"Name the 7 canonical bug bounty tools and each one's job." (1) nmap — port/service/version recon. (2) amass/subfinder — subdomain enumeration. (3) httpx — HTTP probing + tech fingerprint. (4) nuclei — template-based vulnerability scanning. (5) ffuf — content/parameter fuzzing. (6) Playwright — stateful DOM-aware validation. (7) CVE enrichment — CVSS/EPSS/KEV triage. course2a::sdd03::recall "What is a 'schema-first wrapper' and why does it matter for offensive tools?" A JSON-schema-defined harness tool that wraps a CLI. The agent calls nuclei({templates, target}), not freeform shell. The schema ENFORCES scope validation and returns structured output. This is Course 1 Module 2's schema-first pattern applied to security tools. course2a::sdd03::analysis "What does the scope validator check, and why must it check resolved IPs not just hostnames?" It checks that the target is in-scope BEFORE every tool executes. It must check RESOLVED IPs because an agent could construct a tool call with a hostname that resolves to an out-of-scope IP — bypassing a hostname-only check. This is the legal control (CFAA/Computer Misuse Act, Course 2A S00). course2a::sdd03::analysis "What is the 'DoS budget' and which tool forces it?" A harness-level rate limit that prevents the agent's scans from denying service to the target. ffuf at full speed is a DoS. The rate limit must be a harness-level budget the agent cannot exceed, not a per-tool config. This is both a legal and technical control (Course 2A S00). course2a::sdd03::analysis "Why is Playwright the validation layer? What problem does it solve?" nuclei/ffuf are STATELESS scanners that produce false positives. Playwright is STATEFUL and DOM-aware — it confirms whether a finding is real by loading the page and checking the actual DOM/network state. This separates signal from noise; without it, the agent drowns in low-quality findings. course2a::sdd03::analysis "What does CVE enrichment add, and what three data sources does it use?" Triage: it answers 'is this exploitable and how urgent?' before submission. Sources: CVSS (severity), EPSS (exploitability probability), CISA KEV (known exploited in the wild). High EPSS or KEV listing = urgent. This is the bug bounty program's triage applied in the harness. course2a::sdd03::analysis "State the reference stack's score on the 12-module rubric and its strongest/weakest modules." 43/60. Strongest: Tool Design (5, schema-first wrappers) and Verification (5, Playwright + enrichment). Weakest: Execution Loop (3, deterministic pipeline not agent loop), Memory (3, per-engagement), Permission (3, rate limit is per-tool not first-class). CAI (SDD-01) layers on top of this baseline. course2a::sdd03::analysis "What are the stack's three risk surfaces (the security finding)?" (1) Scope validation (legal exposure if bypassed). (2) Rate limiting (DoS exposure if ffuf runs unbounded). (3) Output normalization (injection exposure if raw CLI output enters context untagged). These are the three wrappers to audit, fuzz, and harden first. course2a::sdd03::analysis "What is the 'structured evidence chain' and why is it the harness's product?" The per-finding record: timestamp (when), scope tag (where), tool + parameters (reproducibility), raw + normalized output (what), severity (how bad). A bug bounty program can reject a finding without repro steps; the evidence chain IS the repro. It is what makes output submittable. course2a::sdd03::analysis "Name 3 things you would fix if you built on this stack." (1) Add an agent loop on top of the pipeline (exploratory flexibility, not deterministic stages). (2) Add cross-engagement memory (vector store of past findings per target). (3) Make the rate-limit/DoS budget a first-class harness-level control, not a per-tool config. course2a::sdd03::application "Why must raw CLI tool output be tagged untrusted before entering the agent context?" nuclei findings and Playwright DOM output may contain adversarial content (the target serves a page with embedded instructions). Raw CLI output in context is an injection vector (Course 1 Module 2.4, InjecAgent ~50% vulnerability). Normalize and tag untrusted before it reaches the agent. course2a::sdd03::analysis "Stack as pipeline vs stack as tool registry — what is the difference, and which is correct?" As a pipeline (recon→scan→fuzz→validate), it is a deterministic recon factory — inflexible. As a TOOL REGISTRY under an agent loop (as in CAI), it is the offensive capability surface the agent draws on. The registry-under-agent-loop is correct; the bare pipeline is the baseline, not the harness. course2a::sdd03::analysis "State the reference stack's Architect's Verdict in one line." The canonical tool registry for offensive work (7 schema-first wrappers producing a structured evidence chain); as a standalone pipeline it is a deterministic factory, as a registry under an agent loop it is the offensive capability surface — build on it and add the agent loop, cross-engagement memory, and first-class rate budget. course2a::sdd03::recall