diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json index b28039a..19c6674 100644 --- a/.claude-plugin/plugin.json +++ b/.claude-plugin/plugin.json @@ -1,11 +1,11 @@ { "name": "ms-ai-architect", - "version": "1.15.0", + "version": "1.17.0", "description": "Microsoft AI Solution Architect - structured architecture guidance for the full Microsoft AI stack", "author": { "name": "Kjell Tore Guttormsen" }, "license": "MIT", - "repository": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace", + "repository": "https://git.fromaitochitta.com/open/ms-ai-architect", "keywords": ["microsoft", "azure", "ai-architect", "governance", "security", "norwegian-public-sector", "eu-ai-act"] } diff --git a/.gitignore b/.gitignore index b66d25a..432fbd9 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,42 @@ node_modules/ # Runtime state .work/ org/ -scripts/kb-update/data/ +# Generated KB-update artifacts (registry, reports) are ignored, but the +# hand-authored taxonomy (lag 0), the decision ledger (lag 2) and the curated +# AI Act deadline source (RX-REG, sync-tested consumer contract) are tracked. +scripts/kb-update/data/* +!scripts/kb-update/data/domain-taxonomy.json +!scripts/kb-update/data/decisions.json +!scripts/kb-update/data/ai-act-deadlines.json +# Generated skill-lifecycle detection report (Spor B / B1) — regenerated on demand, +# like the kb-update reports above. The detector script + curated inputs are tracked. +scripts/kb-eval/data/skill-lifecycle-report.json +# Generated skill-quality score cache (Spor D / STEG B) — derived from the corpus, +# regenerated by `score-skill.mjs --write` and the apply-skill-op gate. Consumed by +# the STEG C SessionStart surfacing; not committed (avoids churn in the public repo). +scripts/kb-eval/data/skill-score-report.json +# Generated judge bake-off fan-out payloads (45 per-file prompts, ~760KB) — derived +# deterministically from judge-bakeoff-claims.json + the judge prompt by +# build-judge-payloads.mjs; regenerated on demand, not committed (bulk + churn). +scripts/kb-eval/data/judge-bakeoff-payloads-*.json .kb-backup/ +# atomic-write temp files (atomicWriteSync writes `.tmp..` then renames); +# a crash mid-write could leave one behind — never let it reach the public mirror. +*.tmp.* .rollback-in-progress + +# --- session/local state — LOCAL-ONLY (gitignored) --- +# STATE.md is internal state-of-play and must NEVER reach a public mirror. This +# repo's Forgejo remote (open/) is published open source, so STATE.md is local- +# only per the global continuity rule (same as linkedin-studio). The hook injects +# it from disk regardless of tracking, so continuity is unaffected. +STATE.md +REMEMBER.md +ROADMAP.md +TODO.md +NEXT-SESSION-PROMPT*.local.md +*.local.md +*.local.json +*.local.sh +.DS_Store +.claude/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a7a19d..fa126dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,132 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Changed + +- **OKF second-brain (sporet for brukerens egen kontekst-wiki — IKKE de 389 skill-refs):** Ratifiserte den delte katalog-spec-en `catalog/docs/okf-second-brain/spec.md` v0.1 som eneste kilde for konvensjonen; lokal brief (`docs/okf-second-brain-brief-2026-06.md`) *refererer* den nå i stedet for å restate. Premiss-korreksjoner registrert (spec §9): `mdcode`/`kcmd` er ikke et OKF-verktøy (droppet fra adopsjonsplanen); ingen gjenbrukbar OKF-ingest-kode finnes (`reference_agent` er GCP/Gemini-bundet → adopter prompt-mønstre, ikke kode); kanonisk anbefalt feltnavn er `resource` (ikke `source`). Full OKF-pakke-ambisjon består — minimal kontrakt (spec §3) er gulvet, rike felt rir over som extension keys (spec §5). Kun docs/plan-justering; bygging er separat go. + +## [1.17.0] - 2026-07-04 + +Spor 1 — Port-1-substrat migrert på korpuset (de 4 ikke-advisor-skills) via den deterministiske `migrate-corpus.mjs`-applieren. Reference-kontrakten (`**Type:**` / `**Source:**` / TOC) er nå påført på tvers av korpuset, og stale `**Verified:** MCP`-poison er fjernet. Ingen kommando-, agent- eller persona-endringer; prosa-kropper byte-identisk; advisor-skillen urørt. + +### Changed + +- **Reference-headere (327 filer):** `**Type:**` stemplet på alle 327 (reference/methodology/regulatory/template); `**Source:**` (Microsoft Learn-autoritet, satt per fil i manifestet) backfilt på 243 sourced reference-filer; `## Innhold` TOC innsatt på 325 store filer (≥100 linjer). `verified` forblir null — settes først i en senere corpus-judge-pass. +- **Full-pass-worklist aktivert:** 243 due, 0 fresh. CT5 (referanse-kontrakt) available på alle 4 skills; N4 (TOC) 0 → 1.000/pass. Skill-scorer steg (95→98–100); den forhåndsdeklarerte «transient sub-90 dip» inntraff ikke (registrert i utfallsdoc). + +### Fixed + +- **Stale-verified poison:** `**Verified:** MCP ` fjernet — 14 header-forekomster + 9 stray body-duplikater innenfor 500-byte-scan-vinduet (mlops-genaiops). Disse ble ellers falskt lest som «verified» og droppet fra worklisten. Kun stray metadata-linjer fjernet, aldri prosa. +- **`insertHeaderFields` anker-overshoot:** når en meta-linje selv passerer 500 B (2 filer med et avsnitt pakket i `**Status:**`), faller ankeret nå tilbake til siste meta-linje innenfor scan-vinduet, så Type/Source forblir parsbare. TDD. +- **`normalizeStaleVerified`:** fjerner nå alle stale non-date `**Verified:**` i 500B-vinduet uansett `---`-posisjon (operatør-godkjent utvidelse av carve-out). TDD. + +Suite 728/728 grønn. Detaljert utfall + policy-delta + base-felt-restanse: `docs/spor1-migration-outcome.md`. + +## [1.16.5] - 2026-06-24 + +KB-refresh-patch. LOW-tier (52 reference docs) verifisert mot Microsoft Learn (post-1.16.4 baseline). Ingen kommando-, agent- eller skill-endringer — kun reference docs. ~33 filer var TRYGT (innhold gjeldende, kun header-bump); resten hadde reell drift, URL- eller syntaksfiks. Hver `VERIFY`-påstand re-bekreftet av main-agent mot sitert Microsoft Learn-kilde FØR skriving; `git diff` + plugin-validering (239/0). Needing-update 52 → 0 (alle tiers nå 0). + +### Changed + +- **Agent Framework (materiell fiks):** `agent-framework` fullstendig omskrevet — tidligere utgave bygde på et oppdiktet API (`azure.ai.agent`, `FoundryClient`/`FoundryTools`, `Swarm`/`Handoff`, `Memory`, `@checkpoint`, `enable_tracing`). Korrigert til det ekte SDK-et `agent-framework` (Python) / `Microsoft.Agents.AI` (.NET): `Agent(client=...)`, `@tool`, `AgentSession`, graf-baserte `WorkflowBuilder`/`SequentialBuilder`, OpenTelemetry-observability, og den faktiske Foundry-verktøykatalogen. Etterfølger til **BÅDE** Semantic Kernel **og** AutoGen; `.as_agent_framework_tool`-bro (krever `semantic-kernel` ≥ 1.38). `migration-patterns` §6 tilsvarende korrigert (Agent Framework = eget SDK, ikke et SK-namespace). +- **Regulatorisk (norsk AI Act):** `public-sector-checklist` + `ai-utredning-template` — norsk ikrafttredelse mykgjort fra «aug 2026 samtidig med EU» til «forsinket pga. EØS-tilpasning, ventet 2026»; Foundry URL-slug `ai-studio` → `foundry`. +- **Copilot/lisens:** Copilot Studio «billed sessions» → **Copilot Credits** (felles valuta fra 1. sep 2025) i `migration-patterns` og `licensing-matrix`. +- **Data engineering (Fabric/Databricks):** `zero-etl-fabric-patterns` Oracle/SAP mirroring Preview→GA; `onelake-data-strategy` OneLake Security + Shortcut Transformations GA; `lakehouse-architecture-design` liquid clustering GA; `data-quality-ai-frameworks` MLV `ON MISMATCH`-syntaks + DLT→Lakeflow SDP-rebrand. +- **API Management (GenAI gateway):** `genai-gateway-policies` / `logging-analytics-ai-traffic` / `security-hardening-ai-gateway` — token-quota-period, KQL `ModelDeploymentName` → `DeploymentName`, `llm-token-limit` ikke støttet på Consumption, semantic-cache / Developer Portal v2-tier-matriser korrigert, llm-content-safety policy-syntaks. +- **BCDR:** `state-management-failover` Azure Cache for Redis retirement → Azure Managed Redis; `multi-region-azure-openai-deployment` + `rto-rpo-planning-ai-services` BCDR-ref-URLer fikset. +- **Cosmo-utfasing (start):** «For Cosmo»-seksjonene fjernet i `agent-framework` og `disconnected-ai-scenarios` (persona-pedagogikken er under avvikling — full fjerning på tvers av repoet er planlagt som eget initiativ). +- **Header-bump (TRYGT, ~33 filer):** data-engineering-, api-management-, bcdr- og advisor-klyngene (innhold verifisert gjeldende mot Microsoft Learn). + +## [1.16.4] - 2026-06-24 + +KB-refresh-patch. MEDIUM-tier (33 reference docs) verifisert mot Microsoft Learn (post-1.16.3 baseline). Ingen kommando-, agent- eller skill-endringer — kun reference docs. 18 filer var TRYGT (innhold gjeldende, kun header-bump); 15 filer hadde reell drift. Hver `VERIFY`-påstand fra de 7 parallelle drift-rapportene ble re-bekreftet av main-agent mot sitert Microsoft Learn-kilde FØR skriving; disclaimed/illustrative priser urørt; GPT-4.1-pricing-påstand forble uverifiserbar (kun community-kilder) og ble IKKE endret; alle endringer review-gated på `git diff` + plugin-validering (239/0). Medium-count 33 → 0 (needing-update 85 → 52). + +### Changed + +- **Prompt-caching:** `token-optimization` — retention-modell omskrevet: in-memory (5–10 min, ≤1t, default t.o.m. gpt-5.4) vs **extended retention 24t** (`prompt_cache_retention`, default for nyere modeller); in-memory støttes av «GPT-4o eller nyere». +- **Realtime:** `real-time-reasoning` — la til `gpt-realtime-1.5` (2026-02-23); Realtime API flyttet til **GA-endepunkt** `/openai/v1` (ikke lenger date-baserte api-version); preview→GA-statusnyanse. +- **Guardrails-rebranding:** `regulatory-and-compliance` + `azure-ai-foundry` — «content filters» → **Guardrails (and controls)**, default `Microsoft.DefaultV2`, fire intervensjonspunkter; data-privacy-kildetittel → «Models sold by Azure». +- **GPU/PTU:** `gpu-compute-sizing` — `ND96asr_v4` = 8×A100 **40GB = 320 GB** (var 640 GB); `load-testing` — PTU min deployment Global/Data Zone **15** (increment 5), 50 kun Regional. +- **Foundry-deprecations:** `azure-ai-foundry` — **Deep Research-tool** og **Connected agents (classic)** deprecated (retire 2027-03-31), **Prompt Flow**-retirement 2027-04-20, **A2A-tool nå i Java SDK**. +- **Agent-evaluering/-memory:** `agent-evaluation` — nye agent-evaluatorer (Task Completion/Customer Satisfaction/Tool Selection m.fl.) + `FoundryEvals` + `gpt-4.1-mini` judge; `agent-memory` — **procedural memory** (3. type), TTL/CRUD, **Norway East**-region bekreftet (VNet ikke støttet). +- **Øvrig faktafiks:** `multi-turn` RPM/TPM-forhold varierer per modell; `structured-output` usupporterte keywords utvidet + `gpt-4o-mini-audio-preview`; `temperature-sampling` Copilot Studio prompt builder-temp + fjernet uoffisielt M365-tall; `rag-hallucination` groundedness `mitigating`/`correctionText`; `model-versioning` MLflow stages legacy i UC; `speaker-recognition` **Limited Access**-status; `chain-of-thought` reasoning_effort per-modell-nyanse. +- **Header-bump (TRYGT, 18 filer):** domain-specific, few-shot, function-calling, grounding, role-playing, system-message-design, async-processing, batch-api-usage, concurrent-request, performance-benchmarking, response-chunking, throughput-optimization, token-per-second, late-chunking, rag-evaluation, self-reflective-rag, streaming-rag, feedback-loops. + +## [1.16.3] - 2026-06-24 + +KB-refresh-patch. HIGH-tier (11 reference docs) + 1 dateless kjernefil (`ms-ai-advisor/references/architecture/security.md`), flagget av endrings-detektoren mot Microsoft Learn-sitemaps (post-1.16.2 baseline), er verifisert og oppdatert. Ingen kommando-, agent- eller skill-endringer — kun reference docs. Hver `VERIFY`-påstand fra de parallelle drift-rapportene ble bekreftet mot sitert Microsoft Learn-kilde FØR skriving (main-agent som verifiseringsgate); disclaimed/illustrative priser urørt; alle endringer review-gated på `git diff` + plugin-validering (239/0). High-count 11 → 0, Unverified 1 → 0 (needing-update 97 → 85). + +### Changed + +- **Content Safety:** `bias-detection` image-modeller korrigert til **Medium** default-terskel (var feilaktig «Low»), verifisert mot `default-safety-policies`; `responsible-ai-policy` Foundry Agent Service monitoring merket **(Preview)**; `content-safety-implementation` tegnkode-typo (`申请` → `Apply for`). **Avkreftet ved verifisering:** Content Safety Analyze Text **10K-tegn**-grensen var korrekt (drift-rapportens «1000» var feillesing av Transparency Note-ens nøyaktighets-anbefaling — gaten fanget den). +- **Guardrails/agenter:** `agent-autonomy-and-control-governance` la til **Task Adherence (preview)** i risk-kategoriene (bekreftet i `guardrails-overview`). +- **Evaluering:** `response-quality-metrics-rag` la til **Prompt Flow retirement 2027-04-20** (migrer til Microsoft Agent Framework) + korrigerte `gpt-4.1-mini` (GPT-4.1-variant, ikke o-series reasoning model). +- **Opphavsrett:** `copyright-ai-training-data-norway` oppdatert til **«Models sold by Azure»**-terminologi (var «Azure Direct Models»), la til 5. data-privacy-garanti (ingen forbedring av Microsoft-/tredjepartsprodukter uten samtykke), klargjorde CCC-scope (Copilot Studio + GitHub Copilot = tjeneste-spesifikke mitigations) og oppdaterte metaprompt-referansen til `safety-system-message-templates`. +- **Sikkerhet (kjernefil):** `architecture/security.md` fikk maskinlesbar `Last updated`-header (var dateless → unverified), «Hate and Fairness»-navn, og CMK Key Vault-krav korrigert (Azure RBAC «Key Vault Crypto Service Encryption User» som primæralternativ, ikke «legacy access policies»). RBAC-rollenavn bekreftet uendret. +- **Header-bump (TRYGT, innhold verifisert gjeldende):** `owasp-llm-top10-azure-mitigations`, `defender-threat-protection-ai-services`, `output-validation-grounding-verification`, `stakeholder-communication-ai-decisions`, `model-performance-drift-detection`. + +## [1.16.2] - 2026-06-24 + +KB-refresh-patch. Critical cost-klyngen (8 reference docs i `cost-optimization/`), flagget av endrings-detektoren mot Microsoft Learn-sitemaps (post-1.16.1 baseline), er verifisert og oppdatert. Ingen kommando-, agent- eller skill-endringer — kun reference docs. Hver `VERIFY`-påstand fra de parallelle drift-rapportene ble bekreftet mot sitert Microsoft Learn-kilde FØR skriving (main-agent som verifiseringsgate); disclaimed/illustrative priser urørt; alle endringer review-gated på `git diff` + plugin-validering (239/0). Critical-count for klyngen 8 → 0. + +### Changed + +- **Deployment-katalog:** Spillover GA (var preview), ny **Priority processing**-kategori (4. deployment-type) og **Data Zone Batch** (SKU `DataZoneBatch`, EU/US-datasone) lagt inn på tvers av cost-filene; modell-lineup GPT-5 → GPT-5.1/5.5. +- **Prompt-caching:** extended cache retention 24t (`prompt_cache_retention`) reframet mot in-memory vs extended; cache-TTL-akse korrigert. +- **Fine-tuning:** RFT (Reinforcement Fine-Tuning) kostnadsmodell lagt til (tidsbasert + $5000 per-job-tak), utover SFT/DPO. +- **Batch:** «exponential backoff queuing» reframet til server-side **fail-fast** + klient-side backoff-retry (kodeeksempelet er klient-side). +- **On Your Data:** deprecation (pensjon 2026-10-14) flagget der relevant. +- **Kalibrerings-korreksjoner:** fjernet uverifiserbart parametertall (GPT-4o «175B+»); «GPT-4 utfaset» → «legacy» (GPT-4-familien superseded, ikke fjernet); avkreftet én drift-påstand ved verifisering (Phi-3/Phi-2/Falcon-7B fortsatt i Foundry-katalogen → ingen «retired»-merking lagt inn). +- **Filer:** `ptu-vs-paygo-economics`, `reserved-capacity-planning`, `cost-monitoring-cost-attribution`, `inference-endpoint-cost-optimization`, `prompt-engineering-cost-reduction`, `token-counting-optimization`, `request-batching-aggregation`, `small-language-models-economics`. + +## [1.16.1] - 2026-06-23 + +KB-refresh-patch. Tre akkumulerte kunnskapsbase-oppdateringer som speiler Microsofts produkt-navngiving og modellkatalog. Ingen kommando-, agent- eller skill-endringer — kun reference docs. Hvert premiss verifisert mot Microsoft Learn FØR sveip; alle endringer review-gated på `git diff` + plugin-validering + deterministisk re-score (skills uendret, alle ≥90 %). + +### Changed + +- **Modellkatalog GPT-5.1 → GPT-5.5** i 3 filer: 2 kostnadsfiler (`batch-processing-cost-reduction.md`, `model-selection-price-performance.md`) + plattformfila `azure-ai-foundry.md`. +- **Foundry-navnesveip «Azure AI Foundry» → «Microsoft Foundry»** på tvers av 233 reference docs (810 forekomster) — følger Microsofts rebranding av Foundry-produktnavnet. +- **RBAC-rolle-renavn «Azure AI User» → «Foundry User»** (`foundry-workflows-visual-orchestration.md`); den eldre rollenavn-mappingen i `azure-ai-foundry-cost-governance.md` ble bevart med kontekst. + +## [1.16.0] - 2026-06-22 + +Currency-, privat-sektor-paritets- og selvstendiggjørings-release. Adresserer devil's-advocate-audit (2026-06-18, 10 dimensjoner, 89 verifiserte funn) — `docs/devils-advocate-audit-2026-06-18.md`. Alle faktapåstander verifisert mot Microsoft Learn / EDPB / OWASP-primærkilder før skriving. + +### Added + +- **4 nye kommandoer (25 → 29):** + - `/architect:businesscase` — forretningscase med NNV (netto nåverdi) + DFØ-gevinstrealisering (#7c). + - `/architect:anskaffelse` — AI-anskaffelse: kravspesifikasjon, leverandørevaluering, terskelverdier (#7c). + - `/architect:design` — sektor-nøytralt Solution Architecture Document (SAD): kontekst, NFR, alternativer, valgt design, risiko, veikart (#7d). + - `/architect:vendor` — tredjeparts-/SaaS-leverandørvurdering (due diligence): dataresidens, sub-prosessorer, DPA, Schrems II, AI Act-deployer (#7d). +- **2 nye KB-filer (ms-ai-security, 60 → 62 refs):** `owasp-llm-top10-azure-mitigations.md` (LLM04/06/08/09) og `defender-threat-protection-ai-services.md` (AI threat protection — ikke i Azure Government). +- **Privat-sektor-paritet:** sektor-parametrisering i 6 kommandoer + onboarding-forgrening for privat/regulert sektor + parallell privat-bane i README/help/playground. +- **Spor C — selvstendiggjøring (planlagt deteksjon + onboarding-redesign):** + - **Planlagt deteksjon (C1, opt-in):** automatisk sjekk om Microsoft Learn-KB har endret seg. Tier 1 (SessionStart-hook kjører deteksjon når ≥ `interval_days` siden sist) + Tier 2 (lokal OS-scheduler launchd/cron, deteksjon-only). **Claude-fri** — poller sitemaps → rapport → discovery, oppdaterer ALDRI KB selv; operatør kjører `/architect:kb-update` manuelt. + - **Onboarding-redesign (C2):** virksomhetskontekst + scheduler-config flyttet til **bruker-eid `~/.claude/ms-ai-architect/`** (overlever plugin-reinstall; `lib/user-data.mjs` ren resolver). Ambient injeksjon av kompakt org-sammendrag ved hver sesjonsstart (ikke bare status). Valgfritt fritekst-felt (`free-context.md`). Scheduler (`enabled` + `os_scheduler_cadence`) settes i onboarding via gated CLI (backup + atomisk skriving). Privat-sektor-paritet låst med regresjonsvakt (`tests/test-onboarding-parity.sh`): privat virksomhet fullfører onboarding uten «Annet» + privat reg-sett (DORA/Finansforetaksloven/Finanstilsynets IKT-forskrift/Verdipapirhandelloven/Hvitvaskingsloven). + +### Changed + +- **EU AI Act-tidslinje re-baselinet mot Digital Omnibus:** Annex III høyrisiko (frittstående) utsatt til 2027-12-02, Annex I (innebygd) til 2028-08-02, Art. 50 transparens 2026-08-02. Art. 99-bøtesatser korrigert (35M €/7 %, 15M €/3 %, 7,5M €/1 %). Klargjort at EU AI Act ennå ikke er EØS-innlemmet og KI-loven uvedtatt per juni 2026. +- **Agent-orkestrering currency:** Connected Agents deprecated (pensjon 2027-03-31) → ny GA-modell Prompt/Hosted agents + Responses API som single entry point. MAF 1.0 GA + A2A v1.0.1. Prompt Flow (Foundry + AML) retirement 2027-04-20 → MAF. Computer Use Agent (CUA) GA 2026-05-07. Agentic retrieval GA-split (REST `2026-04-01` min/ekstraktiv, LLM-planning preview). +- **Kostnadslag re-baselinet:** GPT-5 $1,25/$10 input/output, konsolidert til én prissannhet i `deterministic-cost-calculation-model.md`. +- **Foundry URL-navnerom-migrering:** `ai-foundry` → `foundry` / `foundry-classic` på tvers av 141 filer. +- **Dataresidens korrigert:** Norway East — gpt-4o + gpt-4o-mini eneste Norge-residente generative modeller; modellkatalog modernisert. +- **DPIA cross-border:** EDPB Rec 01/2020 seks-stegs-TIA + CLOUD Act/FISA-restanalyse (FISA §702 til mars 2027; DPF gyldig; CLOUD Act uendret av DPF). EDPB 28/2024: anonymisering vurderes case-by-case. +- **ROS + DPIA regulatorisk currency:** NSM Grunnprinsipper v2.1, OWASP Agentic 2026 (ASI01–10), EchoLeak, DPF, EUDB. +- **Sikkerhet:** M365 E7 + Agent 365 (GA 2026-05-01) i licensing-matrix; Foundry Local air-gapped (Sovereign Private Cloud) i disconnected-scenarios. +- **KB-routing:** RAG/MLOps-KB ruting (betinget last) + forsont ROS-last-kontrakt (kjerne + betinget). +- Tellinger oppdatert: README docs-badge 387 → 389, README KB-tabell + per-skill-seksjon (ms-ai-security 60 → 62), CLAUDE.md skill-tabell (ms-ai-security 60 → 62), SKILL.md cost-optimization subdir-telling 21 → 22 (korrigert pre-eksisterende drift). + +### Notes on 1.16.0 + +- **Verifisering:** alle currency-påstander krysssjekket mot primærkilder. Der OWASP 2025-sider returnerte 404 ble innholdet kryssverifisert mot alternative offisielle kilder. +- **Plugin API surface:** 29 kommandoer, 12 agenter, 5 skills (389 reference docs), 2 hooks, MCP-server-config. Playground v3-koden er uendret siden v1.15.0 — kun doc-stamp bumpet; screenshots i `playground/screenshots/v1.15.0/` ikke regenerert. +- **Tester:** 239 plugin-validering, kb-integrity 192/192 (220 baseline orphan-warns), kb-update 213, kb-eval 100, test-hooks 11/11, plugin-discovery 13/13, run-e2e alle suiter (security/cost/summary/ros/ai-act/**onboarding-parity 14/14** + 6 playground-suiter) 0 FAIL. gitleaks: 3 pre-eksisterende i `playground/vendor/`. + ## [1.15.0] - 2026-05-16 ### Changed — playground v3 project-view integration diff --git a/CLAUDE.md b/CLAUDE.md index a0b7da0..1a9590a 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -5,7 +5,7 @@ Microsoft AI Solution Architect plugin for Claude Code. ## Hva denne pluginen gjør Tilbyr strukturert arkitekturveiledning for Microsoft AI-stakken: -- Azure AI Foundry, Copilot Studio, M365 Copilot +- Microsoft Foundry, Copilot Studio, M365 Copilot - Power Platform AI (AI Builder, Power Automate) - Microsoft Agent Framework - Sikkerhet og compliance @@ -24,14 +24,18 @@ Tilbyr strukturert arkitekturveiledning for Microsoft AI-stakken: | `/architect:compare` | Sammenlign Microsoft AI-plattformer for et gitt scenario | | `/architect:security` | Sikkerhets- og compliance-vurdering (6 dimensjoner) | | `/architect:cost` | Kostnadsestimat med konfidensgradering (NOK) | +| `/architect:businesscase` | Forretningscase: NNV (netto nåverdi) + DFØ-gevinstrealisering | | `/architect:adr` | Generer Architecture Decision Record (MADR v3.0) | +| `/architect:design` | Sektor-nøytralt Solution Architecture Document (SAD) — kontekst, NFR, alternativer, valgt design, risiko, veikart | | `/architect:research` | Utforsk siste nytt for en Microsoft AI-plattform | | `/architect:poc` | Generer POC-plan med suksesskriterier og risiko | | `/architect:license` | Kartlegg AI-kapabiliteter per lisenstype | +| `/architect:vendor` | Tredjeparts-/SaaS-leverandørvurdering (due diligence) — dataresidens, sub-prosessorer, DPA, Schrems II, AI Act-deployer | | `/architect:migrate` | Planlegg migrasjon mellom plattformer | +| `/architect:anskaffelse` | AI-anskaffelse: kravspesifikasjon, leverandørevaluering, terskelverdier | | `/architect:utredning` | AI-arkitekturutredning for norsk offentlig sektor | | `/architect:diagram` | Generer arkitekturdiagram med Imagen 3 (mcp-image) | -| `/architect:review` | Kjør arkitekturgjennomgang mot norske offentlig sektor-krav | +| `/architect:review` | Kjør arkitekturgjennomgang mot norske krav (offentlig sektor og privat/regulert sektor) | | `/architect:generate-skills` | Generer kunnskapsfiler med MCP-research (batch) | | `/architect:ros` | Gjennomfør ROS-analyse (Risiko- og Sårbarhetsanalyse) for et AI-system | | `/architect:dpia` | Gjennomfør DPIA/PVK for et AI-system | @@ -40,7 +44,7 @@ Tilbyr strukturert arkitekturveiledning for Microsoft AI-stakken: | `/architect:classify` | EU AI Act-klassifisering: risikonivå + rolle | | `/architect:requirements` | Konkrete AI Act-krav basert på risikonivå og rolle | | `/architect:transparency` | Generer Art. 13/50 transparensnotis på norsk | -| `/architect:frimpact` | FRIA (Art. 27) — obligatorisk for offentlig sektor | +| `/architect:frimpact` | FRIA (Art. 27) — obligatorisk for offentlige organer og enkelte private deployere (kredittscoring, livs-/helseforsikring) | | `/architect:conformity` | Samsvarsvurdering (Art. 43) — sjekkliste + erklæring | | `/architect:onboard` | Onboard pluginen med virksomhetsspesifikk kontekst | | `/architect:kb-update` | Manuell KB-refresh — poller sitemaps, oppdaterer endrede filer via `microsoft_docs_fetch`, committer | @@ -68,20 +72,13 @@ Tilbyr strukturert arkitekturveiledning for Microsoft AI-stakken: |-------|--------|----------------|--------------| | `ms-ai-advisor` | Cosmo Skyberg-persona, 7-fase arbeidsflyt, plattformvalg | 62 | "Hjelp meg velge" | | `ms-ai-governance` | Norsk offentlig sektor-styring, EU-regelverk, ansvarlig AI | 78 | "Er dette lovlig?" | -| `ms-ai-security` | Sikkerhetsscoring (6x5), kostnadsestimering (P10/P50/P90) | 60 | "Er dette trygt?" | +| `ms-ai-security` | Sikkerhetsscoring (6x5), kostnadsestimering (P10/P50/P90) | 62 | "Er dette trygt?" | | `ms-ai-engineering` | RAG, agenter, Azure AI Services, data, MLOps, multimodal | 153 | "Hvordan bygger jeg dette?" | | `ms-ai-infrastructure` | BCDR, hybrid/edge, suveren sky | 34 | "Hvordan drifter jeg dette?" | -### Kunnskapsbase-routing i agenter (max 3 filer per invokasjon) +### Kunnskapsbase-routing i agenter (typisk 3 kjernefiler per invokasjon) -Agenter leser navngitte kjernefiler, ikke hele kataloger: -- **security-assessment-agent**: security-scoring-rubrics-6x5.md, ai-security-scoring-framework.md, ai-threat-modeling-stride.md -- **cost-estimation-agent**: deterministic-cost-calculation-model.md, azure-ai-foundry-cost-governance.md, cost-models.md -- **architecture-review-agent**: decision-trees.md, security.md, public-sector-checklist.md + domene-spesifikke ved behov -- **ros-analysis-agent**: ros-ai-threat-library.md, ros-scoring-rubrics-7x5.md, ros-methodology-ns5814-iso31000.md -- **dpia-agent**: dpia-norwegian-methodology-ai.md, gdpr-compliance-ai-systems.md, ai-impact-assessment-framework.md -- **ai-act-assessor**: ai-act-classification-methodology.md + relevante ai-act-*.md filer (maks 3 per fase) -- **summary-agent**: Leser assessment-outputs fra sesjon, ikke KB-filer +Agenter leser navngitte kjernefiler, ikke hele kataloger. «3 kjernefiler» er normalen for review-/security-/cost-mønsteret; **ros-analysis-agent er et dokumentert unntak** med et større, eksplisitt last-kontrakt (kjerne + betinget) — en deterministisk ROS krever trusselbibliotek + rubrikker + metodikk + mal som minimumskjerne. Hver agents nøyaktige kjerne-/betinget-filer er definert i **agentfilen** (single source of truth); `summary-agent` leser sesjonens assessment-outputs, ikke KB-filer. ## MCP-servere @@ -90,42 +87,42 @@ Agenter leser navngitte kjernefiler, ikke hele kataloger: ### Anbefalte MCP-servere (ikke påkrevd) -- `azure-mcp-server` (microsoft/azure-mcp-server) — Live Azure-infrastrukturinspeksjon (Storage, Key Vault, Monitor, AI Search, RBAC) -- `bicep-mcp-server` — IaC-generering for Azure-ressurser -- `azure-devops-mcp` (microsoft/azure-devops-mcp) — Work items, pipelines, repos - -Se `references/architecture/recommended-mcp-servers.md` for detaljer. +`azure-mcp-server` (live Azure-infra-inspeksjon), `bicep-mcp-server` (IaC), `azure-devops-mcp` (work items/pipelines/repos). Detaljer: `skills/ms-ai-advisor/references/architecture/recommended-mcp-servers.md`. ## Hooks (2) | Event | Script | Formål | |-------|--------|--------| -| SessionStart | `session-start-context.mjs` | Viser aktive utredninger, KB-ferskhet, onboarding-status + AI Act-frister | +| SessionStart | `session-start-context.mjs` | Viser aktive utredninger, KB-ferskhet, onboarding-status, skill- + kurs-signaler (Spor C), skill-kvalitetssignaler (Spor D — skills under 90 %, fra cachet score-rapport) + AI Act-frister | | Stop | `stop-assessment-reminder.mjs` | Påminnelse om ucommittede vurderinger, neste steg | +> Spor D-signalet leser den **cachede** `scripts/kb-eval/data/skill-score-report.json` (aldri live — buildReport leser ~400 ref-filer); gitignored/regenererbar via `score-skill.mjs --write`, så fraværende i fersk klon → kun synlig for en vedlikeholder, og kun for skills <90 %. + > Secrets scanning consolidated to llm-security plugin. ## Reference docs (read on demand) - **Utvikling, testing, KB-refresh-workflow:** `docs/development.md` - **Playground v3 (decision-builder + rapport-viewer):** `docs/playground.md` -- **Recommended MCP servers (detail):** `references/architecture/recommended-mcp-servers.md` +- **Recommended MCP servers (detail):** `skills/ms-ai-advisor/references/architecture/recommended-mcp-servers.md` ## Viktige frister (EU AI Act) +> **NB — Digital Omnibus (vedtatt, avventer OJ):** Digital Omnibus utsetter høyrisiko-fristene i AI Act. Endringen er **formelt vedtatt** (Europaparlamentet 16. juni, Rådet 29. juni 2026) og trer i kraft tredje dag etter publisering i Official Journal — senest 2026-07-30 for anvendelse før 2026-08-02. Datoene under følger vedtatt tekst og bekreftes mot OJ ved publisering. Kjør `/architect:classify` for systemspesifikk vurdering. + | Frist | Krav | Status | |-------|------|--------| | 2025-02-02 | Forbudte AI-praksiser (Art. 5) | Gjeldende | -| 2025-08-02 | Governance og sanksjoner (Art. 99) | Gjeldende | -| 2026-08-02 | GPAI-krav + Annex III høyrisiko | 161 dager | -| 2027-08-02 | Alle høyrisiko-krav (full compliance) | 527 dager | +| 2025-08-02 | GPAI-krav + governance/sanksjoner (Art. 99) | Gjeldende | +| 2026-08-02 | Transparens (Art. 50): merking av syntetisk innhold | Fra 2026-08-02 | +| 2026-12-02 | Art. 50(2): frist for maskinlesbar merking i eksisterende generative systemer | Overgang (Omnibus) | +| 2027-12-02 | Annex III høyrisiko (frittstående) — utsatt fra 2026-08-02 | Vedtatt (Omnibus, avventer OJ) | +| 2028-08-02 | Annex I høyrisiko (innebygd i regulerte produkter) | Vedtatt (Omnibus, avventer OJ) | -**Tilsynsmyndigheter:** Datatilsynet (personvern), nasjonal AI-tilsynsmyndighet (under etablering), sektortilsyn. +> Maskinlesbar kilde: `scripts/kb-update/data/ai-act-deadlines.json` — synk-testet mot denne tabellen, assessor-malen og hookene (`tests/kb-update/test-ai-act-deadlines-sync.test.mjs`). Oppdater kilden først. + +**Tilsynsmyndigheter:** Nkom (koordinerende markedstilsynsmyndighet og nasjonalt kontaktpunkt for AI-forordningen), Datatilsynet (personvern), sektortilsyn kan utpekes i tillegg. ## Relaterte plugins (fremtidig) -- `ms-rag-architect` — RAG-spesialist (egen plugin) -- `ms-power-automate-architect` — Power Automate deep-dive -- `ms-azure-ai-architect` — Azure AI Services deep-dive -- `ms-foundry-architect` — Azure AI Foundry spesialist -- `ms-copilot-studio-architect` — Copilot Studio spesialist +Planlagte søsken-plugins: `ms-rag-architect` (RAG), `ms-power-automate-architect`, `ms-azure-ai-architect`, `ms-foundry-architect`, `ms-copilot-studio-architect`. diff --git a/README.md b/README.md index 188ceb9..d9a9b0e 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ *AI-generated: all code produced by Claude Code through dialog-driven development. [Full disclosure →](../../README.md#ai-generated-code-disclosure)* -![Version](https://img.shields.io/badge/version-1.15.0-blue) +![Version](https://img.shields.io/badge/version-1.17.0-blue) ![Platform](https://img.shields.io/badge/platform-Claude_Code_Plugin-purple) -![Docs](https://img.shields.io/badge/reference_docs-387-green) +![Docs](https://img.shields.io/badge/reference_docs-389-green) ![Agents](https://img.shields.io/badge/agents-12-orange) ![License](https://img.shields.io/badge/license-MIT-lightgrey) @@ -37,7 +37,7 @@ A Claude Code plugin that provides structured architecture guidance across the f ## What Is This? -This plugin gives you access to **Cosmo Skyberg**, a virtual Microsoft AI solution architect who guides you through structured decision-making across Azure AI Foundry, Copilot Studio, Power Platform AI, Microsoft 365 Copilot, and the broader Microsoft agent ecosystem. +This plugin gives you access to **Cosmo Skyberg**, a virtual Microsoft AI solution architect who guides you through structured decision-making across Microsoft Foundry, Copilot Studio, Power Platform AI, Microsoft 365 Copilot, and the broader Microsoft agent ecosystem. Unlike a chatbot that answers questions, Cosmo follows a **7-phase advisory methodology**: understand the business need, map the technical context, assess team capability, validate against live documentation, integrate domain knowledge from 380 reference documents, deliver a concrete architecture recommendation, and optionally visualize it. @@ -120,15 +120,18 @@ Cosmo will ask clarifying questions about your business need, licenses, data sou | `/architect:ros` | Risk and Vulnerability Analysis (ROS) with 7 dimensions and AI threat library | | `/architect:security` | Security and compliance assessment (6-dimension scoring) | | `/architect:cost` | Cost estimate with confidence grading in NOK | +| `/architect:businesscase` | Business case with net present value (NPV) and DFØ benefits realization | | `/architect:review` | Architecture review against Norwegian public sector requirements | | `/architect:dpia` | DPIA/PVK for an AI system with risk matrix and mitigation table | | `/architect:license` | Map AI capabilities per license type (E3, E5, F1, G5, etc.) | +| `/architect:vendor` | Third-party / SaaS vendor due diligence — data residency, sub-processors, DPA, Schrems II, AI Act deployer obligations | ### Documentation & Output | Command | Description | |---------|-------------| | `/architect:adr` | Generate Architecture Decision Record (MADR v3.0) | +| `/architect:design` | Sector-neutral Solution Architecture Document (SAD) — context, NFRs, options, chosen design, risk, roadmap | | `/architect:summary` | Generate executive summary and decision memo from assessments | | `/architect:diagram` | Generate architecture diagram with Imagen 3 or Mermaid | | `/architect:export` | Export architecture document to PDF | @@ -140,6 +143,7 @@ Cosmo will ask clarifying questions about your business need, licenses, data sou | `/architect:utredning` | Full AI architecture investigation for Norwegian public sector | | `/architect:poc` | Generate POC plan with success criteria and risk assessment | | `/architect:migrate` | Plan migration between Microsoft AI platforms | +| `/architect:anskaffelse` | AI procurement plan — requirements spec, vendor evaluation, thresholds | ### Setup & Maintenance @@ -166,7 +170,7 @@ The plugin delegates specialized work to 12 purpose-built agents. Each agent has | `license-mapper-agent` | Cross-reference licenses vs. platform capabilities | ms-ai-advisor | `/architect:license` | | `diagram-generation-agent` | Architecture diagrams via Imagen 3 / Mermaid | Prompt templates | `/architect:diagram` | | `summary-agent` | Executive summary and decision memo synthesis | All assessment outputs (incl. ROS) | `/architect:summary` | -| `onboarding-agent` | 5-phase structured org interview | Writes org/*.md | `/architect:onboard` | +| `onboarding-agent` | 5-phase structured org interview | Writes ~/.claude/ms-ai-architect/org/*.md (user-owned, survives reinstall) | `/architect:onboard` | | `ai-act-assessor` | EU AI Act classification, obligations, and compliance assessment | ms-ai-governance (ai-act-*) | `/architect:classify`, `/architect:requirements`, `/architect:transparency`, `/architect:frimpact`, `/architect:conformity` | ### Orchestration Pattern @@ -200,14 +204,14 @@ The orchestrator creates a `.work/` directory for intermediate results, delegate ## Knowledge Base -The plugin includes **387 reference documents** organized across 5 domain-specific skills: +The plugin includes **389 reference documents** organized across 5 domain-specific skills: | Skill | Domain | Refs | User Intent | |-------|--------|------|-------------| | `ms-ai-advisor` | Cosmo persona, 7-phase workflow, platform selection | 62 | "Help me choose" | | `ms-ai-engineering` | RAG, agents, Azure AI Services, data, MLOps, multimodal | 153 | "How do I build this?" | | `ms-ai-governance` | Norwegian public sector governance, EU regulations, responsible AI, ROS | 78 | "Is this legal/safe?" | -| `ms-ai-security` | Security scoring (6×5), cost estimation (P10/P50/P90) | 60 | "Is this safe?" | +| `ms-ai-security` | Security scoring (6×5), cost estimation (P10/P50/P90) | 62 | "Is this safe?" | | `ms-ai-infrastructure` | BCDR, hybrid/edge, sovereign cloud | 34 | "How do I operate this?" | ### ms-ai-advisor (62 refs) @@ -216,13 +220,13 @@ Architecture decision trees, platform comparison matrices, Cosmo persona definit ### ms-ai-engineering (153 refs) -RAG implementation patterns, agent orchestration, Azure AI Foundry, Copilot Studio extensibility, AI Builder, multimodal processing, Semantic Kernel, MLOps pipelines. +RAG implementation patterns, agent orchestration, Microsoft Foundry, Copilot Studio extensibility, AI Builder, multimodal processing, Semantic Kernel, MLOps pipelines. ### ms-ai-governance (78 refs) Norwegian public sector governance (Digdir, DFØ), EU AI Act (Annex III checklist), responsible AI frameworks, GDPR/Schrems II compliance, Utredningsinstruksen alignment. Includes a comprehensive **ROS analysis framework** with 7 new reference documents: AI threat library (49 threats across 7 categories), NS 5814/ISO 31000 methodology guide, 7×5 scoring rubrics, sector-specific checklists (health, transport, finance, justice, education), report templates, DPIA/security integration patterns, and MAESTRO multi-agent security model. -### ms-ai-security (60 refs) +### ms-ai-security (62 refs) 6×5 security scoring rubrics, threat modeling for AI systems, content safety, cost optimization, deterministic cost calculation model, data residency patterns. @@ -273,11 +277,28 @@ BCDR planning, hybrid and edge deployment, sovereign cloud (Norway regions), net /architect:export # PDF for stakeholders ``` +### 5. Private Sector / Enterprise — Design → Security → Cost → ADR + +The same depth applies outside the public sector, without the Utredningsinstruksen/Digdir scaffolding: + +``` +/architect:classify # AI Act applies to all providers/deployers — public and private +/architect:design # Sector-neutral Solution Architecture Document (not utredning) +/architect:security # 6-dimension security assessment +/architect:cost # Cost estimate with P10/P50/P90 +/architect:vendor # Due diligence on external SaaS/AI vendors +/architect:adr # Formalize the decision +``` + +> For **regulated** private sector (finance), `/architect:ros` and `/architect:requirements` auto-surface DORA / Finanstilsynet / Finansforetaksloven coverage via the 17-point finance checklist in the KB. Note: FRIA (`/architect:frimpact`) is mandatory for private deployers in credit scoring (excl. fraud detection) and life/health-insurance pricing — not only public bodies. + --- ## Norwegian Public Sector Features -This plugin is specifically designed for Norwegian public sector governance requirements: +This plugin's regulatory depth is calibrated for Norwegian public sector — but the core (security scoring, cost models, ROS, the finance/DORA checklist, RAG/engineering KB) is sector-agnostic. Private and regulated-sector users get a parallel path: see [Workflow Example 5](#workflow-examples) and `/architect:design` / `/architect:vendor`. + +The public sector framework coverage: ### Regulatory Frameworks @@ -353,7 +374,7 @@ Two runtime hooks provide session context and safety guardrails: Interactive **decision-builder + report viewer** for Microsoft AI architecture decisions, runnable from `file://` without a server. Replaces the v2 5-step pipeline with a multi-surface app that persists state across sessions and visualizes parsed reports inline. - **File:** `playground/ms-ai-architect-playground.html` (~3870 lines, single-file v3 architecture) -- **4 surfaces:** Onboarding (18 shared fields) → Home (project list + 3 entry tracks) → Catalog (24 commands grouped by 5 expansion categories with search) → Project (per-project tabs, command form prefill, paste-back report import + visualization) +- **4 surfaces:** Onboarding (18 shared fields) → Home (project list + 3 entry tracks) → Catalog (29 commands grouped by 5 expansion categories with search) → Project (per-project tabs, command form prefill, paste-back report import + visualization) - **Persistent state:** IndexedDB primary store with localStorage fallback. Schema-versioned (`STATE_KEY = 'ms-ai-architect-state-v1'`) with eager `MIGRATIONS` pipeline. - **17 report renderers:** Each report-producing command has a parser (markdown → structured) and renderer (structured → HTML visualization: pyramid, matrix, radar, findings, distribution, capability-matrix, etc.) wired through a canonical archetype-routing table. - **Theme:** Dark default + light mode toggle, persisted in `localStorage('ms-ai-architect-theme')`. Both themes ship Aksel-aligned tokens (full WCAG AA contrast) as of v1.10.0; theme-bootstrap script in `` prevents FOUC. @@ -413,7 +434,7 @@ Screenshots of every surface in both themes live in `playground/screenshots/v1.1 | 03 | `03-project-rapporter-tool-{dark,light}.png` | 7 tool commands (no report — pipeline-string builders) | | 04-06 | `04-project-oversikt-{dark,light}.png` etc. | Project screen-tabs (oversikt / kontekst / eksport) | | 07 | `07-home-{dark,light}.png` | Home with project list + 3 entry tracks | -| 08 | `08-catalog-{dark,light}.png` | Catalog with 24 commands in 5 expansion-grupper | +| 08 | `08-catalog-{dark,light}.png` | Catalog with 29 commands in 5 expansion-grupper | | 09 | `09-onboarding-prefilled-{dark,light}.png` | Onboarding with state from demo | Regenerate via `cd tests/screenshot && npm install && npx playwright install chromium && node run.mjs`. @@ -422,7 +443,7 @@ Regenerate via `cd tests/screenshot && npm install && npx playwright install chr | Test | Command | Coverage | |------|---------|----------| -| Static structure | `bash tests/test-playground-v3.sh` | 201 PASS — vendored CSS, surfaces, 24 commands, 14 parsers, 17 renderers (felles grunnskjelett), design-system classes, action handlers, Tier 3-bruk, onboarding field-distribution | +| Static structure | `bash tests/test-playground-v3.sh` | 223 PASS — vendored CSS, surfaces, 29 commands, 14 parsers, 17 renderers (felles grunnskjelett), design-system classes, action handlers, Tier 3-bruk, onboarding field-distribution | | Parser fixtures | `bash tests/test-playground-parsers.sh` | 70 PASS — 17 fixtures × parser routing | | Migrations | `bash tests/test-playground-migrations.sh` | 7 PASS — v1→v2 idempotent migration | | Combined (E2E) | `bash tests/run-e2e.sh --playground` | static + parser suites | @@ -444,7 +465,7 @@ The playground loads CSS from `playground/vendor/playground-design-system/` — |--------|-------------| | Copilot Family | Microsoft 365 Copilot, Copilot Studio, Sales Copilot, Service Copilot | | Power Platform | Power Automate, Power Apps, AI Builder | -| Azure AI Foundry | Agent Service, Model Router, Prompt Flow, Model Catalog | +| Microsoft Foundry | Agent Service, Model Router, Prompt Flow, Model Catalog | | Azure AI Services | Azure OpenAI, AI Search, Document Intelligence, Speech, Vision | | Development | Microsoft Agent Framework, Semantic Kernel, AutoGen | | Security | Microsoft Purview, Defender for Cloud, Content Safety | @@ -581,7 +602,7 @@ bash tests/capture-fixture.sh ### Knowledge Base Maintenance -The 387+ reference documents are actively maintained by the plugin author. Updated reference files are published as regular commits to the marketplace repository. If you installed via `claude plugin marketplace add`, updates are pulled automatically — no manual action needed. +The 389+ reference documents are actively maintained by the plugin author. Updated reference files are published as regular commits to the marketplace repository. If you installed via `claude plugin marketplace add`, updates are pulled automatically — no manual action needed. For forks (or if you simply want to refresh the KB yourself), the plugin ships with a sitemap-based change-detection pipeline plus a slash command that drives the apply-fasen via the active Claude Code session. @@ -630,7 +651,7 @@ node scripts/kb-update/build-registry.mjs [--merge] /architect:generate-skills ``` -Category-to-skill routing is defined in `scripts/skill-gen/category-skill-map.json` (20 categories mapped to 5 skills), used by the generate-skills workflow to place new reference documents in the correct skill directory. +Category-to-skill routing is defined in `scripts/kb-update/data/domain-taxonomy.json` (the lag-0 single source of truth, read via `lib/taxonomy.mjs` → `getCategorySkill`). It uses physical-disk truth and supersedes the old `category-skill-map.json` (removed — it had drifted from disk and was consumed by no code). --- @@ -638,6 +659,13 @@ Category-to-skill routing is defined in `scripts/skill-gen/category-skill-map.js | Version | Date | Highlights | |---------|------|-----------| +| **1.17.0** | 2026-07-04 | **Spor 1 — Port-1-substrat migrert** på de 4 ikke-advisor-skills (327 filer). `**Type:**` stemplet på alle 327; `**Source:**` (Microsoft Learn-autoritet) backfilt på 243 sourced reference-filer; `## Innhold` TOC på 325 store filer. Stale `**Verified:** MCP`-poison fjernet (14 header + 9 stray body-dup i 500B-vinduet) → full-pass-worklist aktivert (243 due, 0 fresh). Prosa byte-identisk (fra første `##`), advisor-skillen urørt, `verified` null (settes i senere judge-pass). To applier-fixes TDD'd (`insertHeaderFields` giant-meta-anker, `normalizeStaleVerified` in-window body-dup). Suite 728/728. Utfall: `docs/spor1-migration-outcome.md`. | +| **1.16.5** | 2026-06-24 | KB-refresh-patch (kun reference docs). **LOW-tier 52 filer** verifisert mot Microsoft Learn (post-1.16.4 baseline; ~33 TRYGT header-bump, resten reell drift/URL-/syntaksfiks). **Materiell fiks:** `agent-framework` fullstendig omskrevet (oppdiktet `azure.ai.agent`-API → ekte SDK `agent-framework`/`Microsoft.Agents.AI`: `Agent(client=...)`, `@tool`, `WorkflowBuilder`, OpenTelemetry; suksessor til SK **og** AutoGen) + `migration-patterns` §6 tilsvarende. **Norsk AI Act** ikrafttredelse mykgjort (forsinket pga. EØS). **Copilot Credits** (tidl. billed sessions). **Data eng:** Fabric mirroring / OneLake Security / liquid clustering Preview→GA, Lakeflow SDP-rebrand. **APIM:** KQL `DeploymentName`, token-quota, v2-tier-matriser. **BCDR:** Azure Cache for Redis → Managed Redis. **Cosmo-utfasing startet** («For Cosmo» fjernet i 2 filer; full fjerning som eget initiativ). `git diff` + validering 239/0. Needing-update 52 → 0 (alle tiers 0). | +| **1.16.4** | 2026-06-24 | KB-refresh-patch (kun reference docs). **MEDIUM-tier 33 filer** verifisert mot Microsoft Learn (18 TRYGT header-bump, 15 reell drift). **Prompt-caching** in-memory vs extended 24t (`prompt_cache_retention`); **Realtime** `gpt-realtime-1.5` + GA-endepunkt `/openai/v1`; **Guardrails**-rebranding (tidl. content filters, `Microsoft.DefaultV2`); `ND96asr_v4` 320 GB (var 640); PTU min Global/Data Zone 15 (var 50); **Deep Research + Connected agents deprecated**, Prompt Flow-retirement 2027-04-20, A2A Java; nye agent-evaluatorer + `FoundryEvals`; **procedural memory** + Norway East; **Speaker Recognition Limited Access**. GPT-4.1-pricing forble uverifiserbar (community-kilder) → urørt. Hver `VERIFY` re-bekreftet av main-agent mot kilde FØR skriving; `git diff` + validering 239/0. Medium 33 → 0 (needing-update 85 → 52). | +| **1.16.3** | 2026-06-24 | KB-refresh-patch (kun reference docs). **HIGH-tier 11 filer + 1 dateless kjernefil** verifisert mot Microsoft Learn. **Faktafiks:** Content Safety image-modeller Medium-terskel (ikke «Low»); `gpt-4.1-mini` = GPT-4.1-variant (ikke o-series reasoning); CMK Key Vault Azure RBAC «Key Vault Crypto Service Encryption User» som primæralternativ (ikke «legacy access policies»). **Lagt til:** Task Adherence (preview) i guardrails-risk-kategorier, Prompt Flow retirement 2027-04-20, 5. data-privacy-garanti, «Models sold by Azure»-terminologi, `security.md` maskinlesbar header. **Avkreftet ved verifisering:** Content Safety Analyze Text 10K-tegn-grensen var korrekt (drift-rapportens «1000» = feillesing av Transparency Note-anbefaling). Hver `VERIFY` bekreftet mot kilde FØR skriving; disclaimed priser urørt; `git diff` + plugin-validering 239/0. High 11 → 0, Unverified 1 → 0 (needing-update 97 → 85). | +| **1.16.2** | 2026-06-24 | KB-refresh-patch (kun reference docs — ingen kommando-/agent-/skill-endringer). **Critical cost-klyngen** (8 filer i `cost-optimization/`) verifisert + oppdatert mot Microsoft Learn: Spillover GA, **Priority processing** (4. deployment-type), **Data Zone Batch** (SKU `DataZoneBatch`, EU/US-datasone), modell-lineup GPT-5 → 5.1/5.5, extended prompt-cache 24t, RFT-kostnadsmodell ($5000 per-job-tak), batch fail-fast-retry (server fail-fast + klient-side backoff), On Your Data-pensjon (2026-10-14). **Kalibrering:** fjernet uverifiserbart «175B+» (GPT-4o), «GPT-4 utfaset» → «legacy», og avkreftet én drift-påstand ved verifisering (Phi-3/Phi-2/Falcon-7B fortsatt i Foundry-katalogen → ingen «retired»-merking). Hver `VERIFY`-påstand bekreftet mot kilde FØR skriving; disclaimed priser urørt; `git diff` + plugin-validering 239/0. Critical-count 8 → 0. | +| **1.16.1** | 2026-06-23 | KB-refresh-patch (kun reference docs — ingen kommando-/agent-/skill-endringer). **Modellkatalog** GPT-5.1 → GPT-5.5 i 3 filer (`batch-processing-cost-reduction.md`, `model-selection-price-performance.md`, `azure-ai-foundry.md`). **Foundry-navnesveip** «Azure AI Foundry» → «Microsoft Foundry» på tvers av 233 reference docs (810 forekomster). **RBAC** «Azure AI User» → «Foundry User» (`foundry-workflows-visual-orchestration.md`; cost-governance-mappingen bevart). Hvert premiss verifisert mot Microsoft Learn før sveip; `git diff` + plugin-validering + deterministisk re-score (skills uendret, alle ≥90 %). | +| **1.16.0** | 2026-06-22 | Currency- og privat-sektor-paritets-audit (devil's-advocate-audit 2026-06-18, 10 dimensjoner, 89 verifiserte funn — `docs/devils-advocate-audit-2026-06-18.md`). **Regulatorisk:** EU AI Act-tidslinje re-baselinet mot Digital Omnibus (Annex III høyrisiko → 2027-12-02, Art. 50 → 2026-08-02) + Art. 99-bøtesatser (35M/7 %, 15M/3 %, 7,5M/1 %); EU AI Act ennå ikke EØS-innlemmet, KI-loven uvedtatt per juni 2026; DPIA cross-border med EDPB Rec 01/2020 seks-stegs-TIA + CLOUD Act/FISA-restanalyse + EDPB 28/2024 (anonymisering case-by-case). **Plattform:** Foundry URL-navnerom-migrering (`ai-foundry` → `foundry`/`foundry-classic`, 141 filer); Connected Agents deprecated (pensjon 2027-03-31) → Prompt/Hosted agents + Responses API; MAF 1.0 GA + A2A v1.0.1; Prompt Flow retirement 2027-04-20; CUA GA 2026-05-07; agentic retrieval GA-split. **Kostnad:** re-baselinet til GPT-5 $1,25/$10 med én prissannhet. **Dataresidens:** korrigert Norway East (gpt-4o + gpt-4o-mini eneste Norge-residente generative). **Sikkerhet:** Defender AI threat protection (ikke Azure Government) + OWASP LLM04/06/08/09-tiltak (2 nye KB-filer); M365 E7 + Agent 365 (GA 2026-05-01); Foundry Local air-gapped. **Privat-sektor-paritet:** sektor-parametrisering i 6 kommandoer + onboarding-forgrening + 4 nye kommandoer (`businesscase`, `anskaffelse`, `design`, `vendor` → 25 → 29 totalt). ROS/DPIA-currency (NSM v2.1, OWASP Agentic 2026, EchoLeak, DPF, EUDB). **Selvstendiggjøring (Spor C):** planlagt KB-deteksjon (opt-in, Claude-fri; Tier 1 SessionStart-hook + Tier 2 OS-scheduler launchd/cron) + onboarding-redesign (bruker-eid `~/.claude/ms-ai-architect/`, ambient org-injeksjon, valgfritt fritekst-felt, scheduler-kadens i onboarding, privat-sektor-paritet låst med regresjonsvakt). 389 reference docs (ms-ai-security 60 → 62). 239 plugin-validering · kb-integrity 192/192 · run-e2e alle suiter (+ onboarding-parity 14/14) 0 FAIL. Playground-koden uendret siden v1.15.0 (kun doc-stamp bumpet; screenshots ikke regenerert). | | **1.15.0** | 2026-05-16 | Playground v3 project-view integration — `renderProjectSurface` (v2 screen-tabs + category-tabs + per-command paste-cards) erstattet av `renderProjectView` (sidebar med 17 artifacts + main-area + import-modal overlay). `renderActive()` delegerer nå til `renderProjectSurfaceV3()`. Dead code fjernet: `renderCommandSubCard`, `rehydratePasteImports`, `currentProjectScreen`, `ACTIONS['project-screen']`, 5 v2-CSS-klasser (`.project-tabs`, `.project-tab`, `.project-tab__count`, `.sub-zone`, `.paste-import-row`, `.project-header__*`, `.command-cards`). 2 fingerprint-gap lukket: `requirements.headers` matcher nå "EU AI Act — Krav for høyrisiko..."; `license.headers` matcher "Lisens-kapabilitetsmatrise...". v2→v3 migrasjon utvidet med `parserFor` slik at demo-state med kun `raw_markdown` auto-parses inn i `project.artifacts[cid]`. `components-tier4-project-view.css` wired inn (var ikke loaded — modal-overlay og two-column layout virket ikke). `renderImportModal` setter `data-open="true"` (DS-kontrakt). 219 plugin-validering, 386 E2E playground (32 fingerprints, 219 v3-static, 70 parsers, 16 migrations, 30 project-view, 19 actions), 0 FAIL, 2 WARN (pre-eksisterende). 24 screenshots regenerert til `playground/screenshots/v1.15.0/`. Demo viser nå 17 artifacts navigerbare i sidebar, aggregate verdict (BLOKKERT), top-risks-liste, og fungerende re-importer/slett-knapper per artifact. | | **1.14.0** | 2026-05-08 | Playground root-cause refaktor — DS-konvensjon-adopsjon på tvers av 14 renderere over 6 sesjoner. Sesjon 2: B-DS-1/2/3 fikset i shared/ DS v0.4.0 (kanban-card word-break, expansion title-block, matrix-bubble cursor). Sesjon 3: renderDpia/Security/Ros til DS-summary-grid + ros-layout. Sesjon 4: 6 compliance/govern-renderere bytter `.report-meta`-wrapper mot DS-konvensjon (renderAiActPyramid, renderRequirements, renderConformity, renderTransparency, renderFria, renderReview). Sesjon 5: renderMigrate + renderPoc → expansion-list per fase (slett `.phase-detail`-CSS). Sesjon 5b: renderCost key-stats viste "[object Object]" (parser-output har p50/p90 = {monthly,yearly}-objekter — nå ekstrahert via `.monthly`); renderCompare distinctive-token-matching erstatter firstWord-heuristikk; renderUtredning droppet misvisende `role="tab"`-attributter. Lokal `