Compliance-Ops: Compliance Framework Checker
Check codebases against common compliance frameworks and generate audit reports.
Supported Frameworks
| Framework | Description | Controls | |-----------|-------------|----------| | SOC2 | Service Organization Control 2 Type II | CC1-CC9 | | GDPR | General Data Protection Regulation | Articles 5-49 | | HIPAA | Health Insurance Portability and Accountability Act | Coming soon | | PCI-DSS | Payment Card Industry Data Security Standard | Coming soon |
Features
-
SOC2 Checks
- Access control verification
- Logging and monitoring
- Encryption at rest/transit
- Change management
-
GDPR Checks
- PII detection in code
- Data inventory validation
- Consent mechanism verification
- Data retention policies
-
Report Generation
- Markdown, JSON, HTML formats
- Executive summary
- Detailed findings
- Remediation recommendations
-
Integrations
- Task-monitor: Real-time progress tracking
- Memory: Historical compliance tracking
Commands
| Command | Description |
|---------|-------------|
| ./run.sh check --framework soc2 | Run SOC2 compliance checks |
| ./run.sh check --framework gdpr | Run GDPR compliance checks |
| ./run.sh report --format markdown | Generate compliance report |
| ./run.sh frameworks | List available frameworks |
Usage
# SOC2 compliance check
./run.sh check --framework soc2 --path /path/to/project
# GDPR compliance check
./run.sh check --framework gdpr --path .
# Generate markdown report
./run.sh report --format markdown --output compliance_report.md
# Store results in memory
./run.sh check --framework soc2 --path . --store-results
Output Format
All commands output structured JSON with:
framework: Framework checkedchecks: List of check resultsstatus: pass/fail/warningcontrol_id: Control category (e.g., CC1.1)description: What was checkedfinding: Issue description if failedremediation: Suggested fix
SOC2 Control Categories
| Category | Description | |----------|-------------| | CC1 | Control Environment | | CC2 | Communication and Information | | CC3 | Risk Assessment | | CC4 | Monitoring Activities | | CC5 | Control Activities | | CC6 | Logical and Physical Access | | CC7 | System Operations | | CC8 | Change Management | | CC9 | Risk Mitigation |
Integration with Task-Monitor
Compliance scans register with task-monitor:
# View scan progress
.pi/skills/task-monitor/run.sh tui --filter ops-compliance
Integration with Memory
Track compliance posture over time:
# Store results
./run.sh check --framework soc2 --path . --store-results
# Recall compliance history
.pi/skills/memory/run.sh recall "SOC2 compliance"
微信扫一扫