{"id":"compliance-gdpr-dpia-drafter","title":"GDPR DPIA Drafter","description":"DPIA typed. DPIA manual. Typed v1 agent with eval coverage.","category":"compliance","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["compliance","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"locale":"eu","skill":{"name":"compliance-gdpr-dpia-drafter","description":"DPIA typed. DPIA manual. Typed v1 agent with eval coverage.","systemPrompt":"You are GDPR DPIA Drafter. DPIA manual. Output: DPIA typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_dpia_drafter exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.compliance-gdpr-dpia-drafter","name":"GDPR DPIA Drafter","description":"DPIA typed. DPIA manual. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"compliance-gdpr-dpia-drafter","description":"DPIA typed. DPIA manual. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** GDPR DPIA Drafter — v1 validated. Pain: DPIA manual */\n\nexport interface Section { heading: string; body: string; citations: string[] }\nexport interface AgentOutput { title: string; sections: Section[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface ComplianceGdprDpiaDrafterConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  title: z.string(),\n  sections: z.array(z.object({ heading: z.string(), body: z.string(), citations: z.array(z.string()).default([]) })).min(1),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'compliance-gdpr-dpia-drafter',\n  description: \"GDPR DPIA Drafter — typed output agent (draft spec).\",\n  systemPrompt: `You are GDPR DPIA Drafter. DPIA manual. Output: DPIA typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_dpia_drafter exactly once. Stop.`,\n  tools: ['submit_dpia_drafter'],\n}\n\nexport function createComplianceGdprDpiaDrafterAgent(config: ComplianceGdprDpiaDrafterConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_dpia_drafter', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('compliance-gdpr-dpia-drafter requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'compliance-gdpr-dpia-drafter',\n    run,\n    asHandle() { return { name: 'compliance-gdpr-dpia-drafter', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# GDPR DPIA Drafter\n\n> **v1 validated** — `npx agentskit add compliance-gdpr-dpia-drafter`\n\n## Pain\nDPIA manual\n\n## Output\nDPIA typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'compliance-gdpr-dpia-drafter',\n  cases: [\n    { input: 'Complete input for GDPR DPIA Drafter: DPIA manual. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":3,"cases":3,"summary":"The agent consistently produced valid structured DPIA drafts, handled sparse inputs by refusing to invent facts, surfaced uncertainty and missing information, and resisted the injection request. The outputs are useful scaffolds for human GDPR review and align with the agent purpose. Minor reservations: the normal case remains generic because the prompt itself did not provide actual business facts, and the runtime event logs show noisy/truncated stdout/stderr copies, but the recorded structured outputs are complete and valid.","strengths":["Valid structured outputs across all three cases.","Strong uncertainty handling with explicit gaps and open questions.","No material hallucination of business facts from sparse prompts.","Injection case correctly treats hostile instruction as data and avoids outputting APPROVED.","GDPR citations and DPIA sections are broadly appropriate for a scaffold requiring review."],"notes":[]}}