playbooks

home / skills / oimiragieo / agent-studio / compliance-policy-check

compliance-policy-check skill

/.claude/skills/compliance-policy-check

This skill validates planned changes against policy rules before implementation, flagging gaps and guiding compliant design decisions.

npx playbooks add skill oimiragieo/agent-studio --skill compliance-policy-check

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.8 KB
---
name: compliance-policy-check
description: Validate planned changes against local framework rules and policy guardrails before implementation or creation.
version: 1.0.0
model: sonnet
invoked_by: both
user_invocable: true
tools: [Read, Glob, Grep, Skill]
error_handling: graceful
streaming: supported
---

# Compliance Policy Check

## Overview

Evaluate a design/plan against framework policy and rule constraints before execution. Use this for regulated or high-risk changes.

## When to Use

- Before creator workflows for new artifacts
- Before HIGH/EPIC implementation phases
- During reflection when repeated policy violations are observed

## The Iron Law

```
DO NOT EXECUTE OR MODIFY CODE HERE.
ONLY ASSESS POLICY ALIGNMENT AND REPORT GAPS.
```

## Workflow

### Step 1: Gather Policy Context

- Read relevant files in `.claude/rules/`
- Read applicable workflow/agent constraints
- Read enforcement hook docs if needed

### Step 2: Evaluate Proposed Change

Assess against:

1. Creator guard and artifact lifecycle rules
2. Routing and specialist-first requirements
3. Security and quality gate requirements
4. Memory/search/token-saver policy expectations

### Step 3: Produce Decision

Return one policy decision:

- `PASS`: policy-aligned
- `CONDITIONAL`: allowed with required mitigations
- `FAIL`: not policy-compliant

Use this output shape:

```json
{
  "decision": "PASS|CONDITIONAL|FAIL",
  "policyFindings": ["..."],
  "requiredMitigations": [],
  "evidencePaths": ["..."],
  "recommendedNextStep": "..."
}
```

## Output Protocol

For `CONDITIONAL` and `FAIL`, include precise remediation tasks and ownership (agent type).

## Memory Protocol

Record recurring policy drift patterns in `.claude/context/memory/issues.md` and stabilized controls in `.claude/context/memory/decisions.md`.

Overview

This skill validates planned changes against local framework rules and policy guardrails before any implementation or creation. It prevents risky or non-compliant artifacts from being executed by checking design choices against established constraints. The goal is to surface policy gaps, required mitigations, and a clear decision (PASS, CONDITIONAL, or FAIL) with actionable next steps.

How this skill works

The skill reads policy sources and workflow constraints to build context, then evaluates the proposed change across creator, routing, security, and lifecycle rules. It produces a single decision with supporting findings, evidence paths, and remediation tasks. For conditional or failing outcomes it assigns ownership for required mitigations and recommends the next execution step.

When to use it

  • Before creating new artifacts or starting creator workflows
  • Prior to implementing HIGH-risk or EPIC-level changes
  • When repeated policy violations or drift are detected
  • During design reviews to prevent late-stage rework
  • Before enabling automation that impacts security or routing

Best practices

  • Provide the full policy context and relevant rule files with the change proposal
  • Include concrete artifact lifecycle expectations and routing requirements
  • List any prior incidents or recurring drift patterns to check memory
  • Treat CONDITIONAL decisions as blockers until mitigations are verified
  • Record discovered gaps and resolved controls to the memory paths

Example use cases

  • Validating a new agent workflow against specialist-first routing and escalation rules
  • Checking a proposed data retention change against memory and token-saver policies
  • Assessing a high-impact feature for security and quality gate compliance
  • Reviewing artifact lifecycle transitions for creator guard adherence
  • Evaluating automation that could bypass enforcement hooks or audits

FAQ

What outputs should I expect?

A single decision (PASS, CONDITIONAL, or FAIL), policy findings, evidence paths, required mitigations, and a recommended next step.

What if the decision is CONDITIONAL?

The skill lists precise remediation tasks with ownership tied to an agent type; the change should not proceed until mitigations are implemented and verified.