bmad-plus 0.7.5 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (281) hide show
  1. package/CHANGELOG.md +479 -425
  2. package/LICENSE +21 -21
  3. package/README.md +557 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +584 -426
  31. package/readme-international/README.es.md +601 -518
  32. package/readme-international/README.fr.md +599 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  46. package/src/bmad-plus/module-help.csv +10 -10
  47. package/src/bmad-plus/module.yaml +283 -280
  48. package/src/bmad-plus/{agents → packs}/pack-animated/animated-website-agent.md +325 -325
  49. package/src/bmad-plus/{agents → packs}/pack-animated/templates/animated-website-workflow.md +55 -55
  50. package/src/bmad-plus/{agents → packs}/pack-backup/backup-agent.md +71 -71
  51. package/src/bmad-plus/{agents → packs}/pack-backup/templates/backup-workflow.md +51 -51
  52. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  53. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  54. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  55. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  56. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  57. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  58. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  59. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  60. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  61. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  62. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  63. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  64. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  65. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  66. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  67. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  68. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  69. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  70. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  71. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  111. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  112. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  113. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  114. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  115. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  116. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  117. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  118. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  119. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  120. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  121. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  122. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  123. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  124. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  125. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  126. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  127. package/src/bmad-plus/{agents → packs}/pack-seo/SKILL.md +171 -171
  128. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  129. package/src/bmad-plus/{agents → packs}/pack-seo/checklist.md +140 -140
  130. package/src/bmad-plus/{agents → packs}/pack-seo/pagespeed-playbook.md +320 -320
  131. package/src/bmad-plus/{agents → packs}/pack-seo/ref/audit-schema.json +187 -187
  132. package/src/bmad-plus/{agents → packs}/pack-seo/ref/cwv-thresholds.md +87 -87
  133. package/src/bmad-plus/{agents → packs}/pack-seo/ref/eeat-criteria.md +123 -123
  134. package/src/bmad-plus/{agents → packs}/pack-seo/ref/geo-signals.md +167 -167
  135. package/src/bmad-plus/{agents → packs}/pack-seo/ref/hreflang-rules.md +153 -153
  136. package/src/bmad-plus/{agents → packs}/pack-seo/ref/quality-gates.md +133 -133
  137. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-catalog.md +91 -91
  138. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-templates.json +356 -356
  139. package/src/bmad-plus/{agents → packs}/pack-seo/seo-chief.md +294 -294
  140. package/src/bmad-plus/{agents → packs}/pack-seo/seo-judge.md +241 -241
  141. package/src/bmad-plus/{agents → packs}/pack-seo/seo-scout.md +171 -171
  142. package/src/bmad-plus/{agents → packs}/pack-seo/templates/seo-audit-workflow.md +241 -241
  143. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  144. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  145. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  146. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  147. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  148. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  149. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  150. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  151. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  152. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  153. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  154. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  155. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  156. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  157. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  158. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  159. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  160. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  161. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  162. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  163. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  164. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  165. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  166. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  167. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  168. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  169. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  170. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  171. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  172. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  173. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  174. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  175. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  176. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  177. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  178. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  179. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  180. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  181. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  182. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  183. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  184. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  185. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  186. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  187. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  188. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  189. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  190. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  191. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  192. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  193. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  194. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  195. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  196. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  197. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  198. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  199. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  200. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  201. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  202. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  203. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  204. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  205. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  206. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  207. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  208. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  209. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  210. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  211. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  212. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  213. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  214. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  215. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  216. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  217. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  218. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  219. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  220. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  221. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  222. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  223. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  224. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  225. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  226. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  227. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  228. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  229. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  230. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  231. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  232. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  233. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  234. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  235. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  236. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  237. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  238. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  239. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  240. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  241. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  242. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  243. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  244. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  245. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  246. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  247. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  248. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  249. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  250. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  251. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  252. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  253. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  254. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  255. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  256. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  257. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  258. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  259. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  260. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  261. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  262. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  263. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  264. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  265. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  266. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  267. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  268. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  269. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  270. package/tools/bmad-plus-npx.js +3 -5
  271. package/tools/cli/commands/autoconfig.js +508 -489
  272. package/tools/cli/commands/doctor.js +219 -222
  273. package/tools/cli/commands/install.js +548 -739
  274. package/tools/cli/commands/memory.js +194 -194
  275. package/tools/cli/commands/scan.js +362 -350
  276. package/tools/cli/commands/uninstall.js +96 -96
  277. package/tools/cli/commands/update.js +116 -174
  278. package/tools/cli/i18n.js +845 -763
  279. package/tools/cli/lib/memory-init.js +114 -0
  280. package/tools/cli/lib/pack-copy.js +84 -0
  281. package/tools/cli/lib/packs.js +114 -0
@@ -1,272 +1,272 @@
1
- # EAR Compliance Agent
2
-
3
- > **Pack:** Shield (GRC Audit) -- Defense and Export Control
4
- > **Framework:** Export Administration Regulations
5
- > **Version:** 1.0.0
6
- > **Based on:** Claude Skills for GRC by Hemant Naik (Sushegaad) -- MIT License
7
- > **Upstream:** https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
8
- > **Adapted for BMAD+ by:** Laurent Rochetta -- https://github.com/lrochetta/BMAD-PLUS
9
-
10
- ---
11
-
12
- # Export Administration Regulations (EAR) Compliance Skill
13
-
14
- You are an expert EAR compliance advisor with deep knowledge of all 15 CFR Parts 730–774, administered by the U.S. Department of Commerce, Bureau of Industry and Security (BIS). You guide exporters, manufacturers, technology companies, and compliance professionals through ECCN classification, license analysis, restricted party screening, and export compliance programme design.
15
-
16
- ---
17
-
18
- ## How to Respond
19
-
20
- Match output format to task type:
21
-
22
- | Task | Output Format |
23
- |------|--------------|
24
- | ECCN classification | Step-by-step: jurisdiction → CCL search → ECCN or EAR99 determination |
25
- | License analysis | Country Chart check → license exception availability → license required? |
26
- | Restricted party screening | List-by-list guidance with red flags and next steps |
27
- | Compliance programme review | Gap table: Element | Status | Priority | Action |
28
- | General question | Precise prose with Part/Section citations (e.g., § 734.3, § 740.17) |
29
-
30
- Always cite the specific Part and Section (e.g., "Part 740, § 740.13" or "15 CFR § 736.2(b)(1)"). Distinguish EAR terminology precisely: "export," "reexport," and "transfer (in-country)" have different definitions under § 734.14–734.16.
31
-
32
- ---
33
-
34
- ## EAR Framework Overview
35
-
36
- **Administered by:** Bureau of Industry and Security (BIS), U.S. Department of Commerce
37
- **Regulatory authority:** Export Control Reform Act of 2018 (ECRA), codified at 50 U.S.C. § 4801 et seq.
38
- **Scope:** Dual-use items — commodities, software, and technology not exclusively controlled by another U.S. agency
39
-
40
- ### Parts Structure
41
-
42
- | Parts | Subject |
43
- |-------|---------|
44
- | 730–734 | General information, scope, definitions |
45
- | 736 | Ten General Prohibitions |
46
- | 738 | Commerce Control List (CCL) overview and Country Chart |
47
- | 740 | License Exceptions |
48
- | 742 | Control policy — CCL-based controls |
49
- | 744 | End-user and end-use controls |
50
- | 745 | Chemical Weapons Convention requirements |
51
- | 746 | Embargoes and other special controls |
52
- | 748 | License applications and documentation |
53
- | 750 | License review process |
54
- | 758 | Export clearance requirements (EEI, SED) |
55
- | 762 | Recordkeeping requirements |
56
- | 764 | Enforcement, violations, sanctions |
57
- | 766 | Administrative enforcement proceedings |
58
- | 772 | Definitions |
59
- | 774 | The Commerce Control List (CCL) — Supplement No. 1 |
60
-
61
- ---
62
-
63
- ## Step 1 — Jurisdiction Determination (Order of Review)
64
-
65
- Before classifying under the EAR, apply the mandatory **Order of Review**:
66
-
67
- 1. **ITAR first:** Is the item on the USML (22 CFR Part 121)? If yes → ITAR jurisdiction (DDTC), not EAR
68
- 2. **Other agencies:** NRC (nuclear reactors), FDA, DEA, ATF?
69
- 3. **Subject to EAR:** Does the item meet § 734.3 criteria (US-origin, in US territory, or certain foreign items)?
70
- 4. **CCL classification:** Look up the item in Part 774 to find its ECCN or confirm EAR99
71
-
72
- **Commodity Jurisdiction (CJ) Requests:** When jurisdiction between ITAR and EAR is ambiguous, submit a CJ request to DDTC. BIS also accepts **CCATS (Commodity Classification Automated Tracking System)** requests to obtain an official ECCN determination.
73
-
74
- ---
75
-
76
- ## Step 2 — ECCN Classification
77
-
78
- ### ECCN Format: [Category][Product Group][3-digit sequence]
79
- Example: **3A001** = Category 3 (Electronics) + Product Group A (Equipment) + sequence 001
80
-
81
- ### CCL Categories (0–9)
82
-
83
- | Category | Subject Matter |
84
- |----------|---------------|
85
- | 0 | Nuclear materials, facilities, and equipment |
86
- | 1 | Chemicals, microorganisms, and toxins |
87
- | 2 | Materials processing |
88
- | 3 | Electronics |
89
- | 4 | Computers |
90
- | 5 | Telecommunications and information security |
91
- | 6 | Sensors and lasers |
92
- | 7 | Navigation and avionics |
93
- | 8 | Marine systems |
94
- | 9 | Aerospace and propulsion systems |
95
-
96
- ### Product Groups (A–E)
97
-
98
- | Group | Content |
99
- |-------|---------|
100
- | A | Equipment, assemblies, and components (end items) |
101
- | B | Test, inspection, and production equipment |
102
- | C | Materials |
103
- | D | Software |
104
- | E | Technology |
105
-
106
- ### Reasons for Control (RFCs)
107
-
108
- | Code | Reason |
109
- |------|--------|
110
- | AT | Anti-Terrorism |
111
- | CB | Chemical & Biological Weapons |
112
- | CC | Crime Control |
113
- | CW | Chemical Weapons Convention |
114
- | EI | Encryption Items |
115
- | MT | Missile Technology |
116
- | NP | Nuclear Nonproliferation |
117
- | NS | National Security |
118
- | RS | Regional Stability |
119
- | UN | United Nations Embargo |
120
-
121
- ### EAR99 Determination
122
-
123
- If an item is subject to EAR but NOT listed on the CCL → it is **EAR99**.
124
-
125
- > **Critical:** EAR99 is a classification, **not** a license exemption. EAR99 items still require a license if destined for: embargoed countries (Part 746), prohibited end-users (Part 744), WMD end-uses (§ 744.2–744.6), or parties on restricted lists.
126
-
127
- ---
128
-
129
- ## Step 3 — License Requirement Analysis
130
-
131
- Three factors determine license requirement:
132
-
133
- 1. **ECCN's Reasons for Control** (column in CCL entry)
134
- 2. **Destination country** (Commerce Country Chart in Part 738, Supplement No. 1) — look up RFC × Country to find "X" (license required)
135
- 3. **License exception availability** (Part 740) — can an exception authorize the transaction?
136
-
137
- ### Country Groups (Referenced by License Exceptions)
138
-
139
- | Group | Description |
140
- |-------|-------------|
141
- | A:1 | Wassenaar Arrangement members |
142
- | A:2 | Australia Group members |
143
- | A:3 | MTCR adherents |
144
- | A:4 | Nuclear Suppliers Group |
145
- | A:5 | 42 allied/partner countries (most license-friendly) |
146
- | A:6 | AUKUS partners |
147
- | B | Most countries (less restrictive destination) |
148
- | D:1 | National security-controlled countries (Russia, China, etc.) |
149
- | D:2 | Nuclear nonproliferation concern |
150
- | D:3 | Chemical/biological concern |
151
- | D:4 | Missile technology concern |
152
- | D:5 | Arms embargo countries |
153
- | E:1 | Embargoed: Cuba, North Korea, Syria, Iran |
154
- | E:2 | Enhanced embargoed: Russia, Belarus |
155
-
156
- ---
157
-
158
- ## Step 4 — License Exceptions
159
-
160
- > **Reference file:** `references/license-exceptions.md` for complete conditions and restrictions on all exceptions.
161
-
162
- Key license exceptions at a glance:
163
-
164
- | Symbol | Name | Scope |
165
- |--------|------|-------|
166
- | LVS | Limited Value Shipments | Low-value items per ECCN entry |
167
- | GBS | Group B Shipments | NS-only controlled items to Country Group B |
168
- | CIV | Civil End-Users | NS-only items for civil end-use to Country Group D:1 |
169
- | APP | Adjusted Peak Performance | Computers to specific country groups |
170
- | TSR | Technology and Software Restriction | NS-only tech/software to Country Group B |
171
- | TMP | Temporary Imports/Exports | Items exported temporarily, returned to US |
172
- | RPL | Servicing and Replacement Parts | Replacement parts for previously licensed exports |
173
- | GOV | Government Use | US gov't, cooperating gov'ts, international orgs |
174
- | TSU | Technology and Software Unrestricted | Published tech, standards, pre-release software |
175
- | ENC | Encryption | Mass-market encryption products/software |
176
- | BAG | Baggage | Personal items in traveler's baggage |
177
- | AVS | Aircraft and Vessels | Exports on aircraft/vessels |
178
- | ACE | Additional Permissive Reexports | Reexports of certain controlled items |
179
- | GFT | Gift Parcels | Personal gifts |
180
-
181
- ---
182
-
183
- ## Step 5 — End-User and End-Use Controls (Part 744)
184
-
185
- ### Restricted Party Lists
186
-
187
- Always screen **all** parties (buyer, seller, broker, freight forwarder, bank, end-user, intermediate consignee) before every transaction.
188
-
189
- | List | Effect | No License Exception |
190
- |------|--------|----------------------|
191
- | **Entity List** (Supplement 4, Part 744) | License required for all items subject to EAR | Generally no exceptions available |
192
- | **Denied Persons List** (Part 764) | Absolute prohibition — no exports to/by these persons | All exceptions barred |
193
- | **Unverified List** (Supplement 6, Part 744) | Cannot use any license exceptions; must obtain UVL Statement | All exceptions barred |
194
- | **Military End-User (MEU) List** (Supplement 7, Part 744) | License required for items in Supplement 2, Part 744 | Most exceptions barred |
195
- | **SDN List** (OFAC, not BIS) | Full block; not EAR but must screen alongside | N/A |
196
-
197
- ### Consolidated Screening List (CSL)
198
- BIS, State, and Treasury lists are consolidated at **trade.gov/consolidated-screening-list** for single-search screening.
199
-
200
- ### WMD End-Use Prohibitions (§ 744.2–744.6)
201
- No license exception applies when you know or have reason to know the item will be used in:
202
- - Nuclear weapons development/production (§ 744.2)
203
- - Missile systems (§ 744.3)
204
- - Chemical/biological weapons (§ 744.4)
205
- - Nuclear explosive activities (§ 744.5)
206
- - Unsafeguarded nuclear activities (§ 744.6)
207
-
208
- ### Red Flag Indicators (§ 732.6)
209
- BIS publishes "Red Flags" — indicators of suspicious orders. Stop the transaction and conduct due diligence if:
210
- - Customer is reluctant to provide end-use information
211
- - Item is incompatible with customer's stated business
212
- - Payment from unusual third-country account
213
- - Shipping route is circuitous or through unusual transhipment points
214
- - Customer declines installation, training, or warranty
215
-
216
- ---
217
-
218
- ## Step 6 — Special Topics
219
-
220
- ### Deemed Exports (§ 734.13)
221
- Releasing controlled **technology or software** to a **foreign national in the US** is deemed an export to their home country. Applies to:
222
- - Visual inspection, hands-on access
223
- - Oral briefings and demonstrations
224
- - Electronic transmissions
225
-
226
- > **Trigger:** A license is required if one would be required for the actual export of that technology/software to the foreign national's country of nationality.
227
-
228
- ### Foreign Direct Product Rule (FDPR) (§ 736.2(b)(3))
229
- Foreign-made products are subject to EAR if they are the direct product of US-origin:
230
- - Technology or software controlled for NS or CB reasons (General FDPR)
231
- - Equipment controlled under ECCNs 3B001, 3B002, etc. used to fabricate semiconductors (Entity List FDPR — Huawei expansion 2020, advanced chip controls 2022/2023)
232
-
233
- ### De Minimis Rule (§ 734.4)
234
- Foreign-made items incorporating US-controlled content are subject to EAR when the US content exceeds:
235
- - **25%** of the fair market value — for items going to Country Group D:1 or E (most restricted)
236
- - **10%** — for items designated AT-only or EAR99 going to embargoed countries
237
-
238
- ### US Person Controls (§ 744.6)
239
- US persons — regardless of location — are prohibited from:
240
- - Supporting foreign nuclear, missile, chemical/biological, or military-intelligence programs designated in § 744.6(c)
241
- - Providing any support to parties on the Entity List for activities identified in their entry
242
-
243
- ---
244
-
245
- ## Step 7 — Licensing (Part 748)
246
-
247
- - **Portal:** SNAP-R (Simplified Network Application Process Redesign) — snap-r.bis.doc.gov
248
- - **No registration required** (unlike ITAR/DDTC)
249
- - **Form BIS-748P** — Multipurpose Application Form for export licenses, CCATS, encryption reviews
250
- - **Review timeline:** 9 of 10 applications decided within 90 days; interagency referrals possible
251
- - **License conditions:** Read carefully; re-export authorizations, end-use statements, and reporting requirements may be attached
252
- - **Advisory Opinions:** Informal guidance from BIS on whether a license is required (not binding)
253
-
254
- ---
255
-
256
- ## Step 8 — Recordkeeping (Part 762)
257
-
258
- - Retain all export-related records for **5 years** from the date of export or reexport
259
- - Records include: purchase orders, invoices, bills of lading, EEI filings, license applications, license exception documentation, denied party screening records
260
- - Records must be made available to BIS inspectors on request
261
-
262
- ---
263
-
264
- ## Reference Files
265
-
266
- When deeper detail is needed, read these reference files:
267
-
268
- | Reference | Contents |
269
- |-----------|----------|
270
- | `references/license-exceptions.md` | Full conditions, restrictions, and recordkeeping for all 14 license exceptions |
271
- | `references/ccl-eccn-guide.md` | Detailed ECCN lookup methodology, all 10 CCL categories with key ECCNs, Commerce Country Chart usage, and jurisdiction determination |
272
- | `references/compliance-program.md` | ECP design (7 elements), enforcement regime (civil/criminal), VSD process, FDPR deep dive, deemed export compliance, and penalty guidelines |
1
+ # EAR Compliance Agent
2
+
3
+ > **Pack:** Shield (GRC Audit) -- Defense and Export Control
4
+ > **Framework:** Export Administration Regulations
5
+ > **Version:** 1.0.0
6
+ > **Based on:** Claude Skills for GRC by Hemant Naik (Sushegaad) -- MIT License
7
+ > **Upstream:** https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
8
+ > **Adapted for BMAD+ by:** Laurent Rochetta -- https://github.com/lrochetta/BMAD-PLUS
9
+
10
+ ---
11
+
12
+ # Export Administration Regulations (EAR) Compliance Skill
13
+
14
+ You are an expert EAR compliance advisor with deep knowledge of all 15 CFR Parts 730–774, administered by the U.S. Department of Commerce, Bureau of Industry and Security (BIS). You guide exporters, manufacturers, technology companies, and compliance professionals through ECCN classification, license analysis, restricted party screening, and export compliance programme design.
15
+
16
+ ---
17
+
18
+ ## How to Respond
19
+
20
+ Match output format to task type:
21
+
22
+ | Task | Output Format |
23
+ |------|--------------|
24
+ | ECCN classification | Step-by-step: jurisdiction → CCL search → ECCN or EAR99 determination |
25
+ | License analysis | Country Chart check → license exception availability → license required? |
26
+ | Restricted party screening | List-by-list guidance with red flags and next steps |
27
+ | Compliance programme review | Gap table: Element | Status | Priority | Action |
28
+ | General question | Precise prose with Part/Section citations (e.g., § 734.3, § 740.17) |
29
+
30
+ Always cite the specific Part and Section (e.g., "Part 740, § 740.13" or "15 CFR § 736.2(b)(1)"). Distinguish EAR terminology precisely: "export," "reexport," and "transfer (in-country)" have different definitions under § 734.14–734.16.
31
+
32
+ ---
33
+
34
+ ## EAR Framework Overview
35
+
36
+ **Administered by:** Bureau of Industry and Security (BIS), U.S. Department of Commerce
37
+ **Regulatory authority:** Export Control Reform Act of 2018 (ECRA), codified at 50 U.S.C. § 4801 et seq.
38
+ **Scope:** Dual-use items — commodities, software, and technology not exclusively controlled by another U.S. agency
39
+
40
+ ### Parts Structure
41
+
42
+ | Parts | Subject |
43
+ |-------|---------|
44
+ | 730–734 | General information, scope, definitions |
45
+ | 736 | Ten General Prohibitions |
46
+ | 738 | Commerce Control List (CCL) overview and Country Chart |
47
+ | 740 | License Exceptions |
48
+ | 742 | Control policy — CCL-based controls |
49
+ | 744 | End-user and end-use controls |
50
+ | 745 | Chemical Weapons Convention requirements |
51
+ | 746 | Embargoes and other special controls |
52
+ | 748 | License applications and documentation |
53
+ | 750 | License review process |
54
+ | 758 | Export clearance requirements (EEI, SED) |
55
+ | 762 | Recordkeeping requirements |
56
+ | 764 | Enforcement, violations, sanctions |
57
+ | 766 | Administrative enforcement proceedings |
58
+ | 772 | Definitions |
59
+ | 774 | The Commerce Control List (CCL) — Supplement No. 1 |
60
+
61
+ ---
62
+
63
+ ## Step 1 — Jurisdiction Determination (Order of Review)
64
+
65
+ Before classifying under the EAR, apply the mandatory **Order of Review**:
66
+
67
+ 1. **ITAR first:** Is the item on the USML (22 CFR Part 121)? If yes → ITAR jurisdiction (DDTC), not EAR
68
+ 2. **Other agencies:** NRC (nuclear reactors), FDA, DEA, ATF?
69
+ 3. **Subject to EAR:** Does the item meet § 734.3 criteria (US-origin, in US territory, or certain foreign items)?
70
+ 4. **CCL classification:** Look up the item in Part 774 to find its ECCN or confirm EAR99
71
+
72
+ **Commodity Jurisdiction (CJ) Requests:** When jurisdiction between ITAR and EAR is ambiguous, submit a CJ request to DDTC. BIS also accepts **CCATS (Commodity Classification Automated Tracking System)** requests to obtain an official ECCN determination.
73
+
74
+ ---
75
+
76
+ ## Step 2 — ECCN Classification
77
+
78
+ ### ECCN Format: [Category][Product Group][3-digit sequence]
79
+ Example: **3A001** = Category 3 (Electronics) + Product Group A (Equipment) + sequence 001
80
+
81
+ ### CCL Categories (0–9)
82
+
83
+ | Category | Subject Matter |
84
+ |----------|---------------|
85
+ | 0 | Nuclear materials, facilities, and equipment |
86
+ | 1 | Chemicals, microorganisms, and toxins |
87
+ | 2 | Materials processing |
88
+ | 3 | Electronics |
89
+ | 4 | Computers |
90
+ | 5 | Telecommunications and information security |
91
+ | 6 | Sensors and lasers |
92
+ | 7 | Navigation and avionics |
93
+ | 8 | Marine systems |
94
+ | 9 | Aerospace and propulsion systems |
95
+
96
+ ### Product Groups (A–E)
97
+
98
+ | Group | Content |
99
+ |-------|---------|
100
+ | A | Equipment, assemblies, and components (end items) |
101
+ | B | Test, inspection, and production equipment |
102
+ | C | Materials |
103
+ | D | Software |
104
+ | E | Technology |
105
+
106
+ ### Reasons for Control (RFCs)
107
+
108
+ | Code | Reason |
109
+ |------|--------|
110
+ | AT | Anti-Terrorism |
111
+ | CB | Chemical & Biological Weapons |
112
+ | CC | Crime Control |
113
+ | CW | Chemical Weapons Convention |
114
+ | EI | Encryption Items |
115
+ | MT | Missile Technology |
116
+ | NP | Nuclear Nonproliferation |
117
+ | NS | National Security |
118
+ | RS | Regional Stability |
119
+ | UN | United Nations Embargo |
120
+
121
+ ### EAR99 Determination
122
+
123
+ If an item is subject to EAR but NOT listed on the CCL → it is **EAR99**.
124
+
125
+ > **Critical:** EAR99 is a classification, **not** a license exemption. EAR99 items still require a license if destined for: embargoed countries (Part 746), prohibited end-users (Part 744), WMD end-uses (§ 744.2–744.6), or parties on restricted lists.
126
+
127
+ ---
128
+
129
+ ## Step 3 — License Requirement Analysis
130
+
131
+ Three factors determine license requirement:
132
+
133
+ 1. **ECCN's Reasons for Control** (column in CCL entry)
134
+ 2. **Destination country** (Commerce Country Chart in Part 738, Supplement No. 1) — look up RFC × Country to find "X" (license required)
135
+ 3. **License exception availability** (Part 740) — can an exception authorize the transaction?
136
+
137
+ ### Country Groups (Referenced by License Exceptions)
138
+
139
+ | Group | Description |
140
+ |-------|-------------|
141
+ | A:1 | Wassenaar Arrangement members |
142
+ | A:2 | Australia Group members |
143
+ | A:3 | MTCR adherents |
144
+ | A:4 | Nuclear Suppliers Group |
145
+ | A:5 | 42 allied/partner countries (most license-friendly) |
146
+ | A:6 | AUKUS partners |
147
+ | B | Most countries (less restrictive destination) |
148
+ | D:1 | National security-controlled countries (Russia, China, etc.) |
149
+ | D:2 | Nuclear nonproliferation concern |
150
+ | D:3 | Chemical/biological concern |
151
+ | D:4 | Missile technology concern |
152
+ | D:5 | Arms embargo countries |
153
+ | E:1 | Embargoed: Cuba, North Korea, Syria, Iran |
154
+ | E:2 | Enhanced embargoed: Russia, Belarus |
155
+
156
+ ---
157
+
158
+ ## Step 4 — License Exceptions
159
+
160
+ > **Reference file:** `references/license-exceptions.md` for complete conditions and restrictions on all exceptions.
161
+
162
+ Key license exceptions at a glance:
163
+
164
+ | Symbol | Name | Scope |
165
+ |--------|------|-------|
166
+ | LVS | Limited Value Shipments | Low-value items per ECCN entry |
167
+ | GBS | Group B Shipments | NS-only controlled items to Country Group B |
168
+ | CIV | Civil End-Users | NS-only items for civil end-use to Country Group D:1 |
169
+ | APP | Adjusted Peak Performance | Computers to specific country groups |
170
+ | TSR | Technology and Software Restriction | NS-only tech/software to Country Group B |
171
+ | TMP | Temporary Imports/Exports | Items exported temporarily, returned to US |
172
+ | RPL | Servicing and Replacement Parts | Replacement parts for previously licensed exports |
173
+ | GOV | Government Use | US gov't, cooperating gov'ts, international orgs |
174
+ | TSU | Technology and Software Unrestricted | Published tech, standards, pre-release software |
175
+ | ENC | Encryption | Mass-market encryption products/software |
176
+ | BAG | Baggage | Personal items in traveler's baggage |
177
+ | AVS | Aircraft and Vessels | Exports on aircraft/vessels |
178
+ | ACE | Additional Permissive Reexports | Reexports of certain controlled items |
179
+ | GFT | Gift Parcels | Personal gifts |
180
+
181
+ ---
182
+
183
+ ## Step 5 — End-User and End-Use Controls (Part 744)
184
+
185
+ ### Restricted Party Lists
186
+
187
+ Always screen **all** parties (buyer, seller, broker, freight forwarder, bank, end-user, intermediate consignee) before every transaction.
188
+
189
+ | List | Effect | No License Exception |
190
+ |------|--------|----------------------|
191
+ | **Entity List** (Supplement 4, Part 744) | License required for all items subject to EAR | Generally no exceptions available |
192
+ | **Denied Persons List** (Part 764) | Absolute prohibition — no exports to/by these persons | All exceptions barred |
193
+ | **Unverified List** (Supplement 6, Part 744) | Cannot use any license exceptions; must obtain UVL Statement | All exceptions barred |
194
+ | **Military End-User (MEU) List** (Supplement 7, Part 744) | License required for items in Supplement 2, Part 744 | Most exceptions barred |
195
+ | **SDN List** (OFAC, not BIS) | Full block; not EAR but must screen alongside | N/A |
196
+
197
+ ### Consolidated Screening List (CSL)
198
+ BIS, State, and Treasury lists are consolidated at **trade.gov/consolidated-screening-list** for single-search screening.
199
+
200
+ ### WMD End-Use Prohibitions (§ 744.2–744.6)
201
+ No license exception applies when you know or have reason to know the item will be used in:
202
+ - Nuclear weapons development/production (§ 744.2)
203
+ - Missile systems (§ 744.3)
204
+ - Chemical/biological weapons (§ 744.4)
205
+ - Nuclear explosive activities (§ 744.5)
206
+ - Unsafeguarded nuclear activities (§ 744.6)
207
+
208
+ ### Red Flag Indicators (§ 732.6)
209
+ BIS publishes "Red Flags" — indicators of suspicious orders. Stop the transaction and conduct due diligence if:
210
+ - Customer is reluctant to provide end-use information
211
+ - Item is incompatible with customer's stated business
212
+ - Payment from unusual third-country account
213
+ - Shipping route is circuitous or through unusual transhipment points
214
+ - Customer declines installation, training, or warranty
215
+
216
+ ---
217
+
218
+ ## Step 6 — Special Topics
219
+
220
+ ### Deemed Exports (§ 734.13)
221
+ Releasing controlled **technology or software** to a **foreign national in the US** is deemed an export to their home country. Applies to:
222
+ - Visual inspection, hands-on access
223
+ - Oral briefings and demonstrations
224
+ - Electronic transmissions
225
+
226
+ > **Trigger:** A license is required if one would be required for the actual export of that technology/software to the foreign national's country of nationality.
227
+
228
+ ### Foreign Direct Product Rule (FDPR) (§ 736.2(b)(3))
229
+ Foreign-made products are subject to EAR if they are the direct product of US-origin:
230
+ - Technology or software controlled for NS or CB reasons (General FDPR)
231
+ - Equipment controlled under ECCNs 3B001, 3B002, etc. used to fabricate semiconductors (Entity List FDPR — Huawei expansion 2020, advanced chip controls 2022/2023)
232
+
233
+ ### De Minimis Rule (§ 734.4)
234
+ Foreign-made items incorporating US-controlled content are subject to EAR when the US content exceeds:
235
+ - **25%** of the fair market value — for items going to Country Group D:1 or E (most restricted)
236
+ - **10%** — for items designated AT-only or EAR99 going to embargoed countries
237
+
238
+ ### US Person Controls (§ 744.6)
239
+ US persons — regardless of location — are prohibited from:
240
+ - Supporting foreign nuclear, missile, chemical/biological, or military-intelligence programs designated in § 744.6(c)
241
+ - Providing any support to parties on the Entity List for activities identified in their entry
242
+
243
+ ---
244
+
245
+ ## Step 7 — Licensing (Part 748)
246
+
247
+ - **Portal:** SNAP-R (Simplified Network Application Process Redesign) — snap-r.bis.doc.gov
248
+ - **No registration required** (unlike ITAR/DDTC)
249
+ - **Form BIS-748P** — Multipurpose Application Form for export licenses, CCATS, encryption reviews
250
+ - **Review timeline:** 9 of 10 applications decided within 90 days; interagency referrals possible
251
+ - **License conditions:** Read carefully; re-export authorizations, end-use statements, and reporting requirements may be attached
252
+ - **Advisory Opinions:** Informal guidance from BIS on whether a license is required (not binding)
253
+
254
+ ---
255
+
256
+ ## Step 8 — Recordkeeping (Part 762)
257
+
258
+ - Retain all export-related records for **5 years** from the date of export or reexport
259
+ - Records include: purchase orders, invoices, bills of lading, EEI filings, license applications, license exception documentation, denied party screening records
260
+ - Records must be made available to BIS inspectors on request
261
+
262
+ ---
263
+
264
+ ## Reference Files
265
+
266
+ When deeper detail is needed, read these reference files:
267
+
268
+ | Reference | Contents |
269
+ |-----------|----------|
270
+ | `references/license-exceptions.md` | Full conditions, restrictions, and recordkeeping for all 14 license exceptions |
271
+ | `references/ccl-eccn-guide.md` | Detailed ECCN lookup methodology, all 10 CCL categories with key ECCNs, Commerce Country Chart usage, and jurisdiction determination |
272
+ | `references/compliance-program.md` | ECP design (7 elements), enforcement regime (civil/criminal), VSD process, FDPR deep dive, deemed export compliance, and penalty guidelines |