bmad-plus 0.7.5 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (281) hide show
  1. package/CHANGELOG.md +479 -425
  2. package/LICENSE +21 -21
  3. package/README.md +557 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +584 -426
  31. package/readme-international/README.es.md +601 -518
  32. package/readme-international/README.fr.md +599 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  46. package/src/bmad-plus/module-help.csv +10 -10
  47. package/src/bmad-plus/module.yaml +283 -280
  48. package/src/bmad-plus/{agents → packs}/pack-animated/animated-website-agent.md +325 -325
  49. package/src/bmad-plus/{agents → packs}/pack-animated/templates/animated-website-workflow.md +55 -55
  50. package/src/bmad-plus/{agents → packs}/pack-backup/backup-agent.md +71 -71
  51. package/src/bmad-plus/{agents → packs}/pack-backup/templates/backup-workflow.md +51 -51
  52. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  53. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  54. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  55. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  56. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  57. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  58. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  59. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  60. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  61. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  62. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  63. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  64. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  65. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  66. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  67. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  68. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  69. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  70. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  71. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  111. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  112. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  113. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  114. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  115. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  116. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  117. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  118. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  119. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  120. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  121. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  122. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  123. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  124. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  125. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  126. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  127. package/src/bmad-plus/{agents → packs}/pack-seo/SKILL.md +171 -171
  128. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  129. package/src/bmad-plus/{agents → packs}/pack-seo/checklist.md +140 -140
  130. package/src/bmad-plus/{agents → packs}/pack-seo/pagespeed-playbook.md +320 -320
  131. package/src/bmad-plus/{agents → packs}/pack-seo/ref/audit-schema.json +187 -187
  132. package/src/bmad-plus/{agents → packs}/pack-seo/ref/cwv-thresholds.md +87 -87
  133. package/src/bmad-plus/{agents → packs}/pack-seo/ref/eeat-criteria.md +123 -123
  134. package/src/bmad-plus/{agents → packs}/pack-seo/ref/geo-signals.md +167 -167
  135. package/src/bmad-plus/{agents → packs}/pack-seo/ref/hreflang-rules.md +153 -153
  136. package/src/bmad-plus/{agents → packs}/pack-seo/ref/quality-gates.md +133 -133
  137. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-catalog.md +91 -91
  138. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-templates.json +356 -356
  139. package/src/bmad-plus/{agents → packs}/pack-seo/seo-chief.md +294 -294
  140. package/src/bmad-plus/{agents → packs}/pack-seo/seo-judge.md +241 -241
  141. package/src/bmad-plus/{agents → packs}/pack-seo/seo-scout.md +171 -171
  142. package/src/bmad-plus/{agents → packs}/pack-seo/templates/seo-audit-workflow.md +241 -241
  143. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  144. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  145. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  146. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  147. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  148. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  149. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  150. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  151. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  152. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  153. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  154. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  155. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  156. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  157. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  158. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  159. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  160. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  161. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  162. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  163. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  164. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  165. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  166. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  167. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  168. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  169. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  170. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  171. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  172. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  173. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  174. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  175. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  176. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  177. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  178. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  179. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  180. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  181. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  182. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  183. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  184. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  185. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  186. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  187. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  188. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  189. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  190. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  191. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  192. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  193. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  194. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  195. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  196. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  197. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  198. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  199. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  200. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  201. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  202. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  203. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  204. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  205. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  206. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  207. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  208. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  209. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  210. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  211. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  212. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  213. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  214. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  215. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  216. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  217. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  218. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  219. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  220. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  221. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  222. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  223. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  224. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  225. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  226. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  227. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  228. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  229. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  230. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  231. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  232. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  233. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  234. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  235. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  236. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  237. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  238. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  239. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  240. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  241. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  242. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  243. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  244. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  245. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  246. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  247. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  248. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  249. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  250. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  251. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  252. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  253. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  254. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  255. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  256. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  257. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  258. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  259. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  260. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  261. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  262. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  263. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  264. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  265. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  266. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  267. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  268. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  269. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  270. package/tools/bmad-plus-npx.js +3 -5
  271. package/tools/cli/commands/autoconfig.js +508 -489
  272. package/tools/cli/commands/doctor.js +219 -222
  273. package/tools/cli/commands/install.js +548 -739
  274. package/tools/cli/commands/memory.js +194 -194
  275. package/tools/cli/commands/scan.js +362 -350
  276. package/tools/cli/commands/uninstall.js +96 -96
  277. package/tools/cli/commands/update.js +116 -174
  278. package/tools/cli/i18n.js +845 -763
  279. package/tools/cli/lib/memory-init.js +114 -0
  280. package/tools/cli/lib/pack-copy.js +84 -0
  281. package/tools/cli/lib/packs.js +114 -0
@@ -1,187 +1,187 @@
1
- # TSA Cybersecurity Incident Reporting — Procedures and Requirements
2
-
3
- Source: TSA Security Directives; CISA guidance; Federal Register notices
4
-
5
- ---
6
-
7
- ## 24-Hour Reporting Obligation
8
-
9
- All covered entities under any TSA cybersecurity Security Directive are required to report cybersecurity incidents to **CISA within 24 hours** of identifying an incident. This is a **hard deadline** — the clock starts when the entity identifies the incident, not when the investigation is complete.
10
-
11
- **Key principle**: Report early with limited information. TSA and CISA do not expect a complete investigation before the initial report. Updates are provided as the investigation progresses.
12
-
13
- ---
14
-
15
- ## What Qualifies as a Reportable Incident
16
-
17
- A cybersecurity incident is reportable if it results in — or is reasonably likely to result in — operational disruption, safety impact, or unauthorised access involving a Critical Cyber System (CCS).
18
-
19
- **Definite reportable incidents:**
20
- - Ransomware infection confirmed on IT or OT systems
21
- - Unauthorised access confirmed to any CCS
22
- - Malware detected on CCS (even if contained)
23
- - Denial of service that impacts operational capability
24
- - Confirmed phishing attack with resultant system access
25
- - Insider threat with confirmed access to CCS
26
- - Physical security breach resulting in suspected cyber access
27
- - Loss or suspected loss of operational control of OT systems
28
- - Detection of reconnaissance activity specifically targeting CCS
29
-
30
- **Potentially reportable (apply judgement; when in doubt, report):**
31
- - Phishing with credential theft (no confirmed CCS access yet)
32
- - Suspicious login attempts with partial success indicators
33
- - Discovery of unknown devices on OT network segments
34
- - Evidence of lateral movement in IT with potential path to OT
35
- - Vendor notification of a breach affecting systems they manage for you
36
-
37
- **Not reportable (generally):**
38
- - Spam email with no credential compromise
39
- - Blocked phishing attempt (no access)
40
- - Routine vulnerability scan activity from authorised ASV/pen test firm
41
- - Failed brute-force with no account compromise
42
-
43
- ---
44
-
45
- ## How to Report to CISA
46
-
47
- ### CISA Reporting Channels (24/7)
48
-
49
- | Channel | Contact |
50
- |---------|---------|
51
- | **Phone** | 1-888-282-0870 (CISA 24/7 Operations Center) |
52
- | **Email** | CISAgov@mail.dhs.gov |
53
- | **Online** | https://myservices.cisa.gov/report (CISA Reporting Portal) |
54
-
55
- ### TSA Notification
56
- In addition to CISA, notify TSA via the TSA Operations Center:
57
- - **TSA Operations Center**: 1-866-289-9673
58
-
59
- ### Internal Notification Sequence
60
- Before or concurrent with CISA reporting:
61
- 1. Cybersecurity Coordinator notified immediately upon incident identification
62
- 2. Cybersecurity Coordinator notifies Accountable Executive
63
- 3. Legal counsel notified (regulatory reporting obligations)
64
- 4. OT operations team notified if OT systems involved
65
- 5. CISA report made within 24 hours
66
- 6. TSA notification made per directive requirements
67
-
68
- ---
69
-
70
- ## Initial Report — Minimum Required Information
71
-
72
- The initial 24-hour report should include as much of the following as available. Missing information can be provided in follow-up reports.
73
-
74
- **Required fields for initial report:**
75
- - Organisation name and sector (pipeline, freight rail, transit, etc.)
76
- - Contact name and phone number (Cybersecurity Coordinator)
77
- - Date and approximate time incident was identified
78
- - Brief description of what was observed
79
- - Systems affected (IT, OT, or both — be as specific as safe to share)
80
- - Operational impact (disruption to operations? estimated scope)
81
- - Containment actions taken so far
82
- - Whether law enforcement has been notified (FBI, etc.)
83
-
84
- **Sample initial report language:**
85
- > "[Organisation Name], a [natural gas pipeline / freight railroad / transit agency] operator, is reporting a cybersecurity incident identified on [date/time]. We detected [ransomware/unauthorised access/malware] on [IT systems / OT control systems / both]. At this time, [describe operational impact]. We have taken [initial containment actions]. Our Cybersecurity Coordinator is [Name] and can be reached at [phone]. We will provide updates as our investigation progresses."
86
-
87
- ---
88
-
89
- ## Follow-Up Reporting
90
-
91
- After the initial 24-hour report, maintain regular communication with CISA and TSA as the investigation develops:
92
-
93
- **Follow-up report triggers:**
94
- - Identification of root cause
95
- - Significant change in scope (more systems affected than initially reported)
96
- - Significant operational impact change
97
- - Recovery milestones reached
98
- - Incident closure
99
-
100
- **Incident closure report should include:**
101
- - Timeline from detection to containment to eradication to recovery
102
- - Root cause analysis
103
- - Systems affected (final scope)
104
- - Data involved (any cardholder data, PII, operational data)
105
- - Actions taken (containment, eradication, recovery)
106
- - Lessons learned
107
- - Corrective actions planned or implemented to prevent recurrence
108
-
109
- ---
110
-
111
- ## CIRB (Cyber Incident Response Board) and External Assistance
112
-
113
- If the incident is significant, CISA may:
114
- - Dispatch a CISA Rapid Response Team (CISA has dedicated ICS/OT responders)
115
- - Coordinate with FBI Cyber Division if criminal activity suspected
116
- - Share sanitised threat intelligence with other critical infrastructure operators via ISACs
117
-
118
- **Free CISA services available to covered entities:**
119
- - Incident response support (CIRP assistance, forensics support)
120
- - Cybersecurity advisory services
121
- - Vulnerability scanning (CISA CSET — Cybersecurity Evaluation Tool)
122
- - Exercises (tabletop exercise facilitation)
123
- - Threat intelligence (CISA advisories, ICS-CERT alerts)
124
-
125
- ---
126
-
127
- ## Sector-Specific ISACs
128
-
129
- Information Sharing and Analysis Centers (ISACs) provide sector-specific threat intelligence and incident coordination:
130
-
131
- | Sector | ISAC | Website |
132
- |--------|------|---------|
133
- | Pipeline / Energy | E-ISAC (Energy ISAC) | https://www.eisac.com |
134
- | Oil and Natural Gas | ONG-ISAC | https://www.ongisac.org |
135
- | Rail / Surface Transportation | Surface Transportation ISAC (ST-ISAC) | https://www.surfacetransportationisac.org |
136
- | Public Transit | PT-ISAC | https://www.pt-isac.org |
137
- | Multi-sector | MS-ISAC (focused on SLTT) | https://www.cisecurity.org/ms-isac |
138
-
139
- ISAC membership is strongly encouraged by TSA and CISA. Incidents can be reported to ISACs for anonymised sharing with sector peers.
140
-
141
- ---
142
-
143
- ## Post-Incident IRP Testing Requirement
144
-
145
- Following a significant cybersecurity incident, covered entities should:
146
- 1. Conduct an after-action review (AAR) within 30 days of incident closure
147
- 2. Document lessons learned
148
- 3. Update the IRP to reflect lessons learned
149
- 4. Update the CIP if architectural or procedural changes are required
150
- 5. Consider whether the incident warrants unscheduled IRP testing (e.g., drill on the specific scenario that occurred)
151
- 6. Track corrective actions to closure
152
-
153
- The annual IRP testing requirement (test two objectives) does not reset due to a real incident — a real incident response may count as a test if properly documented.
154
-
155
- ---
156
-
157
- ## Cyber Incident Notification Log
158
-
159
- Maintain a log of all regulatory notifications made for each incident. Recommended fields:
160
-
161
- | Field | Example |
162
- |-------|---------|
163
- | Incident ID | INC-2026-001 |
164
- | Date/time identified | 2026-03-10 14:32 UTC |
165
- | Date/time CISA notified | 2026-03-11 09:15 UTC (within 24h ✅) |
166
- | CISA ticket/case number | CISA-2026-XXXXX |
167
- | Date/time TSA notified | 2026-03-11 09:30 UTC |
168
- | TSA case reference | TSA-XXXX |
169
- | Date/time law enforcement notified | N/A or 2026-03-11 |
170
- | Internal legal counsel notified | 2026-03-10 15:00 UTC |
171
- | Accountable Executive notified | 2026-03-10 14:45 UTC |
172
- | Follow-up reports submitted | 2026-03-15, 2026-03-22 |
173
- | Incident closure date | 2026-03-25 |
174
- | Closure report submitted to CISA | 2026-03-30 |
175
-
176
- ---
177
-
178
- ## CIRPA — Cyber Incident Reporting for Critical Infrastructure Act
179
-
180
- In addition to TSA-specific reporting, large-scale incidents may also trigger reporting obligations under **CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022)**:
181
-
182
- - CIRCIA requires covered entities to report significant cyber incidents to CISA within **72 hours** (broader trigger than TSA's 24-hour requirement)
183
- - Ransom payments must be reported within **24 hours** under CIRCIA
184
- - TSA's 24-hour requirement is more stringent — complying with TSA also satisfies CIRCIA timelines
185
- - CIRCIA final rules were under development as of 2025/2026; interim guidance from CISA applies
186
-
187
- **Practical guidance**: When in doubt, report to CISA as early as possible. TSA's 24-hour requirement is the most demanding — use it as your reporting trigger.
1
+ # TSA Cybersecurity Incident Reporting — Procedures and Requirements
2
+
3
+ Source: TSA Security Directives; CISA guidance; Federal Register notices
4
+
5
+ ---
6
+
7
+ ## 24-Hour Reporting Obligation
8
+
9
+ All covered entities under any TSA cybersecurity Security Directive are required to report cybersecurity incidents to **CISA within 24 hours** of identifying an incident. This is a **hard deadline** — the clock starts when the entity identifies the incident, not when the investigation is complete.
10
+
11
+ **Key principle**: Report early with limited information. TSA and CISA do not expect a complete investigation before the initial report. Updates are provided as the investigation progresses.
12
+
13
+ ---
14
+
15
+ ## What Qualifies as a Reportable Incident
16
+
17
+ A cybersecurity incident is reportable if it results in — or is reasonably likely to result in — operational disruption, safety impact, or unauthorised access involving a Critical Cyber System (CCS).
18
+
19
+ **Definite reportable incidents:**
20
+ - Ransomware infection confirmed on IT or OT systems
21
+ - Unauthorised access confirmed to any CCS
22
+ - Malware detected on CCS (even if contained)
23
+ - Denial of service that impacts operational capability
24
+ - Confirmed phishing attack with resultant system access
25
+ - Insider threat with confirmed access to CCS
26
+ - Physical security breach resulting in suspected cyber access
27
+ - Loss or suspected loss of operational control of OT systems
28
+ - Detection of reconnaissance activity specifically targeting CCS
29
+
30
+ **Potentially reportable (apply judgement; when in doubt, report):**
31
+ - Phishing with credential theft (no confirmed CCS access yet)
32
+ - Suspicious login attempts with partial success indicators
33
+ - Discovery of unknown devices on OT network segments
34
+ - Evidence of lateral movement in IT with potential path to OT
35
+ - Vendor notification of a breach affecting systems they manage for you
36
+
37
+ **Not reportable (generally):**
38
+ - Spam email with no credential compromise
39
+ - Blocked phishing attempt (no access)
40
+ - Routine vulnerability scan activity from authorised ASV/pen test firm
41
+ - Failed brute-force with no account compromise
42
+
43
+ ---
44
+
45
+ ## How to Report to CISA
46
+
47
+ ### CISA Reporting Channels (24/7)
48
+
49
+ | Channel | Contact |
50
+ |---------|---------|
51
+ | **Phone** | 1-888-282-0870 (CISA 24/7 Operations Center) |
52
+ | **Email** | CISAgov@mail.dhs.gov |
53
+ | **Online** | https://myservices.cisa.gov/report (CISA Reporting Portal) |
54
+
55
+ ### TSA Notification
56
+ In addition to CISA, notify TSA via the TSA Operations Center:
57
+ - **TSA Operations Center**: 1-866-289-9673
58
+
59
+ ### Internal Notification Sequence
60
+ Before or concurrent with CISA reporting:
61
+ 1. Cybersecurity Coordinator notified immediately upon incident identification
62
+ 2. Cybersecurity Coordinator notifies Accountable Executive
63
+ 3. Legal counsel notified (regulatory reporting obligations)
64
+ 4. OT operations team notified if OT systems involved
65
+ 5. CISA report made within 24 hours
66
+ 6. TSA notification made per directive requirements
67
+
68
+ ---
69
+
70
+ ## Initial Report — Minimum Required Information
71
+
72
+ The initial 24-hour report should include as much of the following as available. Missing information can be provided in follow-up reports.
73
+
74
+ **Required fields for initial report:**
75
+ - Organisation name and sector (pipeline, freight rail, transit, etc.)
76
+ - Contact name and phone number (Cybersecurity Coordinator)
77
+ - Date and approximate time incident was identified
78
+ - Brief description of what was observed
79
+ - Systems affected (IT, OT, or both — be as specific as safe to share)
80
+ - Operational impact (disruption to operations? estimated scope)
81
+ - Containment actions taken so far
82
+ - Whether law enforcement has been notified (FBI, etc.)
83
+
84
+ **Sample initial report language:**
85
+ > "[Organisation Name], a [natural gas pipeline / freight railroad / transit agency] operator, is reporting a cybersecurity incident identified on [date/time]. We detected [ransomware/unauthorised access/malware] on [IT systems / OT control systems / both]. At this time, [describe operational impact]. We have taken [initial containment actions]. Our Cybersecurity Coordinator is [Name] and can be reached at [phone]. We will provide updates as our investigation progresses."
86
+
87
+ ---
88
+
89
+ ## Follow-Up Reporting
90
+
91
+ After the initial 24-hour report, maintain regular communication with CISA and TSA as the investigation develops:
92
+
93
+ **Follow-up report triggers:**
94
+ - Identification of root cause
95
+ - Significant change in scope (more systems affected than initially reported)
96
+ - Significant operational impact change
97
+ - Recovery milestones reached
98
+ - Incident closure
99
+
100
+ **Incident closure report should include:**
101
+ - Timeline from detection to containment to eradication to recovery
102
+ - Root cause analysis
103
+ - Systems affected (final scope)
104
+ - Data involved (any cardholder data, PII, operational data)
105
+ - Actions taken (containment, eradication, recovery)
106
+ - Lessons learned
107
+ - Corrective actions planned or implemented to prevent recurrence
108
+
109
+ ---
110
+
111
+ ## CIRB (Cyber Incident Response Board) and External Assistance
112
+
113
+ If the incident is significant, CISA may:
114
+ - Dispatch a CISA Rapid Response Team (CISA has dedicated ICS/OT responders)
115
+ - Coordinate with FBI Cyber Division if criminal activity suspected
116
+ - Share sanitised threat intelligence with other critical infrastructure operators via ISACs
117
+
118
+ **Free CISA services available to covered entities:**
119
+ - Incident response support (CIRP assistance, forensics support)
120
+ - Cybersecurity advisory services
121
+ - Vulnerability scanning (CISA CSET — Cybersecurity Evaluation Tool)
122
+ - Exercises (tabletop exercise facilitation)
123
+ - Threat intelligence (CISA advisories, ICS-CERT alerts)
124
+
125
+ ---
126
+
127
+ ## Sector-Specific ISACs
128
+
129
+ Information Sharing and Analysis Centers (ISACs) provide sector-specific threat intelligence and incident coordination:
130
+
131
+ | Sector | ISAC | Website |
132
+ |--------|------|---------|
133
+ | Pipeline / Energy | E-ISAC (Energy ISAC) | https://www.eisac.com |
134
+ | Oil and Natural Gas | ONG-ISAC | https://www.ongisac.org |
135
+ | Rail / Surface Transportation | Surface Transportation ISAC (ST-ISAC) | https://www.surfacetransportationisac.org |
136
+ | Public Transit | PT-ISAC | https://www.pt-isac.org |
137
+ | Multi-sector | MS-ISAC (focused on SLTT) | https://www.cisecurity.org/ms-isac |
138
+
139
+ ISAC membership is strongly encouraged by TSA and CISA. Incidents can be reported to ISACs for anonymised sharing with sector peers.
140
+
141
+ ---
142
+
143
+ ## Post-Incident IRP Testing Requirement
144
+
145
+ Following a significant cybersecurity incident, covered entities should:
146
+ 1. Conduct an after-action review (AAR) within 30 days of incident closure
147
+ 2. Document lessons learned
148
+ 3. Update the IRP to reflect lessons learned
149
+ 4. Update the CIP if architectural or procedural changes are required
150
+ 5. Consider whether the incident warrants unscheduled IRP testing (e.g., drill on the specific scenario that occurred)
151
+ 6. Track corrective actions to closure
152
+
153
+ The annual IRP testing requirement (test two objectives) does not reset due to a real incident — a real incident response may count as a test if properly documented.
154
+
155
+ ---
156
+
157
+ ## Cyber Incident Notification Log
158
+
159
+ Maintain a log of all regulatory notifications made for each incident. Recommended fields:
160
+
161
+ | Field | Example |
162
+ |-------|---------|
163
+ | Incident ID | INC-2026-001 |
164
+ | Date/time identified | 2026-03-10 14:32 UTC |
165
+ | Date/time CISA notified | 2026-03-11 09:15 UTC (within 24h ✅) |
166
+ | CISA ticket/case number | CISA-2026-XXXXX |
167
+ | Date/time TSA notified | 2026-03-11 09:30 UTC |
168
+ | TSA case reference | TSA-XXXX |
169
+ | Date/time law enforcement notified | N/A or 2026-03-11 |
170
+ | Internal legal counsel notified | 2026-03-10 15:00 UTC |
171
+ | Accountable Executive notified | 2026-03-10 14:45 UTC |
172
+ | Follow-up reports submitted | 2026-03-15, 2026-03-22 |
173
+ | Incident closure date | 2026-03-25 |
174
+ | Closure report submitted to CISA | 2026-03-30 |
175
+
176
+ ---
177
+
178
+ ## CIRPA — Cyber Incident Reporting for Critical Infrastructure Act
179
+
180
+ In addition to TSA-specific reporting, large-scale incidents may also trigger reporting obligations under **CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022)**:
181
+
182
+ - CIRCIA requires covered entities to report significant cyber incidents to CISA within **72 hours** (broader trigger than TSA's 24-hour requirement)
183
+ - Ransom payments must be reported within **24 hours** under CIRCIA
184
+ - TSA's 24-hour requirement is more stringent — complying with TSA also satisfies CIRCIA timelines
185
+ - CIRCIA final rules were under development as of 2025/2026; interim guidance from CISA applies
186
+
187
+ **Practical guidance**: When in doubt, report to CISA as early as possible. TSA's 24-hour requirement is the most demanding — use it as your reporting trigger.