves arbitrary points (`award_points(my_uid, 999999)`)
+- redeem rewards or finish duels on behalf of other users
+These are **silent vulnerabilities** until Supabase ships a linter rule that surfaces them. Splinter rules `0028_anon_security_definer_function_executable` + `0029_authenticated_security_definer_function_executable` (added in early 2026) flag the privilege side, but they are argument-blind — a function can be linter-clean but still missing the internal `auth.uid()` check. Static migration audit catches the body-side gap at PR review.
+**Canonical fix — install a single guard helper, then PERFORM it at the top of every RPC that takes a user-identity parameter:**
+```sql
+-- One helper, owned by you, called everywhere
+CREATE OR REPLACE FUNCTION public._aegis_authorize_user(p_user_id uuid)
+RETURNS void
+LANGUAGE plpgsql
+SECURITY INVOKER
+STABLE
+SET search_path = ''
+AS $$
+BEGIN
+  IF (SELECT auth.role()) = 'service_role' THEN
+    RETURN;  -- server-side admin / cron bypass
+  END IF;
+  IF (SELECT auth.uid()) IS NULL OR (SELECT auth.uid()) <> p_user_id THEN
+    RAISE EXCEPTION 'AEGIS-AUTHZ: caller % may not act on user %',
+      coalesce((SELECT auth.uid())::text, 'anon'), p_user_id
+      USING ERRCODE = '42501';
+  END IF;
+END;
+$$;
+-- Every RPC that touches another user's data calls this on entry
+CREATE FUNCTION public.purchase_arena_item(p_user_id uuid, p_item_key text)
+RETURNS jsonb LANGUAGE plpgsql SECURITY DEFINER
+SET search_path = public, pg_temp AS $$
+BEGIN
+  PERFORM public._aegis_authorize_user(p_user_id);  -- ← MANDATORY first line
+  -- ... actual logic
+END $$;
+```
+**Linter-clean grants — REVOKE from PUBLIC, not from anon:**
+The default `EXECUTE` privilege on a SQL function is granted to `PUBLIC`, which transitively includes `anon`, `authenticated`, AND `service_role`. `REVOKE EXECUTE FROM anon` does **not** remove anon's access while the PUBLIC grant exists. To restrict to `authenticated` + `service_role`, you must:
+```sql
+REVOKE ALL  ON FUNCTION public.<name>(<args>) FROM PUBLIC, anon;
+GRANT EXECUTE ON FUNCTION public.<name>(<args>) TO authenticated, service_role;
+```
+**Bulk programmatic application** (idempotent — auto-discovers all guarded RPCs):
+```sql
+DO $$
+DECLARE r record;
+BEGIN
+  FOR r IN
+    SELECT p.proname, pg_get_function_identity_arguments(p.oid) AS args
+      FROM pg_proc p JOIN pg_namespace n ON n.oid = p.pronamespace
+     WHERE n.nspname = 'public' AND p.prosecdef = true
+       AND p.prorettype <> 'trigger'::regtype
+       AND p.prosrc ~ '_aegis_authorize_user'  -- only the guarded ones
+  LOOP
+    EXECUTE format('REVOKE ALL ON FUNCTION public.%I(%s) FROM PUBLIC, anon',
+                   r.proname, r.args);
+    EXECUTE format('GRANT EXECUTE ON FUNCTION public.%I(%s) TO authenticated, service_role',
+                   r.proname, r.args);
+  END LOOP;
+END $$;
+```
+**Decision tree for a SECURITY DEFINER function in `public`:**
+| Function shape | Treatment |
+|---|---|
+| Returns `trigger` (called only by trigger system) | `REVOKE EXECUTE FROM PUBLIC, anon, authenticated`. Triggers run as table-owner regardless. |
+| Cron / batch / admin-only (`cleanup_*`, `auto_unban_*`, `expire_*`) | `REVOKE FROM PUBLIC, anon, authenticated`. Only `service_role` may call. No internal guard needed. |
+| User-callable RPC with `p_user_id` parameter | Inject `PERFORM _aegis_authorize_user(p_user_id);` at top. `REVOKE FROM PUBLIC, anon`; `GRANT TO authenticated, service_role`. |
+| User-callable RPC with resource ID (`p_dog_id`, `p_post_id`) | Verify caller-ownership (or prefer `SECURITY INVOKER` and let RLS filter). |
+| Read-only data accessor over RLS-protected tables | Switch to `SECURITY INVOKER`. RLS handles authz. |
+| PostGIS / extension-owned C functions | Cannot revoke (extension owns them). Move PostGIS to `extensions` schema instead. |
+**Why this surfaces in established projects without warning:** the Supabase database linter is rule-versioned. New rules ship without a code-change in your repo, and they retroactively flag patterns that were always exposures but were never explicitly checked. **Run `get_advisors` (or the SQL surrogates above) on every deploy**, not just at release.
 ### 5. Defensive testing — every policy needs a regression test
 ```sql
@@ -167,6 +252,31 @@ Order of operations:
 Run `aegis scan .` on your repo; fix everything `rls-bypass-checker` and `tenant-isolation-checker` flag before going to production.
+## Complementary external skill (mandatory)
+This AEGIS skill covers the **security-remediation layer** —
+scanner-finding mapping, incident-response, multi-tenant
+isolation invariants. It does **not** cover RLS performance
+optimization in depth, because that is the upstream Supabase
+team's domain and is maintained as a separate skill.
+When working on RLS at any depth, install the upstream Supabase
+skill package once, globally:
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+That ships
+[`supabase-postgres-best-practices`](https://github.com/supabase/agent-skills/tree/main/skills/supabase-postgres-best-practices),
+whose three `security-*` reference files complement this skill:
+- `references/security-rls-basics.md` — the canonical RLS-enable + policy pattern as Supabase recommends it.
+- `references/security-rls-performance.md` — the `(select auth.uid())` wrap that turns a per-row function call into a single-evaluation cached call (5–10x faster on large tables), security-definer helper functions for complex membership checks, and the discipline of indexing every column referenced inside an RLS policy.
+- `references/security-privileges.md` — least-privilege role design and GRANT minimization, the layer beneath RLS.
+When the AEGIS `rls-bypass-checker` flags a finding and you have a working policy fix, consult the upstream `security-rls-performance.md` next to ensure the fixed policy is also performant on production-sized tables. RLS that is correct but slow gets disabled by stressed engineers, which re-opens the security hole.
 ## See also
 - AEGIS scaffold's RLS bootstrap migration — `aegis new <project>` ships a `tenants` + `profiles` table + auto-profile-on-signup trigger pre-wired.

package/skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md CHANGED Viewed

@@ -218,6 +218,32 @@ Run this on every CI run. Tenant-isolation regressions silently leak data; you n
 - `mass-assignment-checker` (CWE-915) — flags unvalidated body → `.insert()`.
 - `aegis-wizard/cli` scaffold — ships `secureApiRouteWithTenant`, the `tenants` + `profiles` schema with the auto-profile-on-signup trigger, and an exemplary API route demonstrating the composition pattern.
+## Complementary external skill (mandatory)
+This skill covers **API-route-level tenant isolation**: the
+`secureApiRouteWithTenant` primitive, JWT-sourced tenant
+injection, request-input rejection, and AEGIS scanner-finding
+remediation. It does not cover the broader Supabase development
+surface (Auth setup, Edge Functions, Realtime, Storage,
+migration workflow, MCP server integration) or Postgres
+performance.
+When designing a multi-tenant Supabase project, install the
+upstream Supabase skill package once, globally:
+```bash
+npx skills add supabase/agent-skills -g -y
+```
+The two skills it ships are complementary to this one:
+- [`supabase`](https://github.com/supabase/agent-skills/tree/main/skills/supabase) — the comprehensive Supabase development skill: the JWT vs `app_metadata` vs `user_metadata` security trap (critical for tenant-isolation policies), `WITH (security_invoker = true)` for views (RLS bypass otherwise), Storage upsert needing INSERT+SELECT+UPDATE (silent failures otherwise), CLI / migration / MCP workflow.
+- [`supabase-postgres-best-practices`](https://github.com/supabase/agent-skills/tree/main/skills/supabase-postgres-best-practices) — Postgres performance reference: the `security-rls-performance.md` and `security-privileges.md` files complement this skill's tenant-filtering invariant with performance and least-privilege discipline.
+The mandate is documented at the top of the AEGIS repository in
+[`AGENTS.md`](../../../../../../AGENTS.md) and in the skills package
+[`ATTRIBUTION.md`](../../../../ATTRIBUTION.md#required-external-skills-mandatory-complement-not-forked).
 ## See also
 - `defensive-rls-defense` skill — the RLS counterpart that complements API-route-level isolation.