@raishin/vanguard-frontier-agentic 2.11.0 → 2.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (758) hide show
  1. package/.claude-plugin/marketplace.json +2 -2
  2. package/.claude-plugin/plugin.json +41 -1
  3. package/.cursor-plugin/plugin.json +41 -1
  4. package/.github/plugin/marketplace.json +1 -1
  5. package/README.md +11 -11
  6. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/AGENT.md +57 -0
  7. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  8. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/codex.toml +30 -0
  9. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/copilot.agent.md +31 -0
  10. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/cursor.agent.md +29 -0
  11. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/gemini.agent.md +29 -0
  12. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  13. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  14. package/agents/sap/sap-abap-cloud-rap-reviewer-agent/metadata.json +46 -0
  15. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/AGENT.md +58 -0
  16. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  17. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/codex.toml +31 -0
  18. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/copilot.agent.md +32 -0
  19. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/cursor.agent.md +30 -0
  20. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/gemini.agent.md +30 -0
  21. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  22. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  23. package/agents/sap/sap-ai-core-genai-hub-governance-reviewer-agent/metadata.json +40 -0
  24. package/agents/sap/sap-analytics-cloud-planning-governance-agent/AGENT.md +58 -0
  25. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/claude-code.agent.md +37 -0
  26. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/codex.toml +30 -0
  27. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/copilot.agent.md +31 -0
  28. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/cursor.agent.md +29 -0
  29. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/gemini.agent.md +29 -0
  30. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-cli.agent.json +1 -0
  31. package/agents/sap/sap-analytics-cloud-planning-governance-agent/harnesses/kiro-ide.agent.md +29 -0
  32. package/agents/sap/sap-analytics-cloud-planning-governance-agent/metadata.json +45 -0
  33. package/agents/sap/sap-audit-evidence-packager-agent/AGENT.md +58 -0
  34. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/claude-code.agent.md +38 -0
  35. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/codex.toml +30 -0
  36. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/copilot.agent.md +33 -0
  37. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/cursor.agent.md +31 -0
  38. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/gemini.agent.md +31 -0
  39. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-cli.agent.json +1 -0
  40. package/agents/sap/sap-audit-evidence-packager-agent/harnesses/kiro-ide.agent.md +31 -0
  41. package/agents/sap/sap-audit-evidence-packager-agent/metadata.json +45 -0
  42. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/AGENT.md +58 -0
  43. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  44. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/codex.toml +30 -0
  45. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/copilot.agent.md +31 -0
  46. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/cursor.agent.md +29 -0
  47. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/gemini.agent.md +29 -0
  48. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  49. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  50. package/agents/sap/sap-btp-account-entitlement-governance-reviewer-agent/metadata.json +44 -0
  51. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/AGENT.md +70 -0
  52. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  53. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/codex.toml +42 -0
  54. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  55. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  56. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  57. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  58. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  59. package/agents/sap/sap-btp-entitlement-guarded-operator-agent/metadata.json +41 -0
  60. package/agents/sap/sap-cap-architecture-reviewer-agent/AGENT.md +57 -0
  61. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  62. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/codex.toml +30 -0
  63. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/copilot.agent.md +31 -0
  64. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/cursor.agent.md +29 -0
  65. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/gemini.agent.md +29 -0
  66. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  67. package/agents/sap/sap-cap-architecture-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  68. package/agents/sap/sap-cap-architecture-reviewer-agent/metadata.json +42 -0
  69. package/agents/sap/sap-clean-core-debt-reviewer-agent/AGENT.md +58 -0
  70. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  71. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/codex.toml +31 -0
  72. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/copilot.agent.md +31 -0
  73. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/cursor.agent.md +29 -0
  74. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/gemini.agent.md +29 -0
  75. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  76. package/agents/sap/sap-clean-core-debt-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  77. package/agents/sap/sap-clean-core-debt-reviewer-agent/metadata.json +45 -0
  78. package/agents/sap/sap-cloud-alm-sre-incident-agent/AGENT.md +59 -0
  79. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/claude-code.agent.md +38 -0
  80. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/codex.toml +30 -0
  81. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/copilot.agent.md +32 -0
  82. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/cursor.agent.md +30 -0
  83. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/gemini.agent.md +30 -0
  84. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-cli.agent.json +1 -0
  85. package/agents/sap/sap-cloud-alm-sre-incident-agent/harnesses/kiro-ide.agent.md +30 -0
  86. package/agents/sap/sap-cloud-alm-sre-incident-agent/metadata.json +42 -0
  87. package/agents/sap/sap-custom-code-remediation-reviewer-agent/AGENT.md +60 -0
  88. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/claude-code.agent.md +39 -0
  89. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/codex.toml +29 -0
  90. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/copilot.agent.md +31 -0
  91. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/cursor.agent.md +29 -0
  92. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/gemini.agent.md +29 -0
  93. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  94. package/agents/sap/sap-custom-code-remediation-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  95. package/agents/sap/sap-custom-code-remediation-reviewer-agent/metadata.json +45 -0
  96. package/agents/sap/sap-data-migration-cutover-readiness-agent/AGENT.md +67 -0
  97. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/claude-code.agent.md +46 -0
  98. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/codex.toml +30 -0
  99. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/copilot.agent.md +32 -0
  100. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/cursor.agent.md +30 -0
  101. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/gemini.agent.md +30 -0
  102. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-cli.agent.json +1 -0
  103. package/agents/sap/sap-data-migration-cutover-readiness-agent/harnesses/kiro-ide.agent.md +30 -0
  104. package/agents/sap/sap-data-migration-cutover-readiness-agent/metadata.json +44 -0
  105. package/agents/sap/sap-datasphere-data-product-architect-agent/AGENT.md +58 -0
  106. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/claude-code.agent.md +37 -0
  107. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/codex.toml +30 -0
  108. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/copilot.agent.md +31 -0
  109. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/cursor.agent.md +29 -0
  110. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/gemini.agent.md +29 -0
  111. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  112. package/agents/sap/sap-datasphere-data-product-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  113. package/agents/sap/sap-datasphere-data-product-architect-agent/metadata.json +45 -0
  114. package/agents/sap/sap-ewm-tm-logistics-execution-agent/AGENT.md +59 -0
  115. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/claude-code.agent.md +38 -0
  116. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/codex.toml +30 -0
  117. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/copilot.agent.md +32 -0
  118. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/cursor.agent.md +30 -0
  119. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/gemini.agent.md +30 -0
  120. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-cli.agent.json +1 -0
  121. package/agents/sap/sap-ewm-tm-logistics-execution-agent/harnesses/kiro-ide.agent.md +30 -0
  122. package/agents/sap/sap-ewm-tm-logistics-execution-agent/metadata.json +44 -0
  123. package/agents/sap/sap-finance-fico-controls-agent/AGENT.md +59 -0
  124. package/agents/sap/sap-finance-fico-controls-agent/harnesses/claude-code.agent.md +38 -0
  125. package/agents/sap/sap-finance-fico-controls-agent/harnesses/codex.toml +30 -0
  126. package/agents/sap/sap-finance-fico-controls-agent/harnesses/copilot.agent.md +32 -0
  127. package/agents/sap/sap-finance-fico-controls-agent/harnesses/cursor.agent.md +30 -0
  128. package/agents/sap/sap-finance-fico-controls-agent/harnesses/gemini.agent.md +30 -0
  129. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-cli.agent.json +1 -0
  130. package/agents/sap/sap-finance-fico-controls-agent/harnesses/kiro-ide.agent.md +30 -0
  131. package/agents/sap/sap-finance-fico-controls-agent/metadata.json +45 -0
  132. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/AGENT.md +58 -0
  133. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  134. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/codex.toml +29 -0
  135. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/copilot.agent.md +32 -0
  136. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/cursor.agent.md +30 -0
  137. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/gemini.agent.md +30 -0
  138. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  139. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  140. package/agents/sap/sap-fiori-ui5-ux-reviewer-agent/metadata.json +39 -0
  141. package/agents/sap/sap-guarded-transport-import-operator-agent/AGENT.md +70 -0
  142. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/claude-code.agent.md +51 -0
  143. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/codex.toml +41 -0
  144. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/copilot.agent.md +36 -0
  145. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/cursor.agent.md +33 -0
  146. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/gemini.agent.md +33 -0
  147. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  148. package/agents/sap/sap-guarded-transport-import-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  149. package/agents/sap/sap-guarded-transport-import-operator-agent/metadata.json +45 -0
  150. package/agents/sap/sap-hana-cloud-performance-cost-agent/AGENT.md +58 -0
  151. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/claude-code.agent.md +37 -0
  152. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/codex.toml +30 -0
  153. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/copilot.agent.md +31 -0
  154. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/cursor.agent.md +29 -0
  155. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/gemini.agent.md +29 -0
  156. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-cli.agent.json +1 -0
  157. package/agents/sap/sap-hana-cloud-performance-cost-agent/harnesses/kiro-ide.agent.md +29 -0
  158. package/agents/sap/sap-hana-cloud-performance-cost-agent/metadata.json +43 -0
  159. package/agents/sap/sap-hypercare-incident-commander-agent/AGENT.md +59 -0
  160. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/claude-code.agent.md +38 -0
  161. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/codex.toml +30 -0
  162. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/copilot.agent.md +32 -0
  163. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/cursor.agent.md +30 -0
  164. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/gemini.agent.md +30 -0
  165. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-cli.agent.json +1 -0
  166. package/agents/sap/sap-hypercare-incident-commander-agent/harnesses/kiro-ide.agent.md +30 -0
  167. package/agents/sap/sap-hypercare-incident-commander-agent/metadata.json +42 -0
  168. package/agents/sap/sap-integration-flow-guarded-operator-agent/AGENT.md +70 -0
  169. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/claude-code.agent.md +51 -0
  170. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/codex.toml +41 -0
  171. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/copilot.agent.md +36 -0
  172. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/cursor.agent.md +33 -0
  173. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/gemini.agent.md +33 -0
  174. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  175. package/agents/sap/sap-integration-flow-guarded-operator-agent/harnesses/kiro-ide.agent.md +33 -0
  176. package/agents/sap/sap-integration-flow-guarded-operator-agent/metadata.json +41 -0
  177. package/agents/sap/sap-integration-suite-reviewer-agent/AGENT.md +57 -0
  178. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/claude-code.agent.md +37 -0
  179. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/codex.toml +30 -0
  180. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/copilot.agent.md +31 -0
  181. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/cursor.agent.md +29 -0
  182. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/gemini.agent.md +29 -0
  183. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  184. package/agents/sap/sap-integration-suite-reviewer-agent/harnesses/kiro-ide.agent.md +29 -0
  185. package/agents/sap/sap-integration-suite-reviewer-agent/metadata.json +43 -0
  186. package/agents/sap/sap-joule-governance-adoption-agent/AGENT.md +59 -0
  187. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/claude-code.agent.md +38 -0
  188. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/codex.toml +30 -0
  189. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/copilot.agent.md +32 -0
  190. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/cursor.agent.md +30 -0
  191. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/gemini.agent.md +30 -0
  192. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-cli.agent.json +1 -0
  193. package/agents/sap/sap-joule-governance-adoption-agent/harnesses/kiro-ide.agent.md +30 -0
  194. package/agents/sap/sap-joule-governance-adoption-agent/metadata.json +42 -0
  195. package/agents/sap/sap-license-btp-consumption-finops-agent/AGENT.md +58 -0
  196. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/claude-code.agent.md +37 -0
  197. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/codex.toml +30 -0
  198. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/copilot.agent.md +31 -0
  199. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/cursor.agent.md +29 -0
  200. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/gemini.agent.md +29 -0
  201. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-cli.agent.json +1 -0
  202. package/agents/sap/sap-license-btp-consumption-finops-agent/harnesses/kiro-ide.agent.md +29 -0
  203. package/agents/sap/sap-license-btp-consumption-finops-agent/metadata.json +42 -0
  204. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/AGENT.md +60 -0
  205. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/claude-code.agent.md +40 -0
  206. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/codex.toml +31 -0
  207. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/copilot.agent.md +32 -0
  208. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/cursor.agent.md +30 -0
  209. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/gemini.agent.md +30 -0
  210. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  211. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  212. package/agents/sap/sap-live-readonly-identity-trust-discovery-agent/metadata.json +39 -0
  213. package/agents/sap/sap-live-readonly-landscape-discovery-agent/AGENT.md +60 -0
  214. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/claude-code.agent.md +40 -0
  215. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/codex.toml +31 -0
  216. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/copilot.agent.md +32 -0
  217. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/cursor.agent.md +30 -0
  218. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/gemini.agent.md +30 -0
  219. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-cli.agent.json +1 -0
  220. package/agents/sap/sap-live-readonly-landscape-discovery-agent/harnesses/kiro-ide.agent.md +30 -0
  221. package/agents/sap/sap-live-readonly-landscape-discovery-agent/metadata.json +39 -0
  222. package/agents/sap/sap-maestro-agent/AGENT.md +60 -0
  223. package/agents/sap/sap-maestro-agent/harnesses/claude-code.agent.md +36 -0
  224. package/agents/sap/sap-maestro-agent/harnesses/codex.toml +34 -0
  225. package/agents/sap/sap-maestro-agent/harnesses/copilot.agent.md +32 -0
  226. package/agents/sap/sap-maestro-agent/harnesses/cursor.agent.md +30 -0
  227. package/agents/sap/sap-maestro-agent/harnesses/gemini.agent.md +30 -0
  228. package/agents/sap/sap-maestro-agent/harnesses/kiro-cli.agent.json +1 -0
  229. package/agents/sap/sap-maestro-agent/harnesses/kiro-ide.agent.md +30 -0
  230. package/agents/sap/sap-maestro-agent/metadata.json +39 -0
  231. package/agents/sap/sap-manufacturing-execution-risk-agent/AGENT.md +59 -0
  232. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/claude-code.agent.md +38 -0
  233. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/codex.toml +30 -0
  234. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/copilot.agent.md +32 -0
  235. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/cursor.agent.md +30 -0
  236. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/gemini.agent.md +30 -0
  237. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  238. package/agents/sap/sap-manufacturing-execution-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  239. package/agents/sap/sap-manufacturing-execution-risk-agent/metadata.json +44 -0
  240. package/agents/sap/sap-mdg-master-data-quality-agent/AGENT.md +59 -0
  241. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/claude-code.agent.md +38 -0
  242. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/codex.toml +30 -0
  243. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/copilot.agent.md +32 -0
  244. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/cursor.agent.md +30 -0
  245. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/gemini.agent.md +30 -0
  246. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-cli.agent.json +1 -0
  247. package/agents/sap/sap-mdg-master-data-quality-agent/harnesses/kiro-ide.agent.md +30 -0
  248. package/agents/sap/sap-mdg-master-data-quality-agent/metadata.json +45 -0
  249. package/agents/sap/sap-order-to-cash-agent/AGENT.md +59 -0
  250. package/agents/sap/sap-order-to-cash-agent/harnesses/claude-code.agent.md +38 -0
  251. package/agents/sap/sap-order-to-cash-agent/harnesses/codex.toml +30 -0
  252. package/agents/sap/sap-order-to-cash-agent/harnesses/copilot.agent.md +32 -0
  253. package/agents/sap/sap-order-to-cash-agent/harnesses/cursor.agent.md +30 -0
  254. package/agents/sap/sap-order-to-cash-agent/harnesses/gemini.agent.md +30 -0
  255. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-cli.agent.json +1 -0
  256. package/agents/sap/sap-order-to-cash-agent/harnesses/kiro-ide.agent.md +30 -0
  257. package/agents/sap/sap-order-to-cash-agent/metadata.json +44 -0
  258. package/agents/sap/sap-procurement-ariba-value-leakage-agent/AGENT.md +59 -0
  259. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/claude-code.agent.md +38 -0
  260. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/codex.toml +30 -0
  261. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/copilot.agent.md +32 -0
  262. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/cursor.agent.md +30 -0
  263. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/gemini.agent.md +30 -0
  264. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-cli.agent.json +1 -0
  265. package/agents/sap/sap-procurement-ariba-value-leakage-agent/harnesses/kiro-ide.agent.md +30 -0
  266. package/agents/sap/sap-procurement-ariba-value-leakage-agent/metadata.json +44 -0
  267. package/agents/sap/sap-release-change-collision-agent/AGENT.md +59 -0
  268. package/agents/sap/sap-release-change-collision-agent/harnesses/claude-code.agent.md +38 -0
  269. package/agents/sap/sap-release-change-collision-agent/harnesses/codex.toml +30 -0
  270. package/agents/sap/sap-release-change-collision-agent/harnesses/copilot.agent.md +32 -0
  271. package/agents/sap/sap-release-change-collision-agent/harnesses/cursor.agent.md +30 -0
  272. package/agents/sap/sap-release-change-collision-agent/harnesses/gemini.agent.md +30 -0
  273. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-cli.agent.json +1 -0
  274. package/agents/sap/sap-release-change-collision-agent/harnesses/kiro-ide.agent.md +30 -0
  275. package/agents/sap/sap-release-change-collision-agent/metadata.json +42 -0
  276. package/agents/sap/sap-rise-sla-vendor-risk-agent/AGENT.md +58 -0
  277. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/claude-code.agent.md +37 -0
  278. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/codex.toml +30 -0
  279. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/copilot.agent.md +31 -0
  280. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/cursor.agent.md +29 -0
  281. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/gemini.agent.md +29 -0
  282. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  283. package/agents/sap/sap-rise-sla-vendor-risk-agent/harnesses/kiro-ide.agent.md +29 -0
  284. package/agents/sap/sap-rise-sla-vendor-risk-agent/metadata.json +42 -0
  285. package/agents/sap/sap-role-assignment-guarded-operator-agent/AGENT.md +73 -0
  286. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/claude-code.agent.md +54 -0
  287. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/codex.toml +43 -0
  288. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/copilot.agent.md +38 -0
  289. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/cursor.agent.md +35 -0
  290. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/gemini.agent.md +35 -0
  291. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-cli.agent.json +1 -0
  292. package/agents/sap/sap-role-assignment-guarded-operator-agent/harnesses/kiro-ide.agent.md +35 -0
  293. package/agents/sap/sap-role-assignment-guarded-operator-agent/metadata.json +41 -0
  294. package/agents/sap/sap-s4hana-transformation-architect-agent/AGENT.md +62 -0
  295. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/claude-code.agent.md +41 -0
  296. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/codex.toml +29 -0
  297. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/copilot.agent.md +31 -0
  298. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/cursor.agent.md +29 -0
  299. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/gemini.agent.md +29 -0
  300. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-cli.agent.json +1 -0
  301. package/agents/sap/sap-s4hana-transformation-architect-agent/harnesses/kiro-ide.agent.md +29 -0
  302. package/agents/sap/sap-s4hana-transformation-architect-agent/metadata.json +44 -0
  303. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/AGENT.md +59 -0
  304. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/claude-code.agent.md +38 -0
  305. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/codex.toml +30 -0
  306. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/copilot.agent.md +32 -0
  307. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/cursor.agent.md +30 -0
  308. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/gemini.agent.md +30 -0
  309. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-cli.agent.json +1 -0
  310. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/harnesses/kiro-ide.agent.md +30 -0
  311. package/agents/sap/sap-security-iam-grc-sod-reviewer-agent/metadata.json +44 -0
  312. package/agents/sap/sap-signavio-process-mining-value-agent/AGENT.md +59 -0
  313. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/claude-code.agent.md +38 -0
  314. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/codex.toml +30 -0
  315. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/copilot.agent.md +32 -0
  316. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/cursor.agent.md +30 -0
  317. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/gemini.agent.md +30 -0
  318. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-cli.agent.json +1 -0
  319. package/agents/sap/sap-signavio-process-mining-value-agent/harnesses/kiro-ide.agent.md +30 -0
  320. package/agents/sap/sap-signavio-process-mining-value-agent/metadata.json +44 -0
  321. package/agents/sap/sap-successfactors-hr-process-risk-agent/AGENT.md +59 -0
  322. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/claude-code.agent.md +38 -0
  323. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/codex.toml +30 -0
  324. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/copilot.agent.md +32 -0
  325. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/cursor.agent.md +30 -0
  326. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/gemini.agent.md +30 -0
  327. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  328. package/agents/sap/sap-successfactors-hr-process-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  329. package/agents/sap/sap-successfactors-hr-process-risk-agent/metadata.json +42 -0
  330. package/agents/sap/sap-supply-chain-ibp-resilience-agent/AGENT.md +59 -0
  331. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/claude-code.agent.md +38 -0
  332. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/codex.toml +30 -0
  333. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/copilot.agent.md +32 -0
  334. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/cursor.agent.md +30 -0
  335. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/gemini.agent.md +30 -0
  336. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-cli.agent.json +1 -0
  337. package/agents/sap/sap-supply-chain-ibp-resilience-agent/harnesses/kiro-ide.agent.md +30 -0
  338. package/agents/sap/sap-supply-chain-ibp-resilience-agent/metadata.json +44 -0
  339. package/agents/sap/sap-testing-quality-gate-agent/AGENT.md +59 -0
  340. package/agents/sap/sap-testing-quality-gate-agent/harnesses/claude-code.agent.md +38 -0
  341. package/agents/sap/sap-testing-quality-gate-agent/harnesses/codex.toml +30 -0
  342. package/agents/sap/sap-testing-quality-gate-agent/harnesses/copilot.agent.md +32 -0
  343. package/agents/sap/sap-testing-quality-gate-agent/harnesses/cursor.agent.md +30 -0
  344. package/agents/sap/sap-testing-quality-gate-agent/harnesses/gemini.agent.md +30 -0
  345. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-cli.agent.json +1 -0
  346. package/agents/sap/sap-testing-quality-gate-agent/harnesses/kiro-ide.agent.md +30 -0
  347. package/agents/sap/sap-testing-quality-gate-agent/metadata.json +42 -0
  348. package/agents/sap/sap-transformation-portfolio-triage-agent/AGENT.md +58 -0
  349. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/claude-code.agent.md +37 -0
  350. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/codex.toml +30 -0
  351. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/copilot.agent.md +31 -0
  352. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/cursor.agent.md +29 -0
  353. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/gemini.agent.md +29 -0
  354. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-cli.agent.json +1 -0
  355. package/agents/sap/sap-transformation-portfolio-triage-agent/harnesses/kiro-ide.agent.md +29 -0
  356. package/agents/sap/sap-transformation-portfolio-triage-agent/metadata.json +42 -0
  357. package/agents/sap/sap-treasury-cash-risk-agent/AGENT.md +59 -0
  358. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/claude-code.agent.md +38 -0
  359. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/codex.toml +30 -0
  360. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/copilot.agent.md +32 -0
  361. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/cursor.agent.md +30 -0
  362. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/gemini.agent.md +30 -0
  363. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-cli.agent.json +1 -0
  364. package/agents/sap/sap-treasury-cash-risk-agent/harnesses/kiro-ide.agent.md +30 -0
  365. package/agents/sap/sap-treasury-cash-risk-agent/metadata.json +44 -0
  366. package/catalog/agents.json +1323 -0
  367. package/catalog/asset-integrity.json +2293 -43
  368. package/catalog/install-roles.json +94 -0
  369. package/catalog/skill-manifest.json +1770 -3
  370. package/catalog/skills.json +1912 -1
  371. package/package.json +1 -1
  372. package/plugins/cross-platform-agent-template/.codexignore +7 -0
  373. package/plugins/vanguard-frontier-agentic/.codex-plugin/plugin.json +1 -1
  374. package/plugins/vanguard-frontier-agentic/.codexignore +7 -0
  375. package/powers/README.md +3 -2
  376. package/powers/vanguard-sap/POWER.md +43 -0
  377. package/schemas/agent.schema.json +1 -0
  378. package/schemas/skill.schema.json +1 -0
  379. package/scripts/generate-docs-data.mjs +1 -1
  380. package/scripts/generate-kiro-powers.mjs +12 -0
  381. package/skills/claude/add-educational-comments/metadata.json +1 -1
  382. package/skills/sap/sap-abap-cloud-rap-review/SKILL.md +86 -0
  383. package/skills/sap/sap-abap-cloud-rap-review/agents/openai.yaml +11 -0
  384. package/skills/sap/sap-abap-cloud-rap-review/metadata.json +34 -0
  385. package/skills/sap/sap-abap-cloud-rap-review/references/context7-framework-docs.md +126 -0
  386. package/skills/sap/sap-abap-cloud-rap-review/references/official-sources.md +95 -0
  387. package/skills/sap/sap-abap-cloud-rap-review/references/safety-checklist.md +37 -0
  388. package/skills/sap/sap-abap-cloud-rap-review/references/workflow-and-output.md +76 -0
  389. package/skills/sap/sap-ai-core-generative-ai-hub-governance/SKILL.md +92 -0
  390. package/skills/sap/sap-ai-core-generative-ai-hub-governance/agents/openai.yaml +11 -0
  391. package/skills/sap/sap-ai-core-generative-ai-hub-governance/metadata.json +34 -0
  392. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/context7-framework-docs.md +107 -0
  393. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/official-sources.md +91 -0
  394. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/safety-checklist.md +39 -0
  395. package/skills/sap/sap-ai-core-generative-ai-hub-governance/references/workflow-and-output.md +75 -0
  396. package/skills/sap/sap-ai-governance-security-architecture-protocol/SKILL.md +168 -0
  397. package/skills/sap/sap-ai-governance-security-architecture-protocol/agents/openai.yaml +11 -0
  398. package/skills/sap/sap-ai-governance-security-architecture-protocol/metadata.json +35 -0
  399. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/official-sources.md +99 -0
  400. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/safety-checklist.md +38 -0
  401. package/skills/sap/sap-ai-governance-security-architecture-protocol/references/workflow-and-output.md +89 -0
  402. package/skills/sap/sap-analytics-cloud-planning-governance/SKILL.md +87 -0
  403. package/skills/sap/sap-analytics-cloud-planning-governance/agents/openai.yaml +11 -0
  404. package/skills/sap/sap-analytics-cloud-planning-governance/metadata.json +33 -0
  405. package/skills/sap/sap-analytics-cloud-planning-governance/references/official-sources.md +89 -0
  406. package/skills/sap/sap-analytics-cloud-planning-governance/references/safety-checklist.md +35 -0
  407. package/skills/sap/sap-analytics-cloud-planning-governance/references/workflow-and-output.md +70 -0
  408. package/skills/sap/sap-audit-evidence-packaging/SKILL.md +92 -0
  409. package/skills/sap/sap-audit-evidence-packaging/agents/openai.yaml +11 -0
  410. package/skills/sap/sap-audit-evidence-packaging/metadata.json +33 -0
  411. package/skills/sap/sap-audit-evidence-packaging/references/official-sources.md +92 -0
  412. package/skills/sap/sap-audit-evidence-packaging/references/safety-checklist.md +38 -0
  413. package/skills/sap/sap-audit-evidence-packaging/references/workflow-and-output.md +129 -0
  414. package/skills/sap/sap-btp-governance-review/SKILL.md +84 -0
  415. package/skills/sap/sap-btp-governance-review/agents/openai.yaml +11 -0
  416. package/skills/sap/sap-btp-governance-review/metadata.json +34 -0
  417. package/skills/sap/sap-btp-governance-review/references/official-sources.md +91 -0
  418. package/skills/sap/sap-btp-governance-review/references/safety-checklist.md +35 -0
  419. package/skills/sap/sap-btp-governance-review/references/workflow-and-output.md +66 -0
  420. package/skills/sap/sap-cap-architecture-review/SKILL.md +86 -0
  421. package/skills/sap/sap-cap-architecture-review/agents/openai.yaml +11 -0
  422. package/skills/sap/sap-cap-architecture-review/metadata.json +34 -0
  423. package/skills/sap/sap-cap-architecture-review/references/context7-framework-docs.md +89 -0
  424. package/skills/sap/sap-cap-architecture-review/references/official-sources.md +93 -0
  425. package/skills/sap/sap-cap-architecture-review/references/safety-checklist.md +37 -0
  426. package/skills/sap/sap-cap-architecture-review/references/workflow-and-output.md +74 -0
  427. package/skills/sap/sap-clean-core-debt-review/SKILL.md +84 -0
  428. package/skills/sap/sap-clean-core-debt-review/agents/openai.yaml +11 -0
  429. package/skills/sap/sap-clean-core-debt-review/metadata.json +33 -0
  430. package/skills/sap/sap-clean-core-debt-review/references/context7-framework-docs.md +56 -0
  431. package/skills/sap/sap-clean-core-debt-review/references/official-sources.md +75 -0
  432. package/skills/sap/sap-clean-core-debt-review/references/safety-checklist.md +36 -0
  433. package/skills/sap/sap-clean-core-debt-review/references/workflow-and-output.md +62 -0
  434. package/skills/sap/sap-cloud-alm-sre-incident-review/SKILL.md +83 -0
  435. package/skills/sap/sap-cloud-alm-sre-incident-review/agents/openai.yaml +11 -0
  436. package/skills/sap/sap-cloud-alm-sre-incident-review/metadata.json +33 -0
  437. package/skills/sap/sap-cloud-alm-sre-incident-review/references/official-sources.md +89 -0
  438. package/skills/sap/sap-cloud-alm-sre-incident-review/references/safety-checklist.md +39 -0
  439. package/skills/sap/sap-cloud-alm-sre-incident-review/references/workflow-and-output.md +88 -0
  440. package/skills/sap/sap-custom-code-remediation-review/SKILL.md +83 -0
  441. package/skills/sap/sap-custom-code-remediation-review/agents/openai.yaml +11 -0
  442. package/skills/sap/sap-custom-code-remediation-review/metadata.json +33 -0
  443. package/skills/sap/sap-custom-code-remediation-review/references/official-sources.md +85 -0
  444. package/skills/sap/sap-custom-code-remediation-review/references/safety-checklist.md +39 -0
  445. package/skills/sap/sap-custom-code-remediation-review/references/workflow-and-output.md +83 -0
  446. package/skills/sap/sap-data-migration-cutover-readiness/SKILL.md +90 -0
  447. package/skills/sap/sap-data-migration-cutover-readiness/agents/openai.yaml +14 -0
  448. package/skills/sap/sap-data-migration-cutover-readiness/metadata.json +32 -0
  449. package/skills/sap/sap-data-migration-cutover-readiness/references/official-sources.md +73 -0
  450. package/skills/sap/sap-data-migration-cutover-readiness/references/safety-checklist.md +51 -0
  451. package/skills/sap/sap-data-migration-cutover-readiness/references/workflow-and-output.md +85 -0
  452. package/skills/sap/sap-data-privacy-analytics-ai-protocol/SKILL.md +162 -0
  453. package/skills/sap/sap-data-privacy-analytics-ai-protocol/agents/openai.yaml +11 -0
  454. package/skills/sap/sap-data-privacy-analytics-ai-protocol/metadata.json +34 -0
  455. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/official-sources.md +93 -0
  456. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/safety-checklist.md +39 -0
  457. package/skills/sap/sap-data-privacy-analytics-ai-protocol/references/workflow-and-output.md +78 -0
  458. package/skills/sap/sap-datasphere-data-product-architecture/SKILL.md +86 -0
  459. package/skills/sap/sap-datasphere-data-product-architecture/agents/openai.yaml +11 -0
  460. package/skills/sap/sap-datasphere-data-product-architecture/metadata.json +33 -0
  461. package/skills/sap/sap-datasphere-data-product-architecture/references/official-sources.md +85 -0
  462. package/skills/sap/sap-datasphere-data-product-architecture/references/safety-checklist.md +35 -0
  463. package/skills/sap/sap-datasphere-data-product-architecture/references/workflow-and-output.md +70 -0
  464. package/skills/sap/sap-ewm-tm-logistics-execution-review/SKILL.md +90 -0
  465. package/skills/sap/sap-ewm-tm-logistics-execution-review/agents/openai.yaml +11 -0
  466. package/skills/sap/sap-ewm-tm-logistics-execution-review/metadata.json +32 -0
  467. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/official-sources.md +79 -0
  468. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/safety-checklist.md +37 -0
  469. package/skills/sap/sap-ewm-tm-logistics-execution-review/references/workflow-and-output.md +91 -0
  470. package/skills/sap/sap-finance-fico-controls-review/SKILL.md +91 -0
  471. package/skills/sap/sap-finance-fico-controls-review/agents/openai.yaml +11 -0
  472. package/skills/sap/sap-finance-fico-controls-review/metadata.json +33 -0
  473. package/skills/sap/sap-finance-fico-controls-review/references/official-sources.md +89 -0
  474. package/skills/sap/sap-finance-fico-controls-review/references/safety-checklist.md +38 -0
  475. package/skills/sap/sap-finance-fico-controls-review/references/workflow-and-output.md +88 -0
  476. package/skills/sap/sap-fiori-ui5-ux-review/SKILL.md +87 -0
  477. package/skills/sap/sap-fiori-ui5-ux-review/agents/openai.yaml +14 -0
  478. package/skills/sap/sap-fiori-ui5-ux-review/metadata.json +33 -0
  479. package/skills/sap/sap-fiori-ui5-ux-review/references/context7-framework-docs.md +128 -0
  480. package/skills/sap/sap-fiori-ui5-ux-review/references/official-sources.md +95 -0
  481. package/skills/sap/sap-fiori-ui5-ux-review/references/safety-checklist.md +37 -0
  482. package/skills/sap/sap-fiori-ui5-ux-review/references/workflow-and-output.md +96 -0
  483. package/skills/sap/sap-guarded-btp-entitlement-change/SKILL.md +156 -0
  484. package/skills/sap/sap-guarded-btp-entitlement-change/agents/openai.yaml +17 -0
  485. package/skills/sap/sap-guarded-btp-entitlement-change/metadata.json +33 -0
  486. package/skills/sap/sap-guarded-btp-entitlement-change/references/live-environment-access.md +93 -0
  487. package/skills/sap/sap-guarded-btp-entitlement-change/references/official-sources.md +75 -0
  488. package/skills/sap/sap-guarded-btp-entitlement-change/references/safety-checklist.md +57 -0
  489. package/skills/sap/sap-guarded-btp-entitlement-change/references/workflow-and-output.md +132 -0
  490. package/skills/sap/sap-guarded-integration-flow-change/SKILL.md +151 -0
  491. package/skills/sap/sap-guarded-integration-flow-change/agents/openai.yaml +17 -0
  492. package/skills/sap/sap-guarded-integration-flow-change/metadata.json +33 -0
  493. package/skills/sap/sap-guarded-integration-flow-change/references/live-environment-access.md +80 -0
  494. package/skills/sap/sap-guarded-integration-flow-change/references/official-sources.md +73 -0
  495. package/skills/sap/sap-guarded-integration-flow-change/references/safety-checklist.md +56 -0
  496. package/skills/sap/sap-guarded-integration-flow-change/references/workflow-and-output.md +122 -0
  497. package/skills/sap/sap-guarded-role-assignment/SKILL.md +159 -0
  498. package/skills/sap/sap-guarded-role-assignment/agents/openai.yaml +17 -0
  499. package/skills/sap/sap-guarded-role-assignment/metadata.json +33 -0
  500. package/skills/sap/sap-guarded-role-assignment/references/live-environment-access.md +93 -0
  501. package/skills/sap/sap-guarded-role-assignment/references/official-sources.md +73 -0
  502. package/skills/sap/sap-guarded-role-assignment/references/safety-checklist.md +57 -0
  503. package/skills/sap/sap-guarded-role-assignment/references/workflow-and-output.md +133 -0
  504. package/skills/sap/sap-guarded-transport-import/SKILL.md +144 -0
  505. package/skills/sap/sap-guarded-transport-import/agents/openai.yaml +14 -0
  506. package/skills/sap/sap-guarded-transport-import/metadata.json +34 -0
  507. package/skills/sap/sap-guarded-transport-import/references/live-environment-access.md +81 -0
  508. package/skills/sap/sap-guarded-transport-import/references/official-sources.md +79 -0
  509. package/skills/sap/sap-guarded-transport-import/references/safety-checklist.md +52 -0
  510. package/skills/sap/sap-guarded-transport-import/references/workflow-and-output.md +93 -0
  511. package/skills/sap/sap-hana-cloud-performance-cost/SKILL.md +87 -0
  512. package/skills/sap/sap-hana-cloud-performance-cost/agents/openai.yaml +11 -0
  513. package/skills/sap/sap-hana-cloud-performance-cost/metadata.json +33 -0
  514. package/skills/sap/sap-hana-cloud-performance-cost/references/context7-framework-docs.md +94 -0
  515. package/skills/sap/sap-hana-cloud-performance-cost/references/official-sources.md +83 -0
  516. package/skills/sap/sap-hana-cloud-performance-cost/references/safety-checklist.md +36 -0
  517. package/skills/sap/sap-hana-cloud-performance-cost/references/workflow-and-output.md +68 -0
  518. package/skills/sap/sap-hypercare-incident-commander-review/SKILL.md +93 -0
  519. package/skills/sap/sap-hypercare-incident-commander-review/agents/openai.yaml +14 -0
  520. package/skills/sap/sap-hypercare-incident-commander-review/metadata.json +31 -0
  521. package/skills/sap/sap-hypercare-incident-commander-review/references/official-sources.md +63 -0
  522. package/skills/sap/sap-hypercare-incident-commander-review/references/safety-checklist.md +55 -0
  523. package/skills/sap/sap-hypercare-incident-commander-review/references/workflow-and-output.md +98 -0
  524. package/skills/sap/sap-integration-platform-businessops-protocol/SKILL.md +162 -0
  525. package/skills/sap/sap-integration-platform-businessops-protocol/agents/openai.yaml +11 -0
  526. package/skills/sap/sap-integration-platform-businessops-protocol/metadata.json +35 -0
  527. package/skills/sap/sap-integration-platform-businessops-protocol/references/official-sources.md +99 -0
  528. package/skills/sap/sap-integration-platform-businessops-protocol/references/safety-checklist.md +36 -0
  529. package/skills/sap/sap-integration-platform-businessops-protocol/references/workflow-and-output.md +76 -0
  530. package/skills/sap/sap-integration-suite-review/SKILL.md +87 -0
  531. package/skills/sap/sap-integration-suite-review/agents/openai.yaml +11 -0
  532. package/skills/sap/sap-integration-suite-review/metadata.json +33 -0
  533. package/skills/sap/sap-integration-suite-review/references/context7-framework-docs.md +76 -0
  534. package/skills/sap/sap-integration-suite-review/references/official-sources.md +79 -0
  535. package/skills/sap/sap-integration-suite-review/references/safety-checklist.md +36 -0
  536. package/skills/sap/sap-integration-suite-review/references/workflow-and-output.md +78 -0
  537. package/skills/sap/sap-joule-governance-adoption-review/SKILL.md +83 -0
  538. package/skills/sap/sap-joule-governance-adoption-review/agents/openai.yaml +11 -0
  539. package/skills/sap/sap-joule-governance-adoption-review/metadata.json +33 -0
  540. package/skills/sap/sap-joule-governance-adoption-review/references/official-sources.md +83 -0
  541. package/skills/sap/sap-joule-governance-adoption-review/references/safety-checklist.md +37 -0
  542. package/skills/sap/sap-joule-governance-adoption-review/references/workflow-and-output.md +81 -0
  543. package/skills/sap/sap-license-btp-consumption-finops-review/SKILL.md +89 -0
  544. package/skills/sap/sap-license-btp-consumption-finops-review/agents/openai.yaml +11 -0
  545. package/skills/sap/sap-license-btp-consumption-finops-review/metadata.json +32 -0
  546. package/skills/sap/sap-license-btp-consumption-finops-review/references/official-sources.md +71 -0
  547. package/skills/sap/sap-license-btp-consumption-finops-review/references/safety-checklist.md +36 -0
  548. package/skills/sap/sap-license-btp-consumption-finops-review/references/workflow-and-output.md +69 -0
  549. package/skills/sap/sap-live-readonly-identity-trust-discovery/SKILL.md +142 -0
  550. package/skills/sap/sap-live-readonly-identity-trust-discovery/agents/openai.yaml +14 -0
  551. package/skills/sap/sap-live-readonly-identity-trust-discovery/metadata.json +34 -0
  552. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/live-environment-access.md +151 -0
  553. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/official-sources.md +83 -0
  554. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/safety-checklist.md +49 -0
  555. package/skills/sap/sap-live-readonly-identity-trust-discovery/references/workflow-and-output.md +103 -0
  556. package/skills/sap/sap-live-readonly-landscape-discovery/SKILL.md +135 -0
  557. package/skills/sap/sap-live-readonly-landscape-discovery/agents/openai.yaml +14 -0
  558. package/skills/sap/sap-live-readonly-landscape-discovery/metadata.json +34 -0
  559. package/skills/sap/sap-live-readonly-landscape-discovery/references/live-environment-access.md +111 -0
  560. package/skills/sap/sap-live-readonly-landscape-discovery/references/official-sources.md +83 -0
  561. package/skills/sap/sap-live-readonly-landscape-discovery/references/safety-checklist.md +45 -0
  562. package/skills/sap/sap-live-readonly-landscape-discovery/references/workflow-and-output.md +102 -0
  563. package/skills/sap/sap-maestro/SKILL.md +81 -0
  564. package/skills/sap/sap-maestro/agents/openai.yaml +11 -0
  565. package/skills/sap/sap-maestro/metadata.json +32 -0
  566. package/skills/sap/sap-maestro/references/official-sources.md +53 -0
  567. package/skills/sap/sap-maestro/references/safety-checklist.md +39 -0
  568. package/skills/sap/sap-maestro/references/workflow-and-output.md +73 -0
  569. package/skills/sap/sap-manufacturing-execution-risk-review/SKILL.md +89 -0
  570. package/skills/sap/sap-manufacturing-execution-risk-review/agents/openai.yaml +11 -0
  571. package/skills/sap/sap-manufacturing-execution-risk-review/metadata.json +32 -0
  572. package/skills/sap/sap-manufacturing-execution-risk-review/references/official-sources.md +79 -0
  573. package/skills/sap/sap-manufacturing-execution-risk-review/references/safety-checklist.md +39 -0
  574. package/skills/sap/sap-manufacturing-execution-risk-review/references/workflow-and-output.md +91 -0
  575. package/skills/sap/sap-mdg-master-data-quality-review/SKILL.md +85 -0
  576. package/skills/sap/sap-mdg-master-data-quality-review/agents/openai.yaml +11 -0
  577. package/skills/sap/sap-mdg-master-data-quality-review/metadata.json +33 -0
  578. package/skills/sap/sap-mdg-master-data-quality-review/references/official-sources.md +89 -0
  579. package/skills/sap/sap-mdg-master-data-quality-review/references/safety-checklist.md +37 -0
  580. package/skills/sap/sap-mdg-master-data-quality-review/references/workflow-and-output.md +91 -0
  581. package/skills/sap/sap-order-to-cash-review/SKILL.md +89 -0
  582. package/skills/sap/sap-order-to-cash-review/agents/openai.yaml +11 -0
  583. package/skills/sap/sap-order-to-cash-review/metadata.json +32 -0
  584. package/skills/sap/sap-order-to-cash-review/references/official-sources.md +79 -0
  585. package/skills/sap/sap-order-to-cash-review/references/safety-checklist.md +39 -0
  586. package/skills/sap/sap-order-to-cash-review/references/workflow-and-output.md +87 -0
  587. package/skills/sap/sap-procurement-ariba-value-leakage-review/SKILL.md +90 -0
  588. package/skills/sap/sap-procurement-ariba-value-leakage-review/agents/openai.yaml +11 -0
  589. package/skills/sap/sap-procurement-ariba-value-leakage-review/metadata.json +32 -0
  590. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/official-sources.md +79 -0
  591. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/safety-checklist.md +38 -0
  592. package/skills/sap/sap-procurement-ariba-value-leakage-review/references/workflow-and-output.md +87 -0
  593. package/skills/sap/sap-procurement-license-finops-vendor-protocol/SKILL.md +155 -0
  594. package/skills/sap/sap-procurement-license-finops-vendor-protocol/agents/openai.yaml +11 -0
  595. package/skills/sap/sap-procurement-license-finops-vendor-protocol/metadata.json +35 -0
  596. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/official-sources.md +99 -0
  597. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/safety-checklist.md +36 -0
  598. package/skills/sap/sap-procurement-license-finops-vendor-protocol/references/workflow-and-output.md +62 -0
  599. package/skills/sap/sap-release-change-collision-review/SKILL.md +92 -0
  600. package/skills/sap/sap-release-change-collision-review/agents/openai.yaml +14 -0
  601. package/skills/sap/sap-release-change-collision-review/metadata.json +31 -0
  602. package/skills/sap/sap-release-change-collision-review/references/official-sources.md +63 -0
  603. package/skills/sap/sap-release-change-collision-review/references/safety-checklist.md +51 -0
  604. package/skills/sap/sap-release-change-collision-review/references/workflow-and-output.md +85 -0
  605. package/skills/sap/sap-release-cutover-finance-controls-protocol/SKILL.md +170 -0
  606. package/skills/sap/sap-release-cutover-finance-controls-protocol/agents/openai.yaml +11 -0
  607. package/skills/sap/sap-release-cutover-finance-controls-protocol/metadata.json +33 -0
  608. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/official-sources.md +89 -0
  609. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/safety-checklist.md +39 -0
  610. package/skills/sap/sap-release-cutover-finance-controls-protocol/references/workflow-and-output.md +98 -0
  611. package/skills/sap/sap-rise-sla-vendor-risk-review/SKILL.md +88 -0
  612. package/skills/sap/sap-rise-sla-vendor-risk-review/agents/openai.yaml +11 -0
  613. package/skills/sap/sap-rise-sla-vendor-risk-review/metadata.json +32 -0
  614. package/skills/sap/sap-rise-sla-vendor-risk-review/references/official-sources.md +73 -0
  615. package/skills/sap/sap-rise-sla-vendor-risk-review/references/safety-checklist.md +36 -0
  616. package/skills/sap/sap-rise-sla-vendor-risk-review/references/workflow-and-output.md +56 -0
  617. package/skills/sap/sap-s4hana-transformation-architecture-review/SKILL.md +84 -0
  618. package/skills/sap/sap-s4hana-transformation-architecture-review/agents/openai.yaml +14 -0
  619. package/skills/sap/sap-s4hana-transformation-architecture-review/metadata.json +32 -0
  620. package/skills/sap/sap-s4hana-transformation-architecture-review/references/official-sources.md +75 -0
  621. package/skills/sap/sap-s4hana-transformation-architecture-review/references/safety-checklist.md +40 -0
  622. package/skills/sap/sap-s4hana-transformation-architecture-review/references/workflow-and-output.md +67 -0
  623. package/skills/sap/sap-security-hr-legal-protocol/SKILL.md +149 -0
  624. package/skills/sap/sap-security-hr-legal-protocol/agents/openai.yaml +11 -0
  625. package/skills/sap/sap-security-hr-legal-protocol/metadata.json +34 -0
  626. package/skills/sap/sap-security-hr-legal-protocol/references/official-sources.md +89 -0
  627. package/skills/sap/sap-security-hr-legal-protocol/references/safety-checklist.md +38 -0
  628. package/skills/sap/sap-security-hr-legal-protocol/references/workflow-and-output.md +65 -0
  629. package/skills/sap/sap-security-iam-grc-sod-review/SKILL.md +86 -0
  630. package/skills/sap/sap-security-iam-grc-sod-review/agents/openai.yaml +11 -0
  631. package/skills/sap/sap-security-iam-grc-sod-review/metadata.json +33 -0
  632. package/skills/sap/sap-security-iam-grc-sod-review/references/official-sources.md +83 -0
  633. package/skills/sap/sap-security-iam-grc-sod-review/references/safety-checklist.md +36 -0
  634. package/skills/sap/sap-security-iam-grc-sod-review/references/workflow-and-output.md +79 -0
  635. package/skills/sap/sap-signavio-process-mining-value/SKILL.md +85 -0
  636. package/skills/sap/sap-signavio-process-mining-value/agents/openai.yaml +11 -0
  637. package/skills/sap/sap-signavio-process-mining-value/metadata.json +33 -0
  638. package/skills/sap/sap-signavio-process-mining-value/references/official-sources.md +89 -0
  639. package/skills/sap/sap-signavio-process-mining-value/references/safety-checklist.md +36 -0
  640. package/skills/sap/sap-signavio-process-mining-value/references/workflow-and-output.md +91 -0
  641. package/skills/sap/sap-successfactors-hr-process-risk-review/SKILL.md +92 -0
  642. package/skills/sap/sap-successfactors-hr-process-risk-review/agents/openai.yaml +11 -0
  643. package/skills/sap/sap-successfactors-hr-process-risk-review/metadata.json +33 -0
  644. package/skills/sap/sap-successfactors-hr-process-risk-review/references/official-sources.md +83 -0
  645. package/skills/sap/sap-successfactors-hr-process-risk-review/references/safety-checklist.md +38 -0
  646. package/skills/sap/sap-successfactors-hr-process-risk-review/references/workflow-and-output.md +86 -0
  647. package/skills/sap/sap-supply-chain-ibp-resilience-review/SKILL.md +90 -0
  648. package/skills/sap/sap-supply-chain-ibp-resilience-review/agents/openai.yaml +11 -0
  649. package/skills/sap/sap-supply-chain-ibp-resilience-review/metadata.json +32 -0
  650. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/official-sources.md +79 -0
  651. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/safety-checklist.md +38 -0
  652. package/skills/sap/sap-supply-chain-ibp-resilience-review/references/workflow-and-output.md +89 -0
  653. package/skills/sap/sap-testing-quality-gate-review/SKILL.md +92 -0
  654. package/skills/sap/sap-testing-quality-gate-review/agents/openai.yaml +14 -0
  655. package/skills/sap/sap-testing-quality-gate-review/metadata.json +31 -0
  656. package/skills/sap/sap-testing-quality-gate-review/references/official-sources.md +65 -0
  657. package/skills/sap/sap-testing-quality-gate-review/references/safety-checklist.md +53 -0
  658. package/skills/sap/sap-testing-quality-gate-review/references/workflow-and-output.md +98 -0
  659. package/skills/sap/sap-transformation-portfolio-triage-review/SKILL.md +87 -0
  660. package/skills/sap/sap-transformation-portfolio-triage-review/agents/openai.yaml +11 -0
  661. package/skills/sap/sap-transformation-portfolio-triage-review/metadata.json +32 -0
  662. package/skills/sap/sap-transformation-portfolio-triage-review/references/official-sources.md +71 -0
  663. package/skills/sap/sap-transformation-portfolio-triage-review/references/safety-checklist.md +36 -0
  664. package/skills/sap/sap-transformation-portfolio-triage-review/references/workflow-and-output.md +69 -0
  665. package/skills/sap/sap-treasury-cash-risk-review/SKILL.md +90 -0
  666. package/skills/sap/sap-treasury-cash-risk-review/agents/openai.yaml +11 -0
  667. package/skills/sap/sap-treasury-cash-risk-review/metadata.json +32 -0
  668. package/skills/sap/sap-treasury-cash-risk-review/references/official-sources.md +79 -0
  669. package/skills/sap/sap-treasury-cash-risk-review/references/safety-checklist.md +38 -0
  670. package/skills/sap/sap-treasury-cash-risk-review/references/workflow-and-output.md +89 -0
  671. package/tests/fixtures/sap-maestro-routing/expected/01-clean-core-debt.json +6 -0
  672. package/tests/fixtures/sap-maestro-routing/expected/02-landscape-discovery.json +6 -0
  673. package/tests/fixtures/sap-maestro-routing/expected/03-live-guard-transport.json +6 -0
  674. package/tests/fixtures/sap-maestro-routing/expected/04-adversarial-injection.json +6 -0
  675. package/tests/fixtures/sap-maestro-routing/expected/05-adversarial-persona.json +6 -0
  676. package/tests/fixtures/sap-maestro-routing/expected/06-ambiguous.json +4 -0
  677. package/tests/fixtures/sap-maestro-routing/expected/07-secrets-bait.json +6 -0
  678. package/tests/fixtures/sap-maestro-routing/expected/08-btp-governance.json +6 -0
  679. package/tests/fixtures/sap-maestro-routing/expected/09-integration-suite.json +6 -0
  680. package/tests/fixtures/sap-maestro-routing/expected/10-security-sod.json +6 -0
  681. package/tests/fixtures/sap-maestro-routing/expected/11-cap-architecture.json +6 -0
  682. package/tests/fixtures/sap-maestro-routing/expected/12-abap-cloud-rap.json +7 -0
  683. package/tests/fixtures/sap-maestro-routing/expected/13-ai-governance.json +6 -0
  684. package/tests/fixtures/sap-maestro-routing/expected/14-datasphere.json +6 -0
  685. package/tests/fixtures/sap-maestro-routing/expected/15-analytics-cloud.json +6 -0
  686. package/tests/fixtures/sap-maestro-routing/expected/16-hana-cloud.json +6 -0
  687. package/tests/fixtures/sap-maestro-routing/expected/17-s4hana-transformation.json +6 -0
  688. package/tests/fixtures/sap-maestro-routing/expected/18-custom-code-remediation.json +6 -0
  689. package/tests/fixtures/sap-maestro-routing/expected/19-data-migration-cutover.json +6 -0
  690. package/tests/fixtures/sap-maestro-routing/expected/20-finance-fico.json +6 -0
  691. package/tests/fixtures/sap-maestro-routing/expected/21-mdg-master-data.json +6 -0
  692. package/tests/fixtures/sap-maestro-routing/expected/22-signavio.json +6 -0
  693. package/tests/fixtures/sap-maestro-routing/expected/23-procurement-ariba.json +6 -0
  694. package/tests/fixtures/sap-maestro-routing/expected/24-supply-chain-ibp.json +6 -0
  695. package/tests/fixtures/sap-maestro-routing/expected/25-order-to-cash.json +6 -0
  696. package/tests/fixtures/sap-maestro-routing/expected/26-treasury.json +6 -0
  697. package/tests/fixtures/sap-maestro-routing/expected/27-ewm-tm.json +6 -0
  698. package/tests/fixtures/sap-maestro-routing/expected/28-manufacturing.json +6 -0
  699. package/tests/fixtures/sap-maestro-routing/expected/29-successfactors.json +6 -0
  700. package/tests/fixtures/sap-maestro-routing/expected/30-joule.json +6 -0
  701. package/tests/fixtures/sap-maestro-routing/expected/31-cloud-alm.json +6 -0
  702. package/tests/fixtures/sap-maestro-routing/expected/32-transformation-portfolio.json +6 -0
  703. package/tests/fixtures/sap-maestro-routing/expected/33-rise-sla.json +6 -0
  704. package/tests/fixtures/sap-maestro-routing/expected/34-license-finops.json +6 -0
  705. package/tests/fixtures/sap-maestro-routing/expected/35-testing-quality.json +6 -0
  706. package/tests/fixtures/sap-maestro-routing/expected/36-release-collision.json +6 -0
  707. package/tests/fixtures/sap-maestro-routing/expected/37-hypercare.json +6 -0
  708. package/tests/fixtures/sap-maestro-routing/expected/38-identity-trust.json +6 -0
  709. package/tests/fixtures/sap-maestro-routing/expected/39-fiori-ui5.json +6 -0
  710. package/tests/fixtures/sap-maestro-routing/expected/40-audit-evidence.json +6 -0
  711. package/tests/fixtures/sap-maestro-routing/expected/41-guard-role-assign.json +6 -0
  712. package/tests/fixtures/sap-maestro-routing/expected/42-guard-iflow-deploy.json +6 -0
  713. package/tests/fixtures/sap-maestro-routing/expected/43-guard-entitlement.json +6 -0
  714. package/tests/fixtures/sap-maestro-routing/inputs/01-clean-core-debt.json +5 -0
  715. package/tests/fixtures/sap-maestro-routing/inputs/02-landscape-discovery.json +5 -0
  716. package/tests/fixtures/sap-maestro-routing/inputs/03-live-guard-transport.json +7 -0
  717. package/tests/fixtures/sap-maestro-routing/inputs/04-adversarial-injection.json +7 -0
  718. package/tests/fixtures/sap-maestro-routing/inputs/05-adversarial-persona.json +7 -0
  719. package/tests/fixtures/sap-maestro-routing/inputs/06-ambiguous.json +7 -0
  720. package/tests/fixtures/sap-maestro-routing/inputs/07-secrets-bait.json +7 -0
  721. package/tests/fixtures/sap-maestro-routing/inputs/08-btp-governance.json +7 -0
  722. package/tests/fixtures/sap-maestro-routing/inputs/09-integration-suite.json +7 -0
  723. package/tests/fixtures/sap-maestro-routing/inputs/10-security-sod.json +7 -0
  724. package/tests/fixtures/sap-maestro-routing/inputs/11-cap-architecture.json +7 -0
  725. package/tests/fixtures/sap-maestro-routing/inputs/12-abap-cloud-rap.json +7 -0
  726. package/tests/fixtures/sap-maestro-routing/inputs/13-ai-governance.json +7 -0
  727. package/tests/fixtures/sap-maestro-routing/inputs/14-datasphere.json +7 -0
  728. package/tests/fixtures/sap-maestro-routing/inputs/15-analytics-cloud.json +7 -0
  729. package/tests/fixtures/sap-maestro-routing/inputs/16-hana-cloud.json +7 -0
  730. package/tests/fixtures/sap-maestro-routing/inputs/17-s4hana-transformation.json +7 -0
  731. package/tests/fixtures/sap-maestro-routing/inputs/18-custom-code-remediation.json +7 -0
  732. package/tests/fixtures/sap-maestro-routing/inputs/19-data-migration-cutover.json +7 -0
  733. package/tests/fixtures/sap-maestro-routing/inputs/20-finance-fico.json +7 -0
  734. package/tests/fixtures/sap-maestro-routing/inputs/21-mdg-master-data.json +7 -0
  735. package/tests/fixtures/sap-maestro-routing/inputs/22-signavio.json +7 -0
  736. package/tests/fixtures/sap-maestro-routing/inputs/23-procurement-ariba.json +7 -0
  737. package/tests/fixtures/sap-maestro-routing/inputs/24-supply-chain-ibp.json +7 -0
  738. package/tests/fixtures/sap-maestro-routing/inputs/25-order-to-cash.json +7 -0
  739. package/tests/fixtures/sap-maestro-routing/inputs/26-treasury.json +7 -0
  740. package/tests/fixtures/sap-maestro-routing/inputs/27-ewm-tm.json +7 -0
  741. package/tests/fixtures/sap-maestro-routing/inputs/28-manufacturing.json +7 -0
  742. package/tests/fixtures/sap-maestro-routing/inputs/29-successfactors.json +7 -0
  743. package/tests/fixtures/sap-maestro-routing/inputs/30-joule.json +7 -0
  744. package/tests/fixtures/sap-maestro-routing/inputs/31-cloud-alm.json +7 -0
  745. package/tests/fixtures/sap-maestro-routing/inputs/32-transformation-portfolio.json +7 -0
  746. package/tests/fixtures/sap-maestro-routing/inputs/33-rise-sla.json +7 -0
  747. package/tests/fixtures/sap-maestro-routing/inputs/34-license-finops.json +7 -0
  748. package/tests/fixtures/sap-maestro-routing/inputs/35-testing-quality.json +7 -0
  749. package/tests/fixtures/sap-maestro-routing/inputs/36-release-collision.json +7 -0
  750. package/tests/fixtures/sap-maestro-routing/inputs/37-hypercare.json +7 -0
  751. package/tests/fixtures/sap-maestro-routing/inputs/38-identity-trust.json +7 -0
  752. package/tests/fixtures/sap-maestro-routing/inputs/39-fiori-ui5.json +7 -0
  753. package/tests/fixtures/sap-maestro-routing/inputs/40-audit-evidence.json +7 -0
  754. package/tests/fixtures/sap-maestro-routing/inputs/41-guard-role-assign.json +7 -0
  755. package/tests/fixtures/sap-maestro-routing/inputs/42-guard-iflow-deploy.json +7 -0
  756. package/tests/fixtures/sap-maestro-routing/inputs/43-guard-entitlement.json +7 -0
  757. package/tests/fixtures/sap-maestro-routing/taxonomy.json +509 -0
  758. package/tests/validate-catalog.py +1 -0
@@ -0,0 +1,149 @@
1
+ ---
2
+ name: sap-security-hr-legal-protocol
3
+ description: Cross-functional escalation protocol governing handoffs between SAP Security, HR, and Legal when identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive system access, joiner/mover/leaver lifecycle events, or fraud-sensitive access patterns require coordinated response. Defines decision rights, evidence standards, redaction policy, approval gates, and audit packaging. Never mutates live systems and never bypasses any guarded-mutating gate.
4
+ allowed-tools: Read Grep Glob WebSearch WebFetch
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-06-19"
9
+ category: compliance
10
+ lifecycle: experimental
11
+ ---
12
+
13
+ # SAP Security HR Legal Escalation Protocol
14
+
15
+ ## Purpose
16
+
17
+ This skill defines the cross-functional coordination and handoff contract between SAP Security, Human Resources, and Legal when an identity or access event requires multi-domain response. It establishes which agents hold decision rights at each stage, what evidence must be collected and redacted before sharing across functions, which actions are irreversible and require explicit approval, and what the audit package must contain to satisfy internal audit, external regulators, and employment-law obligations.
18
+
19
+ This is a governance coordination document. It does not mutate any SAP system, does not trigger any provisioning or deprovisioning action, does not close or approve any GRC access violation, and does not initiate any HR or Legal action. All mutations remain gated behind the relevant guarded-mutating operator agents. No guarded gate is bypassed.
20
+
21
+ ## When to use
22
+
23
+ Invoke this protocol when any of the following trigger conditions apply:
24
+
25
+ - **Identity misuse or suspected account compromise**: An active user account shows access patterns inconsistent with job function, time-of-access anomalies, bulk data extraction indicators, or repeated failed authentications from unexpected locations.
26
+ - **Privileged-access anomalies**: A superuser, firefighter (EAM), basis administrator, or SAP\_ALL holder exhibits access outside an approved change window, accesses HR-sensitive or payroll-relevant transactions not included in the original firefighter scope, or fails to complete mandatory post-access log review.
27
+ - **SoD violations with fraud-sensitive transaction pairs**: GRC Access Control raises a critical or high SoD conflict involving procure-to-pay, payroll disbursement, vendor master maintenance, financial period-close journals, or revenue recognition entries — and the conflict involves an active employee (not a system account).
28
+ - **Insider-risk signals**: Security monitoring, DLP, or SIEM surfaces exfiltration indicators against HR data stores (SuccessFactors, HCM), payroll systems, financial master data, or confidential business planning data.
29
+ - **HR-sensitive system access outside authorized scope**: Access to SuccessFactors Employee Central, compensation planning, performance ratings, succession data, or talent profiles by a user whose role does not include HR stewardship.
30
+ - **Joiner/mover/leaver lifecycle gaps**: A leavers process was not completed on the effective date (system access remains active for a departed employee), a mover's previous access was not removed when a new role was granted, or a joiner received access that exceeds the approved role matrix.
31
+ - **Fraud-sensitive access escalation**: Finance or audit identifies a pattern of journal entries, payment runs, or vendor changes executed by a single user without SoD separation, and the pattern warrants investigation that may touch HR employment records or legal hold obligations.
32
+
33
+ ## Participating agents
34
+
35
+ The following agents operate within this protocol. Each holds a defined role and must not act outside its lane without explicit cross-function approval per the decision rights table.
36
+
37
+ - `sap-security-iam-grc-sod-reviewer-agent` — Lead for identity and access evidence collection, SoD conflict classification, GRC finding triage, and access risk narrative. Does not modify role assignments or provisioning state.
38
+ - `sap-successfactors-hr-process-risk-agent` — HR-domain specialist assessing SuccessFactors configuration, HR data access policy compliance, joiner/mover/leaver process integrity, and sensitivity classifications for HR data elements. Does not read or share unredacted HR data outside the HR function.
39
+ - `sap-role-assignment-guarded-operator-agent` — The sole agent authorized to execute role assignment or removal actions in SAP systems. All role changes proposed by the protocol must be queued to this agent and require dual approval before execution. This agent is the only guarded-mutating gate in this protocol.
40
+
41
+ ## Required evidence
42
+
43
+ Before any cross-function handoff is initiated, the following evidence must be assembled by the requesting function:
44
+
45
+ 1. **Identity evidence**: Username, employee ID (if known), system (ECC, S/4HANA, BTP subaccount, SuccessFactors tenant), and access log extract covering the relevant time window. Timestamps must be in UTC.
46
+ 2. **Access pattern evidence**: Transaction codes accessed, authorization objects exercised, GRC Access Control conflict report (if available), and EAM firefighter log (if the user held a firefighter ID).
47
+ 3. **Role assignment state**: Current role or role collection assignments, last provisioning event date, IPS provisioning job log (if applicable), and GRC user access review status.
48
+ 4. **HR lifecycle state**: Joiner date, most recent position change date, effective termination date (if leaver), and HR system-of-record confirmation of current employment status. This evidence is assembled by HR and shared in redacted form per the redaction policy below.
49
+ 5. **Business process context**: Which business process is affected (P2P, O2C, payroll, financial close, HR master data), whether the access event coincides with a period-end or approval window, and whether any compensating controls exist.
50
+
51
+ ## Redaction policy
52
+
53
+ Personal HR data (compensation, performance ratings, disciplinary records, health-related information, succession planning data) must be redacted before evidence is shared outside the HR function. When HR evidence is required by Security or Legal:
54
+
55
+ - HR provides a **redacted summary** confirming employment status, role, effective dates, and whether the lifecycle event (join/move/leave) was processed on time.
56
+ - Full HR records are shared only with Legal under legal-hold or employment-law obligation, via a controlled document transfer that is logged in the audit package.
57
+ - System access logs that contain HR transaction data are treated as HR-sensitive and are handled by the `sap-successfactors-hr-process-risk-agent`; Security receives a classified summary, not the raw log.
58
+ - No unredacted HR data is included in GRC findings, change tickets, or incident reports visible to operational teams.
59
+
60
+ ## Decision rights
61
+
62
+ | Decision | Primary authority | Secondary approval required | Notes |
63
+ |---|---|---|---|
64
+ | Classify access event as security incident | SAP Security (sap-security-iam-grc-sod-reviewer-agent) | None for classification | Classification does not trigger any system mutation |
65
+ | Suspend or disable a user account | SAP Security + HR jointly | Legal notification if employment action may follow | Must route through sap-role-assignment-guarded-operator-agent; requires dual approval |
66
+ | Remove role assignments | SAP Security proposes; HR confirms no operational dependency | sap-role-assignment-guarded-operator-agent executes only after dual approval | Irreversible-action gate applies; see below |
67
+ | Place legal hold on access logs | Legal | HR acknowledgment | Triggers evidence preservation; no system mutation by this protocol |
68
+ | Disclose access findings to employee | HR + Legal jointly | — | Security provides classified summary only; HR/Legal manage disclosure |
69
+ | Close GRC access violation | GRC / audit team | Outside scope of this protocol | This protocol does not close GRC violations |
70
+ | Re-grant access post-investigation | HR confirms role legitimacy; Security confirms SoD clearance | Management approval per access matrix | Routes through sap-role-assignment-guarded-operator-agent with all approvals documented |
71
+
72
+ ## Escalation owners
73
+
74
+ | Scenario | First escalation owner | Second escalation owner |
75
+ |---|---|---|
76
+ | Unmitigated critical SoD conflict involving active employee | GRC / internal audit | Chief Risk Officer |
77
+ | Suspected identity misuse with HR data access | CISO | Chief People Officer |
78
+ | Insider-risk signal with potential fraud impact | Chief Risk Officer | General Counsel |
79
+ | Leavers process gap with post-termination access | HR Operations | CISO |
80
+ | Employment-law or disciplinary dimension | General Counsel | Chief People Officer |
81
+ | Regulatory reporting obligation triggered | Chief Risk Officer + General Counsel jointly | — |
82
+
83
+ ## Irreversible-action gate
84
+
85
+ The following actions are classified as irreversible or high-consequence and must not proceed without the approvals listed:
86
+
87
+ - **Account suspension or disablement**: Requires written approval from CISO and VP HR. Approval must be recorded in the audit package before the action is queued to `sap-role-assignment-guarded-operator-agent`.
88
+ - **Role assignment removal in production**: Requires written approval from SAP Security lead and the business process owner of the affected function. If the removal affects payroll or financial-close roles, Finance Controls must also approve.
89
+ - **Permanent account deletion or anonymization**: Requires Legal sign-off confirming no legal-hold obligations attach to the account, plus HR confirmation that the employee lifecycle is fully closed.
90
+ - **Evidence deletion or log purge**: Prohibited during active investigation. Any retention policy execution that would delete relevant logs must be suspended via Legal hold.
91
+
92
+ This protocol does not execute any irreversible action. It surfaces the required approvals and queues the action to the appropriate guarded-mutating agent once all approvals are documented.
93
+
94
+ ## Approval requirements
95
+
96
+ All cross-function actions under this protocol require approvals to be documented in writing (ticket, email chain, or signed document) before execution. Verbal approvals are not accepted. The audit package must include the approval record for every action taken.
97
+
98
+ Minimum approval quorum per action class:
99
+
100
+ - **Security-only actions** (classification, evidence collection): SAP Security lead sign-off.
101
+ - **HR-touching actions** (leaver processing, role removal for HR data access): SAP Security lead + HR Operations lead.
102
+ - **Legal-dimension actions** (legal hold, disclosure, regulatory reporting): General Counsel or delegate.
103
+ - **Production role mutations**: SAP Security lead + business process owner + (if financial) Finance Controls lead. Executed only via `sap-role-assignment-guarded-operator-agent`.
104
+
105
+ ## Audit package
106
+
107
+ The audit package for every protocol invocation must contain:
108
+
109
+ 1. **Event summary**: Trigger condition, systems involved, time window, and user identity (anonymized in shared copies per redaction policy).
110
+ 2. **Evidence inventory**: List of all artifacts collected (log extracts, GRC reports, role exports, IPS provisioning logs), with source system, collection timestamp, and evidence handler.
111
+ 3. **Redaction log**: What was redacted, by whom, and why, for each HR-sensitive document included.
112
+ 4. **Decision log**: Each decision taken, who held decision authority, secondary approvals obtained, and timestamp.
113
+ 5. **Action log**: Each system action taken (or deferred), the agent that executed it, the approval reference, and the outcome.
114
+ 6. **Escalation log**: Each escalation event, who was notified, when, and the response received.
115
+ 7. **Legal hold status**: Confirmation of whether a legal hold was placed and which artifacts are in scope.
116
+ 8. **Resolution and closure**: Final disposition (access revoked, incident closed, HR action initiated, regulatory report filed), residual risk statement, and any compensating controls put in place.
117
+
118
+ ## Refusal conditions
119
+
120
+ This protocol and all participating agents must refuse the following requests:
121
+
122
+ - Executing any role assignment, role removal, account suspension, or account deletion without documented dual approval routed through `sap-role-assignment-guarded-operator-agent`.
123
+ - Sharing unredacted HR data (compensation, performance, disciplinary, health) with Security or operational teams.
124
+ - Closing or approving a GRC access violation — this authority rests with the GRC/audit team only.
125
+ - Disclosing investigation status or findings to the subject of the investigation without explicit HR and Legal authorization.
126
+ - Bypassing the irreversible-action gate on any action listed in that section.
127
+ - Acting on verbal approval alone; written approval is mandatory for all cross-function actions.
128
+ - Initiating any employment action (warning, suspension, termination) — this protocol surfaces risk findings to HR and Legal; employment decisions belong solely to those functions.
129
+
130
+ ## Evidence rules
131
+
132
+ Label all claims with one of:
133
+
134
+ - `documentation-based` — grounded in SAP GRC Access Control, SAP SuccessFactors, SAP Identity Authentication, or regulatory guidance (GDPR, SOX, ISO 27001)
135
+ - `user-provided evidence` — access logs, GRC conflict reports, role exports, IPS provisioning logs, HR lifecycle confirmations, or written descriptions provided by the requesting function
136
+ - `inference` — derived reasoning not directly confirmed by official documentation or user-provided evidence; must always be labeled as such
137
+
138
+ ## Response minimum
139
+
140
+ Every protocol invocation must return, at minimum:
141
+
142
+ - **Trigger classification**: Which trigger condition(s) apply and which participating agents are activated.
143
+ - **Evidence status**: Which required evidence items are present, which are missing, and which function must supply each missing item.
144
+ - **Redaction confirmation**: Confirmation that HR-sensitive data has been identified and the redaction policy has been applied.
145
+ - **Decision rights mapping**: For each pending decision, who holds primary authority and what secondary approvals are required.
146
+ - **Irreversible-action gate status**: Whether any irreversible actions are pending, what approvals are outstanding, and whether the gate is cleared to proceed.
147
+ - **Audit package status**: Which audit package elements are populated and which are outstanding.
148
+ - **Escalation notice**: If an unmitigated critical SoD conflict or insider-risk signal is present, explicit notice to the escalation owners listed above — this notice must appear before any other recommendation.
149
+ - **Next step**: The single next action the requesting function must take to advance the protocol, with the responsible owner named.
@@ -0,0 +1,11 @@
1
+ interface:
2
+ display_name: "SAP Security HR Legal Escalation Protocol"
3
+ short_description: "Cross-functional escalation protocol for SAP Security, HR, and Legal on identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive access, joiner/mover/leaver lifecycle gaps, and fraud-sensitive access patterns. Defines decision rights, redaction policy, irreversible-action gates, approval requirements, and audit packaging. Never mutates live systems."
4
+ default_prompt: "Use $sap-security-hr-legal-protocol to coordinate a cross-functional response. Identify which trigger condition applies, map decision rights to each pending action, confirm evidence and redaction status, check whether the irreversible-action gate is cleared, and state the next action with the responsible owner named. Flag any unmitigated critical SoD conflict or insider-risk signal as an immediate escalation before any other recommendation."
5
+ dependencies:
6
+ tools:
7
+ - type: "web"
8
+ value: "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control"
9
+ description: "SAP GRC Access Control documentation — primary reference for SoD conflict classification and escalation requirements"
10
+ policy:
11
+ allow_implicit_invocation: true
@@ -0,0 +1,34 @@
1
+ {
2
+ "id": "sap-security-hr-legal-protocol",
3
+ "name": "SAP Security HR Legal Escalation Protocol",
4
+ "type": "skill",
5
+ "provider": "sap",
6
+ "harnesses": [
7
+ "claude-code",
8
+ "codex",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Cross-functional escalation protocol for SAP Security, HR, and Legal coordination on identity misuse, privileged-access anomalies, SoD violations, insider-risk signals, HR-sensitive access, joiner/mover/leaver gaps, and fraud-sensitive access patterns. Defines decision rights, redaction policy, irreversible-action gates, approval requirements, and audit packaging. Never mutates live systems.",
15
+ "source_type": "original",
16
+ "category": "compliance",
17
+ "official_docs": [
18
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control",
19
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/emergency-access-management",
20
+ "https://help.sap.com/docs/successfactors-employee-central/employee-central/data-protection-and-privacy-in-employee-central",
21
+ "https://help.sap.com/docs/successfactors-platform/successfactors-platform/data-protection-and-privacy",
22
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication",
23
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties",
24
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/access-risk-analysis",
25
+ "https://www.iso.org/standard/27001",
26
+ "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final"
27
+ ],
28
+ "security_notes": "Does not access live SAP systems, GRC Access Control tenants, SuccessFactors instances, or IAM consoles. Accepts only user-provided evidence artifacts. Never accepts or stores HR personal data, compensation records, disciplinary records, or health information. All role mutations must route through sap-role-assignment-guarded-operator-agent with documented dual approval. No guarded-mutating gate is bypassed by this protocol. Verbal approvals are rejected; written approval is mandatory for all cross-function actions.",
29
+ "last_verified": "2026-06-19",
30
+ "path": "skills/sap/sap-security-hr-legal-protocol",
31
+ "author": "github: Raishin",
32
+ "version": "0.1.0",
33
+ "lifecycle": "experimental"
34
+ }
@@ -0,0 +1,89 @@
1
+ # Official sources — SAP Security HR Legal Escalation Protocol
2
+
3
+ Use this reference when grounding SoD conflict classification, HR data sensitivity assessment, identity lifecycle governance, GRC emergency access review, and regulatory compliance framing for cross-functional escalations.
4
+
5
+ **Evidence level**: documentation-based (SAP Help Portal, SAP GRC Access Control documentation, SAP SuccessFactors data protection guidance, NIST SP 800-53, ISO 27001). No live-system evidence is collected by this skill.
6
+
7
+ ## SAP GRC Access Control
8
+
9
+ - What is SAP GRC Access Control
10
+ https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control
11
+ source_owner: SAP SE
12
+ topic_supported: GRC Access Control capabilities, Access Risk Analysis, Emergency Access Management, Business Role Management, User Access Review
13
+ why_needed: Primary reference for SoD conflict classification and escalation requirements used throughout this protocol
14
+ evidence_level: primary
15
+ last_verified: 2026-06-19
16
+
17
+ - Segregation of Duties
18
+ https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties
19
+ source_owner: SAP SE
20
+ topic_supported: SoD ruleset structure, risk classification levels (critical/high/medium/low), mitigation control assignment
21
+ why_needed: Defines the SoD conflict risk taxonomy applied when classifying fraud-sensitive access patterns in this protocol
22
+ evidence_level: primary
23
+ last_verified: 2026-06-19
24
+
25
+ - Access Risk Analysis
26
+ https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/access-risk-analysis
27
+ source_owner: SAP SE
28
+ topic_supported: ARA execution model, risk simulation, batch risk analysis, remediation workflow
29
+ why_needed: Required to understand how GRC generates the SoD conflict reports that serve as evidence in this protocol
30
+ evidence_level: primary
31
+ last_verified: 2026-06-19
32
+
33
+ - Emergency Access Management
34
+ https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/emergency-access-management
35
+ source_owner: SAP SE
36
+ topic_supported: Firefighter ID assignment, session logging, log review workflow, EAM owner and controller roles
37
+ why_needed: Required to assess privileged-access anomalies for firefighter users — defines logging obligations and log review requirements referenced in this protocol
38
+ evidence_level: primary
39
+ last_verified: 2026-06-19
40
+
41
+ ## SAP SuccessFactors — HR Data Protection
42
+
43
+ - Data Protection and Privacy in Employee Central
44
+ https://help.sap.com/docs/successfactors-employee-central/employee-central/data-protection-and-privacy-in-employee-central
45
+ source_owner: SAP SE
46
+ topic_supported: HR data sensitivity classifications, personal data categories in SuccessFactors Employee Central, data subject rights, purpose limitation
47
+ why_needed: Primary reference for HR data sensitivity assessment and redaction policy — defines which SuccessFactors data elements are personal or sensitive personal data
48
+ evidence_level: primary
49
+ last_verified: 2026-06-19
50
+
51
+ - Data Protection and Privacy in SAP SuccessFactors
52
+ https://help.sap.com/docs/successfactors-platform/successfactors-platform/data-protection-and-privacy
53
+ source_owner: SAP SE
54
+ topic_supported: SuccessFactors platform-level data protection, consent management, data purge, audit logging
55
+ why_needed: Platform-level data protection obligations that govern how HR evidence may be collected, shared, and retained under this protocol
56
+ evidence_level: primary
57
+ last_verified: 2026-06-19
58
+
59
+ ## SAP Cloud Identity Services
60
+
61
+ - What is Identity Authentication
62
+ https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication
63
+ source_owner: SAP SE
64
+ topic_supported: IAS application model, corporate IdP federation, MFA enforcement, risk-based authentication
65
+ why_needed: Required to assess identity-layer evidence when evaluating account compromise or access anomaly trigger conditions
66
+ evidence_level: primary
67
+ last_verified: 2026-06-19
68
+
69
+ ## Risk and Control Frameworks
70
+
71
+ - NIST Special Publication 800-53 Rev 5 — Security and Privacy Controls for Information Systems and Organizations
72
+ https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
73
+ source_owner: NIST
74
+ topic_supported: AC (Access Control), AU (Audit and Accountability), IR (Incident Response), PS (Personnel Security) control families; insider threat program guidance
75
+ why_needed: Secondary framework reference for insider-risk escalation framing and audit package requirements; NIST AC-5 (Separation of Duties) and PS-4 (Personnel Termination) directly support the leaver and SoD escalation paths in this protocol
76
+ evidence_level: secondary
77
+ last_verified: 2026-06-19
78
+
79
+ - ISO/IEC 27001 — Information Security Management Systems
80
+ https://www.iso.org/standard/27001
81
+ source_owner: ISO/IEC
82
+ topic_supported: Annex A controls for access management, HR security, incident management, and compliance; risk treatment requirements
83
+ why_needed: Secondary framework providing the ISO 27001 Annex A context for the access control and HR security obligations cited in this protocol's escalation and decision-rights tables
84
+ evidence_level: secondary
85
+ last_verified: 2026-06-19
86
+
87
+ ## Grounding rule
88
+
89
+ SAP Help Portal documentation describes the designed capabilities and configuration models for GRC Access Control, SuccessFactors, and Cloud Identity Services. It does not prove which conflicts exist in the user's GRC system, what HR data was accessed, or which lifecycle events were missed. Users must supply GRC conflict reports, access logs, role exports, IPS provisioning logs, and HR-provided lifecycle confirmations for concrete protocol execution.
@@ -0,0 +1,38 @@
1
+ # Safety checklist — SAP Security HR Legal Escalation Protocol
2
+
3
+ Use before any cross-function handoff, before any action is queued to a guarded-mutating agent, and before any evidence is shared outside its originating function.
4
+
5
+ ## Non-negotiables
6
+
7
+ - Do not execute any role assignment, role removal, account suspension, or account deletion without documented dual approval. All role mutations must be queued to `sap-role-assignment-guarded-operator-agent` with approval documentation attached.
8
+ - Do not share unredacted HR data (compensation, performance ratings, disciplinary records, health information, succession data) with Security, operational teams, or any party outside HR without Legal authorization and documented legal-hold or employment-law basis.
9
+ - Do not close, approve, or recommend closing a GRC access violation. GRC violation closure authority rests with the GRC/audit team only.
10
+ - Do not disclose investigation status or findings to the subject of the investigation without explicit joint authorization from HR and Legal.
11
+ - Do not accept verbal approval for any cross-function action. Written approval (ticket, email chain, or signed document) is mandatory.
12
+ - Do not initiate or recommend any employment action (warning, suspension, termination). This protocol surfaces risk findings to HR and Legal; employment decisions are theirs alone.
13
+ - Do not delete or purge evidence logs during an active investigation. Retention policy execution that would destroy relevant logs must be suspended via Legal hold.
14
+ - Do not bypass the irreversible-action gate. Any action listed under that section requires all listed approvals before the action is queued.
15
+
16
+ ## What people get wrong
17
+
18
+ - **Treating SoD conflict classification as an employment finding**: An SoD conflict report establishes access risk, not misconduct. The HR and Legal functions determine whether any employment action is warranted based on the full investigation. Security's role is to surface the access evidence, not to draw conclusions about intent.
19
+ - **Sharing the full GRC conflict report with HR without redaction review**: GRC reports often contain transaction codes and system access details that, when combined with HR records, could be used to infer sensitive information about other employees or investigations. Review for cross-contamination before sharing.
20
+ - **Assuming a leaver's access lapse is always a Security issue**: JML gaps are often process failures in the HR lifecycle workflow or IPS provisioning chain. Assign root-cause investigation to the correct function before escalating as a security incident.
21
+ - **Skipping the legal-hold decision for post-termination access**: If a departed employee's account was used after the effective termination date, there may be an obligation to preserve logs for employment-law or regulatory purposes before any retention policy purge occurs.
22
+ - **Treating EAM log review as equivalent to access approval**: The existence of an EAM firefighter log does not mean the access was authorized or within scope. Log review must be completed by the designated EAM owner and controller before the access event is considered governed.
23
+ - **Conflating HR-sensitive system access with a personal data breach**: Access to SuccessFactors compensation or performance data by an unauthorized user is a policy violation and potential access control failure. Whether it constitutes a reportable personal data breach under GDPR or equivalent regulation is a Legal determination, not a Security one.
24
+
25
+ ## When to push back
26
+
27
+ - Push back (and escalate immediately) when an unmitigated critical SoD conflict involving an active employee is found — escalate to GRC/audit and flag the escalation owners before any other action.
28
+ - Push back when any function requests unredacted HR data without Legal authorization — provide a redacted summary instead and require Legal sign-off for full disclosure.
29
+ - Push back when asked to confirm employment status, role legitimacy, or lifecycle event completion from memory — require HR-system-of-record confirmation.
30
+ - Push back when asked to queue a role mutation without all required written approvals in hand.
31
+ - Push back when asked to close a GRC violation — refer to the GRC/audit team.
32
+ - Push back when asked to recommend or initiate an employment action — refer to HR and Legal.
33
+
34
+ ## Evidence labels
35
+
36
+ - `documentation-based` — grounded in SAP GRC Access Control, SAP SuccessFactors, SAP Cloud Identity Services, NIST SP 800-53, or ISO 27001 documentation
37
+ - `user-provided evidence` — access logs, GRC conflict reports, role exports, IPS provisioning logs, HR lifecycle confirmations, or written descriptions provided by the requesting function
38
+ - `inference` — derived reasoning not directly confirmed by official documentation or user-provided evidence; must always be labeled as such and must not be used as the sole basis for any cross-function action
@@ -0,0 +1,65 @@
1
+ # Workflow and output contract — SAP Security HR Legal Escalation Protocol
2
+
3
+ Use this reference for all trigger classification, evidence assembly, cross-function handoff sequencing, decision rights application, and output formatting.
4
+
5
+ ## Trigger classification table
6
+
7
+ | Trigger class | Primary signal | Activating agent | HR involvement | Legal involvement |
8
+ |---|---|---|---|---|
9
+ | `identity-misuse` | Anomalous access pattern, bulk extraction, unexpected location | sap-security-iam-grc-sod-reviewer-agent | Required for employment-status confirmation | Required if criminal or employment action may follow |
10
+ | `privileged-access-anomaly` | Firefighter/EAM access outside approved scope; SAP\_ALL outside change window | sap-security-iam-grc-sod-reviewer-agent | Optional (required if HR data was accessed) | Optional (required if disciplinary action follows) |
11
+ | `critical-sod-violation` | Unmitigated critical SoD conflict involving active employee | sap-security-iam-grc-sod-reviewer-agent | Required (employment status + role confirmation) | Required (regulatory and employment-law review) |
12
+ | `insider-risk` | DLP or SIEM exfiltration indicator against HR, payroll, or financial data | sap-security-iam-grc-sod-reviewer-agent + sap-successfactors-hr-process-risk-agent | Required (data sensitivity classification) | Required (legal hold decision) |
13
+ | `hr-sensitive-access` | Access to SuccessFactors compensation, performance, or succession data outside authorized scope | sap-successfactors-hr-process-risk-agent | Required (owns data sensitivity classification) | Conditional (if personal data breach threshold met) |
14
+ | `jml-gap` | Post-termination access; mover retaining previous role; joiner access beyond matrix | sap-successfactors-hr-process-risk-agent | Required (lifecycle event confirmation) | Conditional (if post-termination access was used) |
15
+ | `fraud-sensitive-access` | Single-user execution of incompatible financial transactions | sap-security-iam-grc-sod-reviewer-agent | Required (employment context) | Required (potential fraud investigation) |
16
+
17
+ ## Protocol workflow
18
+
19
+ ### Phase 1 — Triage (SAP Security lead)
20
+
21
+ 1. Classify the trigger condition using the table above.
22
+ 2. Identify which participating agents are activated.
23
+ 3. Confirm which evidence items are available and which are outstanding.
24
+ 4. Issue evidence assembly requests to the responsible function for each missing item.
25
+ 5. Apply the redaction policy before any cross-function share.
26
+
27
+ ### Phase 2 — Evidence assembly (multi-function)
28
+
29
+ 1. `sap-security-iam-grc-sod-reviewer-agent` assembles identity evidence, access logs, GRC conflict reports, and role assignment state.
30
+ 2. `sap-successfactors-hr-process-risk-agent` assembles HR lifecycle state and provides redacted summary to Security per redaction policy.
31
+ 3. Legal is notified if trigger classification indicates a legal dimension; Legal confirms whether a legal hold is required.
32
+
33
+ ### Phase 3 — Cross-function review
34
+
35
+ 1. All functions review assembled evidence within their domain authority.
36
+ 2. `sap-security-iam-grc-sod-reviewer-agent` classifies SoD conflicts by risk level.
37
+ 3. `sap-successfactors-hr-process-risk-agent` classifies HR data sensitivity and confirms whether HR lifecycle events were processed correctly.
38
+ 4. Decision rights table is applied — each pending decision is assigned to the correct authority.
39
+
40
+ ### Phase 4 — Action proposal
41
+
42
+ 1. Proposed actions are documented with the required approvals per the approval requirements section of the SKILL.md.
43
+ 2. Irreversible-action gate is evaluated for each proposed action.
44
+ 3. Actions requiring `sap-role-assignment-guarded-operator-agent` are queued with approval documentation attached — the operator agent does not execute without confirmed approvals.
45
+
46
+ ### Phase 5 — Audit package assembly
47
+
48
+ 1. All evidence, decision records, approval records, redaction logs, and action outcomes are consolidated into the audit package.
49
+ 2. Audit package is made available to internal audit and, where required by legal hold, to Legal.
50
+ 3. Residual risk is assessed and documented.
51
+
52
+ ## Output contract
53
+
54
+ Return, in order:
55
+
56
+ 1. **Trigger classification**: Which trigger class(es) apply; which participating agents are activated.
57
+ 2. **Evidence inventory**: Present items, missing items, and responsible function for each missing item.
58
+ 3. **Redaction confirmation**: Explicit statement that HR-sensitive data has been identified and the redaction policy status (applied / pending / not applicable).
59
+ 4. **Decision rights map**: For each pending decision, primary authority, secondary approvals required, and current status (pending / approved / deferred).
60
+ 5. **Irreversible-action gate**: Whether any irreversible actions are pending; approval status for each; whether gate is cleared or blocked.
61
+ 6. **SoD conflict summary** (if applicable): Conflict ID or description, risk level, mitigation status, and escalation notice if unmitigated critical.
62
+ 7. **HR data sensitivity assessment** (if applicable): Data categories accessed or at risk; classification; redaction applied.
63
+ 8. **Escalation notice**: If an unmitigated critical SoD conflict, insider-risk signal, or legal-hold trigger is present, explicit notice must appear before any other recommendation, naming the escalation owners and required action.
64
+ 9. **Audit package status**: Populated items and outstanding items.
65
+ 10. **Next step**: Single next action with named responsible owner.
@@ -0,0 +1,86 @@
1
+ ---
2
+ name: sap-security-iam-grc-sod-review
3
+ description: Review SAP identity and access management posture: Cloud Identity Services (IAS/IPS), Authorization and Trust Management (XSUAA), role collections, GRC Access Control, and Segregation of Duties. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations. Does not touch live systems.
4
+ allowed-tools: Read Grep Glob WebSearch WebFetch
5
+ metadata:
6
+ author: "github: Raishin"
7
+ version: "0.1.0"
8
+ updated: "2026-06-19"
9
+ category: security
10
+ lifecycle: experimental
11
+ ---
12
+
13
+ # SAP Security IAM GRC and SoD Review
14
+
15
+ ## Purpose
16
+
17
+ Assess the identity and access management posture of SAP landscapes spanning cloud and on-premise systems. Review SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) configuration for provisioning correctness, group mapping, and lifecycle management. Review Authorization and Trust Management (XSUAA) scopes, role templates, and role collection assignments for privilege excess and least-privilege compliance. Assess GRC Access Control ruleset quality, SoD conflict classification, and mitigation control effectiveness. Flag SoD conflicts, excessive or accumulated privilege, orphaned accounts, misconfigured identity provider trust, and access lifecycle gaps. Does not connect to or mutate any live SAP system.
18
+
19
+ ## When to use
20
+
21
+ Use this skill when the user asks to:
22
+
23
+ - review SAP Identity Authentication Service (IAS) configuration for application assignments, corporate identity provider federation, risk-based authentication policies, and MFA enforcement,
24
+ - assess SAP Identity Provisioning Service (IPS) connector configuration for user and group synchronization correctness, provisioning rule quality, and transformation script safety,
25
+ - evaluate XSUAA (Authorization and Trust Management Service) application security descriptor (xs-security.json) design: scope definitions, role template construction, role collection granularity, and least-privilege compliance,
26
+ - audit role collection assignments for a BTP subaccount — identifying over-permissive built-in role collections, direct user assignments versus IdP group mappings, and privilege accumulation across multiple role collections,
27
+ - review SAP GRC Access Control ruleset configuration: SoD function and permission entries, risk classification (critical/high/medium/low), and whether the ruleset covers key business processes (FI, MM, SD, HR),
28
+ - assess SoD conflict findings from GRC Access Control, SAP Access Violation Management by Pathlock, or equivalent tooling — classify conflicts, evaluate mitigating controls, and flag unmitigated critical conflicts,
29
+ - identify excessive privilege patterns: access to incompatible transaction pairs, accumulated authorizations from multiple roles, or overly broad authorization object values (e.g., `*` for company code or plant),
30
+ - review identity trust misconfigurations: IAS corporate IdP federation without MFA enforcement, XSUAA trust to external IdPs with insufficient attribute mapping, or IPS provisioning to production systems without approval workflows.
31
+
32
+ ## When not to use
33
+
34
+ - When the user needs live inspection of a GRC Access Control system, BTP XSUAA tenant, or IAS admin console — this skill accepts only user-provided configuration exports, SoD conflict reports, role lists, or written descriptions.
35
+ - When the request is about BTP account-level structural governance (entitlements, directories, environments) rather than IAM — use `sap-btp-governance-review`.
36
+ - When the request is about ABAP authorization objects directly in an on-premise SAP system without a GRC or cloud IAM layer — this skill focuses on cloud IAM (IAS/IPS/XSUAA) and GRC; direct ABAP auth object review is out of scope.
37
+ - When the request is about integration security (iFlow OAuth, API proxy policies) — use `sap-integration-suite-review`.
38
+
39
+ ## Does not touch live systems
40
+
41
+ This skill operates on user-provided configuration exports, SoD conflict reports from GRC or equivalent tools, xs-security.json files, role collection exports, IAS application exports, IPS connector configuration descriptions, or written descriptions of the IAM landscape. It does not connect to any IAS tenant, IPS admin console, XSUAA service instance, GRC system, BTP subaccount, or on-premise SAP system. All live inspection is out of scope.
42
+
43
+ ## Lean operating rules
44
+
45
+ - Classify IAM findings by domain before recommending. Every finding must be assigned to a domain (IAS / IPS / XSUAA / GRC / SoD) before a remediation path is proposed.
46
+ - Least privilege is the baseline. Any role, scope, or role collection that grants access beyond what the business function requires is a finding. Broad authorization object values (`*` for organizational levels) are always flagged.
47
+ - SoD conflicts must be classified by risk level. Not all SoD conflicts carry the same risk. Critical SoD conflicts (e.g., Create Vendor + Approve Payment, Create PO + Approve PO) must be treated as `critical` findings requiring either role redesign or compensating controls with documented approval.
48
+ - Unmitigated critical SoD conflicts block sign-off. An environment with unmitigated critical SoD conflicts (no approved compensating control on record) is not compliant with SOX, ISO 27001, or SAP GRC best practices. Escalate before proceeding.
49
+ - IPS provisioning to production requires approval workflow. Any IPS connector that provisions users or group memberships to a production target system without an approval step in the provisioning flow is a `high` finding.
50
+ - IAS MFA enforcement is required for privileged users. Administrator and privileged application users authenticated via IAS without MFA enforcement (risk-based authentication minimum) are a `high` finding.
51
+ - XSUAA trust to external IdPs must carry attribute validation. XSUAA application trust configured to accept tokens from an external IdP without validating custom attributes (e.g., groups, costCenter) is a privilege escalation vector.
52
+ - Orphaned accounts are a `high` finding. Accounts in IAS, IPS target systems, or BTP role collection assignments that belong to users who have left the organization or changed roles are `high` IAM lifecycle findings.
53
+ - Evidence from user-provided artifacts or official SAP security documentation takes precedence over inference.
54
+ - Load only the reference needed for the IAM domain under review.
55
+
56
+ ## Evidence rules
57
+
58
+ Label all claims with one of:
59
+
60
+ - `documentation-based` — grounded in SAP IAS, IPS, XSUAA, GRC Access Control, or SAP security best practice documentation
61
+ - `user-provided evidence` — SoD conflict reports, role lists, xs-security.json files, IAS exports, IPS connector configurations, or written descriptions provided by the user
62
+ - `inference` — derived reasoning not directly confirmed by official docs or user evidence
63
+
64
+ ## Live-environment rules
65
+
66
+ **This skill does not touch live systems.** There is no IAS API call, IPS REST API invocation, XSUAA service binding access, GRC system RFC call, BTP cockpit session, or on-premise SAP system connection in this skill's execution path. Users must supply configuration exports, SoD conflict reports, role collection lists, or written descriptions of their IAM landscape for this skill to review.
67
+
68
+ ## References
69
+
70
+ Load only when needed:
71
+
72
+ - [Workflow and output contract](references/workflow-and-output.md) — IAM finding taxonomy, SoD conflict classification, severity assignment, output format.
73
+ - [Safety checklist](references/safety-checklist.md) — non-negotiables, common IAM review mistakes, when to push back.
74
+ - [Official sources](references/official-sources.md) — SAP IAS, IPS, XSUAA, GRC Access Control, and SoD documentation.
75
+
76
+ ## Response minimum
77
+
78
+ Return, at minimum:
79
+
80
+ - **Problem classification**: IAM domain(s) affected (IAS / IPS / XSUAA / GRC / SoD) and specific finding(s) per domain.
81
+ - **Evidence used**: documentation-based / user-provided evidence / inference.
82
+ - **Risk level**: critical (SoD conflict, privilege escalation path, unmitigated access violation) / high (excessive privilege, orphaned account, missing MFA, unapproved provisioning) / medium (governance gap, missing lifecycle review, weak attribute mapping) / low (best practice deviation).
83
+ - **Recommended action**: specific remediation per finding (role redesign, compensating control documentation, IPS approval workflow addition, IAS MFA policy enforcement, XSUAA scope reduction, etc.).
84
+ - **Refusal / escalation triggers**: if unmitigated critical SoD conflicts are found, escalate to GRC / audit team before any further access approval or system change is authorized.
85
+ - **Business impact**: compliance risk (SOX, ISO 27001, internal audit), fraud risk, data breach risk, or access lifecycle debt.
86
+ - **Next verification step**: validate remediation recommendations against current role assignments and GRC ruleset before implementing access changes.
@@ -0,0 +1,11 @@
1
+ interface:
2
+ display_name: "SAP Security IAM GRC and SoD Review"
3
+ short_description: "Review SAP identity and access management posture: IAS/IPS configuration, XSUAA scopes and role collections, GRC Access Control ruleset quality, and Segregation of Duties conflict classification. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations."
4
+ default_prompt: "Use $sap-security-iam-grc-sod-review to assess the provided SAP IAM and GRC configuration. Classify each finding by IAM domain (IAS, IPS, XSUAA, GRC, SoD), assign a risk level (critical/high/medium/low), and recommend specific remediation actions. Flag any unmitigated critical SoD conflicts for immediate escalation. State evidence level (documentation-based, user-provided, inference) and whether live system access is required to complete the review."
5
+ dependencies:
6
+ tools:
7
+ - type: "web"
8
+ value: "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication"
9
+ description: "SAP Cloud Identity Services documentation — primary reference for IAS and IPS configuration review"
10
+ policy:
11
+ allow_implicit_invocation: true
@@ -0,0 +1,33 @@
1
+ {
2
+ "id": "sap-security-iam-grc-sod-review",
3
+ "name": "SAP Security IAM GRC and SoD Review",
4
+ "type": "skill",
5
+ "provider": "sap",
6
+ "harnesses": [
7
+ "claude-code",
8
+ "codex",
9
+ "cursor",
10
+ "gemini",
11
+ "kiro",
12
+ "other"
13
+ ],
14
+ "summary": "Review SAP identity and access management posture: Cloud Identity Services (IAS/IPS), Authorization and Trust Management (XSUAA), role collections, GRC Access Control, and Segregation of Duties. Flags SoD conflicts, excessive privilege, orphaned accounts, and trust misconfigurations. Does not access live systems.",
15
+ "source_type": "original",
16
+ "category": "security",
17
+ "official_docs": [
18
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-authentication",
19
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/what-is-identity-provisioning",
20
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/what-is-authorization-and-trust-management-service",
21
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/application-security-descriptor-configuration-syntax",
22
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/what-is-sap-grc-access-control",
23
+ "https://help.sap.com/docs/sap-grc-access-control/sap-grc-access-control/segregation-of-duties",
24
+ "https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/configure-risk-based-authentication-for-application",
25
+ "https://help.sap.com/docs/btp/sap-business-technology-platform/trust-and-federation-with-identity-providers"
26
+ ],
27
+ "security_notes": "Does not access live SAP IAS tenants, IPS admin consoles, XSUAA service instances, GRC Access Control systems, or BTP subaccounts. Accepts only user-provided SoD conflict reports, role lists, xs-security.json files, IAS exports, IPS connector descriptions, or written IAM landscape descriptions. Never request or accept IAS admin credentials, IPS technical user passwords, XSUAA client secrets, GRC system logon credentials, or BTP service keys. Unmitigated critical SoD conflicts must be escalated to the GRC or audit team — this skill does not approve or close access violations.",
28
+ "last_verified": "2026-06-19",
29
+ "path": "skills/sap/sap-security-iam-grc-sod-review",
30
+ "author": "github: Raishin",
31
+ "version": "0.1.0",
32
+ "lifecycle": "experimental"
33
+ }