feat(skill): add agentv-compliance skill for governance block authoring and lint (Phase 1 of #1172)

plugins/agentv-dev/skills/agentv-compliance/SKILL.md

@@ -0,0 +1,63 @@
+---
+name: agentv-compliance
+description: >-
+  Author, edit, and lint `governance:` blocks in `*.eval.yaml` files.
+  Use when creating or updating evaluation suites that carry AI-governance metadata
+  (OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, EU AI Act, ISO 42001).
+  Also use non-interactively (e.g., from a GitHub Action) to lint changed eval files
+  and report violations against the rules in `references/lint-rules.md`.
+  Do NOT use for running evals or benchmarking — that belongs to agentv-bench.
+---
+
+# AgentV Compliance Skill
+
+Teaches AI agents how to author syntactically correct `governance:` blocks in AgentV
+eval files, and how to lint them against known vocabulary rules.
+
+## Dual mode
+
+**Authoring (interactive):** When a human or AI agent is editing a `*.eval.yaml` file
+that contains or should contain a `governance:` block, this skill provides vocabulary,
+valid values, and example shapes. Load it alongside `agentv-eval-writer` when building
+red-team or compliance suites.
+
+**Linting (non-interactive / CI):** When invoked from a GitHub Action (see
+`examples/governance/compliance-lint/`), this skill lints each changed `*.eval.yaml` file
+against the rules in `references/lint-rules.md` and returns a structured JSON report.
+The expected output format is:
+```json
+{
+  "pass": true,
+  "violations": [
+    {
+      "rule": "known_key",
+      "key": "risk_level",
+      "value": "high",
+      "message": "Unknown governance key 'risk_level'. Did you mean 'risk_tier'?",
+      "suggestion": "Replace 'risk_level' with 'risk_tier'."
+    }
+  ]
+}
+```
+`pass` is `true` when `violations` is empty.
+
+## Reference files
+
+| File | Purpose |
+|------|---------|
+| `references/governance-yaml-shape.md` | YAML shape, merge semantics, worked examples |
+| `references/lint-rules.md` | Machine-readable rules applied during lint |
+| `references/owasp-llm-top-10-2025.md` | LLM01–LLM10 canonical IDs and descriptions |
+| `references/owasp-agentic-top-10-2025.md` | T01–T10 agentic-AI categories |
+| `references/mitre-atlas.md` | Common AML.Txxxx technique IDs |
+| `references/eu-ai-act-risk-tiers.md` | Four risk tiers + article references |
+| `references/iso-42001-controls.md` | Curated ISO/IEC 42001:2023 controls for AI eval |
+
+## Quick authoring guide
+
+1. Check which risks this eval exercises using the reference files above.
+2. Pick IDs from the relevant frameworks (`owasp_llm_top_10_2025`, `mitre_atlas`, etc.).
+3. Set `risk_tier` using EU AI Act vocabulary (`prohibited | high_risk | limited_risk | minimal_risk`).
+4. Add `controls` as `<FRAMEWORK>-<VERSION>:<ID>` strings (e.g. `EU-AI-ACT-2024:Art.55`).
+5. Run the lint rules from `references/lint-rules.md` against your block before committing.
+6. See `references/governance-yaml-shape.md` for complete examples copied from real suites.

plugins/agentv-dev/skills/agentv-compliance/references/eu-ai-act-risk-tiers.md

@@ -0,0 +1,37 @@
+# EU AI Act — Risk Tiers
+
+**Valid values for the `risk_tier:` field.**
+
+Official source: Regulation (EU) 2024/1689 on Artificial Intelligence (EU AI Act)
+Full text: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
+
+## Allowed values
+
+| Value | EU AI Act category | Key articles | Description |
+|-------|-------------------|-------------|-------------|
+| `prohibited` | Prohibited AI practices | Art. 5 | AI systems whose risks are deemed unacceptable — banned outright. Examples: social scoring by public authorities, real-time remote biometric surveillance in public spaces, AI that exploits vulnerabilities of specific groups. |
+| `high_risk` | High-risk AI systems | Art. 6, Annex I–III | AI systems subject to mandatory conformity assessments, transparency, and human oversight. Examples: biometric identification, critical infrastructure, employment screening, access to education or essential services, law enforcement. |
+| `limited_risk` | Limited-risk AI systems | Art. 50 | AI systems with transparency obligations only. Examples: chatbots must disclose they are AI; deep-fake generators must mark synthetic media. |
+| `minimal_risk` | Minimal-risk AI systems | — | No mandatory obligations. Examples: spam filters, AI in video games. Voluntary codes of conduct encouraged. |
+
+## Usage notes
+
+- `risk_tier` is a scalar; only one value per governance block.
+- The vocabulary is anchored to EU AI Act terminology. Some organizations use different
+  risk scales (e.g. NIST SP 800-30 `low | moderate | high | very_high`). When mapping
+  from another framework, choose the EU AI Act equivalent that best matches the impact.
+- Combine `risk_tier: high_risk` with `controls` referencing EU AI Act articles:
+  ```yaml
+  risk_tier: high_risk
+  controls:
+    - EU-AI-ACT-2024:Art.55
+    - EU-AI-ACT-2024:Art.6
+  ```
+- `prohibited` tier should accompany test cases that specifically probe prohibited behaviors.
+  This does NOT mean the eval suite is itself prohibited — it means the suite tests whether
+  the system correctly refuses to engage in prohibited behaviors.
+
+## Article reference format
+
+Use `EU-AI-ACT-2024:<Article>` in the `controls` array, e.g. `EU-AI-ACT-2024:Art.55`.
+Article 55 covers general-purpose AI (GPAI) model obligations and transparency requirements.

plugins/agentv-dev/skills/agentv-compliance/references/governance-yaml-shape.md

@@ -0,0 +1,125 @@
+# Governance Block — YAML Shape and Examples
+
+## Field reference
+
+```yaml
+governance:
+  schema_version: "1.0"                    # string, optional — version of this block's schema
+  owasp_llm_top_10_2025: [LLM01]           # string[], optional — OWASP LLM Top 10 v2025 IDs
+  owasp_agentic_top_10_2025: [T01, T06]    # string[], optional — OWASP Agentic AI Top 10 v2025 IDs
+  mitre_atlas: [AML.T0051]                 # string[], optional — MITRE ATLAS technique IDs
+  controls: []                             # string[], optional — <FRAMEWORK>-<VERSION>:<ID> strings
+  risk_tier: high_risk                     # string, optional — EU AI Act tier (see eu-ai-act-risk-tiers.md)
+  owner: security-team                     # string, optional — owning team or person
+```
+
+All fields are optional. Unknown keys pass through to JSONL output unchanged.
+
+## Control ID format
+
+The `controls` array accepts any string matching the pattern `<FRAMEWORK>-<VERSION>:<ID>`.
+Custom organizational prefixes are valid:
+
+```
+NIST-AI-RMF-1.0:MEASURE-2.7
+EU-AI-ACT-2024:Art.55
+ISO-42001-2023:6.1.2
+INTERNAL-AI-POLICY-3.2:CTRL-7
+```
+
+## Placement in eval files
+
+Governance blocks live in two places and are merged automatically:
+
+### 1. Suite-level (top-level key)
+
+Define once at the suite level and it will be merged into every case's `metadata.governance`:
+
+```yaml
+name: redteam-llm01-prompt-injection
+governance: &gov           # YAML anchor for reuse in per-case overrides
+  schema_version: "1.0"
+  owasp_llm_top_10_2025: [LLM01]
+  mitre_atlas: [AML.T0051]
+  controls:
+    - NIST-AI-RMF-1.0:MEASURE-2.7
+    - EU-AI-ACT-2024:Art.55
+  risk_tier: high_risk
+  owner: security-team
+
+tests:
+  - id: direct-ignore-previous
+    metadata:
+      governance: *gov       # reference the anchor — identical to suite-level
+    ...
+```
+
+### 2. Per-case override with merge-key (`<<:`)
+
+Use YAML merge keys to inherit suite-level governance and add case-specific overrides.
+Arrays from both sides are concatenated and deduplicated; scalar fields on the case win:
+
+```yaml
+  - id: indirect-tool-output
+    metadata:
+      governance:
+        <<: *gov
+        owasp_llm_top_10_2025: [LLM01, LLM06]  # extends — case adds LLM06 to the inherited [LLM01]
+```
+
+## Merge semantics (how suite + case are combined)
+
+| Field type | Merge behavior |
+|-----------|----------------|
+| Arrays (`owasp_llm_top_10_2025`, `mitre_atlas`, `controls`) | Concatenate suite + case, deduplicate |
+| Scalars (`risk_tier`, `owner`, `schema_version`) | Case value overrides suite value |
+
+## Complete example — from `examples/red-team/suites/llm01-prompt-injection.eval.yaml`
+
+```yaml
+name: redteam-llm01-prompt-injection
+governance: &gov
+  schema_version: "1.0"
+  owasp_llm_top_10_2025: [LLM01]
+  mitre_atlas: [AML.T0051]
+  controls:
+    - NIST-AI-RMF-1.0:MEASURE-2.7
+    - EU-AI-ACT-2024:Art.55
+  risk_tier: high_risk
+  owner: security-team
+
+tests:
+  - id: direct-ignore-previous
+    metadata:
+      governance: *gov
+    ...
+
+  - id: indirect-tool-output-document
+    metadata:
+      governance:
+        <<: *gov
+        owasp_llm_top_10_2025: [LLM01, LLM06]   # case adds LLM06
+    ...
+```
+
+## Complete example — from `examples/red-team/archetypes/coding-agent/suites/destructive-git.eval.yaml`
+
+```yaml
+name: redteam-coder-destructive-git
+governance: &gov
+  schema_version: "1.0"
+  owasp_llm_top_10_2025: [LLM06]
+  owasp_agentic_top_10_2025: [T01, T06]
+  mitre_atlas: [AML.T0051, AML.T0075]
+  controls:
+    - NIST-AI-RMF-1.0:MEASURE-2.7
+    - EU-AI-ACT-2024:Art.55
+  risk_tier: high_risk
+  owner: security-team
+```
+
+## JSONL output
+
+The merged `governance` block is passed through verbatim to the JSONL result file under each
+result's `metadata.governance` key. Downstream tools (jq pipelines, `.ai-register.yaml`
+aggregators) consume it from there. The eval engine does not validate or transform the values.

plugins/agentv-dev/skills/agentv-compliance/references/iso-42001-controls.md

@@ -0,0 +1,46 @@
+# ISO/IEC 42001:2023 — AI Management System Controls
+
+**Curated subset of controls relevant to AI evaluation suites.**
+
+Official source: ISO/IEC 42001:2023 — Information technology — Artificial intelligence —
+Management system. Full standard available at https://www.iso.org/standard/81230.html
+
+ISO 42001 is a management-system standard (like ISO 27001 for information security) covering
+the governance, risk management, and operational controls for organizations that develop or
+deploy AI systems.
+
+## Control reference format
+
+Use `ISO-42001-2023:<Clause>` in the `controls` array.
+
+## Relevant control areas for eval suites
+
+| Clause | Title | Relevance to evals |
+|--------|-------|-------------------|
+| 6.1 | Actions to address risks and opportunities | Risk identification for AI systems — align `risk_tier` with documented risk assessments. |
+| 6.1.2 | AI risk assessment | Formal risk assessment process; eval suites serve as evidence of risk measurement. |
+| 8.4 | AI system impact assessment | Assess potential societal impacts before deployment; red-team evals provide evidence. |
+| 8.5 | AI system life cycle | Controls for data, model, and deployment stages — align with suite test coverage. |
+| 9.1 | Monitoring, measurement, analysis and evaluation | Periodic eval runs as evidence of continuous monitoring. |
+| 9.1.1 | AI performance evaluation | Systematic measurement of AI output quality and safety properties. |
+| 10.2 | Nonconformity and corrective action | Failing evals trigger corrective action processes. |
+| A.2 | Policies for AI (Annex A) | Organizational AI use policies — `owner` field maps to the responsible team. |
+| A.5 | AI risk assessment (Annex A) | Documented risk assessment for each AI application. |
+| A.6 | AI system impact assessment (Annex A) | Broader societal-impact documentation. |
+
+## Usage example
+
+```yaml
+controls:
+  - ISO-42001-2023:6.1.2   # AI risk assessment
+  - ISO-42001-2023:9.1.1   # AI performance evaluation
+  - EU-AI-ACT-2024:Art.55  # GPAI transparency obligations
+```
+
+## Notes
+
+- ISO 42001 is certification-oriented; most teams will reference only a subset.
+  The clauses above are the ones most directly evidenced by running and storing eval results.
+- For pure LLM / red-team suites, clauses 6.1.2, 8.4, and 9.1.1 are the most common references.
+- Combine with NIST AI RMF controls (e.g. `NIST-AI-RMF-1.0:MEASURE-2.7`) when the organization
+  uses both frameworks.