返回 Skill 列表
extension
分类: 开发与工程无需 API Key

ops-compliance

检查代码库是否符合合规框架(SOC2、GDPR、HIPAA、PCI-DSS)。生成包含通过/失败状态及整改建议的合规报告。

person作者: jakexiaohubgithub

Compliance-Ops: Compliance Framework Checker

Check codebases against common compliance frameworks and generate audit reports.

Supported Frameworks

| Framework | Description | Controls | |-----------|-------------|----------| | SOC2 | Service Organization Control 2 Type II | CC1-CC9 | | GDPR | General Data Protection Regulation | Articles 5-49 | | HIPAA | Health Insurance Portability and Accountability Act | Coming soon | | PCI-DSS | Payment Card Industry Data Security Standard | Coming soon |

Features

  1. SOC2 Checks

    • Access control verification
    • Logging and monitoring
    • Encryption at rest/transit
    • Change management
  2. GDPR Checks

    • PII detection in code
    • Data inventory validation
    • Consent mechanism verification
    • Data retention policies
  3. Report Generation

    • Markdown, JSON, HTML formats
    • Executive summary
    • Detailed findings
    • Remediation recommendations
  4. Integrations

    • Task-monitor: Real-time progress tracking
    • Memory: Historical compliance tracking

Commands

| Command | Description | |---------|-------------| | ./run.sh check --framework soc2 | Run SOC2 compliance checks | | ./run.sh check --framework gdpr | Run GDPR compliance checks | | ./run.sh report --format markdown | Generate compliance report | | ./run.sh frameworks | List available frameworks |

Usage

# SOC2 compliance check
./run.sh check --framework soc2 --path /path/to/project

# GDPR compliance check
./run.sh check --framework gdpr --path .

# Generate markdown report
./run.sh report --format markdown --output compliance_report.md

# Store results in memory
./run.sh check --framework soc2 --path . --store-results

Output Format

All commands output structured JSON with:

  • framework: Framework checked
  • checks: List of check results
  • status: pass/fail/warning
  • control_id: Control category (e.g., CC1.1)
  • description: What was checked
  • finding: Issue description if failed
  • remediation: Suggested fix

SOC2 Control Categories

| Category | Description | |----------|-------------| | CC1 | Control Environment | | CC2 | Communication and Information | | CC3 | Risk Assessment | | CC4 | Monitoring Activities | | CC5 | Control Activities | | CC6 | Logical and Physical Access | | CC7 | System Operations | | CC8 | Change Management | | CC9 | Risk Mitigation |

Integration with Task-Monitor

Compliance scans register with task-monitor:

# View scan progress
.pi/skills/task-monitor/run.sh tui --filter ops-compliance

Integration with Memory

Track compliance posture over time:

# Store results
./run.sh check --framework soc2 --path . --store-results

# Recall compliance history
.pi/skills/memory/run.sh recall "SOC2 compliance"