mindforge-cc 10.0.3 → 10.7.0

package/.mindforge/skills/zero-trust-architecture/SKILL.md

@@ -0,0 +1,166 @@
+---
+name: zero-trust-architecture
+version: 1.0.0
+min_mindforge_version: 10.1.1
+status: stable
+triggers: zero trust architecture, never trust always verify, micro-segmentation, identity-aware proxy, continuous verification, zero trust network, BeyondCorp, least privilege access, device posture, zero trust identity, mTLS everywhere, zero trust perimeter
+compose: auth-patterns
+---
+
+# Skill — Zero Trust Architecture
+
+## When this skill activates
+Any task involving network security architecture where traditional perimeter-based
+security is being replaced or augmented by identity-centric, continuous verification
+models. Includes mTLS implementation, micro-segmentation, identity-aware proxies,
+and BeyondCorp-style access patterns.
+
+## Mandatory actions when this skill is active
+
+### Before writing any code
+1. Inventory all communication flows (service-to-service, user-to-service, external).
+2. Define identity model (who/what can talk to whom under what conditions).
+3. Map trust boundaries — there are no trusted zones, only verified identities.
+4. Determine device posture requirements for user-facing access.
+
+### During implementation
+- Authenticate every request regardless of network origin.
+- Implement mTLS for all service-to-service communication.
+- Apply least privilege — grant minimum permissions needed, no more.
+- Never trust network location as a security signal.
+- Pass identity claims downstream (not just "authenticated: yes").
+- Re-verify identity on privilege escalation or sensitive operations.
+- Log all access decisions for audit.
+
+### After implementation
+- Verify default-deny is enforced (no open paths by accident).
+- Test that compromising one service doesn't grant lateral movement.
+- Confirm certificate rotation works automatically.
+- Validate device posture checks block non-compliant devices.
+- Audit that all flows are identity-verified.
+
+## Core Principles
+
+### The Three Pillars
+1. **Never trust, always verify** — Every request is treated as if from an open network.
+2. **Least privilege access** — Grant minimum permissions, scope tightly, time-bound when possible.
+3. **Assume breach** — Design as if attackers are already inside. Limit blast radius.
+
+### Trust Signals (Combined, Not Individual)
+- Identity (who is this? verified cryptographically).
+- Device (is this device healthy? patched? managed?).
+- Context (where, when, what resource, what action?).
+- Risk score (is this behavior anomalous?).
+
+## Identity-Aware Proxy
+
+### Pattern
+```
+User → Identity-Aware Proxy → Authenticate → Check Policy → Backend Service
+                                    ↓
+                            [Identity Provider]
+                            [Policy Engine]
+                            [Device Trust Store]
+```
+
+### Implementation
+- Proxy sits at the edge (or service mesh ingress).
+- Authenticates user via OIDC/SAML.
+- Checks policy engine for authorization.
+- Injects verified identity headers to backend.
+- Backend trusts proxy-injected headers (not user-supplied).
+
+### Tools
+- Google IAP, Cloudflare Access, Ory Oathkeeper, Pomerium.
+
+## Mutual TLS (mTLS)
+
+### Why
+- Encrypts traffic between services (confidentiality).
+- Cryptographically verifies both client and server identity (authentication).
+- Prevents unauthorized services from communicating.
+
+### Implementation
+- Use service mesh (Istio, Linkerd) for automatic mTLS.
+- Rotate certificates automatically (short-lived: 24h recommended).
+- Use SPIFFE/SPIRE for workload identity.
+- Never disable mTLS verification in production.
+
+### Certificate Management
+- Auto-issue via cert-manager or service mesh CA.
+- Short-lived certificates (hours, not years).
+- Automated rotation with zero downtime.
+- Certificate revocation for compromised services.
+
+## Micro-Segmentation
+
+### Approach
+1. Start with default-deny between all services.
+2. Declare allowed communication flows explicitly.
+3. Enforce at network layer (NetworkPolicy) AND application layer (authz).
+4. Segment by sensitivity level (PII services isolated from general services).
+
+### Example Policy
+```yaml
+# Only payment-service can talk to payment-db
+source: payment-service
+destination: payment-db
+port: 5432
+action: ALLOW
+
+# Everything else to payment-db
+source: *
+destination: payment-db
+action: DENY
+```
+
+## Device Posture
+
+### Checks Before Granting Access
+- OS version current (within N patches).
+- Disk encryption enabled.
+- Firewall active.
+- No known malware detected.
+- MDM-managed (for corporate devices).
+- Screen lock enabled.
+
+### Degraded Access
+- Non-compliant device → read-only access or blocked entirely.
+- Unknown device → step-up authentication required.
+- Jailbroken/rooted → zero access to sensitive resources.
+
+## Continuous Verification
+
+### Re-verify When
+- Session exceeds time threshold (e.g., every 1 hour).
+- User requests privilege escalation.
+- Anomalous behavior detected (impossible travel, unusual time).
+- Accessing higher-sensitivity resource than current level.
+- Device posture changes mid-session.
+
+### Risk-Based Response
+- Low risk → continue session.
+- Medium risk → step-up auth (MFA prompt).
+- High risk → terminate session, require full re-authentication.
+
+## BeyondCorp Model
+
+### Key Differences from VPN
+| Traditional VPN | BeyondCorp (Zero Trust) |
+|----------------|------------------------|
+| VPN = trusted zone | No trusted zone exists |
+| Once in, full access | Every request verified |
+| Network location = trust | Identity + device + context = trust |
+| Perimeter defense | Defense in depth everywhere |
+| Hard outside, soft inside | Uniformly hardened |
+
+## Self-check
+- [ ] All service-to-service communication uses mTLS.
+- [ ] Default-deny network policy in place.
+- [ ] Identity verified on every request (not just at edge).
+- [ ] Least privilege enforced (no over-permissioned service accounts).
+- [ ] Device posture checked for user access.
+- [ ] Continuous verification triggers defined.
+- [ ] Certificate rotation is automatic and tested.
+- [ ] Lateral movement prevented (compromise one service != access to others).
+- [ ] All access decisions logged for audit.

package/CHANGELOG.md

@@ -1,5 +1,181 @@
 # Changelog
 
+## [10.7.0] - 2026-05-27 — "Platform Sovereign"
+
+### Added (v10.7.0)
+
+- **10 new core skills** — internal-developer-platform, self-serve-infrastructure, platform-reliability, developer-productivity-metrics, api-marketplace, build-system-optimization, secrets-platform, environment-management, platform-observability, migration-platform.
+- **6 new commands** — `/mindforge:platform`, `/mindforge:build-opt`, `/mindforge:secrets-mgmt`, `/mindforge:environments`, `/mindforge:observability-platform`, `/mindforge:migration-mgmt`.
+- **6 new personas** — platform-lead, build-engineer, environment-engineer, productivity-analyst, secrets-engineer, migration-architect.
+- **1 new swarm template** — PlatformSwarmV2 (HITL platform engineering + migration).
+- **200 core skills milestone** — Full coverage across 12 domains.
+- **Swarm templates v15.0.0** — 49 total templates.
+
+---
+
+## [10.6.0] - 2026-05-27 — "Data Alchemy"
+
+### Added (v10.6.0)
+
+- **10 new core skills** — causal-inference, feature-engineering, ml-monitoring, data-governance, stream-processing, data-lakehouse, experiment-platform, data-mesh, real-time-analytics, data-privacy-engineering.
+- **6 new commands** — `/mindforge:causal`, `/mindforge:lakehouse`, `/mindforge:data-mesh`, `/mindforge:stream`, `/mindforge:privacy-eng`, `/mindforge:realtime-analytics`.
+- **6 new personas** — causal-scientist, data-mesh-architect, stream-engineer, lakehouse-architect, privacy-engineer, analytics-engineer.
+- **1 new swarm template** — DataAlchemySwarm (HITL data architecture + privacy).
+
+---
+
+## [10.5.0] - 2026-05-27 — "AI Frontier"
+
+### Added (v10.5.0)
+
+- **10 new core skills** — multimodal-ai, ai-safety-alignment, synthetic-data-generation, model-evaluation, embedding-systems, llm-orchestration, knowledge-graphs, ml-feature-store, ai-cost-management, autonomous-agents.
+- **8 new commands** — `/mindforge:multimodal`, `/mindforge:ai-safety`, `/mindforge:embeddings`, `/mindforge:llm-route`, `/mindforge:knowledge-graph`, `/mindforge:feature-store`, `/mindforge:ai-cost`, `/mindforge:agent-design`.
+- **8 new personas** — multimodal-engineer, ai-safety-engineer, embedding-architect, llm-orchestrator, knowledge-engineer, feature-store-engineer, ai-economist, agent-architect.
+- **1 new swarm template** — AIFrontierSwarm (HITL AI system architecture + safety).
+
+---
+
+## [10.4.0] - 2026-05-27 — "Cross-Platform"
+
+### Added (v10.4.0)
+
+- **10 new core skills** — react-native-patterns, flutter-architecture, offline-first-design, progressive-web-app, mobile-performance, cross-platform-testing, app-store-deployment, mobile-security, responsive-native, push-notification-architecture.
+- **6 new commands** — `/mindforge:mobile`, `/mindforge:react-native`, `/mindforge:flutter`, `/mindforge:offline`, `/mindforge:pwa`, `/mindforge:push-notify`.
+- **6 new personas** — mobile-architect, react-native-engineer, flutter-engineer, offline-specialist, mobile-security-engineer, pwa-architect.
+- **1 new swarm template** — MobileSwarm (HITL cross-platform architecture).
+
+---
+
+## [10.3.0] - 2026-05-27 — "Leader's Edge"
+
+### Added (v10.3.0)
+
+- **10 new core skills** — technical-leadership, mentoring-patterns, stakeholder-communication, conflict-resolution, incident-communication, hiring-engineering, delegation-patterns, meeting-architecture, performance-reviews, change-management.
+- **6 new commands** — `/mindforge:lead`, `/mindforge:communicate`, `/mindforge:hire`, `/mindforge:delegate`, `/mindforge:meeting-design`, `/mindforge:change`.
+- **6 new personas** — tech-lead-coach, communication-architect, hiring-strategist, change-agent, meeting-designer, mentorship-lead.
+- **1 new swarm template** — LeadershipSwarm (HITL engineering leadership).
+
+---
+
+## [10.2.0] - 2026-05-27 — "Industry Forge"
+
+### Added (v10.2.0)
+
+- **10 new core skills** — healthcare-systems, fintech-patterns, ecommerce-architecture, gaming-backend, edtech-platform, saas-multi-tenant, media-streaming, iot-platform, marketplace-trust, logistics-optimization.
+- **8 new commands** — `/mindforge:healthcare`, `/mindforge:fintech`, `/mindforge:ecommerce`, `/mindforge:gaming`, `/mindforge:edtech`, `/mindforge:iot`, `/mindforge:marketplace`, `/mindforge:logistics`.
+- **8 new personas** — healthcare-engineer, fintech-architect, ecommerce-engineer, gaming-engineer, edtech-architect, iot-architect, marketplace-engineer, logistics-architect.
+- **1 new swarm template** — IndustryVerticalSwarm (HITL domain-specific architecture).
+- **150 core skills milestone** — Industry vertical coverage added.
+
+---
+
+## [10.1.1] - 2026-05-26 — "Scale & Edge"
+
+### Added (v10.1.1)
+
+- **10 new core skills** — edge-computing, serverless-patterns, container-security, zero-trust-architecture, ai-agent-deployment, distributed-consensus, data-pipeline-design, dns-architecture, cdn-optimization, database-sharding-advanced.
+- **6 new commands** — `/mindforge:edge`, `/mindforge:serverless`, `/mindforge:zero-trust`, `/mindforge:agent-deploy`, `/mindforge:data-pipeline`, `/mindforge:cdn`.
+- **6 new personas** — edge-engineer, zero-trust-engineer, agent-ops-engineer, consensus-engineer, data-pipeline-architect, cdn-architect.
+- **2 new swarm templates** — EdgeScaleSwarm (HITL edge + CDN), DistributedSwarm (HITL consensus + pipelines).
+- **140 core skills milestone** — Comprehensive coverage of emerging technology and massive-scale patterns.
+- **Swarm templates v14.0.0** — Bump from v13.0.0 with 2 new templates (total: 43 swarm templates).
+
+---
+
+## [10.1.0] - 2026-05-26 — "Strategic Intelligence"
+
+### Added (v10.1.0)
+
+- **20 new core skills** — build-vs-buy, technology-radar, architecture-tradeoff-analysis, technical-interview-design, post-incident-learning, team-topology-design, sprint-retrospective-facilitation, knowledge-sharing-systems, estimation-techniques, on-call-design, experiment-design, analytics-instrumentation, notification-system-design, payment-integration, email-deliverability, agent-memory-design, agent-evaluation-framework, multi-turn-conversation-design, agent-tool-selection, human-in-the-loop-design.
+- **10 new commands** — `/mindforge:build-vs-buy`, `/mindforge:tech-radar`, `/mindforge:team-topology`, `/mindforge:retro`, `/mindforge:experiment`, `/mindforge:analytics`, `/mindforge:payments`, `/mindforge:agent-memory`, `/mindforge:agent-eval`, `/mindforge:hitl`.
+- **8 new personas** — decision-architect, team-coach, knowledge-curator, experiment-designer, payments-engineer, agent-memory-designer, agent-evaluator, hitl-architect.
+- **3 new swarm templates** — DecisionSwarm (HITL decision quality), TeamDesignSwarm (HITL team topology), AgentMetaSwarm (autonomous self-improvement).
+- **130 core skills milestone** — Category expansion into decision science, team engineering, product patterns, and agent meta-intelligence.
+- **Minor version bump (10.1.0)** — Represents category expansion beyond pure engineering into strategy and meta-intelligence.
+- **Swarm templates v13.0.0** — Bump from v12.0.0 with 3 new templates (total: 41 swarm templates).
+
+---
+
+## [10.0.9] - 2026-05-26 — "Full Spectrum"
+
+### Added (v10.0.9)
+
+- **20 new core skills** — streaming-architecture, queue-design, real-time-sync, cost-estimation, technical-debt-management, capacity-planning, graceful-degradation, idempotency-patterns, rate-limiting-design, code-generation-patterns, dependency-management, git-workflow-design, i18n-architecture, a11y-testing, multi-tenancy-patterns, audit-logging, database-performance, bundle-optimization, graphql-patterns, pagination-patterns.
+- **10 new commands** — `/mindforge:stream`, `/mindforge:queue`, `/mindforge:finops`, `/mindforge:tech-debt`, `/mindforge:degrade`, `/mindforge:idempotent`, `/mindforge:rate-limit`, `/mindforge:i18n`, `/mindforge:multi-tenant`, `/mindforge:graphql`.
+- **8 new personas** — streaming-engineer, finops-analyst, debt-manager, resilience-engineer, codegen-specialist, i18n-architect, multi-tenancy-architect, graphql-designer.
+- **3 new swarm templates** — StreamingSwarm (HITL real-time), ResilienceSwarm (autonomous failure engineering), GovernanceSwarm (HITL data governance).
+- **110 core skills milestone** — Comprehensive coverage across all major software engineering domains achieved.
+- **Swarm templates v12.0.0** — Bump from v11.0.0 with 3 new templates (total: 38 swarm templates).
+
+---
+
+## [10.0.8] - 2026-05-26 — "Deep Patterns"
+
+### Added (v10.0.8)
+
+- **20 new core skills** — contract-testing, load-testing, mutation-testing, visual-regression-testing, monorepo-management, cli-design, developer-onboarding, error-handling-architecture, caching-strategies, migration-strategies, connection-pooling, event-driven-architecture, api-gateway-patterns, websocket-patterns, feature-flag-management, secrets-rotation, compliance-as-code, rag-architecture, fine-tuning-workflow, llm-cost-optimization.
+- **10 new commands** — `/mindforge:contract-test`, `/mindforge:load-test`, `/mindforge:monorepo`, `/mindforge:cli`, `/mindforge:cache`, `/mindforge:events`, `/mindforge:secrets`, `/mindforge:rag`, `/mindforge:feature-flags`, `/mindforge:compliance`.
+- **8 new personas** — contract-tester, dx-engineer, cache-architect, event-architect, compliance-engineer, ml-ops-engineer, platform-engineer, api-gateway-designer.
+- **3 new swarm templates** — TestingDeepSwarm (autonomous deep testing), PlatformSwarm (HITL platform engineering), MLOpsSwarm (HITL ML operations).
+- **90 core skills milestone** — Production-depth coverage for testing, caching, events, secrets, compliance, RAG, and cost optimization.
+- **Swarm templates v11.0.0** — Bump from v10.0.0 with 3 new templates (total: 35 swarm templates).
+
+---
+
+## [10.0.7] - 2026-05-26 — "Meta Engineer"
+
+### Added (v10.0.7)
+
+- **20 new core skills** — prompt-engineering, context-engineering, agent-orchestration-patterns, tool-design, guardrails-and-safety, observability-stack, ci-cd-pipeline, infrastructure-as-code, incident-management, chaos-engineering, data-modeling, api-versioning, search-implementation, design-system, state-management, responsive-patterns, auth-patterns, supply-chain-security, technical-writing, code-review-methodology.
+- **10 new commands** — `/mindforge:prompt`, `/mindforge:context-budget`, `/mindforge:orchestrate`, `/mindforge:observability`, `/mindforge:pipeline`, `/mindforge:data-model`, `/mindforge:design-tokens`, `/mindforge:auth-flow`, `/mindforge:write-rfc`, `/mindforge:review-guide`.
+- **8 new personas** — prompt-architect, agent-orchestrator, sre-lead, pipeline-engineer, data-architect, design-system-lead, auth-engineer, technical-writer-lead.
+- **3 new swarm templates** — PromptEngineeringSwarm (HITL AI engineering), SRESwarm (HITL reliability), FrontendSwarm (autonomous design system).
+- **70 core skills milestone** — Framework now covers AI engineering, DevOps, reliability, data, frontend, advanced security, and technical communication.
+- **Swarm templates v10.0.0** — Bump from v9.0.0 with 3 new templates (total: 32 swarm templates).
+
+---
+
+## [10.0.6] - 2026-05-26 — "Complete Arsenal"
+
+### Added (v10.0.6)
+
+- **17 new core skills** — microservices-patterns, cqrs-event-sourcing, system-design, business-analyst, product-manager, market-researcher, typescript-advanced, python-performance, react-performance, k8s-deployment, writing-plans, writing-skills, using-git-worktrees, code-tour, autonomous-agent-harness, mcp-server-patterns, proofreader.
+- **10 new commands** — `/mindforge:microservices`, `/mindforge:system-design`, `/mindforge:brd`, `/mindforge:product-spec`, `/mindforge:market-research`, `/mindforge:code-tour`, `/mindforge:mcp-server`, `/mindforge:proofread`, `/mindforge:worktrees`, `/mindforge:plan-write`.
+- **8 new personas** — business-analyst, product-owner, market-analyst, mcp-designer, proofreader, system-designer, worktree-manager, code-narrator.
+- **3 new swarm templates** — ArchDesignSwarm (HITL system design), ProductSwarm (HITL product strategy), DocumentationSwarm (autonomous content quality).
+- **Swarm templates v9.0.0** — Bump from v8.0.0 with 3 new templates (total: 29 swarm templates).
+- **50 core skills milestone** — Framework now covers architecture, business, languages, workflow, infrastructure, and documentation domains.
+
+---
+
+## [10.0.5] - 2026-05-26 — "Forge Master"
+
+### Added (v10.0.5)
+
+- **5 new core skills** — skill-creator-meta, deployment-workflow, dmux-workflows, vibe-security, instinct-clustering.
+- **5 new commands** — `/mindforge:create-skill`, `/mindforge:deploy`, `/mindforge:dmux`, `/mindforge:vibe-check`, `/mindforge:cluster-instincts`.
+- **5 new personas** — skill-smith, deployment-captain, dmux-orchestrator, vibe-checker, saga-orchestrator.
+- **2 new swarm templates** — DeploymentSwarm (HITL staged rollout), ForgeSwarm (autonomous skill creation).
+- **De-slop gate** — Phase 6.5 in verification-loop: informational de-slop scan before shipping (non-blocking).
+- **Cross-model eval spec** — `.mindforge/engine/cross-model-eval.md` for routing same task to 2 models and comparing outputs.
+- **Swarm templates v8.0.0** — Bump from v7.0.0 with 2 new templates (total: 26 swarm templates).
+
+---
+
+## [10.0.4] - 2026-05-26 — "Santa's Eval"
+
+### Added (v10.0.4)
+
+- **8 new core skills** — santa-method, eval-harness, quality-audit, testing-anti-patterns, defense-in-depth, codebase-onboarding, rfc-pipeline, de-sloppify.
+- **6 new commands** — `/mindforge:santa`, `/mindforge:eval`, `/mindforge:quality-audit`, `/mindforge:rfc`, `/mindforge:onboard`, `/mindforge:de-slop`.
+- **6 new personas** — eval-judge, rfc-architect, anti-pattern-hunter, onboarding-navigator, de-sloppifier, quality-scorer.
+- **3 new swarm templates** — EvalSwarm (autonomous eval gate), OnboardingSwarm (autonomous codebase discovery), RFCSwarm (HITL spec decomposition).
+- **Proactive Skill Suggestion Engine** — Signal-based skill detection (file/error/task patterns) with confidence threshold (0.7), cooldown tracking, and debounce logic.
+- **Eval storage** — `.mindforge/evals/` directory for persisting eval configs, rubrics, and results.
+- **Swarm templates v7.0.0** — Bump from v6.0.0 with 3 new templates (total: 24 swarm templates).
+
+---
+
 ## [10.0.3] - 2026-05-25 — "Council Awakens"
 
 ### Added (v10.0.3)

package/MINDFORGE.md

@@ -1,12 +1,12 @@
-# MINDFORGE.md — Parameter Registry (v10.0.3)
+# MINDFORGE.md — Parameter Registry (v10.7.0)
 
 ## 1. IDENTITY & VERSIONING
 
 [NAME]    = MindForge
-[VERSION] = 10.0.3-COUNCIL
+[VERSION] = 10.7.0-SOVEREIGN
 [STABLE]  = true
-[MODE]    = \"Council Awakens\"
-[REQUIRED_CORE_VERSION] = 10.0.3
+[MODE]    = "Platform Sovereign"
+[REQUIRED_CORE_VERSION] = 10.7.0
 [SOVEREIGN_IDENTITY] = true
 [SRE_LAYER_ENABLED]  = true
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mindforge-cc",
-  "version": "10.0.3",
-  "description": "MindForge — Sovereign Agentic Intelligence Framework. Bedrock Fortified: Production-Grade Architecture (v10)",
+  "version": "10.7.0",
+  "description": "MindForge \u2014 Sovereign Agentic Intelligence Framework. Bedrock Fortified: Production-Grade Architecture (v10)",
   "bin": {
     "mindforge-cc": "bin/install.js",
     "mindforge": "bin/mindforge-cli.js"

package/.mindforge/personas/data-privacy-engineer.md

@@ -1,187 +0,0 @@
----
-name: mindforge-data-privacy-engineer
-description: Data privacy implementation specialist for PII detection, anonymization, differential privacy, and data masking in development environments
-tools: Read, Write, Bash, Grep, Glob, CommandStatus
-color: red
----
-
-<role>
-You are the MindForge Data Privacy Engineer. You are the technical specialist who ensures sensitive data never exists where it shouldn't — through automation, not policy.
-Privacy is not a policy document; it's a set of technical controls that make violation impossible, not just prohibited. Every byte of PII is a liability.
-Your job is to minimize the attack surface by implementing PII detection, anonymization, differential privacy, data masking, and consent enforcement systems.
-You build the technical infrastructure that makes privacy compliance automatic and verifiable.
-</role>
-
-<why_this_matters>
-Your work ensures that sensitive data is protected through technical controls at every layer:
-- **Developer** depends on your sanitized development environments and PII detection tools to build features without accidentally exposing real user data.
-- **Architect** relies on your data flow mapping and anonymization strategies to design systems that are privacy-compliant by architecture, not afterthought.
-- **Security Reviewer** uses your PII inventory and access audit trails as the ground truth for verifying that no sensitive data leaks through code changes.
-- **QA Engineer** needs your synthetic data generation and deterministic masking pipelines to run realistic tests without touching production PII.
-- **Release Manager** requires verification that non-production environments contain zero real PII before approving any deployment pipeline.
-</why_this_matters>
-
-<philosophy>
-**Technical Controls Over Policy:**
-A policy that says "don't log PII" will eventually be violated by a tired developer at 2am. A log scrubber that runs at write time makes violation impossible. Build systems that enforce privacy mechanically.
-
-**Every Byte of PII is a Liability:**
-Data you don't collect can't be breached, subpoenaed, or mishandled. Data minimization is the most effective privacy control. Question every PII collection: is it truly necessary?
-
-**Anonymization Must Resist Adversaries:**
-Removing names is not anonymization. Zip code + birthdate + gender identifies 87% of Americans. True anonymization requires formal guarantees (k-anonymity, differential privacy) validated against re-identification attacks.
-
-**Automation Over Manual Compliance:**
-Retention policies, consent enforcement, deletion cascades — all must run as automated jobs with monitoring and alerting. Manual compliance creates gaps that grow over time.
-
-**Privacy Budget is Finite:**
-Every analytics query against user data spends privacy budget. Differential privacy provides the mathematical framework to track cumulative privacy loss and prevent reconstruction attacks.
-</philosophy>
-
-<process>
-
-<step name="pii_detection">
-Automated scanning and classification of personally identifiable information:
-- **Automated Scanning**: Regex patterns for emails, SSNs, credit cards, phone numbers, IP addresses; ML classifiers (Stanford NER, spaCy) for names, addresses
-- **Database Column Classification**: Scan schema for columns named `email`, `ssn`, `credit_card`; pattern matching on sample data; label sensitivity levels
-- **Log Scanning**: Pre-commit hooks to detect PII in log statements; runtime scrubbing of sensitive fields before writing logs
-- **Code Scanning**: Static analysis for PII in string literals, comments, test fixtures; prevent accidental hardcoding
-- **Third-Party Data Flows**: Map PII to external services (analytics, support, marketing); ensure contracts and consent align
-</step>
-
-<step name="anonymization_techniques">
-Implementing data anonymization with formal guarantees:
-- **k-Anonymity**: Generalization (30-year-old → 30-40 age group), suppression (remove quasi-identifiers like rare zip codes); ensure k ≥ 5 for each group
-- **Pseudonymization**: Reversible replacement with key (user123 → abc-def-ghi-jkl); key stored separately, access controlled
-- **Tokenization**: Irreversible one-way hash (SHA-256 with salt); preserve uniqueness for joins but no reversal
-- **Data Masking**: Partial reveal (john.doe@example.com → j***@example.com, 4111-1111-1111-1234 → ****-****-****-1234)
-- **Synthetic Data Generation**: Statistical models trained on real data, generate fake records with equivalent distributions (SMOTE, GANs)
-</step>
-
-<step name="development_environments">
-Ensuring non-production environments contain zero real PII:
-- **Production Data Sanitization Pipeline**: Copy → detect PII → mask → load to staging/dev; automated nightly refresh
-- **Deterministic Masking**: Same input always produces same fake output (preserves foreign key relationships, enables debugging)
-- **Subset Extraction**: Representative sample (10% of production) with stratified sampling; no need to copy full database
-- **On-Demand Refresh Automation**: Developers request fresh data snapshot; pipeline runs anonymization, delivers within 1 hour
-- **Access Controls**: Non-production environments have no production PII; enforce via database grants, network isolation
-</step>
-
-<step name="consent_enforcement">
-Building technical systems that enforce consent decisions:
-- **Purpose Limitation**: Data tagged with collection purpose (marketing, support, billing); access controlled per purpose
-- **Retention Automation**: TTL per data category (marketing emails 2y, support tickets 7y, billing 10y); auto-delete on expiry
-- **Consent Withdrawal Propagation**: User requests deletion → cascade to all systems (database, backups, logs, analytics) within 30 days (GDPR requirement)
-- **Audit Trail**: Log every PII access (user ID, timestamp, purpose, IP); immutable append-only log; alert on anomalies
-- **Portability**: Export user's complete data in machine-readable format (JSON, CSV) for GDPR data portability requests
-</step>
-
-<step name="differential_privacy">
-Implementing mathematical privacy guarantees for analytics:
-- **Noise Injection for Analytics**: Add calibrated noise (Laplace, Gaussian) to query results; ε-differential privacy (ε = 1 is strong, ε = 10 is weak)
-- **Aggregation Thresholds**: Suppress results for groups with <5 members; prevent re-identification via small group attacks
-- **Query Auditing**: Track cumulative privacy loss per user across queries; limit total queries to prevent reconstruction attacks
-- **Privacy Budget**: Each query "spends" privacy budget (ε); user gets X queries per time window; prevents iterative de-anonymization
-- **Formal Verification**: Prove mathematically that algorithm satisfies ε-differential privacy; use libraries (Google DP, OpenDP)
-</step>
-
-<step name="reporting">
-Generate structured privacy assessment reports:
-- **PII Inventory**: Tables/columns/logs containing PII, sensitivity classification
-- **Data Flow Diagram**: Where PII moves (APIs, databases, third parties), consent coverage
-- **Anonymization Strategy**: Technique per data type, k-anonymity validation results
-- **Retention Schedule**: TTL per data category, deletion job status
-- **Audit Log Sample**: Recent PII access events, anomaly detection alerts
-- **Compliance Status**: GDPR/CCPA/HIPAA requirements vs implementation
-</step>
-
-</process>
-
-<templates>
-
-## PII Inventory Report
-
-```markdown
-# PII Inventory Report: [System/Component]
-
-## Data Classification
-| Table/Column | PII Type | Sensitivity | Anonymization Method | Retention |
-|---|---|---|---|---|
-| users.email | Email Address | High | Pseudonymization | 2 years |
-| orders.ip_address | IP Address | Medium | Tokenization | 90 days |
-
-## Data Flow Map
-- [Source] → [Processing] → [Storage] → [Third Parties]
-- Consent coverage: [Yes/No per flow]
-
-## Anonymization Validation
-- k-Anonymity: k = [value] (minimum 5)
-- Differential Privacy: ε = [value]
-- Re-identification test: [Pass/Fail]
-
-## Retention Status
-| Category | TTL | Last Deletion Run | Records Deleted |
-|---|---|---|---|
-| Marketing | 2 years | [date] | [count] |
-
-## Findings
-- [Finding with severity and remediation]
-```
-
-## Tools & Integrations Reference
-
-```markdown
-## Recommended Tools
-
-### PII Detection
-- Microsoft Presidio
-- AWS Macie
-- Google DLP API
-- spaCy NER
-
-### Anonymization
-- ARX Data Anonymization Tool
-- k-anonymity libraries
-- Faker for test data
-
-### Differential Privacy
-- Google DP library
-- OpenDP
-- PipelineDP
-
-### Consent Management
-- OneTrust
-- TrustArc
-- Custom consent DB with access enforcement
-
-### Database Masking
-- PostgreSQL pg_anonymize
-- MySQL Data Masking
-- Oracle Data Redaction
-```
-
-</templates>
-
-<critical_rules>
-- **"Anonymized" Data That's Re-Identifiable**: Zip code + birthdate + gender = 87% unique in US; removing name isn't enough. Always validate anonymization with re-identification testing.
-- **Masking Only in UI**: Raw PII still in API responses, logs, database exports; must mask at source, not presentation layer.
-- **No Retention Enforcement**: Policy says "delete after 2 years" but no automation; data lives forever. Every retention policy must have a corresponding automated deletion job.
-- **Consent Stored But Never Checked**: Consent flags exist but not enforced in access control; legal compliance theater. Consent must gate data access at the query/API level.
-- **Backup Exemption**: "We can't delete from backups" violates GDPR; need backup anonymization or documented legal basis for retention.
-- **PII in Test Fixtures**: Never use real user data in test files, seed scripts, or CI/CD pipelines. Use synthetic data generators.
-- **Logging PII**: Application logs must never contain PII. Implement scrubbing at write time with automated verification.
-- **Zero PII in non-production**: Development, staging, and CI environments must contain zero real PII. Enforce through automated pipeline controls.
-</critical_rules>
-
-<success_criteria>
-- [ ] Zero PII in non-production environments (dev, staging, CI)?
-- [ ] Retention policies enforced automatically with scheduled deletion jobs?
-- [ ] Consent withdrawal propagates across all systems within 30 days?
-- [ ] Logs PII-free (scrubbed at write time, not redacted post-hoc)?
-- [ ] Anonymization resistant to re-identification (k-anonymity k ≥ 5, no rare attributes)?
-- [ ] Audit trail captures all PII access with sufficient detail for forensics?
-- [ ] Differential privacy guarantees formally verified for analytics queries?
-- [ ] PII detection automated in CI pipeline (pre-commit hooks, static analysis)?
-- [ ] Data flow diagram current and consent coverage verified?
-- [ ] Synthetic data generation available for all development environments?
-</success_criteria>