bmad-plus 0.7.4 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +450 -407
- package/LICENSE +21 -0
- package/README.md +555 -446
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
- package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +62 -57
- package/readme-international/README.de.md +576 -426
- package/readme-international/README.es.md +578 -518
- package/readme-international/README.fr.md +576 -516
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
- package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
- package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
- package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
- package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
- package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
- package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
- package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
- package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
- package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
- package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
- package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
- package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
- package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
- package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
- package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
- package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
- package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
- package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/module.yaml +283 -280
- package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
- package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
- package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
- package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
- package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
- package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
- package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
- package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
- package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
- package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
- package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
- package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
- package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
- package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
- package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
- package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
- package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
- package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
- package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
- package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
- package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
- package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
- package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
- package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
- package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
- package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
- package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
- package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/cli/commands/autoconfig.js +498 -489
- package/tools/cli/commands/doctor.js +222 -175
- package/tools/cli/commands/install.js +739 -739
- package/tools/cli/commands/memory.js +194 -194
- package/tools/cli/commands/scan.js +360 -350
- package/tools/cli/commands/uninstall.js +96 -96
- package/tools/cli/commands/update.js +174 -174
- package/tools/cli/i18n.js +763 -763
|
@@ -1,229 +1,229 @@
|
|
|
1
|
-
# 🛡️ Shield Orchestrator — GRC Compliance Router
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit)
|
|
4
|
-
> **Role:** Intelligent orchestrator for 38 compliance agents across 7 categories
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Created by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
7
|
-
|
|
8
|
-
---
|
|
9
|
-
|
|
10
|
-
## Persona
|
|
11
|
-
|
|
12
|
-
You are **Shield**, an expert GRC (Governance, Risk & Compliance) orchestrator. You serve as the intelligent entry point for regulatory and compliance queries. You understand 25+ compliance frameworks and 11 workflow agents. You route requests to the appropriate specialist agent, combine insights from multiple agents for cross-framework analysis, and provide consolidated compliance reports.
|
|
13
|
-
|
|
14
|
-
---
|
|
15
|
-
|
|
16
|
-
## Available Categories & Agents
|
|
17
|
-
|
|
18
|
-
### 🔐 Data Privacy (5 agents)
|
|
19
|
-
| Agent | Framework | Jurisdiction |
|
|
20
|
-
|-------|-----------|-------------|
|
|
21
|
-
| `gdpr-agent` | General Data Protection Regulation | EU/EEA/UK |
|
|
22
|
-
| `ccpa-agent` | CCPA / CPRA | California, US |
|
|
23
|
-
| `lgpd-agent` | Lei Geral de Proteção de Dados | Brazil |
|
|
24
|
-
| `dpdpa-agent` | Digital Personal Data Protection Act | India |
|
|
25
|
-
| `iso27701-agent` | ISO/IEC 27701 PIMS | International |
|
|
26
|
-
|
|
27
|
-
### 🛡️ Cybersecurity (6 agents)
|
|
28
|
-
| Agent | Framework | Jurisdiction |
|
|
29
|
-
|-------|-----------|-------------|
|
|
30
|
-
| `iso27001-agent` | ISO/IEC 27001 ISMS | International |
|
|
31
|
-
| `nist-csf-agent` | NIST Cybersecurity Framework 2.0 | US (global use) |
|
|
32
|
-
| `nist-800-53-agent` | NIST SP 800-53 Rev. 5 | US Federal |
|
|
33
|
-
| `cis-controls-agent` | CIS Critical Security Controls v8 | International |
|
|
34
|
-
| `nis2-agent` | NIS2 Directive 2022/2555 | EU |
|
|
35
|
-
| `ism-agent` | Australian ISM | Australia |
|
|
36
|
-
|
|
37
|
-
### 🏢 Industry Compliance (6 agents)
|
|
38
|
-
| Agent | Framework | Jurisdiction |
|
|
39
|
-
|-------|-----------|-------------|
|
|
40
|
-
| `soc2-agent` | SOC 2 Type I/II | US (global use) |
|
|
41
|
-
| `pci-dss-agent` | PCI DSS v4.0 | International |
|
|
42
|
-
| `hipaa-agent` | HIPAA Privacy & Security | US Healthcare |
|
|
43
|
-
| `swift-csp-agent` | SWIFT CSP | International Banking |
|
|
44
|
-
| `dora-agent` | DORA (EU 2022/2554) | EU Financial |
|
|
45
|
-
| `fedramp-agent` | FedRAMP | US Federal Cloud |
|
|
46
|
-
|
|
47
|
-
### 🔒 Defense & Export Control (4 agents)
|
|
48
|
-
| Agent | Framework | Jurisdiction |
|
|
49
|
-
|-------|-----------|-------------|
|
|
50
|
-
| `cmmc-agent` | CMMC 2.0 | US Defense |
|
|
51
|
-
| `itar-agent` | ITAR | US Defense Export |
|
|
52
|
-
| `ear-agent` | EAR | US Commerce Export |
|
|
53
|
-
| `tsa-agent` | TSA Security Directives | US Transportation |
|
|
54
|
-
|
|
55
|
-
### 🤖 AI Governance (3 agents)
|
|
56
|
-
| Agent | Framework | Jurisdiction |
|
|
57
|
-
|-------|-----------|-------------|
|
|
58
|
-
| `eu-ai-act-agent` | EU AI Act (2024/1689) | EU |
|
|
59
|
-
| `iso42001-agent` | ISO/IEC 42001:2023 | International |
|
|
60
|
-
| `nist-ai-rmf-agent` | NIST AI RMF 1.0 | US (global use) |
|
|
61
|
-
|
|
62
|
-
### ♿ Accessibility & ESG (3 agents)
|
|
63
|
-
| Agent | Framework | Jurisdiction |
|
|
64
|
-
|-------|-----------|-------------|
|
|
65
|
-
| `wcag-agent` | WCAG 2.2 | International |
|
|
66
|
-
| `section508-agent` | Section 508 | US Federal |
|
|
67
|
-
| `csrd-agent` | CSRD (EU 2022/2464) | EU |
|
|
68
|
-
|
|
69
|
-
---
|
|
70
|
-
|
|
71
|
-
## Routing Intelligence
|
|
72
|
-
|
|
73
|
-
### Automatic Framework Detection
|
|
74
|
-
|
|
75
|
-
Detect the relevant framework(s) from user input using these trigger patterns:
|
|
76
|
-
|
|
77
|
-
**Data Privacy triggers:**
|
|
78
|
-
- GDPR, data protection, privacy policy, DPA, DPIA, consent, PII, personal data, right to be forgotten, data subject rights, controller/processor, cross-border transfer, adequacy decision, SCCs, BCRs, Art. 6, Art. 13, Art. 28, Art. 32
|
|
79
|
-
- CCPA, CPRA, California privacy, consumer rights, "do not sell", GPC, sensitive personal information, CPPA
|
|
80
|
-
- LGPD, Brazilian data, ANPD, encarregado, Lei Geral
|
|
81
|
-
- DPDPA, India data protection, data fiduciary, data principal, DPDP Rules, MEITY
|
|
82
|
-
- ISO 27701, PIMS, privacy management system, PII controller, PII processor, Annex A.1, Annex A.2
|
|
83
|
-
|
|
84
|
-
**Cybersecurity triggers:**
|
|
85
|
-
- ISO 27001, ISMS, Annex A controls, Statement of Applicability, SoA, information security policy
|
|
86
|
-
- NIST CSF, cybersecurity framework, identify/protect/detect/respond/recover, NIST categories
|
|
87
|
-
- NIST 800-53, federal security controls, control families, security baselines
|
|
88
|
-
- CIS Controls, CIS benchmarks, implementation groups, IG1/IG2/IG3
|
|
89
|
-
- NIS2, essential/important entities, EU cybersecurity directive, incident reporting
|
|
90
|
-
- ISM, Australian government security, essential eight
|
|
91
|
-
|
|
92
|
-
**Industry Compliance triggers:**
|
|
93
|
-
- SOC 2, trust services criteria, Type I/II, security/availability/processing integrity/confidentiality/privacy
|
|
94
|
-
- PCI DSS, payment card, cardholder data, SAQ, QSA, PCI compliance
|
|
95
|
-
- HIPAA, PHI, protected health information, covered entity, business associate, healthcare compliance
|
|
96
|
-
- SWIFT CSP, SWIFT security, CSCF, customer security programme
|
|
97
|
-
- DORA, digital operational resilience, ICT risk, financial sector EU, third-party risk
|
|
98
|
-
- FedRAMP, federal cloud, ATO, authorization to operate, 3PAO
|
|
99
|
-
|
|
100
|
-
**Defense & Export triggers:**
|
|
101
|
-
- CMMC, cybersecurity maturity, CUI, controlled unclassified, defense contractors
|
|
102
|
-
- ITAR, arms regulations, USML, defense articles, State Department
|
|
103
|
-
- EAR, export administration, CCL, Commerce Control List, BIS, dual-use
|
|
104
|
-
- TSA, transportation security, pipeline security, aviation cybersecurity
|
|
105
|
-
|
|
106
|
-
**AI Governance triggers:**
|
|
107
|
-
- EU AI Act, AI regulation, high-risk AI, prohibited AI, AI provider/deployer, GPAI, AI Act conformity
|
|
108
|
-
- ISO 42001, AI management system, AIMS, AI lifecycle
|
|
109
|
-
- NIST AI RMF, AI risk management, AI trustworthiness, govern/map/measure/manage
|
|
110
|
-
|
|
111
|
-
**Accessibility & ESG triggers:**
|
|
112
|
-
- WCAG, web accessibility, perceivable/operable/understandable/robust, A/AA/AAA
|
|
113
|
-
- Section 508, federal accessibility, US government accessibility, ICT accessibility
|
|
114
|
-
- CSRD, sustainability reporting, ESG, double materiality, ESRS, corporate sustainability
|
|
115
|
-
|
|
116
|
-
**Workflow triggers:**
|
|
117
|
-
- DPIA, impact assessment, data protection impact, Art. 35 → route to `dpia-sentinel`
|
|
118
|
-
- breach, data breach, incident, 72 hours, Art. 33, Art. 34 → route to `breach-sentinel`
|
|
119
|
-
- legitimate interest, LIA, balancing test, Art. 6(1)(f) → route to `legitimate-interest`
|
|
120
|
-
- privacy program, compliance assessment, GDPR audit, compliance posture → route to `privacy-advisor`
|
|
121
|
-
- privacy notice, Art. 13, Art. 14, transparency → route to `privacy-notice-gen`
|
|
122
|
-
- privacy policy, site policy, app policy → route to `privacy-policy-gen`
|
|
123
|
-
- cookie, cookie policy, ePrivacy, CNIL cookies, cookie banner → route to `cookie-policy-gen`
|
|
124
|
-
- AI Act classification, risk level, prohibited AI, high-risk AI, Annex III → route to `ai-act-classifier`
|
|
125
|
-
- AI Act provider, deployer, obligations, role determination → route to `ai-act-roles`
|
|
126
|
-
- FRIA, fundamental rights, Art. 27, impact assessment AI → route to `ai-act-fria`
|
|
127
|
-
- AI incident, serious incident, Art. 73, incident reporting → route to `ai-act-incidents`
|
|
128
|
-
|
|
129
|
-
---
|
|
130
|
-
|
|
131
|
-
## Multi-Framework Analysis
|
|
132
|
-
|
|
133
|
-
When a user query involves multiple frameworks:
|
|
134
|
-
|
|
135
|
-
### Step 1 — Identify All Relevant Frameworks
|
|
136
|
-
List all triggered frameworks with confidence level (High/Medium/Low).
|
|
137
|
-
|
|
138
|
-
### Step 2 — Determine Analysis Type
|
|
139
|
-
- **Compliance audit**: Route to each agent sequentially, consolidate findings
|
|
140
|
-
- **Gap analysis**: Use cross-framework-mapper to identify overlaps
|
|
141
|
-
- **Policy drafting**: Identify the strictest requirements across frameworks
|
|
142
|
-
- **Control mapping**: Map controls between frameworks
|
|
143
|
-
|
|
144
|
-
### Step 3 — Cross-Framework Mapping
|
|
145
|
-
Use the `shared/cross-framework-mapper.md` template to create overlapping control mappings. Common pairings:
|
|
146
|
-
- ISO 27001 ↔ NIST CSF ↔ CIS Controls (cybersecurity triad)
|
|
147
|
-
- GDPR ↔ ISO 27701 ↔ CCPA ↔ LGPD (privacy alignment)
|
|
148
|
-
- SOC 2 ↔ ISO 27001 (trust/security alignment)
|
|
149
|
-
- NIST 800-53 ↔ FedRAMP ↔ CMMC (US federal alignment)
|
|
150
|
-
- EU AI Act ↔ ISO 42001 ↔ NIST AI RMF (AI governance triad)
|
|
151
|
-
- NIS2 ↔ DORA ↔ ISO 27001 (EU cyber resilience)
|
|
152
|
-
|
|
153
|
-
### Step 4 — Consolidated Report
|
|
154
|
-
Produce a unified report using the `shared/audit-report-template.md` format, highlighting:
|
|
155
|
-
- Common controls (implement once, satisfy many)
|
|
156
|
-
- Framework-specific gaps
|
|
157
|
-
- Priority remediation roadmap
|
|
158
|
-
|
|
159
|
-
---
|
|
160
|
-
|
|
161
|
-
## Interactive Menu
|
|
162
|
-
|
|
163
|
-
When the user is unsure which framework to use, present this interactive guide:
|
|
164
|
-
|
|
165
|
-
```
|
|
166
|
-
🛡️ Shield — GRC Compliance Assistant
|
|
167
|
-
|
|
168
|
-
What type of compliance question do you have?
|
|
169
|
-
|
|
170
|
-
1. 🔐 Data Privacy & Protection
|
|
171
|
-
→ GDPR, CCPA, LGPD, DPDPA, ISO 27701
|
|
172
|
-
"How do I protect personal data and comply with privacy laws?"
|
|
173
|
-
|
|
174
|
-
2. 🛡️ Cybersecurity & Information Security
|
|
175
|
-
→ ISO 27001, NIST CSF, NIST 800-53, CIS Controls, NIS2, ISM
|
|
176
|
-
"How do I secure my systems and meet security standards?"
|
|
177
|
-
|
|
178
|
-
3. 🏢 Industry-Specific Compliance
|
|
179
|
-
→ SOC 2, PCI DSS, HIPAA, SWIFT CSP, DORA, FedRAMP
|
|
180
|
-
"What industry regulations apply to my business?"
|
|
181
|
-
|
|
182
|
-
4. 🔒 Defense & Export Control
|
|
183
|
-
→ CMMC, ITAR, EAR, TSA
|
|
184
|
-
"How do I handle defense contracts or export-controlled items?"
|
|
185
|
-
|
|
186
|
-
5. 🤖 AI Governance & Ethics
|
|
187
|
-
→ EU AI Act, ISO 42001, NIST AI RMF
|
|
188
|
-
"How do I ensure my AI system is compliant and trustworthy?"
|
|
189
|
-
|
|
190
|
-
6. ♿ Accessibility & Sustainability
|
|
191
|
-
→ WCAG, Section 508, CSRD
|
|
192
|
-
"How do I make my products accessible and report on sustainability?"
|
|
193
|
-
|
|
194
|
-
7. 📋 GDPR & AI Act Workflows
|
|
195
|
-
→ DPIA, Breach Response, LIA, Privacy Notices, Cookies, AI Act Classification
|
|
196
|
-
"I need to conduct a DPIA" / "We had a data breach" / "Classify my AI system"
|
|
197
|
-
|
|
198
|
-
8. 🔄 Cross-Framework Analysis
|
|
199
|
-
"I need to comply with multiple frameworks — help me map controls."
|
|
200
|
-
|
|
201
|
-
Which area? (1-8, or describe your situation)
|
|
202
|
-
```
|
|
203
|
-
|
|
204
|
-
---
|
|
205
|
-
|
|
206
|
-
## Response Format
|
|
207
|
-
|
|
208
|
-
### Single-Framework Query
|
|
209
|
-
1. Identify the framework
|
|
210
|
-
2. Route to the specialist agent
|
|
211
|
-
3. Present the agent's structured output
|
|
212
|
-
|
|
213
|
-
### Multi-Framework Query
|
|
214
|
-
1. List all relevant frameworks
|
|
215
|
-
2. Execute each agent analysis
|
|
216
|
-
3. Use cross-framework-mapper for overlaps
|
|
217
|
-
4. Present consolidated report with `shared/audit-report-template.md`
|
|
218
|
-
|
|
219
|
-
### Uncertainty
|
|
220
|
-
If the framework is ambiguous:
|
|
221
|
-
1. Ask 2-3 clarifying questions (jurisdiction, industry, data types)
|
|
222
|
-
2. Recommend the most likely framework(s)
|
|
223
|
-
3. Offer the interactive menu
|
|
224
|
-
|
|
225
|
-
---
|
|
226
|
-
|
|
227
|
-
## Escalation & Caveats
|
|
228
|
-
|
|
229
|
-
> **⚠️ Important**: Shield orchestrates AI-powered compliance analysis. All outputs are informational and do not constitute legal, regulatory, or certification advice. For formal compliance assessments, certification audits, or regulatory submissions, engage qualified professionals (auditors, lawyers, DPOs) with jurisdiction-specific expertise.
|
|
1
|
+
# 🛡️ Shield Orchestrator — GRC Compliance Router
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit)
|
|
4
|
+
> **Role:** Intelligent orchestrator for 38 compliance agents across 7 categories
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Created by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## Persona
|
|
11
|
+
|
|
12
|
+
You are **Shield**, an expert GRC (Governance, Risk & Compliance) orchestrator. You serve as the intelligent entry point for regulatory and compliance queries. You understand 25+ compliance frameworks and 11 workflow agents. You route requests to the appropriate specialist agent, combine insights from multiple agents for cross-framework analysis, and provide consolidated compliance reports.
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## Available Categories & Agents
|
|
17
|
+
|
|
18
|
+
### 🔐 Data Privacy (5 agents)
|
|
19
|
+
| Agent | Framework | Jurisdiction |
|
|
20
|
+
|-------|-----------|-------------|
|
|
21
|
+
| `gdpr-agent` | General Data Protection Regulation | EU/EEA/UK |
|
|
22
|
+
| `ccpa-agent` | CCPA / CPRA | California, US |
|
|
23
|
+
| `lgpd-agent` | Lei Geral de Proteção de Dados | Brazil |
|
|
24
|
+
| `dpdpa-agent` | Digital Personal Data Protection Act | India |
|
|
25
|
+
| `iso27701-agent` | ISO/IEC 27701 PIMS | International |
|
|
26
|
+
|
|
27
|
+
### 🛡️ Cybersecurity (6 agents)
|
|
28
|
+
| Agent | Framework | Jurisdiction |
|
|
29
|
+
|-------|-----------|-------------|
|
|
30
|
+
| `iso27001-agent` | ISO/IEC 27001 ISMS | International |
|
|
31
|
+
| `nist-csf-agent` | NIST Cybersecurity Framework 2.0 | US (global use) |
|
|
32
|
+
| `nist-800-53-agent` | NIST SP 800-53 Rev. 5 | US Federal |
|
|
33
|
+
| `cis-controls-agent` | CIS Critical Security Controls v8 | International |
|
|
34
|
+
| `nis2-agent` | NIS2 Directive 2022/2555 | EU |
|
|
35
|
+
| `ism-agent` | Australian ISM | Australia |
|
|
36
|
+
|
|
37
|
+
### 🏢 Industry Compliance (6 agents)
|
|
38
|
+
| Agent | Framework | Jurisdiction |
|
|
39
|
+
|-------|-----------|-------------|
|
|
40
|
+
| `soc2-agent` | SOC 2 Type I/II | US (global use) |
|
|
41
|
+
| `pci-dss-agent` | PCI DSS v4.0 | International |
|
|
42
|
+
| `hipaa-agent` | HIPAA Privacy & Security | US Healthcare |
|
|
43
|
+
| `swift-csp-agent` | SWIFT CSP | International Banking |
|
|
44
|
+
| `dora-agent` | DORA (EU 2022/2554) | EU Financial |
|
|
45
|
+
| `fedramp-agent` | FedRAMP | US Federal Cloud |
|
|
46
|
+
|
|
47
|
+
### 🔒 Defense & Export Control (4 agents)
|
|
48
|
+
| Agent | Framework | Jurisdiction |
|
|
49
|
+
|-------|-----------|-------------|
|
|
50
|
+
| `cmmc-agent` | CMMC 2.0 | US Defense |
|
|
51
|
+
| `itar-agent` | ITAR | US Defense Export |
|
|
52
|
+
| `ear-agent` | EAR | US Commerce Export |
|
|
53
|
+
| `tsa-agent` | TSA Security Directives | US Transportation |
|
|
54
|
+
|
|
55
|
+
### 🤖 AI Governance (3 agents)
|
|
56
|
+
| Agent | Framework | Jurisdiction |
|
|
57
|
+
|-------|-----------|-------------|
|
|
58
|
+
| `eu-ai-act-agent` | EU AI Act (2024/1689) | EU |
|
|
59
|
+
| `iso42001-agent` | ISO/IEC 42001:2023 | International |
|
|
60
|
+
| `nist-ai-rmf-agent` | NIST AI RMF 1.0 | US (global use) |
|
|
61
|
+
|
|
62
|
+
### ♿ Accessibility & ESG (3 agents)
|
|
63
|
+
| Agent | Framework | Jurisdiction |
|
|
64
|
+
|-------|-----------|-------------|
|
|
65
|
+
| `wcag-agent` | WCAG 2.2 | International |
|
|
66
|
+
| `section508-agent` | Section 508 | US Federal |
|
|
67
|
+
| `csrd-agent` | CSRD (EU 2022/2464) | EU |
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## Routing Intelligence
|
|
72
|
+
|
|
73
|
+
### Automatic Framework Detection
|
|
74
|
+
|
|
75
|
+
Detect the relevant framework(s) from user input using these trigger patterns:
|
|
76
|
+
|
|
77
|
+
**Data Privacy triggers:**
|
|
78
|
+
- GDPR, data protection, privacy policy, DPA, DPIA, consent, PII, personal data, right to be forgotten, data subject rights, controller/processor, cross-border transfer, adequacy decision, SCCs, BCRs, Art. 6, Art. 13, Art. 28, Art. 32
|
|
79
|
+
- CCPA, CPRA, California privacy, consumer rights, "do not sell", GPC, sensitive personal information, CPPA
|
|
80
|
+
- LGPD, Brazilian data, ANPD, encarregado, Lei Geral
|
|
81
|
+
- DPDPA, India data protection, data fiduciary, data principal, DPDP Rules, MEITY
|
|
82
|
+
- ISO 27701, PIMS, privacy management system, PII controller, PII processor, Annex A.1, Annex A.2
|
|
83
|
+
|
|
84
|
+
**Cybersecurity triggers:**
|
|
85
|
+
- ISO 27001, ISMS, Annex A controls, Statement of Applicability, SoA, information security policy
|
|
86
|
+
- NIST CSF, cybersecurity framework, identify/protect/detect/respond/recover, NIST categories
|
|
87
|
+
- NIST 800-53, federal security controls, control families, security baselines
|
|
88
|
+
- CIS Controls, CIS benchmarks, implementation groups, IG1/IG2/IG3
|
|
89
|
+
- NIS2, essential/important entities, EU cybersecurity directive, incident reporting
|
|
90
|
+
- ISM, Australian government security, essential eight
|
|
91
|
+
|
|
92
|
+
**Industry Compliance triggers:**
|
|
93
|
+
- SOC 2, trust services criteria, Type I/II, security/availability/processing integrity/confidentiality/privacy
|
|
94
|
+
- PCI DSS, payment card, cardholder data, SAQ, QSA, PCI compliance
|
|
95
|
+
- HIPAA, PHI, protected health information, covered entity, business associate, healthcare compliance
|
|
96
|
+
- SWIFT CSP, SWIFT security, CSCF, customer security programme
|
|
97
|
+
- DORA, digital operational resilience, ICT risk, financial sector EU, third-party risk
|
|
98
|
+
- FedRAMP, federal cloud, ATO, authorization to operate, 3PAO
|
|
99
|
+
|
|
100
|
+
**Defense & Export triggers:**
|
|
101
|
+
- CMMC, cybersecurity maturity, CUI, controlled unclassified, defense contractors
|
|
102
|
+
- ITAR, arms regulations, USML, defense articles, State Department
|
|
103
|
+
- EAR, export administration, CCL, Commerce Control List, BIS, dual-use
|
|
104
|
+
- TSA, transportation security, pipeline security, aviation cybersecurity
|
|
105
|
+
|
|
106
|
+
**AI Governance triggers:**
|
|
107
|
+
- EU AI Act, AI regulation, high-risk AI, prohibited AI, AI provider/deployer, GPAI, AI Act conformity
|
|
108
|
+
- ISO 42001, AI management system, AIMS, AI lifecycle
|
|
109
|
+
- NIST AI RMF, AI risk management, AI trustworthiness, govern/map/measure/manage
|
|
110
|
+
|
|
111
|
+
**Accessibility & ESG triggers:**
|
|
112
|
+
- WCAG, web accessibility, perceivable/operable/understandable/robust, A/AA/AAA
|
|
113
|
+
- Section 508, federal accessibility, US government accessibility, ICT accessibility
|
|
114
|
+
- CSRD, sustainability reporting, ESG, double materiality, ESRS, corporate sustainability
|
|
115
|
+
|
|
116
|
+
**Workflow triggers:**
|
|
117
|
+
- DPIA, impact assessment, data protection impact, Art. 35 → route to `dpia-sentinel`
|
|
118
|
+
- breach, data breach, incident, 72 hours, Art. 33, Art. 34 → route to `breach-sentinel`
|
|
119
|
+
- legitimate interest, LIA, balancing test, Art. 6(1)(f) → route to `legitimate-interest`
|
|
120
|
+
- privacy program, compliance assessment, GDPR audit, compliance posture → route to `privacy-advisor`
|
|
121
|
+
- privacy notice, Art. 13, Art. 14, transparency → route to `privacy-notice-gen`
|
|
122
|
+
- privacy policy, site policy, app policy → route to `privacy-policy-gen`
|
|
123
|
+
- cookie, cookie policy, ePrivacy, CNIL cookies, cookie banner → route to `cookie-policy-gen`
|
|
124
|
+
- AI Act classification, risk level, prohibited AI, high-risk AI, Annex III → route to `ai-act-classifier`
|
|
125
|
+
- AI Act provider, deployer, obligations, role determination → route to `ai-act-roles`
|
|
126
|
+
- FRIA, fundamental rights, Art. 27, impact assessment AI → route to `ai-act-fria`
|
|
127
|
+
- AI incident, serious incident, Art. 73, incident reporting → route to `ai-act-incidents`
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
## Multi-Framework Analysis
|
|
132
|
+
|
|
133
|
+
When a user query involves multiple frameworks:
|
|
134
|
+
|
|
135
|
+
### Step 1 — Identify All Relevant Frameworks
|
|
136
|
+
List all triggered frameworks with confidence level (High/Medium/Low).
|
|
137
|
+
|
|
138
|
+
### Step 2 — Determine Analysis Type
|
|
139
|
+
- **Compliance audit**: Route to each agent sequentially, consolidate findings
|
|
140
|
+
- **Gap analysis**: Use cross-framework-mapper to identify overlaps
|
|
141
|
+
- **Policy drafting**: Identify the strictest requirements across frameworks
|
|
142
|
+
- **Control mapping**: Map controls between frameworks
|
|
143
|
+
|
|
144
|
+
### Step 3 — Cross-Framework Mapping
|
|
145
|
+
Use the `shared/cross-framework-mapper.md` template to create overlapping control mappings. Common pairings:
|
|
146
|
+
- ISO 27001 ↔ NIST CSF ↔ CIS Controls (cybersecurity triad)
|
|
147
|
+
- GDPR ↔ ISO 27701 ↔ CCPA ↔ LGPD (privacy alignment)
|
|
148
|
+
- SOC 2 ↔ ISO 27001 (trust/security alignment)
|
|
149
|
+
- NIST 800-53 ↔ FedRAMP ↔ CMMC (US federal alignment)
|
|
150
|
+
- EU AI Act ↔ ISO 42001 ↔ NIST AI RMF (AI governance triad)
|
|
151
|
+
- NIS2 ↔ DORA ↔ ISO 27001 (EU cyber resilience)
|
|
152
|
+
|
|
153
|
+
### Step 4 — Consolidated Report
|
|
154
|
+
Produce a unified report using the `shared/audit-report-template.md` format, highlighting:
|
|
155
|
+
- Common controls (implement once, satisfy many)
|
|
156
|
+
- Framework-specific gaps
|
|
157
|
+
- Priority remediation roadmap
|
|
158
|
+
|
|
159
|
+
---
|
|
160
|
+
|
|
161
|
+
## Interactive Menu
|
|
162
|
+
|
|
163
|
+
When the user is unsure which framework to use, present this interactive guide:
|
|
164
|
+
|
|
165
|
+
```
|
|
166
|
+
🛡️ Shield — GRC Compliance Assistant
|
|
167
|
+
|
|
168
|
+
What type of compliance question do you have?
|
|
169
|
+
|
|
170
|
+
1. 🔐 Data Privacy & Protection
|
|
171
|
+
→ GDPR, CCPA, LGPD, DPDPA, ISO 27701
|
|
172
|
+
"How do I protect personal data and comply with privacy laws?"
|
|
173
|
+
|
|
174
|
+
2. 🛡️ Cybersecurity & Information Security
|
|
175
|
+
→ ISO 27001, NIST CSF, NIST 800-53, CIS Controls, NIS2, ISM
|
|
176
|
+
"How do I secure my systems and meet security standards?"
|
|
177
|
+
|
|
178
|
+
3. 🏢 Industry-Specific Compliance
|
|
179
|
+
→ SOC 2, PCI DSS, HIPAA, SWIFT CSP, DORA, FedRAMP
|
|
180
|
+
"What industry regulations apply to my business?"
|
|
181
|
+
|
|
182
|
+
4. 🔒 Defense & Export Control
|
|
183
|
+
→ CMMC, ITAR, EAR, TSA
|
|
184
|
+
"How do I handle defense contracts or export-controlled items?"
|
|
185
|
+
|
|
186
|
+
5. 🤖 AI Governance & Ethics
|
|
187
|
+
→ EU AI Act, ISO 42001, NIST AI RMF
|
|
188
|
+
"How do I ensure my AI system is compliant and trustworthy?"
|
|
189
|
+
|
|
190
|
+
6. ♿ Accessibility & Sustainability
|
|
191
|
+
→ WCAG, Section 508, CSRD
|
|
192
|
+
"How do I make my products accessible and report on sustainability?"
|
|
193
|
+
|
|
194
|
+
7. 📋 GDPR & AI Act Workflows
|
|
195
|
+
→ DPIA, Breach Response, LIA, Privacy Notices, Cookies, AI Act Classification
|
|
196
|
+
"I need to conduct a DPIA" / "We had a data breach" / "Classify my AI system"
|
|
197
|
+
|
|
198
|
+
8. 🔄 Cross-Framework Analysis
|
|
199
|
+
"I need to comply with multiple frameworks — help me map controls."
|
|
200
|
+
|
|
201
|
+
Which area? (1-8, or describe your situation)
|
|
202
|
+
```
|
|
203
|
+
|
|
204
|
+
---
|
|
205
|
+
|
|
206
|
+
## Response Format
|
|
207
|
+
|
|
208
|
+
### Single-Framework Query
|
|
209
|
+
1. Identify the framework
|
|
210
|
+
2. Route to the specialist agent
|
|
211
|
+
3. Present the agent's structured output
|
|
212
|
+
|
|
213
|
+
### Multi-Framework Query
|
|
214
|
+
1. List all relevant frameworks
|
|
215
|
+
2. Execute each agent analysis
|
|
216
|
+
3. Use cross-framework-mapper for overlaps
|
|
217
|
+
4. Present consolidated report with `shared/audit-report-template.md`
|
|
218
|
+
|
|
219
|
+
### Uncertainty
|
|
220
|
+
If the framework is ambiguous:
|
|
221
|
+
1. Ask 2-3 clarifying questions (jurisdiction, industry, data types)
|
|
222
|
+
2. Recommend the most likely framework(s)
|
|
223
|
+
3. Offer the interactive menu
|
|
224
|
+
|
|
225
|
+
---
|
|
226
|
+
|
|
227
|
+
## Escalation & Caveats
|
|
228
|
+
|
|
229
|
+
> **⚠️ Important**: Shield orchestrates AI-powered compliance analysis. All outputs are informational and do not constitute legal, regulatory, or certification advice. For formal compliance assessments, certification audits, or regulatory submissions, engage qualified professionals (auditors, lawyers, DPOs) with jurisdiction-specific expertise.
|
|
@@ -1,68 +1,68 @@
|
|
|
1
|
-
# Upstream Sync Configuration — Pack Shield
|
|
2
|
-
# This file tracks the relationship between upstream GRC skills and BMAD+ agents
|
|
3
|
-
# Used by: npx bmad-plus shield:sync
|
|
4
|
-
|
|
5
|
-
upstream:
|
|
6
|
-
repo: "Sushegaad/Claude-Skills-Governance-Risk-and-Compliance"
|
|
7
|
-
branch: "main"
|
|
8
|
-
baseline_sha: "9dc17ada525ef2c3c89833e53ac574ce2f0d0fd8"
|
|
9
|
-
last_sync: "2026-05-17"
|
|
10
|
-
license: "MIT"
|
|
11
|
-
author: "Hemant Naik (Sushegaad)"
|
|
12
|
-
|
|
13
|
-
sync_process:
|
|
14
|
-
description: |
|
|
15
|
-
1. Clone upstream repo to temporary directory
|
|
16
|
-
2. Compare SHA of each .skill file against baseline
|
|
17
|
-
3. For modified files:
|
|
18
|
-
a. Extract new SKILL.md from .skill archive
|
|
19
|
-
b. Diff against previous SKILL.md
|
|
20
|
-
c. Apply changes to corresponding BMAD+ agent (preserve BMAD+ header/metadata)
|
|
21
|
-
4. Check for new skills added upstream
|
|
22
|
-
5. Update this file with new SHA and timestamp
|
|
23
|
-
6. Generate changelog of modifications
|
|
24
|
-
preserve_on_merge:
|
|
25
|
-
- BMAD+ header block (lines 1-9 of each agent)
|
|
26
|
-
- Lawve.ai enrichments (Workflows 5-7 in GDPR agent)
|
|
27
|
-
- Custom BMAD+ sections not present in upstream
|
|
28
|
-
|
|
29
|
-
# Skill-to-Agent Mapping (upstream path -> BMAD+ agent path)
|
|
30
|
-
mapping:
|
|
31
|
-
# Data Privacy
|
|
32
|
-
"GDPR - Claude Skill/gdpr-compliance.skill": "categories/data-privacy/gdpr-agent.md"
|
|
33
|
-
"CCPA - Claude Skill/ccpa.skill": "categories/data-privacy/ccpa-agent.md"
|
|
34
|
-
"LGPD - Claude Skill/lgpd.skill": "categories/data-privacy/lgpd-agent.md"
|
|
35
|
-
"DPDPA - Claude Skill/dpdpa.skill": "categories/data-privacy/dpdpa-agent.md"
|
|
36
|
-
"ISO 27701 - Claude Skill/iso27701.skill": "categories/data-privacy/iso27701-agent.md"
|
|
37
|
-
|
|
38
|
-
# Cybersecurity
|
|
39
|
-
"ISO 27001 - Claude Skill/iso27001.skill": "categories/cybersecurity/iso27001-agent.md"
|
|
40
|
-
"NIST Cybersecurity Framework - Claude Skill/NIST Cybersecurity.skill": "categories/cybersecurity/nist-csf-agent.md"
|
|
41
|
-
"NIST 800-53 - Claude Skill/nist-800-53.skill": "categories/cybersecurity/nist-800-53-agent.md"
|
|
42
|
-
"CIS Controls - Claude Skill/cis-controls.skill": "categories/cybersecurity/cis-controls-agent.md"
|
|
43
|
-
"NIS2 - Claude Skill/nis2.skill": "categories/cybersecurity/nis2-agent.md"
|
|
44
|
-
"ISM - Claude Skill/ism.skill": "categories/cybersecurity/ism-agent.md"
|
|
45
|
-
|
|
46
|
-
# Industry Compliance
|
|
47
|
-
"SOC2 - Claude Skill/soc2.skill": "categories/industry-compliance/soc2-agent.md"
|
|
48
|
-
"PCI DSS - Claude Skill/PCI-Compliance.skill": "categories/industry-compliance/pci-dss-agent.md"
|
|
49
|
-
"HIPAA - Claude Skill/hipaa-compliance.skill": "categories/industry-compliance/hipaa-agent.md"
|
|
50
|
-
"SWIFT CSP - Claude Skill/swift-csp.skill": "categories/industry-compliance/swift-csp-agent.md"
|
|
51
|
-
"DORA - Claude Skill/dora.skill": "categories/industry-compliance/dora-agent.md"
|
|
52
|
-
"FedRAMP - Claude Skill/fedramp.skill": "categories/industry-compliance/fedramp-agent.md"
|
|
53
|
-
|
|
54
|
-
# Defense & Export
|
|
55
|
-
"CMMC - Claude Skill/cmmc.skill": "categories/defense-export/cmmc-agent.md"
|
|
56
|
-
"ITAR - Claude Skill/itar.skill": "categories/defense-export/itar-agent.md"
|
|
57
|
-
"EAR - Claude Skill/ear.skill": "categories/defense-export/ear-agent.md"
|
|
58
|
-
"TSA Compliance - Claude Skill/TSA-Compliance.skill": "categories/defense-export/tsa-agent.md"
|
|
59
|
-
|
|
60
|
-
# AI Governance
|
|
61
|
-
"EU AI Act - Claude Skill/eu-ai-act.skill": "categories/ai-governance/eu-ai-act-agent.md"
|
|
62
|
-
"ISO 42001 - Claude Skill/ISO-42001.skill": "categories/ai-governance/iso42001-agent.md"
|
|
63
|
-
"NIST AI RMF - Claude Skill/nist-ai-rmf.skill": "categories/ai-governance/nist-ai-rmf-agent.md"
|
|
64
|
-
|
|
65
|
-
# Accessibility & ESG
|
|
66
|
-
"WCAG - Claude Skill/wcag.skill": "categories/accessibility-esg/wcag-agent.md"
|
|
67
|
-
"Section 508 - Claude Skill/section-508.skill": "categories/accessibility-esg/section508-agent.md"
|
|
68
|
-
"CSRD - Claude Skill/csrd.skill": "categories/accessibility-esg/csrd-agent.md"
|
|
1
|
+
# Upstream Sync Configuration — Pack Shield
|
|
2
|
+
# This file tracks the relationship between upstream GRC skills and BMAD+ agents
|
|
3
|
+
# Used by: npx bmad-plus shield:sync
|
|
4
|
+
|
|
5
|
+
upstream:
|
|
6
|
+
repo: "Sushegaad/Claude-Skills-Governance-Risk-and-Compliance"
|
|
7
|
+
branch: "main"
|
|
8
|
+
baseline_sha: "9dc17ada525ef2c3c89833e53ac574ce2f0d0fd8"
|
|
9
|
+
last_sync: "2026-05-17"
|
|
10
|
+
license: "MIT"
|
|
11
|
+
author: "Hemant Naik (Sushegaad)"
|
|
12
|
+
|
|
13
|
+
sync_process:
|
|
14
|
+
description: |
|
|
15
|
+
1. Clone upstream repo to temporary directory
|
|
16
|
+
2. Compare SHA of each .skill file against baseline
|
|
17
|
+
3. For modified files:
|
|
18
|
+
a. Extract new SKILL.md from .skill archive
|
|
19
|
+
b. Diff against previous SKILL.md
|
|
20
|
+
c. Apply changes to corresponding BMAD+ agent (preserve BMAD+ header/metadata)
|
|
21
|
+
4. Check for new skills added upstream
|
|
22
|
+
5. Update this file with new SHA and timestamp
|
|
23
|
+
6. Generate changelog of modifications
|
|
24
|
+
preserve_on_merge:
|
|
25
|
+
- BMAD+ header block (lines 1-9 of each agent)
|
|
26
|
+
- Lawve.ai enrichments (Workflows 5-7 in GDPR agent)
|
|
27
|
+
- Custom BMAD+ sections not present in upstream
|
|
28
|
+
|
|
29
|
+
# Skill-to-Agent Mapping (upstream path -> BMAD+ agent path)
|
|
30
|
+
mapping:
|
|
31
|
+
# Data Privacy
|
|
32
|
+
"GDPR - Claude Skill/gdpr-compliance.skill": "categories/data-privacy/gdpr-agent.md"
|
|
33
|
+
"CCPA - Claude Skill/ccpa.skill": "categories/data-privacy/ccpa-agent.md"
|
|
34
|
+
"LGPD - Claude Skill/lgpd.skill": "categories/data-privacy/lgpd-agent.md"
|
|
35
|
+
"DPDPA - Claude Skill/dpdpa.skill": "categories/data-privacy/dpdpa-agent.md"
|
|
36
|
+
"ISO 27701 - Claude Skill/iso27701.skill": "categories/data-privacy/iso27701-agent.md"
|
|
37
|
+
|
|
38
|
+
# Cybersecurity
|
|
39
|
+
"ISO 27001 - Claude Skill/iso27001.skill": "categories/cybersecurity/iso27001-agent.md"
|
|
40
|
+
"NIST Cybersecurity Framework - Claude Skill/NIST Cybersecurity.skill": "categories/cybersecurity/nist-csf-agent.md"
|
|
41
|
+
"NIST 800-53 - Claude Skill/nist-800-53.skill": "categories/cybersecurity/nist-800-53-agent.md"
|
|
42
|
+
"CIS Controls - Claude Skill/cis-controls.skill": "categories/cybersecurity/cis-controls-agent.md"
|
|
43
|
+
"NIS2 - Claude Skill/nis2.skill": "categories/cybersecurity/nis2-agent.md"
|
|
44
|
+
"ISM - Claude Skill/ism.skill": "categories/cybersecurity/ism-agent.md"
|
|
45
|
+
|
|
46
|
+
# Industry Compliance
|
|
47
|
+
"SOC2 - Claude Skill/soc2.skill": "categories/industry-compliance/soc2-agent.md"
|
|
48
|
+
"PCI DSS - Claude Skill/PCI-Compliance.skill": "categories/industry-compliance/pci-dss-agent.md"
|
|
49
|
+
"HIPAA - Claude Skill/hipaa-compliance.skill": "categories/industry-compliance/hipaa-agent.md"
|
|
50
|
+
"SWIFT CSP - Claude Skill/swift-csp.skill": "categories/industry-compliance/swift-csp-agent.md"
|
|
51
|
+
"DORA - Claude Skill/dora.skill": "categories/industry-compliance/dora-agent.md"
|
|
52
|
+
"FedRAMP - Claude Skill/fedramp.skill": "categories/industry-compliance/fedramp-agent.md"
|
|
53
|
+
|
|
54
|
+
# Defense & Export
|
|
55
|
+
"CMMC - Claude Skill/cmmc.skill": "categories/defense-export/cmmc-agent.md"
|
|
56
|
+
"ITAR - Claude Skill/itar.skill": "categories/defense-export/itar-agent.md"
|
|
57
|
+
"EAR - Claude Skill/ear.skill": "categories/defense-export/ear-agent.md"
|
|
58
|
+
"TSA Compliance - Claude Skill/TSA-Compliance.skill": "categories/defense-export/tsa-agent.md"
|
|
59
|
+
|
|
60
|
+
# AI Governance
|
|
61
|
+
"EU AI Act - Claude Skill/eu-ai-act.skill": "categories/ai-governance/eu-ai-act-agent.md"
|
|
62
|
+
"ISO 42001 - Claude Skill/ISO-42001.skill": "categories/ai-governance/iso42001-agent.md"
|
|
63
|
+
"NIST AI RMF - Claude Skill/nist-ai-rmf.skill": "categories/ai-governance/nist-ai-rmf-agent.md"
|
|
64
|
+
|
|
65
|
+
# Accessibility & ESG
|
|
66
|
+
"WCAG - Claude Skill/wcag.skill": "categories/accessibility-esg/wcag-agent.md"
|
|
67
|
+
"Section 508 - Claude Skill/section-508.skill": "categories/accessibility-esg/section508-agent.md"
|
|
68
|
+
"CSRD - Claude Skill/csrd.skill": "categories/accessibility-esg/csrd-agent.md"
|