Back to ArcKit

Choose a guide when you know the outcome you need but want the ArcKit AI harness workflow, prerequisites, and example command sequence. For a searchable list of every command and dependency, use the ArcKit command reference.

LIVE Production-ready
BETA Feature-complete
ALPHA Working, limited testing
EXPERIMENTAL Early adopters

|

Getting Started 11 guides

Discovery 10 guides

Planning 7 guides

Architecture 12 guides

Wardley Mapping 5 guides

Governance 17 guides

Compliance 12 guides

UK Government Reference 7 guides

Policy and standards reference material that complements the command guides above.

Community overlays — EU 7 guides

Community-contributed EU regulation overlays. Not part of the officially-maintained baseline.

Community overlays — France 12 guides

Community-contributed French public-sector overlays. Not part of the officially-maintained baseline.

Community overlays — Austria 3 guides

Community-contributed Austrian regulatory overlays. Not part of the officially-maintained baseline.

Canada Federal Overlay 12 guides

Community-contributed overlay supporting Canadian federal entities. FITAA (Bill C-70 2024), Privacy Act PIA, ATIP reconciliation, TBS Algorithmic Impact Assessment, Charter rights design review, ITSG-33, Security of Information Act handling, sovereign cloud residency, GC Digital Standards, Official Languages Act, federal procurement (PSPC + PSAB), and First Nations OCAP®. Solo-maintained by @tractorjuice; recruiting a Canadian federal domain co-maintainer before any official-tier promotion. Output should be reviewed by qualified Canadian counsel, departmental ATIP coordinator, and (for FITAA) the Office of the Commissioner of Foreign Influence Transparency before reliance.

  • Canada FITAA Compliance EXPERIMENTAL Foreign Influence Transparency and Accountability Act (Bill C-70 2024) — activity scoping, arrangement register, public vs protected views, Charter §2 risk register
  • Canada Privacy Impact Assessment EXPERIMENTAL Privacy Act + TBS Directive on PIA — personal-information inventory, lawful authority, OPC notification trigger, mitigation tracker
  • Canada ATIP Reconciliation EXPERIMENTAL Access to Information Act exemption mapping (§13–§24), Privacy Act §4–§8 register, severance design for hybrid public/protected systems
  • Canada Algorithmic Impact Assessment EXPERIMENTAL TBS Directive on Automated Decision-Making — Levels I–IV scoring, transparency notice, peer review trigger, human-in-the-loop
  • Canada Charter Rights Design Review EXPERIMENTAL s.2 / s.7 / s.8 / s.15 analysis with Oakes proportionality and DOJ counsel sign-off block
  • Canada ITSG-33 Statement of Applicability EXPERIMENTAL CSE control profiles + TBS Standard on Security Categorization (Protected A/B/C, SECRET, TOP SECRET) with CMVP cryptography and supply-chain controls
  • Canada Security of Information Act Handling EXPERIMENTAL SOI register, marking matrix, transmission channels, compartments, CSIS Act §16/§19 coordination, breach response
  • Canada Sovereign Cloud Residency EXPERIMENTAL GC Cloud Adoption Strategy — sovereign options matrix (AWS / Azure / GCP Canada), CLOUD Act exposure, exit and portability plan
  • Canada GC Digital Standards Conformance EXPERIMENTAL Conformance scorecard against the 10 Government of Canada Digital Standards with maturity roadmap
  • Canada Official Languages Act Review EXPERIMENTAL Parts IV (services) / V (language of work) / VI (federal language obligations) — service-equivalence matrix EN/FR, active offer, Translation Bureau pipeline
  • Canada Federal Procurement Strategy EXPERIMENTAL PSPC Supply Manual — Standing Offer / AgileIQ / RFP, Procurement Strategy for Indigenous Business (PSAB 5%), CFTA / CETA thresholds, security-clearance lead times
  • Canada First Nations OCAP® Sovereignty EXPERIMENTAL First Nations Principles of OCAP® with FNIGC pre-engagement gate, USAI / ITK considerations. Not a substitute for direct community engagement.

UAE Federal Overlay 14 guides

Community-contributed overlay supporting UAE federal entities under the 23 April 2026 Cabinet agentic-AI decree. PDPL, IAS, sovereign cloud residency, UAE Pass, the four Cabinet instruments, AI Charter, autonomy tier, and federal procurement. Solo-maintained by @tractorjuice; recruiting a UAE domain co-maintainer before any official-tier promotion. Output should be reviewed by qualified UAE federal compliance counsel before reliance.

Australian Federal / Energy Overlay 13 guides

Community-contributed overlay covering Australian Federal Government, DISP-supplier, cross-sector critical infrastructure, and Australian energy-sector compliance. Adds AU energy guidance for AESCSF, AER ring-fencing, NER/NGR, AEMO obligations, IT/OT evidence, privacy, NDB, traceability, diagrams/data flows, data modelling, and ADR decisions. Domain co-maintainer: @royster70. AU energy fixtures are synthetic, including personas, and intended for public eval/regression use. Output should be reviewed by qualified Australian Federal and energy-sector compliance specialists before reliance.

  • AU Federal Overlay Maintenance & Citation Register EXPERIMENTAL Citation register with verification dates, quarterly review cadence, known limitations, domain co-maintainer context
  • AU Essential Eight Maturity Posture EXPERIMENTAL ASD Essential Eight ML0–ML3 maturity assessment across the 8 mitigation strategies; DISP-aligned ML2 baseline
  • AU Privacy Impact Assessment EXPERIMENTAL Privacy Act 1988 PIA against the 13 APPs; Tranche 1 reforms; APP 8 cross-border disclosure; OAIC notification posture
  • AU DTA Digital Service Standard Conformance EXPERIMENTAL 13-criterion conformance assessment; WCAG 2.2 AA; Commonwealth Procurement Rules (November 2025 overhaul)
  • AU ISM Statement of Applicability EXPERIMENTAL ASD ISM Statement of Applicability across the 17 control domains; IRAP-assessable posture; cloud inheritance
  • AU Notifiable Data Breach Response Playbook EXPERIMENTAL Operational playbook under Privacy Act Part IIIC; eligible-data-breach assessment; 30-day investigation clock; notification workflow
  • AU OT Security Assessment EXPERIMENTAL ASD operational technology cyber security guidance; architecture visibility, secure connectivity, remote/vendor access, safety and recovery constraints
  • AU SOCI CIRMP Governance Pack EXPERIMENTAL SOCI Act / Critical Infrastructure Risk Management Program evidence pack; critical asset applicability, hazard domains, incident reporting, annual report readiness
  • AU AESCSF Maturity Assessment EXPERIMENTAL Australian Energy Sector Cyber Security Framework maturity assessment composed with AU E8, ISM, optional OT security, optional SOCI/CIRMP, diagrams, data flows, and traceability
  • AU Energy Compliance Pack EXPERIMENTAL AESCSF, AER ring-fencing, NER/NGR, AEMO obligations, IT/OT evidence, privacy, NDB, data modelling, traceability, and ADR decision evidence
  • AU Protective Security Policy Framework Scorecard EXPERIMENTAL PSPF 4-outcome / 16-core-requirement maturity scorecard for federal entities and DISP suppliers
  • AU AI Assurance Baseline EXPERIMENTAL DTA AI Assurance Framework + Responsible AI Policy v2.0; Tranche 1 automated-decision-making notification; ISO 42001 readiness
  • AU DISP Member Self-Attestation Pack EXPERIMENTAL Consolidates evidence across the 4 DISP security domains (Governance, Personnel, Physical, Information & Cyber) with FOCI declaration

USA Federal Civilian Overlay 11 guides

Community-contributed overlay covering US federal civilian compliance instruments: FedRAMP authorization, FISMA / NIST 800-53 Rev 5, CISA Zero Trust Maturity Model v2.0, OMB M-19-17 ICAM, NIST AI RMF + OMB M-24-10/M-25-21 AI assurance, E-Government Act §208 PIA, EO 14028 SBOM self-attestation. EO 14110 was revoked January 2025; the live AI mandates are OMB M-24-10 + M-25-21. FedRAMP completed the Rev 5 transition in 2024. Solo-maintained by @tractorjuice; recruiting a US federal-civilian domain co-maintainer (CISO / SAOP / FedRAMP PMO / CAIO backgrounds welcome) before any official-tier promotion. Output should be reviewed by qualified US federal counsel before reliance.

  • US FIPS 199 System Categorization EXPERIMENTAL FIPS Publication 199 categorization mapping NIST SP 800-60 Vol 2 information types to CIA impact levels with high-water-mark rationale
  • US NIST 800-53 Rev 5 Tailoring EXPERIMENTAL Control selection against Low / Moderate / High baselines with implementation/inheritance matrix and parameter assignments
  • US FedRAMP System Security Plan EXPERIMENTAL FedRAMP Mod/High SSP per template v3.x — 15-section structure covering boundary, interconnections, control implementations, continuous monitoring
  • US FedRAMP Readiness Assessment EXPERIMENTAL 3PAO Readiness Assessment Report — capability statement, gap register, evidence inventory, Agency vs JAB authorization path
  • US Zero Trust Maturity EXPERIMENTAL CISA Zero Trust Maturity Model v2.0 — 5 pillars (Identity / Devices / Networks / Apps / Data) × 4 stages plus 3 cross-cuts
  • US ICAM Architecture EXPERIMENTAL OMB M-19-17 / NIST SP 800-63-3 IAL/AAL/FAL determination with PIV + login.gov integration patterns
  • US NIST AI RMF Assessment EXPERIMENTAL NIST AI RMF 1.0 Govern / Map / Measure / Manage assessment + Generative AI Profile (NIST AI 600-1)
  • US AI Impact Assessment (M-24-10 / M-25-21) EXPERIMENTAL OMB M-24-10 rights/safety-impacting AI determination + M-25-21 acquisition controls + agency CAIO sign-off
  • US Privacy Impact Assessment (E-Gov §208) EXPERIMENTAL E-Government Act §208 PIA + OMB M-03-22 + Privacy Act §552a SORN trigger check + mitigation tracker
  • US SBOM + Secure-Software Self-Attestation EXPERIMENTAL EO 14028 + OMB M-22-18 / M-23-16 secure-software self-attestation form + SBOM per NTIA Minimum Elements (CycloneDX / SPDX)
  • US Federal Overlay Maintenance & Citation Register EXPERIMENTAL Citation register with verification dates, quarterly review cadence, known limitations, statutory currency anchor (EO 14110 revoked / M-24-10/M-25-21 active)

UK Finance Payments Overlay 5 guides

Sector-specific community overlay (jurisdictional overlays cover countries; sector overlays cover industry verticals). v1 covers the UK payments slice for architects at established Payment Service Providers, E-Money Institutions, and Payment Institutions: PSD2 SCA-RTS exemption design, EMI/PI safeguarding assessment, FCA Consumer Duty board report, and Critical Third Parties dependency assessment. No named domain co-maintainer at launch — help wanted; open a GitHub issue tagged co-maintainer: uk-finance. Output should be reviewed by qualified UK FS regulatory counsel + the firm's MLRO / Compliance Officer + the SMF holder for payment services before reliance.

  • UK Finance Payments Overlay EXPERIMENTAL Overlay-level guide: purpose, when-to-use, the 4 commands, recipe (uk-fs-payments), doc-type codes (FSSCA / FSSAFE / FSCD / FSCTP), v2 candidates, status, references
  • UK PSD2 SCA-RTS Exemption Design EXPERIMENTAL Exemption matrix per Articles 10, 10A, 11, 13-18 of the UK SCA-RTS (PSRs 2017 Reg 100 + 106A + FCA 2020/70 as amended by PS21/19); TRA thresholds; fraud monitoring framework; audit-trail requirements
  • UK EMI / PI Safeguarding Assessment EXPERIMENTAL Method statement (segregation / insurance / guarantee), designated safeguarding bank/insurance, reconciliation cadence + 4-tier sign-off chain with SUP 16 Annex 34A/34B field mapping, post-PS24/9 reform context
  • FCA Consumer Duty Board Report EXPERIMENTAL Annual Board Report on retail customer outcomes (PS22/9), four-outcome assessment, fair-value framework, vulnerable customer cohort summary, board attestation block (Feb 2025 Board Champion removal noted)
  • Critical Third Parties Dependency Assessment EXPERIMENTAL CTP register + materiality scoring + resilience testing plan + concentration risk + Nth-party dependency mapping (PS24/16 effective Jan 2025). References FINOS Common Cloud Controls as a control library substrate.

UK NHS Clinical Safety Overlay 5 guides

Second sector-specific community overlay (after UK Finance Payments). Covers NHS clinical safety (DCB0129 manufacturer + DCB0160 deployer), NHS DTAC v3 procurement assurance, and UK MDR 2002 + EU MDR 2017/745 software-as-medical-device classification. DCB0129/0160 outputs adopt Dr Marcus Baw's SAFETY.md spec verbatim for filenames and YAML-frontmatter hazard log. Domain co-maintainer (proposed): @pacharanero (Dr Marcus Baw, clinical informatician at RCPCH / openEHR / NHSE). Output should be reviewed by a qualified Clinical Safety Officer (GMC / NMC / HCPC / GPhC registered) and, for MDR classification, by a qualified Regulatory Affairs specialist before reliance.

  • UK NHS Clinical Safety Overlay EXPERIMENTAL Overlay-level guide: purpose, when-to-use, the 4 commands, recipe, filename convention, doc-type codes, Phase 2 candidates, tiering (Marcus Baw 1/2/3), status, references
  • NHS DCB0129 Manufacturer Clinical Safety Case EXPERIMENTAL 3-file output (SAFETY.md / SAFETY-CASE.md / HAZARD-LOG.md); 6 starter hazards covering identity, stale data, audit, authorisation, alert delivery, write integrity; DCB0129 1–5 inverted scoring scale
  • NHS DCB0160 Deployer Clinical Safety Case EXPERIMENTAL 3-file deployer set in clinical-safety/deployment/; 10 starter deployment hazards covering training, workflow, BC, parallel running, migration, configuration, terminology, RBAC, incident reporting; deploying-organisation CSO / Caldicott Guardian / SIRO governance
  • NHS DTAC v3 Assessment EXPERIMENTAL 5 sections (Clinical Safety, Data Protection, Technical Assurance, Interoperability, Usability/Accessibility) plus AI annex; cross-references DCB0129/0160, DPIA, ATRS, Secure by Design
  • UK + EU MDR SaMD / AIaMD Classification EXPERIMENTAL UK MDR 2002 (as amended) + EU MDR 2017/745; Rule 11 reasoning; UKCA / UKNI / CE marking pathway; Windsor Framework NI handling; MHRA SaMD/AIaMD Programme alignment; post-market obligations

Operations 4 guides

Procurement 7 guides

Interoperability 2 guides

Integrations 7 guides

Reporting 4 guides