Install
openclaw skills install @zw008/compliance-aiopsUse this skill whenever the user needs compliance evidence from the audit trails their governed AIops agents already write — mapping AI-agent infra-ops activity to HIPAA §164.312, PCI-DSS v4.0, SOC 2 TSC, or GDPR controls, producing a change-approval report, a gap analysis, an exceptions/anomaly report, or a hash-chain-sealed, tamper-evident evidence bundle. Always use this skill for "compliance evidence", "HIPAA / PCI-DSS / SOC 2 / GDPR evidence", "audit trail report", "coverage for control X", "which controls are we short on / gap analysis", "who approved this change / change-management evidence", "denied or errored ops / anomaly evidence", "seal / sign an evidence bundle", "prove this bundle wasn't altered", or "detect deleted audit rows". Do NOT use to scan or operate infrastructure and do NOT treat it as a GRC platform — it reads the local audit databases the OTHER AIops-tools write and converts them to evidence; for platform operations use those other AIops-tools. Preview — evidence, not certification. Reads sibling audit trails read-only; no external API, no network, no platform credentials. Fully offline and deterministic.
openclaw skills install @zw008/compliance-aiopsDisclaimer: Community-maintained open-source project, not affiliated with, endorsed by, or sponsored by any framework body or GRC vendor. HIPAA, PCI-DSS, SOC 2, GDPR and OSCAL are referenced descriptively; trademarks belong to their owners. Source at github.com/AIops-tools/Compliance-AIops under the MIT license.
Governed compliance-evidence tooling — 15 MCP tools. It reads the audit
trails your governed AIops agents already write (~/.<tool>-aiops/audit.db, one
shared audit_log schema, discovered via ~/.*-aiops/audit.db) read-only,
and turns that activity into framework-mapped, hash-chain-sealed compliance
evidence. It does not scan infrastructure and does not replace a GRC
platform.
Standalone: the governance harness is bundled (
compliance_aiops.governance). Not a platform wrapper — no external API, no network, no platform credentials. Preview: evidence, not certification; fully offline and deterministic.
| Group | Tools | Count | Read/Write |
|---|---|---|---|
| Audit reads | list_audit_sources, query_audit_events, activity_timeline | 3 | read |
| Framework mapping | list_frameworks, coverage_summary, control_evidence, gap_analysis | 4 | read |
| Assurance reports | approval_report, exceptions_report | 2 | read |
| Integrity | verify_source_chain, verify_bundle, list_bundles | 3 | read |
| Artifacts | generate_evidence_bundle (low), export_bundle (low), sign_bundle (medium) | 3 | write (no external mutation) |
| Framework | Sample controls (strength) |
|---|---|
| HIPAA §164.312 | 164.312(b) Audit controls (strong), 164.312(a)(1) Access control (strong), 164.312(c)(1) Integrity (strong) |
| PCI-DSS v4.0 | 10.2 Audit log content (strong), 10.3 Protect audit logs (strong), 7-8 Least privilege / authn (partial) |
| SOC 2 TSC | CC6.1 Logical access (strong), CC7.2 Monitoring (strong), CC8.1 Change management (strong) |
| GDPR | Art.30 Records of processing (partial), Art.32 Security of processing (strong) |
Audit trails prove operating effectiveness strongly but control design /
configuration only partially — each control is labelled strong or partial,
and gap_analysis surfaces the caveat rather than overclaiming.
uv tool install compliance-aiops
compliance-aiops init # discover sibling ~/.*-aiops/audit.db, set org name, optional signing key
compliance-aiops doctor # which sibling audit DBs are present/readable
coverage_summary)control_evidence)gap_analysis)approval_report)exceptions_report)generate_evidence_bundle,
sign_bundle) and later prove it wasn't altered (verify_bundle)verify_source_chain)Do NOT use to scan or operate infrastructure, or as a GRC platform. It reads the audit DBs the other AIops-tools write; for platform operations use those other AIops-tools.
| If the user wants… | Use |
|---|---|
| Compliance evidence from existing AIops audit trails | compliance-aiops (this skill) |
| To actually operate a platform (VMs, storage, clusters, network, …) | the relevant platform AIops-tools skill |
| OT / industrial edge (Modbus, OPC-UA, PLC) | the industrial-aiops line |
| A full GRC platform / policy management | out of scope — this is evidence, not GRC |
compliance-aiops report coverage soc2 → confirm CC8.1 is coveredcompliance-aiops report approvals → high-risk write ops + approver + rationalecompliance-aiops bundle generate soc2 --since 2026-07-01 --until 2026-10-01 [--sign]
→ a hash-chain-sealed bundle under ~/.compliance-aiops/bundles/compliance-aiops bundle export <path> --format markdown → auditor-facing reportcompliance-aiops report gaps hipaa (or pci_dss / soc2 / gdpr) →
controls with no or weak evidence, each with an honest caveat and remediationcontrol_evidence (MCP) to see the
reproducible query behind the coverage numbercompliance-aiops bundle verify <path> → re-derives the chain, compares the
seal chainHead, and checks the optional signaturechainHead — record it out-of-band as an anchorUse verify_source_chain (MCP) on a source: it returns the chain head and flags
row-id gaps — a sign that rows were deleted from that audit.db.
~/.compliance-aiops/audit.db (relocatable via
COMPLIANCE_AIOPS_HOME).~/.compliance-aiops/bundles/.audit.db remains the system
of record.references/capabilities.md — full tool → inputs → returns referencereferences/cli-reference.md — CLI command referencereferences/setup-guide.md — source discovery, org name, optional signing key, integrity notes