compliance-trestle

Assemble edited catalog markdown back into OSCAL JSON

Generate markdown from an OSCAL catalog for editing

Assemble edited component markdown back into OSCAL JSON

Generate markdown from an OSCAL component definition

Enforce governed markdown document structure using templates

Enforce governed folder structure using templates

Validate and enforce YAML header consistency across markdown documents

Render Jinja2 templates against OSCAL data to generate documents

Assemble edited profile markdown back into OSCAL JSON

Generate markdown from an OSCAL profile for editing

Generate an inheritance view from a profile and leveraged SSP

Resolve a profile to produce a flattened catalog

Assemble SSP markdown into an OSCAL System Security Plan JSON

Filter an SSP by profile or components

Generate SSP markdown from a profile and optional component definitions

Assemble a split OSCAL model into a single file in dist/

Create a new OSCAL model in the workspace

Describe the structure and contents of an OSCAL model

Import an existing OSCAL document into the workspace

Merge split OSCAL sub-components back into their parent file

Remove a subcomponent from an OSCAL model

Replicate (copy/rename) an OSCAL model in the workspace

Split an OSCAL model into smaller sub-component files

Show configuration requirements for a specific trestle task

List all available trestle data conversion tasks

Run a trestle data conversion task (CSV/XLSX/XCCDF → OSCAL)

Full assessment workflow — create/import, split, edit, merge, and validate assessment plans and results

Full catalog authoring workflow - generate, edit, and assemble

Full component definition authoring workflow

Guided workflow to import data into a trestle workspace — OSCAL files via trestle import, or external formats (CSV/XLSX/XCCDF/Tanium) via trestle tasks

Guided workflow to set up governance — workspace templates, config, and document-level enforcement via trestle author

Full POA&M workflow — create from assessment findings, track remediation, manage milestones

Full profile authoring workflow - generate, edit, and assemble

Full SSP authoring workflow - generate, edit, and assemble

Configure compliance-trestle plugin settings for this project

View or update profile import hrefs to point to local workspace

Initialize a new Compliance Trestle workspace

Validate a specific OSCAL element within a file

Show the status of the current Trestle workspace

Validate OSCAL models in the Trestle workspace

Show trestle and OSCAL version information

Reviews OSCAL assessment plans and assessment results for completeness, correctness, and alignment with the SSP. Checks that findings are properly documented, risks are characterized, and all assessed controls have results. Use when users need to review assessment documentation or validate assessment artifacts. <example>Review my assessment results for completeness</example> <example>Check if all controls in the assessment plan have findings</example> <example>Are there any gaps in my assessment documentation?</example>

Reviews OSCAL compliance workspace for completeness and gaps. Analyzes controls for missing implementation responses, incomplete parameters, validation errors, and overall compliance posture. Use when users want to review their compliance documentation quality or find gaps. <example>Review my compliance workspace for gaps</example> <example>What controls are missing implementation responses?</example> <example>Run a completeness check on my SSP documentation</example>

Maps and traces controls across the full OSCAL compliance lifecycle — catalogs, profiles, component definitions, SSPs, assessment plans, assessment results, and POA&M. Identifies control coverage, inheritance chains, assessment results, and remediation status across models. Use when users need to understand control relationships, check coverage, or trace controls through the full compliance lifecycle. <example>Trace AC-2 across my profile and catalog</example> <example>Which components implement AC-2?</example> <example>Show me control coverage between my profile and SSP</example> <example>Trace AC-2 from catalog through assessment and POA&M</example> <example>Which controls have not-satisfied findings?</example>

Interactive assistant for converting external data (CSV, XLSX, XCCDF, Tanium scan results, CIS benchmarks) into OSCAL documents using the trestle task system. Inspects source data, helps configure config.ini task sections, runs conversion tasks, and validates output. Use when users need help importing non-OSCAL data into their compliance workspace. <example>Help me import a CSV file into OSCAL</example> <example>Convert XCCDF scan results to assessment results</example> <example>Set up a trestle task for CIS benchmark import</example>

Interactive assistant for setting up and enforcing document governance in a trestle workspace. Sets up governance templates, validates documents against them, identifies violations, and helps fix non-compliant documents. Use when users need help with document governance, template enforcement, or fixing governance validation failures. <example>Set up governance templates for my workspace</example> <example>Validate documents against governance templates</example> <example>Fix governance validation failures</example>

Designs end-to-end compliance pipelines using Trestle: assesses existing workspace artifacts, recommends repository topology (single vs multi-repo), designs CI/CD pipelines for validation and assembly, plans component definition strategy (two-phase authoring, Service vs Validation types), and walks through the full catalog-to-assessment-results chain. <example>Design a compliance pipeline for my FedRAMP authorization</example> <example>What's the best repo structure for my team of 3?</example> <example>Help me set up CI/CD for trestle assembly</example> <example>How should I structure my component definitions?</example> <example>Walk me through the full pipeline from catalog to assessment</example>

Manages Plan of Action and Milestones (POA&M) lifecycle — creates POA&M from assessment findings, tracks remediation progress, manages milestones, and generates status reports. Use when users need to create, update, or track POA&M items, manage remediation workflows, or review POA&M status. <example>Create a POA&M from my assessment results</example> <example>Update remediation status for AC-2</example> <example>Show POA&M milestone timeline</example> <example>Close finding for SC-7</example> <example>What POA&M items are overdue?</example>

Interactive assistant for writing System Security Plan (SSP) implementation responses. Guides users through control-by-control SSP authoring, explains control requirements, suggests implementation language, and helps write compliant responses. Use when users need help writing SSP content or understanding control requirements. <example>Help me write SSP implementation responses</example> <example>Draft control implementation for AC-2</example> <example>Guide me through authoring SSP controls</example>

Helps diagnose and fix Compliance Trestle validation errors. Runs validation commands, interprets error messages, identifies root causes, and guides users through fixes. Use when users encounter trestle validation failures, schema errors, or need help troubleshooting their OSCAL workspace. <example>Help me fix these trestle validation errors</example> <example>My SSP assembly is failing, what's wrong?</example> <example>Why is trestle validate showing errors on my profile?</example>

Explores and explains the structure of a Compliance Trestle workspace. Shows model inventory, relationships between documents, workspace health, and content summaries. Use when users want to understand their trestle workspace or get an overview of its contents. <example>Show me the structure of my trestle workspace</example> <example>What OSCAL models are in this workspace?</example> <example>Give me an overview of my compliance workspace</example>

Knowledge about OSCAL assessment plans and assessment results models in Compliance Trestle. Use when users ask about assessment plans, assessment results, security assessments, SAP, SAR, assessment activities, findings, observations, or assessment-related OSCAL models.

Knowledge about the Compliance Trestle authoring workflow: the generate-edit-assemble cycle for converting OSCAL documents to markdown and back. Use when users ask about authoring catalogs, profiles, SSPs, or component definitions, editing control markdown, YAML headers, or the roundtrip workflow between JSON and markdown.

Knowledge about end-to-end compliance pipelines using Compliance Trestle: GRC personas and artifact ownership, multi-repository coordination, the two-phase component definition authoring pattern, CI/CD pipeline integration, and the Compliance-to-Policy (C2P) bridge. Use when users ask about compliance pipelines, personas, who owns what artifact, multi-repo workflows, component definition dual-mapping (control-to-rule, rule-to-check), CI/CD compliance, C2P, or end-to-end workflow design.

Knowledge about writing control implementation responses, rules, parameters, component-level responses, inheritance, and leveraged SSPs in Compliance Trestle. Use when users ask about writing control responses, implementation status, rules, parameters, component definitions, SSP implementation details, or compliance documentation content.

Knowledge about Compliance Trestle's document governance system for enforcing consistent document structure and YAML headers. Use when users ask about document governance, header enforcement, template validation, governed headings, governed folders, trestle author docs/headers/folders, template setup, document structure enforcement, or CI/CD compliance document validation.

Knowledge about Compliance Trestle's Jinja2 templating system for generating compliance documents. Use when users ask about Jinja templates, document generation from OSCAL data, custom trestle Jinja tags (mdsection_include, md_clean_include, md_datestamp), custom filters (as_list, get_party, parties_for_role, diagram_href), SSP document rendering, lookup tables, or bracket formatting.

Knowledge about OSCAL model types, their relationships, and how they are managed in Compliance Trestle. Use when users ask about OSCAL documents, model types, catalogs, profiles, SSPs, component definitions, or how different compliance models relate to each other.

Knowledge about the OSCAL Plan of Action and Milestones (POA&M) model in Compliance Trestle. Use when users ask about POA&M, plan of action, milestones, remediation, findings tracking, risk management, or managing security finding remediation workflows.

Knowledge about the Compliance Trestle task system for data conversion and transformation. Use when users ask about CSV import, XLSX import, XCCDF results, Tanium results, CIS benchmarks, data conversion to OSCAL, config.ini task configuration, trestle tasks, or converting scan results to assessment results.

Knowledge about Compliance Trestle validation, common errors, and troubleshooting. Use when users ask about validation errors, trestle validate failures, OSCAL schema validation, fixing compliance document issues, or troubleshooting trestle problems.

Knowledge about Compliance Trestle workspace structure, initialization, and directory conventions. Use when users ask about trestle workspaces, directory layout, .trestle config, model directories, or how to set up and organize an OSCAL compliance workspace.

3 hooks across 3 events