@raishin/vanguard-frontier-agentic 2.11.0 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +2 -2
- package/.claude-plugin/plugin.json +41 -1
- package/.cursor-plugin/plugin.json +41 -1
- package/.github/plugin/marketplace.json +1 -1
- package/README.md +11 -11
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/metadata.json +46 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/metadata.json +40 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/AGENT.md +58 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/metadata.json +45 -0
- package/agents/sap/sap-audit-evidence-packager-agent/AGENT.md +58 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/copilot.agent.md +33 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/cursor.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/gemini.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-ide.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/metadata.json +45 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/metadata.json +44 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/codex.toml +42 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/metadata.json +42 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/metadata.json +45 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/AGENT.md +59 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/metadata.json +42 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/AGENT.md +60 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/claude-code.agent.md +39 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/metadata.json +45 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/AGENT.md +67 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/claude-code.agent.md +46 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/metadata.json +44 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/AGENT.md +58 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/metadata.json +45 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/AGENT.md +59 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/metadata.json +44 -0
- package/agents/sap/sap-finance-fico-controls-agent/AGENT.md +59 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/metadata.json +45 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/metadata.json +39 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/codex.toml +41 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/metadata.json +45 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/AGENT.md +58 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/metadata.json +43 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/AGENT.md +59 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/metadata.json +42 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/codex.toml +41 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/metadata.json +43 -0
- package/agents/sap/sap-joule-governance-adoption-agent/AGENT.md +59 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/metadata.json +42 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/AGENT.md +58 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/metadata.json +42 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/AGENT.md +60 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/metadata.json +39 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/AGENT.md +60 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/metadata.json +39 -0
- package/agents/sap/sap-maestro-agent/AGENT.md +60 -0
- package/agents/sap/sap-maestro-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/sap/sap-maestro-agent/harnesses/codex.toml +34 -0
- package/agents/sap/sap-maestro-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-maestro-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-maestro-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/metadata.json +39 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/metadata.json +44 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/AGENT.md +59 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/metadata.json +45 -0
- package/agents/sap/sap-order-to-cash-agent/AGENT.md +59 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/metadata.json +44 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/AGENT.md +59 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/metadata.json +44 -0
- package/agents/sap/sap-release-change-collision-agent/AGENT.md +59 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/metadata.json +42 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/AGENT.md +58 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/metadata.json +42 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/AGENT.md +73 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/claude-code.agent.md +54 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/codex.toml +43 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/copilot.agent.md +38 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/AGENT.md +62 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/claude-code.agent.md +41 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/metadata.json +44 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/AGENT.md +59 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/metadata.json +44 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/AGENT.md +59 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/metadata.json +44 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/metadata.json +42 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/AGENT.md +59 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/metadata.json +44 -0
- package/agents/sap/sap-testing-quality-gate-agent/AGENT.md +59 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/metadata.json +42 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/AGENT.md +58 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/metadata.json +42 -0
- package/agents/sap/sap-treasury-cash-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/metadata.json +44 -0
- package/catalog/agents.json +1323 -0
- package/catalog/asset-integrity.json +2283 -43
- package/catalog/install-roles.json +94 -0
- package/catalog/skill-manifest.json +1770 -3
- package/catalog/skills.json +1912 -1
- package/package.json +1 -1
- package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
- package/powers/README.md +3 -2
- package/powers/vanguard-sap/POWER.md +43 -0
- package/schemas/agent.schema.json +1 -0
- package/schemas/skill.schema.json +1 -0
- package/scripts/generate-docs-data.mjs +1 -1
- package/scripts/generate-kiro-powers.mjs +12 -0
- package/skills/claude/add-educational-comments/metadata.json +1 -1
- package/skills/sap/sap-abap-cloud-rap-review/SKILL.md +86 -0
- package/skills/sap/sap-abap-cloud-rap-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-abap-cloud-rap-review/metadata.json +34 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/context7-framework-docs.md +126 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/official-sources.md +95 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/workflow-and-output.md +76 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/SKILL.md +92 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/agents/openai.yaml +11 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/metadata.json +34 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/context7-framework-docs.md +107 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/official-sources.md +91 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/safety-checklist.md +39 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/workflow-and-output.md +75 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/SKILL.md +168 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/metadata.json +35 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/safety-checklist.md +38 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/workflow-and-output.md +89 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/SKILL.md +87 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/agents/openai.yaml +11 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/metadata.json +33 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/official-sources.md +89 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/safety-checklist.md +35 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/workflow-and-output.md +70 -0
- package/skills/sap/sap-audit-evidence-packaging/SKILL.md +92 -0
- package/skills/sap/sap-audit-evidence-packaging/agents/openai.yaml +11 -0
- package/skills/sap/sap-audit-evidence-packaging/metadata.json +33 -0
- package/skills/sap/sap-audit-evidence-packaging/references/official-sources.md +92 -0
- package/skills/sap/sap-audit-evidence-packaging/references/safety-checklist.md +38 -0
- package/skills/sap/sap-audit-evidence-packaging/references/workflow-and-output.md +129 -0
- package/skills/sap/sap-btp-governance-review/SKILL.md +84 -0
- package/skills/sap/sap-btp-governance-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-btp-governance-review/metadata.json +34 -0
- package/skills/sap/sap-btp-governance-review/references/official-sources.md +91 -0
- package/skills/sap/sap-btp-governance-review/references/safety-checklist.md +35 -0
- package/skills/sap/sap-btp-governance-review/references/workflow-and-output.md +66 -0
- package/skills/sap/sap-cap-architecture-review/SKILL.md +86 -0
- package/skills/sap/sap-cap-architecture-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-cap-architecture-review/metadata.json +34 -0
- package/skills/sap/sap-cap-architecture-review/references/context7-framework-docs.md +89 -0
- package/skills/sap/sap-cap-architecture-review/references/official-sources.md +93 -0
- package/skills/sap/sap-cap-architecture-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-cap-architecture-review/references/workflow-and-output.md +74 -0
- package/skills/sap/sap-clean-core-debt-review/SKILL.md +84 -0
- package/skills/sap/sap-clean-core-debt-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-clean-core-debt-review/metadata.json +33 -0
- package/skills/sap/sap-clean-core-debt-review/references/context7-framework-docs.md +56 -0
- package/skills/sap/sap-clean-core-debt-review/references/official-sources.md +75 -0
- package/skills/sap/sap-clean-core-debt-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-clean-core-debt-review/references/workflow-and-output.md +62 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/SKILL.md +83 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/metadata.json +33 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/official-sources.md +89 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/workflow-and-output.md +88 -0
- package/skills/sap/sap-custom-code-remediation-review/SKILL.md +83 -0
- package/skills/sap/sap-custom-code-remediation-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-custom-code-remediation-review/metadata.json +33 -0
- package/skills/sap/sap-custom-code-remediation-review/references/official-sources.md +85 -0
- package/skills/sap/sap-custom-code-remediation-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-custom-code-remediation-review/references/workflow-and-output.md +83 -0
- package/skills/sap/sap-data-migration-cutover-readiness/SKILL.md +90 -0
- package/skills/sap/sap-data-migration-cutover-readiness/agents/openai.yaml +14 -0
- package/skills/sap/sap-data-migration-cutover-readiness/metadata.json +32 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/official-sources.md +73 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/safety-checklist.md +51 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/workflow-and-output.md +85 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/SKILL.md +162 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/metadata.json +34 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/official-sources.md +93 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/safety-checklist.md +39 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/workflow-and-output.md +78 -0
- package/skills/sap/sap-datasphere-data-product-architecture/SKILL.md +86 -0
- package/skills/sap/sap-datasphere-data-product-architecture/agents/openai.yaml +11 -0
- package/skills/sap/sap-datasphere-data-product-architecture/metadata.json +33 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/official-sources.md +85 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/safety-checklist.md +35 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/workflow-and-output.md +70 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/SKILL.md +90 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/metadata.json +32 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/official-sources.md +79 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-finance-fico-controls-review/SKILL.md +91 -0
- package/skills/sap/sap-finance-fico-controls-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-finance-fico-controls-review/metadata.json +33 -0
- package/skills/sap/sap-finance-fico-controls-review/references/official-sources.md +89 -0
- package/skills/sap/sap-finance-fico-controls-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-finance-fico-controls-review/references/workflow-and-output.md +88 -0
- package/skills/sap/sap-fiori-ui5-ux-review/SKILL.md +87 -0
- package/skills/sap/sap-fiori-ui5-ux-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-fiori-ui5-ux-review/metadata.json +33 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/context7-framework-docs.md +128 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/official-sources.md +95 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/workflow-and-output.md +96 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/SKILL.md +156 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/metadata.json +33 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/live-environment-access.md +93 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/official-sources.md +75 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/safety-checklist.md +57 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/workflow-and-output.md +132 -0
- package/skills/sap/sap-guarded-integration-flow-change/SKILL.md +151 -0
- package/skills/sap/sap-guarded-integration-flow-change/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-integration-flow-change/metadata.json +33 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/live-environment-access.md +80 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/official-sources.md +73 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/safety-checklist.md +56 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/workflow-and-output.md +122 -0
- package/skills/sap/sap-guarded-role-assignment/SKILL.md +159 -0
- package/skills/sap/sap-guarded-role-assignment/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-role-assignment/metadata.json +33 -0
- package/skills/sap/sap-guarded-role-assignment/references/live-environment-access.md +93 -0
- package/skills/sap/sap-guarded-role-assignment/references/official-sources.md +73 -0
- package/skills/sap/sap-guarded-role-assignment/references/safety-checklist.md +57 -0
- package/skills/sap/sap-guarded-role-assignment/references/workflow-and-output.md +133 -0
- package/skills/sap/sap-guarded-transport-import/SKILL.md +144 -0
- package/skills/sap/sap-guarded-transport-import/agents/openai.yaml +14 -0
- package/skills/sap/sap-guarded-transport-import/metadata.json +34 -0
- package/skills/sap/sap-guarded-transport-import/references/live-environment-access.md +81 -0
- package/skills/sap/sap-guarded-transport-import/references/official-sources.md +79 -0
- package/skills/sap/sap-guarded-transport-import/references/safety-checklist.md +52 -0
- package/skills/sap/sap-guarded-transport-import/references/workflow-and-output.md +93 -0
- package/skills/sap/sap-hana-cloud-performance-cost/SKILL.md +87 -0
- package/skills/sap/sap-hana-cloud-performance-cost/agents/openai.yaml +11 -0
- package/skills/sap/sap-hana-cloud-performance-cost/metadata.json +33 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/context7-framework-docs.md +94 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/official-sources.md +83 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/safety-checklist.md +36 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/workflow-and-output.md +68 -0
- package/skills/sap/sap-hypercare-incident-commander-review/SKILL.md +93 -0
- package/skills/sap/sap-hypercare-incident-commander-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-hypercare-incident-commander-review/metadata.json +31 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/official-sources.md +63 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/safety-checklist.md +55 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/SKILL.md +162 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/metadata.json +35 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/safety-checklist.md +36 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/workflow-and-output.md +76 -0
- package/skills/sap/sap-integration-suite-review/SKILL.md +87 -0
- package/skills/sap/sap-integration-suite-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-integration-suite-review/metadata.json +33 -0
- package/skills/sap/sap-integration-suite-review/references/context7-framework-docs.md +76 -0
- package/skills/sap/sap-integration-suite-review/references/official-sources.md +79 -0
- package/skills/sap/sap-integration-suite-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-integration-suite-review/references/workflow-and-output.md +78 -0
- package/skills/sap/sap-joule-governance-adoption-review/SKILL.md +83 -0
- package/skills/sap/sap-joule-governance-adoption-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-joule-governance-adoption-review/metadata.json +33 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/official-sources.md +83 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/workflow-and-output.md +81 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/SKILL.md +89 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/metadata.json +32 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/official-sources.md +71 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/workflow-and-output.md +69 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/SKILL.md +142 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/agents/openai.yaml +14 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/metadata.json +34 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/live-environment-access.md +151 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/official-sources.md +83 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/safety-checklist.md +49 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/workflow-and-output.md +103 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/SKILL.md +135 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/agents/openai.yaml +14 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/metadata.json +34 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/live-environment-access.md +111 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/official-sources.md +83 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/safety-checklist.md +45 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/workflow-and-output.md +102 -0
- package/skills/sap/sap-maestro/SKILL.md +81 -0
- package/skills/sap/sap-maestro/agents/openai.yaml +11 -0
- package/skills/sap/sap-maestro/metadata.json +32 -0
- package/skills/sap/sap-maestro/references/official-sources.md +53 -0
- package/skills/sap/sap-maestro/references/safety-checklist.md +39 -0
- package/skills/sap/sap-maestro/references/workflow-and-output.md +73 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/SKILL.md +89 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/metadata.json +32 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/official-sources.md +79 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-mdg-master-data-quality-review/SKILL.md +85 -0
- package/skills/sap/sap-mdg-master-data-quality-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-mdg-master-data-quality-review/metadata.json +33 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/official-sources.md +89 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-order-to-cash-review/SKILL.md +89 -0
- package/skills/sap/sap-order-to-cash-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-order-to-cash-review/metadata.json +32 -0
- package/skills/sap/sap-order-to-cash-review/references/official-sources.md +79 -0
- package/skills/sap/sap-order-to-cash-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-order-to-cash-review/references/workflow-and-output.md +87 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/SKILL.md +90 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/metadata.json +32 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/official-sources.md +79 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/workflow-and-output.md +87 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/SKILL.md +155 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/metadata.json +35 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/safety-checklist.md +36 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/workflow-and-output.md +62 -0
- package/skills/sap/sap-release-change-collision-review/SKILL.md +92 -0
- package/skills/sap/sap-release-change-collision-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-release-change-collision-review/metadata.json +31 -0
- package/skills/sap/sap-release-change-collision-review/references/official-sources.md +63 -0
- package/skills/sap/sap-release-change-collision-review/references/safety-checklist.md +51 -0
- package/skills/sap/sap-release-change-collision-review/references/workflow-and-output.md +85 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/SKILL.md +170 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/metadata.json +33 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/official-sources.md +89 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/safety-checklist.md +39 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/SKILL.md +88 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/metadata.json +32 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/official-sources.md +73 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/workflow-and-output.md +56 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/SKILL.md +84 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/metadata.json +32 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/official-sources.md +75 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/safety-checklist.md +40 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/workflow-and-output.md +67 -0
- package/skills/sap/sap-security-hr-legal-protocol/SKILL.md +149 -0
- package/skills/sap/sap-security-hr-legal-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-security-hr-legal-protocol/metadata.json +34 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/official-sources.md +89 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/safety-checklist.md +38 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/workflow-and-output.md +65 -0
- package/skills/sap/sap-security-iam-grc-sod-review/SKILL.md +86 -0
- package/skills/sap/sap-security-iam-grc-sod-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-security-iam-grc-sod-review/metadata.json +33 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/official-sources.md +83 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/workflow-and-output.md +79 -0
- package/skills/sap/sap-signavio-process-mining-value/SKILL.md +85 -0
- package/skills/sap/sap-signavio-process-mining-value/agents/openai.yaml +11 -0
- package/skills/sap/sap-signavio-process-mining-value/metadata.json +33 -0
- package/skills/sap/sap-signavio-process-mining-value/references/official-sources.md +89 -0
- package/skills/sap/sap-signavio-process-mining-value/references/safety-checklist.md +36 -0
- package/skills/sap/sap-signavio-process-mining-value/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/SKILL.md +92 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/metadata.json +33 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/official-sources.md +83 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/workflow-and-output.md +86 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/SKILL.md +90 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/metadata.json +32 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/official-sources.md +79 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/workflow-and-output.md +89 -0
- package/skills/sap/sap-testing-quality-gate-review/SKILL.md +92 -0
- package/skills/sap/sap-testing-quality-gate-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-testing-quality-gate-review/metadata.json +31 -0
- package/skills/sap/sap-testing-quality-gate-review/references/official-sources.md +65 -0
- package/skills/sap/sap-testing-quality-gate-review/references/safety-checklist.md +53 -0
- package/skills/sap/sap-testing-quality-gate-review/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/SKILL.md +87 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/metadata.json +32 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/official-sources.md +71 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/workflow-and-output.md +69 -0
- package/skills/sap/sap-treasury-cash-risk-review/SKILL.md +90 -0
- package/skills/sap/sap-treasury-cash-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-treasury-cash-risk-review/metadata.json +32 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/official-sources.md +79 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/workflow-and-output.md +89 -0
- package/tests/fixtures/sap-maestro-routing/expected/01-clean-core-debt.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/02-landscape-discovery.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/03-live-guard-transport.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/04-adversarial-injection.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/05-adversarial-persona.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/06-ambiguous.json +4 -0
- package/tests/fixtures/sap-maestro-routing/expected/07-secrets-bait.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/08-btp-governance.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/09-integration-suite.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/10-security-sod.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/11-cap-architecture.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/12-abap-cloud-rap.json +7 -0
- package/tests/fixtures/sap-maestro-routing/expected/13-ai-governance.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/14-datasphere.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/15-analytics-cloud.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/16-hana-cloud.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/17-s4hana-transformation.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/18-custom-code-remediation.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/19-data-migration-cutover.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/20-finance-fico.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/21-mdg-master-data.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/22-signavio.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/23-procurement-ariba.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/24-supply-chain-ibp.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/25-order-to-cash.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/26-treasury.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/27-ewm-tm.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/28-manufacturing.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/29-successfactors.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/30-joule.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/31-cloud-alm.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/32-transformation-portfolio.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/33-rise-sla.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/34-license-finops.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/35-testing-quality.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/36-release-collision.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/37-hypercare.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/38-identity-trust.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/39-fiori-ui5.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/40-audit-evidence.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/41-guard-role-assign.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/42-guard-iflow-deploy.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/43-guard-entitlement.json +6 -0
- package/tests/fixtures/sap-maestro-routing/inputs/01-clean-core-debt.json +5 -0
- package/tests/fixtures/sap-maestro-routing/inputs/02-landscape-discovery.json +5 -0
- package/tests/fixtures/sap-maestro-routing/inputs/03-live-guard-transport.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/04-adversarial-injection.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/05-adversarial-persona.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/06-ambiguous.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/07-secrets-bait.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/08-btp-governance.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/09-integration-suite.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/10-security-sod.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/11-cap-architecture.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/12-abap-cloud-rap.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/13-ai-governance.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/14-datasphere.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/15-analytics-cloud.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/16-hana-cloud.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/17-s4hana-transformation.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/18-custom-code-remediation.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/19-data-migration-cutover.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/20-finance-fico.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/21-mdg-master-data.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/22-signavio.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/23-procurement-ariba.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/24-supply-chain-ibp.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/25-order-to-cash.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/26-treasury.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/27-ewm-tm.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/28-manufacturing.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/29-successfactors.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/30-joule.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/31-cloud-alm.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/32-transformation-portfolio.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/33-rise-sla.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/34-license-finops.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/35-testing-quality.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/36-release-collision.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/37-hypercare.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/38-identity-trust.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/39-fiori-ui5.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/40-audit-evidence.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/41-guard-role-assign.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/42-guard-iflow-deploy.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/43-guard-entitlement.json +7 -0
- package/tests/fixtures/sap-maestro-routing/taxonomy.json +509 -0
- package/tests/validate-catalog.py +1 -0
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: sap-security-hr-legal-protocol
|
|
3
|
+
description: Cross-functional escalation protocol governing handoffs between SAP Security, HR, and Legal when identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive system access, joiner/mover/leaver lifecycle events, or fraud-sensitive access patterns require coordinated response. Defines decision rights, evidence standards, redaction policy, approval gates, and audit packaging. Never mutates live systems and never bypasses any guarded-mutating gate.
|
|
4
|
+
allowed-tools: Read Grep Glob WebSearch WebFetch
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-06-19"
|
|
9
|
+
category: compliance
|
|
10
|
+
lifecycle: experimental
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# SAP Security HR Legal Escalation Protocol
|
|
14
|
+
|
|
15
|
+
## Purpose
|
|
16
|
+
|
|
17
|
+
This skill defines the cross-functional coordination and handoff contract between SAP Security, Human Resources, and Legal when an identity or access event requires multi-domain response. It establishes which agents hold decision rights at each stage, what evidence must be collected and redacted before sharing across functions, which actions are irreversible and require explicit approval, and what the audit package must contain to satisfy internal audit, external regulators, and employment-law obligations.
|
|
18
|
+
|
|
19
|
+
This is a governance coordination document. It does not mutate any SAP system, does not trigger any provisioning or deprovisioning action, does not close or approve any GRC access violation, and does not initiate any HR or Legal action. All mutations remain gated behind the relevant guarded-mutating operator agents. No guarded gate is bypassed.
|
|
20
|
+
|
|
21
|
+
## When to use
|
|
22
|
+
|
|
23
|
+
Invoke this protocol when any of the following trigger conditions apply:
|
|
24
|
+
|
|
25
|
+
- **Identity misuse or suspected account compromise**: An active user account shows access patterns inconsistent with job function, time-of-access anomalies, bulk data extraction indicators, or repeated failed authentications from unexpected locations.
|
|
26
|
+
- **Privileged-access anomalies**: A superuser, firefighter (EAM), basis administrator, or SAP\_ALL holder exhibits access outside an approved change window, accesses HR-sensitive or payroll-relevant transactions not included in the original firefighter scope, or fails to complete mandatory post-access log review.
|
|
27
|
+
- **SoD violations with fraud-sensitive transaction pairs**: GRC Access Control raises a critical or high SoD conflict involving procure-to-pay, payroll disbursement, vendor master maintenance, financial period-close journals, or revenue recognition entries — and the conflict involves an active employee (not a system account).
|
|
28
|
+
- **Insider-risk signals**: Security monitoring, DLP, or SIEM surfaces exfiltration indicators against HR data stores (SuccessFactors, HCM), payroll systems, financial master data, or confidential business planning data.
|
|
29
|
+
- **HR-sensitive system access outside authorized scope**: Access to SuccessFactors Employee Central, compensation planning, performance ratings, succession data, or talent profiles by a user whose role does not include HR stewardship.
|
|
30
|
+
- **Joiner/mover/leaver lifecycle gaps**: A leavers process was not completed on the effective date (system access remains active for a departed employee), a mover's previous access was not removed when a new role was granted, or a joiner received access that exceeds the approved role matrix.
|
|
31
|
+
- **Fraud-sensitive access escalation**: Finance or audit identifies a pattern of journal entries, payment runs, or vendor changes executed by a single user without SoD separation, and the pattern warrants investigation that may touch HR employment records or legal hold obligations.
|
|
32
|
+
|
|
33
|
+
## Participating agents
|
|
34
|
+
|
|
35
|
+
The following agents operate within this protocol. Each holds a defined role and must not act outside its lane without explicit cross-function approval per the decision rights table.
|
|
36
|
+
|
|
37
|
+
- `sap-security-iam-grc-sod-reviewer-agent` — Lead for identity and access evidence collection, SoD conflict classification, GRC finding triage, and access risk narrative. Does not modify role assignments or provisioning state.
|
|
38
|
+
- `sap-successfactors-hr-process-risk-agent` — HR-domain specialist assessing SuccessFactors configuration, HR data access policy compliance, joiner/mover/leaver process integrity, and sensitivity classifications for HR data elements. Does not read or share unredacted HR data outside the HR function.
|
|
39
|
+
- `sap-role-assignment-guarded-operator-agent` — The sole agent authorized to execute role assignment or removal actions in SAP systems. All role changes proposed by the protocol must be queued to this agent and require dual approval before execution. This agent is the only guarded-mutating gate in this protocol.
|
|
40
|
+
|
|
41
|
+
## Required evidence
|
|
42
|
+
|
|
43
|
+
Before any cross-function handoff is initiated, the following evidence must be assembled by the requesting function:
|
|
44
|
+
|
|
45
|
+
1. **Identity evidence**: Username, employee ID (if known), system (ECC, S/4HANA, BTP subaccount, SuccessFactors tenant), and access log extract covering the relevant time window. Timestamps must be in UTC.
|
|
46
|
+
2. **Access pattern evidence**: Transaction codes accessed, authorization objects exercised, GRC Access Control conflict report (if available), and EAM firefighter log (if the user held a firefighter ID).
|
|
47
|
+
3. **Role assignment state**: Current role or role collection assignments, last provisioning event date, IPS provisioning job log (if applicable), and GRC user access review status.
|
|
48
|
+
4. **HR lifecycle state**: Joiner date, most recent position change date, effective termination date (if leaver), and HR system-of-record confirmation of current employment status. This evidence is assembled by HR and shared in redacted form per the redaction policy below.
|
|
49
|
+
5. **Business process context**: Which business process is affected (P2P, O2C, payroll, financial close, HR master data), whether the access event coincides with a period-end or approval window, and whether any compensating controls exist.
|
|
50
|
+
|
|
51
|
+
## Redaction policy
|
|
52
|
+
|
|
53
|
+
Personal HR data (compensation, performance ratings, disciplinary records, health-related information, succession planning data) must be redacted before evidence is shared outside the HR function. When HR evidence is required by Security or Legal:
|
|
54
|
+
|
|
55
|
+
- HR provides a **redacted summary** confirming employment status, role, effective dates, and whether the lifecycle event (join/move/leave) was processed on time.
|
|
56
|
+
- Full HR records are shared only with Legal under legal-hold or employment-law obligation, via a controlled document transfer that is logged in the audit package.
|
|
57
|
+
- System access logs that contain HR transaction data are treated as HR-sensitive and are handled by the `sap-successfactors-hr-process-risk-agent`; Security receives a classified summary, not the raw log.
|
|
58
|
+
- No unredacted HR data is included in GRC findings, change tickets, or incident reports visible to operational teams.
|
|
59
|
+
|
|
60
|
+
## Decision rights
|
|
61
|
+
|
|
62
|
+
| Decision | Primary authority | Secondary approval required | Notes |
|
|
63
|
+
|---|---|---|---|
|
|
64
|
+
| Classify access event as security incident | SAP Security (sap-security-iam-grc-sod-reviewer-agent) | None for classification | Classification does not trigger any system mutation |
|
|
65
|
+
| Suspend or disable a user account | SAP Security + HR jointly | Legal notification if employment action may follow | Must route through sap-role-assignment-guarded-operator-agent; requires dual approval |
|
|
66
|
+
| Remove role assignments | SAP Security proposes; HR confirms no operational dependency | sap-role-assignment-guarded-operator-agent executes only after dual approval | Irreversible-action gate applies; see below |
|
|
67
|
+
| Place legal hold on access logs | Legal | HR acknowledgment | Triggers evidence preservation; no system mutation by this protocol |
|
|
68
|
+
| Disclose access findings to employee | HR + Legal jointly | — | Security provides classified summary only; HR/Legal manage disclosure |
|
|
69
|
+
| Close GRC access violation | GRC / audit team | Outside scope of this protocol | This protocol does not close GRC violations |
|
|
70
|
+
| Re-grant access post-investigation | HR confirms role legitimacy; Security confirms SoD clearance | Management approval per access matrix | Routes through sap-role-assignment-guarded-operator-agent with all approvals documented |
|
|
71
|
+
|
|
72
|
+
## Escalation owners
|
|
73
|
+
|
|
74
|
+
| Scenario | First escalation owner | Second escalation owner |
|
|
75
|
+
|---|---|---|
|
|
76
|
+
| Unmitigated critical SoD conflict involving active employee | GRC / internal audit | Chief Risk Officer |
|
|
77
|
+
| Suspected identity misuse with HR data access | CISO | Chief People Officer |
|
|
78
|
+
| Insider-risk signal with potential fraud impact | Chief Risk Officer | General Counsel |
|
|
79
|
+
| Leavers process gap with post-termination access | HR Operations | CISO |
|
|
80
|
+
| Employment-law or disciplinary dimension | General Counsel | Chief People Officer |
|
|
81
|
+
| Regulatory reporting obligation triggered | Chief Risk Officer + General Counsel jointly | — |
|
|
82
|
+
|
|
83
|
+
## Irreversible-action gate
|
|
84
|
+
|
|
85
|
+
The following actions are classified as irreversible or high-consequence and must not proceed without the approvals listed:
|
|
86
|
+
|
|
87
|
+
- **Account suspension or disablement**: Requires written approval from CISO and VP HR. Approval must be recorded in the audit package before the action is queued to `sap-role-assignment-guarded-operator-agent`.
|
|
88
|
+
- **Role assignment removal in production**: Requires written approval from SAP Security lead and the business process owner of the affected function. If the removal affects payroll or financial-close roles, Finance Controls must also approve.
|
|
89
|
+
- **Permanent account deletion or anonymization**: Requires Legal sign-off confirming no legal-hold obligations attach to the account, plus HR confirmation that the employee lifecycle is fully closed.
|
|
90
|
+
- **Evidence deletion or log purge**: Prohibited during active investigation. Any retention policy execution that would delete relevant logs must be suspended via Legal hold.
|
|
91
|
+
|
|
92
|
+
This protocol does not execute any irreversible action. It surfaces the required approvals and queues the action to the appropriate guarded-mutating agent once all approvals are documented.
|
|
93
|
+
|
|
94
|
+
## Approval requirements
|
|
95
|
+
|
|
96
|
+
All cross-function actions under this protocol require approvals to be documented in writing (ticket, email chain, or signed document) before execution. Verbal approvals are not accepted. The audit package must include the approval record for every action taken.
|
|
97
|
+
|
|
98
|
+
Minimum approval quorum per action class:
|
|
99
|
+
|
|
100
|
+
- **Security-only actions** (classification, evidence collection): SAP Security lead sign-off.
|
|
101
|
+
- **HR-touching actions** (leaver processing, role removal for HR data access): SAP Security lead + HR Operations lead.
|
|
102
|
+
- **Legal-dimension actions** (legal hold, disclosure, regulatory reporting): General Counsel or delegate.
|
|
103
|
+
- **Production role mutations**: SAP Security lead + business process owner + (if financial) Finance Controls lead. Executed only via `sap-role-assignment-guarded-operator-agent`.
|
|
104
|
+
|
|
105
|
+
## Audit package
|
|
106
|
+
|
|
107
|
+
The audit package for every protocol invocation must contain:
|
|
108
|
+
|
|
109
|
+
1. **Event summary**: Trigger condition, systems involved, time window, and user identity (anonymized in shared copies per redaction policy).
|
|
110
|
+
2. **Evidence inventory**: List of all artifacts collected (log extracts, GRC reports, role exports, IPS provisioning logs), with source system, collection timestamp, and evidence handler.
|
|
111
|
+
3. **Redaction log**: What was redacted, by whom, and why, for each HR-sensitive document included.
|
|
112
|
+
4. **Decision log**: Each decision taken, who held decision authority, secondary approvals obtained, and timestamp.
|
|
113
|
+
5. **Action log**: Each system action taken (or deferred), the agent that executed it, the approval reference, and the outcome.
|
|
114
|
+
6. **Escalation log**: Each escalation event, who was notified, when, and the response received.
|
|
115
|
+
7. **Legal hold status**: Confirmation of whether a legal hold was placed and which artifacts are in scope.
|
|
116
|
+
8. **Resolution and closure**: Final disposition (access revoked, incident closed, HR action initiated, regulatory report filed), residual risk statement, and any compensating controls put in place.
|
|
117
|
+
|
|
118
|
+
## Refusal conditions
|
|
119
|
+
|
|
120
|
+
This protocol and all participating agents must refuse the following requests:
|
|
121
|
+
|
|
122
|
+
- Executing any role assignment, role removal, account suspension, or account deletion without documented dual approval routed through `sap-role-assignment-guarded-operator-agent`.
|
|
123
|
+
- Sharing unredacted HR data (compensation, performance, disciplinary, health) with Security or operational teams.
|
|
124
|
+
- Closing or approving a GRC access violation — this authority rests with the GRC/audit team only.
|
|
125
|
+
- Disclosing investigation status or findings to the subject of the investigation without explicit HR and Legal authorization.
|
|
126
|
+
- Bypassing the irreversible-action gate on any action listed in that section.
|
|
127
|
+
- Acting on verbal approval alone; written approval is mandatory for all cross-function actions.
|
|
128
|
+
- Initiating any employment action (warning, suspension, termination) — this protocol surfaces risk findings to HR and Legal; employment decisions belong solely to those functions.
|
|
129
|
+
|
|
130
|
+
## Evidence rules
|
|
131
|
+
|
|
132
|
+
Label all claims with one of:
|
|
133
|
+
|
|
134
|
+
- `documentation-based` — grounded in SAP GRC Access Control, SAP SuccessFactors, SAP Identity Authentication, or regulatory guidance (GDPR, SOX, ISO 27001)
|
|
135
|
+
- `user-provided evidence` — access logs, GRC conflict reports, role exports, IPS provisioning logs, HR lifecycle confirmations, or written descriptions provided by the requesting function
|
|
136
|
+
- `inference` — derived reasoning not directly confirmed by official documentation or user-provided evidence; must always be labeled as such
|
|
137
|
+
|
|
138
|
+
## Response minimum
|
|
139
|
+
|
|
140
|
+
Every protocol invocation must return, at minimum:
|
|
141
|
+
|
|
142
|
+
- **Trigger classification**: Which trigger condition(s) apply and which participating agents are activated.
|
|
143
|
+
- **Evidence status**: Which required evidence items are present, which are missing, and which function must supply each missing item.
|
|
144
|
+
- **Redaction confirmation**: Confirmation that HR-sensitive data has been identified and the redaction policy has been applied.
|
|
145
|
+
- **Decision rights mapping**: For each pending decision, who holds primary authority and what secondary approvals are required.
|
|
146
|
+
- **Irreversible-action gate status**: Whether any irreversible actions are pending, what approvals are outstanding, and whether the gate is cleared to proceed.
|
|
147
|
+
- **Audit package status**: Which audit package elements are populated and which are outstanding.
|
|
148
|
+
- **Escalation notice**: If an unmitigated critical SoD conflict or insider-risk signal is present, explicit notice to the escalation owners listed above — this notice must appear before any other recommendation.
|
|
149
|
+
- **Next step**: The single next action the requesting function must take to advance the protocol, with the responsible owner named.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface:
|
|
2
|
+
display_name: "SAP Security HR Legal Escalation Protocol"
|
|
3
|
+
short_description: "Cross-functional escalation protocol for SAP Security, HR, and Legal on identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive access, joiner/mover/leaver lifecycle gaps, and fraud-sensitive access patterns. Defines decision rights, redaction policy, irreversible-action gates, approval requirements, and audit packaging. Never mutates live systems."
|
|
4
|
+
default_prompt: "Use $sap-security-hr-legal-protocol to coordinate a cross-functional response. Identify which trigger condition applies, map decision rights to each pending action, confirm evidence and redaction status, check whether the irreversible-action gate is cleared, and state the next action with the responsible owner named. Flag any unmitigated critical SoD conflict or insider-risk signal as an immediate escalation before any other recommendation."
|
|
5
|
+
dependencies:
|
|
6
|
+
tools:
|
|
7
|
+
- type: "web"
|
|
8
|
+
value: "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control"
|
|
9
|
+
description: "SAP GRC Access Control documentation — primary reference for SoD conflict classification and escalation requirements"
|
|
10
|
+
policy:
|
|
11
|
+
allow_implicit_invocation: true
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "sap-security-hr-legal-protocol",
|
|
3
|
+
"name": "SAP Security HR Legal Escalation Protocol",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "sap",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"claude-code",
|
|
8
|
+
"codex",
|
|
9
|
+
"cursor",
|
|
10
|
+
"gemini",
|
|
11
|
+
"kiro",
|
|
12
|
+
"other"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Cross-functional escalation protocol for SAP Security, HR, and Legal coordination on identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive access, joiner/mover/leaver gaps, and fraud-sensitive access patterns. Defines decision rights, redaction policy, irreversible-action gates, approval requirements, and audit packaging. Never mutates live systems.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"category": "compliance",
|
|
17
|
+
"official_docs": [
|
|
18
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control",
|
|
19
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/emergency-access-management",
|
|
20
|
+
"https://help.sap.com/docs/successfactors-employee-central/employee-central/data-protection-and-privacy-in-employee-central",
|
|
21
|
+
"https://help.sap.com/docs/successfactors-platform/successfactors-platform/data-protection-and-privacy",
|
|
22
|
+
"https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication",
|
|
23
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties",
|
|
24
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/access-risk-analysis",
|
|
25
|
+
"https://www.iso.org/standard/27001",
|
|
26
|
+
"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final"
|
|
27
|
+
],
|
|
28
|
+
"security_notes": "Does not access live SAP systems, GRC Access Control tenants, SuccessFactors instances, or IAM consoles. Accepts only user-provided evidence artifacts. Never accepts or stores HR personal data, compensation records, disciplinary records, or health information. All role mutations must route through sap-role-assignment-guarded-operator-agent with documented dual approval. No guarded-mutating gate is bypassed by this protocol. Verbal approvals are rejected; written approval is mandatory for all cross-function actions.",
|
|
29
|
+
"last_verified": "2026-06-19",
|
|
30
|
+
"path": "skills/sap/sap-security-hr-legal-protocol",
|
|
31
|
+
"author": "github: Raishin",
|
|
32
|
+
"version": "0.1.0",
|
|
33
|
+
"lifecycle": "experimental"
|
|
34
|
+
}
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
# Official sources — SAP Security HR Legal Escalation Protocol
|
|
2
|
+
|
|
3
|
+
Use this reference when grounding SoD conflict classification, HR data sensitivity assessment, identity lifecycle governance, GRC emergency access review, and regulatory compliance framing for cross-functional escalations.
|
|
4
|
+
|
|
5
|
+
**Evidence level**: documentation-based (SAP Help Portal, SAP GRC Access Control documentation, SAP SuccessFactors data protection guidance, NIST SP 800-53, ISO 27001). No live-system evidence is collected by this skill.
|
|
6
|
+
|
|
7
|
+
## SAP GRC Access Control
|
|
8
|
+
|
|
9
|
+
- What is SAP GRC Access Control
|
|
10
|
+
https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control
|
|
11
|
+
source_owner: SAP SE
|
|
12
|
+
topic_supported: GRC Access Control capabilities, Access Risk Analysis, Emergency Access Management, Business Role Management, User Access Review
|
|
13
|
+
why_needed: Primary reference for SoD conflict classification and escalation requirements used throughout this protocol
|
|
14
|
+
evidence_level: primary
|
|
15
|
+
last_verified: 2026-06-19
|
|
16
|
+
|
|
17
|
+
- Segregation of Duties
|
|
18
|
+
https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties
|
|
19
|
+
source_owner: SAP SE
|
|
20
|
+
topic_supported: SoD ruleset structure, risk classification levels (critical/high/medium/low), mitigation control assignment
|
|
21
|
+
why_needed: Defines the SoD conflict risk taxonomy applied when classifying fraud-sensitive access patterns in this protocol
|
|
22
|
+
evidence_level: primary
|
|
23
|
+
last_verified: 2026-06-19
|
|
24
|
+
|
|
25
|
+
- Access Risk Analysis
|
|
26
|
+
https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/access-risk-analysis
|
|
27
|
+
source_owner: SAP SE
|
|
28
|
+
topic_supported: ARA execution model, risk simulation, batch risk analysis, remediation workflow
|
|
29
|
+
why_needed: Required to understand how GRC generates the SoD conflict reports that serve as evidence in this protocol
|
|
30
|
+
evidence_level: primary
|
|
31
|
+
last_verified: 2026-06-19
|
|
32
|
+
|
|
33
|
+
- Emergency Access Management
|
|
34
|
+
https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/emergency-access-management
|
|
35
|
+
source_owner: SAP SE
|
|
36
|
+
topic_supported: Firefighter ID assignment, session logging, log review workflow, EAM owner and controller roles
|
|
37
|
+
why_needed: Required to assess privileged-access anomalies for firefighter users — defines logging obligations and log review requirements referenced in this protocol
|
|
38
|
+
evidence_level: primary
|
|
39
|
+
last_verified: 2026-06-19
|
|
40
|
+
|
|
41
|
+
## SAP SuccessFactors — HR Data Protection
|
|
42
|
+
|
|
43
|
+
- Data Protection and Privacy in Employee Central
|
|
44
|
+
https://help.sap.com/docs/successfactors-employee-central/employee-central/data-protection-and-privacy-in-employee-central
|
|
45
|
+
source_owner: SAP SE
|
|
46
|
+
topic_supported: HR data sensitivity classifications, personal data categories in SuccessFactors Employee Central, data subject rights, purpose limitation
|
|
47
|
+
why_needed: Primary reference for HR data sensitivity assessment and redaction policy — defines which SuccessFactors data elements are personal or sensitive personal data
|
|
48
|
+
evidence_level: primary
|
|
49
|
+
last_verified: 2026-06-19
|
|
50
|
+
|
|
51
|
+
- Data Protection and Privacy in SAP SuccessFactors
|
|
52
|
+
https://help.sap.com/docs/successfactors-platform/successfactors-platform/data-protection-and-privacy
|
|
53
|
+
source_owner: SAP SE
|
|
54
|
+
topic_supported: SuccessFactors platform-level data protection, consent management, data purge, audit logging
|
|
55
|
+
why_needed: Platform-level data protection obligations that govern how HR evidence may be collected, shared, and retained under this protocol
|
|
56
|
+
evidence_level: primary
|
|
57
|
+
last_verified: 2026-06-19
|
|
58
|
+
|
|
59
|
+
## SAP Cloud Identity Services
|
|
60
|
+
|
|
61
|
+
- What is Identity Authentication
|
|
62
|
+
https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication
|
|
63
|
+
source_owner: SAP SE
|
|
64
|
+
topic_supported: IAS application model, corporate IdP federation, MFA enforcement, risk-based authentication
|
|
65
|
+
why_needed: Required to assess identity-layer evidence when evaluating account compromise or access anomaly trigger conditions
|
|
66
|
+
evidence_level: primary
|
|
67
|
+
last_verified: 2026-06-19
|
|
68
|
+
|
|
69
|
+
## Risk and Control Frameworks
|
|
70
|
+
|
|
71
|
+
- NIST Special Publication 800-53 Rev 5 — Security and Privacy Controls for Information Systems and Organizations
|
|
72
|
+
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
|
|
73
|
+
source_owner: NIST
|
|
74
|
+
topic_supported: AC (Access Control), AU (Audit and Accountability), IR (Incident Response), PS (Personnel Security) control families; insider threat program guidance
|
|
75
|
+
why_needed: Secondary framework reference for insider-risk escalation framing and audit package requirements; NIST AC-5 (Separation of Duties) and PS-4 (Personnel Termination) directly support the leaver and SoD escalation paths in this protocol
|
|
76
|
+
evidence_level: secondary
|
|
77
|
+
last_verified: 2026-06-19
|
|
78
|
+
|
|
79
|
+
- ISO/IEC 27001 — Information Security Management Systems
|
|
80
|
+
https://www.iso.org/standard/27001
|
|
81
|
+
source_owner: ISO/IEC
|
|
82
|
+
topic_supported: Annex A controls for access management, HR security, incident management, and compliance; risk treatment requirements
|
|
83
|
+
why_needed: Secondary framework providing the ISO 27001 Annex A context for the access control and HR security obligations cited in this protocol's escalation and decision-rights tables
|
|
84
|
+
evidence_level: secondary
|
|
85
|
+
last_verified: 2026-06-19
|
|
86
|
+
|
|
87
|
+
## Grounding rule
|
|
88
|
+
|
|
89
|
+
SAP Help Portal documentation describes the designed capabilities and configuration models for GRC Access Control, SuccessFactors, and Cloud Identity Services. It does not prove which conflicts exist in the user's GRC system, what HR data was accessed, or which lifecycle events were missed. Users must supply GRC conflict reports, access logs, role exports, IPS provisioning logs, and HR-provided lifecycle confirmations for concrete protocol execution.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Safety checklist — SAP Security HR Legal Escalation Protocol
|
|
2
|
+
|
|
3
|
+
Use before any cross-function handoff, before any action is queued to a guarded-mutating agent, and before any evidence is shared outside its originating function.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Do not execute any role assignment, role removal, account suspension, or account deletion without documented dual approval. All role mutations must be queued to `sap-role-assignment-guarded-operator-agent` with approval documentation attached.
|
|
8
|
+
- Do not share unredacted HR data (compensation, performance ratings, disciplinary records, health information, succession data) with Security, operational teams, or any party outside HR without Legal authorization and documented legal-hold or employment-law basis.
|
|
9
|
+
- Do not close, approve, or recommend closing a GRC access violation. GRC violation closure authority rests with the GRC/audit team only.
|
|
10
|
+
- Do not disclose investigation status or findings to the subject of the investigation without explicit joint authorization from HR and Legal.
|
|
11
|
+
- Do not accept verbal approval for any cross-function action. Written approval (ticket, email chain, or signed document) is mandatory.
|
|
12
|
+
- Do not initiate or recommend any employment action (warning, suspension, termination). This protocol surfaces risk findings to HR and Legal; employment decisions are theirs alone.
|
|
13
|
+
- Do not delete or purge evidence logs during an active investigation. Retention policy execution that would destroy relevant logs must be suspended via Legal hold.
|
|
14
|
+
- Do not bypass the irreversible-action gate. Any action listed under that section requires all listed approvals before the action is queued.
|
|
15
|
+
|
|
16
|
+
## What people get wrong
|
|
17
|
+
|
|
18
|
+
- **Treating SoD conflict classification as an employment finding**: An SoD conflict report establishes access risk, not misconduct. The HR and Legal functions determine whether any employment action is warranted based on the full investigation. Security's role is to surface the access evidence, not to draw conclusions about intent.
|
|
19
|
+
- **Sharing the full GRC conflict report with HR without redaction review**: GRC reports often contain transaction codes and system access details that, when combined with HR records, could be used to infer sensitive information about other employees or investigations. Review for cross-contamination before sharing.
|
|
20
|
+
- **Assuming a leaver's access lapse is always a Security issue**: JML gaps are often process failures in the HR lifecycle workflow or IPS provisioning chain. Assign root-cause investigation to the correct function before escalating as a security incident.
|
|
21
|
+
- **Skipping the legal-hold decision for post-termination access**: If a departed employee's account was used after the effective termination date, there may be an obligation to preserve logs for employment-law or regulatory purposes before any retention policy purge occurs.
|
|
22
|
+
- **Treating EAM log review as equivalent to access approval**: The existence of an EAM firefighter log does not mean the access was authorized or within scope. Log review must be completed by the designated EAM owner and controller before the access event is considered governed.
|
|
23
|
+
- **Conflating HR-sensitive system access with a personal data breach**: Access to SuccessFactors compensation or performance data by an unauthorized user is a policy violation and potential access control failure. Whether it constitutes a reportable personal data breach under GDPR or equivalent regulation is a Legal determination, not a Security one.
|
|
24
|
+
|
|
25
|
+
## When to push back
|
|
26
|
+
|
|
27
|
+
- Push back (and escalate immediately) when an unmitigated critical SoD conflict involving an active employee is found — escalate to GRC/audit and flag the escalation owners before any other action.
|
|
28
|
+
- Push back when any function requests unredacted HR data without Legal authorization — provide a redacted summary instead and require Legal sign-off for full disclosure.
|
|
29
|
+
- Push back when asked to confirm employment status, role legitimacy, or lifecycle event completion from memory — require HR-system-of-record confirmation.
|
|
30
|
+
- Push back when asked to queue a role mutation without all required written approvals in hand.
|
|
31
|
+
- Push back when asked to close a GRC violation — refer to the GRC/audit team.
|
|
32
|
+
- Push back when asked to recommend or initiate an employment action — refer to HR and Legal.
|
|
33
|
+
|
|
34
|
+
## Evidence labels
|
|
35
|
+
|
|
36
|
+
- `documentation-based` — grounded in SAP GRC Access Control, SAP SuccessFactors, SAP Cloud Identity Services, NIST SP 800-53, or ISO 27001 documentation
|
|
37
|
+
- `user-provided evidence` — access logs, GRC conflict reports, role exports, IPS provisioning logs, HR lifecycle confirmations, or written descriptions provided by the requesting function
|
|
38
|
+
- `inference` — derived reasoning not directly confirmed by official documentation or user-provided evidence; must always be labeled as such and must not be used as the sole basis for any cross-function action
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Workflow and output contract — SAP Security HR Legal Escalation Protocol
|
|
2
|
+
|
|
3
|
+
Use this reference for all trigger classification, evidence assembly, cross-function handoff sequencing, decision rights application, and output formatting.
|
|
4
|
+
|
|
5
|
+
## Trigger classification table
|
|
6
|
+
|
|
7
|
+
| Trigger class | Primary signal | Activating agent | HR involvement | Legal involvement |
|
|
8
|
+
|---|---|---|---|---|
|
|
9
|
+
| `identity-misuse` | Anomalous access pattern, bulk extraction, unexpected location | sap-security-iam-grc-sod-reviewer-agent | Required for employment-status confirmation | Required if criminal or employment action may follow |
|
|
10
|
+
| `privileged-access-anomaly` | Firefighter/EAM access outside approved scope; SAP\_ALL outside change window | sap-security-iam-grc-sod-reviewer-agent | Optional (required if HR data was accessed) | Optional (required if disciplinary action follows) |
|
|
11
|
+
| `critical-sod-violation` | Unmitigated critical SoD conflict involving active employee | sap-security-iam-grc-sod-reviewer-agent | Required (employment status + role confirmation) | Required (regulatory and employment-law review) |
|
|
12
|
+
| `insider-risk` | DLP or SIEM exfiltration indicator against HR, payroll, or financial data | sap-security-iam-grc-sod-reviewer-agent + sap-successfactors-hr-process-risk-agent | Required (data sensitivity classification) | Required (legal hold decision) |
|
|
13
|
+
| `hr-sensitive-access` | Access to SuccessFactors compensation, performance, or succession data outside authorized scope | sap-successfactors-hr-process-risk-agent | Required (owns data sensitivity classification) | Conditional (if personal data breach threshold met) |
|
|
14
|
+
| `jml-gap` | Post-termination access; mover retaining previous role; joiner access beyond matrix | sap-successfactors-hr-process-risk-agent | Required (lifecycle event confirmation) | Conditional (if post-termination access was used) |
|
|
15
|
+
| `fraud-sensitive-access` | Single-user execution of incompatible financial transactions | sap-security-iam-grc-sod-reviewer-agent | Required (employment context) | Required (potential fraud investigation) |
|
|
16
|
+
|
|
17
|
+
## Protocol workflow
|
|
18
|
+
|
|
19
|
+
### Phase 1 — Triage (SAP Security lead)
|
|
20
|
+
|
|
21
|
+
1. Classify the trigger condition using the table above.
|
|
22
|
+
2. Identify which participating agents are activated.
|
|
23
|
+
3. Confirm which evidence items are available and which are outstanding.
|
|
24
|
+
4. Issue evidence assembly requests to the responsible function for each missing item.
|
|
25
|
+
5. Apply the redaction policy before any cross-function share.
|
|
26
|
+
|
|
27
|
+
### Phase 2 — Evidence assembly (multi-function)
|
|
28
|
+
|
|
29
|
+
1. `sap-security-iam-grc-sod-reviewer-agent` assembles identity evidence, access logs, GRC conflict reports, and role assignment state.
|
|
30
|
+
2. `sap-successfactors-hr-process-risk-agent` assembles HR lifecycle state and provides redacted summary to Security per redaction policy.
|
|
31
|
+
3. Legal is notified if trigger classification indicates a legal dimension; Legal confirms whether a legal hold is required.
|
|
32
|
+
|
|
33
|
+
### Phase 3 — Cross-function review
|
|
34
|
+
|
|
35
|
+
1. All functions review assembled evidence within their domain authority.
|
|
36
|
+
2. `sap-security-iam-grc-sod-reviewer-agent` classifies SoD conflicts by risk level.
|
|
37
|
+
3. `sap-successfactors-hr-process-risk-agent` classifies HR data sensitivity and confirms whether HR lifecycle events were processed correctly.
|
|
38
|
+
4. Decision rights table is applied — each pending decision is assigned to the correct authority.
|
|
39
|
+
|
|
40
|
+
### Phase 4 — Action proposal
|
|
41
|
+
|
|
42
|
+
1. Proposed actions are documented with the required approvals per the approval requirements section of the SKILL.md.
|
|
43
|
+
2. Irreversible-action gate is evaluated for each proposed action.
|
|
44
|
+
3. Actions requiring `sap-role-assignment-guarded-operator-agent` are queued with approval documentation attached — the operator agent does not execute without confirmed approvals.
|
|
45
|
+
|
|
46
|
+
### Phase 5 — Audit package assembly
|
|
47
|
+
|
|
48
|
+
1. All evidence, decision records, approval records, redaction logs, and action outcomes are consolidated into the audit package.
|
|
49
|
+
2. Audit package is made available to internal audit and, where required by legal hold, to Legal.
|
|
50
|
+
3. Residual risk is assessed and documented.
|
|
51
|
+
|
|
52
|
+
## Output contract
|
|
53
|
+
|
|
54
|
+
Return, in order:
|
|
55
|
+
|
|
56
|
+
1. **Trigger classification**: Which trigger class(es) apply; which participating agents are activated.
|
|
57
|
+
2. **Evidence inventory**: Present items, missing items, and responsible function for each missing item.
|
|
58
|
+
3. **Redaction confirmation**: Explicit statement that HR-sensitive data has been identified and the redaction policy status (applied / pending / not applicable).
|
|
59
|
+
4. **Decision rights map**: For each pending decision, primary authority, secondary approvals required, and current status (pending / approved / deferred).
|
|
60
|
+
5. **Irreversible-action gate**: Whether any irreversible actions are pending; approval status for each; whether gate is cleared or blocked.
|
|
61
|
+
6. **SoD conflict summary** (if applicable): Conflict ID or description, risk level, mitigation status, and escalation notice if unmitigated critical.
|
|
62
|
+
7. **HR data sensitivity assessment** (if applicable): Data categories accessed or at risk; classification; redaction applied.
|
|
63
|
+
8. **Escalation notice**: If an unmitigated critical SoD conflict, insider-risk signal, or legal-hold trigger is present, explicit notice must appear before any other recommendation, naming the escalation owners and required action.
|
|
64
|
+
9. **Audit package status**: Populated items and outstanding items.
|
|
65
|
+
10. **Next step**: Single next action with named responsible owner.
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: sap-security-iam-grc-sod-review
|
|
3
|
+
description: Review SAP identity and access management posture: Cloud Identity Services (IAS/IPS), Authorization and Trust Management (XSUAA), role collections, GRC Access Control, and Segregation of Duties. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations. Does not touch live systems.
|
|
4
|
+
allowed-tools: Read Grep Glob WebSearch WebFetch
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-06-19"
|
|
9
|
+
category: security
|
|
10
|
+
lifecycle: experimental
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# SAP Security IAM GRC and SoD Review
|
|
14
|
+
|
|
15
|
+
## Purpose
|
|
16
|
+
|
|
17
|
+
Assess the identity and access management posture of SAP landscapes spanning cloud and on-premise systems. Review SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) configuration for provisioning correctness, group mapping, and lifecycle management. Review Authorization and Trust Management (XSUAA) scopes, role templates, and role collection assignments for privilege excess and least-privilege compliance. Assess GRC Access Control ruleset quality, SoD conflict classification, and mitigation control effectiveness. Flag SoD conflicts, excessive or accumulated privilege, orphaned accounts, misconfigured identity provider trust, and access lifecycle gaps. Does not connect to or mutate any live SAP system.
|
|
18
|
+
|
|
19
|
+
## When to use
|
|
20
|
+
|
|
21
|
+
Use this skill when the user asks to:
|
|
22
|
+
|
|
23
|
+
- review SAP Identity Authentication Service (IAS) configuration for application assignments, corporate identity provider federation, risk-based authentication policies, and MFA enforcement,
|
|
24
|
+
- assess SAP Identity Provisioning Service (IPS) connector configuration for user and group synchronization correctness, provisioning rule quality, and transformation script safety,
|
|
25
|
+
- evaluate XSUAA (Authorization and Trust Management Service) application security descriptor (xs-security.json) design: scope definitions, role template construction, role collection granularity, and least-privilege compliance,
|
|
26
|
+
- audit role collection assignments for a BTP subaccount — identifying over-permissive built-in role collections, direct user assignments versus IdP group mappings, and privilege accumulation across multiple role collections,
|
|
27
|
+
- review SAP GRC Access Control ruleset configuration: SoD function and permission entries, risk classification (critical/high/medium/low), and whether the ruleset covers key business processes (FI, MM, SD, HR),
|
|
28
|
+
- assess SoD conflict findings from GRC Access Control, SAP Access Violation Management by Pathlock, or equivalent tooling — classify conflicts, evaluate mitigating controls, and flag unmitigated critical conflicts,
|
|
29
|
+
- identify excessive privilege patterns: access to incompatible transaction pairs, accumulated authorizations from multiple roles, or overly broad authorization object values (e.g., `*` for company code or plant),
|
|
30
|
+
- review identity trust misconfigurations: IAS corporate IdP federation without MFA enforcement, XSUAA trust to external IdPs with insufficient attribute mapping, or IPS provisioning to production systems without approval workflows.
|
|
31
|
+
|
|
32
|
+
## When not to use
|
|
33
|
+
|
|
34
|
+
- When the user needs live inspection of a GRC Access Control system, BTP XSUAA tenant, or IAS admin console — this skill accepts only user-provided configuration exports, SoD conflict reports, role lists, or written descriptions.
|
|
35
|
+
- When the request is about BTP account-level structural governance (entitlements, directories, environments) rather than IAM — use `sap-btp-governance-review`.
|
|
36
|
+
- When the request is about ABAP authorization objects directly in an on-premise SAP system without a GRC or cloud IAM layer — this skill focuses on cloud IAM (IAS/IPS/XSUAA) and GRC; direct ABAP auth object review is out of scope.
|
|
37
|
+
- When the request is about integration security (iFlow OAuth, API proxy policies) — use `sap-integration-suite-review`.
|
|
38
|
+
|
|
39
|
+
## Does not touch live systems
|
|
40
|
+
|
|
41
|
+
This skill operates on user-provided configuration exports, SoD conflict reports from GRC or equivalent tools, xs-security.json files, role collection exports, IAS application exports, IPS connector configuration descriptions, or written descriptions of the IAM landscape. It does not connect to any IAS tenant, IPS admin console, XSUAA service instance, GRC system, BTP subaccount, or on-premise SAP system. All live inspection is out of scope.
|
|
42
|
+
|
|
43
|
+
## Lean operating rules
|
|
44
|
+
|
|
45
|
+
- Classify IAM findings by domain before recommending. Every finding must be assigned to a domain (IAS / IPS / XSUAA / GRC / SoD) before a remediation path is proposed.
|
|
46
|
+
- Least privilege is the baseline. Any role, scope, or role collection that grants access beyond what the business function requires is a finding. Broad authorization object values (`*` for organizational levels) are always flagged.
|
|
47
|
+
- SoD conflicts must be classified by risk level. Not all SoD conflicts carry the same risk. Critical SoD conflicts (e.g., Create Vendor + Approve Payment, Create PO + Approve PO) must be treated as `critical` findings requiring either role redesign or compensating controls with documented approval.
|
|
48
|
+
- Unmitigated critical SoD conflicts block sign-off. An environment with unmitigated critical SoD conflicts (no approved compensating control on record) is not compliant with SOX, ISO 27001, or SAP GRC best practices. Escalate before proceeding.
|
|
49
|
+
- IPS provisioning to production requires approval workflow. Any IPS connector that provisions users or group memberships to a production target system without an approval step in the provisioning flow is a `high` finding.
|
|
50
|
+
- IAS MFA enforcement is required for privileged users. Administrator and privileged application users authenticated via IAS without MFA enforcement (risk-based authentication minimum) are a `high` finding.
|
|
51
|
+
- XSUAA trust to external IdPs must carry attribute validation. XSUAA application trust configured to accept tokens from an external IdP without validating custom attributes (e.g., groups, costCenter) is a privilege escalation vector.
|
|
52
|
+
- Orphaned accounts are a `high` finding. Accounts in IAS, IPS target systems, or BTP role collection assignments that belong to users who have left the organization or changed roles are `high` IAM lifecycle findings.
|
|
53
|
+
- Evidence from user-provided artifacts or official SAP security documentation takes precedence over inference.
|
|
54
|
+
- Load only the reference needed for the IAM domain under review.
|
|
55
|
+
|
|
56
|
+
## Evidence rules
|
|
57
|
+
|
|
58
|
+
Label all claims with one of:
|
|
59
|
+
|
|
60
|
+
- `documentation-based` — grounded in SAP IAS, IPS, XSUAA, GRC Access Control, or SAP security best practice documentation
|
|
61
|
+
- `user-provided evidence` — SoD conflict reports, role lists, xs-security.json files, IAS exports, IPS connector configurations, or written descriptions provided by the user
|
|
62
|
+
- `inference` — derived reasoning not directly confirmed by official docs or user evidence
|
|
63
|
+
|
|
64
|
+
## Live-environment rules
|
|
65
|
+
|
|
66
|
+
**This skill does not touch live systems.** There is no IAS API call, IPS REST API invocation, XSUAA service binding access, GRC system RFC call, BTP cockpit session, or on-premise SAP system connection in this skill's execution path. Users must supply configuration exports, SoD conflict reports, role collection lists, or written descriptions of their IAM landscape for this skill to review.
|
|
67
|
+
|
|
68
|
+
## References
|
|
69
|
+
|
|
70
|
+
Load only when needed:
|
|
71
|
+
|
|
72
|
+
- [Workflow and output contract](references/workflow-and-output.md) — IAM finding taxonomy, SoD conflict classification, severity assignment, output format.
|
|
73
|
+
- [Safety checklist](references/safety-checklist.md) — non-negotiables, common IAM review mistakes, when to push back.
|
|
74
|
+
- [Official sources](references/official-sources.md) — SAP IAS, IPS, XSUAA, GRC Access Control, and SoD documentation.
|
|
75
|
+
|
|
76
|
+
## Response minimum
|
|
77
|
+
|
|
78
|
+
Return, at minimum:
|
|
79
|
+
|
|
80
|
+
- **Problem classification**: IAM domain(s) affected (IAS / IPS / XSUAA / GRC / SoD) and specific finding(s) per domain.
|
|
81
|
+
- **Evidence used**: documentation-based / user-provided evidence / inference.
|
|
82
|
+
- **Risk level**: critical (SoD conflict, privilege escalation path, unmitigated access violation) / high (excessive privilege, orphaned account, missing MFA, unapproved provisioning) / medium (governance gap, missing lifecycle review, weak attribute mapping) / low (best practice deviation).
|
|
83
|
+
- **Recommended action**: specific remediation per finding (role redesign, compensating control documentation, IPS approval workflow addition, IAS MFA policy enforcement, XSUAA scope reduction, etc.).
|
|
84
|
+
- **Refusal / escalation triggers**: if unmitigated critical SoD conflicts are found, escalate to GRC / audit team before any further access approval or system change is authorized.
|
|
85
|
+
- **Business impact**: compliance risk (SOX, ISO 27001, internal audit), fraud risk, data breach risk, or access lifecycle debt.
|
|
86
|
+
- **Next verification step**: validate remediation recommendations against current role assignments and GRC ruleset before implementing access changes.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface:
|
|
2
|
+
display_name: "SAP Security IAM GRC and SoD Review"
|
|
3
|
+
short_description: "Review SAP identity and access management posture: IAS/IPS configuration, XSUAA scopes and role collections, GRC Access Control ruleset quality, and Segregation of Duties conflict classification. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations."
|
|
4
|
+
default_prompt: "Use $sap-security-iam-grc-sod-review to assess the provided SAP IAM and GRC configuration. Classify each finding by IAM domain (IAS, IPS, XSUAA, GRC, SoD), assign a risk level (critical/high/medium/low), and recommend specific remediation actions. Flag any unmitigated critical SoD conflicts for immediate escalation. State evidence level (documentation-based, user-provided, inference) and whether live system access is required to complete the review."
|
|
5
|
+
dependencies:
|
|
6
|
+
tools:
|
|
7
|
+
- type: "web"
|
|
8
|
+
value: "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication"
|
|
9
|
+
description: "SAP Cloud Identity Services documentation — primary reference for IAS and IPS configuration review"
|
|
10
|
+
policy:
|
|
11
|
+
allow_implicit_invocation: true
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "sap-security-iam-grc-sod-review",
|
|
3
|
+
"name": "SAP Security IAM GRC and SoD Review",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "sap",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"claude-code",
|
|
8
|
+
"codex",
|
|
9
|
+
"cursor",
|
|
10
|
+
"gemini",
|
|
11
|
+
"kiro",
|
|
12
|
+
"other"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Review SAP identity and access management posture: Cloud Identity Services (IAS/IPS), Authorization and Trust Management (XSUAA), role collections, GRC Access Control, and Segregation of Duties. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations. Does not access live systems.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"category": "security",
|
|
17
|
+
"official_docs": [
|
|
18
|
+
"https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication",
|
|
19
|
+
"https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-provisioning",
|
|
20
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-authorization-and-trust-management-service",
|
|
21
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/application-security-descriptor-configuration-syntax",
|
|
22
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control",
|
|
23
|
+
"https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties",
|
|
24
|
+
"https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/configure-risk-based-authentication-for-application",
|
|
25
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers"
|
|
26
|
+
],
|
|
27
|
+
"security_notes": "Does not access live SAP IAS tenants, IPS admin consoles, XSUAA service instances, GRC Access Control systems, or BTP subaccounts. Accepts only user-provided SoD conflict reports, role lists, xs-security.json files, IAS exports, IPS connector descriptions, or written IAM landscape descriptions. Never request or accept IAS admin credentials, IPS technical user passwords, XSUAA client secrets, GRC system logon credentials, or BTP service keys. Unmitigated critical SoD conflicts must be escalated to the GRC or audit team — this skill does not approve or close access violations.",
|
|
28
|
+
"last_verified": "2026-06-19",
|
|
29
|
+
"path": "skills/sap/sap-security-iam-grc-sod-review",
|
|
30
|
+
"author": "github: Raishin",
|
|
31
|
+
"version": "0.1.0",
|
|
32
|
+
"lifecycle": "experimental"
|
|
33
|
+
}
|