Skip to content

Tags: systima-ai/comply

Tags

v1

Toggle v1's commit message 
docs: update AGENTS.md with CLI commands, schema reference, domain fi…

…eld, caveats

- Fix stale claim about .js import extensions (now extensionless)
- Add CLI commands table (scan, init, scaffold, doctor, baseline, diff, report)
- Add .systima.yml schema section with domain field documentation
- Add caveats section: .gitignore pattern, action dist committing, knowledge path resolution
- Note action.yml lives at repo root, not in packages/action/

v0.3.0

Toggle v0.3.0's commit message 
feat: risk-tiered reporting with domain-aware finding severity

Findings are now split into applicable and advisory based on declared
risk level and domain:

- Add 'domain' field to .systima.yml classification (general_purpose,
  customer_support, creditworthiness, employment, legal, etc.)
- Compliance score only counts legally required obligations for the
  declared risk tier (limited-risk: Art. 5 + Art. 50 only)
- Call-chain findings (DB persistence, conditional branching) are
  advisory/info for non-regulated domains, critical only for high-risk
  or regulated domains
- PR comment shows two sections: 'Your Obligations' (applicable) and
  a collapsible advisory section with 'if reclassified as high-risk'
- High-risk-only obligations (Art. 9-14) no longer count as failures
  for limited/minimal-risk systems
- SystemScanResult gains advisoryResults and advisoryFindings fields

Example: a limited-risk customer_support chatbot now scores 100% if
Art. 5 and Art. 50 pass, with call-chain findings shown as informational
notes in a collapsible section.

Bumps to 0.3.0.

v0.2.0

Toggle v0.2.0's commit message 
feat: v0.2.0 — PDF reports, scaffold, doctor, remediation, deduplicat…

…ion, Action deployment

New features:
- PDF report generation (pdfmake): comply report --format pdf
- comply scaffold: generates template documentation files for all declared systems
- comply doctor: validates .systima.yml config without running a full scan
- Remediation guidance on all fail/warning findings with concrete fix instructions
- Call-chain finding deduplication (14 findings → 5 unique in typical scans)
- @systima/aiact-docs integration: detects presence, suggests generation commands
- GitHub Actions job summary () with compliance overview
- Dashboard badge: badge-path input writes SVG, badge-url output for shields.io

Fixes:
- Fix CI: remove conflicting pnpm version spec from ci.yml
- Build and commit GitHub Action dist/ for first time
- Exclude packages/action/dist/ from .gitignore
- Remove .js extensions from all internal imports (use bundler resolution)

Breaking: none. Bumps @systima/comply from 0.1.1 to 0.2.0.