Skip to content

Commit 54c668c

Browse files
montfortclaude
andauthored
docs(adopters): document China regulatory coverage in adopter guides (#56)
Updates the three adopter-facing docs (CLI-REFERENCE, ADOPTION-GUIDE, WORKFLOWS) in EN, ES, and zh-CN to reflect the China regulatory support shipped in fw-4.3.0 / cli-3.3.0. CLI-REFERENCE: - Documents the new --region flag and the six china-* values for --standard on `devtrail compliance`. - Documents the four new China DocTypes (pipia, cacfile, tc260ra, ailabel) on `devtrail new`, marked as opt-in. - Notes that twelve scope-aware validation rules (CROSS-004..011, TYPE-003..006) activate when `regional_scope` includes china. ADOPTION-GUIDE: - New "China Regulatory Coverage" subsection in Standards Compliance with a per-framework table (TC260, PIPL, GB 45438, CAC, GB/T 45652, CSL 2026). - New "Regional Regulatory Scope" subsection in Configuration showing the regional_scope YAML and what activates when china is added. WORKFLOWS: - New "China Regulatory Workflow" section covering one-time setup, the document bundle to create when adding a generative AI model, CSL incident reporting workflow, cross-border data transfer, and daily compliance checks. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 0f9219e commit 54c668c

9 files changed

Lines changed: 437 additions & 31 deletions

File tree

docs/adopters/ADOPTION-GUIDE.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,19 @@ DevTrail aligns with and supports compliance for:
145145
| **ISO/IEC 23894:2023** | AI risk management aligned with ETH and AI-RISK-CATALOG (Fase 3) |
146146
| **GDPR** | ETH documents with GDPR Legal Basis section, DPIA for privacy impact assessments |
147147

148+
### China Regulatory Coverage *(opt-in via `regional_scope: china`)*
149+
150+
| Standard | How DevTrail Helps |
151+
|----------|-------------------|
152+
| **TC260 AI Safety Governance Framework v2.0** | Five-level risk grading (TC260RA), `tc260_*` fields on ETH/MCARD/AILOG/SEC |
153+
| **PIPL — Personal Information Protection Law** | PIPIA template with PIPL Art. 55-56 sections, `pipl_*` fields, retention ≥ 3 years (`TYPE-003`) |
154+
| **GB 45438-2025** *(mandatory)* | AILABEL template covering explicit + implicit labeling for generative content |
155+
| **CAC Algorithm Filing** | CACFILE template with single + dual filing tracking; cross-checks from MCARD via `cac_filing_required` |
156+
| **GB/T 45652-2025** | Training-data security section in SBOM and MCARD; `gb45652_training_data_compliance` field |
157+
| **CSL 2026** | INC extension with `csl_severity_level`, deadline-coherence rules (1h / 4h+72h+30d windows) |
158+
159+
> Activate by adding `china` to `regional_scope` in `.devtrail/config.yml`. See the *Configuration* section below and the installed `CHINA-REGULATORY-FRAMEWORK.md` guide for details.
160+
148161
### Architecture Documentation
149162

150163
| Standard | How DevTrail Helps |
@@ -354,6 +367,28 @@ The CLI automatically:
354367

355368
## Configuration
356369

370+
### Regional Regulatory Scope
371+
372+
`.devtrail/config.yml` controls which compliance frameworks are evaluated by `devtrail compliance` and which document types are exposed by `devtrail new`:
373+
374+
```yaml
375+
regional_scope:
376+
- global # NIST AI RMF + ISO/IEC 42001 (always recommended)
377+
- eu # EU AI Act + GDPR
378+
- china # TC260 v2.0, PIPL/PIPIA, GB 45438, CAC, GB/T 45652, CSL 2026
379+
```
380+
381+
**Default if omitted**: `[global, eu]` — preserves the behavior of every DevTrail version prior to `fw-4.3.0`.
382+
383+
When you add `china` to the list:
384+
385+
- Four China-specific document types become available via `devtrail new`: `PIPIA`, `CACFILE`, `TC260RA`, `AILABEL`.
386+
- Six new compliance checkers run with `devtrail compliance` (or via `--region china` / `--standard china-*`).
387+
- Twelve scope-aware validation rules activate (`CROSS-004` to `CROSS-011`, `TYPE-003` to `TYPE-006`).
388+
- Five new governance guides are referenced from `.devtrail/00-governance/` (`CHINA-REGULATORY-FRAMEWORK.md`, plus per-framework guides for TC260, PIPL/PIPIA, CAC filing, and GB 45438 labeling) — all available in EN, ES, and zh-CN.
389+
390+
A project without `china` in `regional_scope` is unaffected: no new files, no new prompts, no new rules. Adding `china` later is fully reversible.
391+
357392
### Customizing Agent Identifiers
358393

359394
Each AI platform has its own configuration file that:

docs/adopters/CLI-REFERENCE.md

Lines changed: 59 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,8 @@ Validate DevTrail documents for compliance and correctness.
296296
- Sensitive information detection (API keys, passwords)
297297
- Related document existence
298298

299+
When `regional_scope` includes `china`, twelve additional rules activate (`CROSS-004` to `CROSS-011`, `TYPE-003` to `TYPE-006`) covering TC260 review escalation, PIPIA linkage from sensitive-data documents, CACFILE / AILABEL cross-references, CSL severity-to-deadline coherence, and PIPIA 3-year retention. Without `china` in scope, these rules are skipped — no false positives.
300+
299301
**Example:**
300302

301303
```bash
@@ -321,10 +323,10 @@ Create a new DevTrail document from a template.
321323
| Argument/Flag | Default | Description |
322324
|---------------|---------|-------------|
323325
| `path` | `.` (current directory) | Target project directory |
324-
| `--doc-type`, `-t` || Document type: `ailog`, `aidec`, `adr`, `eth`, `req`, `tes`, `inc`, `tde`, `sec`, `mcard`, `sbom`, `dpia` |
326+
| `--doc-type`, `-t` || Document type. Core (12): `ailog`, `aidec`, `adr`, `eth`, `req`, `tes`, `inc`, `tde`, `sec`, `mcard`, `sbom`, `dpia`. China (4, opt-in): `pipia`, `cacfile`, `tc260ra`, `ailabel`. |
325327
| `--title` || Title for the new document |
326328

327-
If `--doc-type` or `--title` are omitted, the command prompts interactively.
329+
If `--doc-type` or `--title` are omitted, the command prompts interactively. China-only types are filtered out of the prompt (and rejected from `-t`) when `regional_scope` does not include `china`.
328330

329331
**Examples:**
330332

@@ -353,31 +355,44 @@ $ devtrail new -t ailog --title "Implement JWT authentication"
353355

354356
---
355357

356-
### `devtrail compliance [path] [--standard <name>] [--all] [--output <format>]`
358+
### `devtrail compliance [path] [--standard <name>] [--region <name>] [--all] [--output <format>]`
357359

358-
Check regulatory compliance against EU AI Act, ISO/IEC 42001, and NIST AI RMF.
360+
Check regulatory compliance. By default, evaluates the standards whose region is in `regional_scope` from `.devtrail/config.yml` (default `[global, eu]`). Six Chinese frameworks are available opt-in when `china` is added to `regional_scope`.
359361

360362
**Arguments and flags:**
361363

362364
| Argument/Flag | Default | Description |
363365
|---------------|---------|-------------|
364366
| `path` | `.` (current directory) | Target project directory |
365-
| `--standard` || Check a specific standard: `eu-ai-act`, `iso-42001`, or `nist-ai-rmf` |
366-
| `--all` || Check all three standards |
367+
| `--standard` || Check a specific standard: `eu-ai-act`, `iso-42001`, `nist-ai-rmf`, `china-tc260`, `china-pipl`, `china-gb45438`, `china-cac`, `china-gb45652`, `china-csl` |
368+
| `--region` || Run all standards in a region: `global`, `eu`, `china`, or `all` |
369+
| `--all` || Check every standard, regardless of `regional_scope` |
367370
| `--output` | `text` | Output format: `text`, `markdown`, or `json` |
368371

369-
If neither `--standard` nor `--all` is specified, defaults to `--all`.
372+
Precedence: `--standard` > `--all` > `--region` > the project's `regional_scope`.
370373

371374
**What it checks:**
372375

376+
Global / EU (always available):
377+
373378
- **EU AI Act**: Risk classification, ethical review linkage, DPIA existence, incident reporting
374379
- **ISO/IEC 42001**: Governance policy, risk planning (ETH), operations documentation (AILOG/AIDEC), Annex A coverage
375380
- **NIST AI RMF**: MAP (AILOG), MEASURE (TES), MANAGE (ETH/INC), GOVERN (policy + ADR), GenAI risk coverage (12 NIST 600-1 categories)
376381

377-
**Example:**
382+
China (opt-in via `regional_scope: china`):
383+
384+
- **TC260 v2.0**: TC260RA exists; high/very-high/extremely-severe levels require review; the three grading criteria (scenario × intelligence × scale) are populated
385+
- **PIPL**: PIPIA exists when `pipl_applicable`; cross-border transfer documented; retention ≥ 3 years per Art. 56
386+
- **GB 45438**: AILABEL exists for generative content; both explicit and implicit labeling tracks declared; mandatory metadata fields populated
387+
- **CAC Algorithm Filing**: CACFILE exists when required; explicit `cac_filing_status`; `cac_filing_number` populated when status is `*_approved`
388+
- **GB/T 45652**: SBOM and MCARD declare training-data security compliance
389+
- **CSL 2026**: Every INC has `csl_severity_level`; deadline hours coherent with severity (1h ↔ particularly_serious, 4h ↔ relatively_major); 30-day post-mortem documented for major+ incidents
390+
391+
**Examples:**
378392

379393
```bash
380-
$ devtrail compliance --all
394+
# Default: runs only standards whose region is in regional_scope
395+
$ devtrail compliance
381396
DevTrail Compliance
382397
/home/user/my-project
383398
12 document(s) analyzed
@@ -395,18 +410,47 @@ $ devtrail compliance --all
395410
✓ [ISO-004] Annex A control coverage (6/6 groups)
396411

397412
■ NIST AI RMF 60%
398-
✓ [NIST-MAP-001] MAP function AI actions documented (AILOG)
399-
✓ [NIST-MEASURE-001] MEASURE function Test plans exist (TES)
400-
✓ [NIST-MANAGE-001] MANAGE function Risk management documented (ETH + INC)
401-
✓ [NIST-GOVERN-001] GOVERN function Governance policy and decisions documented
402413
~ [NIST-GENAI-001] GenAI risk coverage — NIST AI 600-1 (4/12 categories)
403414

404415
Overall compliance: 78%
405416

406-
$ devtrail compliance --standard eu-ai-act --output json
407-
[{"standard":"EuAiAct","checks":[...],"score":75.0}]
417+
# Run only the six Chinese frameworks (requires regional_scope: china)
418+
$ devtrail compliance --region china
419+
■ China TC260 v2.0 67%
420+
✓ [TC260-001] At least one TC260 Risk Assessment (TC260RA) is present
421+
~ [TC260-002] High / very-high / extremely-severe TC260 levels mandate review
422+
✗ [TC260-003] TC260RA documents specify scenario × intelligence × scale
423+
424+
■ China PIPL 100%
425+
✓ [PIPL-001] PIPIA exists when pipl_applicable is true
426+
✓ [PIPL-002] Documents handling sensitive personal info link to a PIPIA
427+
✓ [PIPL-003] Cross-border personal info transfer is documented in a PIPIA
428+
✓ [PIPL-004] PIPIA retention is ≥ 3 years per PIPL Art. 56
429+
430+
■ China GB 45438 ...
431+
■ China CAC Algorithm Filing ...
432+
■ China GB/T 45652 ...
433+
■ China CSL 2026 ...
434+
435+
# A single Chinese framework
436+
$ devtrail compliance --standard china-pipl --output json
437+
[{"standard":"ChinaPipl","standard_label":"China PIPL","checks":[...],"score":100.0}]
438+
439+
# Force every standard, ignoring regional_scope
440+
$ devtrail compliance --all
408441
```
409442

443+
> **Activation note**: Chinese frameworks evaluate only when you opt in. Add to `.devtrail/config.yml`:
444+
>
445+
> ```yaml
446+
> regional_scope:
447+
> - global
448+
> - eu
449+
> - china
450+
> ```
451+
>
452+
> Use `--standard china-*` or `--region china` to run them ad-hoc even when not in scope. See the `CHINA-REGULATORY-FRAMEWORK.md` guide installed under `.devtrail/00-governance/`.
453+
410454
---
411455
412456
### `devtrail metrics [path] [--period <period>] [--output <format>]`

docs/adopters/WORKFLOWS.md

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,67 @@ When multiple team members use AI assistants on the same project:
157157

158158
---
159159

160+
## China Regulatory Workflow *(opt-in)*
161+
162+
If your project operates in mainland China or processes personal information of mainland China users, enable the China scope and follow this workflow.
163+
164+
### One-time Setup
165+
166+
1. Edit `.devtrail/config.yml` and add `china` to `regional_scope`:
167+
```yaml
168+
regional_scope:
169+
- global
170+
- eu # if also EU-subject
171+
- china
172+
```
173+
2. Run `devtrail compliance --region china` to see the baseline (all checks will fail until you create the supporting documents).
174+
3. Read the guides installed under `.devtrail/00-governance/`:
175+
- `CHINA-REGULATORY-FRAMEWORK.md` — overview and coverage matrix
176+
- `TC260-IMPLEMENTATION-GUIDE.md` — five-level risk grading
177+
- `PIPL-PIPIA-GUIDE.md` — when a PIPIA is required and what it must contain
178+
- `CAC-FILING-GUIDE.md` — single vs dual filing, status lifecycle
179+
- `GB-45438-LABELING-GUIDE.md` — explicit + implicit labeling design
180+
181+
### When You Add a Generative AI Model
182+
183+
Bundle of documents to create together (cross-linked via `related:`):
184+
185+
| Document | Purpose | Required when |
186+
|----------|---------|---------------|
187+
| `MCARD` | Model card with `cac_filing_required`, `gb45438_applicable`, `tc260_risk_level` | Always for in-scope models |
188+
| `TC260RA` | Risk grading (scenario × intelligence × scale → 5 levels) | Always |
189+
| `AILABEL` | Explicit + implicit labeling per GB 45438 | When the model generates content |
190+
| `CACFILE` | Algorithm filing record | When `cac_filing_required: true` |
191+
| `PIPIA` | Personal-info impact assessment (Art. 55-56) | When personal info is processed |
192+
| `SBOM` | Training-data inventory + GB/T 45652 compliance | Always |
193+
194+
`devtrail compliance --region china` confirms the bundle is complete.
195+
196+
### When an Incident Occurs
197+
198+
The `INC` template includes a *CSL 2026 Incident Reporting* section. Set:
199+
200+
```yaml
201+
csl_severity_level: relatively_major # or particularly_serious | major | general
202+
csl_report_deadline_hours: 4 # 1 for particularly_serious, 4 for relatively_major
203+
```
204+
205+
`devtrail validate` enforces severity-to-deadline coherence (`CROSS-008`, `CROSS-009`). Major+ incidents must be closed (status `accepted`) within 30 days for the `CSL-003` check to pass.
206+
207+
### Cross-Border Data Transfer
208+
209+
When a process involves transferring personal information out of mainland China, set `pipl_cross_border_transfer: true` on the PIPIA and document the chosen mechanism (CAC security assessment / certification / standard contract) in the *Cross-Border Transfer Analysis* section. `CROSS-011` will warn if none is documented.
210+
211+
### Daily Compliance Check
212+
213+
```bash
214+
# Before merging a feature branch that touches AI services
215+
devtrail validate # cross-rules including CROSS-004..011
216+
devtrail compliance --region china # per-framework score
217+
```
218+
219+
---
220+
160221
## Understanding Versions
161222

162223
DevTrail uses **independent versioning** for its two components:

docs/i18n/es/adopters/ADOPTION-GUIDE.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,19 @@ DevTrail se alinea con y soporta cumplimiento para:
159159
| **NIST AI RMF** | Documentación de riesgos en registros de decisión |
160160
| **IEEE 7000** | Consideraciones éticas en documentos ETH |
161161

162+
### Cobertura Regulatoria China *(opt-in vía `regional_scope: china`)*
163+
164+
| Estándar | Cómo Ayuda DevTrail |
165+
|----------|---------------------|
166+
| **TC260 AI Safety Governance Framework v2.0** | Clasificación de riesgo en 5 niveles (TC260RA), campos `tc260_*` en ETH/MCARD/AILOG/SEC |
167+
| **PIPL — Personal Information Protection Law** | Plantilla PIPIA con secciones del Art. 55-56, campos `pipl_*`, retención ≥ 3 años (`TYPE-003`) |
168+
| **GB 45438-2025** *(obligatorio)* | Plantilla AILABEL cubriendo etiquetado explícito + implícito para contenido generativo |
169+
| **CAC Algorithm Filing** | Plantilla CACFILE con seguimiento de registro simple + dual; cross-checks desde MCARD vía `cac_filing_required` |
170+
| **GB/T 45652-2025** | Sección de seguridad de datos de entrenamiento en SBOM y MCARD; campo `gb45652_training_data_compliance` |
171+
| **CSL 2026** | Extensión de INC con `csl_severity_level`, reglas de coherencia de plazos (ventanas 1h / 4h+72h+30d) |
172+
173+
> Activar añadiendo `china` a `regional_scope` en `.devtrail/config.yml`. Ver la sección *Configuración* abajo y la guía instalada `CHINA-REGULATORY-FRAMEWORK.md` para detalles.
174+
162175
---
163176

164177
## Ruta de Adopción A: Proyectos Nuevos
@@ -346,6 +359,28 @@ El CLI automáticamente:
346359

347360
## Configuración
348361

362+
### Alcance Regulatorio Regional
363+
364+
`.devtrail/config.yml` controla qué frameworks de cumplimiento evalúa `devtrail compliance` y qué tipos de documento expone `devtrail new`:
365+
366+
```yaml
367+
regional_scope:
368+
- global # NIST AI RMF + ISO/IEC 42001 (siempre recomendado)
369+
- eu # EU AI Act + GDPR
370+
- china # TC260 v2.0, PIPL/PIPIA, GB 45438, CAC, GB/T 45652, CSL 2026
371+
```
372+
373+
**Default si se omite**: `[global, eu]` — preserva el comportamiento de toda versión de DevTrail anterior a `fw-4.3.0`.
374+
375+
Cuando añades `china` a la lista:
376+
377+
- Cuatro tipos de documento específicos de China están disponibles vía `devtrail new`: `PIPIA`, `CACFILE`, `TC260RA`, `AILABEL`.
378+
- Seis nuevos checkers de cumplimiento se ejecutan con `devtrail compliance` (o vía `--region china` / `--standard china-*`).
379+
- Doce reglas de validación scope-aware se activan (`CROSS-004` a `CROSS-011`, `TYPE-003` a `TYPE-006`).
380+
- Cinco nuevas guías de gobernanza referenciadas desde `.devtrail/00-governance/` (`CHINA-REGULATORY-FRAMEWORK.md`, más guías por framework para TC260, PIPL/PIPIA, registro CAC, y etiquetado GB 45438) — todas disponibles en EN, ES y zh-CN.
381+
382+
Un proyecto sin `china` en `regional_scope` no se ve afectado: ningún archivo nuevo, ningún prompt nuevo, ninguna regla nueva. Añadir `china` después es totalmente reversible.
383+
349384
### Personalizar Identificadores de Agente
350385

351386
Cada plataforma de IA tiene su propio archivo de configuración que:

docs/i18n/es/adopters/CLI-REFERENCE.md

Lines changed: 44 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,8 @@ Valida documentos DevTrail verificando cumplimiento y corrección.
278278
- `SEC-001`: No contiene información sensible
279279
- `OBS-001`: Tag observabilidad requiere sección de alcance
280280

281+
Cuando `regional_scope` incluye `china`, se activan doce reglas adicionales (`CROSS-004` a `CROSS-011`, `TYPE-003` a `TYPE-006`) que cubren escalado de revisión TC260, vínculo PIPIA desde documentos con datos sensibles, cross-references de CACFILE / AILABEL, coherencia severidad-deadline CSL, y retención de 3 años de PIPIA. Sin `china` en scope, estas reglas se omiten — sin falsos positivos.
282+
281283
**Código de salida:** 0 si no hay errores (warnings OK), 1 si hay errores.
282284

283285
---
@@ -291,10 +293,10 @@ Crea un nuevo documento DevTrail a partir de una plantilla.
291293
| Argumento/Flag | Default | Descripción |
292294
|----------------|---------|-------------|
293295
| `path` | `.` (directorio actual) | Directorio del proyecto |
294-
| `--doc-type`, `-t` || Tipo de documento: `ailog`, `aidec`, `adr`, `eth`, `req`, `tes`, `inc`, `tde`, `sec`, `mcard`, `sbom`, `dpia` |
296+
| `--doc-type`, `-t` || Tipo de documento. Core (12): `ailog`, `aidec`, `adr`, `eth`, `req`, `tes`, `inc`, `tde`, `sec`, `mcard`, `sbom`, `dpia`. China (4, opt-in): `pipia`, `cacfile`, `tc260ra`, `ailabel`. |
295297
| `--title` || Título del documento |
296298

297-
Si no se especifica `--doc-type` o `--title`, se solicitan de forma interactiva.
299+
Si no se especifica `--doc-type` o `--title`, se solicitan de forma interactiva. Los tipos chinos se filtran del prompt (y se rechazan en `-t`) cuando `regional_scope` no incluye `china`.
298300

299301
**Ejemplos:**
300302

@@ -323,20 +325,55 @@ $ devtrail new -t ailog --title "Refactorizar módulo de pagos"
323325

324326
---
325327

326-
### `devtrail compliance [path] [--standard <nombre>] [--all] [--output <formato>]`
328+
### `devtrail compliance [path] [--standard <nombre>] [--region <nombre>] [--all] [--output <formato>]`
327329

328-
Verifica cumplimiento regulatorio contra EU AI Act, ISO/IEC 42001 y NIST AI RMF.
330+
Verifica cumplimiento regulatorio. Por defecto evalúa los estándares cuya región esté incluida en `regional_scope` de `.devtrail/config.yml` (default `[global, eu]`). Seis frameworks chinos disponibles opt-in cuando `china` se añade a `regional_scope`.
329331

330332
**Argumentos y flags:**
331333

332334
| Argumento/Flag | Default | Descripción |
333335
|----------------|---------|-------------|
334336
| `path` | `.` (directorio actual) | Directorio del proyecto |
335-
| `--standard` || Verificar estándar específico: `eu-ai-act`, `iso-42001`, o `nist-ai-rmf` |
336-
| `--all` || Verificar los tres estándares |
337+
| `--standard` || Verificar estándar específico: `eu-ai-act`, `iso-42001`, `nist-ai-rmf`, `china-tc260`, `china-pipl`, `china-gb45438`, `china-cac`, `china-gb45652`, `china-csl` |
338+
| `--region` || Ejecutar todos los estándares de una región: `global`, `eu`, `china`, o `all` |
339+
| `--all` || Verificar todos los estándares (ignora `regional_scope`) |
337340
| `--output` | `text` | Formato de salida: `text`, `markdown`, o `json` |
338341

339-
Si no se especifica `--standard` ni `--all`, por defecto ejecuta `--all`.
342+
Precedencia: `--standard` > `--all` > `--region` > el `regional_scope` del proyecto.
343+
344+
**Estándares chinos (opt-in vía `regional_scope: china`):**
345+
346+
- **TC260 v2.0**: existe TC260RA; niveles altos requieren review; los tres criterios (escenario × inteligencia × escala) están completos
347+
- **PIPL**: PIPIA cuando `pipl_applicable: true`; transferencia transfronteriza documentada; retención ≥ 3 años (Art. 56)
348+
- **GB 45438**: AILABEL para contenido generativo; estrategia explícita + implícita declaradas; campos de metadata mandatorios
349+
- **CAC**: CACFILE cuando es requerido; `cac_filing_status` explícito; `cac_filing_number` cuando el estado es `*_approved`
350+
- **GB/T 45652**: SBOM y MCARD declaran cumplimiento de seguridad de datos de entrenamiento
351+
- **CSL 2026**: cada INC con `csl_severity_level`; horas coherentes con severidad (1h ↔ particularly_serious, 4h ↔ relatively_major); post-mortem 30 días para incidentes major+
352+
353+
**Ejemplos:**
354+
355+
```bash
356+
# Default: solo estándares cuya región esté en regional_scope
357+
$ devtrail compliance
358+
359+
# Los seis frameworks chinos (requiere regional_scope: china)
360+
$ devtrail compliance --region china
361+
362+
# Un solo framework chino
363+
$ devtrail compliance --standard china-pipl --output json
364+
365+
# Todos los estándares ignorando regional_scope
366+
$ devtrail compliance --all
367+
```
368+
369+
> **Activación**: para evaluar los frameworks chinos automáticamente, añadir a `.devtrail/config.yml`:
370+
>
371+
> ```yaml
372+
> regional_scope:
373+
> - global
374+
> - eu
375+
> - china
376+
> ```
340377
341378
---
342379

0 commit comments

Comments
 (0)