governance-enterprise

Enterprise governance — audit trail queries, compliance verification, decision registry, certification workflow

32 stars

Best use case

governance-enterprise is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Enterprise governance — audit trail queries, compliance verification, decision registry, certification workflow

Teams using governance-enterprise should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/governance-enterprise/SKILL.md --create-dirs "https://raw.githubusercontent.com/gonzalezpazmonica/pm-workspace/main/.claude/skills/governance-enterprise/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/governance-enterprise/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How governance-enterprise Compares

Feature / Agent	governance-enterprise	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Enterprise governance — audit trail queries, compliance verification, decision registry, certification workflow

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Skill: Enterprise Governance

> Prerequisito: @docs/rules/domain/governance-enterprise.md, @docs/rules/domain/audit-trail-schema.md

Orquesta auditoría trail, verificación de cumplimiento (GDPR/ISO/AI Act/AEPD), registry de decisiones y certificación.

## Flujo 1 — Audit Trail (`audit-trail`)

1. Leer `.audit-trail/actions.jsonl` (activo) + archive/YYYY-MM.jsonl (histórico)
2. Permitir queries por: usuario, rango fechas, tipo acción, target
3. Generar resumen: total acciones, distribution por tipo, failures
4. Output: tabla de acciones + query stats

**Query examples**:
```
/governance-enterprise audit-trail --user @monica --since 2026-02-01
/governance-enterprise audit-trail --action delete --from 2026-01 --to 2026-03
/governance-enterprise audit-trail --target pbi --result failure
```

## Flujo 2 — Compliance Check (`compliance-check`)

1. Leer governance-enterprise.md (matriz de controles)
2. Por cada control: verificar evidencia más reciente
3. Calcular score por control (0-100 basado en fecha de última ejecución):
   - Fresh (< 30 días) = 100
   - Valid (31-90 días) = 75
   - Stale (91-180 días) = 50
   - Missing (> 180 días) = 0
4. Agregar por categoría (GDPR, ISO, AI, AEPD)
5. Generar `output/governance/compliance-check-YYYYMMDD.md`
6. Output: tabla scores + recomendaciones + remediation plan si needed

## Flujo 3 — Decision Registry (`decision-registry`)

1. Leer decision-registry.md
2. Por cada decisión: validar que tiene evidencia en file system
3. Listar decisiones activas + superseded + revoked
4. Detectar decisiones sin evidencia (gap warning)
5. Generar resumen: total decisiones, distribution por status
6. Output: registry formatted + gaps + next decisions needed

## Flujo 4 — Certify (`certify`)

1. Ejecutar compliance-check internamente
2. Verificar que TODOS los controles ≥ 80%
3. Si alguno < 80%:
   - Mostrar controles fallidos
   - Sugerir remediation plan
   - NO certificar
4. Si todos ≥ 80%:
   - Generar certificación:  `compliance-cert-YYYYMM.pdf`
   - Crear entrada en decision-registry
   - Guardar en `output/governance/certs/`
5. Output: certificación o lista de requierements

## Errores

| Error | Acción |
|---|---|
| Audit trail no encontrado | Crear `.audit-trail/actions.jsonl` vacío |
| Control sin evidencia | Marcar como gap; no bloquear certificación si ≥ 80% |
| Decision registry corrupto | Validar YAML; mostrar errores |
| Score < 80% en un control | Mostrar remediation plan; no certificar |

## Seguridad

- NUNCA exponér audit trail en reports públicos
- Certificación puede ser compartida (solo contiene scores, no detalles)
- Decision registry puede ser compartida (referencias a evidencia, no datos)
- Respect user privacy: después 4 años, anonimizar user field en audit trail

Related Skills

enterprise-onboarding

from gonzalezpazmonica/pm-workspace

Enterprise onboarding at scale — batch import, per-role checklists, progress tracking, knowledge transfer

enterprise-analytics

from gonzalezpazmonica/pm-workspace

Enterprise analytics — SPACE metrics, portfolio aggregation, team health, risk matrix, forecasting

zoom-out

from gonzalezpazmonica/pm-workspace

Elevates perspective from trees to forest. Maps architecture, dependencies, and second-order effects before implementation decisions. Use when designing, when evaluating trade-offs, or at the start of design sessions.

workspace-integrity

from gonzalezpazmonica/pm-workspace

Catalogo de integrity auditors — drift CLAUDE.md, rule manifest, orphan rules, agents catalog sync, baseline, agent size

wellbeing-guardian

from gonzalezpazmonica/pm-workspace

Sistema proactivo de bienestar individual

web-research

from gonzalezpazmonica/pm-workspace

Search the web to resolve context gaps — documentation, versions, CVEs, best practices. Auto-starts SearxNG Docker if available, falls back to WebSearch.