au-energy recipe (AESCSF + SOCI Act + AER ring-fencing)

[tractorjuice]

Tracking issue for the Australian energy-sector recipe extension proposed by @royster70 in #424. Split from #439 (au-fed civilian recipe) so each bundle has its own thread and ~8 ADR topics.

Source proposal

Full proposal: #424 (comment) (@royster70, 2026-05-05).

Scope

Energy-sector extension recipe — to be opened after the federal civilian recipe (#439) lands, since this builds on the same au-* community-overlay command base.

Regulatory anchors (energy-specific, in addition to the federal baseline in #439)

Framework	Authority	Scope
AESCSF	Australian Energy Market Operator (AEMO)	Australian Energy Sector Cyber Security Framework — capability-based maturity assessment (MIL1/2/3); builds on E8 baseline with energy-specific OT/SCADA controls
SOCI Act 2018	Department of Home Affairs	Security of Critical Infrastructure — mandatory for declared critical assets across 11 sectors; 72hr incident reporting, CIRMP, positive security obligations
AER Ring-Fencing	Australian Energy Regulator	Constrains shared services, data access, and infrastructure between regulated network and contestable operations — directly impacts SaaS architecture and shared-platform decisions for energy network businesses
NER / NGR	Australian Energy Market Commission (AEMC)	National Electricity Rules / National Gas Rules — market and operational obligations; AEMO is the market/system operator

Planned Phase 3 commands

• au-aescsf — AESCSF MIL1/2/3 capability domain assessment (includes OT/IT convergence)
• au-energy-compliance — NER/NGR obligations, SOCI Act critical asset provisions, AER ring-fencing

Why a separate recipe (not optional targets in au-fed)

The uk-saas vs uk-mod-sovereign split is the established pattern for distinct sectoral bundles within one jurisdiction. AESCSF + SOCI Act + AER ring-fencing represent a substantially different threat model (OT/SCADA, critical infrastructure positive security obligations, regulated-vs-contestable separation) that warrants its own ~8 ADR topics. Optional targets would bloat the federal civilian bundle for the 90% of users who don't operate energy assets.

Sequencing

1. au-fed recipe + Phase 1 commands (au-e8-posture, au-dss, au-pia) #439 first — au-fed recipe + Phase 1 commands (au-e8-posture, au-dss, au-pia) land as a community overlay
2. Phase 2 (optional, in au-fed recipe + Phase 1 commands (au-e8-posture, au-dss, au-pia) #439 or a follow-up) — au-ism-controls, au-pgpa-risk, au-dip, au-ai-assurance
3. Phase 3 (this issue) — au-energy-* recipe + au-aescsf + au-energy-compliance commands

Acceptance criteria

Same bar as #424:

• Recipe YAML at arckit-claude/skills/arckit-build/recipes/au-energy-*.yaml matching the schema in arckit-claude/skills/arckit-build/SKILL.md
• ~8 energy-sector ADR topics that meaningfully differ from the civilian baseline (OT segmentation, SOCI critical asset declarations, AER ring-fencing of shared services, AESCSF maturity targets, etc.)
• Phase 3 commands (au-aescsf, au-energy-compliance) shipped as community-overlay commands following the existing prefix pattern
• Recipe references the federal au-* commands from au-fed recipe + Phase 1 commands (au-e8-posture, au-dss, au-pia) #439 where they apply (not duplicated)
• PR description names the regulatory anchors satisfied (AESCSF, SOCI Act, AER ring-fencing, NER/NGR)

References

• Recruiting issue: help wanted: contribute a /arckit:build recipe for your jurisdiction #424
• Federal civilian sibling: au-fed recipe + Phase 1 commands (au-e8-posture, au-dss, au-pia) #439
• Reference recipe (sectoral split precedent): arckit-claude/skills/arckit-build/recipes/uk-mod-sovereign.yaml
• Recipe schema: arckit-claude/skills/arckit-build/SKILL.md

cc @royster70 — held for after #439 lands, but happy to discuss anchors / ADR topics here in the meantime.