@raishin/vanguard-frontier-agentic 2.0.1 → 2.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@raishin/vanguard-frontier-agentic",
-  "version": "2.0.1",
+  "version": "2.2.0",
   "description": "Cloud and zero-trust agentic workflow marketplace for skills, agents, rules, MCP references, and compliance-aware architecture.",
   "license": "Apache-2.0",
   "repository": {
@@ -56,6 +56,9 @@
     "validate:multi-harness-marketplace": "python3 tests/validate-multi-harness-marketplace.py",
     "validate:codex-marketplace": "python3 tests/validate-codex-marketplace.py",
     "validate:finops-fixtures": "python3 tests/validate-finops-price-fixtures.py",
+    "validate:readme-counts": "node tests/validate-readme-counts.mjs",
+    "validate:qa-cluster": "node tests/eval-qa-cluster.mjs",
+    "readme-counts:write": "node scripts/generate-readme-counts.mjs",
     "test:marketplace-validators": "python3 tests/test-marketplace-validators.py",
     "maestro-routing:write": "python3 tests/_generate_maestro_routing_fixtures.py",
     "plugin-manifest:write": "node scripts/generate-plugin-manifest.mjs",
@@ -66,7 +69,7 @@
     "test:gemini-bundling": "python3 tests/test-gemini-skill-bundling.py",
     "test:cursor-kiro-notices": "node tests/export-cursor-kiro-skill-notice.test.mjs",
     "test:fuzz": "node tests/fuzz-properties.test.mjs",
-    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:allowed-tools && npm run validate:skill-schema && npm run validate:agent-schema && npm run validate:links && npm run validate:asset-integrity && npm run validate:mcp-trust-matrix && npm run validate:no-lifecycle-scripts && npm run validate:promotion-gatekeeper && npm run validate:install-coverage && npm run validate:maestro-routing && npm run validate:plugin-manifest && npm run validate:kiro-powers && npm run validate:multi-harness-marketplace && npm run validate:codex-marketplace && npm run validate:finops-fixtures",
+    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:allowed-tools && npm run validate:skill-schema && npm run validate:agent-schema && npm run validate:links && npm run validate:asset-integrity && npm run validate:mcp-trust-matrix && npm run validate:no-lifecycle-scripts && npm run validate:promotion-gatekeeper && npm run validate:install-coverage && npm run validate:maestro-routing && npm run validate:plugin-manifest && npm run validate:kiro-powers && npm run validate:multi-harness-marketplace && npm run validate:codex-marketplace && npm run validate:finops-fixtures && npm run validate:readme-counts && npm run validate:qa-cluster",
     "release:sbom": "command -v syft >/dev/null 2>&1 && syft scan dir:. -o spdx-json=sbom.spdx.json || echo 'syft not installed; SBOM is generated in CI by anchore/sbom-action'",
     "lint:md": "npx --yes markdownlint-cli2 \"**/*.md\" \"#node_modules\" \"#.git\" \"#.code-review-graph\" \"#CHANGELOG.md\"",
     "lint:spell": "codespell",

package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-frontier-agentic",
-  "version": "2.0.1",
+  "version": "2.2.0",
   "description": "Curated marketplace for cloud and zero-trust AI workflows. 331 agents, 286 skills, and rules across AWS, Azure, OCI, GCP, Alibaba Cloud, Huawei Cloud, Kubernetes, and Terraform.",
   "author": {
     "name": "Raishin",

package/scripts/generate-readme-counts.mjs

@@ -0,0 +1,162 @@
+#!/usr/bin/env node
+/**
+ * Generate catalog counts and inject them into README.md.
+ *
+ * Counts:
+ *   skills    = SKILL.md files under skills/ (recursive)
+ *   agents    = metadata.json files under agents/ (recursive)
+ *   providers = distinct `provider` values across agents metadata files
+ *   roles     = keys under `.roles` in catalog/install-roles.json
+ *   rules     = length of JSON array in catalog/rules.json
+ *   mcp       = length of JSON array in catalog/mcp-references.json
+ *
+ * Mode:
+ *   (default)  overwrite README.md in place
+ *   --check    compare expected vs actual, exit 1 if stale, 0 if current
+ *
+ * Run: npm run readme-counts:write
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+const readmePath = path.join(repoRoot, "README.md");
+const check = process.argv.includes("--check");
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Recursively list all files under `dir`. Returns relative paths from `dir`. */
+function listFiles(dir) {
+  return fs.readdirSync(dir, { recursive: true }).map(String);
+}
+
+// ---------------------------------------------------------------------------
+// Compute counts
+// ---------------------------------------------------------------------------
+
+const skillFiles = listFiles(path.join(repoRoot, "skills"));
+const skillCount = skillFiles.filter((f) => f.endsWith("SKILL.md")).length;
+
+const agentFiles = listFiles(path.join(repoRoot, "agents"));
+const agentMetaFiles = agentFiles.filter((f) => f.endsWith("metadata.json"));
+const agentCount = agentMetaFiles.length;
+
+const allProviders = new Set();
+for (const f of agentMetaFiles) {
+  const fullPath = path.join(repoRoot, "agents", f);
+  const m = JSON.parse(fs.readFileSync(fullPath, "utf8"));
+  if (m.provider) allProviders.add(m.provider);
+}
+const providerCount = allProviders.size;
+
+const rolesData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "install-roles.json"), "utf8"),
+);
+const roleCount = Object.keys(rolesData.roles).length;
+
+const rulesData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "rules.json"), "utf8"),
+);
+const ruleCount = Array.isArray(rulesData) ? rulesData.length : 0;
+
+const mcpData = JSON.parse(
+  fs.readFileSync(path.join(repoRoot, "catalog", "mcp-references.json"), "utf8"),
+);
+const mcpCount = Array.isArray(mcpData) ? mcpData.length : 0;
+
+const counts = {
+  skills: skillCount,
+  agents: agentCount,
+  providers: providerCount,
+  roles: roleCount,
+  rules: ruleCount,
+  mcp: mcpCount,
+};
+
+// ---------------------------------------------------------------------------
+// Build the marker block
+// ---------------------------------------------------------------------------
+
+const markerBlock =
+  `<!-- readme-counts:start -->\n` +
+  `<!-- Generated by scripts/generate-readme-counts.mjs — do not edit by hand. Run: npm run readme-counts:write -->\n` +
+  `| Catalog | Count |\n` +
+  `| --- | --- |\n` +
+  `| Skills | ${skillCount} |\n` +
+  `| Agents | ${agentCount} |\n` +
+  `| Providers | ${providerCount} |\n` +
+  `| Install roles | ${roleCount} |\n` +
+  `| Rules | ${ruleCount} |\n` +
+  `| MCP references | ${mcpCount} |\n` +
+  `<!-- readme-counts:end -->`;
+
+// ---------------------------------------------------------------------------
+// Transform README content
+// ---------------------------------------------------------------------------
+
+function buildExpectedContent(original) {
+  let content = original;
+
+  // 1. Replace the marker block (markers preserved, inner content replaced)
+  const markerStartRe = /<!-- readme-counts:start -->[\s\S]*?<!-- readme-counts:end -->/;
+  if (markerStartRe.test(content)) {
+    content = content.replace(markerStartRe, markerBlock);
+  }
+
+  // 2. Replace inline count spans <!-- count:KEY -->OLDNUMBER<!-- /count -->
+  const inlineRe = /<!-- count:(skills|agents|providers|roles|rules|mcp) -->\d+<!-- \/count -->/g;
+  content = content.replace(inlineRe, (_, key) => {
+    return `<!-- count:${key} -->${counts[key]}<!-- /count -->`;
+  });
+
+  return content;
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+const original = fs.readFileSync(readmePath, "utf8");
+const expected = buildExpectedContent(original);
+
+if (check) {
+  if (original === expected) {
+    console.log("OK: README counts current");
+    process.exit(0);
+  }
+
+  // Print a basic diff-style report to stderr
+  const origLines = original.split("\n");
+  const expLines = expected.split("\n");
+  const maxLen = Math.max(origLines.length, expLines.length);
+  const diffLines = [];
+  for (let i = 0; i < maxLen; i++) {
+    const o = origLines[i];
+    const e = expLines[i];
+    if (o !== e) {
+      diffLines.push(`Line ${i + 1}:`);
+      if (o !== undefined) diffLines.push(`  - ${o}`);
+      if (e !== undefined) diffLines.push(`  + ${e}`);
+    }
+  }
+  process.stderr.write(
+    `ERROR: README.md counts are stale. Run: npm run readme-counts:write\n\n` +
+      diffLines.join("\n") +
+      "\n",
+  );
+  process.exit(1);
+} else {
+  if (original === expected) {
+    console.log("OK: README.md already up to date — no changes written.");
+  } else {
+    fs.writeFileSync(readmePath, expected, "utf8");
+    console.log(
+      `OK: README.md updated (skills=${skillCount}, agents=${agentCount}, ` +
+        `providers=${providerCount}, roles=${roleCount}, rules=${ruleCount}, mcp=${mcpCount})`,
+    );
+  }
+}

package/skills/cross-functional/legal-hr-case-capsule/README.md

@@ -0,0 +1,45 @@
+# 📦 Legal-HR Case Capsule
+
+The **case capsule** is the single, auditable handoff contract for Legal and HR agentic coordination. When a matter crosses a boundary — an HR investigation that needs privileged legal review, or a legal litigation hold that triggers an HR data freeze — the case capsule carries a structured, redacted payload between agents while preserving privilege, minimizing personal data, and recording the escalation path.
+
+## What is a case capsule?
+
+A 30-field structured handoff contract that:
+- **Carries facts and risk posture**, never an authorization or final decision
+- **Minimizes personal and sensitive data** through explicit redaction rules
+- **Preserves legal and HR privilege** with mandatory do-not-disclose markers
+- **Names one decision owner** — the human responsible for the next action
+- **Enforces a do-not-do list** — irreversible actions that are explicitly forbidden until human sign-off
+
+See [`SKILL.md`](SKILL.md) for the skill itself, and [`references/capsule-schema.md`](references/capsule-schema.md) for the complete 30-field specification, redaction rules, and a worked example.
+
+## Why a case capsule?
+
+Without a case capsule, agents would improvise handoffs — dumping raw case context, leaking personal data, losing track of who said what, and creating audit gaps. The case capsule is the guardrail: it enforces a shape, a payload contract, and a privilege boundary.
+
+Every handoff is auditable: an auditor, a regulator, or opposing counsel can trace exactly what facts moved between agents, why, and who approved the motion.
+
+## For Legal agents
+
+When your review reveals an HR issue (wrongful termination exposure, discrimination risk, retaliation red flag), you hand off to HR via a case capsule. The capsule says *"here's what I found, here are the privilege markers, here's who owns the next step, here's what we must NOT do without consent."*
+
+## For HR agents
+
+When your review reveals a legal issue (whistleblower report, conflict of interest, anti-bribery exposure), you hand off to Legal via a case capsule. The capsule carries the HR context without leaking the employee's medical history, protected-characteristic data, or confidential HR files.
+
+## Vault principles
+
+- **Redaction is mandatory.** Every field has a redaction rule; no field carries unredacted personal data unless explicitly required.
+- **Privilege is explicit.** Mandatory `attorney_client_privilege` and `work_product_doctrine` labels control what can be disclosed downstream.
+- **One human owner.** Every handoff names a single `decision_owner` (a real person's title or role) who is accountable for the next irreversible action.
+- **Refusal by default.** The case capsule carries a `do_not_do_list` — explicit, non-empty actions that are forbidden until human approval.
+
+## Cross-references
+
+- [`SKILL.md`](SKILL.md) — the skill prompt and scaffold for case-capsule composition
+- [`references/capsule-schema.md`](references/capsule-schema.md) — 30-field specification, redaction rules, worked example, and validation checklist
+- [`docs/architecture/legal-hr-agent-communication.md`](/docs/architecture/legal-hr-agent-communication.md) — cross-functional coordination principles, case capsule as the only channel, audit trail
+
+---
+
+*The case capsule is part of the vanguard frontier's cross-functional protocol layer. It enables agentic coordination that survives audit and legal scrutiny.*

package/skills/cross-functional/legal-hr-case-capsule/SKILL.md

@@ -0,0 +1,79 @@
+---
+name: legal-hr-case-capsule
+description: Use this skill when a Legal or HR agent must hand a matter to another agent and the context, uncertainty, evidence quality, privilege posture, and privacy posture must survive the handoff. It defines the shared legal-hr-case-capsule — a controlled, auditable exchange record with redacted identifiers, risk labels, privilege and privacy labels, a decision-owner field, and an explicit do-not-do list. It does not give legal or HR advice and does not authorize any action.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-18"
+  category: compliance
+  lifecycle: experimental
+---
+
+# Legal-HR Case Capsule
+
+## Purpose
+This skill defines the **legal-hr-case-capsule** — the single structured record
+that Legal and HR agents exchange when a matter crosses an agent boundary. The
+capsule exists so that no agent works in a silo, no context is lost in a
+handoff, and every cross-domain exchange is auditable. It is a data contract,
+not a decision: a capsule never approves, denies, or directs an action. It
+carries facts, uncertainty, risk posture, and an explicit decision owner.
+
+## When to use
+- A maestro agent routes a matter to one or more specialist agents.
+- A specialist agent escalates a matter that has crossed into another domain.
+- Any matter touches both Legal and HR risk and must be reviewed in parallel.
+- A matter must be paused and escalated to a human owner.
+
+## Core rules
+- Every cross-agent handoff MUST be expressed as a capsule. No free-form
+  agent-to-agent chatter.
+- Every capsule MUST name exactly one `decision_owner` (an accountable human)
+  and exactly one `primary_agent`.
+- Every capsule MUST carry a `do_not_do_list`. An empty list is not acceptable;
+  if nothing is prohibited, the capsule is not ready to send.
+- Every capsule MUST label `privilege_sensitivity` and `privacy_sensitivity`.
+- Identifiers MUST be redacted to the minimum necessary. Use role and
+  business-unit references, not names, government IDs, or contact details.
+- A capsule records uncertainty honestly: `assumptions`, `inferences`, and
+  `missing_evidence` are mandatory fields, not optional.
+- A capsule never states "this is legal", "this is compliant", or "this action
+  is approved". `risk_rating` uses risk language only.
+- High-risk cross-domain capsules MUST set `escalation_required: true` and
+  `recommended_next_action` to a pause-and-escalate posture unless documented
+  controls already exist.
+
+## Capsule field set
+The capsule has 30 required fields. See
+[references/capsule-schema.md](references/capsule-schema.md) for the full field
+definitions, allowed values, and redaction rules. Summary:
+
+- Identity and routing: `case_id`, `source_agent`, `receiving_agent`,
+  `primary_agent`, `secondary_agents`, `matter_type`,
+  `employee_or_party_identifiers_redacted`, `jurisdiction_or_location_if_known`,
+  `business_unit`, `timeline`.
+- Evidence discipline: `facts`, `allegations`, `assumptions`, `inferences`,
+  `missing_evidence`, `evidence_quality`.
+- Risk posture: `risk_rating`, `privilege_sensitivity`, `privacy_sensitivity`,
+  `retaliation_risk`, `discrimination_or_harassment_risk`, `regulatory_risk`,
+  `litigation_hold_needed`, `data_minimization_notes`.
+- Ownership and action: `decision_owner`, `human_approval_required`,
+  `escalation_required`, `recommended_next_action`, `do_not_do_list`,
+  `audit_log_summary`.
+
+## References
+Load only when needed:
+- [Capsule schema and redaction rules](references/capsule-schema.md) — full
+  field-by-field contract, allowed values, and worked example.
+
+## Security notes
+- The capsule is a minimum-necessary record. Never widen it to carry medical
+  records, government IDs, credentials, privileged email text, or
+  protected-class data beyond what the matter strictly requires.
+- A capsule that would extend the circulation of privileged or investigation
+  material must be narrowed before it is sent; flag privilege explicitly.
+- The capsule never authorizes action. Any field that reads as a directive to
+  terminate, discipline, settle, file, notify a regulator, or send an employee
+  communication is a defect — rewrite it as a recommendation with a named human
+  owner.

package/skills/cross-functional/legal-hr-case-capsule/metadata.json

@@ -0,0 +1,19 @@
+{
+  "id": "legal-hr-case-capsule",
+  "name": "Legal-HR Case Capsule",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Shared, auditable handoff contract for Legal and HR agents — a redacted case capsule carrying facts, uncertainty, evidence quality, risk labels, privilege and privacy posture, a named decision owner, and an explicit do-not-do list. Does not give legal or HR advice.",
+  "source_type": "original",
+  "official_docs": [
+    "https://www.nist.gov/privacy-framework",
+    "https://www.eeoc.gov",
+    "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
+  ],
+  "security_notes": "Defines a minimum-necessary handoff record; never carries medical records, government IDs, credentials, privileged email text, or protected-class data beyond what the matter requires. Never authorizes action; flags privilege and privacy posture and routes decisions to a named human owner.",
+  "last_verified": "2026-05-18",
+  "path": "skills/cross-functional/legal-hr-case-capsule",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/cross-functional/legal-hr-case-capsule/references/capsule-schema.md

@@ -0,0 +1,110 @@
+# Legal-HR Case Capsule — Schema and Redaction Rules
+
+The capsule is the only sanctioned cross-agent handoff record. It has 30
+required fields. A capsule with any field omitted, blank, or set to a
+placeholder is not ready to send.
+
+## Field definitions
+
+### Identity and routing
+
+| Field | Type | Rule |
+|---|---|---|
+| `case_id` | string | Stable opaque identifier. No employee name, no email. |
+| `source_agent` | string | Agent id that produced this capsule. |
+| `receiving_agent` | string | Agent id this capsule is handed to. |
+| `primary_agent` | string | The single agent accountable for synthesis. Exactly one. |
+| `secondary_agents` | string[] | Agents running parallel review. May be empty. |
+| `matter_type` | enum | See risk taxonomy `matter_type` values. |
+| `employee_or_party_identifiers_redacted` | string | Role + business unit only, e.g. "IC engineer, BU-West". Never a name or ID. |
+| `jurisdiction_or_location_if_known` | string | Country / state / "Unknown". |
+| `business_unit` | string | Org unit reference, not a person. |
+| `timeline` | string | Dated sequence of events, effective dates, deadlines. |
+
+### Evidence discipline
+
+| Field | Type | Rule |
+|---|---|---|
+| `facts` | string[] | Confirmed and corroborated only. |
+| `allegations` | string[] | Claims made but unproven; record who made each. |
+| `assumptions` | string[] | Treated as plausible but unverified. |
+| `inferences` | string[] | Conclusions drawn from facts; mark each as inference. |
+| `missing_evidence` | string[] | Materially relevant facts not provided. |
+| `evidence_quality` | enum | `strong` / `mixed` / `weak` / `insufficient`. |
+
+### Risk posture
+
+| Field | Type | Rule |
+|---|---|---|
+| `risk_rating` | enum | `Critical` / `High` / `Medium` / `Low` / `Unknown`. |
+| `privilege_sensitivity` | enum | `none` / `possible` / `likely-privileged`. |
+| `privacy_sensitivity` | enum | `low` / `moderate` / `high` / `special-category`. |
+| `retaliation_risk` | enum | `none-observed` / `possible` / `elevated` / `unknown`. |
+| `discrimination_or_harassment_risk` | enum | `none-observed` / `possible` / `elevated` / `unknown`. |
+| `regulatory_risk` | enum | `none-observed` / `possible` / `elevated` / `unknown`. |
+| `litigation_hold_needed` | enum | `no` / `recommended` / `yes` / `unknown`. |
+| `data_minimization_notes` | string | What was excluded and why. |
+
+### Ownership and action
+
+| Field | Type | Rule |
+|---|---|---|
+| `decision_owner` | string | Accountable human role, e.g. "Employment Counsel". Exactly one. |
+| `human_approval_required` | boolean | `true` for any adverse, irreversible, or cross-domain action. |
+| `escalation_required` | boolean | `true` whenever an escalation gate is triggered. |
+| `recommended_next_action` | string | A recommendation, never a directive. |
+| `do_not_do_list` | string[] | Explicit prohibited actions. Must be non-empty. |
+| `audit_log_summary` | string | One-line pointer to the audit-log event for this handoff. |
+
+## Redaction rules
+
+1. Default to role + business-unit references. A name appears in a capsule only
+   when a named human owner role requires it, and never an employee subject.
+2. No government IDs, no contact details, no credentials, no medical detail, no
+   protected-class data unless the matter strictly requires it and the
+   `privacy_sensitivity` field is set to `special-category` with a documented
+   reason in `data_minimization_notes`.
+3. Privileged or investigation text is summarized, never pasted. If a capsule
+   would extend circulation of privileged material, set `privilege_sensitivity`
+   to `likely-privileged` and narrow the content.
+4. `do_not_do_list` always includes, at minimum, the actions outside agent
+   authority: approve, deny, terminate, discipline, settle, file, notify a
+   regulator, make a public disclosure, send an employee communication, or
+   mutate an HR/legal system.
+
+## Worked example (sanitized)
+
+```json
+{
+  "case_id": "CAP-2026-0142",
+  "source_agent": "hr-maestro-agent",
+  "receiving_agent": "hr-termination-readiness-agent",
+  "primary_agent": "hr-termination-readiness-agent",
+  "secondary_agents": ["legal-employment-law-risk-agent", "hr-employee-relations-agent"],
+  "matter_type": "termination-with-retaliation-risk",
+  "employee_or_party_identifiers_redacted": "IC engineer, BU-West",
+  "jurisdiction_or_location_if_known": "Unknown",
+  "business_unit": "BU-West Engineering",
+  "timeline": "Complaint filed 2026-04-02; PIP opened 2026-04-09; termination proposed 2026-05-10",
+  "facts": ["A PIP was opened", "A complaint was filed before the PIP"],
+  "allegations": ["Manager states performance was failing pre-complaint (uncorroborated)"],
+  "assumptions": ["PIP criteria were applied consistently with peers"],
+  "inferences": ["Timing proximity could be read as retaliatory by a fact-finder"],
+  "missing_evidence": ["Contemporaneous performance records predating the complaint", "Comparator data"],
+  "evidence_quality": "weak",
+  "risk_rating": "High",
+  "privilege_sensitivity": "possible",
+  "privacy_sensitivity": "moderate",
+  "retaliation_risk": "elevated",
+  "discrimination_or_harassment_risk": "unknown",
+  "regulatory_risk": "possible",
+  "litigation_hold_needed": "recommended",
+  "data_minimization_notes": "Complaint text excluded; only sequence retained",
+  "decision_owner": "Employment Counsel",
+  "human_approval_required": true,
+  "escalation_required": true,
+  "recommended_next_action": "Pause the proposed termination; route to employment counsel for retaliation analysis",
+  "do_not_do_list": ["Do not proceed with termination", "Do not backdate or retroactively create performance records", "Do not contact the complainant about the complaint"],
+  "audit_log_summary": "EVT-2026-0142-03 capsule handoff hr-maestro -> termination-readiness"
+}
+```

package/skills/cross-functional/legal-hr-risk-taxonomy/README.md

@@ -0,0 +1,97 @@
+# 🏷️ Legal-HR Risk Taxonomy
+
+The **risk taxonomy** defines the shared vocabulary for legal and HR risk assessment — severity scales, sensitivity labels, escalation-grade matter types, escalation gates, and minimum-necessary audit-log schema. It enables agents to speak the same language and escalate with precision.
+
+## What is the risk taxonomy?
+
+A structured reference that specifies:
+- **5-level severity scale** (Critical → High → Medium → Low → Informational) with clear business-impact definitions
+- **Privilege, privacy, and retaliation sensitivity labels** — data classification to control what can be disclosed, who can view case context, and when escalation is mandatory
+- **Escalation-grade matter types** — a list of matters (retaliation allegations, data breaches, whistleblower reports, executive misconduct, securities violations) that trigger automatic counsel/board escalation
+- **Escalation gates** — thresholds and decision rules that mandate senior human involvement
+- **Minimum-necessary audit-log schema** — structured fields every Legal and HR agent must emit to the audit trail
+
+See [`references/risk-labels.md`](references/risk-labels.md) for the complete specification, enumeration of matter types, label definitions, and the audit-log schema.
+
+## The severity scale
+
+| Level | Definition | Legal example | HR example | Next action |
+| ----- | ---------- | ------------- | ---------- | ----------- |
+| **Critical** | Board-level incident; regulatory exposure; imminent legal jeopardy | Patent infringement by key competitor entering market; major data breach affecting thousands of customers | Executive misconduct allegation; whistleblower report of systemic discrimination; mass layoff with retaliation risk | Immediate counsel + board escalation |
+| **High** | Material legal or HR risk; requires counsel or senior HR review; potential litigation or regulatory investigation | Wrongful-termination exposure; contract breach by vendor; regulatory licensing gap | Wrongful termination exposure; retaliation risk in termination; high-risk accommodation denial | Escalate to employment counsel or CHRO within 24 hours |
+| **Medium** | Process improvement needed; no immediate jeopardy; senior review recommended | Contract clause ambiguity; IP assignment gap in contractor agreement | Pay-equity anomaly; performance-plan defensibility concern | Escalate to counsel/senior HR; schedule review within a week |
+| **Low** | Informational; no immediate action required; routine guidance | Routine contract renewal; standard vendor audit | Routine scheduling conflict; policy-interpretation question | Route to the right specialist; no escalation required |
+| **Informational** | Informational only; logged for completeness | Regulatory guidance update; industry trend | Engagement survey result; policy reminder | Log and distribute |
+
+## Sensitivity labels
+
+Every Legal and HR matter is labeled with one or more sensitivity markers that control disclosure:
+
+- **attorney-client-privilege** — information protected from disclosure under legal privilege; must not be shared downstream without counsel approval
+- **work-product-doctrine** — analysis, strategy, or litigation advice; protected under work-product doctrine
+- **medical-information** — employee medical records, disability status, medical leave reason; must be minimized and access-controlled
+- **protected-characteristic-data** — age, race, gender, religion, national origin, disability, genetic information; must be minimized and access-controlled
+- **whistleblower-report** — information from a whistleblower; mandatory confidentiality and retaliation-risk escalation
+- **retaliation-risk** — an action that, if taken without review, could trigger retaliation claims; automatic escalation
+- **data-breach-material** — involves a data breach or loss of regulated data; automatic regulatory and counsel escalation
+- **executive-misconduct** — conduct by executives or board members; automatic board and counsel escalation
+
+## Escalation-grade matter types
+
+The following matter types **automatically trigger escalation** (counsel, CHRO, CFO, or board as appropriate):
+
+- Retaliation allegations or risk
+- Discrimination or harassment allegations
+- Whistleblower reports
+- Executive or board-member misconduct
+- Data breaches or regulatory notifications
+- Litigation holds or subpoena response
+- Securities-law materiality (IPO, acquisitions, public disclosures)
+- Mass layoffs or restructurings with adverse-impact risk
+- Third-party claims (breach of contract, IP infringement, product liability)
+- Regulatory agency contact or investigation
+
+## Escalation gates
+
+Escalation gates are decision thresholds. When a matter hits a gate, human approval is mandatory:
+
+1. **Severity ≥ High** → escalate to counsel (legal) or CHRO (HR)
+2. **Any sensitivity label** → escalate to the gate owner (e.g., whistleblower → board; executive misconduct → CEO + board)
+3. **Matter type is escalation-grade** → escalate automatically
+4. **Time-critical or irreversible action** → escalate before execution
+5. **Cross-domain matter** → escalate to maestro router; both domains approve
+6. **Disagreement between specialists** → escalate to counsel + CHRO
+7. **Regulatory or board trigger** → escalate to general counsel + CFO + board
+
+## Audit-log schema
+
+Every Legal and HR agent must emit the following minimum-necessary audit-log entry:
+
+```json
+{
+  "agent_id": "legal-privacy-data-protection-agent",
+  "matter_id": "MTR-2025-00041",
+  "timestamp": "2025-05-19T14:23:45Z",
+  "severity": "High",
+  "sensitivity_labels": ["attorney-client-privilege", "data-breach-material"],
+  "decision": "Flag DPIA gap; escalate to counsel before proceeding with cross-border transfer",
+  "evidence_level": "Strong",
+  "open_questions": ["Scope of DPIA if only metadata is transferred", "Adequacy decision status in target jurisdiction"],
+  "safe_next_actions": ["Retain outside DPA counsel", "Schedule adequacy-decision research"],
+  "decision_owner": "Chief Privacy Officer",
+  "do_not_do_list": ["Do not proceed with cross-border transfer without adequate decision", "Do not disclose PII without DPIA completion"]
+}
+```
+
+See [`references/risk-labels.md`](references/risk-labels.md) for the complete schema and worked examples.
+
+## Cross-references
+
+- [`SKILL.md`](SKILL.md) — the skill prompt for risk assessment and taxonomy application
+- [`references/risk-labels.md`](references/risk-labels.md) — complete specification, matter-type enumeration, label definitions, audit-log examples
+- [`docs/architecture/legal-hr-agent-routing.md`](/docs/architecture/legal-hr-agent-routing.md) — how escalation gates feed into routing decisions
+- [`skills/cross-functional/legal-hr-case-capsule`](/skills/cross-functional/legal-hr-case-capsule/) — case capsule carries severity and sensitivity labels
+
+---
+
+*The risk taxonomy is part of the vanguard frontier's cross-functional protocol layer. It ensures Legal and HR agents rate risk in the same language and escalate with precision.*

package/skills/cross-functional/legal-hr-risk-taxonomy/SKILL.md

@@ -0,0 +1,89 @@
+---
+name: legal-hr-risk-taxonomy
+description: Use this skill to assign consistent risk labels to a Legal or HR matter — severity ratings, privilege and privacy sensitivity labels, retaliation and discrimination risk labels, matter-type classes, escalation-gate triggers, and the audit-log schema. It standardizes the vocabulary every Legal and HR agent and case capsule uses so risk is rated the same way across the ecosystem. It does not give legal or HR advice and never concludes that a matter is safe or compliant.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-18"
+  category: compliance
+  lifecycle: experimental
+---
+
+# Legal-HR Risk Taxonomy
+
+## Purpose
+This skill is the shared risk vocabulary for the Legal and HR agent ecosystem.
+It defines the severity scale, sensitivity labels, matter-type classes,
+escalation-gate triggers, and the audit-log schema, so every agent and every
+case capsule rates and labels risk the same way. It does not give legal or HR
+advice and never concludes that a matter is safe, compliant, or approved.
+
+## When to use
+- An agent must assign a `risk_rating` or sensitivity label to a matter.
+- An agent must decide whether an escalation gate is triggered.
+- A capsule or audit-log entry must be filled in with consistent labels.
+
+## Severity scale
+| Rating | Meaning |
+|---|---|
+| Critical | Immediate legal or regulatory exposure; do not proceed without counsel sign-off. |
+| High | Material litigation, regulatory, or financial exposure; escalation strongly indicated. |
+| Medium | Manageable with documented controls; monitor and document. |
+| Low | Limited exposure on current evidence; note and monitor. |
+| Unknown | Jurisdiction or material facts missing; cannot rate. Mandatory when documentation is incomplete. |
+
+`Unknown` is mandatory, not a fallback. An agent never upgrades a matter to a
+ratable severity to avoid an escalation.
+
+## Sensitivity labels
+- `privilege_sensitivity`: `none` / `possible` / `likely-privileged`.
+- `privacy_sensitivity`: `low` / `moderate` / `high` / `special-category`.
+- `retaliation_risk`, `discrimination_or_harassment_risk`, `regulatory_risk`:
+  `none-observed` / `possible` / `elevated` / `unknown`.
+- `litigation_hold_needed`: `no` / `recommended` / `yes` / `unknown`.
+
+## Escalation-grade matter types
+The following are escalation-grade by default — they always reach a qualified
+human owner regardless of severity rating: harassment, discrimination,
+retaliation, whistleblower, workplace safety, wage/hour, worker classification,
+union/labor, immigration, medical leave, disability accommodation, pay equity,
+executive misconduct, mass layoff or reorganization, employee data breach, and
+litigation-hold or discovery matters.
+
+## Escalation gates
+A matter must be paused and escalated when any gate is true:
+- The matter is an escalation-grade matter type (above).
+- A claim, complaint, charge, grievance, or subpoena has been filed or
+  threatened.
+- Protected activity, protected characteristics, or whistleblower status are in
+  play.
+- Attorney-client privilege or work-product protection may be implicated.
+- Financial or reputational exposure is material.
+- A board, audit-committee, or regulatory-reporting trigger may apply.
+- The matter crosses Legal and HR and no documented controls exist.
+- Legal and HR agents disagree.
+
+See [references/risk-labels.md](references/risk-labels.md) for the full
+`matter_type` value list and the audit-log schema.
+
+## Audit-log schema
+Every handoff and escalation produces one audit-log event with the minimum
+necessary fields: `event_id`, `case_id`, `timestamp`, `initiating_agent`,
+`receiving_agent`, `human_owner`, `matter_type`, `risk_rating`,
+`escalation_status`, `data_sensitivity`, `privilege_sensitivity`,
+`action_recommended`, `action_prohibited`, `evidence_summary`,
+`open_questions`, `decision_status`, `retention_category`. Field rules are in
+the reference file.
+
+## References
+- [Risk labels and audit-log schema](references/risk-labels.md) — full
+  `matter_type` enumeration, label definitions, and audit-log field contract.
+
+## Security notes
+- A rating is an opinion on exposure, never a clearance. Never record "this is
+  compliant" or "safe to proceed"; use the severity scale only.
+- The audit log is minimum-necessary. It carries labels and summaries, never
+  raw medical, privileged, credential, or protected-class content.
+- When facts are missing, rate `Unknown` and trigger the escalation gate rather
+  than guessing a lower severity.