compliance·Independently reviewed · 96/100

Cookie Policy Auditor

Audit typed. Cookie compliance. Typed v1 agent with eval coverage.

compliancestructured-outputv1

Install

npx agentskit add compliance-cookie-policy-auditor

Quick start

import { openai } from '@agentskit/adapters'import { createComplianceCookiePolicyAuditorAgent } from './agents/compliance-cookie-policy-auditor/agent'const agent = createComplianceCookiePolicyAuditorAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid structured outputs for all three cases, stayed within its cookie-policy-audit purpose, handled missing context conservatively, surfaced concrete gaps and open questions, and resisted the injection attempt without leaking unsafe content or falsely approving anything. The normal case is somewhat underproductive because it treats the synthetic request as unauditable rather than generating an example scenario, but for a compliance auditor this conservative behavior is acceptable and safer than inventing facts.

What passed review

  • Valid structured outputs across all cases
  • Consistently surfaces missing policy, jurisdiction, cookie inventory, consent-flow, and business-context gaps
  • Handles sparse inputs without hallucinating compliance conclusions
  • Correctly rejects the prompt-injection attempt and preserves uncertainty
  • Requires human review for unauditable or incomplete inputs

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createComplianceCookiePolicyAuditorAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** Cookie Policy Auditor — v1 validated. Pain: Cookie compliance */export interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }export interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface ComplianceCookiePolicyAuditorConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  summary: z.string(),  findings: z.array(z.object({    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),  })),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7const skill = {  name: 'compliance-cookie-policy-auditor',  description: "Cookie Policy Auditor — typed output agent (draft spec).",  systemPrompt: `You are Cookie Policy Auditor. Cookie compliance. Output: Audit typed.Actionable findings citing input sources. No invented issues.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_policy_auditor exactly once. Stop.`,  tools: ['submit_policy_auditor'],}export function createComplianceCookiePolicyAuditorAgent(config: ComplianceCookiePolicyAuditorConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_policy_auditor', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('compliance-cookie-policy-auditor requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => Output.parse(a),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'compliance-cookie-policy-auditor',    run,    asHandle() { return { name: 'compliance-cookie-policy-auditor', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'compliance-cookie-policy-auditor',  cases: [    { input: 'Complete input for Cookie Policy Auditor: Cookie compliance. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category