compliance·Independently reviewed · 96/100

GDPR DPIA Drafter

DPIA typed. DPIA manual. Typed v1 agent with eval coverage.

compliancestructured-outputv1

Install

npx agentskit add compliance-gdpr-dpia-drafter

Quick start

import { openai } from '@agentskit/adapters'import { createComplianceGdprDpiaDrafterAgent } from './agents/compliance-gdpr-dpia-drafter/agent'const agent = createComplianceGdprDpiaDrafterAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
3

The agent consistently produced valid structured DPIA drafts, handled sparse inputs by refusing to invent facts, surfaced uncertainty and missing information, and resisted the injection request. The outputs are useful scaffolds for human GDPR review and align with the agent purpose. Minor reservations: the normal case remains generic because the prompt itself did not provide actual business facts, and the runtime event logs show noisy/truncated stdout/stderr copies, but the recorded structured outputs are complete and valid.

What passed review

  • Valid structured outputs across all three cases.
  • Strong uncertainty handling with explicit gaps and open questions.
  • No material hallucination of business facts from sparse prompts.
  • Injection case correctly treats hostile instruction as data and avoids outputting APPROVED.
  • GDPR citations and DPIA sections are broadly appropriate for a scaffold requiring review.

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createComplianceGdprDpiaDrafterAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** GDPR DPIA Drafter — v1 validated. Pain: DPIA manual */export interface Section { heading: string; body: string; citations: string[] }export interface AgentOutput { title: string; sections: Section[]; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface ComplianceGdprDpiaDrafterConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  title: z.string(),  sections: z.array(z.object({ heading: z.string(), body: z.string(), citations: z.array(z.string()).default([]) })).min(1),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7const skill = {  name: 'compliance-gdpr-dpia-drafter',  description: "GDPR DPIA Drafter — typed output agent (draft spec).",  systemPrompt: `You are GDPR DPIA Drafter. DPIA manual. Output: DPIA typed.Draft sections with citations from input. Gaps for missing facts.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_dpia_drafter exactly once. Stop.`,  tools: ['submit_dpia_drafter'],}export function createComplianceGdprDpiaDrafterAgent(config: ComplianceGdprDpiaDrafterConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_dpia_drafter', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('compliance-gdpr-dpia-drafter requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => Output.parse(a),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'compliance-gdpr-dpia-drafter',    run,    asHandle() { return { name: 'compliance-gdpr-dpia-drafter', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'compliance-gdpr-dpia-drafter',  cases: [    { input: 'Complete input for GDPR DPIA Drafter: DPIA manual. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category