ArcKit Contributors

First external code contributor to ArcKit. Fixed document generation issues and improved output quality across multiple commands.

• Fixed stakeholder analysis generation
• Improved template formatting consistency
• Multiple merged pull requests

Contributed improvements to business architecture commands and documentation quality enhancements.

• Business architecture improvements
• Documentation quality enhancements

Contributed cross-platform compatibility fixes ensuring ArcKit works reliably on Windows alongside macOS and Linux.

• Windows compatibility fixes
• Cross-platform script improvements

Contributed 19 community-developed regulatory compliance commands covering EU regulations (GDPR, NIS2, AI Act, DORA, CRA, DSA, Data Act) and French government standards (SecNumCloud, ANSSI, EBIOS, CNIL, DINUM, PSSI, DR, IRN, and more). Domain maintainer for these commands via .github/CODEOWNERS — auto-requested for review on changes to eu-* / fr-* commands and templates. Largest single contribution to date.

• 7 EU regulatory compliance commands
• 12 French government & ANSSI commands
• Templates, quality checklists, and per-format converter outputs

Authored the original situation report that motivated a non-UK overlay and took on domain maintenance for the Austrian regulatory commands — DSG / DSGVO (Datenschutzbehörde, §§12–13 image processing, ELGA/GTelG, §96a ArbVG, age-14 consent), NISG 2024 (NIS2 transposition, GovCERT reporting, KSÖ), and BVergG 2018 public procurement (Oberschwellen/Unterschwellen, ANKÖ, Bestbieterprinzip, BVwG review). Verified and tightened citations beyond the initial seed.

• 3 Austrian government & regulatory commands
• Templates and quality checklist sections
• Citation verification pass across all AT commands

Authored the Australian Federal / DISP-supplier overlay end-to-end against a real Australian SMB engagement (DISP Level 2 in progress, OFFICIAL:Sensitive). Validated all eight original commands across nine evaluation runs producing ~4,093 lines of compliance artefacts with a 25/25 scorecard pass and zero UK-framework leakage. Recipe topology, doc-type registrations (including the corrective inclusion of the CA regime that had been missing since v4.15.0), and converter outputs all verified before submission. Subsequently extended the federal overlay with cross-sector OT security and SOCI/CIRMP commands (#539), then authored ArcKit's first Australian sector overlay, arckit-au-energy (#549), layering AESCSF and energy-market compliance on the federal baseline with two public synthetic evaluation fixtures (an applicable DNSP case and a non-SOCI supplier negative case).

• 10 Australian Federal & DISP-supplier commands (ASD Essential Eight, ISM, DTA DSS, Privacy Act 1988 PIA, OAIC NDB, PSPF, AI Assurance, DISP attestation, OT security, SOCI/CIRMP)
• arckit-au-energy sector overlay — au-aescsf + au-energy-compliance commands and the au-energy recipe (22 targets), composing the arckit-au federal baseline
• au-federal build recipe (35 targets, 9 build waves) + validation scorecards with reproducible mechanical-grep evidence

Proposed and implemented user_config defaulting in command and agent Document Control instructions — wiring the existing default_classification plugin setting into the [CLASSIFICATION] field so artefacts pick up the user's configured default automatically (#492, salvaged from #396).

• ${user_config.default_classification} default across 38 commands and 8 agents
• Preserved per-command fallback wording (OFFICIAL / PUBLIC / INTERNAL variants)

Corrected ArcKit's UK accessibility target from the superseded WCAG 2.1 AA to the current WCAG 2.2 AA across the service-assessment command (GDS Service Standard Point 5 evidence checks) and five core templates (#542). Verified against current GOV.UK monitoring guidance and the Public Sector Bodies Accessibility (EU-Exit Amendment) Regulations 2022, and confirmed the French, Canadian, and Australian overlays were already correct so they were deliberately left unchanged.

• WCAG 2.2 AA correction across service-assessment and 5 core templates
• Sourced against GOV.UK, legislation.gov.uk, and DWP accessibility guidance
• Jurisdictional overlays validated and correctly left unchanged

Author of the SAFETY.md spec v2.0.0-draft that the arckit-uk-nhs overlay adopts verbatim for NHS DCB0129 / DCB0160 file naming and YAML-frontmatter hazard log. Clinical informatician and developer at RCPCH (Royal College of Paediatrics and Child Health), openEHR, and NHS England; multiple prior iterations on machine-readable clinical-safety documentation (DCB0129 markdown → DCB0129 templated → SAFETY.md). Engaged on issue #424 with the offer to contribute and maintain the NHS clinical-safety overlay.

• SAFETY.md spec v2.0.0-draft — convention-driven clinical-safety documentation standard adopted by the overlay
• 3-file output convention (SAFETY.md / SAFETY-CASE.md / HAZARD-LOG.md) with YAML-frontmatter hazard structure
• DCB0129 1–5 severity / likelihood scoring scale and open / mitigated / accepted / closed status vocabulary

Requested multi-AI support, helping drive ArcKit's expansion beyond Claude Code to Codex CLI, Gemini CLI, and OpenCode CLI.

• Requested multi-AI assistant support
• Influenced the quad-distribution model

Identified and reported issues with command execution, helping improve reliability and error handling.

• Reported command execution issues
• Helped improve error handling

Suggested improvements to cloud research capabilities and integration patterns for enterprise workflows.

• Cloud research improvement suggestions
• Enterprise workflow feedback

Reported documentation and usability issues, contributing to a smoother onboarding experience for new users.

• Reported documentation issues
• Improved onboarding experience

Reported a malformed agent role definition error in generated Codex CLI .toml files (#269), which was traced to a missing name field in the converter and fixed in v4.6.2.

• Identified Codex agent TOML schema bug
• Clear repro steps with full error logs
• Fix shipped in v4.6.2

Reported that the secret-scanner hooks (secret-file-scanner.mjs / secret-detection.mjs) false-positived on code and IaC that references a secret rather than hardcoding it — e.g. secret = module.sm.secret_ids["x"] (Terraform), password = var.db_password, api_key = process.env.API_KEY — blocking exactly the secure pattern the hook should encourage (#590, fixed in #591). Provided root-cause analysis, a minimal repro, a proposed reference-guard regex, and a verified before/after test matrix.

• Pinpointed the over-broad \S+ value match in the generic key-value rules
• Repro, proposed fix, and verified test table covering references vs. literals
• Motivated a provider-agnostic reference guard plus a cross-hook sync regression test