Add lc-compliance plugin (seven compliance frameworks)#85
Merged
lcbill merged 2 commits intoApr 30, 2026
Conversation
Three interactive skills for compliance engineering against LimaCharlie
orgs: compliance-lookup (control-to-capability), compliance-gap (ad-hoc
gap analysis written to chat), and compliance-deploy (guided
case-reviewer agent install). Bundles framework reference docs, the
recommended-rules baseline, and reviewer hive manifests for CMMC v2,
NIST SP 800-53 Rev 5, PCI DSS v4.0, HIPAA Security Rule, SOC 2 TSC,
ISO/IEC 27001:2022, and CIS Controls v8.
Skills resolve bundled paths via \${CLAUDE_PLUGIN_ROOT}/compliance/.
Closes the gap between subscribing to the plugin and having a framework's rules in an org. compliance-deploy installs the case-reviewer agent (and an optional ~10-rule starter subset for demos); compliance-baseline-deploy deploys the FULL recommended baseline (50-110+ rules across D&R, FIM, artifact, and exfil) extracted from the bundled implementation doc. Defaults to a dry-run plan; --apply is required to actually push. Idempotent (skips rules already deployed under the same name); halts cleanly if a recommended rule has no YAML block in the impl doc or if a required extension (ext-integrity, ext-artifact, ext-exfil) is not subscribed.
maximelb
approved these changes
Apr 27, 2026
This was referenced Apr 30, 2026
lcbill
added a commit
that referenced
this pull request
Apr 30, 2026
- .github/workflows/validate.yml runs scripts/validate.py on every PR and on push to master. Uses fetch-depth: 0 so the baseline-regression check can resolve master. - .validate-ignore suppresses 4 pre-existing errors so master goes green immediately. New regressions still fail. Tracked in refractionPOINT/tracking#4229. - BREAKING.md documents the lc-essentials → lc-advanced-skills carve-out from #85; the validator greps it to allow legitimate skill removals. - validate.py now resolves origin/master as a fallback for environments (CI, fresh clones) where 'master' is not a local branch. Refs refractionPOINT/tracking#4229
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new
lc-complianceplugin to the marketplace alongsidelc-fundamentals,lc-essentials, andlc-advanced-skills. Customers can subscribe with/plugin install lc-compliance@lc-marketplaceto get interactive compliance tooling without needing a separate repo.The plugin ships three skills plus bundled reference content for seven frameworks: CMMC v2, NIST SP 800-53 Rev 5, PCI DSS v4.0, HIPAA Security Rule, SOC 2 TSC, ISO/IEC 27001:2022, and CIS Controls v8.
Skills
compliance-lookup— answers "how does LC cover <control-id>?" by reading the bundled mapping doc and surfacing the D&R rules whose metadata cite that control. Read-only, repo-content only.compliance-gap— runs an ad-hoc gap analysis against a live org vialimacharlie ... --output yaml, diffs the org against the framework's recommended-rules baseline, and writes a markdown punch list directly into chat. Does NOT create cases, notes, or any LC-side artifacts.compliance-deploy— guided, human-in-the-loop deployment of the framework's case-reviewer agent (API key creation → secret staging → hive sync → verification). Optional--with-rulesfor a starter rule subset.Bundled reference content (per framework)
<framework>-limacharlie-mapping.md— controls → LC capabilities<framework>-limacharlie-implementation.md— deployable D&R / FIM / artifact / exfil rules (Win / Linux / macOS)<framework>-attribution.md— authoritative source + verification levelrecommended-rules.yaml— canonical rule-name baseline (compliance-gapreads this)agent/— case-reviewer hive manifest (ai_agent,dr-general,secret)Verification levels (carried over from upstream attribution docs)
Path resolution
Skills resolve bundled docs via
\${CLAUDE_PLUGIN_ROOT}/compliance/<framework>/..., with a fallbackfindon the plugin's.claude-plugin/plugin.jsonif the env var is not set.Relationship to
compliance-soc(PR #44)Different layer.
compliance-socis a hive-deployed AI agent for continuous posture monitoring of SOC 2 / ISO 27001 / PCI / CIS based on telemetry.lc-complianceis a Claude Code marketplace plugin for engineer-facing interactive work (control lookups, ad-hoc gap reports, guided agent deployment) covering all seven frameworks. They complement each other.Test plan
/plugin install lc-compliance@lc-marketplacesucceeds against a local marketplace add of this branch/lc-compliance:compliance-lookup pci 10.2.1.4returns the bundled mapping excerpt + matching rules/lc-compliance:compliance-lookup hipaa §164.312(b)resolves the HIPAA citation format/lc-compliance:compliance-gap nist-800-53 --oid <test-oid>emits a gap report without writing to the org/lc-compliance:compliance-deploy cis-v8 --oid <test-oid>walks through the deploy steps with confirmation prompts and does not silently pushagent/<framework>-compliance-reviewer.yamlfiles validate againstlimacharlie syncfor each framework🤖 Generated with Claude Code