@aegis-scan/skills 0.4.0 → 0.5.0

package/ATTRIBUTION.md

@@ -41,6 +41,53 @@ rule applies to any incoming updates — no stripping of upstream
 attribution, no removal of AEGIS-added headers, no paper-over of
 upstream format variance.
 
+## Offensive skills — matty69v/Bug-Bounty-Agents (selective fork)
+
+A subset of skills under `skills/offensive/matty-fork/` are forked from
+[matty69v/Bug-Bounty-Agents](https://github.com/matty69v/Bug-Bounty-Agents)
+under MIT License. The upstream is a 43-agent prompt library — AEGIS pulls
+only the five that fill documented coverage gaps and otherwise have no
+overlap with the existing `snailsploit-fork/` content.
+
+- **Upstream author:** matty69v
+- **SPDX:** MIT
+- **Fork-SHA:** `5f8b8301b1bfbbe3aece4f38337cef69d52af0dc`
+- **Fork date:** 2026-05-01
+- **Skill count at fork:** 5 (selective):
+  - `cicd-redteam` (529 lines) — closes CI/CD pipeline analysis gap
+  - `cloud-security` (104 lines) — closes Cloud Security Posture gap (AWS/GCP/Azure)
+  - `container-escape` (172 lines) — closes container/k8s breakout gap
+  - `mobile-pentester` (355 lines) — closes Mobile (APK/IPA) analysis gap
+  - `subdomain-takeover` (152 lines) — closes subdomain-takeover detection gap
+- **Upstream-attribution format:** YAML frontmatter (`name:`, `description:`,
+  `tools:`, `model:`). All five files preserved byte-identically inside the
+  body; AEGIS-local provenance header added above the YAML opener.
+
+### AEGIS-side modifications
+
+- Per-file `<!-- aegis-local: forked … from matty69v/Bug-Bounty-Agents@<sha> -->`
+  HTML header prepended above the YAML frontmatter on each `SKILL.md`.
+- The other 38 upstream skills overlap with existing AEGIS coverage
+  (`snailsploit-fork/`, programmatic scanners, or LLM-DAST-wrappers) and are
+  intentionally NOT forked.
+- Upstream's `_scope-guard.md` is a routing-excluded shared pre-flight prompt
+  that several main agents reference. The five forked skills retain those
+  textual references intact (byte-identical body), but the `_scope-guard.md`
+  itself is NOT shipped — AEGIS skill-loader requires kebab-case names that
+  cannot start with an underscore. Operators can fetch the upstream file
+  directly from the source repo if needed; AEGIS' own `--confirm` gate +
+  `evaluateActiveModeAuthorization()` (see `packages/cli/src/active-mode-
+  disclaimer.ts`) provides the equivalent enforced safety floor.
+
+### Why selective rather than full fork
+
+The upstream `_scope-guard.md` model is prompt-level (advisory, agent-
+referenced). AEGIS' active-mode disclaimer + `--confirm` gate is CLI-level
+(enforced, Commander.js-validated). Pulling all 43 agents would bloat the
+skill catalog with content that either duplicates AEGIS' programmatic
+checks or duplicates `snailsploit-fork/` coverage. The five selected fill
+documented gaps that no other AEGIS surface covers today.
+
 ## Defensive skills — AEGIS-native
 
 All skills under `skills/defensive/aegis-native/` are AEGIS-original
@@ -109,6 +156,18 @@ This avoids:
 - Duplicate maintenance burden when the upstream package is the
   single source of truth
 
+### `Chachamaru127/claude-code-harness` — concept-only adoption (no fork, no install)
+
+- **Upstream:** https://github.com/Chachamaru127/claude-code-harness
+- **License:** MIT
+- **Adoption mode:** **concept-only** — AEGIS adopts two patterns from this project's design but ships zero copied code or assets:
+  1. **Plans.md as a Live Working-Plan SSOT** — adapted into `aegis-orchestrator/SKILL.md` as the format for `.aegis/Plans.md`. AEGIS-specific: integrated into the existing 8-skill foundation cluster lifecycle (orchestrator initializes, specialist skills update, handover-writer summarizes), uses pure markdown, no Go binary or `/harness-*` verb-commands.
+  2. **`harness doctor --residue` stale-reference detection** — adapted into `aegis-quality-gates/SKILL.md` as Gate 10 (residue-check). AEGIS-specific: pure shell + grep methodology integrated as a gate of the existing 10-gate verifier sequence (was 9-gate pre-adoption), with the AEGIS classes of residue documented (stale commit-SHAs in handovers, broken markdown cross-links in shipped SKILL.md, orphan path references, phantom `_INDEX.md` skill rows, dead `<!-- aegis-local: -->` provenance refs). The motivating bug-class: handover docs that cite commit-SHAs invalidated by a `git rebase`.
+
+- **What was NOT adopted:** the Go-native runtime engine, the 5 `/harness-plan|work|review|release|setup` verb-commands, the 13 R01-R13 declarative guardrails, the 3-agent worker/reviewer/scaffolder split, the marketplace plugin distribution. AEGIS already has equivalents for or alternatives to each (repo rulesets, scrub-gates, supply-chain CI gates, 8 specialist foundation skills, npm direct distribution).
+
+- **Why concept-only and not fork or mandate:** the two adopted patterns are **methodology**, not code — they fit AEGIS's existing skill-cluster architecture verbatim once described in markdown. Forking would buy nothing (no shared code paths) and adding a mandate would burden users with installing a tool they don't need. Documenting the inspiration in this file + the relevant SKILL.md sections preserves attribution while staying lean.
+
 ### `supabase/agent-skills` — Postgres + Supabase development best-practices
 
 - **Upstream:** https://github.com/supabase/agent-skills
@@ -146,6 +205,58 @@ This avoids:
   ensures they always pull the freshest Supabase-team-maintained
   guidance.
 
+## OSINT skills — elementalsouls/Claude-OSINT
+
+All skills under `skills/osint/` are forked from
+[elementalsouls/Claude-OSINT](https://github.com/elementalsouls/Claude-OSINT)
+under MIT License (with offensive-security ethical-use notice).
+
+- **Upstream author:** Cyanide (elementalsouls)
+- **SPDX:** MIT
+- **Fork-SHA:** `ea42241d068e8112da0e4e28006207125c835c2e`
+- **Fork date:** 2026-05-01
+- **Skill count at fork:** 2 (`offensive-osint`, `osint-methodology`)
+- **Upstream-attribution format:** YAML frontmatter (`name:`, `description:`,
+  `version:`, `triggers:`). Both files preserved byte-identically inside the
+  body; AEGIS-local provenance header added above the YAML opener.
+
+### AEGIS-side modifications
+
+- Per-file `<!-- aegis-local: forked … from elementalsouls/Claude-OSINT@<sha> -->`
+  HTML header prepended above the YAML frontmatter on both `SKILL.md` files.
+- `offensive-osint/SKILL.md` carries an additional **PORT-NOTE** inside its
+  fork header explaining that the upstream `secret_scan.py` helper script is
+  NOT shipped (`@aegis-scan/skills` enforces a markdown-only invariant via
+  CI). The helper is scheduled for port to a TypeScript scanner module under
+  **F-EXTERNAL-SECRETS-1** (planned v0.18.x). Until then, operators run
+  AEGIS' existing `gitleaks` / `trufflehog` wrappers, or fetch the helper
+  directly from the upstream repository.
+- `offensive-osint/README.md` *Loading*, *Helper script*, *Self-test* and
+  *License* sections updated to reflect the AEGIS package layout (no manual
+  `cp` of `scripts/secret_scan.py` since the script is not shipped; smoke
+  tests referenced as upstream-only pending F-SKILL-SYNC-CI-1).
+- `osint-methodology/README.md` *Self-test* and *License* sections updated
+  similarly.
+- Upstream `LICENSE` and `tests/smoke-test-prompts.md` are NOT shipped — the
+  AEGIS root `LICENSE` covers all of `@aegis-scan/skills`, and the smoke
+  tests will land under `packages/skills/__tests__/skill-prompts/` when the
+  skill-validation CI is built (F-SKILL-SYNC-CI-1).
+
+### Why a separate top-level category instead of merging into `offensive/`
+
+`osint/` is intel-gathering tradecraft (collection + correlation + scoring),
+distinct from `offensive/` which encodes exploit-side red-team patterns
+(SSRF / SQLi / XSS / RCE / etc.). The `snailsploit-fork/` already contains
+much smaller `osint/` (399 lines) and `osint-methodology/` (434 lines)
+skills that overlap topically but are subset by content. Both kept side-by-
+side: the `snailsploit-fork/` versions remain available for operators who
+prefer the lighter checklist style; the `osint/` top-level category
+provides the operational arsenal (~5,800 lines of probe paths, regexes,
+validators, identity-fabric methodology, vendor fingerprints) that the
+`snailsploit-fork/` intentionally does not include. Frontmatter `name:`
+collisions across categories are acceptable — Claude Code skill-routing
+keys on path-relative identifiers, not the bare `name:` field.
+
 ## Future external cherry-pick candidates
 
 The `skills/` tree is also designed to grow across sources via

package/CHANGELOG.md

@@ -8,9 +8,49 @@ and quality-audit completion, not by a fixed schedule.
 
 ---
 
-## [Unreleased]
+## [0.5.0] — 2026-05-01 — "External-research extension: NEW osint/ category + 5 selective offensive skills"
 
-### Added
+Minor bump for the v0.18.0 scanner-family release-cut. Adds NEW `osint/` top-level skill category (2 skills, 5861 lines) and selective fork from a second offensive upstream (5 gap-filling skills, 1322 lines). Skill-count grows from 55 to 62; source-namespaces grow from 2 (`snailsploit-fork`, `aegis-native`) to 4 (+`elementalsouls-fork`, +`matty-fork`).
+
+### Added (NEW category — F-OSINT-SKILL-PACK-1)
+
+- **`skills/osint/`** — NEW top-level category for intel-gathering tradecraft (distinct from `offensive/` exploit-side patterns). Forked from elementalsouls' upstream OSINT pack (MIT, fork-SHA `ea42241d068e8112da0e4e28006207125c835c2e`):
+  - `osint/elementalsouls-fork/offensive-osint/SKILL.md` (4168 lines, 204KB) — operational arsenal: 43+-pattern modern-AI-API-key catalog, 80+-template dork corpus, vendor edge-appliance fingerprints, identity-fabric concrete endpoints, 9 read-only credential validators, 27 attack-path templates.
+  - `osint/elementalsouls-fork/osint-methodology/SKILL.md` (1693 lines, 93KB) — 5-stage recon pipeline, asset-graph discipline, breach × identity correlation, email-security audit, vulnerability prioritization (CVE × EPSS × KEV).
+- PORT-NOTE: upstream `secret_scan.py` helper script NOT shipped (`@aegis-scan/skills` markdown-only CI invariant). Helper queued for port to `packages/scanners/src/recon/external-secret-scan.ts` under F-EXTERNAL-SECRETS-1 (planned v0.18.x).
+
+### Added (selective fork — F-SKILL-PACK-MATTY-1)
+
+- **5 skills under `skills/offensive/matty-fork/`** — selective fork of matty69v's upstream Bug-Bounty-Agents (MIT, fork-SHA `5f8b8301b1bfbbe3aece4f38337cef69d52af0dc`). Pulled 5 of 43 upstream agents that fill documented AEGIS coverage gaps; the other 38 overlap with existing snailsploit-fork content or programmatic scanners and are intentionally not pulled.
+  - `cicd-redteam` (529 lines) — CI/CD pipeline analysis (GH Actions / GitLab CI / Jenkins / Argo / Tekton)
+  - `cloud-security` (104 lines) — CSPM (AWS / GCP / Azure)
+  - `container-escape` (172 lines) — container / k8s breakout
+  - `mobile-pentester` (355 lines) — Mobile (APK / IPA) — OWASP MASTG / MASVS
+  - `subdomain-takeover` (152 lines) — dangling-CNAME detection
+- Upstream's `_scope-guard.md` advisory prompt is NOT shipped — AEGIS skill-loader requires kebab-case names that cannot start with underscore, and the safety floor is already enforced at the CLI gate (`evaluateActiveModeAuthorization()` + `--confirm` in active-mode-disclaimer.ts). The 5 forked skills retain their textual scope-guard references byte-identical (per snailsploit-fork preservation precedent).
+
+### Updated (compliance/aegis-native/brutaler-anwalt → v3.4.0 sync)
+
+- **`brutaler-anwalt` skill enriched** to its current locally-maintained version: 5-persona self-verification (Hunter / Challenger / Synthesizer + Devil's-Advocate + Live-Probe), reconciled v3.4.0 audit-pattern set (Multi-Surface Origin-Regression / File-Storage in Production-Container / DKIM Specific-over-Wildcard + Multi-Selector / Operator-DNS-View Pflicht-Check / Granulare Try-Catch um Persist + Mail-Send), README version sync 3.2.0 → 3.4.0, expanded `references/` tree (+`gesetze/` 11 sub-folders, +`stack-patterns/` 10 sub-folders, +`templates/` 10 example files), shipped `scripts/health-check.sh` with operator-customizable brand-deny-list (reads `scripts/brand-deny-list.local.txt` when present, falls back to placeholder pattern). All shipped content sanitized for OSS — zero brand / personal-name leaks (verified by sanitize-grep + health-check). The skill's `LICENSE` is MIT, matching AEGIS root.
+- **Operator note**: customize `scripts/brand-deny-list.local.txt` (gitignored sibling) with your own internal codenames; the health-check uses it to scan SKILL.md / references / templates for accidental brand bleed before each release.
+
+### Added (Plans.md SSOT pattern)
+
+- **Plans.md — Live Working-Plan SSOT pattern** in `aegis-orchestrator/SKILL.md`. Defines `.aegis/Plans.md` as the single source of truth for in-flight tasks + acceptance criteria + blockers, complementing `state.json` (machine-readable phase) and handover docs (point-in-time snapshots). Lifecycle: orchestrator initializes, specialist skills update, handover-writer summarizes at session-end. AC-discipline: every task carries observable + independently verifiable acceptance criteria; task is DONE only when all AC are checked; blocked tasks keep AC unchanged and document the blocker. Concept adapted from [Chachamaru127/claude-code-harness](https://github.com/Chachamaru127/claude-code-harness) (MIT) — pure markdown integration, no fork, no Go binary, no install.
+
+### Validation
+
+- **Unit tests: 536 / 536** (was 491 — +45 across new sources).
+- **Manifest invariants** updated: EXPECTED_TOTAL 55 → 62; EXPECTED_CATEGORIES adds `osint`; EXPECTED_SOURCES_BY_CATEGORY adds `elementalsouls-fork` (osint) + `matty-fork` (offensive); EXPECTED_NAMES_BY_CATEGORY extends offensive (+5) and adds osint (+2).
+- **Attribution invariants** updated: HEADER_RE_BY_SOURCE +2 entries.
+- **Gate 10 — Residue-Check** added to `aegis-quality-gates/SKILL.md`. Detects stale commit-SHAs in handover docs (caught the v0.4.0 publish-procedure bug where rebase invalidated cited SHAs), broken markdown cross-links in shipped SKILL.md content, orphan path references, phantom `_INDEX.md` skill rows pointing at non-existent paths, dead `<!-- aegis-local: -->` provenance refs. Pure shell + grep methodology — runs in both `--quick` and `--final` modes, plus a new `--residue` operator-on-demand mode for post-rebase / post-merge checks. Concept adapted from claude-code-harness's `harness doctor --residue` (MIT).
+- **Plans.md task-discipline** referenced from `aegis-module-builder/SKILL.md`. Module-builder feature-specs map their acceptance-criteria 1:1 onto the Plans.md AC-checkbox format defined in aegis-orchestrator. Module-build phases 2-6 check off AC as they progress; task moves DONE only when all AC are checked.
+
+### Updated
+
+- `aegis-quality-gates`: description + frontmatter `enforced_quality_gates` bumped from 9 → 10 to reflect the new residue-check gate.
+- `aegis-orchestrator`: bootstrap-checklist extended from 6 to 8 steps (added Plans.md read at step 6, expanded print at step 7).
+- `packages/skills/ATTRIBUTION.md` — new "concept-only" attribution section for claude-code-harness documenting both pattern adoptions, what was NOT adopted, and why concept-only beats fork-or-mandate for methodology adoption.
 
 - **External-skills mandate-without-fork integration** with [supabase/agent-skills](https://github.com/supabase/agent-skills) (MIT). Two upstream skills (`supabase` + `supabase-postgres-best-practices`) are now declared **mandatory complements** to the AEGIS-native security layer for any project using Supabase or Postgres. Installation via the upstream's own distribution channel (`npx skills add supabase/agent-skills -g -y`) — not re-shipped here. Rationale: upstream is actively maintained by the Supabase team with frequent updates the AEGIS team has no special insight into, so fork-mode would freeze content at a fork-SHA + create unnecessary quarterly upstream-sync work for content that benefits from staying current.
   - `ATTRIBUTION.md` — new "Required external skills (mandatory complement, not forked)" section documenting the rationale, install command, and license-compatibility chain.
@@ -19,7 +59,12 @@ and quality-audit completion, not by a fixed schedule.
   - `skills/defensive/aegis-native/tenant-isolation-defense/SKILL.md` — new "Complementary external skill (mandatory)" section pointing to upstream `supabase` and `supabase-postgres-best-practices` skills.
   - AEGIS repository root — new `AGENTS.md` documents the repo-wide mandate for AI coding-agents working in this repo and the layer-split between AEGIS-native security and upstream Supabase dev/perf coverage.
 
-This establishes a second integration-pattern alongside the existing fork-mode (used by `skills/offensive/snailsploit-fork/`): mandate-without-fork. Future external sources will pick per-source based on stability and maintenance-economics.
+### Notes
+
+- This [Unreleased] entry establishes **three external-source integration-patterns** that AEGIS now uses, picked per-source based on stability + maintenance-economics:
+  1. **Fork-mode** (`snailsploit-fork`) — content forked into `skills/<category>/<source>/` with attribution headers; quarterly upstream-sync.
+  2. **Mandate-without-fork** (`supabase/agent-skills`) — install via upstream's own distribution channel; cross-reference from AEGIS skills.
+  3. **Concept-only adoption** (`Chachamaru127/claude-code-harness`) — methodology adapted into existing AEGIS skills via prose; zero code, zero install, attribution preserved in this CHANGELOG + ATTRIBUTION.md.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/skills",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",

package/skills/compliance/aegis-native/brutaler-anwalt/CHANGELOG.md

@@ -0,0 +1,202 @@
+# Changelog — brutaler-anwalt
+
+Alle relevanten Aenderungen am Skill werden hier dokumentiert.
+Format orientiert sich an [Keep a Changelog](https://keepachangelog.com/de/1.1.0/),
+Versionierung folgt [SemVer](https://semver.org/lang/de/).
+
+> Provenance-Disziplin (SKILL.md §5) ist seit v3.0 zero-tolerance.
+> Jede neue Az. in `references/bgh-urteile.md` muss eine Source-URL haben
+> (Primaerquelle bevorzugt; Sekundaerquelle mit `[secondary-source-verified]`-Tag).
+
+---
+
+## [Unreleased] — Roadmap zu v4.0.0
+
+Naechste Schritte (mehrere Sessions, siehe `MAXOUT-PROGRESS.md` falls vorhanden):
+
+- [ ] `references/gesetze/` — strukturierte Auszuege fuer leere Folders (HinSchG, NIS2UmsuCG-BSIG, KritisDachG, StGB §§ 202a-d, ePrivacy-RL, DMA, ODR, eIDAS, StPO, IHK-DSK-EDSA-Guidelines) + 6 audit-relevance.md fuer befuellte Folder (BDSG, TDDDG, DDG, BGB, HGB-AO, UWG, VSBG, BFSG)
+- [ ] `references/stack-patterns/` — 22 weitere Files: vue/, astro/, laravel/, rails/, django/, express/, nest/, strapi/ (frameworks), auth/auth0+clerk+custom-jwt, payment/paddle+mollie+lemonsqueezy+paypal, tracking/google-analytics+posthog+umami+mixpanel+fathom, ai/anthropic-dpa+replicate+self-hosted-llm, react/cookie-banner+consent-gate, nextjs/env-driven-tracking+dynamic-rendering+api-bearer-auth
+- [ ] `references/bgh-urteile.md` Source-URL-Coverage 39/67 → 67/67 (28 Az. ohne Source pflegen, primary-source bevorzugt; nach v3.3.0-Spot-Check sind Halluzinations-Verdaechtige bereinigt)
+- [ ] `references/abmahn-templates.md` — DSA-Notice + BFSG-Anhoerung + AI-Act-Behoerden-Anhoerung + Crypto-MiCA + HinSchG
+- [ ] `references/aegis-integration.md` — Update auf AEGIS v0.17.x Module-Map
+- [ ] `references/international.md` — Schweiz nFADP (revDSG) + Oesterreich DSG-Layer + Liechtenstein
+- [ ] `references/vertragsrecht.md` — § 312k Pflicht-Klauseln-Komplettliste + FairVertrG 2022 + B2B vs B2C Abgrenzungs-Pattern
+- [ ] `references/strafrecht-steuer.md` — § 202a-d StGB Volltext + GoBD-Praxis
+- [ ] OSS-Release als MIT-Submodule unter AEGIS-Repo (User-authorized)
+- [ ] OOC-Anti-Overfit-Verification (cross-project audit comparison)
+
+---
+
+## [3.4.0] — 2026-05-01 — Audit-Korrektur + Live-E2E-Verify-Lessons
+
+Erweiterungen aus dem Live-Fix-Cycle desselben Audit-Targets (eine Session
+nach v3.3.0). Skill wird jetzt durch echten End-to-End-Verify gehaertet,
+nicht mehr nur durch statische Audit-Pattern.
+
+### Changed
+- **audit-patterns.md Phase 5g DKIM-Check** auf Multi-Selector-Pattern erweitert.
+  Ehemalige Pflicht-Annahme „TXT auf `default._domainkey` ist Standard" hat
+  bei All-Inkl-Hosting einen False-Positive produziert: All-Inkl generiert
+  beim DKIM-Aktivierungs-Klick einen eigenen Selector im Format
+  `kasYYYYMMDDHHMMSS._domainkey`, der einen Wildcard-CNAME `*._domainkey` durch
+  Specific-over-Wildcard-Regel ueberschreibt. Lesson: NIE nur `default` testen,
+  sondern (1) sample-mail-header `DKIM-Signature: ... s=<selector> ...` lesen,
+  (2) mit DIESEM Selector `dig +short TXT <selector>._domainkey.<domain>`,
+  (3) Multi-Selector-Probe als Fallback (`default`, `mail`, `s1`, `k1`,
+  `kas...`, `selector1`, `google`).
+
+- **bgh-urteile.md** Audit-Korrektur: Finding "DKIM defekt" wurde im operativen
+  Audit-Re-Run zum FALSE-POSITIVE umklassifiziert nach DNS-Sicht-Klärung
+  (User-Screenshot zeigte korrekten DKIM-TXT-Record auf hoster-spezifischem
+  Selector). Das ist eine wertvolle Lesson für brutaler-anwalt-Skill:
+  audit-side-Verify per `dig` allein ist nicht ausreichend — Operator-DNS-
+  Settings-View ist die definitive Quelle.
+
+### Added
+- **audit-patterns.md Phase 5g** Operator-View-Pflicht-Check ergaenzt:
+  „Bei DKIM-Verdacht NICHT nur `dig`, sondern auch Operator-DNS-Settings-View
+  einsehen — Specific-over-Wildcard-CNAME-Konstellationen koennten den
+  `dig`-Output verschleiern."
+
+- **NEUER Pattern in audit-patterns.md Phase 5d Origin-Strict-Match**: Multi-
+  Surface-Regression-Discovery. Im Live-Fix-Cycle wurden 3 weitere API-Routes
+  (`contact`, `widerruf`, `consent-log`) mit demselben startsWith-Origin-Bug
+  entdeckt — ueber den initial-gepruefte newsletter hinaus. Skill-Pflicht-
+  Check: `grep -rEn "function isValidOrigin|origin\.startsWith" src/app/api/
+  src/lib/` — alle API-Routes muessen einen einzigen shared validator
+  importieren, **kein** lokal-defined Variant.
+
+- **NEUER Pattern Phase 5d File-Storage in Production-Container**:
+  process.cwd()-basiertes File-Storage funktioniert lokal, kann aber in
+  Docker-Production-Container schreib-Permissions failen. Pflicht: Default-
+  Path mit `os.tmpdir()` als Production-Fallback + ENV-Override fuer
+  persistent volume. Detail: in audit-patterns.md Phase 5d „Folder-/Slug-
+  Sanitization"-Zeile bei Bedarf erweitern.
+
+- **NEUER Pattern Phase 5g granulare Try-Catch**: Newsletter-DOI-Endpoint
+  hatte initial einen Bug — kein granulares Try-Catch um Mail-Send,
+  resultiert in HTTP 500 wenn Mail fail. Best-Practice: Persist-Fail = 500
+  (User soll nicht denken Anmeldung war OK), Mail-Fail = 200 + Log + retry-
+  Moeglichkeit (User kann erneut anmelden). Beispiel-Vorbild: konfigurator/
+  route.ts mit try-catch um sendKonfiguratorEmails.
+
+### Skill-Lesson auf Meta-Ebene
+**Static-Audit + Live-E2E-Verify ist ein Pflicht-Paar.** Static-Audit allein
+produziert False-Positives (DKIM-Wildcard-CNAME-Verschleierung) UND uebersieht
+Multi-Surface-Regressions (3 weitere Origin-Bugs). Brutaler-anwalt-Skill v3.4
+empfiehlt jetzt explizit: nach jedem Audit ein End-to-End-Verify am echten
+Live-System mit echten Test-Tokens / Test-Mails / DNS-Probes.
+
+### AGB-Audit-Pattern (NEU in audit-patterns.md Phase 4 vorgeschlagen für v3.5)
+Der gleiche Audit-Cycle deckte 4 AGB-Inkonsistenzen + 3 fehlende state-of-the-
+art-Klauseln auf. Skill-Erweiterung fuer naechste Version: Phase 4 DSE-Drift-
+Audit-Matrix sollte um „AGB-Konsistenz-Pass" erweitert werden mit Pflicht-
+Pruefungen:
+- Frist-Konflikt-Check (mehrere Werktage-/Kalendertage-Fristen — wann genau, was triggert)
+- Zahlungs-Reihenfolge-Check (Vor/nach Vertragsunterschrift, vor/nach Demo)
+- Rücktrittsrecht-vs-Mängelrechte-Verhältnis-Klausel (B2B parallel-Schutz)
+- Höhere-Gewalt-Klausel (Drittanbieter-Ausfälle: Hosting/CDN/Email/AI)
+- KI-Verordnung-Art.-50-Klausel (ab 02.08.2026 Pflicht für KI-Inhalte)
+- Preisanpassungs-Klausel mit CPI-Cap (BGH XI ZR 26/20-konform)
+
+---
+
+## [3.3.0] — 2026-05-01 — Audit-driven Maxout (DACH-Brand-Audit)
+
+### Added
+- **audit-patterns.md** Phase 5d — KONFIGURATOR-/MULTI-STEP-FORM-AUDIT: 14 Pflicht-Checks (Origin-Strict, Honeypot, CSRF, Rate-Limit, Zod, Server-Pricing, Folder-Sanitization, File-Upload-Polyglot, PII-Pre-Submit-Hygiene, DSE-Konfigurator-Block, TTL-Loesch-Konzept, Eingangsbestaetigung, Pre-DSGVO-Hinweis, Email-Pflichtfeld-Trennung) + 6 Verify-Curl-Probes + Az.-Anker.
+- **audit-patterns.md** Phase 5e — AI-CHATBOT-/LLM-DSGVO-AUDIT: 14 Pflicht-Checks (Vendor-AVV/DPA, Drittland-DSE, Pre-Consent-Loading, Prompt-Logging-Doku, PII-Auto-Redaction, Auskunftsrecht-Routing, System-Prompt-Anti-Leak, Prompt-Injection-Defense, AI-Act-Transparenz, Anti-Hallucination-Disclaimer, Response-Filter, Rate-Limit, Origin-Check, Konversations-TTL, Children-Schutz) + 5 Verify-Curl-Probes + Az.-Anker (Art. 50 EU AI Act).
+- **audit-patterns.md** Phase 5f — SCANNER-/AUDIT-TOOL-SELBST-AUDIT: 12 Pflicht-Checks (RDG-Disclaimer, FP/FN-Liability, Eingabe-URL-Logging, Active-Probes-Authorisierung, SSRF-Defense, DNS-Rebinding-Defense, Rate-Limit, Output-Sanitization, Drittstellen-Hinweis, FP/FN-Tracking, User-Consent-Hinweis, Output-Disclaimer-pro-Finding) + 5 Verify-Curl-Probes + Az.-Anker (BGH I ZR 113/20 Smartlaw, § 202a-c StGB).
+- **audit-patterns.md** Phase 5g — EMAIL-/SMTP-OUTBOUND-COMPLIANCE-AUDIT: 6 Mail-Authentifizierungs-Checks (SPF/DKIM-TXT-NICHT-CNAME/DMARC-mit-Reporting/BIMI/MX/Reporting-Adresse) + 12 Outbound-Compliance-Checks (3rd-Party-AVV, IP-Reputation, Bestandskunden, DOI, Bestaetigungs-Mail-Werbung, Unsubscribe, List-Unsubscribe-Header, Footer-Impressum, Consent-Beweis-Doku, Cold-Outreach, Bounce-Handling, TLS) + 7 Verify-Commands (dig + nc + Inbox-Header-Check) + Az.-Anker.
+
+### Changed
+- **SKILL.md** §5(c) Halluzinations-Indikatoren erweitert um V3.3-Lesson: WebSearch-Treffer mit „aehnlichem Sachverhalt" sind NICHT ausreichend — Pflicht-WebFetch zur Az.-Volltext-Verifikation. Anlass: Audit 2026-05-01 entdeckte 2 Halluzinationen (OLG Hamm 4 U 75/23 + LG Berlin 16 O 9/22). Beide WebSearch-Vorschlaege waren initial falsch — erst WebFetch-Volltext zeigte korrektes Az. (OLG Hamm 11 U 88/22, 20.01.2023, lennmed.de Source).
+- **bgh-urteile.md** OLG Hamm 4 U 75/23 → ersetzt mit verifiziertem **OLG Hamm 11 U 88/22 (20.01.2023)** + Source lennmed.de + Provenance-Note.
+- **bgh-urteile.md** LG Berlin 16 O 9/22 → markiert als VERDACHT-HALLUZINATION + auf BGH I ZR 218/07 + § 7 UWG-Rechtsprechung umgeleitet.
+- **bgh-urteile.md** KG Berlin 5 U 87/19 Duplikat konsolidiert (eine Section mit secondary-source-verified Source bleibt).
+- **branchenrecht.md** neue Branche **Webdesign-Agentur / Marketing-Agentur** (post-2026-05-01-Audit-Lessons): 11 Pflicht-Checks + Trigger + Az.-Anker (BGH I ZR 113/20, I ZR 218/07, I ZR 161/24, OLG Hamm 11 U 88/22).
+- **scripts/health-check.sh** pipefail-Bug gefixt: `grep -l` mit no-match → exit 1 propagiert mit `set -euo pipefail` → Script abbruch. Fix: Subshell + `|| true` + Klammern. Brand-Leak + Templates-Check liefern jetzt korrekt 0 Treffer.
+
+### Audit-Validierung (battle-tested 2026-05-01)
+Phasen 5d/5e/5f/5g auf einer Live-DACH-Brand-Site (Webdesign-Agentur, B2B-primaer, Konfigurator + Mistral-Chatbot + AEGIS-Scanner) angewandt. Ergebnis: **10 Findings produziert** (3 KRITISCH: Newsletter-Single-Opt-In + DSE-Drift + Newsletter-Origin-Bug + DKIM-CNAME-Defekt; 3 HOCH: DMARC-`p=none` + BFSG-Pflicht-Seite-404 + CSP-frame-src-Maps-Drift; 4 NIEDRIG/MITTEL). DEVIL'S ADVOCATE ergaenzte Sammelklage-Vektor + AI-Act-Future-Pflicht. LIVE-PROBE-Matrix: 17 PASS / 4 FAIL / 1 not-tested. Phase 5g war highest-ROI mit 3 hochwertigen Findings (DKIM/DMARC/Newsletter-SOI). Audit-Output liegt operator-side im jeweiligen Repo-`strategy/`-Folder.
+
+---
+
+## [3.2.0] — 2026-05-01 — Sanitization + OSS-Release-Vorbereitung
+
+### Added
+- `references/templates/` mit 11 anonymisierten Snippets:
+  - `DSFA-template.md`, `VVT-template.md`, `COMPLIANCE-AUDIT-TRAIL-template.md`
+  - `AffiliateDisclaimer.tsx.example`
+  - `proxy-strict-dynamic.ts.example`
+  - `data-retention-cron.ts.example`, `data-retention-workflow.yml.example`
+  - `UmamiScript.tsx.example`, `security.txt.example`
+  - `DSE-Section-UGC.md.example`, `LostFoundReportForm-consent.tsx.example`
+- `CHANGELOG.md` (diese Datei)
+- `README.md` mit RDG-Disclaimer + Install-Hinweisen + Contribution-Guidelines
+- `LICENSE` (MIT)
+
+### Changed (Sanitization — brand-agnostisch)
+- `audit-patterns.md`: 11 brand-spezifische Refs auf generic Lessons-Bezeichner umgestellt (`operativ-Audit 2026-04-27`, `V3.1-Audit-Vorfall 2026-04-30`, `UGC-Plattform-Audit 2026-05-01`).
+- `SKILL.md` §5(a) + §5(g): Brand-Refs durch neutrale Beschreibung ersetzt.
+- `dsgvo.md`, `checklisten.md`, `branchenrecht.md`, `bgh-urteile.md`,
+  `aegis-integration.md`: alle internen Codenamen entfernt.
+- Lehrbuch-Beispiele auf `references/templates/`-Pfade umgebogen statt direkt
+  konkrete Operator-Repos zu zitieren (Strategie: teaching-value erhalten,
+  Operator-Identitaet entfernen).
+
+### Migrationspfad fuer abhaengige Skills
+- Wer auf `compliance/DSFA-2026.md` / `compliance/VVT-2026.md` /
+  `<operator-customer-build>/src/proxy.ts` o.ae. Pfade in vorherigen
+  Skill-Versionen verlinkt hatte: bitte auf
+  `references/templates/DSFA-template.md` /
+  `references/templates/VVT-template.md` /
+  `references/templates/proxy-strict-dynamic.ts.example` umstellen.
+
+---
+
+## [3.1.0] — 2026-05-01 — V3.1-Lessons + UGC-PII-Audit
+
+### Added
+- `audit-patterns.md` Phase 5c — UGC-PUBLIC-PII-AUDIT (post-V3.1-Audit-Lessons): 6-stufige Pflicht-Checks fuer Vermisst-/Marketplace-/Forum-Plattformen.
+- `audit-patterns.md` Phase 5b — BFSG-AUDIT (B2C E-Commerce, BFSG seit 28.06.2025).
+- `audit-patterns.md` Phase 6b — Deployment-Codename-Leak-Check (CSP / Public-Text / Repo-Grep, 3 Surfaces).
+- `audit-patterns.md` Stand-Datum-Hygiene-Check.
+- `dsgvo.md` DSFA-Trigger-Liste + VVT-KMU-Best-Practice.
+- `checklisten.md` Checkliste 3b AGB-B2C Pflicht-Klauseln-Komplettliste + Checkliste 3c Affiliate.
+- `bgh-urteile.md` EuGH C-131/12 Google Spain + BGH I ZR 169/17 (§ 36 VSBG).
+
+### Changed
+- SKILL.md §5(g): V3.1-Lessons (Pre-Deploy-Gate, Verify-Command-Pflicht bei DSE-Aenderungen mit operativer Dimension, Code-Var-Names-Verbot in Public-Text).
+
+---
+
+## [3.0.0] — 2026-04-30 — Az.-Provenance zero-tolerance
+
+### Changed
+- SKILL.md §5: Az.-Provenance-Pflicht eingefuehrt (zero-tolerance fuer halluzinierte Az.).
+- `bgh-urteile.md`: Source-Pflicht — jeder Eintrag braucht Source-URL.
+- 6 halluzinierte Az.-Nummern aus geshipptem Compliance-Doc entfernt + per follow-up-commit nach Primaerquellen-Verifikation korrigiert.
+
+---
+
+## [2.0.0] — 2026-04-29 — V3 mit DSE-Drift-Audit
+
+### Added
+- DSE-Drift-Audit-Matrix (Style 1 Auslassung + Style 2 Falschangabe) in `audit-patterns.md` Phase 4.
+- 8-Phasen-HUNTER-Workflow.
+- Multi-Container-Shared-Host-Risiko-Pattern.
+
+---
+
+## [1.0.0] — 2026-04-27 — Initial brutaler-anwalt
+
+### Added
+- Adversarial Multi-Persona-Modell: HUNTER + CHALLENGER + SYNTHESIZER.
+- 4 Modi: SCAN / HUNT / SIMULATE / CONSULT.
+- Reference-Files: `audit-patterns.md`, `dsgvo.md`, `it-recht.md`,
+  `vertragsrecht.md`, `checklisten.md`, `branchenrecht.md`, `bgh-urteile.md`,
+  `abmahn-templates.md`, `aegis-integration.md`, `international.md`,
+  `strafrecht-steuer.md`.
+- AEGIS-Integration (Mapping AEGIS-Findings → Anwalts-Kritikalitaet).
+- RDG-Disclaimer-Pflicht im Output.

package/skills/compliance/aegis-native/brutaler-anwalt/LICENSE

@@ -0,0 +1,43 @@
+MIT License
+
+Copyright (c) 2026 brutaler-anwalt Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+
+# Hinweis zu Inhalt der References-Files
+
+- Auszuege aus deutschen Gesetzen (`references/gesetze/DSGVO/`, `BDSG/`, `BGB/`,
+  `UWG/` etc.) sind gemeinfreie Werke nach § 5 UrhG und werden mit
+  Quellen-Hinweis auf https://www.gesetze-im-internet.de/ wiedergegeben.
+- Auszuege aus EU-Verordnungen (`DSA-2022-2065`, `AI-Act-2024-1689` etc.) werden
+  unter Creative Commons Attribution 4.0 (CC BY 4.0) der Europaeischen Union
+  per https://eur-lex.europa.eu/ wiedergegeben.
+- BGH/EuGH/OLG-Entscheidungen in `references/bgh-urteile.md` werden mit Az.
+  und Source-URL der jeweiligen Justizportale zitiert. Tenor-Auszuege sind
+  Kurz-Zusammenfassungen (kein Volltext).
+
+# RDG-Disclaimer
+
+Dieser Skill ist eine technisch-indikative Compliance-Pruef-Hilfe. Er stellt
+keine Rechtsdienstleistung im Sinne von § 2 RDG dar (BGH I ZR 113/20 Smartlaw,
+09.09.2021) und ersetzt nicht die Beratung durch einen zugelassenen
+Rechtsanwalt fuer IT- bzw. Datenschutzrecht. Fuer verbindliche Auskuenfte zu
+konkreten Sachverhalten ist anwaltliche Beratung erforderlich.