You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: add opt-in China regulatory coverage (fw-4.3.0, cli-3.3.0) (#55)
Adds support for six Chinese AI / data regulations as an opt-in regional
scope. Existing projects are unaffected — Chinese frameworks activate only
when `regional_scope: china` is added to `.devtrail/config.yml`.
Frameworks covered:
- TC260 AI Safety Governance Framework v2.0 (five-level risk grading)
- PIPL + PIPIA (Art. 55-56, retention >= 3 years)
- GB 45438-2025 (mandatory AI-generated content labeling)
- CAC Algorithm Filing (single + dual filing process)
- GB/T 45652-2025 (pre-training & fine-tuning data security)
- CSL 2026 incident reporting (1h / 4h+72h+30d windows)
Framework changes (4.3.0):
- 4 new templates: TEMPLATE-PIPIA, TEMPLATE-CACFILE, TEMPLATE-TC260RA,
TEMPLATE-AILABEL — translated to es and zh-CN.
- 5 new governance guides under .devtrail/00-governance/ with full es and
zh-CN translations.
- China-specific sections appended to MCARD, DPIA, INC, ETH, SBOM, AILOG,
activated only when regional_scope includes china.
- regional_scope field documented in .devtrail/config.yml.
CLI changes (3.3.0):
- 4 new DocType variants: Pipia, Cacfile, Tc260ra, Ailabel — filtered out
of `devtrail new` unless china is in scope.
- 6 new Standard variants and checkers; new --region <global|eu|china|all>
flag on `devtrail compliance`.
- 12 new validation rules (CROSS-004..011, TYPE-003..006), scope-aware.
- 20 new optional frontmatter fields covering all six profiles.
- 30+ new tests (unit + integration).
Notes:
- TC260 v2.0 is treated as Recommended (not yet a binding GB).
- CSL 2026 windows are enforced as cross-rules; DevTrail documents intent
and plan, not actual submission to authorities.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevTrail now supports six Chinese AI / data regulations as an opt-in regional scope. Existing projects are unaffected — Chinese frameworks activate only when `regional_scope: china` is added to `.devtrail/config.yml`.
13
+
14
+
### Added (Framework)
15
+
- 4 new document templates: `TEMPLATE-PIPIA.md`, `TEMPLATE-CACFILE.md`, `TEMPLATE-TC260RA.md`, `TEMPLATE-AILABEL.md` — translated to `es` and `zh-CN`.
16
+
- 5 new governance guides under `dist/.devtrail/00-governance/` — `CHINA-REGULATORY-FRAMEWORK.md`, `TC260-IMPLEMENTATION-GUIDE.md`, `PIPL-PIPIA-GUIDE.md`, `CAC-FILING-GUIDE.md`, `GB-45438-LABELING-GUIDE.md` — with full `es` and `zh-CN` translations.
17
+
- China-specific sections appended to `TEMPLATE-MCARD`, `TEMPLATE-DPIA`, `TEMPLATE-INC`, `TEMPLATE-ETH`, `TEMPLATE-SBOM`, `TEMPLATE-AILOG` — activated by `regional_scope: china`.
18
+
-`regional_scope` field documented in `.devtrail/config.yml` with explanatory comments. Default `[global, eu]` preserves backward compatibility.
19
+
20
+
### Added (CLI)
21
+
- 4 new `DocType` variants: `Pipia`, `Cacfile`, `Tc260ra`, `Ailabel`. Filtered out of `devtrail new` unless `china` is in `regional_scope`.
22
+
- 6 new `Standard` variants and checkers: `china-tc260`, `china-pipl`, `china-gb45438`, `china-cac`, `china-gb45652`, `china-csl`.
23
+
- New `--region <global|eu|china|all>` flag on `devtrail compliance`. The default behavior now respects `regional_scope` from config; `--all` still runs every standard.
24
+
-`devtrail compliance --standard <name>` accepts six new identifiers.
25
+
- 12 new validation rules: `CROSS-004` through `CROSS-011` and `TYPE-003` through `TYPE-006`. China rules are skipped when `china` is not in scope.
26
+
- 20 new optional frontmatter fields covering TC260, PIPL, GB 45438, CAC, GB/T 45652, and CSL profiles.
27
+
-`devtrail metrics` document-count breakdown now includes the 4 China-specific types when present.
28
+
- 30+ new tests (unit + integration) covering checkers, validation, config, and the opt-in dispatch.
29
+
30
+
### Notes
31
+
- TC260 v2.0 is treated as `Recommended` (not yet a binding GB). Status will be promoted in a future release if it is published as a GB.
32
+
- CSL 2026 reporting windows (1h / 4h+72h+30d) are enforced as cross-rules but DevTrail does not validate actual submission to authorities — it documents intent and plan.
33
+
34
+
---
35
+
10
36
## CLI 3.2.5 — Smarter Table Column Allocation in `explore`
|**TC260RA** ⚪ | TC260 Risk Assessment (China) | Five-level risk grading per AI Safety Framework v2.0 |
66
+
|**AILABEL** ⚪ | GB 45438 Content Labeling Plan (China) | Explicit + implicit labeling for generative AI |
67
+
68
+
⚪ Available only when `regional_scope: china` is enabled in `.devtrail/config.yml` — see [China Regulatory Compliance](#china-regulatory-compliance--中国合规) below.
62
69
63
70
### 📐 Standards Alignment
64
71
@@ -73,6 +80,17 @@ Twelve document types covering the full development lifecycle:
73
80
|**GDPR**| Data protection in ETH/DPIA |
74
81
|**OpenTelemetry**| Observability (optional) |
75
82
83
+
#### China Regulatory Coverage — opt-in via `regional_scope: china`
-**`devtrail analyze`** — Code complexity analysis (cognitive + cyclomatic) powered by [arborist-metrics](https://github.com/StrangeDaysTech/arborist), our open-source Rust library for multi-language code metrics
108
126
-**`devtrail audit`** — Audit trail reports with timeline, traceability maps, and HTML export
109
127
-**Pre-commit hooks** + **GitHub Actions** for CI/CD validation
110
128
111
129
---
112
130
131
+
## China Regulatory Compliance — 中国合规
132
+
133
+
DevTrail covers six Chinese AI / data regulations as an **opt-in** regional scope: **TC260 AI Safety Governance Framework v2.0**, **PIPL** (Personal Information Protection Law), **GB 45438-2025** (mandatory AI content labeling), **CAC Algorithm Filing**, **GB/T 45652-2025**, and the **CSL 2026** incident-reporting amendments. Activate by adding `regional_scope: china` to `.devtrail/config.yml`; projects without it are unaffected.
134
+
135
+
When enabled, four China-specific document types (PIPIA, CACFILE, TC260RA, AILABEL) become available, twelve validation rules begin to enforce the new cross-references, and `devtrail compliance --region china` produces a per-framework score. Detailed guides live under `.devtrail/00-governance/` (`CHINA-REGULATORY-FRAMEWORK.md`, `TC260-IMPLEMENTATION-GUIDE.md`, `PIPL-PIPIA-GUIDE.md`, `CAC-FILING-GUIDE.md`, `GB-45438-LABELING-GUIDE.md`).
0 commit comments