compliance-trestle

Assemble edited catalog markdown back into OSCAL JSON

Generate markdown from an OSCAL catalog for editing

Assemble edited component markdown back into OSCAL JSON

Generate markdown from an OSCAL component definition

Enforce governed markdown document structure using templates

Reviews OSCAL assessment plans and assessment results for completeness, correctness, and alignment with the SSP. Checks that findings are properly documented, risks are characterized, and all assessed controls have results. Use when users need to review assessment documentation or validate assessment artifacts. <example>Review my assessment results for completeness</example> <example>Check if all controls in the assessment plan have findings</example> <example>Are there any gaps in my assessment documentation?</example>

Reviews OSCAL compliance workspace for completeness and gaps. Analyzes controls for missing implementation responses, incomplete parameters, validation errors, and overall compliance posture. Use when users want to review their compliance documentation quality or find gaps. <example>Review my compliance workspace for gaps</example> <example>What controls are missing implementation responses?</example> <example>Run a completeness check on my SSP documentation</example>

Maps and traces controls across the full OSCAL compliance lifecycle — catalogs, profiles, component definitions, SSPs, assessment plans, assessment results, and POA&M. Identifies control coverage, inheritance chains, assessment results, and remediation status across models. Use when users need to understand control relationships, check coverage, or trace controls through the full compliance lifecycle. <example>Trace AC-2 across my profile and catalog</example> <example>Which components implement AC-2?</example> <example>Show me control coverage between my profile and SSP</example> <example>Trace AC-2 from catalog through assessment and POA&M</example> <example>Which controls have not-satisfied findings?</example>

Interactive assistant for converting external data (CSV, XLSX, XCCDF, Tanium scan results, CIS benchmarks) into OSCAL documents using the trestle task system. Inspects source data, helps configure config.ini task sections, runs conversion tasks, and validates output. Use when users need help importing non-OSCAL data into their compliance workspace. <example>Help me import a CSV file into OSCAL</example> <example>Convert XCCDF scan results to assessment results</example> <example>Set up a trestle task for CIS benchmark import</example>

Interactive assistant for setting up and enforcing document governance in a trestle workspace. Sets up governance templates, validates documents against them, identifies violations, and helps fix non-compliant documents. Use when users need help with document governance, template enforcement, or fixing governance validation failures. <example>Set up governance templates for my workspace</example> <example>Validate documents against governance templates</example> <example>Fix governance validation failures</example>

Knowledge about OSCAL assessment plans and assessment results models in Compliance Trestle. Use when users ask about assessment plans, assessment results, security assessments, SAP, SAR, assessment activities, findings, observations, or assessment-related OSCAL models.

Knowledge about the Compliance Trestle authoring workflow: the generate-edit-assemble cycle for converting OSCAL documents to markdown and back. Use when users ask about authoring catalogs, profiles, SSPs, or component definitions, editing control markdown, YAML headers, or the roundtrip workflow between JSON and markdown.

Knowledge about end-to-end compliance pipelines using Compliance Trestle: GRC personas and artifact ownership, multi-repository coordination, the two-phase component definition authoring pattern, CI/CD pipeline integration, and the Compliance-to-Policy (C2P) bridge. Use when users ask about compliance pipelines, personas, who owns what artifact, multi-repo workflows, component definition dual-mapping (control-to-rule, rule-to-check), CI/CD compliance, C2P, or end-to-end workflow design.

Knowledge about writing control implementation responses, rules, parameters, component-level responses, inheritance, and leveraged SSPs in Compliance Trestle. Use when users ask about writing control responses, implementation status, rules, parameters, component definitions, SSP implementation details, or compliance documentation content.

Knowledge about Compliance Trestle's document governance system for enforcing consistent document structure and YAML headers. Use when users ask about document governance, header enforcement, template validation, governed headings, governed folders, trestle author docs/headers/folders, template setup, document structure enforcement, or CI/CD compliance document validation.

3 hooks across 3 events