Skip to content

feat(frameworks): CH-FADP stub plugin [EMEA]#87

Merged
ethanolivertroy merged 10 commits into
GRCEngClub:mainfrom
AnandSundar:feat/ch-fadp-stub
Apr 29, 2026
Merged

feat(frameworks): CH-FADP stub plugin [EMEA]#87
ethanolivertroy merged 10 commits into
GRCEngClub:mainfrom
AnandSundar:feat/ch-fadp-stub

Conversation

@AnandSundar

@AnandSundar AnandSundar commented Apr 26, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds Swiss Federal Act on Data Protection (nFADP) plugin at stub depth to the GRC Engineering Club marketplace. The plugin provides /ch-fadp:assess command that routes to the SCF crosswalk for gap assessments against Swiss data protection requirements.

What this adds

  • plugins/frameworks/ch-fadp/.claude-plugin/plugin.json — Framework metadata (SCF ID: CH-FADP, EMEA region, stub depth)
  • plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md — nFADP expertise with key GDPR divergences
  • plugins/frameworks/ch-fadp/commands/assess.md — Routes to /grc-engineer:gap-assessment
  • plugins/frameworks/ch-fadp/README.md — Install instructions and metadata
  • ✅ Registered in .claude-plugin/marketplace.json under EMEA frameworks

Key nFADP vs GDPR Divergences Documented

Aspect nFADP Position
Breach notification Risk-based ("as soon as possible"), NO fixed deadline
Enforcement Individual criminal liability (CHF 250,000), not entity fines
DSO appointment Voluntary — no mandatory requirement
Transfer mechanisms FDPIC-approved SCCs required; EU SCCs alone insufficient
Protected entities Both natural persons AND legal entities

Acceptance Criteria (from issue #12)

Stub Depth (this PR) ✅

  • SCF framework ID correctly set to CH-FADP
  • Region set to EMEA, country to CH
  • Depth set to stub
  • /ch-fadp:assess routes to gap-assessment with correct SCF ID
  • No verbatim statutory text in SKILL.md
  • Key GDPR divergences documented
  • Forbidden patterns avoided (72-hour, entity fines, mandatory DSO)
  • marketplace.json updated and valid JSON

Reference Depth (deferred to follow-up PR) 📋

  • /ch-fadp:scope — Framework-specific applicability determination
  • /ch-fadp:evidence-checklist — Evidence patterns by nFADP articles
  • Enhanced SKILL.md with all TODO markers replaced

Full Depth (deferred to future PR) 📋

  • /ch-fadp:dpia-review — DPIA workflow for high-risk processing
  • /ch-fadp:transfer-mechanism-check — Cross-border transfer validation
  • /ch-fadp:breach-triage — Risk-based breach notification workflow

References

Verification Checklist Passed

  • git branch --show-currentfeat/ch-fadp-stub
  • python3 -m json.tool plugin.json → valid
  • python3 -m json.tool marketplace.json → valid
  • grep -i "72.hour" SKILL.md → no matches
  • grep -i "entity fine" SKILL.md → no matches
  • grep -i "mandatory.*dso\|dso.*mandatory" SKILL.md → no matches
  • grep "CH-FADP" plugin.json → found
  • grep '"depth".*"stub"' plugin.json → found
  • grep "ch-fadp" marketplace.json → found
  • Directory contains exactly: plugin.json, assess.md, SKILL.md, README.md

Note for Reviewers

This is intentionally a stub plugin. Framework-specific workflow commands (/ch-fadp:evidence-checklist, /ch-fadp:dpia-review, /ch-fadp:transfer-mechanism-check, /ch-fadp:breach-triage) are deferred to Reference/Full depth level-ups per the Framework Plugin Guide.

The control counts (35 SCF → 90 nFADP) are estimates based on the framework's scope. These should be validated against the SCF API and updated if needed when the crosswalk data is available.

Summary by CodeRabbit

  • New Features

    • Swiss Federal Act on Data Protection (nFADP) framework plugin released (v0.1.0) for compliance assessments.
    • nFADP assessment command implemented via the SCF crosswalk (35 SCF → 90 nFADP controls).
    • Added an expert skill offering nFADP-specific guidance, examples, and an assess command.
  • Documentation

    • README, install/run instructions, and detailed command docs for /ch-fadp:assess.
    • Guidance on scope, obligations, GDPR divergences, transfers, DPIA triggers, breach handling, and next-step workflows.

- Adds plugins/frameworks/ch-fadp/ with plugin.json, SKILL.md, assess.md, README.md
- Registers under EMEA group in marketplace.json
- Routes /ch-fadp:assess to gap-assessment (SCF ID: CH-FADP)
- Documents key GDPR divergence: risk-based breach notification,
  individual criminal enforcement, voluntary DSO, Swiss transfer
  mechanisms, nFADP sensitive data categories
- Stub TODOs left for Reference/Full level-up contributors

Ref: GRCEngClub#12 (framework coverage tracker)
Ref: GRCEngClub#9 (scaffold-framework — built manually pending tooling)
Ref: GRCEngClub#11 (FRAMEWORK-PLUGIN-GUIDE.md depth tiers)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Apr 26, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds a new CH‑FADP (Swiss nFADP) framework plugin: marketplace registration, plugin metadata, README, an /ch-fadp:assess stub that delegates to the SCF-based gap assessment, and an expert SKILL document with nFADP guidance and TODOs.

Changes

Cohort / File(s) Summary
Marketplace registration
\.claude-plugin/marketplace.json
Registers new plugin ch-fadp (source: ./plugins/frameworks/ch-fadp, version 0.1.0).
Plugin manifest
plugins/frameworks/ch-fadp/.claude-plugin/plugin.json
New plugin metadata including name/description/version, framework metadata (region/country, scf_framework_id emea-che-fadp-2025), mapping counts and regulator.
Documentation & commands
plugins/frameworks/ch-fadp/README.md, plugins/frameworks/ch-fadp/commands/assess.md
Adds README with mapping summary (SCF → nFADP: 35 → 90), references, usage; assess.md documents /ch-fadp:assess as a stub delegating to /grc-engineer:gap-assessment with emea-che-fadp-2025 and --sources option.
Expert skill
plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
New SKILL doc covering nFADP scope, obligations, DPIA/DSO/breach guidance, GDPR divergences, cross-border rules, SCF crosswalk integration, /ch-fadp:assess command entry, and upgrade TODOs.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ch_fadp as ch-fadp Plugin
    participant grc as GRC-Engineer
    participant scf as SCF Crosswalk

    User->>ch_fadp: /ch-fadp:assess --sources=<connectors>
    ch_fadp->>grc: /grc-engineer:gap-assessment (framework="emea-che-fadp-2025", sources)
    grc->>scf: Request mappings (SCF controls → nFADP controls)
    scf-->>grc: Control mapping + metadata
    grc->>grc: Generate prioritized gap report (grouped by SCF family)
    grc-->>ch_fadp: Gap report mapped to nFADP controls
    ch_fadp-->>User: Prioritized gap assessment output
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

Possibly related PRs

  • PR #71: Adds a similar framework plugin and updates marketplace/manifest files; strongly related to schema/manifest changes here.

Suggested reviewers

  • ethanolivertroy

Poem

🐇 I hopped through Swiss maps, neat and spry,
Crosswalks led me where controls lie,
Gaps tallied, sorted, carrot-bright,
Assessments ready for audit night,
A tiny hop — compliance in sight!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding a CH-FADP (Swiss Federal Act on Data Protection) stub plugin under the EMEA region, which is exactly what the PR delivers.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@AnandSundar AnandSundar marked this pull request as ready for review April 26, 2026 23:48
@AnandSundar AnandSundar requested a review from a team as a code owner April 26, 2026 23:48
@greptile-apps

greptile-apps Bot commented Apr 26, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds a stub-depth Swiss nFADP plugin to the marketplace, routing /ch-fadp:assess through the SCF crosswalk (35 SCF → 90 nFADP controls) via /grc-engineer:gap-assessment. All previously flagged issues from the review thread have been resolved: the three missing sensitive-data categories (racial/ethnic origin, intimate sphere, social welfare measures) are now present, the scf_framework_id now follows the EMEA convention (emea-che-fadp-2025), the hackidle.github.io mirror links have been replaced with the official SCF URL, and README metadata is now consistent with plugin.json.

Confidence Score: 5/5

Safe to merge — all prior P0/P1 findings have been resolved.

Every previously flagged issue has been addressed: the three missing nFADP sensitive-data categories are present, the SCF framework ID follows EMEA convention, the year-2025 designator is explained in SKILL.md, README metadata is consistent with plugin.json, and the community-mirror URLs have been replaced with the official SCF link. No new P0 or P1 issues were found in this iteration.

No files require special attention; the SCF emea-che-fadp-2025 lookup should be smoke-tested once the plugin is installed to confirm the crosswalk ID resolves correctly in the live API.

Important Files Changed

Filename Overview
plugins/frameworks/ch-fadp/.claude-plugin/plugin.json Framework metadata with corrected EMEA-convention SCF ID (emea-che-fadp-2025); minor: missing trailing newline.
plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md nFADP expert skill with all three previously-missing sensitive-data categories added and SCF year-suffix note explaining the 2025 designator.
plugins/frameworks/ch-fadp/README.md README metadata now consistent with plugin.json (emea-che-fadp-2025); official SCF URL used instead of community mirror; missing trailing newline.
plugins/frameworks/ch-fadp/commands/assess.md Stub assess command correctly delegates to /grc-engineer:gap-assessment with emea-che-fadp-2025; missing trailing newline.
.claude-plugin/marketplace.json ch-fadp entry correctly inserted in alphabetical order between ce-plus and ind-dpdpa; valid JSON.

Sequence Diagram

sequenceDiagram
    participant U as User
    participant A as /ch-fadp:assess
    participant G as /grc-engineer:gap-assessment
    participant S as SCF Crosswalk API
    participant C as Connector Plugins

    U->>A: /ch-fadp:assess [--sources=...]
    A->>G: delegate "emea-che-fadp-2025" [--sources=...]
    G->>S: GET crosswalks/emea-che-fadp-2025.json
    S-->>G: 35 SCF → 90 nFADP control mappings
    G->>C: pull evidence (aws-inspector, github-inspector, …)
    C-->>G: control evidence data
    G-->>A: prioritized gap report (blockers / findings / recommendations)
    A-->>U: Swiss FADP gap report
Loading

Reviews (12): Last reviewed commit: "fix(ch-fadp): add race/ethnicity and soc..." | Re-trigger Greptile

Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
Comment thread plugins/frameworks/ch-fadp/README.md

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/frameworks/ch-fadp/commands/assess.md`:
- Line 34: The external link
"https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json" is returning
404 and breaking CI; update the markdown in
plugins/frameworks/ch-fadp/commands/assess.md by either replacing that URL with
the correct working endpoint (or a relative/local copy of the JSON), or remove
the broken link and add a brief note or alternate reference to the CH-FADP
crosswalk resource so the link-check passes.

In `@plugins/frameworks/ch-fadp/README.md`:
- Line 47: The README.md contains a broken SCF API link ([SCF API entry]
pointing to https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json);
update that link to a valid SCF API reference (either the current upstream URL
for the CH-FADP crosswalk or a maintained local copy in the repo/docs),
replacing the stale URL so the link-check passes; ensure the anchor text remains
"[SCF API entry]" and that the new URL is reachable (or switch the link to a
relative path to a bundled JSON file if the external resource is unavailable).

In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md`:
- Line 163: The relative link in SKILL.md uses
"../../../../docs/FRAMEWORK-PLUGIN-GUIDE.md" which is one level too shallow;
update the link target for [Framework Plugin Guide] to ascend five levels to
reach the repo-root docs (use "../../../../../docs/FRAMEWORK-PLUGIN-GUIDE.md")
so the reference resolves correctly from
plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e30c8547-2d58-4154-bdd8-9eeec2703c1c

📥 Commits

Reviewing files that changed from the base of the PR and between 2ed028d and ac44df9.

📒 Files selected for processing (5)
  • .claude-plugin/marketplace.json
  • plugins/frameworks/ch-fadp/.claude-plugin/plugin.json
  • plugins/frameworks/ch-fadp/README.md
  • plugins/frameworks/ch-fadp/commands/assess.md
  • plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md

Comment thread plugins/frameworks/ch-fadp/commands/assess.md Outdated
Comment thread plugins/frameworks/ch-fadp/README.md Outdated
## References

- [Secure Controls Framework](https://securecontrolsframework.com) — crosswalk source (CC BY-ND 4.0)
- [SCF API entry](https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

README includes a stale SCF API link (404).

Line 47 points to a URL that fails link-check. Please replace with a valid SCF API reference to keep docs and CI green.

Suggested doc fix
-- [SCF API entry](https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json)
+- [SCF API frameworks index](https://grcengclub.github.io/scf-api/api/crosswalks.json)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- [SCF API entry](https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json)
- [SCF API frameworks index](https://grcengclub.github.io/scf-api/api/crosswalks.json)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/frameworks/ch-fadp/README.md` at line 47, The README.md contains a
broken SCF API link ([SCF API entry] pointing to
https://hackidle.github.io/scf-api/api/crosswalks/CH-FADP.json); update that
link to a valid SCF API reference (either the current upstream URL for the
CH-FADP crosswalk or a maintained local copy in the repo/docs), replacing the
stale URL so the link-check passes; ensure the anchor text remains "[SCF API
entry]" and that the new URL is reachable (or switch the link to a relative path
to a bundled JSON file if the external resource is unavailable).

Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md Outdated
- Remove 404 SCF API link from commands/assess.md (hackidle.github.io)
- Remove 404 SCF API link from README.md (hackidle.github.io)
- Fix relative path to FRAMEWORK-PLUGIN-GUIDE.md in SKILL.md
  (4 levels → 5 levels up to reach repo root docs)

The CH-FADP crosswalk may not yet be published in the SCF API,
so the broken API links are removed. The main SCF website link
is retained as a working reference.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/frameworks/ch-fadp/commands/assess.md`:
- Around line 13-15: The markdown fenced code blocks in
plugins/frameworks/ch-fadp/commands/assess.md are missing language identifiers
causing markdownlint MD040; update the unlabeled triple-backtick blocks that
contain the command examples (e.g. the blocks with "/ch-fadp:assess
[--sources=<connector-list>]" and "/grc-engineer:gap-assessment \"CH-FADP\"
[--sources=<connector-list>]") to include a language tag such as "text" (i.e.,
replace ``` with ```text) so the code fences are labeled and the lint warning is
resolved.

In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md`:
- Line 76: Fix the casing typo in SKILL.md by changing the phrase "DSo
consultation" to "DSO consultation" (update the exact text in the line that
reads "- **DSo consultation**: If DSO is appointed, they must be consulted on
high-risk processing") so the acronym is consistently capitalized as "DSO".
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f9e21f7b-80b7-4aeb-ba20-cdd63e5c0c97

📥 Commits

Reviewing files that changed from the base of the PR and between ac44df9 and 82f61f4.

📒 Files selected for processing (3)
  • plugins/frameworks/ch-fadp/README.md
  • plugins/frameworks/ch-fadp/commands/assess.md
  • plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
✅ Files skipped from review due to trivial changes (1)
  • plugins/frameworks/ch-fadp/README.md

Comment thread plugins/frameworks/ch-fadp/commands/assess.md Outdated
Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md Outdated
- Add ```text language identifier to fenced code blocks in assess.md
  (resolves markdownlint MD040)
- Fix typo: "DSo consultation" → "DSO consultation" in SKILL.md
Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md`:
- Around line 122-134: Update the GDPR cell in the table row labeled "Breach
notification clock" to correct the wording — replace "Strict deadline (know
without undue delay)" with a clear phrasing such as "Notify supervisory
authority without undue delay (GDPR Art. 33)" so it accurately reflects the
obligation to notify rather than "know" within the timeframe; ensure the change
is made in the GDPR column of that table row in SKILL.md.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 240e5038-c76c-4815-9a85-9b36787862da

📥 Commits

Reviewing files that changed from the base of the PR and between 82f61f4 and 549dfe2.

📒 Files selected for processing (2)
  • plugins/frameworks/ch-fadp/commands/assess.md
  • plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
✅ Files skipped from review due to trivial changes (1)
  • plugins/frameworks/ch-fadp/commands/assess.md

Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
- Fix typo in GDPR column: "know without undue delay" →
  "Notify supervisory authority without undue delay (GDPR Art. 33)"
Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md (1)

108-117: Add a missing subsection header before sensitive-data bullets.

These bullets currently follow the DSO section directly, which makes them read as part of DSO guidance. Add a dedicated heading (e.g., #### Sensitive Personal Data) to avoid ambiguity.

💡 Proposed doc refactor
 #### **Data Security Officer (DSO)**
@@
 - **No GDPR Article 37 trigger**: No automatic requirement based on core activities or scale
 
+#### **Sensitive Personal Data**
+
 - Health data
 - Genetic data
 - Biometric data (for uniquely identifying a person)
 - Religious or philosophical beliefs
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md` around lines 108 -
117, Add a dedicated subsection header before the bullet list that begins with
"Health data" to separate it from the preceding DSO section; insert a heading
like "#### Sensitive Personal Data" immediately above that list (with a blank
line before and after the heading) so the bullets are clearly under their own
section and keep the existing trailing note about financial data unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md`:
- Around line 108-117: Add a dedicated subsection header before the bullet list
that begins with "Health data" to separate it from the preceding DSO section;
insert a heading like "#### Sensitive Personal Data" immediately above that list
(with a blank line before and after the heading) so the bullets are clearly
under their own section and keep the existing trailing note about financial data
unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 18dd93f5-e7b0-416f-a252-c0762a8772a0

📥 Commits

Reviewing files that changed from the base of the PR and between 549dfe2 and 48f58bc.

📒 Files selected for processing (1)
  • plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md

Comment thread plugins/frameworks/ch-fadp/.claude-plugin/plugin.json Outdated
- Update scf_framework_id from "CH-FADP" to "emea-che-fadp-2025"
  to match SCF API convention and enable gap-assessment lookup
- Update assess.md to pass correct framework ID to gap-assessment
- Update SKILL.md to reference correct framework ID

The EMEA convention uses emea-{country_alpha3}-{framework}-{year}
format. Switzerland FADP in SCF API is "emea-che-fadp-2025"
(CHE = ISO 3166-1 alpha-3 for Switzerland).

Fixes issue where gap-assessment would return empty results.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Comment thread plugins/frameworks/ch-fadp/README.md Outdated
- Update README.md SCF framework ID from CH-FADP to emea-che-fadp-2025
  to match plugin.json and ensure consistency across all files

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Comment thread plugins/frameworks/ch-fadp/.claude-plugin/plugin.json
AnandSundar and others added 2 commits April 26, 2026 18:50
- Add explanatory note in SKILL.md about why SCF framework ID
  uses 2025 (SCF's internal cycle) vs 2023 (law's effective date)
- Prevents future contributor confusion about the year mismatch

The SCF's year suffix reflects their intake/release cycle, not the
underlying law's effective date. The ID must match the SCF crosswalk
exactly for gap-assessment lookups to work.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Comment thread plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md
AnandSundar and others added 2 commits April 26, 2026 22:45
- Add "Data about the intimate sphere (including sexual preferences
  and life)" to special categories per nFADP Art. 5(1)(c)
- Fixes false negative where gap assessment would not flag
  sexual orientation/life data as requiring heightened protection

The intimate sphere (Intimsphäre) is explicitly listed in
nFADP alongside health, genetic, and racial/ethnic data as
a special category requiring heightened protection.
…ata list

Adds the two FADP Art. 5(1)(c) sensitive personal data categories that were
missing from the SKILL.md special-categories list, using canonical Swiss
statutory wording (verified against fedlex.data.admin.ch).

Resolves greptile P1 review feedback. Without these, gap assessments routed
through this skill would produce false negatives on race/ethnicity and
social-assistance data processing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@ethanolivertroy ethanolivertroy merged commit c8007bc into GRCEngClub:main Apr 29, 2026
2 of 3 checks passed
ethanolivertroy added a commit to AnandSundar/claude-grc-engineering that referenced this pull request Apr 29, 2026
Resolves conflicts on plugins/frameworks/ch-fadp/* introduced by GRCEngClub#87 merge:
- Keep main's two new sensitive-data bullets (race/ethnicity, social assistance)
- Apply branch's "Protected entities: natural persons only" correction —
  authoritative per kmu.admin.ch: the 2023 nFADP revision narrowed scope
  and legal persons are no longer covered (one of the 8 major changes).
- Keep branch's "commands"/"skills" arrays in ch-fadp/plugin.json
  (CodeRabbit feedback from GRCEngClub#87 follow-up).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ethanolivertroy added a commit that referenced this pull request Apr 29, 2026
Two broken external URLs were failing the lychee link-check on every PR:

1. mattpocock/skills/grill-me — Matt reorganized into category subdirectories; new path is skills/productivity/grill-me. 3 references updated (CHANGELOG.md, plugins/teach-me/README.md, plugins/teach-me/commands/quiz.md).
2. www.edoeb.admin.ch/edoeb/en/home.html — 301-redirects to /en, but lychee's user agent gets a bot-detection 500 from the FDPIC origin. Switched both ch-fadp references to the canonical /en URL.

PRs #87, #89, and #90 all hit these failures.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants