npm - @raishin/vanguard-frontier-agentic - Versions diffs - 2.1.0 → 2.2.0 - Mend

@raishin/vanguard-frontier-agentic 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/skills/legal/legal-counsel-review/references/jurisdictions/us.md ADDED Viewed

@@ -0,0 +1,100 @@
+# United States — Legal Review Reference Map
+> **Disclaimer.** This file is a review map — a structured checklist of where to look, not a statement of current law. Content may be out of date. Every point must be verified against current official sources. Jurisdiction-specific conclusions require qualified US counsel.
+Last verified: 2026-05-18
+---
+## Regime overview
+The US has no single federal omnibus privacy or data-protection statute. The legal landscape is a patchwork of federal sectoral laws, state comprehensive privacy acts, and state consumer-protection regimes. Contract law is primarily state common law (Restatement of Contracts; UCC Article 2 for goods). Federal and state regulatory bodies each have independent enforcement authority.
+---
+## Primary regulators and authorities
+| Regulator | Jurisdiction / Focus | Official source |
+|-----------|---------------------|-----------------|
+| Federal Trade Commission (FTC) | Unfair or deceptive trade practices; privacy and security enforcement for most commercial entities | https://www.ftc.gov |
+| Department of Justice (DOJ) | Criminal enforcement; FCPA; antitrust (with FTC); export controls | https://www.justice.gov |
+| Securities and Exchange Commission (SEC) | Public-company disclosure; cybersecurity incident disclosure; insider trading | https://www.sec.gov |
+| Department of Labor (DOL) | Wage-and-hour (FLSA); ERISA; OSHA | https://www.dol.gov |
+| Equal Employment Opportunity Commission (EEOC) | Employment discrimination; harassment | https://www.eeoc.gov |
+| Office for Civil Rights (OCR), HHS | HIPAA health-data enforcement | https://www.hhs.gov/hipaa |
+| Office of Foreign Assets Control (OFAC) | Sanctions compliance | https://ofac.treas.gov |
+| Bureau of Industry and Security (BIS) | Export Administration Regulations (EAR) | https://www.bis.gov |
+| State Attorneys General | State privacy acts (CCPA/CPRA, etc.); consumer protection; data-breach notification | Varies by state |
+| California Privacy Protection Agency (CPPA) | CCPA/CPRA enforcement | https://cppa.ca.gov |
+---
+## Primary statutes and regulations (verify current text and amendments)
+### Federal — sectoral
+| Statute / Regulation | Scope | Official source |
+|---------------------|-------|-----------------|
+| Federal Trade Commission Act, § 5 | Unfair or deceptive acts; primary privacy enforcement lever for non-covered entities | https://www.ftc.gov/legal-library/browse/statutes/federal-trade-commission-act |
+| Health Insurance Portability and Accountability Act (HIPAA) + HITECH | Health information — covered entities and business associates | https://www.hhs.gov/hipaa/for-professionals/index.html |
+| Gramm-Leach-Bliley Act (GLBA) | Financial institutions — consumer financial data | https://www.ftc.gov/legal-library/browse/statutes/gramm-leach-bliley-act |
+| Family Educational Rights and Privacy Act (FERPA) | Student education records | https://studentprivacy.ed.gov |
+| Children's Online Privacy Protection Act (COPPA) | Online data collection from children under 13 | https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa |
+| Fair Credit Reporting Act (FCRA) | Consumer reporting agencies; background checks | https://www.ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act |
+| Electronic Communications Privacy Act (ECPA) | Interception; stored communications; pen registers | https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119 |
+| Computer Fraud and Abuse Act (CFAA) | Unauthorized computer access; cybercrime | https://www.law.cornell.edu/uscode/text/18/1030 |
+| Foreign Corrupt Practices Act (FCPA) | Anti-bribery; books-and-records | https://www.justice.gov/criminal/criminal-fraud/fcpa |
+| Fair Labor Standards Act (FLSA) | Minimum wage; overtime; child labor | https://www.dol.gov/agencies/whd/flsa |
+| SEC Cybersecurity Disclosure Rules (2023) | Material cybersecurity incident disclosure; risk-management governance | https://www.sec.gov/corpfin/cybersecurity |
+### State — privacy (representative; verify full list against current enactments)
+| Statute | State | Official source |
+|---------|-------|-----------------|
+| California Consumer Privacy Act / CPRA (Cal. Civ. Code § 1798.100 et seq.) | California | https://oag.ca.gov/privacy/ccpa |
+| Virginia Consumer Data Protection Act (VCDPA) | Virginia | Verify at https://law.lis.virginia.gov |
+| Colorado Privacy Act (CPA) | Colorado | Verify at https://coag.gov/resources/data-privacy-laws/ |
+| Connecticut Data Privacy Act (CTDPA) | Connecticut | Verify at https://portal.ct.gov |
+| Texas Data Privacy and Security Act (TDPSA) | Texas | Verify at https://capitol.texas.gov |
+> Many additional state acts have been enacted or amended since mid-2024. The reviewer must verify the current list of enacted state privacy laws against official state sources or a current legal-counsel summary before any compliance conclusion.
+### Data-breach notification
+All 50 US states have data-breach notification laws. Timelines, covered data types, and thresholds vary. Verify the applicable state law(s) for each breach scenario at the state attorney general's official website.
+---
+## Structural review checkpoints
+1. **Governing law and forum selection** — identify the stated choice of law and venue. Flag if the clause conflicts with mandatory local law in either party's jurisdiction.
+2. **Entity and regulator mapping** — determine which federal and state regulators have jurisdiction over the entity, the data types processed, and the sector.
+3. **Privacy and data protection** — identify data types (health, financial, children's, biometric, precise geolocation, credentials). Map to applicable sectoral or state law. Flag if cross-border transfers are involved.
+4. **Employment matters** — classify the worker (employee, independent contractor, gig). Check state classification rules (California AB 5 criteria differ from federal FLSA). Flag wage-and-hour, non-compete enforceability (FTC rule status — verify current status with counsel), and restrictive covenants.
+5. **Sanctions and export controls** — flag any counterparty, transaction, technology, or geography that could touch OFAC SDN lists or BIS EAR/ITAR controls. Verify against official lists at https://ofac.treas.gov and https://www.bis.gov.
+6. **Anti-bribery** — flag any payment to a foreign government official or intermediary. Apply FCPA analysis; confirm whether UK Bribery Act or local law also applies.
+7. **Public-company disclosure** — flag material cybersecurity incidents (SEC 8-K 4-business-day rule), material contract changes, and related-party transactions.
+8. **Dispute resolution** — note arbitration clauses, class-action waivers, and jury-trial waivers. Check enforceability under applicable state law (some states limit these in employment and consumer contexts).
+9. **Limitation of liability and indemnification** — verify whether caps apply to IP indemnity, data-breach indemnity, or gross-negligence/willful-misconduct carve-outs.
+10. **Records and retention** — identify applicable retention obligations under the matter's sector, litigation hold status, and state destruction requirements.
+---
+## Escalation triggers (US-specific)
+- Any matter touching OFAC-designated parties, countries, or transactions — escalate immediately; penalties are strict liability.
+- FCPA suspicion — escalate to counsel before any internal investigation step that could impair privilege or obstruct.
+- HIPAA breach with more than 500 individuals affected — 60-day HHS OCR notification clock; confirm current rule with counsel.
+- SEC material cybersecurity incident — 4-business-day 8-K disclosure clock; confirm current rule and materiality threshold with counsel.
+- Class-action demand, PAGA notice (California), EEOC charge, or DOL investigation — escalate immediately.
+- Non-compete or trade-secret matter in California — California's near-total ban on non-competes is well-established; confirm current FTC rule status with counsel.
+- Immigration / work-authorization issue for any employee — escalate to immigration counsel.
+- Proposed acquisition or investment touching US critical infrastructure or technology — flag for CFIUS review; verify thresholds with M&A counsel.
+---
+## Sources (verified in this session)
+- California AG CCPA page: https://oag.ca.gov/privacy/ccpa — loaded successfully; confirmed CCPA/CPRA scope, business thresholds, and enforcement structure.
+- Cornell LII Wex legal dictionary: https://www.law.cornell.edu/wex — loaded successfully; confirmed as free US legal reference.
+- FTC, DOJ, SEC, DOL, EEOC, HHS official domain URLs confirmed accessible in prior sessions; verify individual pages before citing in advice.

package/skills/legal/legal-counsel-review/references/workflow-and-output.md ADDED Viewed

@@ -0,0 +1,148 @@
+# Workflow and Output Contract
+## Workflow
+### Step 1 — Define the legal question
+State the legal question in one sentence before doing anything else. If the user's intake is ambiguous, draft a candidate question and confirm before proceeding.
+### Step 2 — Identify context
+Collect from the provided material (do not ask for more than necessary):
+- Jurisdiction(s) and governing-law clause, if stated
+- Entity type, business unit, and counterparty identity (redacted if needed)
+- Document type (contract, policy, regulatory filing, intake memo, other)
+- Effective dates, notice periods, and material deadlines
+- Any regulatory regime named or implied
+Flag any of these as Unknown if not provided — do not assume.
+### Step 3 — List missing material facts
+Before analysis, identify every fact whose absence materially changes the risk rating. Label these "open questions". Do not substitute an assumption for a missing material fact; state the assumption explicitly and note how it affects the rating.
+### Step 4 — Separate facts, assumptions, inferences, and open questions
+Organize all claims into four labelled buckets:
+- **Facts provided** — directly stated in the supplied material
+- **Assumptions** — plausible but unverified; state the basis
+- **Inferences** — logical conclusions drawn from facts; state the reasoning
+- **Open questions** — material facts not provided; escalate or flag Unknown until resolved
+### Step 5 — Identify the risk domain
+Select the primary domain(s) from:
+contract | privacy | employment | IP | regulatory | litigation | competition | sanctions | procurement | finance | public-company disclosure | cybersecurity | records retention | other
+Note when a matter spans multiple domains — multi-domain matters almost always require multi-discipline counsel.
+### Step 6 — Identify the decision owner
+Map the matter to the appropriate owner(s):
+legal counsel | compliance | HR | security | procurement | finance | board / audit committee | privacy office / DPO | executive sponsor
+Where ownership is unclear, flag it — unowned risk items are not actioned.
+### Step 7 — Adversarial stress test
+Analyze adverse scenarios from every realistic vantage point:
+- **Worst-case legal interpretation** — how would the most aggressive opposing counsel read this?
+- **Regulator view** — how would the relevant regulator investigate or charge?
+- **Plaintiff / claimant view** — what causes of action are available and what damages are plausible?
+- **Counterparty view** — what leverage does the counterparty have if the relationship deteriorates?
+- **Employee / whistleblower view** — could an employee claim retaliation, discrimination, or unsafe conditions?
+- **Auditor / board view** — what control gaps or disclosure failures would an auditor surface?
+- **Press / reputational view** — how would this read in a hostile press account or regulatory press release?
+### Step 8 — Rate risk
+Assign a severity to each identified issue:
+| Rating | Meaning |
+|--------|---------|
+| Critical | Immediate legal exposure, regulatory violation, or safety risk requiring escalation before any action |
+| High | Significant legal or financial exposure; proceed only with counsel review and documented controls |
+| Medium | Manageable exposure with documented mitigations; flag for counsel awareness |
+| Low | Minor or speculative; document and monitor |
+| Unknown | Insufficient jurisdiction or material facts to rate — escalate or obtain facts before proceeding |
+**Unknown is mandatory** when jurisdiction, governing law, or material facts are missing or ambiguous. Do not assign a lower rating to paper over an unknown.
+### Step 9 — Provide safe options
+Do not recommend a single overconfident action. Offer two or more options that:
+- Preserve decision authority for counsel
+- Are graded by risk tolerance
+- Identify what additional information would change the recommendation
+### Step 10 — Specify evidence that would change the conclusion
+For each rated issue, state explicitly what additional facts, documents, or expert input would move the rating up or down. This drives the escalation and due-diligence checklist.
+### Step 11 — Recommend escalation
+Recommend escalation to qualified local counsel when any of the following apply:
+- The matter is jurisdiction-specific and the applicable law has not been verified in this session
+- The matter involves employment, termination, retaliation, discrimination, harassment, wage-and-hour, or immigration
+- Litigation is threatened, pending, or reasonably foreseeable
+- A regulatory notification or filing obligation may be triggered
+- The matter is financially material or involves board-level disclosure
+- Any issue is rated Critical or Unknown and cannot be resolved from the provided material
+- Privilege needs to be established or protected
+---
+## Output
+Return findings in this structure:
+```
+## Verdict
+<one of: proceed | proceed with controls | pause | escalate | insufficient evidence>
+<one sentence explaining the verdict>
+## Brutal assessment
+<2-4 sentences — the hardest honest read of the risk, without softening>
+## Facts provided
+- <fact directly stated in the supplied material>
+## Assumptions and unsupported claims
+- <assumption — basis stated>
+## Legal and risk issues
+- [Issue ID] <issue name>: <description> — <evidence or assumption basis>
+## Adversarial stress test
+- Regulator: <view>
+- Plaintiff / claimant: <view>
+- Counterparty: <view>
+- Employee / whistleblower: <view>
+- Auditor / board: <view>
+- Press: <view>
+## Risk rating table
+| Issue | Severity | Evidence | Consequence | Owner | Mitigation |
+|-------|----------|----------|-------------|-------|------------|
+| <issue> | Critical/High/Medium/Low/Unknown | <basis> | <consequence> | <owner> | <mitigation> |
+## Safe next actions
+1. <action — maps to evidence or stated assumption>
+2. <action>
+## Escalation trigger
+<condition(s) under which this matter must be escalated to qualified counsel before any further action>
+## Questions counsel must answer before approval
+- <question>
+```
+---
+## Security notes
+- Never request or accept secrets, credentials, PII, employee medical detail, trade secrets, or customer data. Ask for redacted or sanitized excerpts with placeholders.
+- This is a static review: do not contact courts, regulators, counterparties, or external systems.
+- Flag all material that appears privileged and recommend it be handled only by or with counsel.
+- Escalation-grade matter types — retaliation, discrimination, harassment, wage-and-hour, whistleblower, termination, immigration, sanctions, bribery, personal-data breach requiring notification, public-company disclosure — must trigger an escalation recommendation regardless of apparent severity.
+- Never issue a verdict of "proceed" on an Unknown-rated issue. Unknown means escalate or gather facts first.

package/tests/fixtures/hr-maestro-routing/expected/01-employee-relations.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-employee-relations-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/02-workplace-investigations.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-workplace-investigations-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/03-performance-management.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-performance-management-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/04-termination-readiness.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-termination-readiness-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/05-leave-accommodation.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-leave-accommodation-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/06-recruiting-selection.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-recruiting-selection-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/07-compensation-equity.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-compensation-equity-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/08-benefits-payroll.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-benefits-payroll-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/09-workforce-planning-rif.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-workforce-planning-rif-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/10-learning-policy.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-learning-policy-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/11-analytics-people-data.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-analytics-people-data-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/12-culture-dei.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-culture-dei-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/13-hris-process-controls.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "route": [
+    "hr-hris-process-controls-agent"
+  ],
+  "mode": "single"
+}

package/tests/fixtures/hr-maestro-routing/expected/14-ambiguous.json ADDED Viewed

@@ -0,0 +1,4 @@
+{
+  "route": [],
+  "mode": "unclassified"
+}

package/tests/fixtures/hr-maestro-routing/inputs/01-employee-relations.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "01-employee-relations",
+  "task": "Review an employee relations issue involving a grievance about manager behavior.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/02-workplace-investigations.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "02-workplace-investigations",
+  "task": "Plan a workplace investigation with witness sequencing and a neutrality check.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/03-performance-management.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "03-performance-management",
+  "task": "Review a performance improvement plan and coaching plan and the calibration approach.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/04-termination-readiness.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "04-termination-readiness",
+  "task": "Assess termination readiness, the final-pay dependency, and access removal coordination.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/05-leave-accommodation.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "05-leave-accommodation",
+  "task": "Review a leave request, a disability accommodation, and a return-to-work plan.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/06-recruiting-selection.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "06-recruiting-selection",
+  "task": "Review the recruiting workflow, the selection criteria, and the interview structure.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/07-compensation-equity.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "07-compensation-equity",
+  "task": "Review pay equity, promotion leveling, and bonus eligibility for this cohort.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/08-benefits-payroll.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "08-benefits-payroll",
+  "task": "Review the payroll process, benefits administration, and a deduction error.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/09-workforce-planning-rif.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "09-workforce-planning-rif",
+  "task": "Review a reduction in force, the restructuring plan, and redeployment options.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/10-learning-policy.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "10-learning-policy",
+  "task": "Review compliance training, manager enablement, and training completion controls.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/11-analytics-people-data.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "11-analytics-people-data",
+  "task": "Review people analytics for algorithmic bias and employee monitoring risk.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/12-culture-dei.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "12-culture-dei",
+  "task": "Review the inclusion program, belonging signals, and anti-harassment prevention.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/13-hris-process-controls.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "13-hris-process-controls",
+  "task": "Review the HRIS workflow, separation of duties, and audit log coverage.",
+  "tags": [
+    "happy-path"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/inputs/14-ambiguous.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "name": "14-ambiguous",
+  "task": "Could you give me an update on the status of things in general?",
+  "tags": [
+    "ambiguous"
+  ]
+}

package/tests/fixtures/hr-maestro-routing/taxonomy.json ADDED Viewed

@@ -0,0 +1,59 @@
+{
+  "provider": "hr",
+  "domains": {
+    "employee-relations": {
+      "keywords": ["employee relations", "grievance", "manager behavior"],
+      "agent": "hr-employee-relations-agent"
+    },
+    "workplace-investigations": {
+      "keywords": ["workplace investigation", "witness sequencing", "neutrality check"],
+      "agent": "hr-workplace-investigations-agent"
+    },
+    "performance-management": {
+      "keywords": ["performance improvement plan", "coaching plan", "calibration"],
+      "agent": "hr-performance-management-agent"
+    },
+    "termination-readiness": {
+      "keywords": ["termination readiness", "final-pay dependency", "access removal"],
+      "agent": "hr-termination-readiness-agent"
+    },
+    "leave-accommodation": {
+      "keywords": ["leave request", "disability accommodation", "return-to-work"],
+      "agent": "hr-leave-accommodation-agent"
+    },
+    "recruiting-selection": {
+      "keywords": ["recruiting workflow", "selection criteria", "interview structure"],
+      "agent": "hr-recruiting-selection-agent"
+    },
+    "compensation-equity": {
+      "keywords": ["pay equity", "promotion leveling", "bonus eligibility"],
+      "agent": "hr-compensation-equity-agent"
+    },
+    "benefits-payroll": {
+      "keywords": ["payroll process", "benefits administration", "deduction error"],
+      "agent": "hr-benefits-payroll-agent"
+    },
+    "workforce-planning-rif": {
+      "keywords": ["reduction in force", "restructuring", "redeployment"],
+      "agent": "hr-workforce-planning-rif-agent"
+    },
+    "learning-policy": {
+      "keywords": ["compliance training", "manager enablement", "training completion"],
+      "agent": "hr-learning-policy-agent"
+    },
+    "analytics-people-data": {
+      "keywords": ["people analytics", "algorithmic bias", "employee monitoring"],
+      "agent": "hr-analytics-people-data-agent"
+    },
+    "culture-dei": {
+      "keywords": ["inclusion program", "belonging", "anti-harassment prevention"],
+      "agent": "hr-culture-dei-agent"
+    },
+    "hris-process-controls": {
+      "keywords": ["HRIS workflow", "separation of duties", "audit log"],
+      "agent": "hr-hris-process-controls-agent"
+    }
+  },
+  "live_guards": [],
+  "parallel_threshold": 0.8
+}