@raishin/vanguard-frontier-agentic 2.11.0 → 2.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (758) hide show
  1. package/.claude-plugin/marketplace.json +2 -2
  2. package/.claude-plugin/plugin.json +41 -1
  3. package/.cursor-plugin/plugin.json +41 -1
  4. package/.github/plugin/marketplace.json +1 -1
  5. package/README.md +11 -11
  6. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/AGENT.md +57 -0
  7. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  8. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/codex.toml +30 -0
  9. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/copilot.agent.md +31 -0
  10. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/cursor.agent.md +29 -0
  11. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/gemini.agent.md +29 -0
  12. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  13. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  14. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/metadata.json +46 -0
  15. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/AGENT.md +58 -0
  16. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  17. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/codex.toml +31 -0
  18. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/copilot.agent.md +32 -0
  19. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/cursor.agent.md +30 -0
  20. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/gemini.agent.md +30 -0
  21. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  22. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  23. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/metadata.json +40 -0
  24. package/agents/sap/sap-analytics-cloud-planning-governance-agent/AGENT.md +58 -0
  25. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/claude-code.agent.md +37 -0
  26. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/codex.toml +30 -0
  27. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/copilot.agent.md +31 -0
  28. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/cursor.agent.md +29 -0
  29. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/gemini.agent.md +29 -0
  30. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-cli.agent.json +1 -0
  31. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-ide.agent.md +29 -0
  32. package/agents/sap/sap-analytics-cloud-planning-governance-agent/metadata.json +45 -0
  33. package/agents/sap/sap-audit-evidence-packager-agent/AGENT.md +58 -0
  34. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/claude-code.agent.md +38 -0
  35. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/codex.toml +30 -0
  36. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/copilot.agent.md +33 -0
  37. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/cursor.agent.md +31 -0
  38. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/gemini.agent.md +31 -0
  39. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-cli.agent.json +1 -0
  40. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-ide.agent.md +31 -0
  41. package/agents/sap/sap-audit-evidence-packager-agent/metadata.json +45 -0
  42. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/AGENT.md +58 -0
  43. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  44. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/codex.toml +30 -0
  45. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/copilot.agent.md +31 -0
  46. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/cursor.agent.md +29 -0
  47. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/gemini.agent.md +29 -0
  48. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  49. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  50. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/metadata.json +44 -0
  51. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/AGENT.md +70 -0
  52. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  53. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/codex.toml +42 -0
  54. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  55. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  56. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  57. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  58. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  59. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/metadata.json +41 -0
  60. package/agents/sap/sap-cap-architecture-reviewer-agent/AGENT.md +57 -0
  61. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  62. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/codex.toml +30 -0
  63. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/copilot.agent.md +31 -0
  64. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/cursor.agent.md +29 -0
  65. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/gemini.agent.md +29 -0
  66. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  67. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  68. package/agents/sap/sap-cap-architecture-reviewer-agent/metadata.json +42 -0
  69. package/agents/sap/sap-clean-core-debt-reviewer-agent/AGENT.md +58 -0
  70. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  71. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/codex.toml +31 -0
  72. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/copilot.agent.md +31 -0
  73. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/cursor.agent.md +29 -0
  74. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/gemini.agent.md +29 -0
  75. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  76. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  77. package/agents/sap/sap-clean-core-debt-reviewer-agent/metadata.json +45 -0
  78. package/agents/sap/sap-cloud-alm-sre-incident-agent/AGENT.md +59 -0
  79. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/claude-code.agent.md +38 -0
  80. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/codex.toml +30 -0
  81. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/copilot.agent.md +32 -0
  82. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/cursor.agent.md +30 -0
  83. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/gemini.agent.md +30 -0
  84. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-cli.agent.json +1 -0
  85. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-ide.agent.md +30 -0
  86. package/agents/sap/sap-cloud-alm-sre-incident-agent/metadata.json +42 -0
  87. package/agents/sap/sap-custom-code-remediation-reviewer-agent/AGENT.md +60 -0
  88. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/claude-code.agent.md +39 -0
  89. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/codex.toml +29 -0
  90. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/copilot.agent.md +31 -0
  91. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/cursor.agent.md +29 -0
  92. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/gemini.agent.md +29 -0
  93. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  94. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  95. package/agents/sap/sap-custom-code-remediation-reviewer-agent/metadata.json +45 -0
  96. package/agents/sap/sap-data-migration-cutover-readiness-agent/AGENT.md +67 -0
  97. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/claude-code.agent.md +46 -0
  98. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/codex.toml +30 -0
  99. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/copilot.agent.md +32 -0
  100. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/cursor.agent.md +30 -0
  101. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/gemini.agent.md +30 -0
  102. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-cli.agent.json +1 -0
  103. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-ide.agent.md +30 -0
  104. package/agents/sap/sap-data-migration-cutover-readiness-agent/metadata.json +44 -0
  105. package/agents/sap/sap-datasphere-data-product-architect-agent/AGENT.md +58 -0
  106. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/claude-code.agent.md +37 -0
  107. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/codex.toml +30 -0
  108. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/copilot.agent.md +31 -0
  109. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/cursor.agent.md +29 -0
  110. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/gemini.agent.md +29 -0
  111. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  112. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  113. package/agents/sap/sap-datasphere-data-product-architect-agent/metadata.json +45 -0
  114. package/agents/sap/sap-ewm-tm-logistics-execution-agent/AGENT.md +59 -0
  115. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/codex.toml +30 -0
  117. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/copilot.agent.md +32 -0
  118. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/cursor.agent.md +30 -0
  119. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/gemini.agent.md +30 -0
  120. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-cli.agent.json +1 -0
  121. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-ide.agent.md +30 -0
  122. package/agents/sap/sap-ewm-tm-logistics-execution-agent/metadata.json +44 -0
  123. package/agents/sap/sap-finance-fico-controls-agent/AGENT.md +59 -0
  124. package/agents/sap/sap-finance-fico-controls-agent/harnesses/claude-code.agent.md +38 -0
  125. package/agents/sap/sap-finance-fico-controls-agent/harnesses/codex.toml +30 -0
  126. package/agents/sap/sap-finance-fico-controls-agent/harnesses/copilot.agent.md +32 -0
  127. package/agents/sap/sap-finance-fico-controls-agent/harnesses/cursor.agent.md +30 -0
  128. package/agents/sap/sap-finance-fico-controls-agent/harnesses/gemini.agent.md +30 -0
  129. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-cli.agent.json +1 -0
  130. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-ide.agent.md +30 -0
  131. package/agents/sap/sap-finance-fico-controls-agent/metadata.json +45 -0
  132. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/AGENT.md +58 -0
  133. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  134. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/codex.toml +29 -0
  135. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/copilot.agent.md +32 -0
  136. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/cursor.agent.md +30 -0
  137. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/gemini.agent.md +30 -0
  138. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  139. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  140. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/metadata.json +39 -0
  141. package/agents/sap/sap-guarded-transport-import-operator-agent/AGENT.md +70 -0
  142. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/claude-code.agent.md +51 -0
  143. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/codex.toml +41 -0
  144. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/copilot.agent.md +36 -0
  145. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/cursor.agent.md +33 -0
  146. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/gemini.agent.md +33 -0
  147. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  148. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  149. package/agents/sap/sap-guarded-transport-import-operator-agent/metadata.json +45 -0
  150. package/agents/sap/sap-hana-cloud-performance-cost-agent/AGENT.md +58 -0
  151. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/claude-code.agent.md +37 -0
  152. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/codex.toml +30 -0
  153. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/copilot.agent.md +31 -0
  154. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/cursor.agent.md +29 -0
  155. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/gemini.agent.md +29 -0
  156. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-cli.agent.json +1 -0
  157. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-ide.agent.md +29 -0
  158. package/agents/sap/sap-hana-cloud-performance-cost-agent/metadata.json +43 -0
  159. package/agents/sap/sap-hypercare-incident-commander-agent/AGENT.md +59 -0
  160. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/claude-code.agent.md +38 -0
  161. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/codex.toml +30 -0
  162. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/copilot.agent.md +32 -0
  163. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/cursor.agent.md +30 -0
  164. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/gemini.agent.md +30 -0
  165. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-cli.agent.json +1 -0
  166. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-ide.agent.md +30 -0
  167. package/agents/sap/sap-hypercare-incident-commander-agent/metadata.json +42 -0
  168. package/agents/sap/sap-integration-flow-guarded-operator-agent/AGENT.md +70 -0
  169. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  170. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/codex.toml +41 -0
  171. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  172. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  173. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  174. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  175. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  176. package/agents/sap/sap-integration-flow-guarded-operator-agent/metadata.json +41 -0
  177. package/agents/sap/sap-integration-suite-reviewer-agent/AGENT.md +57 -0
  178. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  179. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/codex.toml +30 -0
  180. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/copilot.agent.md +31 -0
  181. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/cursor.agent.md +29 -0
  182. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/gemini.agent.md +29 -0
  183. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  184. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  185. package/agents/sap/sap-integration-suite-reviewer-agent/metadata.json +43 -0
  186. package/agents/sap/sap-joule-governance-adoption-agent/AGENT.md +59 -0
  187. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/claude-code.agent.md +38 -0
  188. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/codex.toml +30 -0
  189. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/copilot.agent.md +32 -0
  190. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/cursor.agent.md +30 -0
  191. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/gemini.agent.md +30 -0
  192. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-cli.agent.json +1 -0
  193. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-ide.agent.md +30 -0
  194. package/agents/sap/sap-joule-governance-adoption-agent/metadata.json +42 -0
  195. package/agents/sap/sap-license-btp-consumption-finops-agent/AGENT.md +58 -0
  196. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/claude-code.agent.md +37 -0
  197. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/codex.toml +30 -0
  198. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/copilot.agent.md +31 -0
  199. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/cursor.agent.md +29 -0
  200. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/gemini.agent.md +29 -0
  201. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-cli.agent.json +1 -0
  202. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-ide.agent.md +29 -0
  203. package/agents/sap/sap-license-btp-consumption-finops-agent/metadata.json +42 -0
  204. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/AGENT.md +60 -0
  205. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/claude-code.agent.md +40 -0
  206. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/codex.toml +31 -0
  207. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/copilot.agent.md +32 -0
  208. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/cursor.agent.md +30 -0
  209. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/gemini.agent.md +30 -0
  210. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  211. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  212. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/metadata.json +39 -0
  213. package/agents/sap/sap-live-readonly-landscape-discovery-agent/AGENT.md +60 -0
  214. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/claude-code.agent.md +40 -0
  215. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/codex.toml +31 -0
  216. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/copilot.agent.md +32 -0
  217. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/cursor.agent.md +30 -0
  218. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/gemini.agent.md +30 -0
  219. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  220. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  221. package/agents/sap/sap-live-readonly-landscape-discovery-agent/metadata.json +39 -0
  222. package/agents/sap/sap-maestro-agent/AGENT.md +60 -0
  223. package/agents/sap/sap-maestro-agent/harnesses/claude-code.agent.md +36 -0
  224. package/agents/sap/sap-maestro-agent/harnesses/codex.toml +34 -0
  225. package/agents/sap/sap-maestro-agent/harnesses/copilot.agent.md +32 -0
  226. package/agents/sap/sap-maestro-agent/harnesses/cursor.agent.md +30 -0
  227. package/agents/sap/sap-maestro-agent/harnesses/gemini.agent.md +30 -0
  228. package/agents/sap/sap-maestro-agent/harnesses/kiro-cli.agent.json +1 -0
  229. package/agents/sap/sap-maestro-agent/harnesses/kiro-ide.agent.md +30 -0
  230. package/agents/sap/sap-maestro-agent/metadata.json +39 -0
  231. package/agents/sap/sap-manufacturing-execution-risk-agent/AGENT.md +59 -0
  232. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/claude-code.agent.md +38 -0
  233. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/codex.toml +30 -0
  234. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/copilot.agent.md +32 -0
  235. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/cursor.agent.md +30 -0
  236. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/gemini.agent.md +30 -0
  237. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  238. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  239. package/agents/sap/sap-manufacturing-execution-risk-agent/metadata.json +44 -0
  240. package/agents/sap/sap-mdg-master-data-quality-agent/AGENT.md +59 -0
  241. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/claude-code.agent.md +38 -0
  242. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/codex.toml +30 -0
  243. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/copilot.agent.md +32 -0
  244. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/cursor.agent.md +30 -0
  245. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/gemini.agent.md +30 -0
  246. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-cli.agent.json +1 -0
  247. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-ide.agent.md +30 -0
  248. package/agents/sap/sap-mdg-master-data-quality-agent/metadata.json +45 -0
  249. package/agents/sap/sap-order-to-cash-agent/AGENT.md +59 -0
  250. package/agents/sap/sap-order-to-cash-agent/harnesses/claude-code.agent.md +38 -0
  251. package/agents/sap/sap-order-to-cash-agent/harnesses/codex.toml +30 -0
  252. package/agents/sap/sap-order-to-cash-agent/harnesses/copilot.agent.md +32 -0
  253. package/agents/sap/sap-order-to-cash-agent/harnesses/cursor.agent.md +30 -0
  254. package/agents/sap/sap-order-to-cash-agent/harnesses/gemini.agent.md +30 -0
  255. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-cli.agent.json +1 -0
  256. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-ide.agent.md +30 -0
  257. package/agents/sap/sap-order-to-cash-agent/metadata.json +44 -0
  258. package/agents/sap/sap-procurement-ariba-value-leakage-agent/AGENT.md +59 -0
  259. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/claude-code.agent.md +38 -0
  260. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/codex.toml +30 -0
  261. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/copilot.agent.md +32 -0
  262. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/cursor.agent.md +30 -0
  263. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/gemini.agent.md +30 -0
  264. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-cli.agent.json +1 -0
  265. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-ide.agent.md +30 -0
  266. package/agents/sap/sap-procurement-ariba-value-leakage-agent/metadata.json +44 -0
  267. package/agents/sap/sap-release-change-collision-agent/AGENT.md +59 -0
  268. package/agents/sap/sap-release-change-collision-agent/harnesses/claude-code.agent.md +38 -0
  269. package/agents/sap/sap-release-change-collision-agent/harnesses/codex.toml +30 -0
  270. package/agents/sap/sap-release-change-collision-agent/harnesses/copilot.agent.md +32 -0
  271. package/agents/sap/sap-release-change-collision-agent/harnesses/cursor.agent.md +30 -0
  272. package/agents/sap/sap-release-change-collision-agent/harnesses/gemini.agent.md +30 -0
  273. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-cli.agent.json +1 -0
  274. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-ide.agent.md +30 -0
  275. package/agents/sap/sap-release-change-collision-agent/metadata.json +42 -0
  276. package/agents/sap/sap-rise-sla-vendor-risk-agent/AGENT.md +58 -0
  277. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/claude-code.agent.md +37 -0
  278. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/codex.toml +30 -0
  279. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/copilot.agent.md +31 -0
  280. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/cursor.agent.md +29 -0
  281. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/gemini.agent.md +29 -0
  282. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  283. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-ide.agent.md +29 -0
  284. package/agents/sap/sap-rise-sla-vendor-risk-agent/metadata.json +42 -0
  285. package/agents/sap/sap-role-assignment-guarded-operator-agent/AGENT.md +73 -0
  286. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/claude-code.agent.md +54 -0
  287. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/codex.toml +43 -0
  288. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/copilot.agent.md +38 -0
  289. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/cursor.agent.md +35 -0
  290. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/gemini.agent.md +35 -0
  291. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  292. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-ide.agent.md +35 -0
  293. package/agents/sap/sap-role-assignment-guarded-operator-agent/metadata.json +41 -0
  294. package/agents/sap/sap-s4hana-transformation-architect-agent/AGENT.md +62 -0
  295. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/claude-code.agent.md +41 -0
  296. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/codex.toml +29 -0
  297. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/copilot.agent.md +31 -0
  298. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/cursor.agent.md +29 -0
  299. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/gemini.agent.md +29 -0
  300. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  301. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  302. package/agents/sap/sap-s4hana-transformation-architect-agent/metadata.json +44 -0
  303. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/AGENT.md +59 -0
  304. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  305. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/codex.toml +30 -0
  306. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/copilot.agent.md +32 -0
  307. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/cursor.agent.md +30 -0
  308. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/gemini.agent.md +30 -0
  309. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  310. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  311. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/metadata.json +44 -0
  312. package/agents/sap/sap-signavio-process-mining-value-agent/AGENT.md +59 -0
  313. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/claude-code.agent.md +38 -0
  314. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/codex.toml +30 -0
  315. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/copilot.agent.md +32 -0
  316. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/cursor.agent.md +30 -0
  317. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/gemini.agent.md +30 -0
  318. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-cli.agent.json +1 -0
  319. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-ide.agent.md +30 -0
  320. package/agents/sap/sap-signavio-process-mining-value-agent/metadata.json +44 -0
  321. package/agents/sap/sap-successfactors-hr-process-risk-agent/AGENT.md +59 -0
  322. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/claude-code.agent.md +38 -0
  323. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/codex.toml +30 -0
  324. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/copilot.agent.md +32 -0
  325. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/cursor.agent.md +30 -0
  326. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/gemini.agent.md +30 -0
  327. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  328. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  329. package/agents/sap/sap-successfactors-hr-process-risk-agent/metadata.json +42 -0
  330. package/agents/sap/sap-supply-chain-ibp-resilience-agent/AGENT.md +59 -0
  331. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/claude-code.agent.md +38 -0
  332. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/codex.toml +30 -0
  333. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/copilot.agent.md +32 -0
  334. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/cursor.agent.md +30 -0
  335. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/gemini.agent.md +30 -0
  336. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-cli.agent.json +1 -0
  337. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-ide.agent.md +30 -0
  338. package/agents/sap/sap-supply-chain-ibp-resilience-agent/metadata.json +44 -0
  339. package/agents/sap/sap-testing-quality-gate-agent/AGENT.md +59 -0
  340. package/agents/sap/sap-testing-quality-gate-agent/harnesses/claude-code.agent.md +38 -0
  341. package/agents/sap/sap-testing-quality-gate-agent/harnesses/codex.toml +30 -0
  342. package/agents/sap/sap-testing-quality-gate-agent/harnesses/copilot.agent.md +32 -0
  343. package/agents/sap/sap-testing-quality-gate-agent/harnesses/cursor.agent.md +30 -0
  344. package/agents/sap/sap-testing-quality-gate-agent/harnesses/gemini.agent.md +30 -0
  345. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-cli.agent.json +1 -0
  346. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-ide.agent.md +30 -0
  347. package/agents/sap/sap-testing-quality-gate-agent/metadata.json +42 -0
  348. package/agents/sap/sap-transformation-portfolio-triage-agent/AGENT.md +58 -0
  349. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/claude-code.agent.md +37 -0
  350. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/codex.toml +30 -0
  351. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/copilot.agent.md +31 -0
  352. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/cursor.agent.md +29 -0
  353. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/gemini.agent.md +29 -0
  354. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-cli.agent.json +1 -0
  355. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-ide.agent.md +29 -0
  356. package/agents/sap/sap-transformation-portfolio-triage-agent/metadata.json +42 -0
  357. package/agents/sap/sap-treasury-cash-risk-agent/AGENT.md +59 -0
  358. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/claude-code.agent.md +38 -0
  359. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/codex.toml +30 -0
  360. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/copilot.agent.md +32 -0
  361. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/cursor.agent.md +30 -0
  362. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/gemini.agent.md +30 -0
  363. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  364. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  365. package/agents/sap/sap-treasury-cash-risk-agent/metadata.json +44 -0
  366. package/catalog/agents.json +1323 -0
  367. package/catalog/asset-integrity.json +2293 -43
  368. package/catalog/install-roles.json +94 -0
  369. package/catalog/skill-manifest.json +1770 -3
  370. package/catalog/skills.json +1912 -1
  371. package/package.json +1 -1
  372. package/plugins/cross-platform-agent-template/.codexignore +7 -0
  373. package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
  374. package/plugins/vanguard-frontier-agentic/.codexignore +7 -0
  375. package/powers/README.md +3 -2
  376. package/powers/vanguard-sap/POWER.md +43 -0
  377. package/schemas/agent.schema.json +1 -0
  378. package/schemas/skill.schema.json +1 -0
  379. package/scripts/generate-docs-data.mjs +1 -1
  380. package/scripts/generate-kiro-powers.mjs +12 -0
  381. package/skills/claude/add-educational-comments/metadata.json +1 -1
  382. package/skills/sap/sap-abap-cloud-rap-review/SKILL.md +86 -0
  383. package/skills/sap/sap-abap-cloud-rap-review/agents/openai.yaml +11 -0
  384. package/skills/sap/sap-abap-cloud-rap-review/metadata.json +34 -0
  385. package/skills/sap/sap-abap-cloud-rap-review/references/context7-framework-docs.md +126 -0
  386. package/skills/sap/sap-abap-cloud-rap-review/references/official-sources.md +95 -0
  387. package/skills/sap/sap-abap-cloud-rap-review/references/safety-checklist.md +37 -0
  388. package/skills/sap/sap-abap-cloud-rap-review/references/workflow-and-output.md +76 -0
  389. package/skills/sap/sap-ai-core-generative-ai-hub-governance/SKILL.md +92 -0
  390. package/skills/sap/sap-ai-core-generative-ai-hub-governance/agents/openai.yaml +11 -0
  391. package/skills/sap/sap-ai-core-generative-ai-hub-governance/metadata.json +34 -0
  392. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/context7-framework-docs.md +107 -0
  393. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/official-sources.md +91 -0
  394. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/safety-checklist.md +39 -0
  395. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/workflow-and-output.md +75 -0
  396. package/skills/sap/sap-ai-governance-security-architecture-protocol/SKILL.md +168 -0
  397. package/skills/sap/sap-ai-governance-security-architecture-protocol/agents/openai.yaml +11 -0
  398. package/skills/sap/sap-ai-governance-security-architecture-protocol/metadata.json +35 -0
  399. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/official-sources.md +99 -0
  400. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/safety-checklist.md +38 -0
  401. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/workflow-and-output.md +89 -0
  402. package/skills/sap/sap-analytics-cloud-planning-governance/SKILL.md +87 -0
  403. package/skills/sap/sap-analytics-cloud-planning-governance/agents/openai.yaml +11 -0
  404. package/skills/sap/sap-analytics-cloud-planning-governance/metadata.json +33 -0
  405. package/skills/sap/sap-analytics-cloud-planning-governance/references/official-sources.md +89 -0
  406. package/skills/sap/sap-analytics-cloud-planning-governance/references/safety-checklist.md +35 -0
  407. package/skills/sap/sap-analytics-cloud-planning-governance/references/workflow-and-output.md +70 -0
  408. package/skills/sap/sap-audit-evidence-packaging/SKILL.md +92 -0
  409. package/skills/sap/sap-audit-evidence-packaging/agents/openai.yaml +11 -0
  410. package/skills/sap/sap-audit-evidence-packaging/metadata.json +33 -0
  411. package/skills/sap/sap-audit-evidence-packaging/references/official-sources.md +92 -0
  412. package/skills/sap/sap-audit-evidence-packaging/references/safety-checklist.md +38 -0
  413. package/skills/sap/sap-audit-evidence-packaging/references/workflow-and-output.md +129 -0
  414. package/skills/sap/sap-btp-governance-review/SKILL.md +84 -0
  415. package/skills/sap/sap-btp-governance-review/agents/openai.yaml +11 -0
  416. package/skills/sap/sap-btp-governance-review/metadata.json +34 -0
  417. package/skills/sap/sap-btp-governance-review/references/official-sources.md +91 -0
  418. package/skills/sap/sap-btp-governance-review/references/safety-checklist.md +35 -0
  419. package/skills/sap/sap-btp-governance-review/references/workflow-and-output.md +66 -0
  420. package/skills/sap/sap-cap-architecture-review/SKILL.md +86 -0
  421. package/skills/sap/sap-cap-architecture-review/agents/openai.yaml +11 -0
  422. package/skills/sap/sap-cap-architecture-review/metadata.json +34 -0
  423. package/skills/sap/sap-cap-architecture-review/references/context7-framework-docs.md +89 -0
  424. package/skills/sap/sap-cap-architecture-review/references/official-sources.md +93 -0
  425. package/skills/sap/sap-cap-architecture-review/references/safety-checklist.md +37 -0
  426. package/skills/sap/sap-cap-architecture-review/references/workflow-and-output.md +74 -0
  427. package/skills/sap/sap-clean-core-debt-review/SKILL.md +84 -0
  428. package/skills/sap/sap-clean-core-debt-review/agents/openai.yaml +11 -0
  429. package/skills/sap/sap-clean-core-debt-review/metadata.json +33 -0
  430. package/skills/sap/sap-clean-core-debt-review/references/context7-framework-docs.md +56 -0
  431. package/skills/sap/sap-clean-core-debt-review/references/official-sources.md +75 -0
  432. package/skills/sap/sap-clean-core-debt-review/references/safety-checklist.md +36 -0
  433. package/skills/sap/sap-clean-core-debt-review/references/workflow-and-output.md +62 -0
  434. package/skills/sap/sap-cloud-alm-sre-incident-review/SKILL.md +83 -0
  435. package/skills/sap/sap-cloud-alm-sre-incident-review/agents/openai.yaml +11 -0
  436. package/skills/sap/sap-cloud-alm-sre-incident-review/metadata.json +33 -0
  437. package/skills/sap/sap-cloud-alm-sre-incident-review/references/official-sources.md +89 -0
  438. package/skills/sap/sap-cloud-alm-sre-incident-review/references/safety-checklist.md +39 -0
  439. package/skills/sap/sap-cloud-alm-sre-incident-review/references/workflow-and-output.md +88 -0
  440. package/skills/sap/sap-custom-code-remediation-review/SKILL.md +83 -0
  441. package/skills/sap/sap-custom-code-remediation-review/agents/openai.yaml +11 -0
  442. package/skills/sap/sap-custom-code-remediation-review/metadata.json +33 -0
  443. package/skills/sap/sap-custom-code-remediation-review/references/official-sources.md +85 -0
  444. package/skills/sap/sap-custom-code-remediation-review/references/safety-checklist.md +39 -0
  445. package/skills/sap/sap-custom-code-remediation-review/references/workflow-and-output.md +83 -0
  446. package/skills/sap/sap-data-migration-cutover-readiness/SKILL.md +90 -0
  447. package/skills/sap/sap-data-migration-cutover-readiness/agents/openai.yaml +14 -0
  448. package/skills/sap/sap-data-migration-cutover-readiness/metadata.json +32 -0
  449. package/skills/sap/sap-data-migration-cutover-readiness/references/official-sources.md +73 -0
  450. package/skills/sap/sap-data-migration-cutover-readiness/references/safety-checklist.md +51 -0
  451. package/skills/sap/sap-data-migration-cutover-readiness/references/workflow-and-output.md +85 -0
  452. package/skills/sap/sap-data-privacy-analytics-ai-protocol/SKILL.md +162 -0
  453. package/skills/sap/sap-data-privacy-analytics-ai-protocol/agents/openai.yaml +11 -0
  454. package/skills/sap/sap-data-privacy-analytics-ai-protocol/metadata.json +34 -0
  455. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/official-sources.md +93 -0
  456. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/safety-checklist.md +39 -0
  457. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/workflow-and-output.md +78 -0
  458. package/skills/sap/sap-datasphere-data-product-architecture/SKILL.md +86 -0
  459. package/skills/sap/sap-datasphere-data-product-architecture/agents/openai.yaml +11 -0
  460. package/skills/sap/sap-datasphere-data-product-architecture/metadata.json +33 -0
  461. package/skills/sap/sap-datasphere-data-product-architecture/references/official-sources.md +85 -0
  462. package/skills/sap/sap-datasphere-data-product-architecture/references/safety-checklist.md +35 -0
  463. package/skills/sap/sap-datasphere-data-product-architecture/references/workflow-and-output.md +70 -0
  464. package/skills/sap/sap-ewm-tm-logistics-execution-review/SKILL.md +90 -0
  465. package/skills/sap/sap-ewm-tm-logistics-execution-review/agents/openai.yaml +11 -0
  466. package/skills/sap/sap-ewm-tm-logistics-execution-review/metadata.json +32 -0
  467. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/official-sources.md +79 -0
  468. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/safety-checklist.md +37 -0
  469. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/workflow-and-output.md +91 -0
  470. package/skills/sap/sap-finance-fico-controls-review/SKILL.md +91 -0
  471. package/skills/sap/sap-finance-fico-controls-review/agents/openai.yaml +11 -0
  472. package/skills/sap/sap-finance-fico-controls-review/metadata.json +33 -0
  473. package/skills/sap/sap-finance-fico-controls-review/references/official-sources.md +89 -0
  474. package/skills/sap/sap-finance-fico-controls-review/references/safety-checklist.md +38 -0
  475. package/skills/sap/sap-finance-fico-controls-review/references/workflow-and-output.md +88 -0
  476. package/skills/sap/sap-fiori-ui5-ux-review/SKILL.md +87 -0
  477. package/skills/sap/sap-fiori-ui5-ux-review/agents/openai.yaml +14 -0
  478. package/skills/sap/sap-fiori-ui5-ux-review/metadata.json +33 -0
  479. package/skills/sap/sap-fiori-ui5-ux-review/references/context7-framework-docs.md +128 -0
  480. package/skills/sap/sap-fiori-ui5-ux-review/references/official-sources.md +95 -0
  481. package/skills/sap/sap-fiori-ui5-ux-review/references/safety-checklist.md +37 -0
  482. package/skills/sap/sap-fiori-ui5-ux-review/references/workflow-and-output.md +96 -0
  483. package/skills/sap/sap-guarded-btp-entitlement-change/SKILL.md +156 -0
  484. package/skills/sap/sap-guarded-btp-entitlement-change/agents/openai.yaml +17 -0
  485. package/skills/sap/sap-guarded-btp-entitlement-change/metadata.json +33 -0
  486. package/skills/sap/sap-guarded-btp-entitlement-change/references/live-environment-access.md +93 -0
  487. package/skills/sap/sap-guarded-btp-entitlement-change/references/official-sources.md +75 -0
  488. package/skills/sap/sap-guarded-btp-entitlement-change/references/safety-checklist.md +57 -0
  489. package/skills/sap/sap-guarded-btp-entitlement-change/references/workflow-and-output.md +132 -0
  490. package/skills/sap/sap-guarded-integration-flow-change/SKILL.md +151 -0
  491. package/skills/sap/sap-guarded-integration-flow-change/agents/openai.yaml +17 -0
  492. package/skills/sap/sap-guarded-integration-flow-change/metadata.json +33 -0
  493. package/skills/sap/sap-guarded-integration-flow-change/references/live-environment-access.md +80 -0
  494. package/skills/sap/sap-guarded-integration-flow-change/references/official-sources.md +73 -0
  495. package/skills/sap/sap-guarded-integration-flow-change/references/safety-checklist.md +56 -0
  496. package/skills/sap/sap-guarded-integration-flow-change/references/workflow-and-output.md +122 -0
  497. package/skills/sap/sap-guarded-role-assignment/SKILL.md +159 -0
  498. package/skills/sap/sap-guarded-role-assignment/agents/openai.yaml +17 -0
  499. package/skills/sap/sap-guarded-role-assignment/metadata.json +33 -0
  500. package/skills/sap/sap-guarded-role-assignment/references/live-environment-access.md +93 -0
  501. package/skills/sap/sap-guarded-role-assignment/references/official-sources.md +73 -0
  502. package/skills/sap/sap-guarded-role-assignment/references/safety-checklist.md +57 -0
  503. package/skills/sap/sap-guarded-role-assignment/references/workflow-and-output.md +133 -0
  504. package/skills/sap/sap-guarded-transport-import/SKILL.md +144 -0
  505. package/skills/sap/sap-guarded-transport-import/agents/openai.yaml +14 -0
  506. package/skills/sap/sap-guarded-transport-import/metadata.json +34 -0
  507. package/skills/sap/sap-guarded-transport-import/references/live-environment-access.md +81 -0
  508. package/skills/sap/sap-guarded-transport-import/references/official-sources.md +79 -0
  509. package/skills/sap/sap-guarded-transport-import/references/safety-checklist.md +52 -0
  510. package/skills/sap/sap-guarded-transport-import/references/workflow-and-output.md +93 -0
  511. package/skills/sap/sap-hana-cloud-performance-cost/SKILL.md +87 -0
  512. package/skills/sap/sap-hana-cloud-performance-cost/agents/openai.yaml +11 -0
  513. package/skills/sap/sap-hana-cloud-performance-cost/metadata.json +33 -0
  514. package/skills/sap/sap-hana-cloud-performance-cost/references/context7-framework-docs.md +94 -0
  515. package/skills/sap/sap-hana-cloud-performance-cost/references/official-sources.md +83 -0
  516. package/skills/sap/sap-hana-cloud-performance-cost/references/safety-checklist.md +36 -0
  517. package/skills/sap/sap-hana-cloud-performance-cost/references/workflow-and-output.md +68 -0
  518. package/skills/sap/sap-hypercare-incident-commander-review/SKILL.md +93 -0
  519. package/skills/sap/sap-hypercare-incident-commander-review/agents/openai.yaml +14 -0
  520. package/skills/sap/sap-hypercare-incident-commander-review/metadata.json +31 -0
  521. package/skills/sap/sap-hypercare-incident-commander-review/references/official-sources.md +63 -0
  522. package/skills/sap/sap-hypercare-incident-commander-review/references/safety-checklist.md +55 -0
  523. package/skills/sap/sap-hypercare-incident-commander-review/references/workflow-and-output.md +98 -0
  524. package/skills/sap/sap-integration-platform-businessops-protocol/SKILL.md +162 -0
  525. package/skills/sap/sap-integration-platform-businessops-protocol/agents/openai.yaml +11 -0
  526. package/skills/sap/sap-integration-platform-businessops-protocol/metadata.json +35 -0
  527. package/skills/sap/sap-integration-platform-businessops-protocol/references/official-sources.md +99 -0
  528. package/skills/sap/sap-integration-platform-businessops-protocol/references/safety-checklist.md +36 -0
  529. package/skills/sap/sap-integration-platform-businessops-protocol/references/workflow-and-output.md +76 -0
  530. package/skills/sap/sap-integration-suite-review/SKILL.md +87 -0
  531. package/skills/sap/sap-integration-suite-review/agents/openai.yaml +11 -0
  532. package/skills/sap/sap-integration-suite-review/metadata.json +33 -0
  533. package/skills/sap/sap-integration-suite-review/references/context7-framework-docs.md +76 -0
  534. package/skills/sap/sap-integration-suite-review/references/official-sources.md +79 -0
  535. package/skills/sap/sap-integration-suite-review/references/safety-checklist.md +36 -0
  536. package/skills/sap/sap-integration-suite-review/references/workflow-and-output.md +78 -0
  537. package/skills/sap/sap-joule-governance-adoption-review/SKILL.md +83 -0
  538. package/skills/sap/sap-joule-governance-adoption-review/agents/openai.yaml +11 -0
  539. package/skills/sap/sap-joule-governance-adoption-review/metadata.json +33 -0
  540. package/skills/sap/sap-joule-governance-adoption-review/references/official-sources.md +83 -0
  541. package/skills/sap/sap-joule-governance-adoption-review/references/safety-checklist.md +37 -0
  542. package/skills/sap/sap-joule-governance-adoption-review/references/workflow-and-output.md +81 -0
  543. package/skills/sap/sap-license-btp-consumption-finops-review/SKILL.md +89 -0
  544. package/skills/sap/sap-license-btp-consumption-finops-review/agents/openai.yaml +11 -0
  545. package/skills/sap/sap-license-btp-consumption-finops-review/metadata.json +32 -0
  546. package/skills/sap/sap-license-btp-consumption-finops-review/references/official-sources.md +71 -0
  547. package/skills/sap/sap-license-btp-consumption-finops-review/references/safety-checklist.md +36 -0
  548. package/skills/sap/sap-license-btp-consumption-finops-review/references/workflow-and-output.md +69 -0
  549. package/skills/sap/sap-live-readonly-identity-trust-discovery/SKILL.md +142 -0
  550. package/skills/sap/sap-live-readonly-identity-trust-discovery/agents/openai.yaml +14 -0
  551. package/skills/sap/sap-live-readonly-identity-trust-discovery/metadata.json +34 -0
  552. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/live-environment-access.md +151 -0
  553. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/official-sources.md +83 -0
  554. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/safety-checklist.md +49 -0
  555. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/workflow-and-output.md +103 -0
  556. package/skills/sap/sap-live-readonly-landscape-discovery/SKILL.md +135 -0
  557. package/skills/sap/sap-live-readonly-landscape-discovery/agents/openai.yaml +14 -0
  558. package/skills/sap/sap-live-readonly-landscape-discovery/metadata.json +34 -0
  559. package/skills/sap/sap-live-readonly-landscape-discovery/references/live-environment-access.md +111 -0
  560. package/skills/sap/sap-live-readonly-landscape-discovery/references/official-sources.md +83 -0
  561. package/skills/sap/sap-live-readonly-landscape-discovery/references/safety-checklist.md +45 -0
  562. package/skills/sap/sap-live-readonly-landscape-discovery/references/workflow-and-output.md +102 -0
  563. package/skills/sap/sap-maestro/SKILL.md +81 -0
  564. package/skills/sap/sap-maestro/agents/openai.yaml +11 -0
  565. package/skills/sap/sap-maestro/metadata.json +32 -0
  566. package/skills/sap/sap-maestro/references/official-sources.md +53 -0
  567. package/skills/sap/sap-maestro/references/safety-checklist.md +39 -0
  568. package/skills/sap/sap-maestro/references/workflow-and-output.md +73 -0
  569. package/skills/sap/sap-manufacturing-execution-risk-review/SKILL.md +89 -0
  570. package/skills/sap/sap-manufacturing-execution-risk-review/agents/openai.yaml +11 -0
  571. package/skills/sap/sap-manufacturing-execution-risk-review/metadata.json +32 -0
  572. package/skills/sap/sap-manufacturing-execution-risk-review/references/official-sources.md +79 -0
  573. package/skills/sap/sap-manufacturing-execution-risk-review/references/safety-checklist.md +39 -0
  574. package/skills/sap/sap-manufacturing-execution-risk-review/references/workflow-and-output.md +91 -0
  575. package/skills/sap/sap-mdg-master-data-quality-review/SKILL.md +85 -0
  576. package/skills/sap/sap-mdg-master-data-quality-review/agents/openai.yaml +11 -0
  577. package/skills/sap/sap-mdg-master-data-quality-review/metadata.json +33 -0
  578. package/skills/sap/sap-mdg-master-data-quality-review/references/official-sources.md +89 -0
  579. package/skills/sap/sap-mdg-master-data-quality-review/references/safety-checklist.md +37 -0
  580. package/skills/sap/sap-mdg-master-data-quality-review/references/workflow-and-output.md +91 -0
  581. package/skills/sap/sap-order-to-cash-review/SKILL.md +89 -0
  582. package/skills/sap/sap-order-to-cash-review/agents/openai.yaml +11 -0
  583. package/skills/sap/sap-order-to-cash-review/metadata.json +32 -0
  584. package/skills/sap/sap-order-to-cash-review/references/official-sources.md +79 -0
  585. package/skills/sap/sap-order-to-cash-review/references/safety-checklist.md +39 -0
  586. package/skills/sap/sap-order-to-cash-review/references/workflow-and-output.md +87 -0
  587. package/skills/sap/sap-procurement-ariba-value-leakage-review/SKILL.md +90 -0
  588. package/skills/sap/sap-procurement-ariba-value-leakage-review/agents/openai.yaml +11 -0
  589. package/skills/sap/sap-procurement-ariba-value-leakage-review/metadata.json +32 -0
  590. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/official-sources.md +79 -0
  591. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/safety-checklist.md +38 -0
  592. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/workflow-and-output.md +87 -0
  593. package/skills/sap/sap-procurement-license-finops-vendor-protocol/SKILL.md +155 -0
  594. package/skills/sap/sap-procurement-license-finops-vendor-protocol/agents/openai.yaml +11 -0
  595. package/skills/sap/sap-procurement-license-finops-vendor-protocol/metadata.json +35 -0
  596. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/official-sources.md +99 -0
  597. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/safety-checklist.md +36 -0
  598. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/workflow-and-output.md +62 -0
  599. package/skills/sap/sap-release-change-collision-review/SKILL.md +92 -0
  600. package/skills/sap/sap-release-change-collision-review/agents/openai.yaml +14 -0
  601. package/skills/sap/sap-release-change-collision-review/metadata.json +31 -0
  602. package/skills/sap/sap-release-change-collision-review/references/official-sources.md +63 -0
  603. package/skills/sap/sap-release-change-collision-review/references/safety-checklist.md +51 -0
  604. package/skills/sap/sap-release-change-collision-review/references/workflow-and-output.md +85 -0
  605. package/skills/sap/sap-release-cutover-finance-controls-protocol/SKILL.md +170 -0
  606. package/skills/sap/sap-release-cutover-finance-controls-protocol/agents/openai.yaml +11 -0
  607. package/skills/sap/sap-release-cutover-finance-controls-protocol/metadata.json +33 -0
  608. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/official-sources.md +89 -0
  609. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/safety-checklist.md +39 -0
  610. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/workflow-and-output.md +98 -0
  611. package/skills/sap/sap-rise-sla-vendor-risk-review/SKILL.md +88 -0
  612. package/skills/sap/sap-rise-sla-vendor-risk-review/agents/openai.yaml +11 -0
  613. package/skills/sap/sap-rise-sla-vendor-risk-review/metadata.json +32 -0
  614. package/skills/sap/sap-rise-sla-vendor-risk-review/references/official-sources.md +73 -0
  615. package/skills/sap/sap-rise-sla-vendor-risk-review/references/safety-checklist.md +36 -0
  616. package/skills/sap/sap-rise-sla-vendor-risk-review/references/workflow-and-output.md +56 -0
  617. package/skills/sap/sap-s4hana-transformation-architecture-review/SKILL.md +84 -0
  618. package/skills/sap/sap-s4hana-transformation-architecture-review/agents/openai.yaml +14 -0
  619. package/skills/sap/sap-s4hana-transformation-architecture-review/metadata.json +32 -0
  620. package/skills/sap/sap-s4hana-transformation-architecture-review/references/official-sources.md +75 -0
  621. package/skills/sap/sap-s4hana-transformation-architecture-review/references/safety-checklist.md +40 -0
  622. package/skills/sap/sap-s4hana-transformation-architecture-review/references/workflow-and-output.md +67 -0
  623. package/skills/sap/sap-security-hr-legal-protocol/SKILL.md +149 -0
  624. package/skills/sap/sap-security-hr-legal-protocol/agents/openai.yaml +11 -0
  625. package/skills/sap/sap-security-hr-legal-protocol/metadata.json +34 -0
  626. package/skills/sap/sap-security-hr-legal-protocol/references/official-sources.md +89 -0
  627. package/skills/sap/sap-security-hr-legal-protocol/references/safety-checklist.md +38 -0
  628. package/skills/sap/sap-security-hr-legal-protocol/references/workflow-and-output.md +65 -0
  629. package/skills/sap/sap-security-iam-grc-sod-review/SKILL.md +86 -0
  630. package/skills/sap/sap-security-iam-grc-sod-review/agents/openai.yaml +11 -0
  631. package/skills/sap/sap-security-iam-grc-sod-review/metadata.json +33 -0
  632. package/skills/sap/sap-security-iam-grc-sod-review/references/official-sources.md +83 -0
  633. package/skills/sap/sap-security-iam-grc-sod-review/references/safety-checklist.md +36 -0
  634. package/skills/sap/sap-security-iam-grc-sod-review/references/workflow-and-output.md +79 -0
  635. package/skills/sap/sap-signavio-process-mining-value/SKILL.md +85 -0
  636. package/skills/sap/sap-signavio-process-mining-value/agents/openai.yaml +11 -0
  637. package/skills/sap/sap-signavio-process-mining-value/metadata.json +33 -0
  638. package/skills/sap/sap-signavio-process-mining-value/references/official-sources.md +89 -0
  639. package/skills/sap/sap-signavio-process-mining-value/references/safety-checklist.md +36 -0
  640. package/skills/sap/sap-signavio-process-mining-value/references/workflow-and-output.md +91 -0
  641. package/skills/sap/sap-successfactors-hr-process-risk-review/SKILL.md +92 -0
  642. package/skills/sap/sap-successfactors-hr-process-risk-review/agents/openai.yaml +11 -0
  643. package/skills/sap/sap-successfactors-hr-process-risk-review/metadata.json +33 -0
  644. package/skills/sap/sap-successfactors-hr-process-risk-review/references/official-sources.md +83 -0
  645. package/skills/sap/sap-successfactors-hr-process-risk-review/references/safety-checklist.md +38 -0
  646. package/skills/sap/sap-successfactors-hr-process-risk-review/references/workflow-and-output.md +86 -0
  647. package/skills/sap/sap-supply-chain-ibp-resilience-review/SKILL.md +90 -0
  648. package/skills/sap/sap-supply-chain-ibp-resilience-review/agents/openai.yaml +11 -0
  649. package/skills/sap/sap-supply-chain-ibp-resilience-review/metadata.json +32 -0
  650. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/official-sources.md +79 -0
  651. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/safety-checklist.md +38 -0
  652. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/workflow-and-output.md +89 -0
  653. package/skills/sap/sap-testing-quality-gate-review/SKILL.md +92 -0
  654. package/skills/sap/sap-testing-quality-gate-review/agents/openai.yaml +14 -0
  655. package/skills/sap/sap-testing-quality-gate-review/metadata.json +31 -0
  656. package/skills/sap/sap-testing-quality-gate-review/references/official-sources.md +65 -0
  657. package/skills/sap/sap-testing-quality-gate-review/references/safety-checklist.md +53 -0
  658. package/skills/sap/sap-testing-quality-gate-review/references/workflow-and-output.md +98 -0
  659. package/skills/sap/sap-transformation-portfolio-triage-review/SKILL.md +87 -0
  660. package/skills/sap/sap-transformation-portfolio-triage-review/agents/openai.yaml +11 -0
  661. package/skills/sap/sap-transformation-portfolio-triage-review/metadata.json +32 -0
  662. package/skills/sap/sap-transformation-portfolio-triage-review/references/official-sources.md +71 -0
  663. package/skills/sap/sap-transformation-portfolio-triage-review/references/safety-checklist.md +36 -0
  664. package/skills/sap/sap-transformation-portfolio-triage-review/references/workflow-and-output.md +69 -0
  665. package/skills/sap/sap-treasury-cash-risk-review/SKILL.md +90 -0
  666. package/skills/sap/sap-treasury-cash-risk-review/agents/openai.yaml +11 -0
  667. package/skills/sap/sap-treasury-cash-risk-review/metadata.json +32 -0
  668. package/skills/sap/sap-treasury-cash-risk-review/references/official-sources.md +79 -0
  669. package/skills/sap/sap-treasury-cash-risk-review/references/safety-checklist.md +38 -0
  670. package/skills/sap/sap-treasury-cash-risk-review/references/workflow-and-output.md +89 -0
  671. package/tests/fixtures/sap-maestro-routing/expected/01-clean-core-debt.json +6 -0
  672. package/tests/fixtures/sap-maestro-routing/expected/02-landscape-discovery.json +6 -0
  673. package/tests/fixtures/sap-maestro-routing/expected/03-live-guard-transport.json +6 -0
  674. package/tests/fixtures/sap-maestro-routing/expected/04-adversarial-injection.json +6 -0
  675. package/tests/fixtures/sap-maestro-routing/expected/05-adversarial-persona.json +6 -0
  676. package/tests/fixtures/sap-maestro-routing/expected/06-ambiguous.json +4 -0
  677. package/tests/fixtures/sap-maestro-routing/expected/07-secrets-bait.json +6 -0
  678. package/tests/fixtures/sap-maestro-routing/expected/08-btp-governance.json +6 -0
  679. package/tests/fixtures/sap-maestro-routing/expected/09-integration-suite.json +6 -0
  680. package/tests/fixtures/sap-maestro-routing/expected/10-security-sod.json +6 -0
  681. package/tests/fixtures/sap-maestro-routing/expected/11-cap-architecture.json +6 -0
  682. package/tests/fixtures/sap-maestro-routing/expected/12-abap-cloud-rap.json +7 -0
  683. package/tests/fixtures/sap-maestro-routing/expected/13-ai-governance.json +6 -0
  684. package/tests/fixtures/sap-maestro-routing/expected/14-datasphere.json +6 -0
  685. package/tests/fixtures/sap-maestro-routing/expected/15-analytics-cloud.json +6 -0
  686. package/tests/fixtures/sap-maestro-routing/expected/16-hana-cloud.json +6 -0
  687. package/tests/fixtures/sap-maestro-routing/expected/17-s4hana-transformation.json +6 -0
  688. package/tests/fixtures/sap-maestro-routing/expected/18-custom-code-remediation.json +6 -0
  689. package/tests/fixtures/sap-maestro-routing/expected/19-data-migration-cutover.json +6 -0
  690. package/tests/fixtures/sap-maestro-routing/expected/20-finance-fico.json +6 -0
  691. package/tests/fixtures/sap-maestro-routing/expected/21-mdg-master-data.json +6 -0
  692. package/tests/fixtures/sap-maestro-routing/expected/22-signavio.json +6 -0
  693. package/tests/fixtures/sap-maestro-routing/expected/23-procurement-ariba.json +6 -0
  694. package/tests/fixtures/sap-maestro-routing/expected/24-supply-chain-ibp.json +6 -0
  695. package/tests/fixtures/sap-maestro-routing/expected/25-order-to-cash.json +6 -0
  696. package/tests/fixtures/sap-maestro-routing/expected/26-treasury.json +6 -0
  697. package/tests/fixtures/sap-maestro-routing/expected/27-ewm-tm.json +6 -0
  698. package/tests/fixtures/sap-maestro-routing/expected/28-manufacturing.json +6 -0
  699. package/tests/fixtures/sap-maestro-routing/expected/29-successfactors.json +6 -0
  700. package/tests/fixtures/sap-maestro-routing/expected/30-joule.json +6 -0
  701. package/tests/fixtures/sap-maestro-routing/expected/31-cloud-alm.json +6 -0
  702. package/tests/fixtures/sap-maestro-routing/expected/32-transformation-portfolio.json +6 -0
  703. package/tests/fixtures/sap-maestro-routing/expected/33-rise-sla.json +6 -0
  704. package/tests/fixtures/sap-maestro-routing/expected/34-license-finops.json +6 -0
  705. package/tests/fixtures/sap-maestro-routing/expected/35-testing-quality.json +6 -0
  706. package/tests/fixtures/sap-maestro-routing/expected/36-release-collision.json +6 -0
  707. package/tests/fixtures/sap-maestro-routing/expected/37-hypercare.json +6 -0
  708. package/tests/fixtures/sap-maestro-routing/expected/38-identity-trust.json +6 -0
  709. package/tests/fixtures/sap-maestro-routing/expected/39-fiori-ui5.json +6 -0
  710. package/tests/fixtures/sap-maestro-routing/expected/40-audit-evidence.json +6 -0
  711. package/tests/fixtures/sap-maestro-routing/expected/41-guard-role-assign.json +6 -0
  712. package/tests/fixtures/sap-maestro-routing/expected/42-guard-iflow-deploy.json +6 -0
  713. package/tests/fixtures/sap-maestro-routing/expected/43-guard-entitlement.json +6 -0
  714. package/tests/fixtures/sap-maestro-routing/inputs/01-clean-core-debt.json +5 -0
  715. package/tests/fixtures/sap-maestro-routing/inputs/02-landscape-discovery.json +5 -0
  716. package/tests/fixtures/sap-maestro-routing/inputs/03-live-guard-transport.json +7 -0
  717. package/tests/fixtures/sap-maestro-routing/inputs/04-adversarial-injection.json +7 -0
  718. package/tests/fixtures/sap-maestro-routing/inputs/05-adversarial-persona.json +7 -0
  719. package/tests/fixtures/sap-maestro-routing/inputs/06-ambiguous.json +7 -0
  720. package/tests/fixtures/sap-maestro-routing/inputs/07-secrets-bait.json +7 -0
  721. package/tests/fixtures/sap-maestro-routing/inputs/08-btp-governance.json +7 -0
  722. package/tests/fixtures/sap-maestro-routing/inputs/09-integration-suite.json +7 -0
  723. package/tests/fixtures/sap-maestro-routing/inputs/10-security-sod.json +7 -0
  724. package/tests/fixtures/sap-maestro-routing/inputs/11-cap-architecture.json +7 -0
  725. package/tests/fixtures/sap-maestro-routing/inputs/12-abap-cloud-rap.json +7 -0
  726. package/tests/fixtures/sap-maestro-routing/inputs/13-ai-governance.json +7 -0
  727. package/tests/fixtures/sap-maestro-routing/inputs/14-datasphere.json +7 -0
  728. package/tests/fixtures/sap-maestro-routing/inputs/15-analytics-cloud.json +7 -0
  729. package/tests/fixtures/sap-maestro-routing/inputs/16-hana-cloud.json +7 -0
  730. package/tests/fixtures/sap-maestro-routing/inputs/17-s4hana-transformation.json +7 -0
  731. package/tests/fixtures/sap-maestro-routing/inputs/18-custom-code-remediation.json +7 -0
  732. package/tests/fixtures/sap-maestro-routing/inputs/19-data-migration-cutover.json +7 -0
  733. package/tests/fixtures/sap-maestro-routing/inputs/20-finance-fico.json +7 -0
  734. package/tests/fixtures/sap-maestro-routing/inputs/21-mdg-master-data.json +7 -0
  735. package/tests/fixtures/sap-maestro-routing/inputs/22-signavio.json +7 -0
  736. package/tests/fixtures/sap-maestro-routing/inputs/23-procurement-ariba.json +7 -0
  737. package/tests/fixtures/sap-maestro-routing/inputs/24-supply-chain-ibp.json +7 -0
  738. package/tests/fixtures/sap-maestro-routing/inputs/25-order-to-cash.json +7 -0
  739. package/tests/fixtures/sap-maestro-routing/inputs/26-treasury.json +7 -0
  740. package/tests/fixtures/sap-maestro-routing/inputs/27-ewm-tm.json +7 -0
  741. package/tests/fixtures/sap-maestro-routing/inputs/28-manufacturing.json +7 -0
  742. package/tests/fixtures/sap-maestro-routing/inputs/29-successfactors.json +7 -0
  743. package/tests/fixtures/sap-maestro-routing/inputs/30-joule.json +7 -0
  744. package/tests/fixtures/sap-maestro-routing/inputs/31-cloud-alm.json +7 -0
  745. package/tests/fixtures/sap-maestro-routing/inputs/32-transformation-portfolio.json +7 -0
  746. package/tests/fixtures/sap-maestro-routing/inputs/33-rise-sla.json +7 -0
  747. package/tests/fixtures/sap-maestro-routing/inputs/34-license-finops.json +7 -0
  748. package/tests/fixtures/sap-maestro-routing/inputs/35-testing-quality.json +7 -0
  749. package/tests/fixtures/sap-maestro-routing/inputs/36-release-collision.json +7 -0
  750. package/tests/fixtures/sap-maestro-routing/inputs/37-hypercare.json +7 -0
  751. package/tests/fixtures/sap-maestro-routing/inputs/38-identity-trust.json +7 -0
  752. package/tests/fixtures/sap-maestro-routing/inputs/39-fiori-ui5.json +7 -0
  753. package/tests/fixtures/sap-maestro-routing/inputs/40-audit-evidence.json +7 -0
  754. package/tests/fixtures/sap-maestro-routing/inputs/41-guard-role-assign.json +7 -0
  755. package/tests/fixtures/sap-maestro-routing/inputs/42-guard-iflow-deploy.json +7 -0
  756. package/tests/fixtures/sap-maestro-routing/inputs/43-guard-entitlement.json +7 -0
  757. package/tests/fixtures/sap-maestro-routing/taxonomy.json +509 -0
  758. package/tests/validate-catalog.py +1 -0
@@ -0,0 +1,151 @@
1
+ # Live environment access — SAP Live Read-Only Identity and Trust Discovery
2
+
3
+ This reference defines credential setup, role requirements, audit log format, and redaction rules for live read-only identity and trust discovery sessions.
4
+
5
+ ## Credential setup
6
+
7
+ ### SAP Cloud Identity Services — Identity Authentication Service (IAS) API
8
+
9
+ Required role: Read-only API user or IAS administrator scoped to application listing and corporate identity provider enumeration. Do not use a full IAS tenant administrator who can also create or modify applications.
10
+
11
+ Recommended approach: create a dedicated IAS service user with the `Manage Applications` permission set to read-only scope, or use the IAS System as Applications option with a `Get` scope API key.
12
+
13
+ ```bash
14
+ # IAS REST API — list all applications (GET only)
15
+ curl -s -X GET \
16
+ "https://<IAS_TENANT>.accounts.ondemand.com/Applications/v1/" \
17
+ -H "Authorization: Bearer <READ_ONLY_ACCESS_TOKEN>"
18
+
19
+ # IAS REST API — list corporate identity providers
20
+ curl -s -X GET \
21
+ "https://<IAS_TENANT>.accounts.ondemand.com/IdentityProviders/v1/" \
22
+ -H "Authorization: Bearer <READ_ONLY_ACCESS_TOKEN>"
23
+ ```
24
+
25
+ Never include the `<READ_ONLY_ACCESS_TOKEN>` value in any output. Replace with `[REDACTED:IAS_TOKEN]` before logging.
26
+
27
+ ### SAP Cloud Identity Services — Identity Provisioning Service (IPS) API
28
+
29
+ Required role: IPS administrator account with read-only access to source and target system configuration and job history. Do not use credentials with provisioning job execution rights.
30
+
31
+ ```bash
32
+ # IPS REST API — list all provisioning source systems (GET only)
33
+ curl -s -X GET \
34
+ "https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems" \
35
+ -u "<IPS_USER>:[REDACTED:IPS_PASSWORD]" \
36
+ -H "Accept: application/json"
37
+
38
+ # IPS REST API — get a specific source system connector configuration
39
+ curl -s -X GET \
40
+ "https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems/<SYSTEM_ID>" \
41
+ -u "<IPS_USER>:[REDACTED:IPS_PASSWORD]" \
42
+ -H "Accept: application/json"
43
+
44
+ # IPS REST API — list provisioning job history for a system (read-only)
45
+ curl -s -X GET \
46
+ "https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems/<SYSTEM_ID>/Jobs" \
47
+ -u "<IPS_USER>:[REDACTED:IPS_PASSWORD]" \
48
+ -H "Accept: application/json"
49
+ ```
50
+
51
+ ### BTP CLI — trust and role collection enumeration
52
+
53
+ Required role: **Subaccount Viewer** or **Security Administrator (read-only)** for subaccount-scope discovery; **Global Account Viewer** for cross-subaccount trust enumeration.
54
+
55
+ Never use: Global Account Administrator, Subaccount Administrator, Security Administrator (with write permissions), or any role that can assign or modify trust configurations.
56
+
57
+ ```bash
58
+ # Login to BTP CLI
59
+ btp login --url https://cli.btp.cloud.sap
60
+
61
+ # Confirm active context and role
62
+ btp --info
63
+
64
+ # List all trust configurations for a subaccount (read-only)
65
+ btp list security/trust --subaccount <SUBACCOUNT_ID>
66
+
67
+ # Get details of a specific trust configuration
68
+ btp get security/trust <TRUST_CONFIG_NAME> --subaccount <SUBACCOUNT_ID>
69
+
70
+ # List all role collections in a subaccount
71
+ btp list security/role-collection --subaccount <SUBACCOUNT_ID>
72
+
73
+ # Get a specific role collection (roles and assignments)
74
+ btp get security/role-collection "<ROLE_COLLECTION_NAME>" --subaccount <SUBACCOUNT_ID>
75
+ ```
76
+
77
+ ### XSUAA service API (via CF CLI or BTP API)
78
+
79
+ Required role: **SpaceAuditor** or **OrgAuditor** in Cloud Foundry; use a service key with only `roles.read` and `role-collections.read` scopes on the XSUAA instance.
80
+
81
+ Never use: a XSUAA service key with `roles.write`, `role-collections.write`, or `user.write` scopes.
82
+
83
+ ```bash
84
+ # CF CLI — confirm current user and role (read-only)
85
+ cf org-users <ORG_NAME>
86
+ cf space-users <ORG_NAME> <SPACE_NAME>
87
+
88
+ # CF CLI — list service instances (to locate XSUAA instance)
89
+ cf service-instances
90
+
91
+ # XSUAA API — list role collections (GET only, using service key access token)
92
+ curl -s -X GET \
93
+ "<XSUAA_URL>/sap/rest/authorization/v2/rolecollections" \
94
+ -H "Authorization: Bearer [REDACTED:XSUAA_TOKEN]"
95
+ ```
96
+
97
+ ## Redaction rules
98
+
99
+ The following must be redacted from all output, logs, and evidence before returning to the user:
100
+
101
+ | Data type | Redaction token |
102
+ |-----------|----------------|
103
+ | IAS access token or bearer token | `[REDACTED:IAS_TOKEN]` |
104
+ | IPS system user password | `[REDACTED:IPS_PASSWORD]` |
105
+ | XSUAA client secret | `[REDACTED:XSUAA_CLIENT_SECRET]` |
106
+ | XSUAA access token | `[REDACTED:XSUAA_TOKEN]` |
107
+ | BTP platform user password | `[REDACTED:BTP_PASSWORD]` |
108
+ | OAuth client secret (any) | `[REDACTED:CLIENT_SECRET]` |
109
+ | Personal email addresses beyond audit necessity | `[REDACTED:PII_EMAIL]` |
110
+ | Personal user names beyond audit necessity | `[REDACTED:PII_USERNAME]` |
111
+ | SAML signing certificate private key | `[REDACTED:SAML_PRIVATE_KEY]` |
112
+
113
+ The data type name, key structure, and service names may remain in output. Only sensitive values are redacted.
114
+
115
+ ## Audit log format
116
+
117
+ Every command executed must be logged in the following format before the command is run:
118
+
119
+ ```
120
+ [COMMAND_LOG]
121
+ Timestamp (UTC): <ISO 8601>
122
+ System: <IAS tenant ID | IPS tenant | BTP subaccount ID | XSUAA instance name>
123
+ Tool: <curl-ias | curl-ips | btp | cf | curl-xsuaa>
124
+ Command: <exact command with arguments; credential values replaced with redaction tokens>
125
+ Output summary: <one-line summary of what was returned>
126
+ Redactions applied: <yes/no — what was redacted>
127
+ ```
128
+
129
+ Example:
130
+ ```
131
+ [COMMAND_LOG]
132
+ Timestamp (UTC): 2026-06-19T11:15:00Z
133
+ System: IAS Tenant abc-def-ghi.accounts.ondemand.com
134
+ Tool: curl-ias
135
+ Command: GET /Applications/v1/ Authorization: Bearer [REDACTED:IAS_TOKEN]
136
+ Output summary: 12 IAS applications enumerated; 3 with corporate IdP federation, 9 with IAS-local authentication
137
+ Redactions applied: yes — bearer token replaced with [REDACTED:IAS_TOKEN]
138
+ ```
139
+
140
+ ## Approval gate checklist
141
+
142
+ Before the first live command in any session:
143
+
144
+ - [ ] User has confirmed live read-only access is authorized for this session
145
+ - [ ] Credential scope confirmed as viewer/auditor/read-only API user (role name or API scope confirmed)
146
+ - [ ] Target system and scope explicitly identified by user (IAS tenant ID, IPS tenant, BTP subaccount ID, XSUAA instance)
147
+ - [ ] Redaction rules reviewed and will be applied to all output
148
+ - [ ] Personal data minimization plan confirmed for IAS and IPS user enumeration
149
+ - [ ] User understands no state changes will be made
150
+
151
+ Do not proceed until all six items are confirmed.
@@ -0,0 +1,83 @@
1
+ # Official sources — SAP Live Read-Only Identity and Trust Discovery
2
+
3
+ Use this reference when grounding IAS, IPS, XSUAA, and BTP trust enumeration commands and API calls.
4
+
5
+ **Evidence level**: documentation-based (SAP Help Portal). Live evidence gathered during sessions is labeled separately as `live evidence` per the audit format in `references/live-environment-access.md`.
6
+
7
+ ## SAP Cloud Identity Services — Identity Authentication Service (IAS)
8
+
9
+ - What Is Identity Authentication
10
+ https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication
11
+ source_owner: SAP SE
12
+ topic_supported: IAS overview, application types, corporate identity provider federation, risk-based authentication, MFA policies
13
+ why_needed: Authoritative source for IAS application and corporate IdP enumeration scope; defines what configuration objects this skill can discover in read-only mode
14
+ evidence_level: primary
15
+ last_verified: 2026-06-19
16
+
17
+ - Configure Applications in IAS
18
+ https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/configure-applications
19
+ source_owner: SAP SE
20
+ topic_supported: IAS application configuration — authentication schemes, corporate IdP trust, risk-based authentication policies, API access settings
21
+ why_needed: Defines the IAS application object model and REST API paths for read-only enumeration of application settings and corporate identity provider assignments
22
+ evidence_level: primary
23
+ last_verified: 2026-06-19
24
+
25
+ ## SAP Cloud Identity Services — Identity Provisioning Service (IPS)
26
+
27
+ - What Is Identity Provisioning
28
+ https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-provisioning
29
+ source_owner: SAP SE
30
+ topic_supported: IPS overview, connector types (source, target, proxy), provisioning job types (read job, resync), transformation script structure
31
+ why_needed: Defines the IPS connector and job object model; establishes which API endpoints are read-only (GET) versus job-triggering (POST)
32
+ evidence_level: primary
33
+ last_verified: 2026-06-19
34
+
35
+ - Manage Provisioning Systems in IPS
36
+ https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/manage-provisioning-systems
37
+ source_owner: SAP SE
38
+ topic_supported: IPS source and target system configuration — connector properties, transformation scripts, job scheduling, job history access
39
+ why_needed: Defines the IPS REST API paths for reading connector configuration and job history without triggering provisioning jobs
40
+ evidence_level: primary
41
+ last_verified: 2026-06-19
42
+
43
+ ## SAP BTP Authorization and Trust Management Service (XSUAA)
44
+
45
+ - What Is Authorization and Trust Management Service
46
+ https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-authorization-and-trust-management-service
47
+ source_owner: SAP SE
48
+ topic_supported: XSUAA overview, role collections, role templates, scopes, OAuth 2.0 trust configuration in BTP Cloud Foundry environment
49
+ why_needed: Authoritative source for XSUAA role collection and scope enumeration; defines which XSUAA REST API calls are read-only (GET)
50
+ evidence_level: primary
51
+ last_verified: 2026-06-19
52
+
53
+ - Application Security Descriptor Configuration Syntax (xs-security.json)
54
+ https://help.sap.com/docs/btp/sap-business-technology-platform/application-security-descriptor-configuration-syntax
55
+ source_owner: SAP SE
56
+ topic_supported: xs-security.json structure — scopes, role templates, role collections, OAuth2 configuration — read to understand the objects enumerated by this skill
57
+ why_needed: Provides the schema for interpreting XSUAA role template and scope output returned by read-only enumeration
58
+ evidence_level: primary
59
+ last_verified: 2026-06-19
60
+
61
+ ## BTP Trust and Federation
62
+
63
+ - Trust and Federation with Identity Providers
64
+ https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers
65
+ source_owner: SAP SE
66
+ topic_supported: BTP subaccount trust configuration, SAML 2.0 and OIDC trust to external and corporate identity providers, principal propagation, attribute mapping, default identity provider
67
+ why_needed: Defines the BTP trust configuration object model and the BTP CLI commands for read-only trust enumeration (`btp list security/trust`, `btp get security/trust`)
68
+ evidence_level: primary
69
+ last_verified: 2026-06-19
70
+
71
+ ## Role Collections
72
+
73
+ - Managing Role Collections in BTP
74
+ https://help.sap.com/docs/btp/sap-business-technology-platform/managing-role-collections
75
+ source_owner: SAP SE
76
+ topic_supported: Role collection creation, assignment to users and groups, built-in role collections, BTP CLI role collection management commands
77
+ why_needed: Defines the BTP CLI read-only commands for role collection enumeration (`btp list security/role-collection`, `btp get security/role-collection`) and the role collection assignment model
78
+ evidence_level: primary
79
+ last_verified: 2026-06-19
80
+
81
+ ## Grounding rule
82
+
83
+ SAP Help Portal documentation describes available API endpoints and CLI commands. It does not prove which endpoints are available in the user's specific IAS tenant version, which IPS connector types are provisioned, or whether the credential in scope actually restricts write access. Users must confirm credential scope and target system identity before any live command is executed.
@@ -0,0 +1,49 @@
1
+ # Safety checklist — SAP Live Read-Only Identity and Trust Discovery
2
+
3
+ Use before every live discovery session and before every command execution.
4
+
5
+ ## Non-negotiables
6
+
7
+ - Do not execute any command that creates, updates, deletes, assigns, rotates, triggers a provisioning job, or modifies trust configuration — even if the user explicitly requests it.
8
+ - Do not request, accept, log, echo, or include in any output: IAS admin credentials, IPS system user passwords, XSUAA client secrets, OAuth access tokens, BTP service keys, SAML signing certificate private keys, or any credential value of any kind.
9
+ - Do not proceed with live commands if the user has not confirmed that the credential in scope is read-only (viewer, auditor, or read-only API user role or equivalent).
10
+ - Do not expand scope beyond what the user has explicitly authorized — if authorized for one subaccount's role collections, do not enumerate sibling subaccounts or global account trust configurations without explicit authorization.
11
+ - Do not cache, store, or transmit live evidence outside the current session context.
12
+ - Redact all IAS access tokens, IPS passwords, XSUAA client secrets, and personal user data (email addresses, user names) beyond audit necessity before logging or returning output.
13
+ - Do not enumerate user-level personal data (individual user records from IAS or IPS target systems) unless the user has explicitly stated a legitimate audit scope requiring it and has confirmed data protection compliance.
14
+
15
+ ## Forbidden action verification
16
+
17
+ Before executing any API call or CLI command, verify the HTTP method or CLI verb is on the allowed list:
18
+
19
+ | Allowed HTTP methods / CLI verbs | Forbidden HTTP methods / CLI verbs |
20
+ |----------------------------------|------------------------------------|
21
+ | GET, list, get, describe, export, status, show, read, view | POST, PUT, PATCH, DELETE, create, update, delete, set, assign, bind, rotate, regenerate, import, trigger, run, execute, apply, approve, modify-trust |
22
+
23
+ If the HTTP method or CLI verb is not on the allowed list, refuse and explain which downstream skill or authorized administrator handles that action.
24
+
25
+ ## What people get wrong
26
+
27
+ - **Using an IAS tenant administrator for "just reading"**: A full IAS tenant administrator can create and modify applications and corporate identity providers. Use a dedicated read-only API user or a service user scoped to GET operations only.
28
+ - **Triggering IPS provisioning jobs by accident**: The IPS API uses `POST /Jobs` to trigger a job and `GET /Jobs` to list history. Verify the HTTP method before executing. A `POST` to the Jobs endpoint triggers a live provisioning run.
29
+ - **Including IAS access tokens in output**: IAS REST API responses may embed token endpoint metadata. Bearer tokens used in the request must never appear in logs. Replace with `[REDACTED:IAS_TOKEN]` before logging.
30
+ - **Enumerating personal user records without a stated audit purpose**: IPS source or target system enumeration may return individual user records with email addresses and personal attributes. Collect only system-level configuration, not individual user records, unless the audit scope explicitly requires it.
31
+ - **Assuming `btp list security/trust` cannot cause side effects**: In some BTP CLI versions, list operations may trigger internal audit log entries. This is acceptable; the key constraint is no state mutation.
32
+ - **Scope creep across subaccounts**: A subaccount viewer credential may grant visibility across sibling subaccounts in some BTP configurations. Query only the specific subaccount in scope.
33
+ - **Treating XSUAA token introspection as read-only for all purposes**: Token introspection exposes live token data. Enumerate role collections and scopes using the authorization API, not by inspecting live user tokens.
34
+
35
+ ## When to push back
36
+
37
+ - Push back when the user asks to combine a read step with a write step (e.g., list role collections and then assign one to a user).
38
+ - Push back when the user asks to trigger an IPS provisioning job "just to test" the connector.
39
+ - Push back when credentials provided appear to have write scope (e.g., IAS tenant administrator with application creation rights, IPS administrator with job execution rights).
40
+ - Push back when the user asks to enumerate individual user records from IAS or IPS target systems without a stated audit scope and data protection confirmation.
41
+ - Push back when the user asks to export SAML metadata including private signing keys.
42
+ - Push back when the user asks to enumerate systems or subaccounts outside the agreed scope.
43
+
44
+ ## Evidence labels
45
+
46
+ - `live evidence` — directly observed from a live SAP IAS, IPS, XSUAA, or BTP system; include command, timestamp, system identifier
47
+ - `documentation-based` — grounded in SAP official docs; no live access
48
+ - `user-provided evidence` — stated or supplied by the user (configuration exports, screenshots, written descriptions)
49
+ - `inference` — derived reasoning; must always be labeled as such
@@ -0,0 +1,103 @@
1
+ # Workflow and output contract — SAP Live Read-Only Identity and Trust Discovery
2
+
3
+ Use this reference for all discovery workflows, command selection, and output formatting.
4
+
5
+ ## Allowed command patterns
6
+
7
+ ### IAS API (read-only, GET only)
8
+
9
+ ```bash
10
+ # List all IAS applications
11
+ GET https://<IAS_TENANT>.accounts.ondemand.com/Applications/v1/
12
+
13
+ # Get a specific IAS application configuration
14
+ GET https://<IAS_TENANT>.accounts.ondemand.com/Applications/v1/<APPLICATION_ID>
15
+
16
+ # List all corporate identity providers configured in IAS
17
+ GET https://<IAS_TENANT>.accounts.ondemand.com/IdentityProviders/v1/
18
+
19
+ # Get risk-based authentication policy for an application (read-only)
20
+ GET https://<IAS_TENANT>.accounts.ondemand.com/Applications/v1/<APPLICATION_ID>/authentication/rba
21
+ ```
22
+
23
+ ### IPS API (read-only, GET only)
24
+
25
+ ```bash
26
+ # List all source and target systems (connectors)
27
+ GET https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems
28
+
29
+ # Get a specific connector configuration
30
+ GET https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems/<SYSTEM_ID>
31
+
32
+ # List provisioning job history (read status only; does not trigger a job)
33
+ GET https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Systems/<SYSTEM_ID>/Jobs
34
+
35
+ # Get a specific job run result (read-only)
36
+ GET https://<IPS_TENANT>.accounts.ondemand.com/ips/service/ProvisioningService/v2/Jobs/<JOB_ID>
37
+ ```
38
+
39
+ ### BTP CLI — trust and role collection (read-only)
40
+
41
+ ```bash
42
+ # List trust configurations for a subaccount
43
+ btp list security/trust --subaccount <SUBACCOUNT_ID>
44
+
45
+ # Get details of a specific trust configuration
46
+ btp get security/trust <TRUST_CONFIG_NAME> --subaccount <SUBACCOUNT_ID>
47
+
48
+ # List all role collections in a subaccount
49
+ btp list security/role-collection --subaccount <SUBACCOUNT_ID>
50
+
51
+ # Get a role collection with its role assignments
52
+ btp get security/role-collection "<ROLE_COLLECTION_NAME>" --subaccount <SUBACCOUNT_ID>
53
+ ```
54
+
55
+ ### XSUAA API (read-only, GET only)
56
+
57
+ ```bash
58
+ # List all role collections in the XSUAA instance
59
+ GET <XSUAA_URL>/sap/rest/authorization/v2/rolecollections
60
+
61
+ # Get a specific role collection with role template assignments
62
+ GET <XSUAA_URL>/sap/rest/authorization/v2/rolecollections/<ROLE_COLLECTION_NAME>
63
+
64
+ # List all scopes defined in the XSUAA instance
65
+ GET <XSUAA_URL>/sap/rest/authorization/v2/apps/<CLIENT_ID>/scopes
66
+
67
+ # List all role templates defined for an application
68
+ GET <XSUAA_URL>/sap/rest/authorization/v2/apps/<CLIENT_ID>/roleTemplates
69
+ ```
70
+
71
+ ## Discovery workflow
72
+
73
+ 1. **Confirm authorization gate**
74
+ - Confirm with the user that live read-only access is authorized for this session.
75
+ - Confirm credential scope is viewer/auditor/read-only API user role only.
76
+ - Confirm target system and scope (IAS tenant, IPS tenant, BTP subaccount, XSUAA instance).
77
+
78
+ 2. **Select discovery scope**
79
+ - Identify which identity and trust layer(s) are in scope: IAS applications / IAS corporate IdP federation / IPS connectors / XSUAA role collections / BTP trust configurations.
80
+ - Select the minimum command set needed.
81
+
82
+ 3. **Execute read-only commands**
83
+ - Run only allowed command patterns above.
84
+ - Log every command with timestamp.
85
+ - Redact credential values, access tokens, and personal data beyond audit necessity before logging.
86
+
87
+ 4. **Structure evidence**
88
+ - Organize output by resource type and identity domain.
89
+ - Label all data as `live evidence` with command and timestamp.
90
+
91
+ 5. **Return output** per the output contract below.
92
+
93
+ ## Output contract
94
+
95
+ Return:
96
+
97
+ 1. Discovery scope (what identity and trust data was enumerated and why)
98
+ 2. Authorization gate confirmation (role confirmed read-only: yes/no)
99
+ 3. Command log (every command, timestamp, summary of output, redactions applied)
100
+ 4. Structured evidence (resources enumerated, organized by identity domain: IAS / IPS / XSUAA / BTP trust)
101
+ 5. Redaction log (what was redacted and why)
102
+ 6. Next step (how this evidence feeds into the downstream advisory: IAM review, SoD assessment, compliance audit)
103
+ 7. Escalation trigger (any forbidden action encountered, any unexpected write attempt by the tool, or any personal data scope requiring review)
@@ -0,0 +1,135 @@
1
+ ---
2
+ name: sap-live-readonly-landscape-discovery
3
+ description: Enumerate and export SAP BTP and S/4HANA landscape configuration using read-only list, get, describe, and export operations only. Use when read-only discovery of subaccounts, service instances, entitlements, destinations, ABAP system landscape objects, or transport routes is needed as evidence for advisory, audit, or compliance purposes. Requires pre-authorized read-only credentials. Never creates, updates, deletes, deploys, assigns, rotates, imports, or triggers any change.
4
+ allowed-tools: Read Grep Glob WebSearch WebFetch Bash
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-06-19"
9
+ category: platform
10
+ lifecycle: experimental
11
+ execution_tier: read-only-runtime
12
+ ---
13
+
14
+ # SAP Live Read-Only Landscape Discovery
15
+
16
+ ## Purpose
17
+
18
+ Enumerate SAP BTP and S/4HANA landscape configuration using strictly read-only operations to produce structured evidence for advisory, audit, compliance, or architecture review purposes. Every action taken by this skill must appear on the allowed-actions list below. This skill never changes state.
19
+
20
+ ## When to use
21
+
22
+ Use this skill when the user needs to:
23
+
24
+ - list BTP subaccounts, directories, entitlements, service instances, service bindings, or destinations,
25
+ - describe ABAP system landscape objects (RFC destinations, transport routes, system definitions) in read-only mode,
26
+ - export landscape configuration as structured evidence for a clean core review, transport planning, compliance audit, or architecture assessment,
27
+ - enumerate trust configurations, identity providers, or role collections in read-only mode,
28
+ - gather landscape facts needed as input to `sap-clean-core-debt-review` or pre-flight facts for `sap-guarded-transport-import`.
29
+
30
+ ## When not to use
31
+
32
+ - When any creation, update, deletion, deployment, assignment, rotation, import, or trigger is needed — use `sap-guarded-transport-import` for transport-scoped mutations with its full 17-step guarded sequence.
33
+ - When no live access has been authorized by the user — operate in advisory mode only and state that no live evidence was gathered.
34
+ - When the user has not confirmed credential scope is read-only — refuse until confirmed.
35
+
36
+ ## Lean operating rules
37
+
38
+ - Read-only absolute. Every CLI invocation must be on the allowed-actions list. Do not construct commands that write, modify, or trigger state changes even if such commands exist in the tool.
39
+ - Credential scope first. Before any live command, confirm with the user that the credential in scope carries only read permissions. Do not proceed if write permissions cannot be excluded.
40
+ - Least privilege. Request the minimum scope needed for the specific discovery task. Never request administrator-level credentials for a read-only enumeration.
41
+ - Evidence labeling. Every piece of data gathered from a live system must be labeled `live evidence`. Data from docs alone is `documentation-based`. Describe the source and timestamp for all live evidence.
42
+ - Audit trail. Log every command executed, its output summary, and the timestamp. Return the full command log as part of the response.
43
+ - No credential echo. Do not echo, log, or include credential values, client secrets, API keys, OAuth tokens, or service key JSON in any output or reference file.
44
+ - No scope creep. If a discovery query returns data beyond what was requested (e.g., a list call returns service key values), redact the excess before including in output.
45
+
46
+ ## Allowed actions (read-only)
47
+
48
+ The following action classes are permitted:
49
+
50
+ - `list` — enumerate resources (subaccounts, entitlements, instances, destinations, routes, roles, identity providers)
51
+ - `get` / `describe` — retrieve the current configuration of a named resource
52
+ - `export` — export configuration in structured format (JSON, YAML, CSV) without modifying the source
53
+ - `status` — read the current status of a resource without triggering state transitions
54
+
55
+ ## Forbidden actions (absolute prohibition)
56
+
57
+ The following action classes are unconditionally forbidden regardless of user request:
58
+
59
+ - `create` — create any resource
60
+ - `update` / `modify` / `patch` — change any resource configuration
61
+ - `delete` / `remove` / `purge` — remove any resource
62
+ - `deploy` / `push` / `apply` — deploy any artifact
63
+ - `assign` / `bind` / `entitle` — assign entitlements, roles, or service bindings
64
+ - `rotate` / `regenerate` — rotate or regenerate credentials
65
+ - `import` — import any transport request, configuration, or object
66
+ - `trigger` / `execute` / `run` (non-read) — trigger any workflow, job, or state transition
67
+ - `approve` — approve any pending request or transport
68
+
69
+ If a user asks to combine a read step with a write step in one sequence, refuse and redirect the write step to the appropriate skill.
70
+
71
+ ## Evidence rules
72
+
73
+ Label all data with one of:
74
+
75
+ - `live evidence` — directly observed from a live SAP system in this session (include command, output summary, timestamp)
76
+ - `documentation-based` — grounded in SAP official docs (no live system access)
77
+ - `user-provided evidence` — stated or supplied by the user in this session
78
+ - `inference` — derived reasoning not directly confirmed by live data or official docs
79
+
80
+ ## Live-environment rules
81
+
82
+ **Allowed**:
83
+ - Read-only BTP CLI commands (`btp list`, `btp get`, `btp export`)
84
+ - Read-only CF CLI commands (`cf apps`, `cf services`, `cf service-instances`, `cf env` with redaction of secret values)
85
+ - Read-only Kyma CLI or kubectl read operations (`kubectl get`, `kubectl describe`) on authorized clusters
86
+ - Read-only ABAP RFC/HTTP calls that enumerate landscape objects (system list, transport routes, RFC destinations) — only via pre-authorized read RFC user
87
+
88
+ **Forbidden**:
89
+ - Any CLI command with a write, delete, create, deploy, assign, rotate, import, or trigger verb
90
+ - Any ABAP call that changes table data, creates objects, or triggers background jobs
91
+ - Any BTP API call using `POST`, `PUT`, `PATCH`, or `DELETE` HTTP methods
92
+
93
+ **Least-privilege credential rules**:
94
+ - BTP CLI: use a subaccount viewer or global account viewer role only
95
+ - CF: use SpaceAuditor or OrgAuditor role; never SpaceDeveloper or OrgManager for discovery
96
+ - Kyma/kubectl: use a read-only ClusterRole or namespaced Role bound to `get`, `list`, `watch` verbs only
97
+ - ABAP: use a display-only user (authorization objects S_TCODE limited to display transactions, no S_DEVELOP change authorization)
98
+
99
+ **Approval gate**:
100
+ Before executing any live command, confirm:
101
+ 1. The user has authorized live read-only access for this session.
102
+ 2. The credential in scope is confirmed read-only (viewer/auditor role or equivalent).
103
+ 3. The target system and scope are explicitly identified by the user.
104
+
105
+ **Rollback**: This skill makes no changes; rollback is not applicable. However, if a command unexpectedly triggers a state change (e.g., a CLI bug or misconfigured tool), stop immediately and escalate to the user without continuing.
106
+
107
+ **Post-change / post-discovery**:
108
+ - Return a command log with all commands executed and a summary of evidence gathered.
109
+ - Redact any credential values, service keys, or sensitive tokens from output.
110
+ - Label all gathered data as `live evidence` with source command and timestamp.
111
+
112
+ **Audit evidence**:
113
+ - Every response that includes live evidence must include the full command log.
114
+ - Audit evidence format: `[COMMAND] [TIMESTAMP_UTC] [SYSTEM] [SUMMARY_OF_OUTPUT]`
115
+
116
+ ## References
117
+
118
+ Load only when needed:
119
+
120
+ - [Workflow and output contract](references/workflow-and-output.md) — discovery workflow, command patterns, output format.
121
+ - [Safety checklist](references/safety-checklist.md) — non-negotiables, forbidden action verification, credential rules.
122
+ - [Official sources](references/official-sources.md) — SAP BTP CLI, CF CLI, Kyma, ABAP landscape docs.
123
+ - [Live environment access](references/live-environment-access.md) — credential setup, role requirements, audit log format, redaction rules.
124
+
125
+ ## Response minimum
126
+
127
+ Return, at minimum:
128
+
129
+ - **Problem classification**: what landscape data is needed and why.
130
+ - **Evidence used**: live evidence (with command log) / documentation-based / user-provided / inference.
131
+ - **Risk level**: none — this skill is read-only.
132
+ - **Recommended action**: which list/get/describe commands to run and in what order.
133
+ - **Refusal / escalation triggers**: refuse if any requested action is on the forbidden list; escalate to the appropriate skill.
134
+ - **Business impact**: what decisions depend on this landscape data; what is the cost of incomplete discovery.
135
+ - **Next verification step**: confirm credential scope with the user before the first live command.
@@ -0,0 +1,14 @@
1
+ interface:
2
+ display_name: "SAP Live Read-Only Landscape Discovery"
3
+ short_description: "Enumerate SAP BTP and S/4HANA landscape configuration using read-only list, get, describe, and export operations only — no state changes"
4
+ default_prompt: "Use $sap-live-readonly-landscape-discovery to enumerate SAP landscape configuration in read-only mode. Confirm credential scope is read-only (viewer/auditor role) before the first live command. Use only list/get/describe/export operations. Log every command. Redact all credential values from output. Refuse any create/update/delete/deploy/assign/rotate/import/trigger request."
5
+ dependencies:
6
+ tools:
7
+ - type: "cli"
8
+ value: "btp"
9
+ description: "SAP BTP CLI for read-only subaccount, entitlement, service instance, and destination enumeration — must be authenticated with viewer role credentials only"
10
+ - type: "cli"
11
+ value: "cf"
12
+ description: "Cloud Foundry CLI for read-only app, service, and environment enumeration — must use SpaceAuditor or OrgAuditor role only"
13
+ policy:
14
+ allow_implicit_invocation: false
@@ -0,0 +1,34 @@
1
+ {
2
+ "id": "sap-live-readonly-landscape-discovery",
3
+ "name": "SAP Live Read-Only Landscape Discovery",
4
+ "type": "skill",
5
+ "provider": "sap",
6
+ "harnesses": [
7
+ "claude-code",
8
+ "codex",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Enumerate SAP BTP subaccounts, entitlements, service instances, destinations, and ABAP landscape objects using read-only list/get/describe/export operations. Produces structured audit evidence. Never creates, updates, deletes, deploys, assigns, rotates, imports, or triggers changes.",
15
+ "source_type": "original",
16
+ "category": "platform",
17
+ "official_docs": [
18
+ "https://help.sap.com/docs/btp/btp-cli-command-reference/btp-cli-command-reference",
19
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/account-administration-using-sap-btp-command-line-interface-btp-cli",
20
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/managing-entitlements-and-quotas-using-the-btp-cli",
21
+ "https://help.sap.com/docs/cloud-foundry/sap-cloud-foundry-command-line-interface/cf-command-reference",
22
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/destinations",
23
+ "https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/destination-service-rest-api",
24
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/sap-authorization-and-trust-management-service-in-the-cloud-foundry-environment",
25
+ "https://help.sap.com/docs/SAP_S4HANA_CLOUD/e5522a8a7b174979/3e56cde2e1044df5b5f3a5ecc8e59d27.html"
26
+ ],
27
+ "security_notes": "Read-only enforced. Never request or accept write-capable credentials. Use viewer/auditor roles only (BTP subaccount viewer, CF SpaceAuditor/OrgAuditor, kubectl read-only ClusterRole, ABAP display user). Redact all credential values, service keys, and OAuth tokens from output. Log every command executed. Refuse any request that maps to a create/update/delete/deploy/assign/rotate/import/trigger action.",
28
+ "last_verified": "2026-06-19",
29
+ "path": "skills/sap/sap-live-readonly-landscape-discovery",
30
+ "author": "github: Raishin",
31
+ "version": "0.1.0",
32
+ "lifecycle": "experimental",
33
+ "execution_tier": "read-only-runtime"
34
+ }