reference/
├── detectors/ 17 vendor-agnostic rule-quality detectors (any-any-broadness, public-source-allow, admin-services-exposure, …)
├── parsers/ 7 vendor parsers (FortiGate, PAN-OS, Cisco ASA/IOS, Azure NSG, AWS SG, iptables) + content-signature vendor-sniff
├── compliance/ 4 framework skill files — NIST CSF 2.0, PCI DSS v4.0.1, ISO/IEC 27001:2022, CIS Controls v8.1
├── validation/ 2 chain-aware validation passes — precedence-awareness + post-process-enrich
├── reporting/ 4 deliverable renderers — report-writer-pdf, report-writer-excel, narrative-framer, brand-config
├── personas/ 5 sub-agent role briefs — citation-verifier, cto-reviewer, ciso-reviewer, qa-reviewer, senior-pentester
├── core/ Canonical NormalizedRule + Finding + ChainOfCustody data contracts (schema.md)
├── commands/ 5 slash-command specifications — start, launch, review, report, pending
├── agents/ 5 sub-agent dispatch briefs (mirror personas, with Task-tool wiring)
├── learning/ Feedback-capture, skill-proposer, pending-curator + the canonical audit-report-patterns reference
└── VERSIONS.md Single source of truth for every detector / parser / compliance pin