@raishin/vanguard-frontier-agentic 2.11.0 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (756) hide show
  1. package/.claude-plugin/marketplace.json +2 -2
  2. package/.claude-plugin/plugin.json +41 -1
  3. package/.cursor-plugin/plugin.json +41 -1
  4. package/.github/plugin/marketplace.json +1 -1
  5. package/README.md +11 -11
  6. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/AGENT.md +57 -0
  7. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  8. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/codex.toml +30 -0
  9. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/copilot.agent.md +31 -0
  10. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/cursor.agent.md +29 -0
  11. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/gemini.agent.md +29 -0
  12. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  13. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  14. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/metadata.json +46 -0
  15. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/AGENT.md +58 -0
  16. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  17. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/codex.toml +31 -0
  18. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/copilot.agent.md +32 -0
  19. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/cursor.agent.md +30 -0
  20. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/gemini.agent.md +30 -0
  21. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  22. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  23. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/metadata.json +40 -0
  24. package/agents/sap/sap-analytics-cloud-planning-governance-agent/AGENT.md +58 -0
  25. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/claude-code.agent.md +37 -0
  26. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/codex.toml +30 -0
  27. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/copilot.agent.md +31 -0
  28. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/cursor.agent.md +29 -0
  29. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/gemini.agent.md +29 -0
  30. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-cli.agent.json +1 -0
  31. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-ide.agent.md +29 -0
  32. package/agents/sap/sap-analytics-cloud-planning-governance-agent/metadata.json +45 -0
  33. package/agents/sap/sap-audit-evidence-packager-agent/AGENT.md +58 -0
  34. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/claude-code.agent.md +38 -0
  35. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/codex.toml +30 -0
  36. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/copilot.agent.md +33 -0
  37. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/cursor.agent.md +31 -0
  38. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/gemini.agent.md +31 -0
  39. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-cli.agent.json +1 -0
  40. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-ide.agent.md +31 -0
  41. package/agents/sap/sap-audit-evidence-packager-agent/metadata.json +45 -0
  42. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/AGENT.md +58 -0
  43. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  44. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/codex.toml +30 -0
  45. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/copilot.agent.md +31 -0
  46. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/cursor.agent.md +29 -0
  47. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/gemini.agent.md +29 -0
  48. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  49. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  50. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/metadata.json +44 -0
  51. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/AGENT.md +70 -0
  52. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  53. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/codex.toml +42 -0
  54. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  55. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  56. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  57. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  58. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  59. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/metadata.json +41 -0
  60. package/agents/sap/sap-cap-architecture-reviewer-agent/AGENT.md +57 -0
  61. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  62. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/codex.toml +30 -0
  63. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/copilot.agent.md +31 -0
  64. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/cursor.agent.md +29 -0
  65. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/gemini.agent.md +29 -0
  66. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  67. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  68. package/agents/sap/sap-cap-architecture-reviewer-agent/metadata.json +42 -0
  69. package/agents/sap/sap-clean-core-debt-reviewer-agent/AGENT.md +58 -0
  70. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  71. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/codex.toml +31 -0
  72. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/copilot.agent.md +31 -0
  73. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/cursor.agent.md +29 -0
  74. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/gemini.agent.md +29 -0
  75. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  76. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  77. package/agents/sap/sap-clean-core-debt-reviewer-agent/metadata.json +45 -0
  78. package/agents/sap/sap-cloud-alm-sre-incident-agent/AGENT.md +59 -0
  79. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/claude-code.agent.md +38 -0
  80. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/codex.toml +30 -0
  81. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/copilot.agent.md +32 -0
  82. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/cursor.agent.md +30 -0
  83. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/gemini.agent.md +30 -0
  84. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-cli.agent.json +1 -0
  85. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-ide.agent.md +30 -0
  86. package/agents/sap/sap-cloud-alm-sre-incident-agent/metadata.json +42 -0
  87. package/agents/sap/sap-custom-code-remediation-reviewer-agent/AGENT.md +60 -0
  88. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/claude-code.agent.md +39 -0
  89. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/codex.toml +29 -0
  90. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/copilot.agent.md +31 -0
  91. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/cursor.agent.md +29 -0
  92. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/gemini.agent.md +29 -0
  93. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  94. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  95. package/agents/sap/sap-custom-code-remediation-reviewer-agent/metadata.json +45 -0
  96. package/agents/sap/sap-data-migration-cutover-readiness-agent/AGENT.md +67 -0
  97. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/claude-code.agent.md +46 -0
  98. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/codex.toml +30 -0
  99. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/copilot.agent.md +32 -0
  100. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/cursor.agent.md +30 -0
  101. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/gemini.agent.md +30 -0
  102. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-cli.agent.json +1 -0
  103. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-ide.agent.md +30 -0
  104. package/agents/sap/sap-data-migration-cutover-readiness-agent/metadata.json +44 -0
  105. package/agents/sap/sap-datasphere-data-product-architect-agent/AGENT.md +58 -0
  106. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/claude-code.agent.md +37 -0
  107. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/codex.toml +30 -0
  108. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/copilot.agent.md +31 -0
  109. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/cursor.agent.md +29 -0
  110. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/gemini.agent.md +29 -0
  111. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  112. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  113. package/agents/sap/sap-datasphere-data-product-architect-agent/metadata.json +45 -0
  114. package/agents/sap/sap-ewm-tm-logistics-execution-agent/AGENT.md +59 -0
  115. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/codex.toml +30 -0
  117. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/copilot.agent.md +32 -0
  118. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/cursor.agent.md +30 -0
  119. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/gemini.agent.md +30 -0
  120. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-cli.agent.json +1 -0
  121. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-ide.agent.md +30 -0
  122. package/agents/sap/sap-ewm-tm-logistics-execution-agent/metadata.json +44 -0
  123. package/agents/sap/sap-finance-fico-controls-agent/AGENT.md +59 -0
  124. package/agents/sap/sap-finance-fico-controls-agent/harnesses/claude-code.agent.md +38 -0
  125. package/agents/sap/sap-finance-fico-controls-agent/harnesses/codex.toml +30 -0
  126. package/agents/sap/sap-finance-fico-controls-agent/harnesses/copilot.agent.md +32 -0
  127. package/agents/sap/sap-finance-fico-controls-agent/harnesses/cursor.agent.md +30 -0
  128. package/agents/sap/sap-finance-fico-controls-agent/harnesses/gemini.agent.md +30 -0
  129. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-cli.agent.json +1 -0
  130. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-ide.agent.md +30 -0
  131. package/agents/sap/sap-finance-fico-controls-agent/metadata.json +45 -0
  132. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/AGENT.md +58 -0
  133. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  134. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/codex.toml +29 -0
  135. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/copilot.agent.md +32 -0
  136. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/cursor.agent.md +30 -0
  137. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/gemini.agent.md +30 -0
  138. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  139. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  140. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/metadata.json +39 -0
  141. package/agents/sap/sap-guarded-transport-import-operator-agent/AGENT.md +70 -0
  142. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/claude-code.agent.md +51 -0
  143. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/codex.toml +41 -0
  144. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/copilot.agent.md +36 -0
  145. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/cursor.agent.md +33 -0
  146. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/gemini.agent.md +33 -0
  147. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  148. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  149. package/agents/sap/sap-guarded-transport-import-operator-agent/metadata.json +45 -0
  150. package/agents/sap/sap-hana-cloud-performance-cost-agent/AGENT.md +58 -0
  151. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/claude-code.agent.md +37 -0
  152. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/codex.toml +30 -0
  153. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/copilot.agent.md +31 -0
  154. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/cursor.agent.md +29 -0
  155. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/gemini.agent.md +29 -0
  156. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-cli.agent.json +1 -0
  157. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-ide.agent.md +29 -0
  158. package/agents/sap/sap-hana-cloud-performance-cost-agent/metadata.json +43 -0
  159. package/agents/sap/sap-hypercare-incident-commander-agent/AGENT.md +59 -0
  160. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/claude-code.agent.md +38 -0
  161. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/codex.toml +30 -0
  162. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/copilot.agent.md +32 -0
  163. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/cursor.agent.md +30 -0
  164. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/gemini.agent.md +30 -0
  165. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-cli.agent.json +1 -0
  166. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-ide.agent.md +30 -0
  167. package/agents/sap/sap-hypercare-incident-commander-agent/metadata.json +42 -0
  168. package/agents/sap/sap-integration-flow-guarded-operator-agent/AGENT.md +70 -0
  169. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  170. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/codex.toml +41 -0
  171. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  172. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  173. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  174. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  175. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  176. package/agents/sap/sap-integration-flow-guarded-operator-agent/metadata.json +41 -0
  177. package/agents/sap/sap-integration-suite-reviewer-agent/AGENT.md +57 -0
  178. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  179. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/codex.toml +30 -0
  180. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/copilot.agent.md +31 -0
  181. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/cursor.agent.md +29 -0
  182. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/gemini.agent.md +29 -0
  183. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  184. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  185. package/agents/sap/sap-integration-suite-reviewer-agent/metadata.json +43 -0
  186. package/agents/sap/sap-joule-governance-adoption-agent/AGENT.md +59 -0
  187. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/claude-code.agent.md +38 -0
  188. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/codex.toml +30 -0
  189. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/copilot.agent.md +32 -0
  190. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/cursor.agent.md +30 -0
  191. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/gemini.agent.md +30 -0
  192. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-cli.agent.json +1 -0
  193. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-ide.agent.md +30 -0
  194. package/agents/sap/sap-joule-governance-adoption-agent/metadata.json +42 -0
  195. package/agents/sap/sap-license-btp-consumption-finops-agent/AGENT.md +58 -0
  196. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/claude-code.agent.md +37 -0
  197. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/codex.toml +30 -0
  198. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/copilot.agent.md +31 -0
  199. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/cursor.agent.md +29 -0
  200. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/gemini.agent.md +29 -0
  201. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-cli.agent.json +1 -0
  202. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-ide.agent.md +29 -0
  203. package/agents/sap/sap-license-btp-consumption-finops-agent/metadata.json +42 -0
  204. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/AGENT.md +60 -0
  205. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/claude-code.agent.md +40 -0
  206. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/codex.toml +31 -0
  207. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/copilot.agent.md +32 -0
  208. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/cursor.agent.md +30 -0
  209. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/gemini.agent.md +30 -0
  210. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  211. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  212. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/metadata.json +39 -0
  213. package/agents/sap/sap-live-readonly-landscape-discovery-agent/AGENT.md +60 -0
  214. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/claude-code.agent.md +40 -0
  215. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/codex.toml +31 -0
  216. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/copilot.agent.md +32 -0
  217. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/cursor.agent.md +30 -0
  218. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/gemini.agent.md +30 -0
  219. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  220. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  221. package/agents/sap/sap-live-readonly-landscape-discovery-agent/metadata.json +39 -0
  222. package/agents/sap/sap-maestro-agent/AGENT.md +60 -0
  223. package/agents/sap/sap-maestro-agent/harnesses/claude-code.agent.md +36 -0
  224. package/agents/sap/sap-maestro-agent/harnesses/codex.toml +34 -0
  225. package/agents/sap/sap-maestro-agent/harnesses/copilot.agent.md +32 -0
  226. package/agents/sap/sap-maestro-agent/harnesses/cursor.agent.md +30 -0
  227. package/agents/sap/sap-maestro-agent/harnesses/gemini.agent.md +30 -0
  228. package/agents/sap/sap-maestro-agent/harnesses/kiro-cli.agent.json +1 -0
  229. package/agents/sap/sap-maestro-agent/harnesses/kiro-ide.agent.md +30 -0
  230. package/agents/sap/sap-maestro-agent/metadata.json +39 -0
  231. package/agents/sap/sap-manufacturing-execution-risk-agent/AGENT.md +59 -0
  232. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/claude-code.agent.md +38 -0
  233. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/codex.toml +30 -0
  234. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/copilot.agent.md +32 -0
  235. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/cursor.agent.md +30 -0
  236. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/gemini.agent.md +30 -0
  237. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  238. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  239. package/agents/sap/sap-manufacturing-execution-risk-agent/metadata.json +44 -0
  240. package/agents/sap/sap-mdg-master-data-quality-agent/AGENT.md +59 -0
  241. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/claude-code.agent.md +38 -0
  242. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/codex.toml +30 -0
  243. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/copilot.agent.md +32 -0
  244. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/cursor.agent.md +30 -0
  245. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/gemini.agent.md +30 -0
  246. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-cli.agent.json +1 -0
  247. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-ide.agent.md +30 -0
  248. package/agents/sap/sap-mdg-master-data-quality-agent/metadata.json +45 -0
  249. package/agents/sap/sap-order-to-cash-agent/AGENT.md +59 -0
  250. package/agents/sap/sap-order-to-cash-agent/harnesses/claude-code.agent.md +38 -0
  251. package/agents/sap/sap-order-to-cash-agent/harnesses/codex.toml +30 -0
  252. package/agents/sap/sap-order-to-cash-agent/harnesses/copilot.agent.md +32 -0
  253. package/agents/sap/sap-order-to-cash-agent/harnesses/cursor.agent.md +30 -0
  254. package/agents/sap/sap-order-to-cash-agent/harnesses/gemini.agent.md +30 -0
  255. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-cli.agent.json +1 -0
  256. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-ide.agent.md +30 -0
  257. package/agents/sap/sap-order-to-cash-agent/metadata.json +44 -0
  258. package/agents/sap/sap-procurement-ariba-value-leakage-agent/AGENT.md +59 -0
  259. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/claude-code.agent.md +38 -0
  260. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/codex.toml +30 -0
  261. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/copilot.agent.md +32 -0
  262. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/cursor.agent.md +30 -0
  263. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/gemini.agent.md +30 -0
  264. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-cli.agent.json +1 -0
  265. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-ide.agent.md +30 -0
  266. package/agents/sap/sap-procurement-ariba-value-leakage-agent/metadata.json +44 -0
  267. package/agents/sap/sap-release-change-collision-agent/AGENT.md +59 -0
  268. package/agents/sap/sap-release-change-collision-agent/harnesses/claude-code.agent.md +38 -0
  269. package/agents/sap/sap-release-change-collision-agent/harnesses/codex.toml +30 -0
  270. package/agents/sap/sap-release-change-collision-agent/harnesses/copilot.agent.md +32 -0
  271. package/agents/sap/sap-release-change-collision-agent/harnesses/cursor.agent.md +30 -0
  272. package/agents/sap/sap-release-change-collision-agent/harnesses/gemini.agent.md +30 -0
  273. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-cli.agent.json +1 -0
  274. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-ide.agent.md +30 -0
  275. package/agents/sap/sap-release-change-collision-agent/metadata.json +42 -0
  276. package/agents/sap/sap-rise-sla-vendor-risk-agent/AGENT.md +58 -0
  277. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/claude-code.agent.md +37 -0
  278. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/codex.toml +30 -0
  279. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/copilot.agent.md +31 -0
  280. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/cursor.agent.md +29 -0
  281. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/gemini.agent.md +29 -0
  282. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  283. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-ide.agent.md +29 -0
  284. package/agents/sap/sap-rise-sla-vendor-risk-agent/metadata.json +42 -0
  285. package/agents/sap/sap-role-assignment-guarded-operator-agent/AGENT.md +73 -0
  286. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/claude-code.agent.md +54 -0
  287. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/codex.toml +43 -0
  288. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/copilot.agent.md +38 -0
  289. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/cursor.agent.md +35 -0
  290. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/gemini.agent.md +35 -0
  291. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  292. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-ide.agent.md +35 -0
  293. package/agents/sap/sap-role-assignment-guarded-operator-agent/metadata.json +41 -0
  294. package/agents/sap/sap-s4hana-transformation-architect-agent/AGENT.md +62 -0
  295. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/claude-code.agent.md +41 -0
  296. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/codex.toml +29 -0
  297. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/copilot.agent.md +31 -0
  298. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/cursor.agent.md +29 -0
  299. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/gemini.agent.md +29 -0
  300. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  301. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  302. package/agents/sap/sap-s4hana-transformation-architect-agent/metadata.json +44 -0
  303. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/AGENT.md +59 -0
  304. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  305. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/codex.toml +30 -0
  306. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/copilot.agent.md +32 -0
  307. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/cursor.agent.md +30 -0
  308. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/gemini.agent.md +30 -0
  309. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  310. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  311. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/metadata.json +44 -0
  312. package/agents/sap/sap-signavio-process-mining-value-agent/AGENT.md +59 -0
  313. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/claude-code.agent.md +38 -0
  314. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/codex.toml +30 -0
  315. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/copilot.agent.md +32 -0
  316. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/cursor.agent.md +30 -0
  317. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/gemini.agent.md +30 -0
  318. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-cli.agent.json +1 -0
  319. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-ide.agent.md +30 -0
  320. package/agents/sap/sap-signavio-process-mining-value-agent/metadata.json +44 -0
  321. package/agents/sap/sap-successfactors-hr-process-risk-agent/AGENT.md +59 -0
  322. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/claude-code.agent.md +38 -0
  323. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/codex.toml +30 -0
  324. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/copilot.agent.md +32 -0
  325. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/cursor.agent.md +30 -0
  326. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/gemini.agent.md +30 -0
  327. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  328. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  329. package/agents/sap/sap-successfactors-hr-process-risk-agent/metadata.json +42 -0
  330. package/agents/sap/sap-supply-chain-ibp-resilience-agent/AGENT.md +59 -0
  331. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/claude-code.agent.md +38 -0
  332. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/codex.toml +30 -0
  333. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/copilot.agent.md +32 -0
  334. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/cursor.agent.md +30 -0
  335. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/gemini.agent.md +30 -0
  336. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-cli.agent.json +1 -0
  337. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-ide.agent.md +30 -0
  338. package/agents/sap/sap-supply-chain-ibp-resilience-agent/metadata.json +44 -0
  339. package/agents/sap/sap-testing-quality-gate-agent/AGENT.md +59 -0
  340. package/agents/sap/sap-testing-quality-gate-agent/harnesses/claude-code.agent.md +38 -0
  341. package/agents/sap/sap-testing-quality-gate-agent/harnesses/codex.toml +30 -0
  342. package/agents/sap/sap-testing-quality-gate-agent/harnesses/copilot.agent.md +32 -0
  343. package/agents/sap/sap-testing-quality-gate-agent/harnesses/cursor.agent.md +30 -0
  344. package/agents/sap/sap-testing-quality-gate-agent/harnesses/gemini.agent.md +30 -0
  345. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-cli.agent.json +1 -0
  346. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-ide.agent.md +30 -0
  347. package/agents/sap/sap-testing-quality-gate-agent/metadata.json +42 -0
  348. package/agents/sap/sap-transformation-portfolio-triage-agent/AGENT.md +58 -0
  349. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/claude-code.agent.md +37 -0
  350. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/codex.toml +30 -0
  351. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/copilot.agent.md +31 -0
  352. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/cursor.agent.md +29 -0
  353. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/gemini.agent.md +29 -0
  354. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-cli.agent.json +1 -0
  355. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-ide.agent.md +29 -0
  356. package/agents/sap/sap-transformation-portfolio-triage-agent/metadata.json +42 -0
  357. package/agents/sap/sap-treasury-cash-risk-agent/AGENT.md +59 -0
  358. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/claude-code.agent.md +38 -0
  359. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/codex.toml +30 -0
  360. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/copilot.agent.md +32 -0
  361. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/cursor.agent.md +30 -0
  362. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/gemini.agent.md +30 -0
  363. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  364. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  365. package/agents/sap/sap-treasury-cash-risk-agent/metadata.json +44 -0
  366. package/catalog/agents.json +1323 -0
  367. package/catalog/asset-integrity.json +2283 -43
  368. package/catalog/install-roles.json +94 -0
  369. package/catalog/skill-manifest.json +1770 -3
  370. package/catalog/skills.json +1912 -1
  371. package/package.json +1 -1
  372. package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
  373. package/powers/README.md +3 -2
  374. package/powers/vanguard-sap/POWER.md +43 -0
  375. package/schemas/agent.schema.json +1 -0
  376. package/schemas/skill.schema.json +1 -0
  377. package/scripts/generate-docs-data.mjs +1 -1
  378. package/scripts/generate-kiro-powers.mjs +12 -0
  379. package/skills/claude/add-educational-comments/metadata.json +1 -1
  380. package/skills/sap/sap-abap-cloud-rap-review/SKILL.md +86 -0
  381. package/skills/sap/sap-abap-cloud-rap-review/agents/openai.yaml +11 -0
  382. package/skills/sap/sap-abap-cloud-rap-review/metadata.json +34 -0
  383. package/skills/sap/sap-abap-cloud-rap-review/references/context7-framework-docs.md +126 -0
  384. package/skills/sap/sap-abap-cloud-rap-review/references/official-sources.md +95 -0
  385. package/skills/sap/sap-abap-cloud-rap-review/references/safety-checklist.md +37 -0
  386. package/skills/sap/sap-abap-cloud-rap-review/references/workflow-and-output.md +76 -0
  387. package/skills/sap/sap-ai-core-generative-ai-hub-governance/SKILL.md +92 -0
  388. package/skills/sap/sap-ai-core-generative-ai-hub-governance/agents/openai.yaml +11 -0
  389. package/skills/sap/sap-ai-core-generative-ai-hub-governance/metadata.json +34 -0
  390. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/context7-framework-docs.md +107 -0
  391. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/official-sources.md +91 -0
  392. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/safety-checklist.md +39 -0
  393. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/workflow-and-output.md +75 -0
  394. package/skills/sap/sap-ai-governance-security-architecture-protocol/SKILL.md +168 -0
  395. package/skills/sap/sap-ai-governance-security-architecture-protocol/agents/openai.yaml +11 -0
  396. package/skills/sap/sap-ai-governance-security-architecture-protocol/metadata.json +35 -0
  397. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/official-sources.md +99 -0
  398. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/safety-checklist.md +38 -0
  399. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/workflow-and-output.md +89 -0
  400. package/skills/sap/sap-analytics-cloud-planning-governance/SKILL.md +87 -0
  401. package/skills/sap/sap-analytics-cloud-planning-governance/agents/openai.yaml +11 -0
  402. package/skills/sap/sap-analytics-cloud-planning-governance/metadata.json +33 -0
  403. package/skills/sap/sap-analytics-cloud-planning-governance/references/official-sources.md +89 -0
  404. package/skills/sap/sap-analytics-cloud-planning-governance/references/safety-checklist.md +35 -0
  405. package/skills/sap/sap-analytics-cloud-planning-governance/references/workflow-and-output.md +70 -0
  406. package/skills/sap/sap-audit-evidence-packaging/SKILL.md +92 -0
  407. package/skills/sap/sap-audit-evidence-packaging/agents/openai.yaml +11 -0
  408. package/skills/sap/sap-audit-evidence-packaging/metadata.json +33 -0
  409. package/skills/sap/sap-audit-evidence-packaging/references/official-sources.md +92 -0
  410. package/skills/sap/sap-audit-evidence-packaging/references/safety-checklist.md +38 -0
  411. package/skills/sap/sap-audit-evidence-packaging/references/workflow-and-output.md +129 -0
  412. package/skills/sap/sap-btp-governance-review/SKILL.md +84 -0
  413. package/skills/sap/sap-btp-governance-review/agents/openai.yaml +11 -0
  414. package/skills/sap/sap-btp-governance-review/metadata.json +34 -0
  415. package/skills/sap/sap-btp-governance-review/references/official-sources.md +91 -0
  416. package/skills/sap/sap-btp-governance-review/references/safety-checklist.md +35 -0
  417. package/skills/sap/sap-btp-governance-review/references/workflow-and-output.md +66 -0
  418. package/skills/sap/sap-cap-architecture-review/SKILL.md +86 -0
  419. package/skills/sap/sap-cap-architecture-review/agents/openai.yaml +11 -0
  420. package/skills/sap/sap-cap-architecture-review/metadata.json +34 -0
  421. package/skills/sap/sap-cap-architecture-review/references/context7-framework-docs.md +89 -0
  422. package/skills/sap/sap-cap-architecture-review/references/official-sources.md +93 -0
  423. package/skills/sap/sap-cap-architecture-review/references/safety-checklist.md +37 -0
  424. package/skills/sap/sap-cap-architecture-review/references/workflow-and-output.md +74 -0
  425. package/skills/sap/sap-clean-core-debt-review/SKILL.md +84 -0
  426. package/skills/sap/sap-clean-core-debt-review/agents/openai.yaml +11 -0
  427. package/skills/sap/sap-clean-core-debt-review/metadata.json +33 -0
  428. package/skills/sap/sap-clean-core-debt-review/references/context7-framework-docs.md +56 -0
  429. package/skills/sap/sap-clean-core-debt-review/references/official-sources.md +75 -0
  430. package/skills/sap/sap-clean-core-debt-review/references/safety-checklist.md +36 -0
  431. package/skills/sap/sap-clean-core-debt-review/references/workflow-and-output.md +62 -0
  432. package/skills/sap/sap-cloud-alm-sre-incident-review/SKILL.md +83 -0
  433. package/skills/sap/sap-cloud-alm-sre-incident-review/agents/openai.yaml +11 -0
  434. package/skills/sap/sap-cloud-alm-sre-incident-review/metadata.json +33 -0
  435. package/skills/sap/sap-cloud-alm-sre-incident-review/references/official-sources.md +89 -0
  436. package/skills/sap/sap-cloud-alm-sre-incident-review/references/safety-checklist.md +39 -0
  437. package/skills/sap/sap-cloud-alm-sre-incident-review/references/workflow-and-output.md +88 -0
  438. package/skills/sap/sap-custom-code-remediation-review/SKILL.md +83 -0
  439. package/skills/sap/sap-custom-code-remediation-review/agents/openai.yaml +11 -0
  440. package/skills/sap/sap-custom-code-remediation-review/metadata.json +33 -0
  441. package/skills/sap/sap-custom-code-remediation-review/references/official-sources.md +85 -0
  442. package/skills/sap/sap-custom-code-remediation-review/references/safety-checklist.md +39 -0
  443. package/skills/sap/sap-custom-code-remediation-review/references/workflow-and-output.md +83 -0
  444. package/skills/sap/sap-data-migration-cutover-readiness/SKILL.md +90 -0
  445. package/skills/sap/sap-data-migration-cutover-readiness/agents/openai.yaml +14 -0
  446. package/skills/sap/sap-data-migration-cutover-readiness/metadata.json +32 -0
  447. package/skills/sap/sap-data-migration-cutover-readiness/references/official-sources.md +73 -0
  448. package/skills/sap/sap-data-migration-cutover-readiness/references/safety-checklist.md +51 -0
  449. package/skills/sap/sap-data-migration-cutover-readiness/references/workflow-and-output.md +85 -0
  450. package/skills/sap/sap-data-privacy-analytics-ai-protocol/SKILL.md +162 -0
  451. package/skills/sap/sap-data-privacy-analytics-ai-protocol/agents/openai.yaml +11 -0
  452. package/skills/sap/sap-data-privacy-analytics-ai-protocol/metadata.json +34 -0
  453. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/official-sources.md +93 -0
  454. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/safety-checklist.md +39 -0
  455. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/workflow-and-output.md +78 -0
  456. package/skills/sap/sap-datasphere-data-product-architecture/SKILL.md +86 -0
  457. package/skills/sap/sap-datasphere-data-product-architecture/agents/openai.yaml +11 -0
  458. package/skills/sap/sap-datasphere-data-product-architecture/metadata.json +33 -0
  459. package/skills/sap/sap-datasphere-data-product-architecture/references/official-sources.md +85 -0
  460. package/skills/sap/sap-datasphere-data-product-architecture/references/safety-checklist.md +35 -0
  461. package/skills/sap/sap-datasphere-data-product-architecture/references/workflow-and-output.md +70 -0
  462. package/skills/sap/sap-ewm-tm-logistics-execution-review/SKILL.md +90 -0
  463. package/skills/sap/sap-ewm-tm-logistics-execution-review/agents/openai.yaml +11 -0
  464. package/skills/sap/sap-ewm-tm-logistics-execution-review/metadata.json +32 -0
  465. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/official-sources.md +79 -0
  466. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/safety-checklist.md +37 -0
  467. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/workflow-and-output.md +91 -0
  468. package/skills/sap/sap-finance-fico-controls-review/SKILL.md +91 -0
  469. package/skills/sap/sap-finance-fico-controls-review/agents/openai.yaml +11 -0
  470. package/skills/sap/sap-finance-fico-controls-review/metadata.json +33 -0
  471. package/skills/sap/sap-finance-fico-controls-review/references/official-sources.md +89 -0
  472. package/skills/sap/sap-finance-fico-controls-review/references/safety-checklist.md +38 -0
  473. package/skills/sap/sap-finance-fico-controls-review/references/workflow-and-output.md +88 -0
  474. package/skills/sap/sap-fiori-ui5-ux-review/SKILL.md +87 -0
  475. package/skills/sap/sap-fiori-ui5-ux-review/agents/openai.yaml +14 -0
  476. package/skills/sap/sap-fiori-ui5-ux-review/metadata.json +33 -0
  477. package/skills/sap/sap-fiori-ui5-ux-review/references/context7-framework-docs.md +128 -0
  478. package/skills/sap/sap-fiori-ui5-ux-review/references/official-sources.md +95 -0
  479. package/skills/sap/sap-fiori-ui5-ux-review/references/safety-checklist.md +37 -0
  480. package/skills/sap/sap-fiori-ui5-ux-review/references/workflow-and-output.md +96 -0
  481. package/skills/sap/sap-guarded-btp-entitlement-change/SKILL.md +156 -0
  482. package/skills/sap/sap-guarded-btp-entitlement-change/agents/openai.yaml +17 -0
  483. package/skills/sap/sap-guarded-btp-entitlement-change/metadata.json +33 -0
  484. package/skills/sap/sap-guarded-btp-entitlement-change/references/live-environment-access.md +93 -0
  485. package/skills/sap/sap-guarded-btp-entitlement-change/references/official-sources.md +75 -0
  486. package/skills/sap/sap-guarded-btp-entitlement-change/references/safety-checklist.md +57 -0
  487. package/skills/sap/sap-guarded-btp-entitlement-change/references/workflow-and-output.md +132 -0
  488. package/skills/sap/sap-guarded-integration-flow-change/SKILL.md +151 -0
  489. package/skills/sap/sap-guarded-integration-flow-change/agents/openai.yaml +17 -0
  490. package/skills/sap/sap-guarded-integration-flow-change/metadata.json +33 -0
  491. package/skills/sap/sap-guarded-integration-flow-change/references/live-environment-access.md +80 -0
  492. package/skills/sap/sap-guarded-integration-flow-change/references/official-sources.md +73 -0
  493. package/skills/sap/sap-guarded-integration-flow-change/references/safety-checklist.md +56 -0
  494. package/skills/sap/sap-guarded-integration-flow-change/references/workflow-and-output.md +122 -0
  495. package/skills/sap/sap-guarded-role-assignment/SKILL.md +159 -0
  496. package/skills/sap/sap-guarded-role-assignment/agents/openai.yaml +17 -0
  497. package/skills/sap/sap-guarded-role-assignment/metadata.json +33 -0
  498. package/skills/sap/sap-guarded-role-assignment/references/live-environment-access.md +93 -0
  499. package/skills/sap/sap-guarded-role-assignment/references/official-sources.md +73 -0
  500. package/skills/sap/sap-guarded-role-assignment/references/safety-checklist.md +57 -0
  501. package/skills/sap/sap-guarded-role-assignment/references/workflow-and-output.md +133 -0
  502. package/skills/sap/sap-guarded-transport-import/SKILL.md +144 -0
  503. package/skills/sap/sap-guarded-transport-import/agents/openai.yaml +14 -0
  504. package/skills/sap/sap-guarded-transport-import/metadata.json +34 -0
  505. package/skills/sap/sap-guarded-transport-import/references/live-environment-access.md +81 -0
  506. package/skills/sap/sap-guarded-transport-import/references/official-sources.md +79 -0
  507. package/skills/sap/sap-guarded-transport-import/references/safety-checklist.md +52 -0
  508. package/skills/sap/sap-guarded-transport-import/references/workflow-and-output.md +93 -0
  509. package/skills/sap/sap-hana-cloud-performance-cost/SKILL.md +87 -0
  510. package/skills/sap/sap-hana-cloud-performance-cost/agents/openai.yaml +11 -0
  511. package/skills/sap/sap-hana-cloud-performance-cost/metadata.json +33 -0
  512. package/skills/sap/sap-hana-cloud-performance-cost/references/context7-framework-docs.md +94 -0
  513. package/skills/sap/sap-hana-cloud-performance-cost/references/official-sources.md +83 -0
  514. package/skills/sap/sap-hana-cloud-performance-cost/references/safety-checklist.md +36 -0
  515. package/skills/sap/sap-hana-cloud-performance-cost/references/workflow-and-output.md +68 -0
  516. package/skills/sap/sap-hypercare-incident-commander-review/SKILL.md +93 -0
  517. package/skills/sap/sap-hypercare-incident-commander-review/agents/openai.yaml +14 -0
  518. package/skills/sap/sap-hypercare-incident-commander-review/metadata.json +31 -0
  519. package/skills/sap/sap-hypercare-incident-commander-review/references/official-sources.md +63 -0
  520. package/skills/sap/sap-hypercare-incident-commander-review/references/safety-checklist.md +55 -0
  521. package/skills/sap/sap-hypercare-incident-commander-review/references/workflow-and-output.md +98 -0
  522. package/skills/sap/sap-integration-platform-businessops-protocol/SKILL.md +162 -0
  523. package/skills/sap/sap-integration-platform-businessops-protocol/agents/openai.yaml +11 -0
  524. package/skills/sap/sap-integration-platform-businessops-protocol/metadata.json +35 -0
  525. package/skills/sap/sap-integration-platform-businessops-protocol/references/official-sources.md +99 -0
  526. package/skills/sap/sap-integration-platform-businessops-protocol/references/safety-checklist.md +36 -0
  527. package/skills/sap/sap-integration-platform-businessops-protocol/references/workflow-and-output.md +76 -0
  528. package/skills/sap/sap-integration-suite-review/SKILL.md +87 -0
  529. package/skills/sap/sap-integration-suite-review/agents/openai.yaml +11 -0
  530. package/skills/sap/sap-integration-suite-review/metadata.json +33 -0
  531. package/skills/sap/sap-integration-suite-review/references/context7-framework-docs.md +76 -0
  532. package/skills/sap/sap-integration-suite-review/references/official-sources.md +79 -0
  533. package/skills/sap/sap-integration-suite-review/references/safety-checklist.md +36 -0
  534. package/skills/sap/sap-integration-suite-review/references/workflow-and-output.md +78 -0
  535. package/skills/sap/sap-joule-governance-adoption-review/SKILL.md +83 -0
  536. package/skills/sap/sap-joule-governance-adoption-review/agents/openai.yaml +11 -0
  537. package/skills/sap/sap-joule-governance-adoption-review/metadata.json +33 -0
  538. package/skills/sap/sap-joule-governance-adoption-review/references/official-sources.md +83 -0
  539. package/skills/sap/sap-joule-governance-adoption-review/references/safety-checklist.md +37 -0
  540. package/skills/sap/sap-joule-governance-adoption-review/references/workflow-and-output.md +81 -0
  541. package/skills/sap/sap-license-btp-consumption-finops-review/SKILL.md +89 -0
  542. package/skills/sap/sap-license-btp-consumption-finops-review/agents/openai.yaml +11 -0
  543. package/skills/sap/sap-license-btp-consumption-finops-review/metadata.json +32 -0
  544. package/skills/sap/sap-license-btp-consumption-finops-review/references/official-sources.md +71 -0
  545. package/skills/sap/sap-license-btp-consumption-finops-review/references/safety-checklist.md +36 -0
  546. package/skills/sap/sap-license-btp-consumption-finops-review/references/workflow-and-output.md +69 -0
  547. package/skills/sap/sap-live-readonly-identity-trust-discovery/SKILL.md +142 -0
  548. package/skills/sap/sap-live-readonly-identity-trust-discovery/agents/openai.yaml +14 -0
  549. package/skills/sap/sap-live-readonly-identity-trust-discovery/metadata.json +34 -0
  550. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/live-environment-access.md +151 -0
  551. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/official-sources.md +83 -0
  552. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/safety-checklist.md +49 -0
  553. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/workflow-and-output.md +103 -0
  554. package/skills/sap/sap-live-readonly-landscape-discovery/SKILL.md +135 -0
  555. package/skills/sap/sap-live-readonly-landscape-discovery/agents/openai.yaml +14 -0
  556. package/skills/sap/sap-live-readonly-landscape-discovery/metadata.json +34 -0
  557. package/skills/sap/sap-live-readonly-landscape-discovery/references/live-environment-access.md +111 -0
  558. package/skills/sap/sap-live-readonly-landscape-discovery/references/official-sources.md +83 -0
  559. package/skills/sap/sap-live-readonly-landscape-discovery/references/safety-checklist.md +45 -0
  560. package/skills/sap/sap-live-readonly-landscape-discovery/references/workflow-and-output.md +102 -0
  561. package/skills/sap/sap-maestro/SKILL.md +81 -0
  562. package/skills/sap/sap-maestro/agents/openai.yaml +11 -0
  563. package/skills/sap/sap-maestro/metadata.json +32 -0
  564. package/skills/sap/sap-maestro/references/official-sources.md +53 -0
  565. package/skills/sap/sap-maestro/references/safety-checklist.md +39 -0
  566. package/skills/sap/sap-maestro/references/workflow-and-output.md +73 -0
  567. package/skills/sap/sap-manufacturing-execution-risk-review/SKILL.md +89 -0
  568. package/skills/sap/sap-manufacturing-execution-risk-review/agents/openai.yaml +11 -0
  569. package/skills/sap/sap-manufacturing-execution-risk-review/metadata.json +32 -0
  570. package/skills/sap/sap-manufacturing-execution-risk-review/references/official-sources.md +79 -0
  571. package/skills/sap/sap-manufacturing-execution-risk-review/references/safety-checklist.md +39 -0
  572. package/skills/sap/sap-manufacturing-execution-risk-review/references/workflow-and-output.md +91 -0
  573. package/skills/sap/sap-mdg-master-data-quality-review/SKILL.md +85 -0
  574. package/skills/sap/sap-mdg-master-data-quality-review/agents/openai.yaml +11 -0
  575. package/skills/sap/sap-mdg-master-data-quality-review/metadata.json +33 -0
  576. package/skills/sap/sap-mdg-master-data-quality-review/references/official-sources.md +89 -0
  577. package/skills/sap/sap-mdg-master-data-quality-review/references/safety-checklist.md +37 -0
  578. package/skills/sap/sap-mdg-master-data-quality-review/references/workflow-and-output.md +91 -0
  579. package/skills/sap/sap-order-to-cash-review/SKILL.md +89 -0
  580. package/skills/sap/sap-order-to-cash-review/agents/openai.yaml +11 -0
  581. package/skills/sap/sap-order-to-cash-review/metadata.json +32 -0
  582. package/skills/sap/sap-order-to-cash-review/references/official-sources.md +79 -0
  583. package/skills/sap/sap-order-to-cash-review/references/safety-checklist.md +39 -0
  584. package/skills/sap/sap-order-to-cash-review/references/workflow-and-output.md +87 -0
  585. package/skills/sap/sap-procurement-ariba-value-leakage-review/SKILL.md +90 -0
  586. package/skills/sap/sap-procurement-ariba-value-leakage-review/agents/openai.yaml +11 -0
  587. package/skills/sap/sap-procurement-ariba-value-leakage-review/metadata.json +32 -0
  588. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/official-sources.md +79 -0
  589. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/safety-checklist.md +38 -0
  590. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/workflow-and-output.md +87 -0
  591. package/skills/sap/sap-procurement-license-finops-vendor-protocol/SKILL.md +155 -0
  592. package/skills/sap/sap-procurement-license-finops-vendor-protocol/agents/openai.yaml +11 -0
  593. package/skills/sap/sap-procurement-license-finops-vendor-protocol/metadata.json +35 -0
  594. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/official-sources.md +99 -0
  595. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/safety-checklist.md +36 -0
  596. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/workflow-and-output.md +62 -0
  597. package/skills/sap/sap-release-change-collision-review/SKILL.md +92 -0
  598. package/skills/sap/sap-release-change-collision-review/agents/openai.yaml +14 -0
  599. package/skills/sap/sap-release-change-collision-review/metadata.json +31 -0
  600. package/skills/sap/sap-release-change-collision-review/references/official-sources.md +63 -0
  601. package/skills/sap/sap-release-change-collision-review/references/safety-checklist.md +51 -0
  602. package/skills/sap/sap-release-change-collision-review/references/workflow-and-output.md +85 -0
  603. package/skills/sap/sap-release-cutover-finance-controls-protocol/SKILL.md +170 -0
  604. package/skills/sap/sap-release-cutover-finance-controls-protocol/agents/openai.yaml +11 -0
  605. package/skills/sap/sap-release-cutover-finance-controls-protocol/metadata.json +33 -0
  606. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/official-sources.md +89 -0
  607. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/safety-checklist.md +39 -0
  608. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/workflow-and-output.md +98 -0
  609. package/skills/sap/sap-rise-sla-vendor-risk-review/SKILL.md +88 -0
  610. package/skills/sap/sap-rise-sla-vendor-risk-review/agents/openai.yaml +11 -0
  611. package/skills/sap/sap-rise-sla-vendor-risk-review/metadata.json +32 -0
  612. package/skills/sap/sap-rise-sla-vendor-risk-review/references/official-sources.md +73 -0
  613. package/skills/sap/sap-rise-sla-vendor-risk-review/references/safety-checklist.md +36 -0
  614. package/skills/sap/sap-rise-sla-vendor-risk-review/references/workflow-and-output.md +56 -0
  615. package/skills/sap/sap-s4hana-transformation-architecture-review/SKILL.md +84 -0
  616. package/skills/sap/sap-s4hana-transformation-architecture-review/agents/openai.yaml +14 -0
  617. package/skills/sap/sap-s4hana-transformation-architecture-review/metadata.json +32 -0
  618. package/skills/sap/sap-s4hana-transformation-architecture-review/references/official-sources.md +75 -0
  619. package/skills/sap/sap-s4hana-transformation-architecture-review/references/safety-checklist.md +40 -0
  620. package/skills/sap/sap-s4hana-transformation-architecture-review/references/workflow-and-output.md +67 -0
  621. package/skills/sap/sap-security-hr-legal-protocol/SKILL.md +149 -0
  622. package/skills/sap/sap-security-hr-legal-protocol/agents/openai.yaml +11 -0
  623. package/skills/sap/sap-security-hr-legal-protocol/metadata.json +34 -0
  624. package/skills/sap/sap-security-hr-legal-protocol/references/official-sources.md +89 -0
  625. package/skills/sap/sap-security-hr-legal-protocol/references/safety-checklist.md +38 -0
  626. package/skills/sap/sap-security-hr-legal-protocol/references/workflow-and-output.md +65 -0
  627. package/skills/sap/sap-security-iam-grc-sod-review/SKILL.md +86 -0
  628. package/skills/sap/sap-security-iam-grc-sod-review/agents/openai.yaml +11 -0
  629. package/skills/sap/sap-security-iam-grc-sod-review/metadata.json +33 -0
  630. package/skills/sap/sap-security-iam-grc-sod-review/references/official-sources.md +83 -0
  631. package/skills/sap/sap-security-iam-grc-sod-review/references/safety-checklist.md +36 -0
  632. package/skills/sap/sap-security-iam-grc-sod-review/references/workflow-and-output.md +79 -0
  633. package/skills/sap/sap-signavio-process-mining-value/SKILL.md +85 -0
  634. package/skills/sap/sap-signavio-process-mining-value/agents/openai.yaml +11 -0
  635. package/skills/sap/sap-signavio-process-mining-value/metadata.json +33 -0
  636. package/skills/sap/sap-signavio-process-mining-value/references/official-sources.md +89 -0
  637. package/skills/sap/sap-signavio-process-mining-value/references/safety-checklist.md +36 -0
  638. package/skills/sap/sap-signavio-process-mining-value/references/workflow-and-output.md +91 -0
  639. package/skills/sap/sap-successfactors-hr-process-risk-review/SKILL.md +92 -0
  640. package/skills/sap/sap-successfactors-hr-process-risk-review/agents/openai.yaml +11 -0
  641. package/skills/sap/sap-successfactors-hr-process-risk-review/metadata.json +33 -0
  642. package/skills/sap/sap-successfactors-hr-process-risk-review/references/official-sources.md +83 -0
  643. package/skills/sap/sap-successfactors-hr-process-risk-review/references/safety-checklist.md +38 -0
  644. package/skills/sap/sap-successfactors-hr-process-risk-review/references/workflow-and-output.md +86 -0
  645. package/skills/sap/sap-supply-chain-ibp-resilience-review/SKILL.md +90 -0
  646. package/skills/sap/sap-supply-chain-ibp-resilience-review/agents/openai.yaml +11 -0
  647. package/skills/sap/sap-supply-chain-ibp-resilience-review/metadata.json +32 -0
  648. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/official-sources.md +79 -0
  649. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/safety-checklist.md +38 -0
  650. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/workflow-and-output.md +89 -0
  651. package/skills/sap/sap-testing-quality-gate-review/SKILL.md +92 -0
  652. package/skills/sap/sap-testing-quality-gate-review/agents/openai.yaml +14 -0
  653. package/skills/sap/sap-testing-quality-gate-review/metadata.json +31 -0
  654. package/skills/sap/sap-testing-quality-gate-review/references/official-sources.md +65 -0
  655. package/skills/sap/sap-testing-quality-gate-review/references/safety-checklist.md +53 -0
  656. package/skills/sap/sap-testing-quality-gate-review/references/workflow-and-output.md +98 -0
  657. package/skills/sap/sap-transformation-portfolio-triage-review/SKILL.md +87 -0
  658. package/skills/sap/sap-transformation-portfolio-triage-review/agents/openai.yaml +11 -0
  659. package/skills/sap/sap-transformation-portfolio-triage-review/metadata.json +32 -0
  660. package/skills/sap/sap-transformation-portfolio-triage-review/references/official-sources.md +71 -0
  661. package/skills/sap/sap-transformation-portfolio-triage-review/references/safety-checklist.md +36 -0
  662. package/skills/sap/sap-transformation-portfolio-triage-review/references/workflow-and-output.md +69 -0
  663. package/skills/sap/sap-treasury-cash-risk-review/SKILL.md +90 -0
  664. package/skills/sap/sap-treasury-cash-risk-review/agents/openai.yaml +11 -0
  665. package/skills/sap/sap-treasury-cash-risk-review/metadata.json +32 -0
  666. package/skills/sap/sap-treasury-cash-risk-review/references/official-sources.md +79 -0
  667. package/skills/sap/sap-treasury-cash-risk-review/references/safety-checklist.md +38 -0
  668. package/skills/sap/sap-treasury-cash-risk-review/references/workflow-and-output.md +89 -0
  669. package/tests/fixtures/sap-maestro-routing/expected/01-clean-core-debt.json +6 -0
  670. package/tests/fixtures/sap-maestro-routing/expected/02-landscape-discovery.json +6 -0
  671. package/tests/fixtures/sap-maestro-routing/expected/03-live-guard-transport.json +6 -0
  672. package/tests/fixtures/sap-maestro-routing/expected/04-adversarial-injection.json +6 -0
  673. package/tests/fixtures/sap-maestro-routing/expected/05-adversarial-persona.json +6 -0
  674. package/tests/fixtures/sap-maestro-routing/expected/06-ambiguous.json +4 -0
  675. package/tests/fixtures/sap-maestro-routing/expected/07-secrets-bait.json +6 -0
  676. package/tests/fixtures/sap-maestro-routing/expected/08-btp-governance.json +6 -0
  677. package/tests/fixtures/sap-maestro-routing/expected/09-integration-suite.json +6 -0
  678. package/tests/fixtures/sap-maestro-routing/expected/10-security-sod.json +6 -0
  679. package/tests/fixtures/sap-maestro-routing/expected/11-cap-architecture.json +6 -0
  680. package/tests/fixtures/sap-maestro-routing/expected/12-abap-cloud-rap.json +7 -0
  681. package/tests/fixtures/sap-maestro-routing/expected/13-ai-governance.json +6 -0
  682. package/tests/fixtures/sap-maestro-routing/expected/14-datasphere.json +6 -0
  683. package/tests/fixtures/sap-maestro-routing/expected/15-analytics-cloud.json +6 -0
  684. package/tests/fixtures/sap-maestro-routing/expected/16-hana-cloud.json +6 -0
  685. package/tests/fixtures/sap-maestro-routing/expected/17-s4hana-transformation.json +6 -0
  686. package/tests/fixtures/sap-maestro-routing/expected/18-custom-code-remediation.json +6 -0
  687. package/tests/fixtures/sap-maestro-routing/expected/19-data-migration-cutover.json +6 -0
  688. package/tests/fixtures/sap-maestro-routing/expected/20-finance-fico.json +6 -0
  689. package/tests/fixtures/sap-maestro-routing/expected/21-mdg-master-data.json +6 -0
  690. package/tests/fixtures/sap-maestro-routing/expected/22-signavio.json +6 -0
  691. package/tests/fixtures/sap-maestro-routing/expected/23-procurement-ariba.json +6 -0
  692. package/tests/fixtures/sap-maestro-routing/expected/24-supply-chain-ibp.json +6 -0
  693. package/tests/fixtures/sap-maestro-routing/expected/25-order-to-cash.json +6 -0
  694. package/tests/fixtures/sap-maestro-routing/expected/26-treasury.json +6 -0
  695. package/tests/fixtures/sap-maestro-routing/expected/27-ewm-tm.json +6 -0
  696. package/tests/fixtures/sap-maestro-routing/expected/28-manufacturing.json +6 -0
  697. package/tests/fixtures/sap-maestro-routing/expected/29-successfactors.json +6 -0
  698. package/tests/fixtures/sap-maestro-routing/expected/30-joule.json +6 -0
  699. package/tests/fixtures/sap-maestro-routing/expected/31-cloud-alm.json +6 -0
  700. package/tests/fixtures/sap-maestro-routing/expected/32-transformation-portfolio.json +6 -0
  701. package/tests/fixtures/sap-maestro-routing/expected/33-rise-sla.json +6 -0
  702. package/tests/fixtures/sap-maestro-routing/expected/34-license-finops.json +6 -0
  703. package/tests/fixtures/sap-maestro-routing/expected/35-testing-quality.json +6 -0
  704. package/tests/fixtures/sap-maestro-routing/expected/36-release-collision.json +6 -0
  705. package/tests/fixtures/sap-maestro-routing/expected/37-hypercare.json +6 -0
  706. package/tests/fixtures/sap-maestro-routing/expected/38-identity-trust.json +6 -0
  707. package/tests/fixtures/sap-maestro-routing/expected/39-fiori-ui5.json +6 -0
  708. package/tests/fixtures/sap-maestro-routing/expected/40-audit-evidence.json +6 -0
  709. package/tests/fixtures/sap-maestro-routing/expected/41-guard-role-assign.json +6 -0
  710. package/tests/fixtures/sap-maestro-routing/expected/42-guard-iflow-deploy.json +6 -0
  711. package/tests/fixtures/sap-maestro-routing/expected/43-guard-entitlement.json +6 -0
  712. package/tests/fixtures/sap-maestro-routing/inputs/01-clean-core-debt.json +5 -0
  713. package/tests/fixtures/sap-maestro-routing/inputs/02-landscape-discovery.json +5 -0
  714. package/tests/fixtures/sap-maestro-routing/inputs/03-live-guard-transport.json +7 -0
  715. package/tests/fixtures/sap-maestro-routing/inputs/04-adversarial-injection.json +7 -0
  716. package/tests/fixtures/sap-maestro-routing/inputs/05-adversarial-persona.json +7 -0
  717. package/tests/fixtures/sap-maestro-routing/inputs/06-ambiguous.json +7 -0
  718. package/tests/fixtures/sap-maestro-routing/inputs/07-secrets-bait.json +7 -0
  719. package/tests/fixtures/sap-maestro-routing/inputs/08-btp-governance.json +7 -0
  720. package/tests/fixtures/sap-maestro-routing/inputs/09-integration-suite.json +7 -0
  721. package/tests/fixtures/sap-maestro-routing/inputs/10-security-sod.json +7 -0
  722. package/tests/fixtures/sap-maestro-routing/inputs/11-cap-architecture.json +7 -0
  723. package/tests/fixtures/sap-maestro-routing/inputs/12-abap-cloud-rap.json +7 -0
  724. package/tests/fixtures/sap-maestro-routing/inputs/13-ai-governance.json +7 -0
  725. package/tests/fixtures/sap-maestro-routing/inputs/14-datasphere.json +7 -0
  726. package/tests/fixtures/sap-maestro-routing/inputs/15-analytics-cloud.json +7 -0
  727. package/tests/fixtures/sap-maestro-routing/inputs/16-hana-cloud.json +7 -0
  728. package/tests/fixtures/sap-maestro-routing/inputs/17-s4hana-transformation.json +7 -0
  729. package/tests/fixtures/sap-maestro-routing/inputs/18-custom-code-remediation.json +7 -0
  730. package/tests/fixtures/sap-maestro-routing/inputs/19-data-migration-cutover.json +7 -0
  731. package/tests/fixtures/sap-maestro-routing/inputs/20-finance-fico.json +7 -0
  732. package/tests/fixtures/sap-maestro-routing/inputs/21-mdg-master-data.json +7 -0
  733. package/tests/fixtures/sap-maestro-routing/inputs/22-signavio.json +7 -0
  734. package/tests/fixtures/sap-maestro-routing/inputs/23-procurement-ariba.json +7 -0
  735. package/tests/fixtures/sap-maestro-routing/inputs/24-supply-chain-ibp.json +7 -0
  736. package/tests/fixtures/sap-maestro-routing/inputs/25-order-to-cash.json +7 -0
  737. package/tests/fixtures/sap-maestro-routing/inputs/26-treasury.json +7 -0
  738. package/tests/fixtures/sap-maestro-routing/inputs/27-ewm-tm.json +7 -0
  739. package/tests/fixtures/sap-maestro-routing/inputs/28-manufacturing.json +7 -0
  740. package/tests/fixtures/sap-maestro-routing/inputs/29-successfactors.json +7 -0
  741. package/tests/fixtures/sap-maestro-routing/inputs/30-joule.json +7 -0
  742. package/tests/fixtures/sap-maestro-routing/inputs/31-cloud-alm.json +7 -0
  743. package/tests/fixtures/sap-maestro-routing/inputs/32-transformation-portfolio.json +7 -0
  744. package/tests/fixtures/sap-maestro-routing/inputs/33-rise-sla.json +7 -0
  745. package/tests/fixtures/sap-maestro-routing/inputs/34-license-finops.json +7 -0
  746. package/tests/fixtures/sap-maestro-routing/inputs/35-testing-quality.json +7 -0
  747. package/tests/fixtures/sap-maestro-routing/inputs/36-release-collision.json +7 -0
  748. package/tests/fixtures/sap-maestro-routing/inputs/37-hypercare.json +7 -0
  749. package/tests/fixtures/sap-maestro-routing/inputs/38-identity-trust.json +7 -0
  750. package/tests/fixtures/sap-maestro-routing/inputs/39-fiori-ui5.json +7 -0
  751. package/tests/fixtures/sap-maestro-routing/inputs/40-audit-evidence.json +7 -0
  752. package/tests/fixtures/sap-maestro-routing/inputs/41-guard-role-assign.json +7 -0
  753. package/tests/fixtures/sap-maestro-routing/inputs/42-guard-iflow-deploy.json +7 -0
  754. package/tests/fixtures/sap-maestro-routing/inputs/43-guard-entitlement.json +7 -0
  755. package/tests/fixtures/sap-maestro-routing/taxonomy.json +509 -0
  756. package/tests/validate-catalog.py +1 -0
@@ -0,0 +1,81 @@
1
+ # Workflow and output contract — SAP Joule Governance and Adoption Review
2
+
3
+ Use this reference for all finding classification, risk level assignment, remediation path selection, and output formatting.
4
+
5
+ ## Joule governance domain taxonomy
6
+
7
+ | Domain | Finding class | Description |
8
+ |--------|--------------|-------------|
9
+ | `scope-grounding` | `unapproved-skill-activation` | Joule skill or action enabled for a connected SAP solution that has not been through the organization's Joule rollout approval process |
10
+ | `scope-grounding` | `write-back-without-confirmation` | Joule action skill that creates, updates, or deletes records in an underlying SAP system without an explicit user confirmation step |
11
+ | `scope-grounding` | `overly-broad-capability-scope` | Joule capabilities activated for a user population broader than required — end users with access to skills intended for managers or administrators |
12
+ | `data-access-boundary` | `authorization-bypass-risk` | Joule can surface data that the user is not authorized to see in the underlying SAP application — authorization model not correctly enforced in Joule context |
13
+ | `data-access-boundary` | `cross-application-unreviewed-aggregation` | Joule aggregates data across multiple connected SAP systems for a user without a governance review of the user's cross-system access rights |
14
+ | `data-access-boundary` | `sensitive-data-in-joule-response` | Joule responses include sensitive business data (compensation, financial positions, procurement prices, personal data) visible to users who are not authorized for that data in the underlying system |
15
+ | `auditability` | `no-interaction-logging` | Joule interaction logging not enabled for a deployment in a regulated or compliance-sensitive business process |
16
+ | `auditability` | `log-access-not-restricted` | Joule interaction logs are accessible without role restriction — any user or administrator can read logs containing other users' prompt content |
17
+ | `auditability` | `insufficient-log-retention` | Joule interaction log retention period does not meet the organization's audit or regulatory requirements |
18
+ | `role-aware-config` | `role-context-not-configured` | Joule role-aware context configuration has not been set up for one or more connected SAP solutions — Joule may not tailor responses to the user's business role |
19
+ | `role-aware-config` | `role-misconfiguration-over-disclosure` | Incorrect role-aware context configuration causes Joule to surface data appropriate for a more privileged role than the user holds |
20
+ | `hallucination-risk` | `regulated-workflow-no-verification` | Joule is used in a financial, HR, legal, or procurement decision workflow without a documented human verification requirement before actioning the output |
21
+ | `hallucination-risk` | `no-source-attribution` | Joule responses for compliance-relevant queries do not include source attribution or grounding data citation |
22
+ | `hallucination-risk` | `no-acceptable-use-training` | End users have not received training on Joule output validation — over-trust risk not mitigated through user awareness |
23
+ | `change-management` | `no-acceptable-use-policy` | No documented acceptable-use policy exists defining permitted and prohibited uses of Joule, output validation requirements, and escalation paths |
24
+ | `change-management` | `no-rollout-governance-process` | No documented process exists for approving and activating additional Joule capabilities beyond the initial deployment |
25
+ | `change-management` | `no-feedback-monitoring-mechanism` | No feedback or monitoring mechanism exists to detect Joule misuse, over-reliance, or systematic output quality issues post-deployment |
26
+
27
+ ## Risk classification
28
+
29
+ | Risk level | Criteria |
30
+ |-----------|---------|
31
+ | `critical` | Confirmed Joule data access boundary breach: Joule surfaces data the user is not authorized to see in the underlying SAP system; cross-application aggregation exposes regulated personal data without authorization |
32
+ | `high` | Write-back skill without confirmation step; cross-application unreviewed data aggregation; no interaction logging for a regulated business process; regulated workflow with no human verification requirement for Joule outputs; role misconfiguration causing over-disclosure of sensitive business data |
33
+ | `medium` | Missing acceptable-use policy; untested role-aware configuration; insufficient log retention; no feedback and monitoring mechanism; no source attribution for compliance-relevant responses |
34
+ | `low` | Best practice deviation in rollout governance materials, adoption documentation, or monitoring coverage without immediate risk |
35
+
36
+ ## Remediation path decision tree
37
+
38
+ For each finding:
39
+
40
+ 1. **Is this a confirmed Joule data access boundary breach (Joule surfaces unauthorized data)?**
41
+ - Yes → `critical`. Immediately restrict the affected Joule capability or suspend the connected system integration. Escalate to the security and data protection team. Do not resume the capability until the authorization boundary is confirmed to be enforced. State this explicitly.
42
+ - No → continue.
43
+
44
+ 2. **Is this a write-back skill without an explicit confirmation step?**
45
+ - Yes → `high`. Disable the write-back skill until a confirmation step is implemented in the Joule skill configuration or the connected SAP system workflow. Document the required confirmation UX and approval path before re-enabling.
46
+ - No → continue.
47
+
48
+ 3. **Is this a regulated workflow (financial, HR, legal, procurement) with no human verification requirement?**
49
+ - Yes → `high`. Define and document a human verification requirement for the affected workflow. Add an explicit policy statement in the acceptable-use policy that Joule outputs in this workflow must be verified by a qualified human before actioning. Train affected users.
50
+ - No → continue.
51
+
52
+ 4. **Is this missing interaction logging for a compliance-sensitive deployment?**
53
+ - Yes → `high`. Enable Joule interaction logging per SAP Joule administration documentation. Restrict log access to authorized roles. Define and document a log retention policy meeting the organization's audit requirements.
54
+ - No → continue.
55
+
56
+ 5. **Is this a governance process or policy gap (missing acceptable-use policy, no rollout governance, untested role configuration)?**
57
+ - Yes → `medium`. Draft the acceptable-use policy covering permitted uses, prohibited uses, output validation requirements, and escalation paths. Define a rollout governance process for capability additions. Test role-aware configuration in a sandbox environment.
58
+ - No → classify as `low` and provide adoption best practice guidance.
59
+
60
+ ## Workflow
61
+
62
+ 1. **Receive artifacts** — Joule configuration documentation, skill activation lists, data access boundary descriptions, audit log configuration summaries, acceptable-use policy documents, training material descriptions, or written governance posture descriptions.
63
+ 2. **Classify each finding** by Joule governance domain and finding class above.
64
+ 3. **Assign risk level** per risk classification table (critical / high / medium / low).
65
+ 4. **Flag critical findings immediately** — confirmed data access boundary breaches must be escalated before other remediation is discussed.
66
+ 5. **Apply remediation decision tree** per finding.
67
+ 6. **Prioritize** — critical data boundary findings first; then high write-back, logging, and regulated workflow findings; then medium policy and configuration gaps; then low adoption best-practice items.
68
+ 7. **Return output** per the output contract below.
69
+
70
+ ## Output contract
71
+
72
+ Return:
73
+
74
+ 1. Joule governance domain and finding class per finding
75
+ 2. Evidence label (documentation-based / user-provided evidence / inference)
76
+ 3. Risk level per finding (critical / high / medium / low)
77
+ 4. Capability or workflow detail (if applicable): Joule skill name or type, connected SAP solution, affected user population, or business process
78
+ 5. Recommended governance control per finding (skill deactivation, confirmation step addition, interaction logging enablement, role-aware config correction, verification policy, acceptable-use policy, etc.)
79
+ 6. Joule governance posture after remediation
80
+ 7. Escalation notice for confirmed data access boundary breaches — explicit statement that security and data protection team must be engaged before resuming the affected capability
81
+ 8. Prioritized remediation sequence
@@ -0,0 +1,89 @@
1
+ ---
2
+ name: sap-license-btp-consumption-finops-review
3
+ description: Advisory FinOps review of SAP licensing and BTP consumption under CPEA and other commercial models: entitlement vs actual consumption, overage and underutilization patterns, cost allocation, commitment optimization, FUE and digital access licensing, and BTP service cost drivers. Does not touch or mutate any live system.
4
+ allowed-tools: Read Grep Glob WebSearch WebFetch
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-06-19"
9
+ category: finops
10
+ lifecycle: experimental
11
+ ---
12
+
13
+ # SAP License and BTP Consumption FinOps Review
14
+
15
+ ## Purpose
16
+
17
+ Assess the cost and licensing posture of an SAP landscape using FinOps principles. Evaluate SAP software license entitlements versus actual consumption, identify overage charges and underutilized license blocks, review BTP consumption under the Cloud Platform Enterprise Agreement (CPEA) or other commercial models, analyze cost allocation across teams and use cases, surface commitment optimization opportunities, assess Full Use Equivalent (FUE) and digital access licensing exposure, and identify the primary BTP service cost drivers. Surface licensing gaps, consumption inefficiencies, incorrect license type assignments, and commercial model mismatches that drive unnecessary spend. Does not connect to or mutate any live system, SAP for Me portal, or SAP licensing management platform.
18
+
19
+ ## When to use
20
+
21
+ Use this skill when the user asks to:
22
+
23
+ - review SAP software license entitlements versus actual system usage to identify overage or underutilization,
24
+ - assess BTP consumption under CPEA, Pay-As-You-Go, or subscription commercial models for cost optimization,
25
+ - identify which BTP services are the primary cost drivers and evaluate whether consumption is proportionate to business value delivered,
26
+ - review FUE licensing and digital access user type assignments for correct classification and cost efficiency,
27
+ - assess cost allocation practices for BTP and SAP license spend across business units, cost centers, or projects,
28
+ - identify SAP license commitment optimization opportunities (right-sizing, license type conversion, consolidation),
29
+ - review the commercial model fit between the customer's consumption pattern and their current SAP commercial agreement,
30
+ - prepare for SAP license audit readiness or True-Up negotiations,
31
+ - evaluate indirect access or digital access risk from third-party integrations reading or writing SAP data,
32
+ - support an annual BTP or SAP license budget review or cost challenge.
33
+
34
+ ## When not to use
35
+
36
+ - When the request requires live access to SAP for Me, the SAP License Administration Workbench (LAW), BTP cockpit usage data, or any live measurement tool — this skill accepts only user-provided consumption reports, entitlement summaries, or written descriptions.
37
+ - When the request concerns RISE with SAP contract SLA and vendor risk — use `sap-rise-sla-vendor-risk-review`.
38
+ - When the request concerns BTP account model governance (subaccount structure, entitlement sprawl, role collections) — use `sap-btp-governance-review`.
39
+ - When the request concerns the technical transformation program structure — use `sap-transformation-portfolio-triage-review`.
40
+ - When the request requires legal advice on SAP contract terms — this skill provides advisory cost classification, not legal counsel.
41
+
42
+ ## Does not touch live systems
43
+
44
+ This skill operates on user-provided license entitlement reports, SAP for Me exports, BTP consumption reports, commercial model summaries, cost allocation data, or written descriptions of the SAP licensing and BTP consumption posture. It does not connect to SAP for Me, the License Administration Workbench, the BTP cockpit, the SAP Global License Audit and Compliance team portal, or any live environment. All live inspection is out of scope.
45
+
46
+ ## Lean operating rules
47
+
48
+ - Classify spend before optimizing. Every license or consumption finding must be classified by license or cost category before an optimization recommendation is made.
49
+ - Distinguish entitlement from consumption. An entitlement is the right to use a capability. Consumption is the actual measured use. Optimization findings live in the gap between the two — either overage (consumption exceeds entitlement) or underutilization (entitlement exceeds consumption).
50
+ - BTP commercial models have different optimization levers. CPEA is a prepaid credit model — unspent credits expire. Pay-As-You-Go has no commitment but higher unit rates. Subscription is fixed capacity. The correct optimization depends on the model in use.
51
+ - FUE is the primary SAP on-premise and RISE license metric. Named User licenses in SAP are counted as FUEs. The FUE value of each named user type (Professional, Limited, Self-Service) differs. Incorrect type assignments are the most common source of license audit exposure.
52
+ - Digital access licenses cover machine-to-machine document creation. Third-party systems that create SAP documents (orders, invoices, goods receipts) via integration may require digital access licenses. This is a common source of indirect access audit findings.
53
+ - Cost allocation requires metered consumption data. Cost allocation recommendations require BTP service consumption data at subaccount or project level. Without this data, cost allocation assessments are advisory only.
54
+ - Commitment optimization follows a forecast-to-actuals comparison. CPEA credit optimization requires comparing forecasted consumption against actual burn rate and identifying services where consumption is consistently under or over the forecast.
55
+ - Do not recommend license type downgrades without confirming the functional scope the user actually uses. A Limited User license that is performing Professional User functions is a compliance exposure, not a cost optimization opportunity.
56
+ - Evidence from user-provided consumption data or official SAP licensing and BTP commercial model documentation takes precedence over inference.
57
+ - Load only the reference needed for the license or cost domain under review.
58
+
59
+ ## Evidence rules
60
+
61
+ Label all claims with one of:
62
+
63
+ - `documentation-based` — grounded in SAP BTP commercial model documentation, SAP licensing guidelines, SAP product-specific supplement documents, or SAP price list definitions
64
+ - `user-provided evidence` — license entitlement reports, BTP consumption exports, SAP for Me data, cost allocation summaries, or commercial model descriptions provided by the user
65
+ - `inference` — derived reasoning not directly confirmed by official SAP documentation or user-provided evidence
66
+
67
+ ## Live-environment rules
68
+
69
+ **This skill does not touch live systems.** There is no API call, SAP for Me portal access, License Administration Workbench connection, BTP cockpit session, or any live measurement tool access in this skill's execution path. Users must supply license entitlement reports, BTP consumption data exports, commercial model summaries, or written descriptions of their SAP licensing and BTP consumption posture for this skill to review.
70
+
71
+ ## References
72
+
73
+ Load only when needed:
74
+
75
+ - [Workflow and output contract](references/workflow-and-output.md) — license and consumption category taxonomy, FinOps finding severity, optimization path decision criteria, output format.
76
+ - [Safety checklist](references/safety-checklist.md) — non-negotiables, common licensing misclassification mistakes, when to push back.
77
+ - [Official sources](references/official-sources.md) — SAP BTP commercial model documentation, CPEA pricing, FUE and digital access licensing guidelines, SAP pricing and licensing resources.
78
+
79
+ ## Response minimum
80
+
81
+ Return, at minimum:
82
+
83
+ - **Problem classification**: license or cost domain(s) affected (FUE and named user licensing / digital access / BTP CPEA consumption / BTP service cost drivers / cost allocation / commercial model fit / True-Up and audit readiness) and specific finding(s).
84
+ - **Evidence used**: documentation-based / user-provided evidence / inference.
85
+ - **Risk level**: critical (active overage creating immediate audit or compliance exposure) / high (material underutilization of paid commitment or incorrectly classified license type with audit risk) / medium (cost allocation gap or commercial model mismatch with optimization opportunity) / low (best practice deviation in license management process).
86
+ - **Recommended action**: specific FinOps optimization per finding (right-size license type, convert commercial model, reallocate CPEA credits, enable cost allocation tagging, reclassify digital access users, prepare True-Up evidence).
87
+ - **Refusal / escalation triggers**: if live SAP for Me data, LAW measurement output, or BTP cockpit consumption data is required to complete the assessment, state that clearly and request the user provide the relevant exports. If legal interpretation of license terms is required, escalate to SAP licensing counsel.
88
+ - **Business impact**: overage cost exposure, audit penalty risk, budget overrun risk, or opportunity cost from unused committed spend.
89
+ - **Next verification step**: validate license consumption findings against current SAP for Me entitlement data and BTP cockpit consumption reports before initiating True-Up or renegotiation.
@@ -0,0 +1,11 @@
1
+ interface:
2
+ display_name: "SAP License and BTP Consumption FinOps Review"
3
+ short_description: "Advisory FinOps review of SAP licensing and BTP consumption: entitlement vs consumption gaps, overage and underutilization, CPEA credit burn, FUE and digital access classification, cost allocation, and commitment optimization."
4
+ default_prompt: "Use $sap-license-btp-consumption-finops-review to assess the provided SAP licensing and BTP consumption posture. Classify each finding by domain (FUE and named user licensing, digital access, BTP CPEA consumption, BTP service cost drivers, cost allocation, commercial model fit, True-Up and audit readiness), assign a risk level (critical/high/medium/low), and recommend specific FinOps optimization actions. State evidence level for each finding and escalate to SAP licensing counsel when contract interpretation is required."
5
+ dependencies:
6
+ tools:
7
+ - type: "web"
8
+ value: "https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-consumption-based-commercial-model"
9
+ description: "SAP BTP consumption-based commercial model documentation — primary reference for CPEA, Pay-As-You-Go, and subscription model mechanics and optimization levers"
10
+ policy:
11
+ allow_implicit_invocation: true
@@ -0,0 +1,32 @@
1
+ {
2
+ "id": "sap-license-btp-consumption-finops-review",
3
+ "name": "SAP License and BTP Consumption FinOps Review",
4
+ "type": "skill",
5
+ "provider": "sap",
6
+ "harnesses": [
7
+ "claude-code",
8
+ "codex",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Advisory FinOps review of SAP licensing and BTP consumption under CPEA and other commercial models: entitlement vs consumption, overage and underutilization, cost allocation, commitment optimization, FUE and digital access licensing, and BTP service cost drivers. Does not access live systems.",
15
+ "source_type": "original",
16
+ "category": "finops",
17
+ "official_docs": [
18
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-consumption-based-commercial-model",
19
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-platform-enterprise-agreement",
20
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/commercial-models",
21
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/monitor-usage-and-costs",
22
+ "https://support.sap.com/en/my-support/license-audit-and-compliance.html",
23
+ "https://www.sap.com/products/erp/s4hana/digital-access.html",
24
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/managing-entitlements-and-quotas-using-the-cockpit"
25
+ ],
26
+ "security_notes": "Does not access live SAP systems, SAP for Me, the License Administration Workbench, BTP cockpit usage data, or SAP Global License Audit and Compliance portals. Accepts only user-provided license entitlement reports, BTP consumption exports, commercial model summaries, or written descriptions of the SAP licensing posture. Never request or accept SAP contract portal credentials, customer-specific contract pricing, or confidential True-Up negotiation data. Cost and licensing findings are advisory only and do not constitute legal or contractual advice — SAP licensing counsel must be engaged for binding interpretation of license terms.",
27
+ "last_verified": "2026-06-19",
28
+ "path": "skills/sap/sap-license-btp-consumption-finops-review",
29
+ "author": "github: Raishin",
30
+ "version": "0.1.0",
31
+ "lifecycle": "experimental"
32
+ }
@@ -0,0 +1,71 @@
1
+ # Official sources — SAP License and BTP Consumption FinOps Review
2
+
3
+ Use this reference when grounding license category classification, BTP commercial model assessment, consumption optimization guidance, FUE and digital access licensing evaluation, and cost allocation best practices.
4
+
5
+ **Evidence level**: documentation-based (SAP BTP Help Portal, SAP Support Portal, SAP product documentation). No live-system evidence is collected by this skill.
6
+
7
+ ## BTP commercial models
8
+
9
+ - What Is the Consumption-Based Commercial Model
10
+ https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-consumption-based-commercial-model
11
+ source_owner: SAP SE
12
+ topic_supported: Overview of BTP consumption-based commercial model, differences between CPEA, Pay-As-You-Go, and subscription options, credit unit mechanics
13
+ why_needed: Primary reference for understanding the BTP commercial model landscape — required to classify the user's commercial model before assessing optimization levers
14
+ evidence_level: primary
15
+ last_verified: 2026-06-19
16
+
17
+ - Cloud Platform Enterprise Agreement (CPEA)
18
+ https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-platform-enterprise-agreement
19
+ source_owner: SAP SE
20
+ topic_supported: CPEA credit model, credit consumption mechanics, service pricing under CPEA, credit expiry, CPEA entitlement management, forecasting and budget controls
21
+ why_needed: Canonical reference for CPEA credit optimization — defines how credits are consumed, how services are priced against credits, and how unused credits expire; required for all CPEA FinOps assessments
22
+ evidence_level: primary
23
+ last_verified: 2026-06-19
24
+
25
+ - BTP Commercial Models Overview
26
+ https://help.sap.com/docs/btp/sap-business-technology-platform/commercial-models
27
+ source_owner: SAP SE
28
+ topic_supported: Comparison of BTP commercial models (CPEA, subscription, Pay-As-You-Go), service eligibility per model, switching between models, model selection criteria
29
+ why_needed: Required to assess commercial model fit — determines whether the user's consumption pattern is better served by CPEA, subscription, or Pay-As-You-Go and identifies mismatches that drive unnecessary spend
30
+ evidence_level: primary
31
+ last_verified: 2026-06-19
32
+
33
+ ## BTP consumption monitoring and cost management
34
+
35
+ - Monitor Usage and Costs
36
+ https://help.sap.com/docs/btp/sap-business-technology-platform/monitor-usage-and-costs
37
+ source_owner: SAP SE
38
+ topic_supported: BTP cockpit usage and cost monitoring, consumption reports, cost center allocation, budget alerts, subaccount-level cost visibility
39
+ why_needed: Defines the SAP-native cost monitoring capabilities — required to assess whether the user has adequate visibility into BTP consumption and cost allocation, and to identify gaps in cost observability
40
+ evidence_level: primary
41
+ last_verified: 2026-06-19
42
+
43
+ - Managing Entitlements and Quotas Using the Cockpit
44
+ https://help.sap.com/docs/btp/sap-business-technology-platform/managing-entitlements-and-quotas-using-the-cockpit
45
+ source_owner: SAP SE
46
+ topic_supported: BTP entitlement assignment and quota management, service plan entitlements, directory and subaccount quota distribution
47
+ why_needed: Required to assess whether entitlement assignments align with actual consumption — the basis for identifying underutilization and quota right-sizing opportunities
48
+ evidence_level: primary
49
+ last_verified: 2026-06-19
50
+
51
+ ## SAP licensing and digital access
52
+
53
+ - SAP License Audit and Compliance
54
+ https://support.sap.com/en/my-support/license-audit-and-compliance.html
55
+ source_owner: SAP SE
56
+ topic_supported: SAP True-Up process, License Administration Workbench (LAW), license measurement methodology, audit preparation, indirect and digital access measurement
57
+ why_needed: Primary reference for understanding SAP's license audit and True-Up methodology — required for audit readiness assessment and for interpreting LAW measurement output
58
+ evidence_level: primary
59
+ last_verified: 2026-06-19
60
+
61
+ - SAP Digital Access
62
+ https://www.sap.com/products/erp/s4hana/digital-access.html
63
+ source_owner: SAP SE
64
+ topic_supported: Digital access licensing model, document-based pricing, which third-party integration scenarios require digital access licenses, digital access adoption program
65
+ why_needed: Primary reference for digital access licensing — defines which integration scenarios create digital access license obligations and how document counts are measured; required for indirect access risk assessment
66
+ evidence_level: primary
67
+ last_verified: 2026-06-19
68
+
69
+ ## Grounding rule
70
+
71
+ SAP BTP commercial model documentation and SAP licensing guidance describe the designed commercial and measurement frameworks. They do not prove what licenses or BTP entitlements the user holds, what their actual consumption is, or how SAP would measure their system in a True-Up. Users must supply entitlement reports, BTP consumption exports, SAP for Me data, or LAW measurement output for concrete FinOps assessment. This skill does not provide legal advice on license contract terms.
@@ -0,0 +1,36 @@
1
+ # Safety checklist — SAP License and BTP Consumption FinOps Review
2
+
3
+ Use before making any licensing or FinOps recommendation, especially for findings that affect True-Up exposure, digital access obligations, CPEA credit commitments, or license type reclassification.
4
+
5
+ ## Non-negotiables
6
+
7
+ - Do not access, connect to, or request access to any live SAP system, SAP for Me portal, License Administration Workbench, BTP cockpit usage data, or SAP Global License Audit and Compliance team portal. This skill reviews artifacts only.
8
+ - Do not accept or request SAP contract portal credentials, customer-specific contract pricing, True-Up settlement amounts, or confidential commercial negotiation positions.
9
+ - Do not provide legal advice on SAP license contract terms. This skill provides advisory risk classification. SAP licensing counsel must be engaged for binding contract interpretation.
10
+ - Do not recommend license type downgrades without confirming which SAP functional scope the user actually exercises. A user performing Professional User functions on a Limited User license is a compliance exposure, not a cost optimization.
11
+ - Do not assert a definitive True-Up cost without the user's actual LAW measurement output and current contract pricing. Provide estimates only and label them as estimates.
12
+ - Do not conflate BTP service entitlement with BTP service consumption. An entitlement to use a BTP service does not mean the service is consuming credits or generating cost — only active provisioned instances and consumed service units generate charges.
13
+ - Do not recommend canceling or reducing a CPEA commitment without first confirming the commitment term and early termination clauses in the user's contract. CPEA commitments are typically non-cancellable within the term.
14
+
15
+ ## What people get wrong
16
+
17
+ - **Treating all inactive users as safe to deprovision for license savings**: Deprovisioning named users reduces future measurement exposure, but does not retroactively reduce an already-measured True-Up obligation. Confirm the measurement date before treating deprovisioning as a retroactive cost saving.
18
+ - **Assuming CPEA credits cover all BTP services**: Not all BTP services are available under CPEA. Some services are subscription-only or available on Pay-As-You-Go only. Check service eligibility before assuming a service can be covered by CPEA credits.
19
+ - **Treating credit expiry as a fixed date**: CPEA credit validity depends on the contract start date and the credit tranche. Different credit tranches within the same CPEA contract may have different expiry dates. Confirm the expiry schedule per tranche from the user's order form.
20
+ - **Ignoring the Digital Access Adoption Program**: SAP offered a structured transition to digital access licensing under the Digital Access Adoption Program. Customers who have not activated this program may be measured under indirect access terms that are significantly more expensive. Flag this as a `high` finding if the user's system has significant third-party integrations.
21
+ - **Assuming BTP subaccount equals a cost center**: BTP subaccounts can be used to isolate cost allocation, but they are not automatically mapped to cost centers. Cost allocation requires deliberate tagging and reporting configuration in the BTP cockpit.
22
+ - **Treating LAW measurement as a one-time exercise**: SAP license audit readiness requires that LAW measurement be run and evidence be retained for each measurement period specified in the contract. Measurement that is run once and not maintained is not audit-ready.
23
+ - **Confusing BTP service plan tiers**: Many BTP services have multiple service plans (e.g., free, standard, premium). The free tier is limited in capacity and often not suitable for production. Recommending a free plan for a production use case creates a reliability risk that outweighs the cost saving.
24
+
25
+ ## When to push back
26
+
27
+ - Push back when the user asks to assess True-Up exposure without providing LAW measurement output or the entitlement quantities in their contract. Exposure cannot be quantified without both sides of the measurement.
28
+ - Push back when the user asks for a definitive CPEA credit optimization plan without providing the credit expiry schedule, current burn rate, and service consumption by service. Optimization without this data is inference.
29
+ - Push back when a request requires live BTP cockpit data or SAP for Me entitlement data — state that the assessment cannot be completed without the relevant exports and ask the user to provide them.
30
+ - Push back when the user asks for SAP license contract interpretation or True-Up settlement advice. Risk classification is in scope; legal and commercial counsel is required for those activities.
31
+
32
+ ## Evidence labels
33
+
34
+ - `documentation-based` — grounded in SAP BTP commercial model documentation, SAP licensing guidelines, SAP digital access documentation, or SAP Support Portal license audit resources
35
+ - `user-provided evidence` — license entitlement reports, BTP consumption exports, SAP for Me data, LAW measurement output, or commercial model summaries provided by the user
36
+ - `inference` — derived reasoning not directly confirmed by official SAP documentation or user-provided evidence; must always be labeled as such
@@ -0,0 +1,69 @@
1
+ # Workflow and output contract — SAP License and BTP Consumption FinOps Review
2
+
3
+ Use this reference for license and consumption category classification, FinOps finding severity, optimization path decision criteria, and output formatting.
4
+
5
+ ## License and cost domain taxonomy
6
+
7
+ | Domain | Scope | Typical FinOps findings |
8
+ |--------|-------|------------------------|
9
+ | `fue-and-named-user` | Full Use Equivalent (FUE) counting, named user type classification (Professional, Limited, Self-Service), indirect named user usage | Users classified as Limited performing Professional-scope functions, more named users provisioned than active, FUE count exceeds entitlement creating True-Up exposure |
10
+ | `digital-access` | Digital access licensing for third-party integrations, document-type counts (orders, invoices, goods receipts), Digital Access Adoption Program participation | Third-party system creating SAP documents without a digital access license, incorrect document type count, Digital Access Adoption Program not activated to avoid per-document pricing |
11
+ | `btp-cpea-consumption` | CPEA credit burn rate vs forecast, credit expiry risk, service-level credit consumption patterns, CPEA vs subscription vs Pay-As-You-Go fit | Credits expiring unused, consumption consistently above forecast triggering overage charges, services priced at Pay-As-You-Go rates when CPEA credit consumption would be cheaper |
12
+ | `btp-service-cost-drivers` | Individual BTP service consumption by volume, identification of highest-cost services relative to business value, service plan selection | Expensive service plan selected when a lower plan meets the requirement, test and development services running at production scale, unused service instances accumulating charges |
13
+ | `cost-allocation` | BTP subaccount and service cost tagging, cost center allocation, chargeback and showback model, budget visibility | No subaccount-level cost attribution, business units consuming BTP resources with no cost visibility, no budget alert thresholds configured |
14
+ | `commercial-model-fit` | Match between consumption pattern and commercial model (CPEA vs subscription vs Pay-As-You-Go), volume commitment adequacy | Steady-state consumption at scale under Pay-As-You-Go (CPEA commitment would be more cost-effective), CPEA commitment too large for actual consumption pattern |
15
+ | `true-up-and-audit-readiness` | True-Up preparation, SAP audit readiness, LAW measurement output review, evidence preparation | LAW measurement not run within the required measurement period, measurement excludes relevant system types, no documented process for managing True-Up evidence |
16
+
17
+ ## FinOps finding severity classification
18
+
19
+ | Risk level | Criteria |
20
+ |-----------|---------|
21
+ | `critical` | Active overage that is creating immediate audit exposure or unexpected commercial liability (e.g., measured user count already above entitlement between True-Up periods, digital access documents being created without a license) |
22
+ | `high` | Material underutilization of paid commitment (CPEA credits consistently under-consumed and at expiry risk, large license block with low active user count), or incorrectly classified license type that would be found in a True-Up |
23
+ | `medium` | Cost allocation gap (no subaccount-level cost visibility, no chargeback model), commercial model mismatch with a clear optimization opportunity that requires a contract event to act on |
24
+ | `low` | Best practice deviation in license management process (LAW measurement run but not reviewed, CPEA consumption not monitored monthly, no budget alert thresholds configured) |
25
+
26
+ ## Optimization path decision criteria
27
+
28
+ For each finding, apply:
29
+
30
+ 1. **Is there an active overage or audit exposure?**
31
+ - Yes → `critical`. Quantify the exposure. Identify the remediation path (license purchase, user deprovisioning, digital access license activation). Do not defer.
32
+ - No → continue.
33
+
34
+ 2. **Is entitlement significantly larger than consumption with committed spend expiring?**
35
+ - Yes → `high`. Identify the underutilized block. Recommend right-sizing at next contract event, reallocation to other use cases, or model conversion.
36
+ - No → continue.
37
+
38
+ 3. **Is the commercial model mismatched to the consumption pattern?**
39
+ - Yes → `medium`. Model the cost difference between current model and optimal model. Flag as a renegotiation opportunity at the next contract event.
40
+ - No → continue.
41
+
42
+ 4. **Is there a cost visibility or allocation gap?**
43
+ - Yes → `medium`. Recommend enabling BTP cost monitoring, subaccount cost tagging, and budget alerts. No contract action required — this is an operational improvement.
44
+ - No → continue.
45
+
46
+ 5. **Is this a process or governance deviation with no immediate cost impact?**
47
+ - Yes → `low`. Provide guidance for alignment; do not block current operations.
48
+
49
+ ## Workflow
50
+
51
+ 1. **Receive artifacts** — license entitlement reports, BTP consumption exports, SAP for Me data, LAW output, commercial model summaries, or written descriptions of the licensing and BTP consumption posture.
52
+ 2. **Classify each finding** by domain.
53
+ 3. **Apply optimization path decision criteria** per finding.
54
+ 4. **Assign risk level** (critical / high / medium / low).
55
+ 5. **Quantify impact where evidence permits** — estimated overage cost, credit expiry value, or cost savings opportunity.
56
+ 6. **Prioritize** — critical overage and audit exposure first; then high underutilization and misclassification; then medium commercial model and cost allocation gaps; then low process improvements.
57
+ 7. **Return output** per the output contract below.
58
+
59
+ ## Output contract
60
+
61
+ Return:
62
+
63
+ 1. Domain and specific finding
64
+ 2. Evidence label (documentation-based / user-provided evidence / inference)
65
+ 3. Risk level per finding (critical / high / medium / low)
66
+ 4. Quantified impact estimate (where evidence permits; label as estimate)
67
+ 5. Recommended action (license reclass, True-Up evidence preparation, CPEA reallocation, model conversion, cost tag enablement)
68
+ 6. Contract event required (yes / no / at renewal) — whether the optimization requires a contract action or can be done operationally
69
+ 7. Escalation trigger if live SAP for Me data, LAW output, or legal contract interpretation is required
@@ -0,0 +1,142 @@
1
+ ---
2
+ name: sap-live-readonly-identity-trust-discovery
3
+ description: Inspect SAP Cloud Identity Services (IAS/IPS), BTP trust and federation configuration, XSUAA role collections, and identity provider settings using read-only list, get, describe, and export operations only. Use when read-only discovery of IAS application assignments, IPS connector configuration, XSUAA role collection assignments, corporate identity provider federation, or BTP trust configurations is needed as evidence for advisory, audit, or compliance purposes. Requires pre-authorized read-only credentials. Never creates, updates, deletes, assigns, rotates, modifies trust, or triggers any mutation.
4
+ allowed-tools: Read Grep Glob WebSearch WebFetch Bash
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-06-19"
9
+ category: security
10
+ lifecycle: experimental
11
+ execution_tier: read-only-runtime
12
+ ---
13
+
14
+ # SAP Live Read-Only Identity and Trust Discovery
15
+
16
+ ## Purpose
17
+
18
+ Enumerate SAP Cloud Identity Services (IAS and IPS), BTP trust and federation configuration, XSUAA role collections, and identity provider settings using strictly read-only operations to produce structured evidence for advisory, audit, compliance, or security review purposes. Every action taken by this skill must appear on the allowed-actions list below. This skill never changes state, never modifies trust configuration, and never assigns or revokes any identity or role.
19
+
20
+ ## When to use
21
+
22
+ Use this skill when the user needs to:
23
+
24
+ - list IAS applications and their assigned identity providers, risk-based authentication policies, and MFA enforcement settings,
25
+ - enumerate IPS connectors (source and target systems), transformation scripts, and provisioning job history in read-only mode,
26
+ - list and describe XSUAA role collections, their role template assignments, and user or group assignments within a BTP subaccount,
27
+ - export BTP trust configurations (trusted identity providers, federation attributes, principal propagation settings) as structured audit evidence,
28
+ - enumerate corporate identity provider federation settings in IAS: SAML 2.0 or OIDC trust metadata, allowed redirect URIs, and attribute mapping,
29
+ - gather identity and trust facts needed as input to `sap-security-iam-grc-sod-review` or as evidence for a compliance audit,
30
+ - confirm read-only identity posture for zero-trust assessment without modifying any identity object.
31
+
32
+ ## When not to use
33
+
34
+ - When any creation, update, deletion, assignment, rotation, trust modification, or trigger is needed — use the appropriate mutating skill or escalate to an authorized administrator.
35
+ - When no live access has been authorized by the user — operate in advisory mode only and state that no live evidence was gathered.
36
+ - When the user has not confirmed credential scope is read-only — refuse until confirmed.
37
+ - When the request is about GRC Access Control ruleset review or SoD conflict classification without live enumeration — use `sap-security-iam-grc-sod-review`.
38
+
39
+ ## Lean operating rules
40
+
41
+ - Read-only absolute. Every CLI invocation or API call must be on the allowed-actions list. Do not construct commands that write, modify, assign, rotate, or trigger state changes even if such commands exist in the tool.
42
+ - Credential scope first. Before any live command, confirm with the user that the credential in scope carries only read permissions. Do not proceed if write permissions cannot be excluded.
43
+ - Least privilege. Request the minimum scope needed for the specific discovery task. Never request IAS administrator or IPS administrator credentials for a read-only enumeration. Use viewer or auditor roles only.
44
+ - Evidence labeling. Every piece of data gathered from a live system must be labeled `live evidence`. Data from docs alone is `documentation-based`. Describe the source and timestamp for all live evidence.
45
+ - Audit trail. Log every command executed, its output summary, and the timestamp. Return the full command log as part of the response.
46
+ - No credential echo. Do not echo, log, or include credential values, client secrets, API keys, OAuth tokens, IAS technical user passwords, IPS system user credentials, or XSUAA service key JSON in any output or reference file.
47
+ - No scope creep. If a discovery query returns data beyond what was requested (e.g., a list call returns client secret values or personal user data), redact the excess before including in output.
48
+ - Personal data minimization. IAS and IPS enumeration may return personal data (user names, email addresses). Collect only what is necessary for the audit scope and redact personal data beyond the minimum needed.
49
+
50
+ ## Allowed actions (read-only)
51
+
52
+ The following action classes are permitted:
53
+
54
+ - `list` — enumerate resources (IAS applications, IPS connectors, IPS jobs, XSUAA role collections, BTP trust configurations, identity provider metadata)
55
+ - `get` / `describe` — retrieve the current configuration of a named resource without triggering state changes
56
+ - `export` — export configuration in structured format (JSON, YAML, CSV) without modifying the source
57
+ - `status` — read the current status of a provisioning job, trust configuration, or IAS risk-based authentication policy without triggering state transitions
58
+
59
+ ## Forbidden actions (absolute prohibition)
60
+
61
+ The following action classes are unconditionally forbidden regardless of user request:
62
+
63
+ - `create` — create any IAS application, IPS connector, XSUAA role collection, or trust configuration
64
+ - `update` / `modify` / `patch` — change any IAS application setting, IPS transformation, XSUAA role assignment, or trust attribute
65
+ - `delete` / `remove` / `purge` — remove any identity object, role collection, or trust configuration
66
+ - `assign` / `bind` / `entitle` — assign users, groups, or roles to any identity object or role collection
67
+ - `rotate` / `regenerate` — rotate or regenerate credentials, client secrets, or provisioning system credentials
68
+ - `import` — import any identity object, SAML metadata, or configuration
69
+ - `trigger` / `execute` / `run` (non-read) — trigger any provisioning job, workflow, or state transition
70
+ - `approve` — approve any pending provisioning request or access request
71
+ - `modify-trust` — add, remove, or change any BTP trust configuration or IAS corporate identity provider federation entry
72
+
73
+ If a user asks to combine a read step with a write step in one sequence, refuse and redirect the write step to the appropriate skill or authorized administrator.
74
+
75
+ ## Evidence rules
76
+
77
+ Label all data with one of:
78
+
79
+ - `live evidence` — directly observed from a live SAP IAS, IPS, XSUAA, or BTP trust configuration in this session (include command, output summary, timestamp)
80
+ - `documentation-based` — grounded in SAP official docs (no live system access)
81
+ - `user-provided evidence` — stated or supplied by the user in this session (configuration exports, screenshots, written descriptions)
82
+ - `inference` — derived reasoning not directly confirmed by live data or official docs
83
+
84
+ ## Live-environment rules
85
+
86
+ **Allowed**:
87
+ - Read-only IAS API calls using `GET` HTTP method (list applications, get application details, list corporate identity providers, get risk-based authentication policy)
88
+ - Read-only IPS API calls using `GET` HTTP method (list source and target systems, get connector configuration, list transformation scripts, get provisioning job history)
89
+ - Read-only BTP CLI commands for trust enumeration (`btp list security/trust`, `btp get security/trust`)
90
+ - Read-only XSUAA service API calls using `GET` HTTP method (list role collections, get role collection details, list role templates, list scopes)
91
+ - Read-only BTP CLI commands for role collection enumeration (`btp list security/role-collection`, `btp get security/role-collection`)
92
+
93
+ **Forbidden**:
94
+ - Any API call using `POST`, `PUT`, `PATCH`, or `DELETE` HTTP methods against IAS, IPS, XSUAA, or BTP trust endpoints
95
+ - Any CLI command with a write, delete, create, deploy, assign, rotate, import, trigger, or modify-trust verb
96
+ - Any IPS provisioning job trigger via API or UI action
97
+ - Any IAS configuration change (application settings, risk-based authentication policy, MFA enforcement, corporate identity provider federation)
98
+ - Any XSUAA role collection creation, modification, or assignment
99
+
100
+ **Least-privilege credential rules**:
101
+ - IAS API: use an IAS administrator account scoped to read-only operations, or use a service user with `Manage Applications` set to read-only; never use a full IAS tenant administrator for enumeration
102
+ - IPS API: use an IPS administrator account with read-only access to connector configuration and job history; never use credentials with provisioning job execution rights
103
+ - XSUAA / BTP CLI: use a subaccount viewer or security auditor role only; never use a subaccount administrator or security administrator for discovery
104
+ - BTP trust endpoints: use Global Account Viewer or Subaccount Viewer role; never use Global Account Administrator
105
+
106
+ **Approval gate**:
107
+ Before executing any live command, confirm:
108
+ 1. The user has authorized live read-only access for this session.
109
+ 2. The credential in scope is confirmed read-only (viewer, auditor, or read-only API user role or equivalent).
110
+ 3. The target system and scope are explicitly identified by the user (IAS tenant ID, IPS tenant, BTP subaccount ID, XSUAA service instance).
111
+
112
+ **Rollback**: This skill makes no changes; rollback is not applicable. However, if a command unexpectedly triggers a state change (e.g., an API bug or misconfigured tool), stop immediately and escalate to the user without continuing.
113
+
114
+ **Post-discovery**:
115
+ - Return a command log with all commands executed and a summary of evidence gathered.
116
+ - Redact all credential values, client secrets, passwords, personal user data beyond the minimum necessary, and sensitive tokens from output.
117
+ - Label all gathered data as `live evidence` with source command and timestamp.
118
+
119
+ **Audit evidence**:
120
+ - Every response that includes live evidence must include the full command log.
121
+ - Audit evidence format: `[COMMAND] [TIMESTAMP_UTC] [SYSTEM] [SUMMARY_OF_OUTPUT]`
122
+
123
+ ## References
124
+
125
+ Load only when needed:
126
+
127
+ - [Workflow and output contract](references/workflow-and-output.md) — discovery workflow, command patterns, output format.
128
+ - [Safety checklist](references/safety-checklist.md) — non-negotiables, forbidden action verification, credential rules.
129
+ - [Official sources](references/official-sources.md) — SAP IAS, IPS, XSUAA, BTP trust documentation.
130
+ - [Live environment access](references/live-environment-access.md) — credential setup, role requirements, audit log format, redaction rules.
131
+
132
+ ## Response minimum
133
+
134
+ Return, at minimum:
135
+
136
+ - **Problem classification**: what identity and trust data is needed and why.
137
+ - **Evidence used**: live evidence (with command log) / documentation-based / user-provided / inference.
138
+ - **Risk level**: none — this skill is read-only.
139
+ - **Recommended action**: which list/get/describe commands to run and in what order.
140
+ - **Refusal / escalation triggers**: refuse if any requested action is on the forbidden list; escalate to the appropriate skill or an authorized administrator.
141
+ - **Business impact**: what security posture decisions depend on this identity and trust data; what is the cost of incomplete discovery.
142
+ - **Next verification step**: confirm credential scope with the user before the first live command.
@@ -0,0 +1,14 @@
1
+ interface:
2
+ display_name: "SAP Live Read-Only Identity and Trust Discovery"
3
+ short_description: "Enumerate SAP IAS/IPS configuration, BTP trust settings, XSUAA role collections, and identity provider metadata using read-only list/get/describe/export operations — no state changes"
4
+ default_prompt: "Use $sap-live-readonly-identity-trust-discovery to enumerate SAP identity and trust configuration in read-only mode. Confirm credential scope is read-only (viewer/auditor/read-only API user) before the first live command. Use only list/get/describe/export operations. Log every command. Redact all credential values, client secrets, and personal user data from output. Refuse any create/update/delete/assign/rotate/import/trigger/modify-trust request."
5
+ dependencies:
6
+ tools:
7
+ - type: "cli"
8
+ value: "btp"
9
+ description: "SAP BTP CLI for read-only trust configuration, role collection, and subaccount security enumeration — must be authenticated with viewer or security auditor role credentials only"
10
+ - type: "api"
11
+ value: "https://api.sap.com/api/IAS_Application_Directory"
12
+ description: "SAP IAS API for read-only application and identity provider enumeration — GET operations only; never POST, PUT, PATCH, or DELETE"
13
+ policy:
14
+ allow_implicit_invocation: false
@@ -0,0 +1,34 @@
1
+ {
2
+ "id": "sap-live-readonly-identity-trust-discovery",
3
+ "name": "SAP Live Read-Only Identity and Trust Discovery",
4
+ "type": "skill",
5
+ "provider": "sap",
6
+ "harnesses": [
7
+ "claude-code",
8
+ "codex",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Enumerate SAP Cloud Identity Services (IAS/IPS) configuration, BTP trust and federation settings, XSUAA role collections, and identity provider metadata using read-only list/get/describe/export operations. Produces structured audit evidence. Never creates, updates, deletes, assigns, rotates, modifies trust, or triggers any mutation.",
15
+ "source_type": "original",
16
+ "category": "security",
17
+ "official_docs": [
18
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication",
19
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/configure-applications",
20
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-provisioning",
21
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/manage-provisioning-systems",
22
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-authorization-and-trust-management-service",
23
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers",
24
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/managing-role-collections",
25
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/application-security-descriptor-configuration-syntax"
26
+ ],
27
+ "security_notes": "Read-only enforced. Never request or accept write-capable credentials. Use IAS read-only API user, IPS read-only connector viewer, XSUAA subaccount viewer, or BTP security auditor roles only. Redact all credential values, client secrets, OAuth tokens, IAS technical user passwords, IPS system user credentials, and personal user data beyond the minimum necessary from output. Log every command executed. Refuse any request that maps to a create/update/delete/assign/rotate/import/trigger/modify-trust action. Personal data encountered during IAS or IPS enumeration must be minimized and redacted beyond audit necessity.",
28
+ "last_verified": "2026-06-19",
29
+ "path": "skills/sap/sap-live-readonly-identity-trust-discovery",
30
+ "author": "github: Raishin",
31
+ "version": "0.1.0",
32
+ "lifecycle": "experimental",
33
+ "execution_tier": "read-only-runtime"
34
+ }