/claim #667

Skill Improvement ($50-150 Bounty)

Related review issue: #667

Summary

This improves access-review by adding effective-access expansion gates so reviewers certify actual access paths instead of direct-grant snapshots that miss nested groups, dynamic group rules, SCIM mappings, external IdP groups, app-local mappings, and break-glass paths.

Changes

• Add AR-EFF-01 through AR-EFF-08 evidence gates.
• Require user-to-entitlement effective paths, nested group depth/cycle checks, dynamic rule owner/source/evaluation evidence, SCIM and external IdP mapping evidence, attribute-drift controls, guest/vendor inherited access visibility, break-glass evidence, and Not Evaluable handling.
• Extend the output format with Effective Access Expansion Matrix and gate results.
• Add skill-local benign and vulnerable JSON fixtures.

Bounty Tier

• Minor ($50) - Small improvements, typo fixes, minor clarifications
• Moderate ($100) - Adds meaningful coverage, new validation gates, or useful fixtures
• Substantial ($150) - Major restructuring, broad new coverage, or comprehensive test suite additions

Validation

• git diff --cached --check
• git diff --check origin/main...HEAD
• JSON parse check for both fixtures
• Markdown fence balance check
• marker checks for AR-EFF-01 through AR-EFF-08
• added-line realistic-secret-pattern scan
• git merge-tree --write-tree origin/main HEAD matches HEAD^{tree}
• fork branch created through GitHub Git Data API; remote tree verified to match local HEAD^{tree}

Payment preference

GitHub Sponsors, if accepted.