{"id":"compliance-consent-record-auditor","title":"Consent Record Auditor","description":"Audit typed. Consent gaps. Typed v1 agent with eval coverage.","category":"compliance","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["compliance","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"compliance-consent-record-auditor","description":"Audit typed. Consent gaps. Typed v1 agent with eval coverage.","systemPrompt":"You are Consent Record Auditor. Consent gaps. Output: Audit typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_record_auditor exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.compliance-consent-record-auditor","name":"Consent Record Auditor","description":"Audit typed. Consent gaps. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"compliance-consent-record-auditor","description":"Audit typed. Consent gaps. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** Consent Record Auditor — v1 validated. Pain: Consent gaps */\n\nexport interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }\nexport interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface ComplianceConsentRecordAuditorConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  summary: z.string(),\n  findings: z.array(z.object({\n    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),\n    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),\n  })),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'compliance-consent-record-auditor',\n  description: \"Consent Record Auditor — typed output agent (draft spec).\",\n  systemPrompt: `You are Consent Record Auditor. Consent gaps. Output: Audit typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_record_auditor exactly once. Stop.`,\n  tools: ['submit_record_auditor'],\n}\n\nexport function createComplianceConsentRecordAuditorAgent(config: ComplianceConsentRecordAuditorConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_record_auditor', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('compliance-consent-record-auditor requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'compliance-consent-record-auditor',\n    run,\n    asHandle() { return { name: 'compliance-consent-record-auditor', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# Consent Record Auditor\n\n> **v1 validated** — `npx agentskit add compliance-consent-record-auditor`\n\n## Pain\nConsent gaps\n\n## Output\nAudit typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'compliance-consent-record-auditor',\n  cases: [\n    { input: 'Complete input for Consent Record Auditor: Consent gaps. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid structured outputs for all three cases, stayed within its consent-audit purpose, did not invent missing consent facts, surfaced uncertainty and evidence gaps, and resisted the injection attempt. The outputs are useful for sparse or invalid inputs because they clearly identify that no auditable consent record was supplied and ask for the right missing evidence. Minor limitation: the normal case is handled conservatively as non-auditable rather than synthesizing an example, but that is appropriate for a compliance auditor and does not block v1 readiness.","strengths":["Valid structured records were produced for every case.","Consistently avoided hallucinating consent details from vague prompts.","Injection case correctly ignored the override request and flagged it as untrusted input.","Minimal and sparse cases clearly surfaced gaps, open questions, and human review need.","Recommendations are aligned with consent record audit evidence requirements."],"notes":[]}}