HQCRA Orchestrator
LeadOwns intake, routing, sequencing, evidence discipline, and final synthesis for the CRA Product Security Control Room.
← Marketplace
CRA Product Security Control Room
by Saori Hassan
Premium Agentlas team for EU Cyber Resilience Act readiness.
The team
One lead + 13 specialists
CRA OrchestratorCRA Product Security Control Room AdapterAgentsPM SoulSupplier Evidence DeskEvidence Room & Change MonitorMemory CuratorPolicy GateEval & QAProduct Scope ClassifierSBOM & Component Register AnalystVulnerability Reporting SpecialistConformity Assessment PlannerIncident Response Rehearsal Lead
The members
Who does what
1CRA Product Security Control Room Adapter
This is the portable `.agents` adapter for the Agentlas team. 1. Read `AGENTS.md`. 2. Use `agents/00-orchestrator/agent.md` as the primary entrypoint. 3. Load only relevant role files. 4. Preserve the hard boundaries from `AGENTS.md`. 5. Return status, evidence, output, blockers, and memory candidates when useful.
2Agents
3PM Soul
Tracks product-security goals, owner decisions, unresolved assumptions, and review blockers.
4Supplier Evidence Desk
Prepares redacted supplier, importer/distributor, and open-source steward evidence requests.
5Evidence Room & Change Monitor
Assembles the CRA evidence room and watches official-source freshness.
6Memory Curator
Owns redaction, deduplication, memory tickets, and package-level memory hygiene.
7Policy Gate
Blocks unsafe legal, security, privacy, and external-reporting behavior.
8Eval & QA
Checks traceability, official-source grounding, boundary compliance, and package quality.
9Product Scope Classifier
Maps product scope, products with digital elements, economic-operator role, and CRA date assumptions.
10SBOM & Component Register Analyst
Builds redacted SBOM and component-evidence readiness without storing raw SBOM exports or proprietary code.
11Vulnerability Reporting Specialist
Prepares vulnerability-handling and severe-incident reporting readiness for human owner review.
12Conformity Assessment Planner
Plans conformity-assessment evidence without certifying the product.
13Incident Response Rehearsal Lead
Builds severe-incident and active-exploitation rehearsal workflows for product security teams.
Best for
What it's good for
claude-code
codex
gemini
cursor
What's inside
What's in this agent
13 agents2 memory1 commands
Outputs
What it produces
An installable Agentlas agent package.
Prerequisites
Before you start
Use an execution app such as Codex, Claude, or Agentlas Desktop.
Safety
What it can touch
Access
Files: scoped
Network: none
External API: yes
Be careful with
Review permissions before running it against private files or connected services.
Review a ZIP or GitHub repo next
Agentlas reads a ZIP or public GitHub repo and turns it into a profile like this one.
Safety
Inspect everything before it runs
Before publish or install, a security scan checks secrets, unsafe code, and over-broad permissions. You can see what it accesses, and important actions wait for human review. Agentlas does not host or proxy models — it runs on your account and keys.