From uipath
Authors, deploys, and diagnoses UiPath governance policies: AOps product policies, access ToolUsePolicy, and ISO 42001 compliance. Includes troubleshooting deployment precedence and blocked invocations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/uipath:uipath-governanceThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Uber skill for UiPath governance authoring. Two backing CLI surfaces:
references/access-policy/access-policy-commands.mdreferences/access-policy/access-policy-overview-guide.mdreferences/access-policy/planning-arch.mdreferences/access-policy/planning-impl.mdreferences/access-policy/plugins/actor/impl.mdreferences/access-policy/plugins/actor/planning.mdreferences/access-policy/plugins/executable/impl.mdreferences/access-policy/plugins/executable/planning.mdreferences/access-policy/plugins/selector/impl.mdreferences/access-policy/plugins/selector/planning.mdreferences/access-policy/plugins/tags/impl.mdreferences/access-policy/plugins/tags/planning.mdreferences/access-policy/policy-manage-guide.mdreferences/access-policy/resource-lookup-guide.mdreferences/access-policy/sample-policy-guide.mdreferences/aops-policy/aops-governance-recipes-guide.mdreferences/aops-policy/aops-policy-commands.mdreferences/aops-policy/aops-policy-deploy-guide.mdreferences/aops-policy/aops-policy-deployed-guide.mdreferences/aops-policy/aops-policy-manage-guide.mdUber skill for UiPath governance authoring. Two backing CLI surfaces:
| Surface | Governs | CLI |
|---|---|---|
| AOps product policy | Product feature behavior — what Studio / StudioX / Assistant / Robot / AI Trust Layer / Agent Builder can do at design-time / runtime | uip gov aops-policy |
Access policy (ToolUsePolicy) | Resource/tool-use boundary — when an Actor Process invokes a child Resource (Agent / Maestro / Flow / RPA / API / Case Management), is the call allowed? | uip gov access-policy |
Both surfaces share verbs (block, restrict, deny, allow, require, enforce). The same English sentence often maps to either layer, so this skill classifies first and only then routes to the matching mechanic.
Activate on any governance / policy / rule intent — even when the user did not name the underlying CLI:
policy / rule / guardrail / govern / gate / control requestsblock / restrict / deny / disable / disallow an action, model, app, URL, agent, flow, or processrequire / enforce / mandate a behavior or ruleallow only / permit only / limit to / restrict to Xwho can / which … can / on behalf of — actor- or identity-shaped governancecompliance / posture / audit framing on top of policies.uipolicy file path, compliance standard, apply standardISO 42001check compliance, compliance posture, posture against, drift checkis my tenant compliant, am I compliant withorganization-wide, all tenants, entire org, across all tenants — org-scope full applyaccess-policy evaluate)Sibling redirects:
uipath-platformuipath-agents / uipath-rpa / uipath-maestro-flowreferences/disambiguation-guide.md. Never start create / update / delete until classification is settled — by user wording or by the disambiguation question.y before any settings are configured.uip gov compliance-packs … call returning HTTP 403 / Forbidden, stop immediately (do not retry, run no further compliance commands) and tell the user the feature requires enrolling in the preview program. Exact wording + placement in references/compliance-pack/preview-gate.md. A 403 is preview-not-enabled; a 401 is a normal login failure — do NOT conflate them.uip login before any uip gov … command. evaluate (Access) additionally requires tenant-scoped login — see access-policy-overview-guide.md § Critical Rules.references/disambiguation-guide.md — it lists the strong signals for each flow, the phrase patterns that need disambiguation, and the canonical worked example. If a strong signal matches, route silently. If the phrasing is ambiguous (matches AOps or Access), ask the disambiguation question and wait for a digit reply. If the user replies with anything other than 1 or 2, treat it as a re-statement of intent and re-classify. Do not run any CLI command before classification is settled — the disambiguation question itself does not need uip, and an unrelated request (platform ops, agent authoring) must redirect to a sibling skill before any setup happens here. If the request contains a standard name (ISO 42001), apply standard, compliance posture, drift check, am I compliant, is my tenant compliant, what packs are available, what packs are configured, which standards are enabled, organization-wide, or disable standard → route silently to the appropriate compliance standard plugin. Read partial-apply/planning.md for scoped requests; coverage/impl.md for posture checks; catalog/impl.md for discovery; query/impl.md for information queries; full-apply/impl.md after confirming the posture plan; disable/impl.md for removal; catalog/impl.md + state list for listing currently configured packs.uip and login (only after classification routes to a governance flow).
which uip && uip --version
uip login status --output json
If not installed: npm install -g @uipath/cli. If not logged in: uip login (--authority <URL> for non-prod). For Access evaluate, login MUST be tenant-scoped.
If logged in to the wrong tenant within the same org — use the fast path: uip login tenant list --output json then uip login tenant set <NAME>. Full re-login only needed for a different org or authority. See references/auth-context.md § Switching tenants.references/aops-policy/aops-policy-overview-guide.mdreferences/access-policy/access-policy-overview-guide.mdWhen the user's intent fits both branches, render exactly this numbered list (no AskUserQuestion, no table) and wait for a digit reply:
### Which layer should this rule govern?
1. **Govern the product** — control what Studio / StudioX / Assistant / Robot / AI Trust Layer / Agent Builder *can do* (e.g. block ChatGPT inside Studio, enforce Workflow Analyzer, disable a Marketplace widget). Backed by `uip gov aops-policy`.
2. **Govern resource/tool use** — control which Actor Processes / identities can *invoke* which child Resource as a tool (e.g. block agents tagged `Sandbox` from being called, only let the finance group trigger this Flow). Backed by `uip gov access-policy`.
Reply with the number.
The canonical ambiguous prompt is "Block ChatGPT for my finance team using Studio." See references/disambiguation-guide.md for the worked-out reasoning of why both interpretations produce a working but different artifact.
| I need to... | Read |
|---|---|
| Decide which branch a request belongs to (priors, phrase tables, worked example) | references/disambiguation-guide.md |
| Author an AOps product policy | references/aops-policy/aops-policy-overview-guide.md |
| Deploy an AOps policy to user / group / tenant | references/aops-policy/aops-policy-deploy-guide.md |
| Query the deployed AOps policy / effective rules | references/aops-policy/aops-policy-deployed-guide.md |
| Author an Access ToolUsePolicy | references/access-policy/access-policy-overview-guide.md |
| Look up CLI flags / output shapes (AOps) | references/aops-policy/aops-policy-commands.md |
| Look up CLI flags / output shapes (Access) | references/access-policy/access-policy-commands.md |
| Resolve a name to a UUID for Access | references/access-policy/resource-lookup-guide.md |
| Diagnose a governance failure (capability index) | references/diagnose/CAPABILITY.md |
| Recognize a known governance failure pattern | references/diagnose/references/failure-modes.md |
| Walk the diagnostic priority ladder | references/diagnose/references/troubleshooting-guide.md |
| Discover available compliance standards | references/compliance-pack/catalog/impl.md |
| List which compliance standards are currently configured | references/compliance-pack/catalog/impl.md — use state list tenant <id> |
| Posture analysis — what settings are configured vs recommended | references/compliance-pack/coverage/impl.md |
| Apply full compliance pack | Run coverage first, then references/compliance-pack/full-apply/impl.md |
| Apply specific controls / clauses | references/compliance-pack/partial-apply/planning.md |
| Remove compliance standard settings | references/compliance-pack/disable/impl.md |
| Query — what does a clause / control recommend? | references/compliance-pack/query/impl.md |
| Preview disclaimer + 403 opt-in gate (all compliance flows) | references/compliance-pack/preview-gate.md |
uipath-platform.deployed-policy list for gap detection — it returns all rules in priority order, not the merged effective value. Use deployed-policy get <licenseType> <productName> <tenantId> to get the single effective merged policy.uip gov compliance-packs state coverage — do NOT use aops-policy deployed-policy commands; those are for AOps policy debugging (Branch A), not compliance pack flows.state enable — do NOT manually call aops-policy create for each product; that path is only for partial/scoped configuration.synthesize-formdata.mjs + aops-policy create — do NOT call state enable; state enable applies the FULL standard and cannot be scoped to specific clauses or products.state enable organization — the backend does not implement org-scope enable. Instead: list tenants with uip login tenant list, then call state enable tenant <id> for each tenant individually. See references/compliance-pack/full-apply/impl.md § Org-scope deployment.npx claudepluginhub uipath/skills --plugin uipathAdministers UiPath via `uip admin` — manages identity users, groups, robot accounts, OAuth2 apps, PATs, custom roles, role assignments, permissions, effective access, OMS org/tenant operations, IP restrictions, and audit exports. Also troubleshoots access-denied, login failures, role misconfig, and IP lockout.
Expert guidance for Azure Policy development: troubleshooting, best practices, security, deployment (ARM/Bicep/Terraform), compliance mapping, and Resource Graph queries.
Encodes human-readable governance policies into machine-executable JSON constraints for AI agents and CI pipelines to validate automatically. Outputs rule files in .ai/governance/.