docs: add compliance pipeline pattern cards#39
Open
jpower432 wants to merge 2 commits into
Open
Conversation
Define the compliance pipeline pattern — a repeatable Gemara-based pipeline where inputs (driver, catalog, governance, scoping model) change per persona but the flow stays constant. Includes CUE schema, four YAML pattern cards (foundation-backed OSS, manufacturer CRA, manufacturer AI, manufacturer finserv), and an overview document. Assisted-by: Claude (Anthropic, Claude Opus 4.6) Signed-off-by: Jennifer Power <[email protected]>
Removed sections detailing various manufacturer personas and their corresponding fields and values. Signed-off-by: Jennifer Power <[email protected]>
jpower432
requested review from
fortiz-ai,
gxmiranda and
hbraswelrh
and removed request for
a team
jpower432
changed the title
Member
Author
|
This does not fully closes #26, but gives a patterns some use cases to demonstrate the pattern leveraging open source catalogs so we could build our pipeline around them. |
Member
Author
|
CI failure is a false positive. Failing on the original PR title. |
hbraswelrh
approved these changes
Jun 15, 2026
Member
There was a problem hiding this comment.
LGTM. This is very well-done. What an awesome idea? @jpower432 👏
jpower432
commented
Jun 15, 2026
| |:------------------|:-----------------------------------------------------------------------------|:--------------| | ||
| | **Persona** | Who you are | Identity | | ||
| | **Driver** | External motivation — why you act | Input | | ||
| | **Catalog** | The standard (Guidance) you assess against | Input | |
Member
Author
There was a problem hiding this comment.
We might want to rename this, but it is essentially supposed to an input for how you measure you posture depending on your driver. Governance artifacts are pre-existing. When you complete this, it folds into your baseline.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a compliance pipeline pattern — a repeatable Gemara-based pipeline where inputs (driver, catalog, governance, scoping model) change per persona but the flow stays constant. Includes CUE schema, four YAML pattern cards and an overview document.
Related Issues
Ref: #26
Review Hints
N/A