npm - @aegis-scan/skills - Versions diffs - 0.5.1 → 0.5.3 - Mend

@aegis-scan/skills 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/skills",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",

package/sbom.cdx.json CHANGED Viewed

	@@ -1 +1 @@
1	- {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:~~c5ddd6fa~~-~~6966~~-~~4fc7~~-~~8d54~~-~~527af50a71ca~~","version":1,"metadata":{"timestamp":"2026-05-~~16T08~~:07:~~16Z~~","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.5.1","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.5.1","bom-ref":"pkg:npm/@aegis-scan/skills@0.5.1","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.5.1"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-~~16T08~~:07:~~16Z~~","text":"This Software Bill-of-Materials (SBOM) document was created on Saturday, May 16, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.5.1'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}
1	+ {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:a4ea7b15-86a5-4299-b3ac-9c257a0e773c","version":1,"metadata":{"timestamp":"2026-05-16T10:55:14Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.5.3","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.5.3","bom-ref":"pkg:npm/@aegis-scan/skills@0.5.3","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.5.3"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-16T10:55:14Z","text":"This Software Bill-of-Materials (SBOM) document was created on Saturday, May 16, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.5.3'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}

package/skills/compliance/aegis-native/brutaler-anwalt/CHANGELOG.md CHANGED Viewed

@@ -721,7 +721,7 @@ protocol-resolved)**:
 > **Release-Candidate** fuer Million-Euro-Tier (HANDOVER-MILLION-EURO-TIER-2026-05-02.md).
 > Coverage-Maxout EU/DE-Recht 2024-2026 + Provenance-Skala + Battle-Test Round 1/3.
-> NICHT bundle-ready fuer OSS-Release ohne LO-Authorisierung — `secondary-source-derived`
+> NICHT bundle-ready fuer OSS-Release ohne Maintainer-Authorisierung — `secondary-source-derived`
 > Files brauchen v4.0.0-rc.2 Primary-Source-Verifikations-Pass.
 >
 > **Status**: Health-Check 6/6 ✓ · 60 Az. mit 100% Source-Coverage · 3 Findings dokumentiert
@@ -796,12 +796,12 @@ protocol-resolved)**:
 - Pipefail-Bug in `grep -v` ohne Match in Subshell gefixt mit `|| true`.
 - Status: **6/6 Checks ✓ EXIT 0**.
-### Phase F — Sanitize-Pass (vorbereitet, Push pending LO-Auth)
+### Phase F — Sanitize-Pass (vorbereitet, Push pending Maintainer-Auth)
 - Brand-Hygiene: 0 Treffer fuer alle bekannten Codenames (Liste in `scripts/health-check.sh` Brand-Leak-Pattern; nicht hier zitieren).
 - Templates anonymisiert: 0 Treffer.
 - README + LICENSE + CHANGELOG OSS-bundle-ready.
-- **NICHT push** ohne LO-Authorisierung (Handover-Hard-Constraint).
+- **NICHT push** ohne Maintainer-Authorisierung (Handover-Hard-Constraint).
 ### Verification-Status (offen — auf v4.0.0-rc.2)

package/skills/compliance/aegis-native/brutaler-anwalt/README.md CHANGED Viewed

@@ -14,7 +14,7 @@ Health-Check 10/10 ✓ · 60 Az. mit 100% Source-Coverage · 14 EU/DE-Verordnung
 vor Mandanten-Citation** (siehe `references/gesetze/VERIFICATION-STATUS.md`).
 > **AEGIS-Integration**: dieser Skill ist Teil der AEGIS-OSS-Suite und wird via `@aegis-scan/skills` distributed.
-> Vollstaendige Standalone-Plugin-Installation siehe `HANDOVER-LO-LIVE-VERIFICATION-2026-05-15.md`.
+> Standalone-Plugin-Installation: see top-level [AEGIS README](https://github.com/RideMatch1/a.e.g.i.s).
 ---

package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VERIFICATION-NOTES.md CHANGED Viewed

@@ -23,7 +23,7 @@ Hintergrund: WebFetch konnte in dieser Session NICHT auf `gesetze-im-internet.de
 **Folge**: Die `Top-Az.`-Sections in den 25 audit-relevance.md-Dateien wurden überwiegend aus Domain-Wissen befüllt — ohne Verifikation. Das ist eine Verletzung der Task-Disziplin.
-**LO-Memory-Bezug**: `feedback_brutaler_anwalt_model_knowledge_drifts.md` dokumentiert genau dieses Risiko (3 Konflations-Fehler beim v4.0.0-rc.1-Spot-Check). Diese Lieferung läuft in dasselbe Risiko.
+**Maintainer-Hinweis**: vergangene Spot-Checks haben gezeigt, dass Modell-Wissen ohne Source-Verifikation zu Konflations-Fehlern führt (Beispiel-Klasse: Sanktions-Stufen / Meldefristen / Bußgeld-Empfänger werden konfundiert). Diese Lieferung läuft in dasselbe Risiko.
 ---

package/skills/compliance/aegis-native/brutaler-anwalt/HANDOVER-LO-LIVE-VERIFICATION-2026-05-15.md DELETED Viewed

@@ -1,187 +0,0 @@
-# Handover — Live-Verification der v4.3.0 durch LO
-> **Status**: v4.3.0 ist **infrastructure-complete + autonomously-verified**.
-> Awaiting **Live-Verification + GitHub-Push** fuer full `100% verified` Label.
-> Geschrieben am 2026-05-15 nach autonomem 19-F-Item-Sprint mit 2-Pass-Advisor-Loop.
-> Diese 3 Items KOENNEN nicht vom Agent erledigt werden — sie brauchen LO als Operator.
----
-## 🎯 LO Action Items (15-20 Minuten)
-### 1) Claude Code Restart
-**Wichtig**: Quit + Reopen, **nicht** nur Fenster schliessen. Plugin-Manifest wird nur
-beim Cold-Start gelesen.
-```
-Cmd+Q (oder System-Quit) → Claude Code von vorn oeffnen
-```
-### 2) Hook-System verifizieren (3 Sub-Tests)
-#### 2a) SessionStart-Hook
-Beim ersten Skill-Aufruf in einer neuen Session: siehst du im Context-Window einen
-Block `# brutaler-anwalt — Reference-INDEX (via SessionStart-Hook)`?
-- **Ja** ✓ → SessionStart-Hook firet
-- **Nein** ✗ → entweder plugin.json nicht gefunden, oder Hook-Format ist anders als von Doku erwartet
-#### 2b) UserPromptSubmit-Hook
-Sage zu Claude:
-```
-Audit DSGVO Datenschutzerklärung gegen Drittland-Pflichten
-```
-Erwartung: Claude antwortet mit konkreten Inhalten aus `references/dsgvo.md` +
-`references/audit-patterns.md` + `references/bgh-urteile.md` ohne dass du diese
-Files manuell vorab gelesen hast. Der Context sollte am Anfang einen Block
-`# brutaler-anwalt — On-Demand-KB-Chunks` enthalten.
-- **Ja** ✓ → UserPromptSubmit-Hook firet + KB-Routing funktioniert
-- **Nein** ✗ → Hook firet nicht, KB-Files nicht auto-loaded
-#### 2c) PostWrite-Hook (kritischster Test — Az.-Provenance-Pflicht)
-Sage zu Claude:
-```
-Erstelle audits/test-hook.md mit Inhalt:
-# Test
-> Haftungsausschluss: Keine Rechtsberatung i.S.d. § 2 RDG.
-## Finding F-001
-Verweis auf BGH I ZR 1234/22 ohne Source (das ist ein Placeholder-Pattern)
-```
-Erwartung: der Write-Versuch wird mit Exit-Code 2 geblockt. Du siehst stderr-
-Output mit `[brutaler-anwalt] HALLUZINATIONS-VERDACHT: ...`. Die Datei wird NICHT
-geschrieben.
-- **Ja** ✓ → PostWrite-Hook firet + Hallucination-Defense funktioniert
-- **Nein** ✗ → Hook firet nicht, Az.-Provenance-Pflicht ist NUR Skill-Logic, nicht enforced
-### 3) Jeden neuen Slash-Command einmal invoken
-Diese Commands existieren als Markdown-Definitionen, aber wurden noch nie wirklich
-ausgefuehrt. **Authoring-Cycle First-Application-Risk** ist real.
-#### 3a) `/anwalt:az-verify BGH I ZR 113/20`
-Erwartung: 3-Stufen-Verification-Output mit Stufen-Ergebnissen + Final-Verdict
-`VERIFIED` fuer dieses Az. (es ist in references/bgh-urteile.md mit Source-URL).
-#### 3b) `/anwalt:cold-start` in einem Test-Projekt
-Z.B. in einem Hundementor- oder Seitengold-Branch. Erwartung: Interview-Flow +
-Auto-Detection aus package.json + Profile-File `.brutaler-anwalt/profile.md`.
-#### 3c) `/anwalt:health`
-Erwartung: 10/10 Checks + Final-Verdict `✓ Health-Check passed`.
-#### 3d) Optional spaeter: `/anwalt:audit` in einem echten Projekt
-Das ist der eigentliche Test ob das ganze System zusammenspielt.
----
-## 🚀 Distribution via AEGIS (canonical, kein Standalone-Repo)
-> **Update 2026-05-15**: Standalone-GitHub-Repo-Pfad wurde verworfen. Skill ist
-> jetzt vollstaendig in AEGIS-Repo integriert unter
-> `packages/skills/skills/compliance/aegis-native/brutaler-anwalt/`.
-> Der lokale Pfad `~/.claude/skills/brutaler-anwalt` ist ein Symlink auf
-> diese AEGIS-Location — Updates am Skill werden also direkt am AEGIS-Branch
-> gemacht.
-### Workflow
-1. Aenderungen am Skill: direkt in `packages/skills/skills/compliance/aegis-native/brutaler-anwalt/` editieren
-2. Verifikation lokal: `bash <skill-dir>/scripts/health-check.sh` + `bash <skill-dir>/scripts/test-triggers.sh`
-3. Commit per `feat(skills): F-...`-Pattern (AEGIS per-F-protocol)
-4. Push auf `main` (AEGIS-Repo)
-5. AEGIS `publish-skills` CI feuert auf `skills-v*`-Tag — bundled das skills-package mit allen Support-Artifacts (per Skill-Support-Artifact Convention 2026-05-15)
-### Verifikation der CI-Konfiguration
-```bash
-# Lokale Simulation der CI-Invariant-Pruefung:
-find packages/skills/skills -type f ! -name '*.md' \
-  ! -name 'LICENSE' ! -name 'settings.json' ! -name 'streitwerte.json' \
-  ! -path '*/scripts/*.sh' ! -path '*/hooks/*.py' ! -path '*/hooks/*.json' \
-  ! -path '*/.claude-plugin/*.json' ! -path '*/templates/*.example' \
-  ! -path '*/__pycache__/*' ! -name '*.pyc'
-# Erwartung: keine Output-Zeilen (= Invariant haelt)
-```
-### CI-Workflow `.github/workflows/health.yml`
-Existiert als Per-Skill-Workflow im Skill-Verzeichnis, ist im AEGIS-Context aber
-nicht funktional (GitHub-Actions schaut nur in Repo-Root `.github/`). Bleibt als
-Referenz erhalten falls der Skill irgendwann doch separat published wird.
----
-## 📋 Was JETZT (vor Live-Verification) NICHT belastbar ist
-- „Hooks feuern in der Produktion" — nur Standalone-Python-Tests gemacht (PostWrite-Hook
-  ist jedoch durch realen Customer-Audit Dog-Food-getestet — siehe Battle-Test-Section)
-- „Slash-Commands funktionieren end-to-end" — keiner wurde echt invoked durch Claude-Code-UI
-- AEGIS-Integration done: Skill am canonical-Pfad + Symlink in `~/.claude/skills/`
-## ✅ Was AUCH OHNE Live-Verification belastbar ist
-- 11/11 streitwerte.json Az.-Anker sind im bgh-urteile.md cross-verified
-- 40/40 Trigger-Regression-Tests bestanden
-- 10/10 Health-Check (Brand-Scrub + Az.-Provenance + Verzeichnis + Hooks-Syntax + Plugin-Schema + WebFetch-Allowlist + ReDoS-Audit)
-- Path-Traversal-Defense + Max-Size-Cap (5MB) verifiziert
-- Hook-Matcher-Syntax `"Write|Edit|MultiEdit"` gegen offizielle Doku (code.claude.com) verifiziert: korrekt als „exact-string-OR-list"
-- Battle-Test gegen 4 reale Audit-Files: Hook faengt **60+ historisch-unsourced Az.** (= valid detection, kein FP)
-- 37 Triggers + 49 WebFetch-Tier-1/2-Domains kuratiert
-- 7 Slash-Commands dokumentiert + im Plugin-Manifest registriert
-- CHANGELOG ehrlich gefuehrt mit allen Phase-1-bis-4 Items
----
-## 🧾 Konkurrenz-Stand nach v4.3.0
-| Feature | brutaler-anwalt v4.3.0 | claude-for-legal (Anthropic) | legal-audit-de | lawbster-mcp |
-|---|---|---|---|---|
-| Adversarial Posture | ✓✓ 5-Persona + Devil's-Advocate + Live-Probe | ✗ explizit excluded | ⚠️ Issue-Spotting | n/a |
-| DE/EU-Tiefe | ✓✓ 14 EU-Verord. + 23 DE-Gesetze + 60 Az. + EUDR + DataAct + CRA + EHDS | ⚠️ GDPR-Sekundaer | ✓ DE/EU-only | ✓ Corpus-Layer |
-| €-Schadens-Quantifizierung | ✓✓ %-Wahrsch. + EUR-Range + Abmahn-Simulation + strukturierte streitwerte.json | ✗ keine | ✗ Severity-CRIT/HIGH/MED/LOW | n/a |
-| Az.-Provenance-Pflicht | ✓✓ 3-Layer (Logic + Permission + Output-Gate + JSON-aware) | ⚠️ `[verify]`-Flag | ⚠️ Tier-1-Whitelist | ✓ Corpus-verified |
-| Hook-System | ✓ 3 Hooks (Session/Prompt/Write) + Bypass-Comment | ⚠️ skill-only | ✓ 3 Hooks | ✗ |
-| Killer-Commands | ✓✓ `/az-verify` + `/dsar-respond` + `/avv-redline` + `/audit` + `/simulate` + `/cold-start` + `/health` | ⚠️ US-aequivalent | ⚠️ 8 grundlegende | ✗ keine |
-| Branchen-Layer | ✓✓ HWG/MPDG/BORA/FernUSG/Spa/MedTech/Finance/Agritech-EUDR/Health-EHDS | ⚠️ US-Sektoren | ⚠️ basic | n/a |
-| AEGIS-Scanner-Integration | ✓✓ native | ✗ | ✗ | ✗ |
-| Lizenz | MIT (OSS-frei) | Apache-2 (OSS-frei) | MIT (OSS-frei) | MIT (paid SaaS) |
-**Verdict**: brutaler-anwalt steckt — *sobald LO Live-Verification gemacht hat* — alle 3 Konkurrenz-Repos sauber in die Tasche.
----
-## ⚠️ Warning Labels die NICHT entfernt werden bevor Live-Verification gruen
-- README `**Version:** 4.3.0` ist korrekt
-- Status `Health-Check 10/10 ✓` ist korrekt
-- ABER: `production-ready` Label bleibt OFF bis 2c + 3a/3b/3c gruen sind
-- Erst wenn LO bestaetigt: dann kann der Tag `v4.3.0-verified` gepusht werden + production-ready-Status
----
-## Sign-Off (zu fuellen von LO)
-```
-[ ] 2a SessionStart-Hook firet           → ja / nein / unklar
-[ ] 2b UserPromptSubmit-Hook firet       → ja / nein / unklar
-[ ] 2c PostWrite-Hook firet + blockt     → ja / nein / unklar
-[ ] 3a /anwalt:az-verify funktioniert    → ja / nein / unklar
-[ ] 3b /anwalt:cold-start funktioniert   → ja / nein / unklar
-[ ] 3c /anwalt:health funktioniert       → ja / nein / unklar
-[ ] GitHub-Repo erstellt + push gruen    → ja / nein / unklar
-```
-Wenn alle 7 ✓: tag `v4.3.0` + push tag, dann ist Status echt **100% verified und ready**.
----
-Geschrieben: 2026-05-15
-Session: autonom non-stop, 19 F-Items, 2-Pass-Advisor-Loop
-Skill-Version: v4.3.0
-Standalone-Repo: ~/.claude/skills/brutaler-anwalt/ (git init'd, 2 commits)