@raishin/vanguard-frontier-agentic 2.11.0 → 2.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +2 -2
- package/.claude-plugin/plugin.json +41 -1
- package/.cursor-plugin/plugin.json +41 -1
- package/.github/plugin/marketplace.json +1 -1
- package/README.md +11 -11
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-abap-cloud-rap-reviewer-agent/metadata.json +46 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/metadata.json +40 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/AGENT.md +58 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-analytics-cloud-planning-governance-agent/metadata.json +45 -0
- package/agents/sap/sap-audit-evidence-packager-agent/AGENT.md +58 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/copilot.agent.md +33 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/cursor.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/gemini.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-ide.agent.md +31 -0
- package/agents/sap/sap-audit-evidence-packager-agent/metadata.json +45 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/metadata.json +44 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/codex.toml +42 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-btp-entitlement-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-cap-architecture-reviewer-agent/metadata.json +42 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-clean-core-debt-reviewer-agent/metadata.json +45 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/AGENT.md +59 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-cloud-alm-sre-incident-agent/metadata.json +42 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/AGENT.md +60 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/claude-code.agent.md +39 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-custom-code-remediation-reviewer-agent/metadata.json +45 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/AGENT.md +67 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/claude-code.agent.md +46 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-data-migration-cutover-readiness-agent/metadata.json +44 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/AGENT.md +58 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-datasphere-data-product-architect-agent/metadata.json +45 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/AGENT.md +59 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-ewm-tm-logistics-execution-agent/metadata.json +44 -0
- package/agents/sap/sap-finance-fico-controls-agent/AGENT.md +59 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-finance-fico-controls-agent/metadata.json +45 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/AGENT.md +58 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/metadata.json +39 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/codex.toml +41 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-guarded-transport-import-operator-agent/metadata.json +45 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/AGENT.md +58 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-hana-cloud-performance-cost-agent/metadata.json +43 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/AGENT.md +59 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-hypercare-incident-commander-agent/metadata.json +42 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/AGENT.md +70 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/codex.toml +41 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
- package/agents/sap/sap-integration-flow-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/AGENT.md +57 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-integration-suite-reviewer-agent/metadata.json +43 -0
- package/agents/sap/sap-joule-governance-adoption-agent/AGENT.md +59 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-joule-governance-adoption-agent/metadata.json +42 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/AGENT.md +58 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-license-btp-consumption-finops-agent/metadata.json +42 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/AGENT.md +60 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/metadata.json +39 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/AGENT.md +60 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/claude-code.agent.md +40 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/codex.toml +31 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-live-readonly-landscape-discovery-agent/metadata.json +39 -0
- package/agents/sap/sap-maestro-agent/AGENT.md +60 -0
- package/agents/sap/sap-maestro-agent/harnesses/claude-code.agent.md +36 -0
- package/agents/sap/sap-maestro-agent/harnesses/codex.toml +34 -0
- package/agents/sap/sap-maestro-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-maestro-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-maestro-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-maestro-agent/metadata.json +39 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-manufacturing-execution-risk-agent/metadata.json +44 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/AGENT.md +59 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-mdg-master-data-quality-agent/metadata.json +45 -0
- package/agents/sap/sap-order-to-cash-agent/AGENT.md +59 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-order-to-cash-agent/metadata.json +44 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/AGENT.md +59 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-procurement-ariba-value-leakage-agent/metadata.json +44 -0
- package/agents/sap/sap-release-change-collision-agent/AGENT.md +59 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-release-change-collision-agent/metadata.json +42 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/AGENT.md +58 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-rise-sla-vendor-risk-agent/metadata.json +42 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/AGENT.md +73 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/claude-code.agent.md +54 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/codex.toml +43 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/copilot.agent.md +38 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/cursor.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/gemini.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-ide.agent.md +35 -0
- package/agents/sap/sap-role-assignment-guarded-operator-agent/metadata.json +41 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/AGENT.md +62 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/claude-code.agent.md +41 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/codex.toml +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-s4hana-transformation-architect-agent/metadata.json +44 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/AGENT.md +59 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/metadata.json +44 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/AGENT.md +59 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-signavio-process-mining-value-agent/metadata.json +44 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-successfactors-hr-process-risk-agent/metadata.json +42 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/AGENT.md +59 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-supply-chain-ibp-resilience-agent/metadata.json +44 -0
- package/agents/sap/sap-testing-quality-gate-agent/AGENT.md +59 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-testing-quality-gate-agent/metadata.json +42 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/AGENT.md +58 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/claude-code.agent.md +37 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/copilot.agent.md +31 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/cursor.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/gemini.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-ide.agent.md +29 -0
- package/agents/sap/sap-transformation-portfolio-triage-agent/metadata.json +42 -0
- package/agents/sap/sap-treasury-cash-risk-agent/AGENT.md +59 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/claude-code.agent.md +38 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/codex.toml +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/copilot.agent.md +32 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/cursor.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/gemini.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-cli.agent.json +1 -0
- package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-ide.agent.md +30 -0
- package/agents/sap/sap-treasury-cash-risk-agent/metadata.json +44 -0
- package/catalog/agents.json +1323 -0
- package/catalog/asset-integrity.json +2293 -43
- package/catalog/install-roles.json +94 -0
- package/catalog/skill-manifest.json +1770 -3
- package/catalog/skills.json +1912 -1
- package/package.json +1 -1
- package/plugins/cross-platform-agent-template/.codexignore +7 -0
- package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
- package/plugins/vanguard-frontier-agentic/.codexignore +7 -0
- package/powers/README.md +3 -2
- package/powers/vanguard-sap/POWER.md +43 -0
- package/schemas/agent.schema.json +1 -0
- package/schemas/skill.schema.json +1 -0
- package/scripts/generate-docs-data.mjs +1 -1
- package/scripts/generate-kiro-powers.mjs +12 -0
- package/skills/claude/add-educational-comments/metadata.json +1 -1
- package/skills/sap/sap-abap-cloud-rap-review/SKILL.md +86 -0
- package/skills/sap/sap-abap-cloud-rap-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-abap-cloud-rap-review/metadata.json +34 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/context7-framework-docs.md +126 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/official-sources.md +95 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-abap-cloud-rap-review/references/workflow-and-output.md +76 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/SKILL.md +92 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/agents/openai.yaml +11 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/metadata.json +34 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/context7-framework-docs.md +107 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/official-sources.md +91 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/safety-checklist.md +39 -0
- package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/workflow-and-output.md +75 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/SKILL.md +168 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/metadata.json +35 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/safety-checklist.md +38 -0
- package/skills/sap/sap-ai-governance-security-architecture-protocol/references/workflow-and-output.md +89 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/SKILL.md +87 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/agents/openai.yaml +11 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/metadata.json +33 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/official-sources.md +89 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/safety-checklist.md +35 -0
- package/skills/sap/sap-analytics-cloud-planning-governance/references/workflow-and-output.md +70 -0
- package/skills/sap/sap-audit-evidence-packaging/SKILL.md +92 -0
- package/skills/sap/sap-audit-evidence-packaging/agents/openai.yaml +11 -0
- package/skills/sap/sap-audit-evidence-packaging/metadata.json +33 -0
- package/skills/sap/sap-audit-evidence-packaging/references/official-sources.md +92 -0
- package/skills/sap/sap-audit-evidence-packaging/references/safety-checklist.md +38 -0
- package/skills/sap/sap-audit-evidence-packaging/references/workflow-and-output.md +129 -0
- package/skills/sap/sap-btp-governance-review/SKILL.md +84 -0
- package/skills/sap/sap-btp-governance-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-btp-governance-review/metadata.json +34 -0
- package/skills/sap/sap-btp-governance-review/references/official-sources.md +91 -0
- package/skills/sap/sap-btp-governance-review/references/safety-checklist.md +35 -0
- package/skills/sap/sap-btp-governance-review/references/workflow-and-output.md +66 -0
- package/skills/sap/sap-cap-architecture-review/SKILL.md +86 -0
- package/skills/sap/sap-cap-architecture-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-cap-architecture-review/metadata.json +34 -0
- package/skills/sap/sap-cap-architecture-review/references/context7-framework-docs.md +89 -0
- package/skills/sap/sap-cap-architecture-review/references/official-sources.md +93 -0
- package/skills/sap/sap-cap-architecture-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-cap-architecture-review/references/workflow-and-output.md +74 -0
- package/skills/sap/sap-clean-core-debt-review/SKILL.md +84 -0
- package/skills/sap/sap-clean-core-debt-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-clean-core-debt-review/metadata.json +33 -0
- package/skills/sap/sap-clean-core-debt-review/references/context7-framework-docs.md +56 -0
- package/skills/sap/sap-clean-core-debt-review/references/official-sources.md +75 -0
- package/skills/sap/sap-clean-core-debt-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-clean-core-debt-review/references/workflow-and-output.md +62 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/SKILL.md +83 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/metadata.json +33 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/official-sources.md +89 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-cloud-alm-sre-incident-review/references/workflow-and-output.md +88 -0
- package/skills/sap/sap-custom-code-remediation-review/SKILL.md +83 -0
- package/skills/sap/sap-custom-code-remediation-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-custom-code-remediation-review/metadata.json +33 -0
- package/skills/sap/sap-custom-code-remediation-review/references/official-sources.md +85 -0
- package/skills/sap/sap-custom-code-remediation-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-custom-code-remediation-review/references/workflow-and-output.md +83 -0
- package/skills/sap/sap-data-migration-cutover-readiness/SKILL.md +90 -0
- package/skills/sap/sap-data-migration-cutover-readiness/agents/openai.yaml +14 -0
- package/skills/sap/sap-data-migration-cutover-readiness/metadata.json +32 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/official-sources.md +73 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/safety-checklist.md +51 -0
- package/skills/sap/sap-data-migration-cutover-readiness/references/workflow-and-output.md +85 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/SKILL.md +162 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/metadata.json +34 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/official-sources.md +93 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/safety-checklist.md +39 -0
- package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/workflow-and-output.md +78 -0
- package/skills/sap/sap-datasphere-data-product-architecture/SKILL.md +86 -0
- package/skills/sap/sap-datasphere-data-product-architecture/agents/openai.yaml +11 -0
- package/skills/sap/sap-datasphere-data-product-architecture/metadata.json +33 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/official-sources.md +85 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/safety-checklist.md +35 -0
- package/skills/sap/sap-datasphere-data-product-architecture/references/workflow-and-output.md +70 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/SKILL.md +90 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/metadata.json +32 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/official-sources.md +79 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-ewm-tm-logistics-execution-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-finance-fico-controls-review/SKILL.md +91 -0
- package/skills/sap/sap-finance-fico-controls-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-finance-fico-controls-review/metadata.json +33 -0
- package/skills/sap/sap-finance-fico-controls-review/references/official-sources.md +89 -0
- package/skills/sap/sap-finance-fico-controls-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-finance-fico-controls-review/references/workflow-and-output.md +88 -0
- package/skills/sap/sap-fiori-ui5-ux-review/SKILL.md +87 -0
- package/skills/sap/sap-fiori-ui5-ux-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-fiori-ui5-ux-review/metadata.json +33 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/context7-framework-docs.md +128 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/official-sources.md +95 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-fiori-ui5-ux-review/references/workflow-and-output.md +96 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/SKILL.md +156 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/metadata.json +33 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/live-environment-access.md +93 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/official-sources.md +75 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/safety-checklist.md +57 -0
- package/skills/sap/sap-guarded-btp-entitlement-change/references/workflow-and-output.md +132 -0
- package/skills/sap/sap-guarded-integration-flow-change/SKILL.md +151 -0
- package/skills/sap/sap-guarded-integration-flow-change/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-integration-flow-change/metadata.json +33 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/live-environment-access.md +80 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/official-sources.md +73 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/safety-checklist.md +56 -0
- package/skills/sap/sap-guarded-integration-flow-change/references/workflow-and-output.md +122 -0
- package/skills/sap/sap-guarded-role-assignment/SKILL.md +159 -0
- package/skills/sap/sap-guarded-role-assignment/agents/openai.yaml +17 -0
- package/skills/sap/sap-guarded-role-assignment/metadata.json +33 -0
- package/skills/sap/sap-guarded-role-assignment/references/live-environment-access.md +93 -0
- package/skills/sap/sap-guarded-role-assignment/references/official-sources.md +73 -0
- package/skills/sap/sap-guarded-role-assignment/references/safety-checklist.md +57 -0
- package/skills/sap/sap-guarded-role-assignment/references/workflow-and-output.md +133 -0
- package/skills/sap/sap-guarded-transport-import/SKILL.md +144 -0
- package/skills/sap/sap-guarded-transport-import/agents/openai.yaml +14 -0
- package/skills/sap/sap-guarded-transport-import/metadata.json +34 -0
- package/skills/sap/sap-guarded-transport-import/references/live-environment-access.md +81 -0
- package/skills/sap/sap-guarded-transport-import/references/official-sources.md +79 -0
- package/skills/sap/sap-guarded-transport-import/references/safety-checklist.md +52 -0
- package/skills/sap/sap-guarded-transport-import/references/workflow-and-output.md +93 -0
- package/skills/sap/sap-hana-cloud-performance-cost/SKILL.md +87 -0
- package/skills/sap/sap-hana-cloud-performance-cost/agents/openai.yaml +11 -0
- package/skills/sap/sap-hana-cloud-performance-cost/metadata.json +33 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/context7-framework-docs.md +94 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/official-sources.md +83 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/safety-checklist.md +36 -0
- package/skills/sap/sap-hana-cloud-performance-cost/references/workflow-and-output.md +68 -0
- package/skills/sap/sap-hypercare-incident-commander-review/SKILL.md +93 -0
- package/skills/sap/sap-hypercare-incident-commander-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-hypercare-incident-commander-review/metadata.json +31 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/official-sources.md +63 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/safety-checklist.md +55 -0
- package/skills/sap/sap-hypercare-incident-commander-review/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/SKILL.md +162 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/metadata.json +35 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/safety-checklist.md +36 -0
- package/skills/sap/sap-integration-platform-businessops-protocol/references/workflow-and-output.md +76 -0
- package/skills/sap/sap-integration-suite-review/SKILL.md +87 -0
- package/skills/sap/sap-integration-suite-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-integration-suite-review/metadata.json +33 -0
- package/skills/sap/sap-integration-suite-review/references/context7-framework-docs.md +76 -0
- package/skills/sap/sap-integration-suite-review/references/official-sources.md +79 -0
- package/skills/sap/sap-integration-suite-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-integration-suite-review/references/workflow-and-output.md +78 -0
- package/skills/sap/sap-joule-governance-adoption-review/SKILL.md +83 -0
- package/skills/sap/sap-joule-governance-adoption-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-joule-governance-adoption-review/metadata.json +33 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/official-sources.md +83 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-joule-governance-adoption-review/references/workflow-and-output.md +81 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/SKILL.md +89 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/metadata.json +32 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/official-sources.md +71 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-license-btp-consumption-finops-review/references/workflow-and-output.md +69 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/SKILL.md +142 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/agents/openai.yaml +14 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/metadata.json +34 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/live-environment-access.md +151 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/official-sources.md +83 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/safety-checklist.md +49 -0
- package/skills/sap/sap-live-readonly-identity-trust-discovery/references/workflow-and-output.md +103 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/SKILL.md +135 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/agents/openai.yaml +14 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/metadata.json +34 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/live-environment-access.md +111 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/official-sources.md +83 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/safety-checklist.md +45 -0
- package/skills/sap/sap-live-readonly-landscape-discovery/references/workflow-and-output.md +102 -0
- package/skills/sap/sap-maestro/SKILL.md +81 -0
- package/skills/sap/sap-maestro/agents/openai.yaml +11 -0
- package/skills/sap/sap-maestro/metadata.json +32 -0
- package/skills/sap/sap-maestro/references/official-sources.md +53 -0
- package/skills/sap/sap-maestro/references/safety-checklist.md +39 -0
- package/skills/sap/sap-maestro/references/workflow-and-output.md +73 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/SKILL.md +89 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/metadata.json +32 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/official-sources.md +79 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-manufacturing-execution-risk-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-mdg-master-data-quality-review/SKILL.md +85 -0
- package/skills/sap/sap-mdg-master-data-quality-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-mdg-master-data-quality-review/metadata.json +33 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/official-sources.md +89 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/safety-checklist.md +37 -0
- package/skills/sap/sap-mdg-master-data-quality-review/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-order-to-cash-review/SKILL.md +89 -0
- package/skills/sap/sap-order-to-cash-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-order-to-cash-review/metadata.json +32 -0
- package/skills/sap/sap-order-to-cash-review/references/official-sources.md +79 -0
- package/skills/sap/sap-order-to-cash-review/references/safety-checklist.md +39 -0
- package/skills/sap/sap-order-to-cash-review/references/workflow-and-output.md +87 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/SKILL.md +90 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/metadata.json +32 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/official-sources.md +79 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-procurement-ariba-value-leakage-review/references/workflow-and-output.md +87 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/SKILL.md +155 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/metadata.json +35 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/official-sources.md +99 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/safety-checklist.md +36 -0
- package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/workflow-and-output.md +62 -0
- package/skills/sap/sap-release-change-collision-review/SKILL.md +92 -0
- package/skills/sap/sap-release-change-collision-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-release-change-collision-review/metadata.json +31 -0
- package/skills/sap/sap-release-change-collision-review/references/official-sources.md +63 -0
- package/skills/sap/sap-release-change-collision-review/references/safety-checklist.md +51 -0
- package/skills/sap/sap-release-change-collision-review/references/workflow-and-output.md +85 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/SKILL.md +170 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/metadata.json +33 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/official-sources.md +89 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/safety-checklist.md +39 -0
- package/skills/sap/sap-release-cutover-finance-controls-protocol/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/SKILL.md +88 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/metadata.json +32 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/official-sources.md +73 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-rise-sla-vendor-risk-review/references/workflow-and-output.md +56 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/SKILL.md +84 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/metadata.json +32 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/official-sources.md +75 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/safety-checklist.md +40 -0
- package/skills/sap/sap-s4hana-transformation-architecture-review/references/workflow-and-output.md +67 -0
- package/skills/sap/sap-security-hr-legal-protocol/SKILL.md +149 -0
- package/skills/sap/sap-security-hr-legal-protocol/agents/openai.yaml +11 -0
- package/skills/sap/sap-security-hr-legal-protocol/metadata.json +34 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/official-sources.md +89 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/safety-checklist.md +38 -0
- package/skills/sap/sap-security-hr-legal-protocol/references/workflow-and-output.md +65 -0
- package/skills/sap/sap-security-iam-grc-sod-review/SKILL.md +86 -0
- package/skills/sap/sap-security-iam-grc-sod-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-security-iam-grc-sod-review/metadata.json +33 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/official-sources.md +83 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-security-iam-grc-sod-review/references/workflow-and-output.md +79 -0
- package/skills/sap/sap-signavio-process-mining-value/SKILL.md +85 -0
- package/skills/sap/sap-signavio-process-mining-value/agents/openai.yaml +11 -0
- package/skills/sap/sap-signavio-process-mining-value/metadata.json +33 -0
- package/skills/sap/sap-signavio-process-mining-value/references/official-sources.md +89 -0
- package/skills/sap/sap-signavio-process-mining-value/references/safety-checklist.md +36 -0
- package/skills/sap/sap-signavio-process-mining-value/references/workflow-and-output.md +91 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/SKILL.md +92 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/metadata.json +33 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/official-sources.md +83 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-successfactors-hr-process-risk-review/references/workflow-and-output.md +86 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/SKILL.md +90 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/metadata.json +32 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/official-sources.md +79 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-supply-chain-ibp-resilience-review/references/workflow-and-output.md +89 -0
- package/skills/sap/sap-testing-quality-gate-review/SKILL.md +92 -0
- package/skills/sap/sap-testing-quality-gate-review/agents/openai.yaml +14 -0
- package/skills/sap/sap-testing-quality-gate-review/metadata.json +31 -0
- package/skills/sap/sap-testing-quality-gate-review/references/official-sources.md +65 -0
- package/skills/sap/sap-testing-quality-gate-review/references/safety-checklist.md +53 -0
- package/skills/sap/sap-testing-quality-gate-review/references/workflow-and-output.md +98 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/SKILL.md +87 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/metadata.json +32 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/official-sources.md +71 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/safety-checklist.md +36 -0
- package/skills/sap/sap-transformation-portfolio-triage-review/references/workflow-and-output.md +69 -0
- package/skills/sap/sap-treasury-cash-risk-review/SKILL.md +90 -0
- package/skills/sap/sap-treasury-cash-risk-review/agents/openai.yaml +11 -0
- package/skills/sap/sap-treasury-cash-risk-review/metadata.json +32 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/official-sources.md +79 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/safety-checklist.md +38 -0
- package/skills/sap/sap-treasury-cash-risk-review/references/workflow-and-output.md +89 -0
- package/tests/fixtures/sap-maestro-routing/expected/01-clean-core-debt.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/02-landscape-discovery.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/03-live-guard-transport.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/04-adversarial-injection.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/05-adversarial-persona.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/06-ambiguous.json +4 -0
- package/tests/fixtures/sap-maestro-routing/expected/07-secrets-bait.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/08-btp-governance.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/09-integration-suite.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/10-security-sod.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/11-cap-architecture.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/12-abap-cloud-rap.json +7 -0
- package/tests/fixtures/sap-maestro-routing/expected/13-ai-governance.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/14-datasphere.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/15-analytics-cloud.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/16-hana-cloud.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/17-s4hana-transformation.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/18-custom-code-remediation.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/19-data-migration-cutover.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/20-finance-fico.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/21-mdg-master-data.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/22-signavio.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/23-procurement-ariba.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/24-supply-chain-ibp.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/25-order-to-cash.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/26-treasury.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/27-ewm-tm.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/28-manufacturing.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/29-successfactors.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/30-joule.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/31-cloud-alm.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/32-transformation-portfolio.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/33-rise-sla.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/34-license-finops.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/35-testing-quality.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/36-release-collision.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/37-hypercare.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/38-identity-trust.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/39-fiori-ui5.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/40-audit-evidence.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/41-guard-role-assign.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/42-guard-iflow-deploy.json +6 -0
- package/tests/fixtures/sap-maestro-routing/expected/43-guard-entitlement.json +6 -0
- package/tests/fixtures/sap-maestro-routing/inputs/01-clean-core-debt.json +5 -0
- package/tests/fixtures/sap-maestro-routing/inputs/02-landscape-discovery.json +5 -0
- package/tests/fixtures/sap-maestro-routing/inputs/03-live-guard-transport.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/04-adversarial-injection.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/05-adversarial-persona.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/06-ambiguous.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/07-secrets-bait.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/08-btp-governance.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/09-integration-suite.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/10-security-sod.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/11-cap-architecture.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/12-abap-cloud-rap.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/13-ai-governance.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/14-datasphere.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/15-analytics-cloud.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/16-hana-cloud.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/17-s4hana-transformation.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/18-custom-code-remediation.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/19-data-migration-cutover.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/20-finance-fico.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/21-mdg-master-data.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/22-signavio.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/23-procurement-ariba.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/24-supply-chain-ibp.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/25-order-to-cash.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/26-treasury.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/27-ewm-tm.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/28-manufacturing.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/29-successfactors.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/30-joule.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/31-cloud-alm.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/32-transformation-portfolio.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/33-rise-sla.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/34-license-finops.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/35-testing-quality.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/36-release-collision.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/37-hypercare.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/38-identity-trust.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/39-fiori-ui5.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/40-audit-evidence.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/41-guard-role-assign.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/42-guard-iflow-deploy.json +7 -0
- package/tests/fixtures/sap-maestro-routing/inputs/43-guard-entitlement.json +7 -0
- package/tests/fixtures/sap-maestro-routing/taxonomy.json +509 -0
- package/tests/validate-catalog.py +1 -0
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: sap-btp-governance-review
|
|
3
|
+
description: Review SAP BTP account model governance: global account, directories, subaccounts, entitlements, quotas, environments (Cloud Foundry, Kyma), role collections, and trust configuration. Flags entitlement sprawl, over-provisioning, missing guardrails, and trust misconfiguration. Does not touch live systems.
|
|
4
|
+
allowed-tools: Read Grep Glob WebSearch WebFetch
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-06-19"
|
|
9
|
+
category: platform
|
|
10
|
+
lifecycle: experimental
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# SAP BTP Governance Review
|
|
14
|
+
|
|
15
|
+
## Purpose
|
|
16
|
+
|
|
17
|
+
Assess the governance posture of an SAP Business Technology Platform (BTP) account model. Evaluate the structural soundness of the global account hierarchy, directory layout, subaccount design, entitlement and quota allocation, environment provisioning (Cloud Foundry, Kyma, multi-environment), role collection design, trust configuration, and platform access controls. Surface entitlement sprawl, over-provisioning risks, missing administrative guardrails, and identity trust misconfigurations. Does not connect to or mutate any live BTP system.
|
|
18
|
+
|
|
19
|
+
## When to use
|
|
20
|
+
|
|
21
|
+
Use this skill when the user asks to:
|
|
22
|
+
|
|
23
|
+
- review or audit the BTP global account structure, directory hierarchy, or subaccount layout for governance compliance,
|
|
24
|
+
- assess entitlement and quota allocations across directories and subaccounts for sprawl or over-provisioning,
|
|
25
|
+
- evaluate Cloud Foundry org/space design or Kyma cluster provisioning decisions against BTP governance best practices,
|
|
26
|
+
- review role collection assignments, platform user access, and identity provider trust configuration for a BTP account,
|
|
27
|
+
- flag missing administrative guardrails such as absent emergency access procedures, unreviewed trust configurations, or uncontrolled quota consumption,
|
|
28
|
+
- plan a BTP landing zone or account model for a new project or migration,
|
|
29
|
+
- evaluate BTP entitlement management practices against the principle of least privilege.
|
|
30
|
+
|
|
31
|
+
## When not to use
|
|
32
|
+
|
|
33
|
+
- When the user needs live inspection of a BTP cockpit, running service instances, or deployed applications — this skill accepts only user-provided descriptions, exports, or architecture documents.
|
|
34
|
+
- When the request concerns application-level security within a service deployed on BTP — use `sap-security-iam-grc-sod-review` for identity and access management within services.
|
|
35
|
+
- When the request is specifically about SAP Integration Suite topology — use `sap-integration-suite-review`.
|
|
36
|
+
- When the request is about ABAP extensibility or clean core — use `sap-clean-core-debt-review`.
|
|
37
|
+
|
|
38
|
+
## Does not touch live systems
|
|
39
|
+
|
|
40
|
+
This skill operates on user-provided descriptions, architecture diagrams, exported account structure documents, BTP cockpit screenshots, or configuration summaries. It does not connect to the BTP cockpit, issue BTP REST APIs, invoke the SAP BTP CLI, read from any BTP global account, or access Cloud Foundry or Kyma APIs. All live inspection is out of scope.
|
|
41
|
+
|
|
42
|
+
## Lean operating rules
|
|
43
|
+
|
|
44
|
+
- Classify governance issues before recommending. Every finding must be classified by governance domain (account structure, entitlements, environments, roles, trust) before remediation is proposed.
|
|
45
|
+
- Apply least-privilege to entitlements. Entitlements should be assigned at the lowest scope that satisfies the business need — global-account-level entitlements are not automatically correct.
|
|
46
|
+
- Directories are optional but powerful. BTP directories can carry entitlements, role collections, and managed subaccount lifecycle; the absence of a directory structure in a large BTP estate is itself a governance risk.
|
|
47
|
+
- Subaccounts are the isolation boundary. Each subaccount has its own environment instances, trust configurations, and service bindings. Cross-subaccount blast radius is a key risk dimension.
|
|
48
|
+
- Role collections must be mapped to identity provider groups. Direct user assignments to role collections (instead of IdP group mappings) are an operational risk — they bypass centralized access lifecycle management.
|
|
49
|
+
- Cloud Foundry quotas are separate from BTP entitlements. CF org and space quotas must be reviewed alongside BTP-level entitlements to identify over-provisioning.
|
|
50
|
+
- Trust to external IdPs requires explicit review. Every trust configuration (to SAP Identity Authentication Service, Azure AD, Okta, etc.) that allows login to BTP subaccounts is a governance boundary. Unused or unconfigured default trusts are risk vectors.
|
|
51
|
+
- Evidence from user-provided artifacts or official SAP BTP documentation takes precedence over inference.
|
|
52
|
+
- Load only the reference needed for the component under review.
|
|
53
|
+
|
|
54
|
+
## Evidence rules
|
|
55
|
+
|
|
56
|
+
Label all claims with one of:
|
|
57
|
+
|
|
58
|
+
- `documentation-based` — grounded in SAP BTP Help Portal documentation, BTP account model guides, or official SAP entitlement docs
|
|
59
|
+
- `user-provided evidence` — BTP cockpit exports, architecture documents, screenshots, or configuration summaries provided by the user
|
|
60
|
+
- `inference` — derived reasoning not directly confirmed by official docs or user evidence
|
|
61
|
+
|
|
62
|
+
## Live-environment rules
|
|
63
|
+
|
|
64
|
+
**This skill does not touch live systems.** There is no BTP API call, BTP CLI invocation, cockpit session, Cloud Foundry CLI command, or Kyma kubectl command in this skill's execution path. Users must supply account structure exports, role collection lists, entitlement summaries, or written descriptions of their BTP account model for this skill to review.
|
|
65
|
+
|
|
66
|
+
## References
|
|
67
|
+
|
|
68
|
+
Load only when needed:
|
|
69
|
+
|
|
70
|
+
- [Workflow and output contract](references/workflow-and-output.md) — governance classification taxonomy, finding severity, output format.
|
|
71
|
+
- [Safety checklist](references/safety-checklist.md) — non-negotiables, common mistakes, when to push back.
|
|
72
|
+
- [Official sources](references/official-sources.md) — SAP BTP account model, entitlements, environments, role collections, trust configuration docs.
|
|
73
|
+
|
|
74
|
+
## Response minimum
|
|
75
|
+
|
|
76
|
+
Return, at minimum:
|
|
77
|
+
|
|
78
|
+
- **Problem classification**: governance domain(s) affected (account structure / entitlements / environments / roles / trust) and specific finding(s).
|
|
79
|
+
- **Evidence used**: documentation-based / user-provided evidence / inference.
|
|
80
|
+
- **Risk level**: critical (security or compliance boundary violation) / high (operational risk, sprawl, or over-provisioning) / medium (governance gap) / low (best practice deviation).
|
|
81
|
+
- **Recommended action**: specific governance remediation per finding (restructure, entitlement reduction, role collection clean-up, trust reconfiguration, or guardrail addition).
|
|
82
|
+
- **Refusal / escalation triggers**: if live BTP cockpit access or BTP API calls are required to complete the review, state that clearly and do not proceed.
|
|
83
|
+
- **Business impact**: data isolation risk, cost overrun, compliance gap, or operational incident blast radius.
|
|
84
|
+
- **Next verification step**: confirm the recommended changes against the current BTP account model before applying.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface:
|
|
2
|
+
display_name: "SAP BTP Governance Review"
|
|
3
|
+
short_description: "Review SAP BTP account model governance: global account hierarchy, directories, subaccounts, entitlements, environments, role collections, and trust configuration. Flags sprawl, over-provisioning, and missing guardrails."
|
|
4
|
+
default_prompt: "Use $sap-btp-governance-review to assess the governance posture of the provided SAP BTP account model. Classify each finding by governance domain (account structure, entitlements, environments, role collections, trust), assign a risk level (critical/high/medium/low), and recommend specific remediation actions. State evidence level and whether live system access is required to complete the review."
|
|
5
|
+
dependencies:
|
|
6
|
+
tools:
|
|
7
|
+
- type: "web"
|
|
8
|
+
value: "https://help.sap.com/docs/btp/sap-business-technology-platform/account-model"
|
|
9
|
+
description: "SAP BTP account model documentation — primary reference for global account, directory, and subaccount hierarchy governance"
|
|
10
|
+
policy:
|
|
11
|
+
allow_implicit_invocation: true
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "sap-btp-governance-review",
|
|
3
|
+
"name": "SAP BTP Governance Review",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "sap",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"claude-code",
|
|
8
|
+
"codex",
|
|
9
|
+
"cursor",
|
|
10
|
+
"gemini",
|
|
11
|
+
"kiro",
|
|
12
|
+
"other"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Review SAP BTP account model governance: global account hierarchy, directories, subaccounts, entitlements, quotas, Cloud Foundry/Kyma environments, role collections, and trust configuration. Flags entitlement sprawl, over-provisioning, and missing guardrails. Does not access live systems.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"category": "platform",
|
|
17
|
+
"official_docs": [
|
|
18
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/account-model",
|
|
19
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas",
|
|
20
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/directories",
|
|
21
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/kyma-environment",
|
|
22
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-foundry-environment",
|
|
23
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts",
|
|
24
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers",
|
|
25
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/platform-identity-provider",
|
|
26
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/security-administration-managing-authentication-and-authorization"
|
|
27
|
+
],
|
|
28
|
+
"security_notes": "Does not access live SAP BTP systems. Accepts only user-provided account structure exports, role collection lists, entitlement summaries, or written descriptions. Never request or accept BTP service keys, client secrets, OAuth tokens, global account administrator credentials, or subaccount-level platform access tokens. Governance recommendations must be validated against the live BTP account model before applying.",
|
|
29
|
+
"last_verified": "2026-06-19",
|
|
30
|
+
"path": "skills/sap/sap-btp-governance-review",
|
|
31
|
+
"author": "github: Raishin",
|
|
32
|
+
"version": "0.1.0",
|
|
33
|
+
"lifecycle": "experimental"
|
|
34
|
+
}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
# Official sources — SAP BTP Governance Review
|
|
2
|
+
|
|
3
|
+
Use this reference when grounding BTP account model governance, entitlement design, environment provisioning, role collection management, and trust configuration assessments.
|
|
4
|
+
|
|
5
|
+
**Evidence level**: documentation-based (SAP BTP Help Portal). No live-system evidence is collected by this skill.
|
|
6
|
+
|
|
7
|
+
## BTP account model and hierarchy
|
|
8
|
+
|
|
9
|
+
- SAP BTP account model
|
|
10
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/account-model
|
|
11
|
+
source_owner: SAP SE
|
|
12
|
+
topic_supported: Global account, directory, and subaccount structure; account hierarchy concepts; isolation boundaries
|
|
13
|
+
why_needed: Primary taxonomy for classifying account structure governance findings and evaluating subaccount design decisions
|
|
14
|
+
evidence_level: primary
|
|
15
|
+
last_verified: 2026-06-19
|
|
16
|
+
|
|
17
|
+
- Directories
|
|
18
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/directories
|
|
19
|
+
source_owner: SAP SE
|
|
20
|
+
topic_supported: BTP directory creation, managed lifecycle, entitlement and role collection inheritance, directory-level governance controls
|
|
21
|
+
why_needed: Authoritative source for evaluating whether directory structure is used appropriately to enforce governance boundaries across subaccounts
|
|
22
|
+
evidence_level: primary
|
|
23
|
+
last_verified: 2026-06-19
|
|
24
|
+
|
|
25
|
+
## Entitlements and quotas
|
|
26
|
+
|
|
27
|
+
- Entitlements and quotas
|
|
28
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas
|
|
29
|
+
source_owner: SAP SE
|
|
30
|
+
topic_supported: Service entitlements, quota distribution, assignment to directories and subaccounts, entitlement management lifecycle
|
|
31
|
+
why_needed: Defines the entitlement assignment model used to classify sprawl, over-provisioning, and least-privilege deviations
|
|
32
|
+
evidence_level: primary
|
|
33
|
+
last_verified: 2026-06-19
|
|
34
|
+
|
|
35
|
+
## Environments
|
|
36
|
+
|
|
37
|
+
- Cloud Foundry environment
|
|
38
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-foundry-environment
|
|
39
|
+
source_owner: SAP SE
|
|
40
|
+
topic_supported: Cloud Foundry org/space structure, quota plans, environment-level service bindings and access controls
|
|
41
|
+
why_needed: Defines CF org/space governance model and quota separation — required to assess CF-level over-provisioning alongside BTP entitlements
|
|
42
|
+
evidence_level: primary
|
|
43
|
+
last_verified: 2026-06-19
|
|
44
|
+
|
|
45
|
+
- Kyma environment
|
|
46
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/kyma-environment
|
|
47
|
+
source_owner: SAP SE
|
|
48
|
+
topic_supported: Kyma cluster provisioning, module selection, service binding, Kyma operator model, namespace-level isolation
|
|
49
|
+
why_needed: Defines the Kyma governance model for BTP subaccount-level Kubernetes workloads — required when Kyma environments are in scope
|
|
50
|
+
evidence_level: primary
|
|
51
|
+
last_verified: 2026-06-19
|
|
52
|
+
|
|
53
|
+
## Role collections and access control
|
|
54
|
+
|
|
55
|
+
- Role collections and roles in global accounts, directories, and subaccounts
|
|
56
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/role-collections-and-roles-in-global-accounts-directories-and-subaccounts
|
|
57
|
+
source_owner: SAP SE
|
|
58
|
+
topic_supported: Role collection structure, role assignment scope (global account / directory / subaccount), built-in vs. custom role collections
|
|
59
|
+
why_needed: Primary reference for classifying role collection governance findings including over-permissive assignments and direct user-to-role binding
|
|
60
|
+
evidence_level: primary
|
|
61
|
+
last_verified: 2026-06-19
|
|
62
|
+
|
|
63
|
+
- Security administration: managing authentication and authorization
|
|
64
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/security-administration-managing-authentication-and-authorization
|
|
65
|
+
source_owner: SAP SE
|
|
66
|
+
topic_supported: Platform-level authentication, authorization administration, role collection assignment via identity provider groups
|
|
67
|
+
why_needed: Defines best practice for IdP-group-based role collection assignment over direct user assignment — key for access lifecycle governance
|
|
68
|
+
evidence_level: primary
|
|
69
|
+
last_verified: 2026-06-19
|
|
70
|
+
|
|
71
|
+
## Trust and identity federation
|
|
72
|
+
|
|
73
|
+
- Trust and federation with identity providers
|
|
74
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers
|
|
75
|
+
source_owner: SAP SE
|
|
76
|
+
topic_supported: Subaccount-level trust configuration, SAML/OIDC federation, identity provider registration, attribute mapping
|
|
77
|
+
why_needed: Defines the trust configuration model — required to identify unused, misconfigured, or overly permissive trust configurations in BTP subaccounts
|
|
78
|
+
evidence_level: primary
|
|
79
|
+
last_verified: 2026-06-19
|
|
80
|
+
|
|
81
|
+
- Platform identity provider
|
|
82
|
+
https://help.sap.com/docs/btp/sap-business-technology-platform/platform-identity-provider
|
|
83
|
+
source_owner: SAP SE
|
|
84
|
+
topic_supported: Default platform identity provider (SAP ID Service), switching to a custom platform IdP, platform user lifecycle
|
|
85
|
+
why_needed: Defines the platform IdP model separate from application IdP — important for distinguishing platform-level vs. application-level trust risks
|
|
86
|
+
evidence_level: primary
|
|
87
|
+
last_verified: 2026-06-19
|
|
88
|
+
|
|
89
|
+
## Grounding rule
|
|
90
|
+
|
|
91
|
+
SAP BTP Help Portal documentation describes the designed governance model and configuration options. It does not prove what entitlements, role collections, or trust configurations exist in the user's BTP global account, nor whether the account follows these guidelines. Users must supply account exports, role collection lists, entitlement summaries, or architectural descriptions for concrete governance assessment.
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Safety checklist — SAP BTP Governance Review
|
|
2
|
+
|
|
3
|
+
Use before making any governance recommendation, especially for findings that affect trust configuration, global account administration, or entitlement assignments with cost implications.
|
|
4
|
+
|
|
5
|
+
## Non-negotiables
|
|
6
|
+
|
|
7
|
+
- Do not access, connect to, or request access to any live BTP global account, subaccount, Cloud Foundry org, or Kyma cluster. This skill reviews artifacts only.
|
|
8
|
+
- Do not accept or request BTP service keys, client secrets, OAuth tokens, platform user credentials, global account administrator passwords, or subaccount-level access tokens.
|
|
9
|
+
- Do not recommend disabling or removing a trust configuration without first confirming (with the user) that no active users or applications depend on it. A wrong trust removal can immediately lock all users out of a subaccount.
|
|
10
|
+
- Do not recommend reducing or removing entitlements without first confirming with the user which service instances are currently consuming that quota. Reducing quota below active consumption terminates running service instances.
|
|
11
|
+
- Do not conflate BTP platform roles (global account, directory, subaccount admin) with application-level roles (XSUAA role collections for deployed applications). They are separate authorization hierarchies.
|
|
12
|
+
- Do not recommend the default SAP ID Service trust as a long-term production identity strategy. Production BTP subaccounts should use a federated corporate IdP via SAP Identity Authentication Service.
|
|
13
|
+
- Do not classify a finding as `critical` without being able to trace the specific unauthorized access path or compliance breach from user-provided evidence or documentation.
|
|
14
|
+
|
|
15
|
+
## What people get wrong
|
|
16
|
+
|
|
17
|
+
- **Conflating CF org quotas with BTP entitlements**: Cloud Foundry org-level memory/service instance quotas are set separately from BTP service entitlements. Both must be reviewed independently; reducing BTP entitlements does not automatically reduce CF org quota consumption.
|
|
18
|
+
- **Treating directory entitlements as automatic subaccount distribution**: Entitlements assigned at directory level are not automatically available to subaccounts — they still require explicit assignment. Unused directory-level entitlements are still a sprawl risk.
|
|
19
|
+
- **Assuming all Kyma modules are billed**: Kyma module enablement policy varies by BTP contract type. Never make cost-impact assertions without confirming the user's BTP commercial model.
|
|
20
|
+
- **Recommending IdP group mapping without confirming the IdP group structure exists**: Role collection assignment via IdP groups only works if the identity provider is configured to assert the correct group attribute and the group exists. Recommending this without confirming IdP group readiness creates an access lockout risk.
|
|
21
|
+
- **Missing the default trust risk**: Every new BTP subaccount has SAP ID Service trust enabled by default. In production subaccounts where a corporate IdP is in use, the default SAP ID Service trust should be reviewed — leaving it enabled allows any SAP ID Service user to attempt authentication.
|
|
22
|
+
- **Ignoring emergency access procedures**: Every BTP global account should have a documented emergency access path (emergency admin user not dependent on federated IdP) in case the corporate IdP is unavailable. Absence of this is a `high` governance risk.
|
|
23
|
+
|
|
24
|
+
## When to push back
|
|
25
|
+
|
|
26
|
+
- Push back when the user asks to confirm a governance finding from memory alone without providing any account structure artifact.
|
|
27
|
+
- Push back when the user asks to recommend specific quota numbers without providing current consumption data.
|
|
28
|
+
- Push back when the user asks to disable trust configurations without first mapping which users and applications currently rely on that trust.
|
|
29
|
+
- Push back when a request requires live BTP API access — state clearly that live inspection is out of scope and ask the user to supply the relevant exports or summaries.
|
|
30
|
+
|
|
31
|
+
## Evidence labels
|
|
32
|
+
|
|
33
|
+
- `documentation-based` — grounded in SAP BTP Help Portal account model, entitlements, environments, role collections, or trust configuration docs
|
|
34
|
+
- `user-provided evidence` — BTP cockpit exports, architecture documents, role collection lists, or entitlement summaries provided by the user
|
|
35
|
+
- `inference` — derived reasoning not directly confirmed by official docs or user evidence; must always be labeled as such
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
# Workflow and output contract — SAP BTP Governance Review
|
|
2
|
+
|
|
3
|
+
Use this reference for all finding classification, risk assignment, remediation path selection, and output formatting.
|
|
4
|
+
|
|
5
|
+
## Governance domain taxonomy
|
|
6
|
+
|
|
7
|
+
| Domain | Scope | Typical findings |
|
|
8
|
+
|--------|-------|-----------------|
|
|
9
|
+
| `account-structure` | Global account, directory layout, subaccount design | Flat structure with no directories, production/non-production in same subaccount, no naming convention |
|
|
10
|
+
| `entitlements` | Service entitlements and quota assignments at directory/subaccount level | Entitlement sprawl, unused quota, global-account-level entitlement when subaccount scope would suffice |
|
|
11
|
+
| `environments` | Cloud Foundry org/space, Kyma cluster provisioning | Over-provisioned CF quotas, unused environment instances, missing space-level quota restrictions |
|
|
12
|
+
| `role-collections` | Platform and application role collection assignments | Direct user assignment instead of IdP group mapping, over-permissive built-in role collections, unused custom role collections |
|
|
13
|
+
| `trust` | Identity provider trust configuration per subaccount | Default SAP ID Service trust not disabled when custom IdP is in use, unconfigured attribute mappings, redundant trust entries |
|
|
14
|
+
|
|
15
|
+
## Risk severity classification
|
|
16
|
+
|
|
17
|
+
| Risk level | Criteria |
|
|
18
|
+
|-----------|---------|
|
|
19
|
+
| `critical` | Security or compliance boundary violation: unauthorized access path, identity trust misconfiguration enabling unintended login, missing MFA enforcement on platform users |
|
|
20
|
+
| `high` | Operational risk: entitlement over-provisioning causing cost overrun, role collection granting global account admin to non-admin users, no emergency access procedure |
|
|
21
|
+
| `medium` | Governance gap: no directory structure in large BTP estate, direct user role assignment (vs. IdP group mapping), unused environment instances consuming quota |
|
|
22
|
+
| `low` | Best practice deviation: inconsistent naming convention, missing account tags, undocumented subaccount purpose |
|
|
23
|
+
|
|
24
|
+
## Remediation path decision tree
|
|
25
|
+
|
|
26
|
+
For each finding:
|
|
27
|
+
|
|
28
|
+
1. **Is this a trust misconfiguration with an active unauthorized login path?**
|
|
29
|
+
- Yes → `critical`. Disable the trust entry or remove the misconfigured attribute mapping immediately. Do not defer.
|
|
30
|
+
- No → continue.
|
|
31
|
+
|
|
32
|
+
2. **Does the finding grant excessive platform or global account admin access?**
|
|
33
|
+
- Yes → `high`. Remove direct user assignments; replace with IdP group-mapped role collections scoped to least privilege.
|
|
34
|
+
- No → continue.
|
|
35
|
+
|
|
36
|
+
3. **Is this an entitlement or quota over-provisioning issue?**
|
|
37
|
+
- Yes → `high` or `medium` depending on scale. Reduce entitlement quota to match actual consumption + reasonable headroom. Move entitlement to subaccount scope if currently set at global account scope unnecessarily.
|
|
38
|
+
- No → continue.
|
|
39
|
+
|
|
40
|
+
4. **Is this a structural gap (no directories, flat subaccount structure, no naming convention)?**
|
|
41
|
+
- Yes → `medium`. Recommend adding a directory tier with entitlement-managed and managed-subaccount-lifecycle policies. Define naming and tagging conventions.
|
|
42
|
+
- No → continue.
|
|
43
|
+
|
|
44
|
+
5. **Is this a best practice deviation with no immediate risk?**
|
|
45
|
+
- Yes → `low`. Provide guidance for future alignment; do not block.
|
|
46
|
+
|
|
47
|
+
## Workflow
|
|
48
|
+
|
|
49
|
+
1. **Receive artifacts** — BTP account structure exports, cockpit screenshots, role collection lists, entitlement summaries, or user descriptions.
|
|
50
|
+
2. **Classify each finding** by governance domain.
|
|
51
|
+
3. **Assign risk level** (critical / high / medium / low).
|
|
52
|
+
4. **Apply remediation decision tree** per finding.
|
|
53
|
+
5. **Prioritize** — critical findings first; then high; then medium structural gaps; then low best-practice items.
|
|
54
|
+
6. **Return output** per the output contract below.
|
|
55
|
+
|
|
56
|
+
## Output contract
|
|
57
|
+
|
|
58
|
+
Return:
|
|
59
|
+
|
|
60
|
+
1. Governance domain and specific finding
|
|
61
|
+
2. Evidence label (documentation-based / user-provided evidence / inference)
|
|
62
|
+
3. Risk level per finding (critical / high / medium / low)
|
|
63
|
+
4. Recommended remediation action (trust removal, entitlement reduction, role collection restructure, directory addition, etc.)
|
|
64
|
+
5. Governance posture after remediation
|
|
65
|
+
6. Prioritized remediation sequence
|
|
66
|
+
7. Escalation trigger if live BTP cockpit access is required to confirm the finding before remediation
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: sap-cap-architecture-review
|
|
3
|
+
description: Review SAP Cloud Application Programming Model (CAP) applications for CDS data modeling quality, service layer design, authorization correctness (@requires/@restrict), multitenancy architecture, draft handling, and test coverage. Use when assessing CAP Node.js or Java projects for architectural compliance, security posture, and clean service design. Does not touch live systems.
|
|
4
|
+
allowed-tools: Read Grep Glob WebSearch WebFetch
|
|
5
|
+
metadata:
|
|
6
|
+
author: "github: Raishin"
|
|
7
|
+
version: "0.1.0"
|
|
8
|
+
updated: "2026-06-19"
|
|
9
|
+
category: architecture
|
|
10
|
+
lifecycle: experimental
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# SAP CAP Architecture Review
|
|
14
|
+
|
|
15
|
+
## Purpose
|
|
16
|
+
|
|
17
|
+
Assess the architecture, security posture, and operational quality of SAP Cloud Application Programming Model (CAP) applications. Review CDS data model design for normalization, association correctness, and annotation quality. Assess the service layer for separation of concerns, projection completeness, and anti-pattern avoidance. Review authorization configuration (`@requires`, `@restrict`) for correctness and enforcement. Evaluate multitenancy design for tenant isolation, extensibility readiness, and MTX service wiring. Assess draft handling for consistency, activation logic, and side-effect completeness. Review test coverage for CAP-specific test patterns. Does not connect to or mutate any live CAP application, BTP service, or database.
|
|
18
|
+
|
|
19
|
+
## When to use
|
|
20
|
+
|
|
21
|
+
Use this skill when the user asks to:
|
|
22
|
+
|
|
23
|
+
- review CDS entity and service definitions for modeling quality, association correctness, projection anti-patterns, or annotation completeness,
|
|
24
|
+
- assess CAP authorization annotations (`@requires`, `@restrict`) for correctness, missing access controls, or role design gaps,
|
|
25
|
+
- evaluate multitenancy architecture: MTX service wiring, tenant onboarding flow, extensibility activation, `cds.requires.multitenancy` configuration,
|
|
26
|
+
- review draft handling design: draft-enabled entities, activation hooks, side effects, draft lock expiry, and cancel behavior,
|
|
27
|
+
- audit CAP test coverage: `cds.test` unit patterns, integration test setup, mock authentication usage, and CDS test environment teardown,
|
|
28
|
+
- identify CAP anti-patterns: direct database access bypassing the service layer, missing `@readonly` on projection fields, incorrect `up_` association exposure, or unguarded actions,
|
|
29
|
+
- assess CAP application readiness for SAP BTP production deployment: profile configuration, feature toggles, and `package.json` `cds` block correctness.
|
|
30
|
+
|
|
31
|
+
## When not to use
|
|
32
|
+
|
|
33
|
+
- When the request is about ABAP-side RAP business objects or ABAP Cloud compliance — use `sap-abap-cloud-rap-review`.
|
|
34
|
+
- When the request is about Integration Suite iFlow or API Management configuration — use `sap-integration-suite-review`.
|
|
35
|
+
- When the request requires live CAP application inspection, database query execution, or BTP service key access — this skill accepts only user-provided code artifacts, CDS model files, `package.json`, or written descriptions.
|
|
36
|
+
- When the request is about SAP Fiori / UI5 frontend code rather than the CAP backend service layer.
|
|
37
|
+
|
|
38
|
+
## Does not touch live systems
|
|
39
|
+
|
|
40
|
+
This skill operates on user-provided CDS source files, `package.json` configuration, `srv/` handler files, test file excerpts, MTX configuration, or written descriptions of the CAP application architecture. It does not connect to any BTP subaccount, CAP runtime, HANA database, or deployment pipeline. All live inspection is out of scope.
|
|
41
|
+
|
|
42
|
+
## Lean operating rules
|
|
43
|
+
|
|
44
|
+
- Classify findings before recommending. Every finding must be assigned to a review domain (CDS Modeling / Service Layer / Authorization / Multitenancy / Draft / Testing / Deployment Config) before remediation is proposed.
|
|
45
|
+
- Authorization is non-negotiable. A CAP service or entity with no `@requires` or `@restrict` annotation is accessible to any authenticated — or unauthenticated — caller depending on CAP runtime version. An unguarded service exposed to external callers is a `critical` finding.
|
|
46
|
+
- `@restrict` is preferred over `@requires` for entity-level access control. `@requires` on a service grants blanket access; `@restrict` with `grant`/`to`/`where` clauses gives fine-grained operation-level control. A service using only service-level `@requires` with no entity-level `@restrict` is a `medium` finding when business data sensitivity is high.
|
|
47
|
+
- Direct database access in service handlers bypasses CAP authorization enforcement. Any `SELECT` from `db.run(SELECT.from(...))` inside a service handler that circumvents the CAP service layer authorization is a `high` finding.
|
|
48
|
+
- Multitenancy requires explicit MTX wiring. A CAP application configured with `cds.requires.multitenancy: true` but missing `@sap/cds-mtxs` dependency, subscriber passcode configuration, or tenant upgrade hooks is a `high` finding.
|
|
49
|
+
- Draft handling activation must be complete. A draft-enabled entity missing an `activate` action implementation, `draftActivate` side-effect hook, or proper `BeforeSave` validation is a `high` finding for transactional correctness.
|
|
50
|
+
- Test isolation is required. CAP integration tests that use a shared `cds.test` instance without proper `beforeAll`/`afterAll` teardown, or that test against a live HANA target rather than in-memory SQLite, are `medium` findings for test reliability.
|
|
51
|
+
- Evidence from official SAP CAP documentation and user-provided artifacts takes precedence over inference.
|
|
52
|
+
- Load only the reference needed for the component in scope.
|
|
53
|
+
|
|
54
|
+
## Evidence rules
|
|
55
|
+
|
|
56
|
+
Label all claims with one of:
|
|
57
|
+
|
|
58
|
+
- `documentation-based` — grounded in official SAP CAP documentation (cap.cloud.sap, SAP Help Portal)
|
|
59
|
+
- `user-provided evidence` — CDS model files, service handler code, `package.json`, test files, or written descriptions provided by the user
|
|
60
|
+
- `context7-supplementary` — grounded in CAP framework docs fetched from Context7 (supplementary to official SAP CAP docs; applies for CDS modeling, authorization, multitenancy, and draft patterns)
|
|
61
|
+
- `inference` — derived reasoning not directly confirmed by official docs or user evidence
|
|
62
|
+
|
|
63
|
+
## Live-environment rules
|
|
64
|
+
|
|
65
|
+
**This skill does not touch live systems.** There is no CAP runtime API call, BTP service binding access, HANA database connection, or BTP cockpit access in this skill's execution path. Users must supply CDS source files, handler code excerpts, configuration files, or written descriptions of their CAP application for this skill to review.
|
|
66
|
+
|
|
67
|
+
## References
|
|
68
|
+
|
|
69
|
+
Load only when needed:
|
|
70
|
+
|
|
71
|
+
- [Workflow and output contract](references/workflow-and-output.md) — review domain taxonomy, severity classification, output format.
|
|
72
|
+
- [Safety checklist](references/safety-checklist.md) — non-negotiables, common CAP mistakes, when to push back.
|
|
73
|
+
- [Official sources](references/official-sources.md) — SAP CAP docs, CDS language reference, authorization guides, multitenancy, draft handling.
|
|
74
|
+
- [Context7 framework docs](references/context7-framework-docs.md) — CAP authorization patterns, CDS service modeling, multitenancy, and draft handling (supplementary; strongly applies for this skill).
|
|
75
|
+
|
|
76
|
+
## Response minimum
|
|
77
|
+
|
|
78
|
+
Return, at minimum:
|
|
79
|
+
|
|
80
|
+
- **Problem classification**: review domain(s) in scope and specific finding(s) per domain.
|
|
81
|
+
- **Evidence used**: documentation-based / user-provided evidence / context7-supplementary / inference.
|
|
82
|
+
- **Risk level**: critical (security or data integrity risk) / high (correctness or operational reliability risk) / medium (governance or maintainability gap) / low (best practice deviation).
|
|
83
|
+
- **Recommended action**: specific remediation per finding (add `@restrict` annotation, wire MTX service, implement `draftActivate` hook, add test teardown, etc.).
|
|
84
|
+
- **Refusal / escalation triggers**: if live CAP runtime access, BTP service binding, or database inspection is required to complete the review, state that clearly and do not proceed.
|
|
85
|
+
- **Business impact**: security exposure, data integrity risk, multitenancy isolation failure, or test reliability gap.
|
|
86
|
+
- **Next verification step**: validate recommended changes against the current CAP runtime version and BTP deployment target before deploying.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface:
|
|
2
|
+
display_name: "SAP CAP Architecture Review"
|
|
3
|
+
short_description: "Review SAP CAP applications for CDS modeling quality, service authorization (@requires/@restrict), multitenancy design, draft handling, and test coverage"
|
|
4
|
+
default_prompt: "Use $sap-cap-architecture-review to assess the provided SAP CAP application artifacts. Classify findings by domain (CDS Modeling / Service Layer / Authorization / Multitenancy / Draft / Testing / Deployment Config), assign severity (critical / high / medium / low), state evidence level (documentation-based / user-provided evidence / context7-supplementary / inference), and recommend specific remediation per finding. Flag any unguarded services or entities as critical."
|
|
5
|
+
dependencies:
|
|
6
|
+
tools:
|
|
7
|
+
- type: "web"
|
|
8
|
+
value: "https://cap.cloud.sap/docs/guides/security/authorization"
|
|
9
|
+
description: "SAP CAP authorization guide — verify @requires/@restrict annotation correctness and enforcement behavior for the target CAP runtime version"
|
|
10
|
+
policy:
|
|
11
|
+
allow_implicit_invocation: true
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "sap-cap-architecture-review",
|
|
3
|
+
"name": "SAP CAP Architecture Review",
|
|
4
|
+
"type": "skill",
|
|
5
|
+
"provider": "sap",
|
|
6
|
+
"harnesses": [
|
|
7
|
+
"claude-code",
|
|
8
|
+
"codex",
|
|
9
|
+
"cursor",
|
|
10
|
+
"gemini",
|
|
11
|
+
"kiro",
|
|
12
|
+
"other"
|
|
13
|
+
],
|
|
14
|
+
"summary": "Review SAP Cloud Application Programming Model (CAP) applications for CDS modeling quality, service layer design, authorization correctness (@requires/@restrict), multitenancy architecture, draft handling, and test coverage. Does not access live systems.",
|
|
15
|
+
"source_type": "original",
|
|
16
|
+
"category": "architecture",
|
|
17
|
+
"official_docs": [
|
|
18
|
+
"https://cap.cloud.sap/docs/guides/security/authorization",
|
|
19
|
+
"https://cap.cloud.sap/docs/guides/providing-services",
|
|
20
|
+
"https://cap.cloud.sap/docs/guides/multitenancy/",
|
|
21
|
+
"https://cap.cloud.sap/docs/guides/fiori/draft-support",
|
|
22
|
+
"https://cap.cloud.sap/docs/guides/testing/",
|
|
23
|
+
"https://cap.cloud.sap/docs/cds/cdl",
|
|
24
|
+
"https://help.sap.com/docs/btp/sap-business-technology-platform/sap-cloud-application-programming-model",
|
|
25
|
+
"https://cap.cloud.sap/docs/node.js/cds-facade",
|
|
26
|
+
"https://cap.cloud.sap/docs/java/security"
|
|
27
|
+
],
|
|
28
|
+
"security_notes": "Does not access live CAP applications, BTP subaccounts, HANA databases, or deployment pipelines. Accepts only user-provided CDS source files, service handler code, package.json, test files, or written descriptions. Never request or accept BTP service keys, HANA credentials, OAuth client secrets, or subaccount tenant IDs. Authorization findings (missing @requires/@restrict) must be validated against the deployed CAP runtime version before remediation.",
|
|
29
|
+
"last_verified": "2026-06-19",
|
|
30
|
+
"path": "skills/sap/sap-cap-architecture-review",
|
|
31
|
+
"author": "github: Raishin",
|
|
32
|
+
"version": "0.1.0",
|
|
33
|
+
"lifecycle": "experimental"
|
|
34
|
+
}
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
# Context7 framework docs — SAP CAP Architecture Review
|
|
2
|
+
|
|
3
|
+
**Role**: supplementary. Official SAP CAP documentation at cap.cloud.sap is the primary source for all architecture guidance. Context7-sourced CAP documentation supplements with code-level examples and implementation detail for authorization, multitenancy, and draft patterns.
|
|
4
|
+
|
|
5
|
+
**Library used**: SAP Cloud Application Programming Model (CAP)
|
|
6
|
+
Context7 library ID: `/websites/cap_cloud_sap`
|
|
7
|
+
Lookup targets: CDS service authorization (@requires/@restrict), multitenancy extensibility, CAP draft handling, CDS modeling patterns
|
|
8
|
+
Skill: `sap-cap-architecture-review`
|
|
9
|
+
Classification: supplementary — strongly applies for this skill
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## CAP @requires — service-level authorization (supplementary)
|
|
14
|
+
|
|
15
|
+
Source: cap.cloud.sap (Context7 `/websites/cap_cloud_sap`)
|
|
16
|
+
Reference: https://cap.cloud.sap/docs/guides/security/remote-authentication
|
|
17
|
+
|
|
18
|
+
The `@requires` annotation on a CDS service restricts access to callers holding a specified role. This works for both user-facing and App-2-App (technical user) flows.
|
|
19
|
+
|
|
20
|
+
```cds
|
|
21
|
+
using { sap.capire.flights.data as data } from './data-service';
|
|
22
|
+
|
|
23
|
+
annotate data with @(requires: 'data-consumer');
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
A service with no `@requires` annotation is accessible without role restriction. In App-2-App IAS flows, the role is derived from the IAS API identifier registered with the service.
|
|
27
|
+
|
|
28
|
+
**Relevance**: Use this pattern to assess whether externally exposed CAP services have role-based guards and to classify services missing `@requires` as critical or high findings depending on exposure scope.
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## CAP @restrict — entity-level fine-grained access control (supplementary)
|
|
33
|
+
|
|
34
|
+
Source: cap.cloud.sap (Context7 `/websites/cap_cloud_sap`)
|
|
35
|
+
Reference: https://cap.cloud.sap/docs/guides/security/authorization
|
|
36
|
+
|
|
37
|
+
`@restrict` provides operation-level, role-specific, and instance-level access control on CDS service entities and actions. It is preferred over `@requires` for entities containing sensitive business data.
|
|
38
|
+
|
|
39
|
+
```cds
|
|
40
|
+
service CustomerService @(requires: 'authenticated-user') {
|
|
41
|
+
entity Products @(restrict: [
|
|
42
|
+
{ grant: 'READ' },
|
|
43
|
+
{ grant: 'WRITE', to: 'Vendor' },
|
|
44
|
+
{ grant: 'addRating', to: 'Customer'}
|
|
45
|
+
]) {/*...*/}
|
|
46
|
+
actions {
|
|
47
|
+
action addRating (stars: Integer);
|
|
48
|
+
}
|
|
49
|
+
entity Orders @(restrict: [
|
|
50
|
+
{ grant: '*', to: 'Customer', where: (CreatedBy = $user) }
|
|
51
|
+
]) {/*...*/}
|
|
52
|
+
action monthlyBalance @(requires: 'Vendor') ();
|
|
53
|
+
}
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Key patterns:
|
|
57
|
+
- `grant: 'READ'` without `to:` allows any authenticated user to read (matches service-level `@requires`).
|
|
58
|
+
- `grant: 'WRITE', to: 'Vendor'` restricts write operations to the `Vendor` role.
|
|
59
|
+
- `where: (CreatedBy = $user)` restricts instance access — each customer sees only their own orders.
|
|
60
|
+
- CAP runtime enforces `@restrict` server-side before any resource access.
|
|
61
|
+
|
|
62
|
+
**Relevance**: The central annotation model for entity-level security review. Use to assess whether `where` clauses are present for tenant-scoped or user-scoped data, whether write operations are role-restricted, and whether actions have explicit authorization guards.
|
|
63
|
+
|
|
64
|
+
---
|
|
65
|
+
|
|
66
|
+
## CAP default authorization stance (supplementary)
|
|
67
|
+
|
|
68
|
+
Source: cap.cloud.sap (Context7 `/websites/cap_cloud_sap`)
|
|
69
|
+
Reference: https://cap.cloud.sap/docs/guides/security/data-protection
|
|
70
|
+
|
|
71
|
+
> By default, CAP services and entities are not authorized, requiring developers to design and test access rules.
|
|
72
|
+
|
|
73
|
+
The CAP runtime guarantees server-side enforcement only after authorization annotations are explicitly declared. The absence of `@requires` or `@restrict` on a service or entity means no authorization enforcement — not a default-deny posture.
|
|
74
|
+
|
|
75
|
+
**Relevance**: This is the foundational reason why missing annotations are a critical or high finding. The default is permissive, not restrictive. Every service and entity exposed to external callers must have explicit annotation coverage.
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
## Scope boundaries for Context7 usage
|
|
80
|
+
|
|
81
|
+
Context7 CAP documentation applies to all CAP review domains in this skill:
|
|
82
|
+
|
|
83
|
+
- **Authorization** (`@requires`, `@restrict`, `where` clauses): directly applicable
|
|
84
|
+
- **CDS Modeling** (entity/service definitions, projection patterns): directly applicable
|
|
85
|
+
- **Multitenancy** (MTX wiring, extensibility activation): applicable for `cds add extensibility` and `@sap/cds-mtxs` patterns
|
|
86
|
+
- **Draft Handling**: applicable for `draftActivate` and `BeforeSave` handler patterns
|
|
87
|
+
- **Testing**: applicable for `cds.test` setup and mock authentication patterns
|
|
88
|
+
|
|
89
|
+
Always label Context7-sourced guidance as `context7-supplementary` in responses. For runtime version-specific behavior (e.g., `@sap/cds` 7.x vs 8.x), direct the user to verify against the official cap.cloud.sap changelog.
|