feat(framework): HIPAA Security Rule plugin at Reference depth (closes #13)#89
Conversation
- Adds plugins/frameworks/ch-fadp/ with plugin.json, SKILL.md, assess.md, README.md - Registers under EMEA group in marketplace.json - Routes /ch-fadp:assess to gap-assessment (SCF ID: CH-FADP) - Documents key GDPR divergence: risk-based breach notification, individual criminal enforcement, voluntary DSO, Swiss transfer mechanisms, nFADP sensitive data categories - Stub TODOs left for Reference/Full level-up contributors Ref: GRCEngClub#12 (framework coverage tracker) Ref: GRCEngClub#9 (scaffold-framework — built manually pending tooling) Ref: GRCEngClub#11 (FRAMEWORK-PLUGIN-GUIDE.md depth tiers) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Remove 404 SCF API link from commands/assess.md (hackidle.github.io) - Remove 404 SCF API link from README.md (hackidle.github.io) - Fix relative path to FRAMEWORK-PLUGIN-GUIDE.md in SKILL.md (4 levels → 5 levels up to reach repo root docs) The CH-FADP crosswalk may not yet be published in the SCF API, so the broken API links are removed. The main SCF website link is retained as a working reference. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add ```text language identifier to fenced code blocks in assess.md (resolves markdownlint MD040) - Fix typo: "DSo consultation" → "DSO consultation" in SKILL.md
- Fix typo in GDPR column: "know without undue delay" → "Notify supervisory authority without undue delay (GDPR Art. 33)"
- Update scf_framework_id from "CH-FADP" to "emea-che-fadp-2025"
to match SCF API convention and enable gap-assessment lookup
- Update assess.md to pass correct framework ID to gap-assessment
- Update SKILL.md to reference correct framework ID
The EMEA convention uses emea-{country_alpha3}-{framework}-{year}
format. Switzerland FADP in SCF API is "emea-che-fadp-2025"
(CHE = ISO 3166-1 alpha-3 for Switzerland).
Fixes issue where gap-assessment would return empty results.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Update README.md SCF framework ID from CH-FADP to emea-che-fadp-2025 to match plugin.json and ensure consistency across all files Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add explanatory note in SKILL.md about why SCF framework ID uses 2025 (SCF's internal cycle) vs 2023 (law's effective date) - Prevents future contributor confusion about the year mismatch The SCF's year suffix reflects their intake/release cycle, not the underlying law's effective date. The ID must match the SCF crosswalk exactly for gap-assessment lookups to work. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add "Data about the intimate sphere (including sexual preferences and life)" to special categories per nFADP Art. 5(1)(c) - Fixes false negative where gap assessment would not flag sexual orientation/life data as requiring heightened protection The intimate sphere (Intimsphäre) is explicitly listed in nFADP alongside health, genetic, and racial/ethnic data as a special category requiring heightened protection.
…n marketplace.json
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThe PR adds two new framework plugins— Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Review rate limit: 1/3 review remaining, refill in 36 minutes and 6 seconds. Comment |
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@plugins/frameworks/ch-fadp/.claude-plugin/plugin.json`:
- Around line 10-20: The manifest plugin.json is missing declarations for the
plugin's exposed commands and skills, so add entries for the existing command
and skill files (e.g., reference "plugins/frameworks/ch-fadp/commands/assess.md"
and "plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md") following the
pattern used in plugins/frameworks/soc2/ or plugins/frameworks/pci-dss/ (add a
"commands" array with an object for assess and a "skills" array with an object
for ch-fadp-expert, include display name, path, and any metadata keys used by
the other framework manifests); ensure the scf framework metadata remains
unchanged and the new fields match schema used by the other framework plugins so
the command and skill surfaces are exposed at runtime.
In `@plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md`:
- Line 134: Update the protected-subject scope in the CH nFADP docs: change the
table row currently reading "Natural and legal entities (both protected under
nFADP)" to "Natural persons only" in
plugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.md (the Protected
entities table row) and make the identical correction in
plugins/frameworks/ch-fadp/README.md (the corresponding Protected entities line
around the README table), ensuring both files consistently reflect that nFADP
protects natural persons only per the revised law.
In `@plugins/frameworks/us-hipaa-security/commands/assess.md`:
- Line 45: The command route currently uses the unrecognized flag form
"/grc-engineer:gap-assessment --framework=US-HIPAA-Security"; change it to use
the documented positional <frameworks> argument expected by the gap-assessment
handler — e.g. route to "/grc-engineer:gap-assessment HIPAA" (use the HIPAA
alias instead of US-HIPAA-Security) so the gap-assessment command resolver
accepts the identifier; remove the "--framework=..." flag and pass the framework
as the positional argument to match gap-assessment's expected signature.
- Around line 182-187: Update the "Penalty Tiers" block in assess.md to reflect
the 2026 adjusted amounts: replace the old tier ranges with "Tier 1:
$145–$73,011; Tier 2: $1,461–$73,011; Tier 3: $14,602–$73,011; Tier 4:
$73,011–$2,190,294 per violation (with a $2,190,294 annual cap)". Add an "As of
January 28, 2026" qualifier immediately after the heading and include a source
reference to "45 CFR 102.3 / Federal Register annual inflation adjustment (Jan
28, 2026)" to the same section so readers can verify the numbers; modify the
existing "Penalty Tiers" bullet list accordingly in the assess.md content.
In `@plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md`:
- Around line 200-221: Add a fenced-code language tag (e.g., change ``` to
```text) for the code block containing the directory tree that starts with
"evidence/" so the Markdown linter MD040 is satisfied; locate the fenced block
showing the hipaa-security directory tree and prepend the language identifier
(text) to the opening fence.
- Line 73: Update the CFR citation for the table row containing "Data backup and
storage documentation" by changing its mapped citation from §164.310(d)(2)(iii)
to §164.310(d)(2)(iv); locate the row that reads "| **Data backup and storage
documentation** | §164.310(d)(2)(iii) | Addressable | Backup storage location,
access controls | Backup media must be securely stored |" and replace the
third-column citation token with "§164.310(d)(2)(iv)".
- Around line 174-180: The PowerShell snippet uses Bash substitution `$(date
+%Y%m%d)` which will fail; update the Export-Csv path to use PowerShell Get-Date
formatting instead (e.g., replace the filename fragment with an expression using
Get-Date -Format yyyyMMdd) and ensure the full path string is double-quoted so
PowerShell expands the expression; change the line that calls Export-Csv (after
Get-ADUser/Where-Object/Select-Object) to use the new date expression for the
file name.
In `@plugins/frameworks/us-hipaa-security/skills/us-hipaa-security/SKILL.md`:
- Around line 305-307: The fenced code block containing the command
`/grc-engineer:gap-assessment --framework=US-HIPAA-Security` in SKILL.md lacks a
language label for markdownlint; update that fence to include the "text"
language tag (i.e., change the opening triple backticks to "```text") so the
block becomes a labeled text code block and linting passes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: a0db2159-ef4a-4e01-9456-9b86513d97be
📒 Files selected for processing (9)
.claude-plugin/marketplace.jsonplugins/frameworks/ch-fadp/.claude-plugin/plugin.jsonplugins/frameworks/ch-fadp/README.mdplugins/frameworks/ch-fadp/commands/assess.mdplugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.mdplugins/frameworks/us-hipaa-security/.claude-plugin/plugin.jsonplugins/frameworks/us-hipaa-security/commands/assess.mdplugins/frameworks/us-hipaa-security/commands/evidence-checklist.mdplugins/frameworks/us-hipaa-security/skills/us-hipaa-security/SKILL.md
Greptile SummaryThis PR introduces the HIPAA Security Rule plugin at Reference depth and adds expert skill content for Swiss nFADP. The ch-fadp corrections (narrowing protected entities to natural persons only) are accurate. The HIPAA plugin structure and content are comprehensive, but several P1 issues flagged in the previous review round remain unresolved in the current diff: the Confidence Score: 4/5Defer merge until the P1 issues from the prior review round are resolved in the code. The ch-fadp corrections are clean and accurate. The HIPAA plugin structure is solid. However, multiple P1 findings raised in the previous review are still present in the current diff: invalid SQL DMV (
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[User invokes /us-hipaa-security:assess] --> B{Scope flag provided?}
B -- Yes --> C[Filter to single safeguard category\nadministrative / physical / technical\norganizational / policies]
B -- No --> D[All five categories]
C --> E[Route to /grc-engineer:gap-assessment\nwith SCF ID]
D --> E
E --> F[SCF crosswalk lookup\nUS-HIPAA-Security]
F --> G[Generate findings table\ngrouped by safeguard category]
A2[User invokes /us-hipaa-security:evidence-checklist] --> H{Category flag?}
H -- Yes --> I[Single category table]
H -- No --> J[All category tables]
I --> K{Format flag?}
J --> K
K -- table --> L[Markdown table output]
K -- csv --> M[CSV output]
K -- markdown --> N[Detailed list output]
L --> O{Audience flag?}
M --> O
N --> O
O -- auditor --> P[Full CFR references\nfor OCR / external auditor]
O -- internal --> Q[Simplified readiness\nchecklist]
Reviews (5): Last reviewed commit: "Merge main into feat/framework-us-hipaa-..." | Re-trigger Greptile |
| | **Access control and validation procedures** | §164.310(a)(2)(iii) | Addressable | Visitor log, badge issuance procedures | Visitors must be escorted and access logged | | ||
| | **Maintenance records for physical safeguards** | §164.310(a)(2)(iv) | Addressable | Maintenance logs for security systems | Document maintenance of locks, alarms, badge readers | | ||
| | **Workstation use policy specifying acceptable ePHI handling** | §164.310(b) | Required | Workstation use policy, signed acknowledgments | Covers acceptable use, locking screens, no eating/drinking near computers | | ||
| | **Physical workstation security controls** | §164.310(c) | Addressable | Screen locks, cable locks, privacy screens, positioning | May include workstation placement away from public areas | |
There was a problem hiding this comment.
§164.310(c) classified as Addressable — it is Required
§164.310(c) (Workstation Security) is a standard, not an implementation specification. All HIPAA Security Rule standards are required by definition; only implementation specifications carry the Required/Addressable distinction. Marking this as "Addressable" could lead practitioners to believe they can opt out of workstation physical safeguards entirely by documenting a rationale — which is incorrect. The regulation states "Implement physical safeguards for all workstations…" unconditionally.
| | **Physical workstation security controls** | §164.310(c) | Addressable | Screen locks, cable locks, privacy screens, positioning | May include workstation placement away from public areas | | |
| | **Physical workstation security controls** | §164.310(c) | Required | Screen locks, cable locks, privacy screens, positioning | May include workstation placement away from public areas | |
| SELECT * FROM sys.dm_audit_log | ||
| WHERE event_time > DATEADD(day, -90, GETDATE()) | ||
| ORDER BY event_time DESC; |
There was a problem hiding this comment.
sys.dm_audit_log does not exist in SQL Server
SQL Server has no sys.dm_audit_log DMV. Running this query verbatim returns Invalid object name 'sys.dm_audit_log'. SQL Server Audit records are read via the sys.fn_get_audit_file() table-valued function (pointing at the .sqlaudit file path configured in the server/database audit spec). Giving practitioners a failing script for evidence collection could cause them to mistakenly conclude no audit log is present, or to abandon the check entirely.
Replace with the correct function (the path should match the audit file destination configured in the environment):
-- Export audit logs from SQL Server databases containing ePHI
-- Adjust the file path to match the configured SQL Server Audit destination
SELECT *
FROM sys.fn_get_audit_file('C:\Audits\*.sqlaudit', DEFAULT, DEFAULT)
WHERE event_time > DATEADD(day, -90, GETDATE())
ORDER BY event_time DESC;…lugins - ch-fadp: Add commands and skills arrays to plugin.json for runtime exposure - ch-fadp: Fix protected entities scope - nFADP protects natural persons only (not legal entities) - us-hipaa-security: Update gap-assessment route to use positional argument (HIPAA alias) - us-hipaa-security: Update penalty tiers to 2026 inflation-adjusted amounts - us-hipaa-security: Add language tags to fenced code blocks (markdownlint MD040) - us-hipaa-security: Fix CFR citation for data backup documentation (§164.310(d)(2)(iv)) - us-hipaa-security: Fix PowerShell date formatting in evidence collection script
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md (2)
28-28: Optional: Consider capitalizing "Markdown" as proper noun.Static analysis suggests "Markdown" should be capitalized as it's a proper noun (the name of the formatting language). This is a minor style preference.
📝 Proposed fix
- - `markdown` - Detailed markdown list + - `markdown` - Detailed Markdown list🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md` at line 28, Update the casing of the formatting language reference in the evidence checklist: replace the lowercase token `markdown` with the proper noun `Markdown` in the item under the list (the line containing "`markdown` - Detailed markdown list") so the documentation consistently uses the correct capitalization.
19-25: Consider documenting CLI category short codes in SKILL.md.The command uses short category codes (
admin,physical,technical,org,policies) that don't appear in the SKILL.md documentation. Users reading the skill documentation may not realize these shortcuts exist, potentially affecting discoverability and usability.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md` around lines 19 - 25, The SKILL.md docs do not mention the CLI short codes used by the evidence-checklist command for the --category flag (admin, physical, technical, org, policies); update SKILL.md to list these short codes and their meanings (matching the descriptions in evidence-checklist.md) so users can discover and use them; reference the --category flag and the evidence-checklist command in the SKILL.md entry and include the default behavior (all categories) to keep documentation consistent.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md`:
- Around line 102-111: The header "Policies, Procedures & Documentation" in this
checklist is inconsistent with SKILL.md; update the section heading text to
"Policies, Procedures, and Documentation" to match SKILL.md; search for the
exact string "Policies, Procedures & Documentation" and replace it with
"Policies, Procedures, and Documentation" in this document and any other
framework docs to standardize naming across the repo.
In `@plugins/frameworks/us-hipaa-security/skills/us-hipaa-security/SKILL.md`:
- Around line 113-122: The section header in SKILL.md uses "Policies,
Procedures, and Documentation (45 CFR §164.316)" but evidence-checklist.md uses
the variant "Policies, Procedures & Documentation"; update the header in
evidence-checklist.md to exactly match the SKILL.md wording ("Policies,
Procedures, and Documentation (45 CFR §164.316)") so both files use the same
formal phrasing and punctuation; ensure any internal anchors or references that
rely on the old header text are updated accordingly.
---
Nitpick comments:
In `@plugins/frameworks/us-hipaa-security/commands/evidence-checklist.md`:
- Line 28: Update the casing of the formatting language reference in the
evidence checklist: replace the lowercase token `markdown` with the proper noun
`Markdown` in the item under the list (the line containing "`markdown` -
Detailed markdown list") so the documentation consistently uses the correct
capitalization.
- Around line 19-25: The SKILL.md docs do not mention the CLI short codes used
by the evidence-checklist command for the --category flag (admin, physical,
technical, org, policies); update SKILL.md to list these short codes and their
meanings (matching the descriptions in evidence-checklist.md) so users can
discover and use them; reference the --category flag and the evidence-checklist
command in the SKILL.md entry and include the default behavior (all categories)
to keep documentation consistent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: e67187ab-3eba-420d-939c-333726ed2745
📒 Files selected for processing (6)
plugins/frameworks/ch-fadp/.claude-plugin/plugin.jsonplugins/frameworks/ch-fadp/README.mdplugins/frameworks/ch-fadp/skills/ch-fadp-expert/SKILL.mdplugins/frameworks/us-hipaa-security/commands/assess.mdplugins/frameworks/us-hipaa-security/commands/evidence-checklist.mdplugins/frameworks/us-hipaa-security/skills/us-hipaa-security/SKILL.md
✅ Files skipped from review due to trivial changes (2)
- plugins/frameworks/ch-fadp/.claude-plugin/plugin.json
- plugins/frameworks/ch-fadp/README.md
🚧 Files skipped from review as they are similar to previous changes (1)
- plugins/frameworks/us-hipaa-security/commands/assess.md
| #### 5. Policies, Procedures, and Documentation (45 CFR §164.316) | ||
|
|
||
| **What It Governs**: Reasonable and appropriate policies, procedures, and documentation to comply with the Security Rule. | ||
|
|
||
| **Key Standards/Implementation Specifications**: | ||
|
|
||
| - **Policies and Procedures** (§164.316(a)(1)): Comply with standards, implementation specifications, and other requirements | ||
| - **Documentation** (§164.316(b)(1)-(2)): Maintain policies and procedures for 6 years from date of creation or last effective date, whichever is later | ||
|
|
||
| **Typical Evidence**: Written security policies, policy review/approval records, documentation retention evidence |
There was a problem hiding this comment.
Cross-file category naming inconsistency.
This section header uses "Policies, Procedures, and Documentation" (with "and" and Oxford comma), but the corresponding section in evidence-checklist.md at line 102 uses "Policies, Procedures & Documentation" (with ampersand, no Oxford comma).
The format used here is more appropriate for formal technical documentation. Consider updating evidence-checklist.md to match this style for consistency.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@plugins/frameworks/us-hipaa-security/skills/us-hipaa-security/SKILL.md`
around lines 113 - 122, The section header in SKILL.md uses "Policies,
Procedures, and Documentation (45 CFR §164.316)" but evidence-checklist.md uses
the variant "Policies, Procedures & Documentation"; update the header in
evidence-checklist.md to exactly match the SKILL.md wording ("Policies,
Procedures, and Documentation (45 CFR §164.316)") so both files use the same
formal phrasing and punctuation; ensure any internal anchors or references that
rely on the old header text are updated accordingly.
- Fix 'Policies, Procedures & Documentation' → 'Policies, Procedures, and Documentation' to match SKILL.md - Fix 'markdown' → 'Markdown' capitalization in format options - Fix 'Policies & Documentation' → 'Policies and Documentation' in category descriptions - Add evidence-checklist command documentation to SKILL.md with category short codes
…-checklist The "Related Commands" section pointed at `--framework=US-HIPAA-Security`, but gap-assessment accepts positional aliases only (see scf-client.js:240-242). Switches to the canonical `HIPAA` alias to match assess.md:45 and resolve correctly at runtime. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| **Penalty Tiers (per violation category per year)**: | ||
|
|
||
| - **Tier 1**: Lack of knowledge (reasonable diligence would not have known) - Minimum $100 per violation, max $25,000 | ||
| - **Tier 2**: Reasonable cause (not willful neglect) - Minimum $1,000 per violation, max $100,000 | ||
| - **Tier 3**: Willful neglect corrected within 30 days - Minimum $10,000 per violation, max $250,000 | ||
| - **Tier 4**: Willful neglect not corrected - Minimum $50,000 per violation, max $1.9 million |
There was a problem hiding this comment.
Penalty tiers contradict inflation-adjusted amounts in
assess.md
SKILL.md uses the pre-adjustment statutory floor/cap amounts (Tier 1 $100–$25k, Tier 4 $50k–$1.9M), while assess.md correctly cites the January 28, 2026 inflation-adjusted figures (Tier 1 $145–$73,011, Tier 4 $73,011–$2,190,294). A practitioner who consults the skill for penalty guidance will get stale numbers that differ significantly from the assess.md output, potentially leading them to understate OCR exposure. Align both files to the same adjusted schedule.
|
|
||
| ## How It Works | ||
|
|
||
| This command routes to `/grc-engineer:gap-assessment HIPAA` and leverages the SCF crosswalk to map HIPAA Security Rule implementation specifications to standardized compliance controls. |
There was a problem hiding this comment.
Wrong SCF framework ID —
HIPAA should be US-HIPAA-Security
plugin.json declares "scf_framework_id": "US-HIPAA-Security", and the ch-fadp sibling plugin correctly passes its full SCF ID ("emea-che-fadp-2025") to gap-assessment. Passing the bare alias HIPAA here may fail to resolve in the SCF crosswalk index, silently producing no findings or routing to the wrong framework. The same alias appears in SKILL.md line 306 and in evidence-checklist.md line 242 — all three should use the canonical ID.
Resolves conflicts on plugins/frameworks/ch-fadp/* introduced by GRCEngClub#87 merge: - Keep main's two new sensitive-data bullets (race/ethnicity, social assistance) - Apply branch's "Protected entities: natural persons only" correction — authoritative per kmu.admin.ch: the 2023 nFADP revision narrowed scope and legal persons are no longer covered (one of the 8 major changes). - Keep branch's "commands"/"skills" arrays in ch-fadp/plugin.json (CodeRabbit feedback from GRCEngClub#87 follow-up). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two broken external URLs were failing the lychee link-check on every PR: 1. mattpocock/skills/grill-me — Matt reorganized into category subdirectories; new path is skills/productivity/grill-me. 3 references updated (CHANGELOG.md, plugins/teach-me/README.md, plugins/teach-me/commands/quiz.md). 2. www.edoeb.admin.ch/edoeb/en/home.html — 301-redirects to /en, but lychee's user agent gets a bot-detection 500 from the FDPIC origin. Switched both ch-fadp references to the canonical /en URL. PRs #87, #89, and #90 all hit these failures.
Summary
Implements GitHub Issue #13: Create a fully-compliant HIPAA Security Rule framework plugin at Reference depth tier.
What Was Implemented
Plugin Structure
US-HIPAA-Security/grc-engineer:gap-assessment --framework=US-HIPAA-SecurityKey Features
SKILL.md Coverage:
Evidence Checklist:
--category,--format, and--audienceflagsMarketplace Registration
us-hipaa-securityunder Americas group in marketplace.jsonValidation
All validation checklist items pass:
feat/framework-us-hipaa-security-referenceus-hipaa-security/(matches namespace)/us-hipaa-security:assessroutes to gap-assessment/us-hipaa-security:evidence-checklistgenerates grouped checklistCommits
References
Summary by CodeRabbit
New Features
Documentation