ai-tool-compliance
Automated compliance verification and enforcement for AI tools against 11 mandatory P0 rules covering auth, security, cost tracking, and logging.
- Verifies 11 P0 rules across four domains (Security 40pts, Auth 25pts, Cost 20pts, Logging 15pts) with quantitative compliance scoring and deploy gate verdicts (Green/Yellow/Red)
- Three execution modes: quick static scan via grep/glob patterns, full verification with evidence collection, and guided improvement with fix suggestions and re-verification loops
- Generates RBAC matrices, Gateway boilerplate, behavior log schemas, and cost-tracking interfaces on project initialization; integrates with CI/CD via bash scripts
- Role-based approval checkpoints (Service Stability, Engineer, PM, CEO) with 20 total go/no-go items; P0 FAIL triggers automatic deploy block regardless of total score
ai-tool-compliance - Internal AI Tool Compliance Automation
When to use this skill
- Starting a new AI project: When scaffolding the compliance foundation (RBAC, Gateway, logs, cost tracking) from scratch
- Pre-deploy P0 full verification: When automatically evaluating all 13 P0 mandatory requirements as pass/fail and computing a compliance score
- RBAC design and permission matrix generation: When defining the 5 roles (Super Admin/Admin/Manager/Viewer/Guest) + granular access control per game/menu/feature unit
- Auditing existing code for compliance: When inspecting an existing codebase against the guide and identifying violations
- Implementing cost transparency: When building a tracking system for model/token/BQ scan volume/cost per action
- Designing a behavior log schema: When designing a comprehensive behavior log recording system (Firestore/BigQuery)
- Role-based verification workflow: When configuring the release approval process based on Section 14 (ServiceStability/Engineer/PM/CEO)
- Building a criteria verification system: When setting up the Rule Registry + Evidence Collector + Verifier Engine + Risk Scorer + Gatekeeper architecture
Installation
More from supercent-io/skills-template
security-best-practices
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
14.1Kdata-analysis
Analyze datasets to extract insights, identify patterns, and generate reports. Use when exploring data, creating visualizations, or performing statistical analysis. Handles CSV, JSON, SQL queries, and Python pandas operations.
13.8Kweb-accessibility
Implement web accessibility (a11y) standards following WCAG 2.1 guidelines. Use when building accessible UIs, fixing accessibility issues, or ensuring compliance with disability standards. Handles ARIA attributes, keyboard navigation, screen readers, semantic HTML, and accessibility testing.
12.7Kworkflow-automation
Automate repetitive development tasks and workflows. Use when creating build scripts, automating deployments, or setting up development workflows. Handles npm scripts, Makefile, GitHub Actions workflows, and task automation.
12.6Kcode-review
Conduct thorough, constructive code reviews for quality and security. Use when reviewing pull requests, checking code quality, identifying bugs, or auditing security. Handles best practices, SOLID principles, security vulnerabilities, performance analysis, and testing coverage.
12.5Kdatabase-schema-design
Design and optimize database schemas for SQL and NoSQL databases. Use when creating new databases, designing tables, defining relationships, indexing strategies, or database migrations. Handles PostgreSQL, MySQL, MongoDB, normalization, and performance optimization.
12.2K