@aegis-scan/skills 0.4.0 → 0.5.0

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/README.md

@@ -0,0 +1,33 @@
+---
+license: MIT
+purpose: Anonymized teaching snippets referenced by audit-patterns.md / dsgvo.md / checklisten.md.
+---
+
+# Templates — anonymisierte Lehrbuch-Snippets
+
+Diese Templates sind brand-agnostische Vorlagen, die in den References als
+konkrete Lehrbuch-Beispiele zitiert werden. Sie ersetzen die in fruehen
+Skill-Versionen direkt eingebetteten Brand-spezifischen Snippets.
+
+**Konvention:**
+- `<placeholder>` = vom Operator zu ersetzen (z.B. `<brand>`, `<your-domain>`)
+- `<...>` in Code-Snippets sind absichtlich syntactically-invalid, damit
+  copy-paste-Hygiene erzwungen wird
+- Alle `.example`-Files sind **keine** lauffaehigen Module — Build-Tools
+  sollen sie ignorieren
+
+## Index
+
+| Template | Referenced from | Use case |
+|----------|----------------|----------|
+| `DSFA-template.md` | `dsgvo.md` DSFA-Trigger | Datenschutz-Folgenabschaetzung Doc-Vorlage |
+| `VVT-template.md` | `dsgvo.md` VVT | Verzeichnis Verarbeitungstaetigkeiten Vorlage |
+| `COMPLIANCE-AUDIT-TRAIL-template.md` | (Skill-Output-Pattern) | Audit-Trail-Doku-Vorlage fuer eigene Audits |
+| `AffiliateDisclaimer.tsx.example` | `checklisten.md` 3c | React-Component-Vorlage UWG § 5a Abs. 4 |
+| `proxy-strict-dynamic.ts.example` | `audit-patterns.md` HIGH-RISK-CSP | Next.js proxy-CSP Strict-Dynamic-Pattern |
+| `data-retention-cron.ts.example` | `audit-patterns.md` Phase 4 | Bearer-auth Retention-Cleanup Route |
+| `data-retention-workflow.yml.example` | `audit-patterns.md` Phase 4 | GitHub Actions Cron-Trigger |
+| `UmamiScript.tsx.example` | `audit-patterns.md` env-driven Tracking | env-driven Tracking-Component |
+| `security.txt.example` | `audit-patterns.md` Phase 2 | RFC 9116 (kein Placeholder-Bug) |
+| `DSE-Section-UGC.md.example` | `audit-patterns.md` Phase 5c | Vermisst-/Marketplace-DSE-Block |
+| `LostFoundReportForm-consent.tsx.example` | `audit-patterns.md` Phase 5c | Consent-Toggle-Pattern UGC-Posts |

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/UmamiScript.tsx.example

@@ -0,0 +1,64 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md env-driven Tracking-Component
+// Pattern: env-driven Umami / Plausible / Fathom Tracking-Snippet
+
+// File: src/components/analytics/UmamiScript.tsx
+// Use: include in app/layout.tsx (root layout). Loads only after consent OR
+//      if the tracker is configured "cookieless + IP-anon + DNT respect".
+
+import Script from 'next/script';
+
+interface UmamiScriptProps {
+  /** override the env-default; pass site-id explicitly when SSR-safe */
+  websiteId?: string;
+}
+
+export function UmamiScript({ websiteId }: UmamiScriptProps) {
+  // 1. host: env-driven; default = your own analytics subdomain (NOT vendor-default cloud).
+  //    NEVER hardcode a vendor cloud URL — that's a Drittland-Trigger.
+  const host = (
+    process.env.NEXT_PUBLIC_ANALYTICS_HOST ??
+    'https://<your-analytics-subdomain>'
+  ).replace(/\/+$/, '');
+
+  // 2. site-id from env (or prop override)
+  const id = websiteId ?? process.env.NEXT_PUBLIC_ANALYTICS_SITE_ID;
+
+  // 3. fail-soft: no tracking if env not configured (better than fallback to default-cloud)
+  if (!id) {
+    return null;
+  }
+
+  return (
+    <Script
+      strategy="afterInteractive"
+      src={`${host}/script.js`}
+      data-website-id={id}
+      data-host-url={host}
+      // Privacy-Hardening: respect DNT and GPC client-side (server-side opt: track-DNT off)
+      data-do-not-track="true"
+      // Cookieless mode + IP-anonymisation are server-side settings.
+      // The DSE statement MUST match the actual server-config — verify with admin-panel.
+      async
+    />
+  );
+}
+
+// USAGE in app/layout.tsx:
+//
+//   import { UmamiScript } from '@/components/analytics/UmamiScript';
+//   export default function RootLayout({ children }) {
+//     return (
+//       <html><body>{children}<UmamiScript /></body></html>
+//     );
+//   }
+//
+// VERIFY:
+//   curl -s https://<your-domain> | grep -oE 'data-host-url="[^"]+"'
+//   # erwarte: dein operator-eigener Analytics-Host, nie ein Vendor-Cloud-Default
+//
+// DSE-PFLICHT (analog dazu):
+//   "Wir nutzen das selbstgehostete Analyse-Tool [Tool-Name] auf <your-analytics-subdomain>.
+//    Verarbeitung erfolgt cookieless mit serverseitiger IP-Anonymisierung. DNT/GPC werden
+//    respektiert. Rechtsgrundlage: Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an
+//    aggregierter Reichweitenmessung). Widerspruch jederzeit moeglich..."

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/VVT-template.md

@@ -0,0 +1,60 @@
+---
+license: MIT
+purpose: Generische VVT-Vorlage (Art. 30 DSGVO). KMU-best-practice.
+references: dsgvo.md (VVT-Block)
+sources: Art. 30 Abs. 1 DSGVO + BayLDA-VVT-Hinweise
+---
+
+# Verzeichnis von Verarbeitungstaetigkeiten (VVT) — Vorlage
+
+> Diese Vorlage entspricht Art. 30 Abs. 1 DSGVO. KMU mit < 250 MA und
+> gelegentlicher Verarbeitung ohne Sonderkategorien sind nicht VVT-pflichtig
+> (Art. 30 Abs. 5), aber BayLDA empfiehlt VVT auch fuer KMU zur Erfuellung
+> Rechenschaftspflicht Art. 5 Abs. 2.
+
+## Stammblatt
+
+| Feld | Wert |
+|------|------|
+| Verantwortlicher | `<Operator-Firma>` |
+| Anschrift | `<vollstaendige-Anschrift>` |
+| Vertreter (Art. 27) | `<falls EU-Drittland-Sitz>` |
+| DSB | `<falls bestellt>` |
+| Stand | `<YYYY-MM-DD>` |
+| Version | `<vN.N>` |
+
+## Verarbeitungstaetigkeiten
+
+Pro Verarbeitung ein Block.
+
+### VT-001: `<Bezeichnung>`
+
+| Pflicht-Feld (Art. 30 Abs. 1) | Wert |
+|------------------------------|------|
+| **a) Name + Kontaktdaten Verantwortlicher** | siehe Stammblatt |
+| **b) Zwecke der Verarbeitung** | `<Zweck>` (Rechtsgrundlage Art. 6 Abs. 1 lit. `<a/b/c/d/e/f>`) |
+| **c) Kategorien betroffener Personen** | `<Kunden / Mitarbeiter / Lieferanten / ...>` |
+| **c) Kategorien personenbezogener Daten** | `<Stammdaten / Kontaktdaten / Nutzungsdaten / besondere Kategorien>` |
+| **d) Kategorien von Empfaengern** | `<intern / Auftragsverarbeiter / Drittland>` |
+| **e) Drittlandtransfer** | `<keine / USA / UK / ...>` (mit Mechanismus: SCC + TIA / Adequacy / DPF) |
+| **f) Speicherdauer / Loeschfristen** | `<Frist>` (gesetzlicher Anker, z.B. § 257 HGB / § 147 AO) |
+| **g) Allgemeine Beschreibung TOMs** | siehe `<TOMs-Doku-Verweis>` |
+
+### VT-002: `<naechste Verarbeitung>`
+
+(analog)
+
+## Auftragsverarbeiter (Art. 28)
+
+| Auftragsverarbeiter | Zweck | AVV-Status | Drittland | Standort |
+|---------------------|-------|-----------|-----------|----------|
+| `<Anbieter>` | `<Zweck>` | `<abgeschlossen YYYY-MM-DD>` | `<DE/EU/USA>` | `<Region>` |
+
+## Review
+
+VVT bei wesentlichen Aenderungen sofort updaten, ansonsten jaehrlich.
+Naechstes Review: `<YYYY-MM-DD>`.
+
+---
+
+*Disclaimer: technisch-indikative Vorlage, keine Rechtsberatung i.S.d. § 2 RDG.*

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/data-retention-cron.ts.example

@@ -0,0 +1,52 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md Phase 4 DSE-Drift-Audit Style 2 (DSE-Aussage "wir loeschen nach X")
+// Pattern: Next.js API-Route mit Bearer-Auth, idempotent, audit-logged
+
+// File: src/app/api/cron/data-retention/route.ts (Next.js App-Router)
+
+import { NextRequest, NextResponse } from 'next/server';
+
+const RETENTION_DAYS = Number(process.env.DATA_RETENTION_DAYS ?? '180');
+
+export async function POST(req: NextRequest) {
+  // 1. Bearer-Auth — Cron-Secret aus env, nicht hardcoded
+  const authHeader = req.headers.get('authorization') ?? '';
+  const expected = `Bearer ${process.env.CRON_SECRET}`;
+  if (!process.env.CRON_SECRET || authHeader !== expected) {
+    return NextResponse.json({ error: 'unauthorized' }, { status: 401 });
+  }
+
+  // 2. Compute cutoff
+  const cutoff = new Date(Date.now() - RETENTION_DAYS * 24 * 60 * 60 * 1000);
+
+  // 3. Delete-Logik — pro Tabelle / Collection / Bucket einzeln
+  const results = {
+    cutoff: cutoff.toISOString(),
+    deleted: {} as Record<string, number>,
+  };
+
+  try {
+    // Pseudocode — durch echten DB-Client ersetzen
+    // results.deleted.session_logs = await db.sessionLogs.deleteMany({ created_at: { lt: cutoff } });
+    // results.deleted.lost_found_posts = await db.lostFoundPosts.deleteMany({ expires_at: { lt: new Date() } });
+    // results.deleted.unverified_signups = await db.users.deleteMany({ verified: false, created_at: { lt: cutoff } });
+  } catch (err) {
+    console.error('[retention-cron] error', err);
+    return NextResponse.json({ error: 'cleanup-failed', details: String(err) }, { status: 500 });
+  }
+
+  // 4. Audit-Log — Pflicht fuer Rechenschafts-Nachweis Art. 5 Abs. 2 DSGVO
+  console.log(JSON.stringify({
+    event: 'data_retention_cleanup',
+    timestamp: new Date().toISOString(),
+    cutoff: results.cutoff,
+    deleted: results.deleted,
+  }));
+
+  return NextResponse.json(results);
+}
+
+// VERIFY:
+//   curl -X POST https://<your-domain>/api/cron/data-retention \
+//     -H "Authorization: Bearer $CRON_SECRET"
+//   # erwarte 200 + JSON mit deleted-counts; ohne Auth 401.

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/data-retention-workflow.yml.example

@@ -0,0 +1,47 @@
+## MIT-License — anonymized teaching snippet for brutaler-anwalt
+## References: audit-patterns.md Phase 4 DSE-Drift-Audit Style 2
+## Pattern: GitHub Actions Cron-Trigger fuer DSGVO-Retention-Cleanup
+
+# File: .github/workflows/data-retention.yml
+
+name: data-retention-cleanup
+
+on:
+  schedule:
+    # tgl. 03:00 UTC = 04:00 CET (low-traffic-window)
+    - cron: '0 3 * * *'
+  workflow_dispatch: {}
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    steps:
+      - name: Trigger retention API
+        env:
+          CRON_SECRET: ${{ secrets.CRON_SECRET }}
+          API_URL: ${{ secrets.RETENTION_API_URL }}  # https://<your-domain>/api/cron/data-retention
+        run: |
+          if [ -z "$CRON_SECRET" ] || [ -z "$API_URL" ]; then
+            echo "::error::CRON_SECRET or RETENTION_API_URL not set in GH secrets"
+            exit 1
+          fi
+          response=$(curl -sS -w "\n%{http_code}" -X POST "$API_URL" \
+            -H "Authorization: Bearer $CRON_SECRET" \
+            -H "Content-Type: application/json" \
+            --max-time 60)
+          body=$(echo "$response" | sed '$d')
+          status=$(echo "$response" | tail -n1)
+          echo "::group::API response"
+          echo "$body"
+          echo "::endgroup::"
+          if [ "$status" != "200" ]; then
+            echo "::error::retention API returned status $status"
+            exit 1
+          fi
+
+# VERIFY in repo:
+#   gh workflow run data-retention-cleanup
+#   gh run list --workflow=data-retention-cleanup --limit 5

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/proxy-strict-dynamic.ts.example

@@ -0,0 +1,80 @@
+// MIT-License — anonymized teaching snippet for brutaler-anwalt
+// References: audit-patterns.md HIGH-RISK CSP unsafe-inline Migration
+// Pattern: Next.js (App Router) middleware.ts / proxy.ts mit Strict-Dynamic-CSP
+
+// File: src/middleware.ts (oder src/proxy.ts) — Next.js 14+
+// Pattern: per-request nonce → CSP-Header → propagate via x-nonce request-header.
+// Layout liest x-nonce via headers().get('x-nonce') und gibt es an inline-Scripts.
+
+import { NextRequest, NextResponse } from 'next/server';
+
+const cspDirectives = (nonce: string) => [
+  `default-src 'self'`,
+  // Strict-Dynamic + nonce: ersetzt unsafe-inline ohne legitime inline-scripts zu brechen
+  `script-src 'self' 'nonce-${nonce}' 'strict-dynamic' https:`,
+  // Style: nonce + self; unsafe-inline weiterhin nur zugelassen wenn unvermeidbar
+  `style-src 'self' 'nonce-${nonce}'`,
+  `img-src 'self' data: https://<your-cdn-domain>`,
+  `font-src 'self' data:`,
+  // Connect: API-Endpoints + 3rd-party-Services aus DSE
+  `connect-src 'self' https://<api-domain> https://<analytics-host>`,
+  `frame-src 'self' https://<embed-domains>`,
+  `object-src 'none'`,
+  `base-uri 'self'`,
+  `form-action 'self'`,
+  `frame-ancestors 'none'`,
+  `upgrade-insecure-requests`,
+].join('; ');
+
+export function middleware(req: NextRequest) {
+  // 1. Generate per-request nonce (16 random bytes, base64)
+  const nonce = btoa(crypto.getRandomValues(new Uint8Array(16)).join(''));
+
+  // 2. Forward via request-header so layout/components can read it
+  const requestHeaders = new Headers(req.headers);
+  requestHeaders.set('x-nonce', nonce);
+
+  // 3. Build response with CSP-Header
+  const response = NextResponse.next({ request: { headers: requestHeaders } });
+  response.headers.set('Content-Security-Policy', cspDirectives(nonce));
+
+  // 4. Defense-in-depth headers
+  response.headers.set('X-Frame-Options', 'DENY');
+  response.headers.set('X-Content-Type-Options', 'nosniff');
+  response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
+  response.headers.set(
+    'Strict-Transport-Security',
+    'max-age=63072000; includeSubDomains; preload',
+  );
+  response.headers.set(
+    'Permissions-Policy',
+    'camera=(), microphone=(), geolocation=(self), interest-cohort=()',
+  );
+
+  return response;
+}
+
+export const config = {
+  matcher: '/:path*',
+};
+
+// USAGE in layout.tsx:
+//
+//   import { headers } from 'next/headers';
+//   export default function RootLayout({ children }) {
+//     const nonce = headers().get('x-nonce') ?? '';
+//     return (
+//       <html>
+//         <body>
+//           <Script id="bootstrap" nonce={nonce} strategy="beforeInteractive">
+//             {`/* inline bootstrap */`}
+//           </Script>
+//           {children}
+//         </body>
+//       </html>
+//     );
+//   }
+//
+// VERIFY:
+//   curl -sIS https://<your-domain> | grep -i 'content-security-policy'
+//   # erwarte: 'nonce-...' + 'strict-dynamic' enthalten, KEIN 'unsafe-inline'

package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/security.txt.example

@@ -0,0 +1,26 @@
+# MIT-License — anonymized teaching snippet for brutaler-anwalt
+# References: audit-patterns.md Phase 2 Public-Static-File-Audit
+# Spec: RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
+#
+# File: public/.well-known/security.txt
+# Critical: KEINE Placeholder-Tokens (`{{...}}`, `<...>`, `YOUR_*`, `AGENT:`,
+#           `TODO:`, `FIXME:`) im Production-Build. Die folgenden Werte sind
+#           OPERATOR-VERANTWORTUNG, vor Deploy konkret zu setzen.
+
+Contact: mailto:security@<your-domain>
+Contact: https://<your-domain>/security/contact
+Expires: 2027-12-31T23:59:59Z
+Encryption: https://<your-domain>/.well-known/pgp-key.txt
+Acknowledgments: https://<your-domain>/security/hall-of-fame
+Preferred-Languages: de, en
+Canonical: https://<your-domain>/.well-known/security.txt
+Policy: https://<your-domain>/security/responsible-disclosure
+Hiring: https://<your-domain>/karriere
+
+# Pre-Deploy-Verify:
+#   curl -s https://<your-domain>/.well-known/security.txt | \
+#     grep -E '\{\{|<[A-Z_]+>|YOUR_|AGENT:|ASSISTANT:|TODO:|FIXME:|placeholder' && \
+#     echo "🔴 KRITISCH — unrendered Template" || echo "✓ clean"
+#
+# Expires-Datum: alle 6-12 Monate updaten. Das Datum ist hier ein Lehrbuch-Wert
+# und MUSS vom Operator vor Deploy gesetzt werden. RFC 9116 verlangt < 1 Jahr.

package/skills/compliance/aegis-native/brutaler-anwalt/scripts/health-check.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# brutaler-anwalt — Health-Check for skill consistency.
+# Usage: bash scripts/health-check.sh
+# Exit:  0 healthy · 1 issues found
+
+set -euo pipefail
+
+SKILL_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+issues=0
+
+echo "▎ brutaler-anwalt Health-Check"
+echo "▎ Skill-Dir: $SKILL_DIR"
+echo
+
+# 1. Brand-Leak-Check — operator-customizable deny-list of brand-codenames
+# that must NOT appear in shipped skill content (SKILL.md / references / etc).
+#
+# CUSTOMIZATION: edit BRAND_PATTERN below to add your own brand-codenames
+# (single-bar-separated, regex-syntax). Example: if your projects are named
+# `acme-saas` and `bluefin`, set:
+#     BRAND_PATTERN="acme-saas|bluefin|your-internal-codename"
+# Defaults are placeholder examples; replace before relying on the check.
+#
+# The check reads the deny-list from a gitignored sibling file when present,
+# so operators can keep their real codenames out of the public skill repo.
+echo "1/5  Brand-Leak-Check…"
+LOCAL_DENY_FILE="$SKILL_DIR/scripts/brand-deny-list.local.txt"
+if [[ -f "$LOCAL_DENY_FILE" ]]; then
+  # one pattern per line, joined with | for grep -E
+  BRAND_PATTERN=$(grep -vE '^[[:space:]]*(#|$)' "$LOCAL_DENY_FILE" | tr '\n' '|' | sed 's/|$//')
+  if [[ -z "$BRAND_PATTERN" ]]; then
+    BRAND_PATTERN="placeholder-codename-example"
+  fi
+else
+  BRAND_PATTERN="placeholder-codename-example|placeholder-internal-project"
+fi
+brand_hits=$( (grep -rEnli "$BRAND_PATTERN" \
+  "$SKILL_DIR/SKILL.md" "$SKILL_DIR/README.md" "$SKILL_DIR/LICENSE" "$SKILL_DIR/CHANGELOG.md" "$SKILL_DIR/references/" 2>/dev/null || true) \
+  | wc -l | tr -d ' ')
+if [[ "$brand_hits" == "0" ]]; then
+  echo "     ✓ keine Brand-Leaks (Pattern: $BRAND_PATTERN)"
+else
+  echo "     ✗ $brand_hits Brand-Leak-Treffer:"
+  grep -rEni "$BRAND_PATTERN" \
+    "$SKILL_DIR/SKILL.md" "$SKILL_DIR/README.md" "$SKILL_DIR/LICENSE" "$SKILL_DIR/CHANGELOG.md" "$SKILL_DIR/references/" 2>/dev/null | head -10 || true
+  issues=$((issues + 1))
+fi
+
+# 2. Az.-Provenance — every entry should have a Source-URL
+echo "2/5  Az.-Provenance-Check…"
+az_count=$( (grep -cE "^### " "$SKILL_DIR/references/bgh-urteile.md" 2>/dev/null || echo 0) | head -1)
+# Source-Verlinkung in beliebigem Markdown-Format: **Source**, "Source:", oder eingebetteter http(s)-Link.
+src_count=$( (grep -cE "\*\*Source\*\*|Source:|https?://(juris|curia|dejure|openjur|rewis|edpb|gesetze-im-internet|eur-lex|bverwg|bag-urteil|nrwe|wettbewerbszentrale|noerr|twobirds|bird-bird|alro-recht)" "$SKILL_DIR/references/bgh-urteile.md" 2>/dev/null || echo 0) | head -1)
+echo "     Az.-Eintraege: $az_count · Source-Verlinkungen: $src_count"
+if [[ "$src_count" -lt "$az_count" ]]; then
+  diff=$((az_count - src_count))
+  echo "     ⚠ $diff Eintraege ohne Source-Verlinkung — Provenance-Disziplin §5 pruefen"
+  issues=$((issues + 1))
+else
+  echo "     ✓ alle Eintraege haben Source-Verlinkung"
+fi
+
+# 3. Verzeichnis-Vollstaendigkeit
+echo "3/5  Verzeichnis-Vollstaendigkeit…"
+required=("SKILL.md" "README.md" "LICENSE" "CHANGELOG.md" \
+  "references/audit-patterns.md" "references/dsgvo.md" "references/it-recht.md" \
+  "references/vertragsrecht.md" "references/checklisten.md" "references/branchenrecht.md" \
+  "references/bgh-urteile.md" "references/abmahn-templates.md" "references/aegis-integration.md" \
+  "references/international.md" "references/strafrecht-steuer.md" \
+  "references/templates/README.md" \
+  "references/gesetze/INDEX.md" \
+  "references/stack-patterns/INDEX.md")
+
+missing=0
+for f in "${required[@]}"; do
+  if [[ ! -f "$SKILL_DIR/$f" ]]; then
+    echo "     ✗ fehlt: $f"
+    missing=$((missing + 1))
+  fi
+done
+if [[ "$missing" == "0" ]]; then
+  echo "     ✓ alle ${#required[@]} Pflicht-Files vorhanden"
+else
+  echo "     ✗ $missing Pflicht-Files fehlen"
+  issues=$((issues + 1))
+fi
+
+# 4. SKILL.md Reference-Loading-Map → File-Vorhandensein
+echo "4/5  Reference-Loading-Map konsistent…"
+map_files=$(grep -oE 'references/[a-z_-]+\.md' "$SKILL_DIR/SKILL.md" 2>/dev/null | sort -u)
+for f in $map_files; do
+  if [[ ! -f "$SKILL_DIR/$f" ]]; then
+    echo "     ✗ SKILL.md verlinkt $f, aber Datei fehlt"
+    issues=$((issues + 1))
+  fi
+done
+echo "     ✓ alle in SKILL.md referenzierten Files vorhanden"
+
+# 5. Templates ohne Brand-Leak — re-uses the BRAND_PATTERN configured above
+# in section 1. Templates must not contain any operator-specific codename.
+echo "5/5  Templates anonymisiert…"
+template_brand_hits=$( (grep -rEnli "$BRAND_PATTERN" \
+  "$SKILL_DIR/references/templates/" 2>/dev/null || true) | wc -l | tr -d ' ')
+if [[ "$template_brand_hits" == "0" ]]; then
+  echo "     ✓ alle Templates anonymisiert"
+else
+  echo "     ✗ Templates enthalten Brand-Refs (sollten anonym sein):"
+  grep -rEni "$BRAND_PATTERN" \
+    "$SKILL_DIR/references/templates/" 2>/dev/null | head -10 || true
+  issues=$((issues + 1))
+fi
+
+echo
+if [[ "$issues" == "0" ]]; then
+  echo "✓ Health-Check passed — Skill ist konsistent."
+  exit 0
+else
+  echo "✗ Health-Check failed — $issues Issues gefunden."
+  exit 1
+fi

package/skills/defensive/aegis-native/rls-defense/SKILL.md

@@ -129,6 +129,91 @@ $$;
 
 **SECURITY DEFINER without `SET search_path` is a search-path-poisoning vulnerability** — the function inherits the caller's search_path and an attacker who can prepend their own schema can hijack the function.
 
+### 4a. SECURITY DEFINER RPC + `p_user_id` parameter — canonical authz guard
+
+Pattern surfaced in production audits (CWE-863, IDOR via RPC): SECURITY DEFINER RPCs in the `public` schema accept a `p_user_id` parameter without verifying it equals `auth.uid()`. Every signed-in user can then call the RPC with any other user's id and act on their data:
+
+- spend OTHER users' loyalty points (`purchase_item(other_uid, ...)`)
+- award themselves arbitrary points (`award_points(my_uid, 999999)`)
+- redeem rewards or finish duels on behalf of other users
+
+These are **silent vulnerabilities** until Supabase ships a linter rule that surfaces them. Splinter rules `0028_anon_security_definer_function_executable` + `0029_authenticated_security_definer_function_executable` (added in early 2026) flag the privilege side, but they are argument-blind — a function can be linter-clean but still missing the internal `auth.uid()` check. Static migration audit catches the body-side gap at PR review.
+
+**Canonical fix — install a single guard helper, then PERFORM it at the top of every RPC that takes a user-identity parameter:**
+
+```sql
+-- One helper, owned by you, called everywhere
+CREATE OR REPLACE FUNCTION public._aegis_authorize_user(p_user_id uuid)
+RETURNS void
+LANGUAGE plpgsql
+SECURITY INVOKER
+STABLE
+SET search_path = ''
+AS $$
+BEGIN
+  IF (SELECT auth.role()) = 'service_role' THEN
+    RETURN;  -- server-side admin / cron bypass
+  END IF;
+  IF (SELECT auth.uid()) IS NULL OR (SELECT auth.uid()) <> p_user_id THEN
+    RAISE EXCEPTION 'AEGIS-AUTHZ: caller % may not act on user %',
+      coalesce((SELECT auth.uid())::text, 'anon'), p_user_id
+      USING ERRCODE = '42501';
+  END IF;
+END;
+$$;
+
+-- Every RPC that touches another user's data calls this on entry
+CREATE FUNCTION public.purchase_arena_item(p_user_id uuid, p_item_key text)
+RETURNS jsonb LANGUAGE plpgsql SECURITY DEFINER
+SET search_path = public, pg_temp AS $$
+BEGIN
+  PERFORM public._aegis_authorize_user(p_user_id);  -- ← MANDATORY first line
+  -- ... actual logic
+END $$;
+```
+
+**Linter-clean grants — REVOKE from PUBLIC, not from anon:**
+The default `EXECUTE` privilege on a SQL function is granted to `PUBLIC`, which transitively includes `anon`, `authenticated`, AND `service_role`. `REVOKE EXECUTE FROM anon` does **not** remove anon's access while the PUBLIC grant exists. To restrict to `authenticated` + `service_role`, you must:
+
+```sql
+REVOKE ALL  ON FUNCTION public.<name>(<args>) FROM PUBLIC, anon;
+GRANT EXECUTE ON FUNCTION public.<name>(<args>) TO authenticated, service_role;
+```
+
+**Bulk programmatic application** (idempotent — auto-discovers all guarded RPCs):
+
+```sql
+DO $$
+DECLARE r record;
+BEGIN
+  FOR r IN
+    SELECT p.proname, pg_get_function_identity_arguments(p.oid) AS args
+      FROM pg_proc p JOIN pg_namespace n ON n.oid = p.pronamespace
+     WHERE n.nspname = 'public' AND p.prosecdef = true
+       AND p.prorettype <> 'trigger'::regtype
+       AND p.prosrc ~ '_aegis_authorize_user'  -- only the guarded ones
+  LOOP
+    EXECUTE format('REVOKE ALL ON FUNCTION public.%I(%s) FROM PUBLIC, anon',
+                   r.proname, r.args);
+    EXECUTE format('GRANT EXECUTE ON FUNCTION public.%I(%s) TO authenticated, service_role',
+                   r.proname, r.args);
+  END LOOP;
+END $$;
+```
+
+**Decision tree for a SECURITY DEFINER function in `public`:**
+
+| Function shape | Treatment |
+|---|---|
+| Returns `trigger` (called only by trigger system) | `REVOKE EXECUTE FROM PUBLIC, anon, authenticated`. Triggers run as table-owner regardless. |
+| Cron / batch / admin-only (`cleanup_*`, `auto_unban_*`, `expire_*`) | `REVOKE FROM PUBLIC, anon, authenticated`. Only `service_role` may call. No internal guard needed. |
+| User-callable RPC with `p_user_id` parameter | Inject `PERFORM _aegis_authorize_user(p_user_id);` at top. `REVOKE FROM PUBLIC, anon`; `GRANT TO authenticated, service_role`. |
+| User-callable RPC with resource ID (`p_dog_id`, `p_post_id`) | Verify caller-ownership (or prefer `SECURITY INVOKER` and let RLS filter). |
+| Read-only data accessor over RLS-protected tables | Switch to `SECURITY INVOKER`. RLS handles authz. |
+| PostGIS / extension-owned C functions | Cannot revoke (extension owns them). Move PostGIS to `extensions` schema instead. |
+
+**Why this surfaces in established projects without warning:** the Supabase database linter is rule-versioned. New rules ship without a code-change in your repo, and they retroactively flag patterns that were always exposures but were never explicitly checked. **Run `get_advisors` (or the SQL surrogates above) on every deploy**, not just at release.
+
 ### 5. Defensive testing — every policy needs a regression test
 
 ```sql

package/skills/foundation/aegis-native/aegis-module-builder/SKILL.md

@@ -61,11 +61,15 @@ What does this feature do?
 - User-story (1-2 sentences)
 - Inputs (request shape, params, files)
 - Outputs (response shape, side-effects)
-- Acceptance-criteria (3-5 bullet points)
+- Acceptance-criteria (3-5 bullet points, observable + independently verifiable)
 ```
 
 Don't infer from chat-context. Demand the spec.
 
+### Plans.md task discipline
+
+Every module-build creates a row in `.aegis/Plans.md` per the format defined in `aegis-orchestrator` ("Plans.md — Live Working-Plan SSOT" section). The acceptance-criteria from the feature-spec become the AC checkboxes on the task row. As phases 2-6 run, the AC are checked off; task moves DONE only when all are checked. If a phase is blocked, the AC stays unchanged + the blocker is documented in `## Blockers`.
+
 ---
 
 ## Process