npm - @aegis-scan/skills - Versions diffs - 0.5.0 → 0.5.1 - Mend

@aegis-scan/skills 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (346) hide show

package/skills/compliance/aegis-native/brutaler-anwalt/hooks/post_write.py ADDED Viewed

@@ -0,0 +1,315 @@
+#!/usr/bin/env python3
+"""
+PostToolUse-Hook fuer brutaler-anwalt (v4.3.0+).
+Triggers nach Write/Edit auf Audit-Output-Files. Erzwingt 3 Quality-Gates:
+  1. DISCLAIMER-BLOCK (RDG §2, blocking warning)
+     - "Haftungsausschluss" + "Keine Rechtsberatung" in ersten 40 Zeilen
+     - stderr-Warnung non-blocking (User muss bewusst entscheiden)
+  2. FINDING-ID-UNIQUENESS (blocking exit 2)
+     - Audit-Output-Files: pro "## Finding (F-NNN)" Pattern duerfen IDs nicht dupliziert sein
+     - Verhindert versehentliche Dup-IDs nach Persona-Synthese
+  3. AZ.-PROVENANCE-GUARD (blocking exit 2, SKILL.md §5)
+     - Jede Az.-Nummer im Output braucht Source-Markierung
+     - Akzeptierte Marker: Source-URL in selber Zeile / Folgezeile
+                         oder "[ungeprueft, manuelle Verifikation vor Schriftsatz erforderlich]"
+                         oder "[secondary-source-verified]"
+                         oder "[primary-source-verified]"
+     - Verdaechtige Pattern (Halluzinations-Indikatoren) werden separat gemeldet:
+       - "1234/22", "9999/22" Placeholder-Style
+       - Az.-Jahr vs. Urteilsjahr divergiert > 2 Jahre
+       - Az. ohne jeglichen Source-Hint im Umkreis
+Input:   JSON auf stdin (tool_input.file_path)
+Output:  stderr-Warnungen + Exit-Code 0/2
+Aktivierung: ueber .claude-plugin/plugin.json hookSpec
+Disable:    set BRUTALER_ANWALT_HOOK_DISABLE=1 in env
+"""
+from __future__ import annotations
+import json
+import os
+import re
+import sys
+from typing import Iterable
+RELEVANT_PATH_PATTERNS = [
+    re.compile(r"audits?[\\/].+\.md$"),
+    re.compile(r"compliance[\\/].+\.md$"),
+    re.compile(r"legal-audit[\\/].+\.md$"),
+    re.compile(r"BRUTALER-AUDIT.*\.md$"),
+    re.compile(r"COMPLIANCE-AUDIT.*\.md$"),
+    re.compile(r".*-AUDIT-\d{4}-\d{2}-\d{2}.*\.md$"),
+    re.compile(r"ABMAHN-SIMULATION.*\.md$"),
+    re.compile(r"FINDINGS.*\.md$"),
+    re.compile(r"LegalAudit\.md$"),
+    re.compile(r"DSAR-\d{4}-\d{2}-\d{2}.*\.md$"),
+    re.compile(r"AVV-REDLINE.*\.md$"),
+    re.compile(r"references[\\/]streitwerte\.json$"),
+]
+MAX_FILE_SIZE_BYTES = 5_000_000
+FORBIDDEN_PATH_PREFIXES = [
+    "/etc/", "/var/", "/usr/", "/sys/", "/proc/", "/dev/",
+    "/private/etc/", "/private/var/",
+    "/Library/Keychains/", "/Library/Application Support/Keychain/",
+]
+DISCLAIMER_HEAD = re.compile(r"Haftungsausschluss|Disclaimer", re.IGNORECASE)
+DISCLAIMER_BODY = re.compile(r"Keine\s+Rechtsberatung|not\s+legal\s+advice|RDG", re.IGNORECASE)
+FINDING_ID_RE = re.compile(r"^##\s+Finding\s+(F-\d{3})", re.MULTILINE)
+AZ_PATTERNS = [
+    re.compile(r"\bBGH\s+[IVX]+\s+ZR\s+\d{1,4}/\d{2}\b"),
+    re.compile(r"\bBGH\s+[IVX]+\s+ZB\s+\d{1,4}/\d{2}\b"),
+    re.compile(r"\bBVerfG\s+\d\s+BvR\s+\d{1,4}/\d{2}\b"),
+    re.compile(r"\bEuGH\s+C-\d{1,4}/\d{2}\b"),
+    re.compile(r"\bOLG\s+\w+\s+\d{1,2}\s+U\s+\d{1,4}/\d{2}\b"),
+    re.compile(r"\bLG\s+\w+\s+\d{1,2}\s+O\s+\d{1,4}/\d{2}\b"),
+]
+SOURCE_MARKER_RE = re.compile(
+    r"\["
+    r"(ungeprueft|secondary-source-verified|primary-source-verified|verified)"
+    r"[^\]]*\]"
+    r"|https?://(?:juris\.bundesgerichtshof\.de|bundesgerichtshof\.de|curia\.europa\.eu"
+    r"|eur-lex\.europa\.eu|dejure\.org|openjur\.de|rewis\.io|nrwe\.justiz\.nrw\.de"
+    r"|medien-internet-und-recht\.de|bundesanzeiger\.de|gesetze-im-internet\.de)",
+    re.IGNORECASE,
+)
+SUSPICIOUS_AZ_PLACEHOLDERS = [
+    re.compile(r"\b1234/\d{2}\b"),
+    re.compile(r"\b9999/\d{2}\b"),
+    re.compile(r"\b1111/\d{2}\b"),
+    re.compile(r"\b0000/\d{2}\b"),
+    re.compile(r"\b5678/\d{2}\b"),
+    re.compile(r"\b(?:0123|1234|2345|3456|4567|5678|6789)/\d{2}\b"),
+    re.compile(r"\b(?:1000|2000|3000|4000|5000|6000|7000|8000)/\d{2}\b"),
+]
+BYPASS_AZ_CHECK_RE = re.compile(
+    r"<!--\s*brutaler-anwalt:\s*bypass-az-check"
+    r"(?:,\s*reason=(?:\"|')([^\"']+)(?:\"|'))?\s*-->",
+    re.IGNORECASE,
+)
+BYPASS_DISCLAIMER_RE = re.compile(
+    r"<!--\s*brutaler-anwalt:\s*bypass-disclaimer"
+    r"(?:,\s*reason=(?:\"|')([^\"']+)(?:\"|'))?\s*-->",
+    re.IGNORECASE,
+)
+BYPASS_ALL_RE = re.compile(
+    r"<!--\s*brutaler-anwalt:\s*bypass-all"
+    r"(?:,\s*reason=(?:\"|')([^\"']+)(?:\"|'))?\s*-->",
+    re.IGNORECASE,
+)
+def main() -> int:
+    if os.environ.get("BRUTALER_ANWALT_HOOK_DISABLE") == "1":
+        return 0
+    if hasattr(sys.stdout, "reconfigure"):
+        sys.stdout.reconfigure(encoding="utf-8")
+    if hasattr(sys.stderr, "reconfigure"):
+        sys.stderr.reconfigure(encoding="utf-8")
+    try:
+        data = json.loads(sys.stdin.read() or "{}")
+    except Exception:
+        return 0
+    file_path = (data.get("tool_input") or {}).get("file_path") or ""
+    if not file_path or not os.path.isfile(file_path):
+        return 0
+    try:
+        real_path = os.path.realpath(file_path)
+    except (OSError, ValueError):
+        return 0
+    for forbidden in FORBIDDEN_PATH_PREFIXES:
+        if real_path.startswith(forbidden):
+            print(
+                f"[brutaler-anwalt] SECURITY: Hook refused to read system-path {real_path!r} "
+                f"(matches forbidden prefix {forbidden!r}). Pfad-Traversal-Verdacht.",
+                file=sys.stderr,
+            )
+            return 0
+    normalized = real_path.replace("\\", "/")
+    if not any(p.search(normalized) for p in RELEVANT_PATH_PATTERNS):
+        return 0
+    try:
+        size = os.path.getsize(real_path)
+    except OSError:
+        return 0
+    if size > MAX_FILE_SIZE_BYTES:
+        print(
+            f"[brutaler-anwalt] WARNUNG: {real_path} ist {size} bytes > "
+            f"{MAX_FILE_SIZE_BYTES}-byte-Cap. Hook ueberspringt Validierung. "
+            f"Bitte File splitten oder bewusst akzeptieren.",
+            file=sys.stderr,
+        )
+        return 0
+    try:
+        with open(real_path, "r", encoding="utf-8") as f:
+            text = f.read()
+    except Exception:
+        return 0
+    file_path = real_path
+    first_lines = "\n".join(text.splitlines()[:40])
+    exit_code = 0
+    bypass_all_match = BYPASS_ALL_RE.search(text)
+    if bypass_all_match:
+        reason = bypass_all_match.group(1) or "<no reason given>"
+        print(
+            f"[brutaler-anwalt] BYPASS-ALL aktiv in {file_path}: {reason!r}. "
+            f"Alle Quality-Gates uebersprungen — User-eigene Verantwortung.",
+            file=sys.stderr,
+        )
+        return 0
+    bypass_disclaimer = bool(BYPASS_DISCLAIMER_RE.search(first_lines))
+    # Gate 1: Disclaimer (non-blocking warn)
+    if not bypass_disclaimer and (
+        not DISCLAIMER_HEAD.search(first_lines) or not DISCLAIMER_BODY.search(first_lines)
+    ):
+        print(
+            f"[brutaler-anwalt] WARNUNG: {file_path} fehlt der verpflichtende "
+            f"Disclaimer-Block (Haftungsausschluss + Keine Rechtsberatung / RDG §2) "
+            f"in den ersten 40 Zeilen.",
+            file=sys.stderr,
+        )
+        print(
+            "[brutaler-anwalt] Vorlage:\n"
+            "  > **Haftungsausschluss**: Diese Analyse ist keine Rechtsberatung\n"
+            "  > i.S.d. § 2 RDG und ersetzt keinen zugelassenen Rechtsanwalt.",
+            file=sys.stderr,
+        )
+    # Gate 2: Finding-ID-Uniqueness (blocking)
+    ids = FINDING_ID_RE.findall(text)
+    seen: set[str] = set()
+    dupes: set[str] = set()
+    for fid in ids:
+        if fid in seen:
+            dupes.add(fid)
+        seen.add(fid)
+    if dupes:
+        print(
+            f"[brutaler-anwalt] FEHLER: {file_path} enthaelt doppelte Finding-IDs: "
+            f"{sorted(dupes)}. Findings muessen eindeutig durchnummeriert sein.",
+            file=sys.stderr,
+        )
+        exit_code = 2
+    # Gate 3: Az.-Provenance (blocking)
+    is_json = file_path.endswith(".json")
+    unsourced_az = collect_unsourced_az(text, is_json=is_json)
+    suspicious_az = collect_suspicious_az(text)
+    if unsourced_az:
+        print(
+            f"[brutaler-anwalt] FEHLER: {file_path} enthaelt {len(unsourced_az)} "
+            f"Az. ohne Source-Marker (SKILL.md §5 Az.-Provenance-Pflicht):",
+            file=sys.stderr,
+        )
+        for az_str, line_no in unsourced_az[:10]:
+            print(f"  - Zeile {line_no}: {az_str!r}", file=sys.stderr)
+        if len(unsourced_az) > 10:
+            print(f"  ... ({len(unsourced_az) - 10} weitere)", file=sys.stderr)
+        print(
+            "[brutaler-anwalt] Markiere jede Az. mit einem der Tags:\n"
+            "  [primary-source-verified]   — Az. aus juris/curia/dejure-Volltext verifiziert\n"
+            "  [secondary-source-verified] — Az. aus etablierter Sekundaerquelle (medien-internet-und-recht etc.)\n"
+            "  [ungeprueft, manuelle Verifikation vor Schriftsatz erforderlich] — Skill konnte nicht verifizieren\n"
+            "Oder fuege die Source-URL in der selben oder Folgezeile ein.",
+            file=sys.stderr,
+        )
+        exit_code = 2
+    if suspicious_az:
+        print(
+            f"[brutaler-anwalt] HALLUZINATIONS-VERDACHT: {file_path} enthaelt "
+            f"{len(suspicious_az)} Az. mit Placeholder-Pattern (1234/22, 9999/22 etc.):",
+            file=sys.stderr,
+        )
+        for az_str, line_no in suspicious_az[:5]:
+            print(f"  - Zeile {line_no}: {az_str!r}", file=sys.stderr)
+        print(
+            "[brutaler-anwalt] WebFetch zur Volltext-Verifikation pflicht "
+            "(SKILL.md §5c). Bei keinem Treffer: Az. aus Output entfernen.",
+            file=sys.stderr,
+        )
+        exit_code = 2
+    return exit_code
+def collect_unsourced_az(text: str, is_json: bool = False) -> list[tuple[str, int]]:
+    """
+    Liefert alle Az.-Treffer, denen ein Source-Marker fehlt.
+    Source-Marker = explicit-tag ODER bekannte Quelle-URL ODER Reference-File-Pfad
+    in derselben Zeile oder den N folgenden Zeilen (markdown=3, json=8).
+    Per-Finding-Bypass: HTML-Comment `<!-- brutaler-anwalt: bypass-az-check -->`
+    in der selben Zeile oder den 2 vorausgehenden Zeilen blockt den Check.
+    JSON-Files: source_url-Felder liegen oft 4-6 Zeilen entfernt vom Az. (Schema-
+    struktur). Daher groesseres Window fuer JSON.
+    """
+    lines = text.splitlines()
+    findings: list[tuple[str, int]] = []
+    window_size = 10 if is_json else 4
+    for i, line in enumerate(lines):
+        for pat in AZ_PATTERNS:
+            for match in pat.finditer(line):
+                az_str = match.group(0)
+                window = "\n".join(lines[i:min(i + window_size, len(lines))])
+                if SOURCE_MARKER_RE.search(window):
+                    continue
+                if "references/bgh-urteile.md" in window:
+                    continue
+                if "bgh-urteile.md" in window:
+                    continue
+                bypass_window = "\n".join(lines[max(0, i - 2):i + 2])
+                if BYPASS_AZ_CHECK_RE.search(bypass_window):
+                    continue
+                findings.append((az_str, i + 1))
+    return findings
+def collect_suspicious_az(text: str) -> list[tuple[str, int]]:
+    """Az. mit verdaechtigen Placeholder-Patterns (1234/22, 9999/22)."""
+    lines = text.splitlines()
+    findings: list[tuple[str, int]] = []
+    for i, line in enumerate(lines):
+        for pat in AZ_PATTERNS:
+            for match in pat.finditer(line):
+                az_str = match.group(0)
+                for suspicious in SUSPICIOUS_AZ_PLACEHOLDERS:
+                    if suspicious.search(az_str):
+                        bypass_window = "\n".join(lines[max(0, i - 2):i + 2])
+                        if BYPASS_AZ_CHECK_RE.search(bypass_window):
+                            continue
+                        findings.append((az_str, i + 1))
+                        break
+    return findings
+if __name__ == "__main__":
+    sys.exit(main())

package/skills/compliance/aegis-native/brutaler-anwalt/hooks/prompt_submit.py ADDED Viewed

@@ -0,0 +1,144 @@
+#!/usr/bin/env python3
+"""
+UserPromptSubmit-Hook fuer brutaler-anwalt (v4.3.0+).
+Regex-matcht User-Prompt gegen Trigger aus hooks/triggers.json.
+Bei Match: laedt die zugeordneten reference-Files und injiziert sie
+als additionalContext. Spart vs. Vollload des References-Trees
+typisch 70-90% Tokens pro Audit.
+Halt-Condition: wenn KEIN Trigger matcht und der Prompt offensichtlich
+ein Audit-Auftrag ist (Keywords: audit, compliance, dsgvo, abmahnung),
+laed wir als Fallback `audit-patterns.md` immer.
+Disable: set BRUTALER_ANWALT_HOOK_DISABLE=1 in env.
+"""
+from __future__ import annotations
+import json
+import os
+import re
+import sys
+AUDIT_FALLBACK_KEYWORDS = re.compile(
+    r"\b(audit|compliance|dsgvo|abmahn|datenschutz|impressum|cookie|agb|"
+    r"avv|drittland|consent|uwg|nis2|ai-act|dsa|tdddg|ttdsg|gobd|art-9|"
+    r"art-13|art-15|art-83|datenpanne|breach|brutaler|anwalt)\b",
+    re.IGNORECASE,
+)
+AUDIT_FALLBACK_FILES = ["audit-patterns.md", "dsgvo.md", "bgh-urteile.md"]
+MAX_FILES_PER_PROMPT = 8
+MAX_BYTES_PER_FILE = 80_000
+def main() -> int:
+    if os.environ.get("BRUTALER_ANWALT_HOOK_DISABLE") == "1":
+        return 0
+    if hasattr(sys.stdout, "reconfigure"):
+        sys.stdout.reconfigure(encoding="utf-8")
+    if hasattr(sys.stdin, "reconfigure"):
+        sys.stdin.reconfigure(encoding="utf-8")
+    skill_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+    triggers_path = os.path.join(skill_root, "hooks", "triggers.json")
+    refs_dir = os.path.join(skill_root, "references")
+    if not os.path.isfile(triggers_path):
+        return 0
+    prompt = ""
+    try:
+        raw = sys.stdin.read()
+        if raw.strip():
+            data = json.loads(raw)
+            prompt = data.get("prompt", "") or ""
+    except Exception:
+        return 0
+    if not prompt:
+        return 0
+    try:
+        with open(triggers_path, "r", encoding="utf-8") as f:
+            cfg = json.load(f)
+    except Exception:
+        return 0
+    matched_files: list[str] = []
+    seen: set[str] = set()
+    matched_triggers: list[str] = []
+    for trigger in cfg.get("triggers", []):
+        pattern = trigger.get("pattern", "")
+        name = trigger.get("name", "<unnamed>")
+        if not pattern:
+            continue
+        try:
+            if re.search(pattern, prompt, re.IGNORECASE):
+                matched_triggers.append(name)
+                for rel in trigger.get("files", []):
+                    if rel not in seen:
+                        seen.add(rel)
+                        matched_files.append(rel)
+        except re.error:
+            continue
+    if not matched_files and AUDIT_FALLBACK_KEYWORDS.search(prompt):
+        for rel in AUDIT_FALLBACK_FILES:
+            if rel not in seen:
+                seen.add(rel)
+                matched_files.append(rel)
+        matched_triggers.append("<fallback-audit>")
+    if not matched_files:
+        return 0
+    if len(matched_files) > MAX_FILES_PER_PROMPT:
+        matched_files = matched_files[:MAX_FILES_PER_PROMPT]
+    blocks: list[str] = []
+    for rel in matched_files:
+        full = os.path.join(refs_dir, rel.replace("/", os.sep))
+        if not os.path.isfile(full):
+            blocks.append(
+                f"### references/{rel}\n\n"
+                f"> [Hinweis] Reference-File noch nicht angelegt.\n"
+            )
+            continue
+        try:
+            with open(full, "r", encoding="utf-8") as f:
+                content = f.read(MAX_BYTES_PER_FILE)
+                if os.path.getsize(full) > MAX_BYTES_PER_FILE:
+                    content += (
+                        f"\n\n> [Hinweis] File >{MAX_BYTES_PER_FILE} bytes — "
+                        "Inhalt abgeschnitten. Manueller `Read`-Tool-Aufruf "
+                        "fuer Volltext."
+                    )
+        except Exception as e:
+            content = f"> [Lese-Fehler] {e}"
+        blocks.append(f"### references/{rel}\n\n{content}\n")
+    header = (
+        "# brutaler-anwalt — On-Demand-KB-Chunks (via UserPromptSubmit-Hook)\n\n"
+        f"Trigger gefeuert: {', '.join(matched_triggers)}\n"
+        f"Geladene Files: {len(matched_files)}\n\n"
+        "Nutze diese als Primaer-Referenz fuer den aktuellen Prompt. "
+        "Wenn Luecken: manueller `Read` auf weitere references/ oder "
+        "WebFetch (Tier-1-Allowlist in settings.json).\n\n---\n\n"
+    )
+    out = {
+        "hookSpecificOutput": {
+            "hookEventName": "UserPromptSubmit",
+            "additionalContext": header + "\n\n---\n\n".join(blocks),
+        }
+    }
+    print(json.dumps(out, ensure_ascii=False))
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())

package/skills/compliance/aegis-native/brutaler-anwalt/hooks/session_start.py ADDED Viewed

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+"""
+SessionStart-Hook fuer brutaler-anwalt (v4.3.0+).
+Laedt einen schlanken INDEX (~5 KB) aus references/INDEX.md statt
+des kompletten 5056-Zeilen-References-Trees. Volltext-Chunks werden
+on-demand per UserPromptSubmit-Hook geladen, wenn Keywords matchen.
+Disable: set BRUTALER_ANWALT_HOOK_DISABLE=1 in env.
+"""
+from __future__ import annotations
+import json
+import os
+import sys
+def main() -> int:
+    if os.environ.get("BRUTALER_ANWALT_HOOK_DISABLE") == "1":
+        return 0
+    if hasattr(sys.stdout, "reconfigure"):
+        sys.stdout.reconfigure(encoding="utf-8")
+    skill_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+    index_path = os.path.join(skill_root, "references", "INDEX.md")
+    if not os.path.isfile(index_path):
+        return 0
+    try:
+        with open(index_path, "r", encoding="utf-8") as f:
+            content = f.read()
+    except Exception:
+        return 0
+    header = (
+        "# brutaler-anwalt — Reference-INDEX (via SessionStart-Hook)\n\n"
+        "**Volltext-Inhalte werden on-demand geladen**, wenn dein Prompt "
+        "passende Keywords enthaelt (siehe `hooks/triggers.json`).\n"
+        "Manuelles Laden: `Read references/<file>.md`.\n\n"
+        "Bei Audit-Start IMMER zuerst `references/audit-patterns.md` laden "
+        "(SKILL.md Schritt 0).\n\n---\n\n"
+    )
+    out = {
+        "hookSpecificOutput": {
+            "hookEventName": "SessionStart",
+            "additionalContext": header + content,
+        }
+    }
+    print(json.dumps(out, ensure_ascii=False))
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())