rtexit-method 0.1.0 → 0.1.2

package/packaged-assets/.agents/skills/rt-create-sead/SKILL.md

@@ -0,0 +1,74 @@
+---
+name: rt-create-sead
+description: "Create SEAD — Statement of Engagement Authorization Document. Use at the start of every engagement to document legal authorization, scope, targets, exclusions, rules of engagement, and emergency contacts. Required before any testing begins."
+---
+
+# rt-create-sead
+
+# SEAD Creation Workflow
+
+## Step 1 — Collect Engagement Details
+Ask the operator for:
+- Engagement reference number (format: CLIENT-RT-TYPE-YEAR-NNN)
+- Client organization name and point of contact
+- Authorized tester(s) name and organization
+- Engagement type: blackbox / greybox / whitebox
+- Testing methodology selected
+
+## Step 2 — Define Scope
+Document:
+- **In-scope targets**: IPs, CIDR ranges, domains, URLs, apps
+- **Out-of-scope**: What must NOT be touched
+- **Scope type**: External / Internal / Full
+- **Testing window**: Start and end dates/times
+- **After-hours testing**: Allowed or not?
+
+## Step 3 — Rules of Engagement
+Document:
+- Destructive testing: Allowed / Not allowed
+- DoS simulation: Allowed with 24hr notice / Never
+- Social engineering: Phishing / Vishing / Physical
+- Data handling: What to do with discovered PII
+- Evidence retention: Period and destruction policy
+- Escalation triggers: When to stop immediately
+
+## Step 4 — Emergency Contacts
+| Role | Name | Phone | Email | Available |
+|------|------|-------|-------|-----------|
+| CISO / Security Contact | | | | 24/7 |
+| IT Emergency | | | | 24/7 |
+| Project Manager | | | | Business hours |
+| Legal Counsel | | | | On call |
+
+## Step 5 — Generate SEAD Document
+Create: `_rtexit-output/docs/engagement/SEAD.md`
+Use template: `{skill-root}/template.md`
+
+## Step 6 — Initialize Engagement
+Run:
+```bash
+python3 {project-root}/_rtexit/scripts/autodoc_engine.py init \
+  --ref ENGAGEMENT_REF \
+  --client CLIENT_NAME \
+  --methodology METHODOLOGY \
+  --scope SCOPE_TYPE
+```
+
+## SEAD Completeness Criteria
+
+A SEAD is not complete until it answers who authorized the work, which assets are in scope, which techniques are excluded, when testing may occur, what happens during instability, who receives urgent escalation, and what evidence may be collected.
+
+## Validation
+
+| Gate | Expected |
+|---|---|
+| SEAD file exists | Yes |
+| Client name and reference | Populated |
+| Dates | Current |
+| Scope | Non-empty |
+| Rules of Engagement | Defined |
+| Sign-off | Captured or explicitly pending |
+
+## Handoff
+
+After creating the SEAD, run `rt-scope-definition`, `rt-rules-of-engagement`, `rt-methodology-selector`, and initialize timeline through `rt-autodoc`.

package/packaged-assets/.agents/skills/rt-create-sead/template.md

@@ -0,0 +1,89 @@
+# Statement of Engagement Authorization Document (SEAD)
+
+---
+
+## Engagement Details
+
+| Field | Value |
+|-------|-------|
+| **Reference** | [ENGAGEMENT_REF] |
+| **Client** | [CLIENT_NAME] |
+| **Tester** | [OPERATOR_NAME] |
+| **Organization** | [TESTER_ORG] |
+| **Engagement Type** | [blackbox / greybox / whitebox] |
+| **Methodology** | [PTES / NIST / OWASP / TIBER / CBEST] |
+| **Start Date** | [YYYY-MM-DD] |
+| **End Date** | [YYYY-MM-DD] |
+| **Testing Window** | [Start time — End time, timezone] |
+
+---
+
+## Authorization Statement
+
+This document authorizes [OPERATOR_NAME] from [TESTER_ORG] to conduct security testing activities as described in this document against the systems owned by [CLIENT_NAME]. This authorization is valid from [START_DATE] to [END_DATE].
+
+**All testing activities are authorized and conducted with explicit permission.**
+
+---
+
+## In-Scope Targets
+
+| Target | Type | Priority | Notes |
+|--------|------|----------|-------|
+| [domain.com] | Web Application | P1 | Primary target |
+| [10.0.0.0/24] | Internal Network | P2 | Post-initial-access |
+| [app.domain.com] | Mobile Backend API | P1 | |
+
+---
+
+## Out-of-Scope
+
+The following MUST NOT be tested:
+- [List excluded targets]
+- Production databases (read-only access only)
+- Third-party payment processors
+
+---
+
+## Rules of Engagement
+
+| Activity | Permitted |
+|----------|-----------|
+| Automated vulnerability scanning | ✅ Yes |
+| Manual exploitation | ✅ Yes |
+| Password brute force | ✅ Yes (test accounts) |
+| DoS / DDoS simulation | ⚠️ With 24-hour notice |
+| Social engineering (phishing) | ✅ Yes |
+| Social engineering (vishing) | ✅ Yes |
+| Physical security testing | ✅ Yes |
+| Data exfiltration (PoC) | ✅ Minimum viable sample only |
+| Persistent C2 implants | ✅ Document and remove after |
+| Destructive actions | ❌ Never |
+
+---
+
+## Emergency Contacts
+
+| Role | Name | Phone | Email |
+|------|------|-------|-------|
+| CISO | | | |
+| VP Engineering | | | |
+| IT Emergency | | | |
+| Legal | | | |
+
+**Stop testing immediately if:** [List critical scenarios]
+
+---
+
+## Data Handling
+
+- All discovered credentials: Document reference only, do not store in plain text
+- PII discovered: Minimum viable sample, destroy after engagement
+- Evidence retention: [X] days after final report delivery
+- Report classification: STRICTLY CONFIDENTIAL — RESTRICTED DISTRIBUTION
+
+---
+
+**Authorized by:** ___________________  
+**Title:** ___________________  
+**Date:** ___________________

package/packaged-assets/.agents/skills/rt-create-sead/workflow.md

@@ -0,0 +1,68 @@
+# Workflow - rt-create-sead
+
+## Purpose
+
+This workflow standardizes how $skill is executed inside RTExit. It is designed for authorized engagements, evidence-first documentation, and consistent handoff into reporting.
+
+## Authorization Gate
+
+Before execution, confirm:
+
+- SEAD exists and explicitly covers the target asset or activity.
+- Rules of Engagement define allowed techniques, rate limits, and stop conditions.
+- The operator knows the evidence handling rules.
+- Any active or sensitive validation has client approval.
+
+If any item is unclear, pause and invoke 
+
+## Required Inputs
+
+| Input | Source | Notes |
+|---|---|---|
+| Engagement reference | _rtexit/config.toml or SEAD | Used in output names. |
+| Target asset(s) | Scope document | Must be explicitly approved. |
+| Operator name | Config/user context | Used in timeline entries. |
+| Evidence directory | _rtexit-output/docs/evidence/ | Store logs, screenshots, and artifacts. |
+| Finding tracker | _rtexit-output/docs/findings/ | Create/update findings when confirmed. |
+
+## Execution Steps
+
+1. Load current engagement configuration.
+2. Read scope, exclusions, and current findings.
+3. Build a small test plan for this skill with target, expected control, and evidence type.
+4. Run the lowest-risk validation first.
+5. Capture baseline behavior before proof behavior.
+6. Record exact timestamp, account/role used, and affected asset.
+7. Stop when evidence is sufficient; avoid unnecessary data access.
+8. Create or update findings through the RTExit finding tracker.
+9. Map remediation owner and recommended timeline.
+10. Add a timeline entry and evidence chain entry.
+
+## Evidence Requirements
+
+| Evidence | Required? | Notes |
+|---|---|---|
+| Command or action summary | Yes | Redact secrets and tokens. |
+| Screenshot or transcript | If useful | Store under evidence folder. |
+| Request/response pair | For web/API | Redact cookies and bearer tokens. |
+| Config excerpt | For cloud/infra | Include only relevant lines. |
+| Business impact note | Yes | Explain why it matters. |
+
+## Autodoc Commands
+
+`ash
+python _rtexit/scripts/autodoc_engine.py log --skill rt-create-sead --phase auto --cmd "workflow execution" --output "summary"
+python _rtexit/scripts/finding_tracker.py list
+`
+
+## Completion Criteria
+
+- Scope and authorization are referenced.
+- Evidence is stored and redacted.
+- Findings are added or explicitly marked as not found.
+- Remediation guidance is actionable.
+- Timeline and chain of custody are updated where applicable.
+
+## Handoff
+
+Send confirmed findings to