ai-tool-compliance

SKILL.md

Automated compliance verification and enforcement for AI tools against 11 mandatory P0 rules covering auth, security, cost tracking, and logging.

Verifies 11 P0 rules across four domains (Security 40pts, Auth 25pts, Cost 20pts, Logging 15pts) with quantitative compliance scoring and deploy gate verdicts (Green/Yellow/Red)

Three execution modes: quick static scan via grep/glob patterns, full verification with evidence collection, and guided improvement with fix suggestions and re-verification loops

Generates RBAC matrices, Gateway boilerplate, behavior log schemas, and cost-tracking interfaces on project initialization; integrates with CI/CD via bash scripts

Role-based approval checkpoints (Service Stability, Engineer, PM, CEO) with 20 total go/no-go items; P0 FAIL triggers automatic deploy block regardless of total score

ai-tool-compliance - Internal AI Tool Compliance Automation

When to use this skill

Starting a new AI project: When scaffolding the compliance foundation (RBAC, Gateway, logs, cost tracking) from scratch

Pre-deploy P0 full verification: When automatically evaluating all 13 P0 mandatory requirements as pass/fail and computing a compliance score

RBAC design and permission matrix generation: When defining the 5 roles (Super Admin/Admin/Manager/Viewer/Guest) + granular access control per game/menu/feature unit

Auditing existing code for compliance: When inspecting an existing codebase against the guide and identifying violations

Implementing cost transparency: When building a tracking system for model/token/BQ scan volume/cost per action

Designing a behavior log schema: When designing a comprehensive behavior log recording system (Firestore/BigQuery)

Role-based verification workflow: When configuring the release approval process based on Section 14 (ServiceStability/Engineer/PM/CEO)

Building a criteria verification system: When setting up the Rule Registry + Evidence Collector + Verifier Engine + Risk Scorer + Gatekeeper architecture

Installation