feat(us-finra): add FINRA framework plugin stub#67
Conversation
Scaffolded from SCF crosswalk (usa-federal-sro-finra) with: - Plugin metadata: region=Americas, country=US, depth=stub - Framework identity: broker-dealer cybersecurity guidance - /us-finra:assess command routes to /grc-engineer:gap-assessment - SKILL.md with TODO placeholders for Reference depth upgrade Closes GRCEngClub#19 Part of GRCEngClub#12 (framework coverage tracker) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Review Summary by QodoAdd FINRA framework plugin stub with SCF crosswalk
WalkthroughsDescription• Adds FINRA framework plugin stub with SCF crosswalk integration • Registers plugin in marketplace with metadata and version info • Implements /us-finra:assess command routing to gap-assessment • Provides framework documentation and expert skill context Diagramflowchart LR
A["SCF Crosswalk<br/>usa-federal-sro-finra"] -->|"17 SCF → 39 FINRA<br/>controls"| B["us-finra Plugin<br/>Stub Depth"]
B -->|"assess command"| C["gap-assessment<br/>Engine"]
D["plugin.json<br/>metadata"] -->|"registers"| E["marketplace.json"]
B -->|"expert skill"| F["us-finra-expert<br/>SKILL.md"]
File Changes1. .claude-plugin/marketplace.json
|
Code Review by Qodo
1.
|
- Remove incorrect $1 positional argument from delegation - Add Usage section with --sources pass-through guidance - Quote SCF framework ID in delegation code block - Document --sources argument in Arguments section - Align with repo stub template format Fixes delegation inconsistency where gap-assessment was receiving an unexpected positional token instead of just the framework ID and optional --sources flag. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
📝 WalkthroughWalkthroughThis PR introduces a new FINRA framework plugin at Stub depth. It registers the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Greptile SummaryAdds the Confidence Score: 5/5Safe to merge — clean stub scaffold with no logic errors or broken references. All files follow the established stub-plugin convention, SCF framework ID and control counts are consistent across plugin.json/README/assess.md/marketplace.json, all relative paths to FRAMEWORK-PLUGIN-GUIDE.md resolve correctly, and no P0/P1 issues were found. The only prior concern (inline No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
actor User
participant assess as /us-finra:assess
participant skill as us-finra-expert (SKILL.md)
participant gap as /grc-engineer:gap-assessment
participant scf as SCF Crosswalk<br/>(usa-federal-sro-finra)
User->>assess: /us-finra:assess [--sources=...]
assess->>skill: load stub context
assess->>gap: delegate with framework ID
gap->>scf: expand 17 SCF controls → 39 FINRA controls
scf-->>gap: control mappings
gap-->>User: prioritized gap report
Reviews (2): Last reviewed commit: "Merge branch 'main' into feat/framework-..." | Re-trigger Greptile |
| { | ||
| "name": "us-finra", | ||
| "description": "FINRA Plugin - Broker-dealer cybersecurity guidance (builds on SEC Reg S-P, SEC 17a-4)", | ||
| "version": "0.1.0", |
There was a problem hiding this comment.
Inline
author object inconsistent with sibling plugins
All other framework plugin.json files use multi-line formatting for the author object (e.g. glba, nydfs, dora). Keeping the same style makes diffs and reviews easier to parse.
| "version": "0.1.0", | |
| "author": { | |
| "name": "GRC Engineering Club Contributors" | |
| }, |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
ethanolivertroy
left a comment
There was a problem hiding this comment.
Approving per pre-merge review pass: Qodo bug on broken assess delegation addressed in commit 7041199 (now uses templated Usage block + documents --sources). Structure conforms to framework-stub pattern (matches glba/nydfs/singapore-pdpa); marketplace.json registration correct; namespace /us-finra: unique; author field uses correct object form. Greptile P2 (inline vs multi-line author) is cosmetic and matches singapore-pdpa precedent.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@plugins/frameworks/us-finra/README.md`:
- Line 3: Replace all user-facing occurrences of the phrase "FINRA Cybersecurity
Rules" in the README with the plugin-scoped term "Broker-Dealer Cybersecurity
Guidance" to ensure consistent terminology; search for the literal string "FINRA
Cybersecurity Rules" in the README.md and update each instance (including the
header and any descriptive lines) so the doc consistently references
"Broker-Dealer Cybersecurity Guidance" and avoid introducing new variations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: b143dbff-5fb8-483f-8b77-3eb09b0eb923
📒 Files selected for processing (5)
.claude-plugin/marketplace.jsonplugins/frameworks/us-finra/.claude-plugin/plugin.jsonplugins/frameworks/us-finra/README.mdplugins/frameworks/us-finra/commands/assess.mdplugins/frameworks/us-finra/skills/us-finra-expert/SKILL.md
| @@ -0,0 +1,36 @@ | |||
| # us-finra — FINRA Broker-Dealer Cybersecurity Guidance | |||
|
|
|||
| Stub-depth framework plugin scaffolded from the SCF crosswalk. Install and use it to run a gap assessment against **FINRA Cybersecurity Rules**: | |||
There was a problem hiding this comment.
Use “Guidance” terminology consistently in user-facing docs.
Line 3 and Line 16 say “FINRA Cybersecurity Rules,” but the plugin is scoped as “Broker-Dealer Cybersecurity Guidance.” Keeping one term avoids scope ambiguity.
✏️ Suggested wording update
-Stub-depth framework plugin scaffolded from the SCF crosswalk. Install and use it to run a gap assessment against **FINRA Cybersecurity Rules**:
+Stub-depth framework plugin scaffolded from the SCF crosswalk. Install and use it to run a gap assessment against **FINRA Broker-Dealer Cybersecurity Guidance**:
-Reference-depth adds an evidence checklist and framework-specific context. If you have domain expertise for FINRA Cybersecurity Rules, see the [Framework Plugin Guide](../../../docs/FRAMEWORK-PLUGIN-GUIDE.md) and open a PR.
+Reference-depth adds an evidence checklist and framework-specific context. If you have domain expertise for FINRA Broker-Dealer Cybersecurity Guidance, see the [Framework Plugin Guide](../../../docs/FRAMEWORK-PLUGIN-GUIDE.md) and open a PR.Also applies to: 16-16
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@plugins/frameworks/us-finra/README.md` at line 3, Replace all user-facing
occurrences of the phrase "FINRA Cybersecurity Rules" in the README with the
plugin-scoped term "Broker-Dealer Cybersecurity Guidance" to ensure consistent
terminology; search for the literal string "FINRA Cybersecurity Rules" in the
README.md and update each instance (including the header and any descriptive
lines) so the doc consistently references "Broker-Dealer Cybersecurity Guidance"
and avoid introducing new variations.
…author - marketplace.json: reset to upstream main and re-apply cyber-essentials-plus entry cleanly. Restores the us-finra plugin entry (added in PR GRCEngClub#67) that was lost to a stale base, and removes the indentation drift + singapore-pdpa description corruption. - plugin.json: switch author from bare string to object form per schemas/plugin.schema.json (the description note explicitly says bare strings are rejected by `claude plugin install`). Both manifests now pass tests/validate-plugin-manifests.sh against the ajv schema (35/35 valid). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
) * feat: add Cyber Essentials Plus (CE+) v3.3 Danzell framework plugin * fix: update broken links in cyber-essentials-plus plugin * fix: correct metadata table header in cyber-essentials-plus README * Update plugins/frameworks/cyber-essentials-plus/commands/evidence-checklist.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: flatten author to string and correct SCF framework ID to emea-gbr-ce-2021 * Add cyber-essentials-plus plugin to marketplace.json * fix: correct JSON syntax errors in marketplace. json Reorganized the marketplace.json file by removing and re-adding the singapore-pdpa plugin with updated formatting. * Update scf_controls_mapped value in plugin.json * Correct number of SCF controls in assessment.md * Update SCF controls mapped from 30 to 26 * Update SCF controls count in SKILL.md Corrected the number of SCF controls from 30 to 26. * fix: restore us-finra entry, normalize marketplace.json, object-form author - marketplace.json: reset to upstream main and re-apply cyber-essentials-plus entry cleanly. Restores the us-finra plugin entry (added in PR #67) that was lost to a stale base, and removes the indentation drift + singapore-pdpa description corruption. - plugin.json: switch author from bare string to object form per schemas/plugin.schema.json (the description note explicitly says bare strings are rejected by `claude plugin install`). Both manifests now pass tests/validate-plugin-manifests.sh against the ajv schema (35/35 valid). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Ethan Troy <63926014+ethanolivertroy@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Summary
Closes #19 - Adds FINRA framework plugin stub
Scaffolded via
/grc-engineer:scaffold-frameworkfrom the SCF crosswalk with SCF framework IDusa-federal-sro-finra.What This PR Adds
Plugin:
us-finra(FINRA Broker-Dealer Cybersecurity Guidance)/grc-engineer:gap-assessmentvia SCF crosswalk)Files Created:
plugins/frameworks/us-finra/.claude-plugin/plugin.json- Framework metadataplugins/frameworks/us-finra/commands/assess.md- Routes to gap-assessmentplugins/frameworks/us-finra/skills/us-finra-expert/SKILL.md- Framework context (TODOs acceptable at Stub depth)plugins/frameworks/us-finra/README.md- Install instructions and depth badgeTest Plan
plugins/frameworks/us-finra/plugin.jsonhas validframework_metadatawith correct SCF IDdepthis "stub" (not reference/full)regionis "Americas"industryincludes "financial-services" and "broker-dealer".claude-plugin/marketplace.json/us-finra:assesscommand routes to/grc-engineer:gap-assessment usa-federal-sro-finraPart of
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Documentation