Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From compliance-trestle
Enforces consistent Markdown document structure, YAML headers, and folder layouts in Compliance Trestle using governance commands for template setup, validation, and CI/CD integration. Activate for header enforcement, governed headings, or template checks.
npx claudepluginhub ethanolivertroy/compliance-trestle-skills --plugin compliance-trestleHow this skill is triggered — by the user, by Claude, or both
Slash command
/compliance-trestle:trestle-governanceThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Trestle provides three governance commands that enforce consistent structure across compliance documentation using templates. This enables teams to maintain standardized document formats and integrate structure validation into CI/CD pipelines.
Encodes human-readable governance policies into machine-executable JSON constraints for AI agents and CI pipelines to validate automatically. Outputs rule files in .ai/governance/.
Guides OSCAL document selection (SSP, Profile, AR, POA&M), authoring, validation error fixes, schema versioning, and integrations with FedRAMP, eMASS, Compliance Trestle.
Create and manage DeepSchemas for automatic file validation on write/edit and review rule generation using YAML requirements and JSON Schemas. Matches files via globs.
Share bugs, ideas, or general feedback.
Trestle provides three governance commands that enforce consistent structure across compliance documentation using templates. This enables teams to maintain standardized document formats and integrate structure validation into CI/CD pipelines.
| Command | Scope | What It Enforces |
|---|---|---|
trestle author headers | YAML frontmatter only | Header field names, types, and required values |
trestle author docs | Full markdown documents | Headers + document structure (headings, sections) |
trestle author folders | Directory structure | Headers + docs + folder layout (same files in each instance) |
Each governance command supports four modes:
| Mode | Purpose | Example |
|---|---|---|
setup | Create template directory and initial templates | trestle author docs setup -tn my-task |
create-sample | Generate new instances from templates | trestle author docs create-sample -tn my-task |
template-validate | Validate the template files themselves | trestle author docs template-validate -tn my-task |
validate | Validate instance documents against templates | trestle author docs validate -tn my-task |
Templates are stored in the trestle workspace under:
.trestle/author/<task-name>/
├── template.md # For docs governance
├── a_template.md # For folders governance
├── another_template.md # Additional folder templates
└── architecture.drawio # Non-markdown templates
Instance documents live at the workspace root:
<task-name>/
├── document_001.md # Created by create-sample
├── document_002.md
└── subfolder/ # For folders governance
├── a_template.md
└── another_template.md
Templates use x-trestle-template-version in their YAML header to track versions:
---
x-trestle-template-version: 1.0.0
title: ""
description: ""
status: draft
---
When --template-version is specified during validation, only documents matching that template version are checked. This enables gradual template migration.
The -gh / --governed-heading flag enforces that specific markdown headings exist in documents:
trestle author docs validate -tn my-task -gh "Purpose" -gh "Scope"
This ensures every document under my-task/ contains ## Purpose and ## Scope sections.
| Flag | Commands | Description |
|---|---|---|
-tn, --task-name | All | Task name (maps to directory names) |
-gh, --governed-heading | docs, folders | Required heading in documents |
-hv, --header-validate | docs, folders | Validate YAML header structure |
-hov, --header-only-validate | docs, folders | Only validate headers, skip body |
-r, --recurse | headers, docs | Recurse into subdirectories |
-rv, --readme-validate | All | Include README.md in validation |
-tv, --template-version | All | Target specific template version |
-ig, --ignore | All | Regex to ignore files/folders |
-g, --global | headers | Use global template at __global__/ |
-vtt, --validate-template-type | docs, folders | Use x-trestle-template-type field |
Governance commands are designed for CI/CD pipelines. Common patterns:
- name: Validate compliance docs
run: |
trestle author docs validate -tn policies -hv -gh "Purpose" -gh "Scope"
trestle author headers validate -tn standards -r
- repo: local
hooks:
- id: trestle-docs-validate
name: Validate governed docs
entry: trestle author docs validate -tn my-task -hv
language: system
pass_filenames: false
Create templates:
trestle author docs setup -tn security-policies
Customize the template at .trestle/author/security-policies/template.md:
x-trestle-template-versionGenerate samples:
trestle author docs create-sample -tn security-policies
Validate:
trestle author docs validate -tn security-policies -hv -gh "Purpose"
Add to CI/CD to enforce going forward.
Choose the right governance level:
Located at .trestle/author/security-policies/template.md:
---
x-trestle-template-version: 1.0.0
title: ""
status: draft
owner: ""
review-date: ""
---
# [Policy Title]
## Purpose
[Describe why this policy exists and what it aims to achieve.]
## Scope
[Describe who and what this policy applies to.]
## Policy Statement
[The actual policy requirements and mandates.]
## Enforcement
[Describe consequences for non-compliance and how the policy is enforced.]
## Exceptions
[Process for requesting exceptions and who approves them.]
An actual policy at security-policies/access-control-policy.md:
---
x-trestle-template-version: 1.0.0
title: Access Control Policy
status: approved
owner: Chief Information Security Officer
review-date: 2025-06-15
---
# Access Control Policy
## Purpose
This policy establishes requirements for managing access to organizational
information systems to ensure only authorized users can access sensitive
resources.
## Scope
This policy applies to all employees, contractors, and third-party users
who access organizational information systems.
## Policy Statement
All access to information systems must follow the principle of least
privilege. Users shall be granted only the minimum access necessary to
perform their job functions. Privileged access requires additional approval
from the system owner and ISSO.
## Enforcement
Violations are handled through the organizational disciplinary process.
Automated monitoring detects unauthorized access attempts and triggers
incident response procedures.
## Exceptions
Exception requests must be submitted to the ISSO with business justification.
Exceptions are reviewed quarterly and expire after 12 months unless renewed.
trestle author docs validate -tn security-policies -hv \
-gh "Purpose" -gh "Scope" -gh "Policy Statement" \
-gh "Enforcement" -gh "Exceptions"
Global templates apply organization-wide header standards across all task names.
Location: .trestle/author/__global__/
.trestle/author/
├── __global__/
│ └── template.md # Global header template
├── security-policies/
│ └── template.md # Task-specific template (extends global)
└── procedures/
└── template.md
status, owner, review-date)-g flag:
trestle author headers validate -tn security-policies -g
trestle author headers validate -tn security-policies -g
trestle author docs validate -tn security-policies -hv -gh "Purpose"
This lets you enforce organization-wide metadata standards while allowing each document type to have its own structural requirements.
When templates evolve (e.g., adding a new required heading or header field), use template versioning for a smooth transition.
Update the template with the new requirements and bump the version:
---
x-trestle-template-version: 2.0.0 # was 1.0.0
title: ""
status: draft
owner: ""
review-date: ""
risk-level: "" # new required field
---
Add the new governed heading (if applicable):
## Risk Assessment
[New required section for v2.0.0]
Validate old documents against the old version (no breakage):
trestle author docs validate -tn security-policies -hv --template-version 1.0.0
Migrate documents incrementally — update each document to v2.0.0 format by adding the new field and section, then change its x-trestle-template-version to 2.0.0.
Validate migrated documents against the new version:
trestle author docs validate -tn security-policies -hv --template-version 2.0.0
Drop the old version once all documents are migrated — remove the --template-version flag to validate all documents against the current template.
Governed folders ensure every instance of a folder-based document package has the same structure.
.trestle/author/assessment-evidence/
├── overview.md
├── test-results.md
└── screenshots/
└── placeholder.md
Each assessment creates a folder matching this structure:
assessment-evidence/
├── 2024-q1-assessment/
│ ├── overview.md
│ ├── test-results.md
│ └── screenshots/
│ └── placeholder.md
├── 2024-q3-assessment/
│ ├── overview.md
│ ├── test-results.md
│ └── screenshots/
│ └── placeholder.md
# Set up the governed folder template
trestle author folders setup -tn assessment-evidence
# Create a new instance from the template
trestle author folders create-sample -tn assessment-evidence -on 2025-q1-assessment
# Validate all instances have the required structure
trestle author folders validate -tn assessment-evidence -hv
Validation checks that each instance folder contains all the files present in the template folder, and that those files conform to their template's headers and governed headings.