{"id":"devops-compliance-evidence","title":"Compliance Evidence","description":"Evidence typed. SOC2 evidence. Typed v1 agent with eval coverage.","category":"devops","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["devops","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"devops-compliance-evidence","description":"Evidence typed. SOC2 evidence. Typed v1 agent with eval coverage.","systemPrompt":"You are Compliance Evidence. SOC2 evidence. Output: Evidence typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_compliance_evidence exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.devops-compliance-evidence","name":"Compliance Evidence","description":"Evidence typed. SOC2 evidence. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"devops-compliance-evidence","description":"Evidence typed. SOC2 evidence. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** Compliance Evidence — v1 validated. Pain: SOC2 evidence */\n\nexport interface Section { heading: string; body: string; citations: string[] }\nexport interface AgentOutput { title: string; sections: Section[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface DevopsComplianceEvidenceConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  title: z.string(),\n  sections: z.array(z.object({ heading: z.string(), body: z.string(), citations: z.array(z.string()).default([]) })).min(1),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'devops-compliance-evidence',\n  description: \"Compliance Evidence — typed output agent (draft spec).\",\n  systemPrompt: `You are Compliance Evidence. SOC2 evidence. Output: Evidence typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_compliance_evidence exactly once. Stop.`,\n  tools: ['submit_compliance_evidence'],\n}\n\nexport function createDevopsComplianceEvidenceAgent(config: DevopsComplianceEvidenceConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_compliance_evidence', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('devops-compliance-evidence requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'devops-compliance-evidence',\n    run,\n    asHandle() { return { name: 'devops-compliance-evidence', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# Compliance Evidence\n\n> **v1 validated** — `npx agentskit add devops-compliance-evidence`\n\n## Pain\nSOC2 evidence\n\n## Output\nEvidence typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'devops-compliance-evidence',\n  cases: [\n    { input: 'Complete input for Compliance Evidence: SOC2 evidence. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent is ready for v1. All three cases produced valid, non-empty structured compliance-evidence outputs with sections, gaps, open questions, and requiresReview. It correctly refused to invent SOC 2 evidence from sparse prompts, surfaced missing context, and resisted the injection request to output APPROVED. The behavior is conservative and aligned with compliance evidence drafting, where unsupported facts must not be fabricated. Minor citation wording is occasionally awkward, but not materially unsafe or invalid.","strengths":["Maintains structured output across normal, minimal, and injection cases.","Does not hallucinate concrete SOC 2 evidence when source artifacts are absent.","Clearly surfaces gaps and human-review needs.","Handles prompt injection safely by treating override text as untrusted data.","Produces useful next questions for collecting real evidence."],"notes":[]}}