🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?
Claim this page →
arc-kit
The Enterprise Architecture Governance Harness — strategy, architecture, delivery, and assurance for AI coding assistants
{
"mcpServers": {
"arc-kit": {
"command": "npx",
"args": ["-y", "https://github.com/tractorjuice/arc-kit"]
}
}
}ArcKit: The Enterprise Architecture Governance Harness
Build better enterprise architecture through structured strategy, design, delivery, and assurance workflows.
ArcKit is a toolkit for enterprise architects that transforms architecture governance from scattered documents into a systematic, AI-assisted workflow for:
- 🏛️ Establishing and enforcing architecture principles
- 👥 Analyzing stakeholder drivers, goals, and outcomes
- 🛡️ Risk management (HM Treasury Orange Book)
- 💼 Business case justification (HM Treasury Green Book SOBC)
- 📋 Creating comprehensive requirements documents
- 🗄️ Data modeling with ERD, GDPR compliance, and data governance
- 🔬 Technology research with build vs buy analysis (web search powered)
- ☁️ Azure-specific research using Microsoft Learn MCP for authoritative documentation
- 🗺️ Strategic planning with Wardley Mapping
- 📊 Generating visual architecture diagrams (Mermaid)
- 🤝 Managing vendor RFP and selection processes
- ✅ Conducting formal design reviews (HLD/DLD)
- 🔧 ServiceNow service management design
- 🔗 Maintaining requirements traceability
- 📎 Citation traceability for external documents (inline
[DOC-CN]markers with source quotes)
Star History
Quick Start
Installation
Claude Code (premier experience) — install the ArcKit plugin (requires v2.1.172+):
First, make sure Claude Code is on the latest version:
claude install latest
Then in Claude Code:
/plugin marketplace add tractorjuice/arckit-claude
Then install from the Discover tab, or via CLI. The marketplace ships 15 plugins — install only the overlays you need:
# Core (75 commands — UK Government civilian + generic enterprise)
claude plugin install arckit@arckit-claude
# Core + UAE federal
claude plugin install arckit arckit-uae
# Broad overlay set (UK + UAE + FR + CA + EU + AT + AU + US + UK-NHS + UK-GCloud)
claude plugin install arckit arckit-{uae,fr,ca,eu,at,au,us,uk-nhs,uk-gcloud}
# Enterprise architecture and AI agent governance overlays
claude plugin install arckit arckit-togaf-adm arckit-agent-architecture
The standalone tractorjuice/arckit-claude marketplace hosts all Claude Code plugins: the arckit core plugin, regional overlays, sector overlays, the TOGAF ADM and AI agent architecture overlays, the arckit-fde tooling plugin, and the public-but-proprietary arckit-uk-gcloud supplier overlay. The 13 community plugins (arckit-uae, arckit-fr, arckit-ca, arckit-eu, arckit-at, arckit-au, arckit-au-energy, arckit-us, arckit-uk-finance, arckit-uk-nhs, arckit-uk-gcloud, arckit-togaf-adm, arckit-agent-architecture) require the arckit core plugin. arckit-au-energy (sector) additionally requires arckit-au (jurisdiction), which it composes — install with claude plugin install arckit arckit-au arckit-au-energy. arckit-uk-gcloud is a proprietary, Claude Code only supplier-side G-Cloud bid-authoring overlay — it is public for installation and inspection, but not MIT licensed and not distributed to the non-Claude extension formats. One tooling plugin — arckit-fde — is a lean, Claude Code only plugin with one command, /arckit-fde:create, that generates a brandable (white-label) Forward Deploy Engineering consulting website into docs/ (GitHub Pages ready), with UK Public Sector and Generic market presets; no dependencies, not converted to non-Claude formats, no governance doc-types.
The older tractorjuice/arc-kit marketplace remains available for compatibility, but new Claude Code installs should use tractorjuice/arckit-claude. Claude Code is the primary development platform for ArcKit and provides the most complete experience: all official commands, autonomous research agents, automation hooks, bundled MCP servers (AWS Knowledge, Microsoft Learn, Google Developer Knowledge, govreposcrape, uk-tenders), and automatic updates via the marketplace. See Why Claude Code? below.
Why v2.1.172? v2.1.172 fixed wildcard-domain
WebFetchpermission rules (WebFetch(domain:*.gov.uk)) that never matched subdomains on earlier clients — that is exactly the shape ArcKit recommends for confining research-agent traffic in OFFICIAL-SENSITIVE deployments (see the security-hooks guide), so the floor makes that guidance actually hold. It also includes the Claude Fable 5 runtime (GA in v2.1.170), and ArcKit defaults to the latest model tier. It carries forward the v2.1.156 fix for an Opus 4.8 bug where modified thinking blocks caused API errors — relevant to/arckit:*commands and the research agents that lean on extended thinking, the floor for adopting Opus 4.8 cleanly. v2.1.154 shipped Opus 4.8 (now defaulting to high effort, owning/effort xhigh) anddefaultEnabled: falsefor plugins — ArcKit's 12 community overlays (arckit-uae,arckit-fr,arckit-ca,arckit-eu,arckit-at,arckit-au,arckit-au-energy,arckit-us,arckit-uk-finance,arckit-uk-nhs,arckit-togaf-adm,arckit-agent-architecture) now set this so installing the marketplace surfaces them without auto-enabling all twelve; users opt in to only the jurisdiction or sector they need, while corearckitstays default-enabled. v2.1.144 fixed a bug where new sessions were titled from plugin monitor output instead of the user's first prompt — ArcKit'sstale-artifact-scanmonitor was the canonical hit, producing sessions named "Detect ArcKit artifacts with overdue reviews…" instead of the user's actual question. Same release fixed the Skill tool failing with permission errors in headless mode (regression in v2.1.141) which affected/arckit:*runs viaclaude -p/ CI. v2.1.143 added plugin dependency enforcement soclaude plugin disable arckitnow surfaces a copy-pasteable disable-chain hint when a community overlay (arckit-au,arckit-uae, etc.) depends on it, instead of silently breaking the overlay. v2.1.139 added the hookargs: string[]exec form — ArcKit's 16 registered hooks now use this form so the harness execsnode <path>directly instead of parsing a shell-quoted command string. This eliminates a whole class of quoting / metacharacter bugs in the${CLAUDE_PLUGIN_ROOT}-substituted paths. The same release also fixed subagents not discovering project / user / plugin skills (affects ArcKit's 16 agents) and made/mcpreconnect pick up.mcp.jsonedits without a restart. Builds on v2.1.136 (fix: env vars from SessionStart hooks going stale — relevant to theinject-arckit-contextpattern; fix: MCP servers from.mcp.jsondisappearing after/clear), v2.1.133 (subagent skill discovery fix, hooks receiveeffort.level), and v2.1.129 (plugin manifest'smonitors/themesmoved under a top-levelexperimentalblock — ArcKit'sstale-artifact-scanbackground monitor which warns whenprojects/artefacts are past theirNext Review Dateor stuck inDRAFTfor 14+ days is declared via that key and will not load on older clients;ENABLE_PROMPT_CACHING_1Hregression fix). Carries forward the v2.1.121 unlocks: MCPalwaysLoadeager-loads AWS Knowledge and Microsoft Learn tools at session start (skips a discovery round-trip on/arckit:aws-researchand/arckit:azure-research), and PostToolUsehookSpecificOutput.updatedToolOutputso provenance-stamp and manifest hooks surface their effects to the model in-band; the v2.1.118–119 release-flow unlocks:claude plugin tag --dry-runvalidates plugin/marketplace version agreement, and the session-telemetry hook recordsduration_mson every tool call; the v2.1.117 unlocks: Opus 4.7/contextcorrectly sized to 1M instead of 200K (long research sessions no longer autocompact early) and agent frontmattermcpServersloading for--agentsessions; the v2.1.111+ unlocks: Opus 4.7xhigheffort tier, Auto mode without--enable-auto-mode, read-only bash glob patterns without permission prompts; and the v2.1.97 fixes:claude plugin updatecorrectly detects new commits for git-based plugins (critical for ArcKit distribution), MCP HTTP/SSE memory leak fix (~50 MB/hr, affects ArcKit's 5 bundled servers), proper 429 exponential backoff (benefits 10 research agents), Stop/SubagentStop hooks no longer fail on long sessions (affects session-learner), and subagent working directory leak fix.
Gemini CLI — install the ArcKit extension:
gemini extensions install https://github.com/tractorjuice/arckit-gemini
Zero-config: all 75 official commands, templates, scripts, and bundled MCP servers (AWS Knowledge, Microsoft Learn). Updates via gemini extensions update arckit.
GitHub Copilot (VS Code) — install the ArcKit CLI and scaffold prompt files:
# Install with pip
pip install git+https://github.com/tractorjuice/arc-kit.git
# Scaffold a project with Copilot prompt files
arckit init my-project --ai copilot
Creates .github/prompts/arckit-*.prompt.md (80 prompt files), .github/agents/arckit-*.agent.md (10 custom agents), and .github/copilot-instructions.md (repo-wide context). Invoke commands in Copilot Chat as /arckit-requirements, /arckit-stakeholders, etc.
Codex CLI — install the ArcKit CLI:
# Install with pip
pip install git+https://github.com/tractorjuice/arc-kit.git
# Or with uv
uv tool install arckit-cli --from git+https://github.com/tractorjuice/arc-kit.git
# Or run without installing
uvx --from git+https://github.com/tractorjuice/arc-kit.git arckit init my-project
Mistral Vibe CLI — link the ArcKit extension:
# Clone the standalone extension repository
git clone https://github.com/tractorjuice/arckit-vibe.git
cd arckit-vibe
# Create extensions directory and link
mkdir -p ~/.vibe/extensions/
ln -s $(pwd) ~/.vibe/extensions/arckit
Zero-config: 75 official commands as skills, 10 specialized agents, all templates, and bundled MCP servers (AWS Knowledge, Microsoft Learn, Google Developer Knowledge, GovRepoScrape).
Latest Release: v6.1.6
OKF Interoperability
ArcKit can exchange Markdown knowledge bundles using an Open Knowledge Format-shaped frontmatter layer:
/arckit:export-okfcopies ArcKitARC-*.mdartifacts into an OKF bundle with portabletype,title,resource,tags,timestamp, andarckitmetadata./arckit:import-okfscans an OKF bundle, writes.arckit/tmp/okf-import-report.json, and materializes safe imports asRSCHreview notes by default.- Native ArcKit files remain unchanged unless you explicitly enable source frontmatter stamping with
ARCKIT_OKF_FRONTMATTER=1or.arckit/config.jsoncontaining{ "okfFrontmatter": true }.
Platform Support
| Platform | Claude Code Plugin | Gemini CLI Extension | GitHub Copilot | Codex / OpenCode CLI | Mistral Vibe |
|---|---|---|---|---|---|
| macOS | Full support | Full support | Full support | Full support | Full support |
| Linux | Full support | Full support | Full support | Full support | Full support |
| Windows (WSL2) | Full support | Full support | Full support | Full support | Full support |
| Windows (native) | Full support | Full support | Full support | Partial | Full support |
Windows users: The Claude Code plugin, Gemini CLI extension, GitHub Copilot prompt files, and Mistral Vibe extension work natively on all platforms. For Codex CLI / OpenCode CLI on native Windows (without WSL), some commands containing inline bash snippets may require Git Bash or WSL2. We recommend WSL2 for the best experience.
Initialize a Project
Claude Code: No initialization needed — the plugin provides everything.
Mistral Vibe: No initialization needed — the extension provides everything.
GitHub Copilot (VS Code):
# Create a new architecture governance project
arckit init payment-modernization --ai copilot
# Or initialize in current directory
arckit init . --ai copilot
OpenCode CLI:
# Create a new architecture governance project
arckit init payment-modernization --ai opencode
# Or initialize in current directory
arckit init . --ai opencode
Codex CLI:
# Create a new architecture governance project
arckit init payment-modernization --ai codex
# Minimal install (skip docs and guides)
arckit init payment-modernization --ai codex --minimal
# Or initialize in current directory
arckit init . --ai codex
Start Using ArcKit
# GitHub Copilot (VS Code)
cd payment-modernization && code .
# In Copilot Chat, use ArcKit commands:
/arckit-principles Create principles for a financial services company
/arckit-requirements Build a payment processing system...
# Codex CLI
cd payment-modernization
codex
# Inside your AI assistant, use ArcKit commands:
/arckit:principles Create principles for a financial services company
/arckit:requirements Build a payment processing system...
/arckit:sow Generate RFP for vendor selection
# Mistral Vibe CLI
cd payment-modernization
vibe
# Use ArcKit skills:
/arckit-principles Create principles for a financial services company
/arckit-requirements Build a payment processing system...
/arckit-sow Generate RFP for vendor selection
# Or use specialized agents:
vibe --agent arckit-research "Research cloud providers"
Upgrading
Claude Code plugin: Updates are automatic via the marketplace — no action needed.
Gemini CLI extension: Updates via gemini extensions update arckit.
GitHub Copilot: Re-run arckit init --here --ai copilot to update prompt files, agents, and instructions.
Mistral Vibe: Pull the latest standalone extension repo: cd ~/.vibe/extensions/arckit && git pull.
Codex CLI:
# Step 1: Upgrade the CLI tool
pip install --upgrade git+https://github.com/tractorjuice/arc-kit.git
# Or with uv:
uv tool upgrade arckit-cli --from git+https://github.com/tractorjuice/arc-kit.git
# Step 2: Update your existing project (re-run init in place)
cd /path/to/your-existing-project
arckit init --here --ai codex
This updates commands, templates, scripts, and agents while preserving your project data (projects/) and custom templates (.arckit/templates-custom/).
If upgrading from v0.x, you may also need to migrate legacy filenames — see the upgrading guide for full details.
Explore Example Outputs
Public demonstration repositories showcase complete ArcKit deliverables:
- NHS Appointment Booking — arckit-test-project-v7-nhs-appointment: Digital health platform with NHS Spine integration and GDPR safeguards.
- M365 GCC-H Migration — arckit-test-project-v1-m365: Government cloud migration with compliance mapping and change management.
- HMRC Tax Assistant — arckit-test-project-v2-hmrc-chatbot: Conversational AI service covering PII protection and bilingual support.
- Windows 11 Deployment — arckit-test-project-v3-windows11: Enterprise OS rollout with policy migration and security baselines.
- Patent Application System — arckit-test-project-v6-patent-system: Intellectual property workflow automation using GOV.UK Pay and Notify.
- ONS Data Platform — arckit-test-project-v8-ons-data-platform: Official statistics analytics environment with Five Safes governance.
- Cabinet Office GenAI Platform — arckit-test-project-v9-cabinet-office-genai: Cross-government GenAI platform with responsible AI guardrails.
- UK Government Training Marketplace — arckit-test-project-v10-training-marketplace: AI training procurement platform with multi-sided marketplace design.
- National Highways Data Architecture — arckit-test-project-v11-national-highways-data: Strategic road network data platform modernization.
- Scottish Courts GenAI — arckit-test-project-v14-scottish-courts: Scottish Courts and Tribunals Service GenAI strategy with comprehensive MLOps and FinOps.
- Doctors Appointment System — arckit-test-project-v16-doctors-appointment: Online appointment booking system with NHS integration.
- UK Fuel Price Transparency — arckit-test-project-v17-fuel-prices: UK Government fuel price transparency service with real-time pricing data.
- Smart Meter Consumer App — arckit-test-project-v18-smart-meter: UK Smart Meter data consumer mobile app with DCC/SMIP integration.
- UK Government API Aggregator — arckit-test-project-v19-gov-api-aggregator: Unified access to 240+ UK Government APIs across 34+ departments.
What it costs (plugin footprint)
Token cost of installing the arckit core plugin in a Claude Code session, captured from claude plugin details arckit on v2.1.143+:
- Always-on per session: ~10,042 tokens — added to every session's system context, covering the 73 command-skills + 5 utility skills (
architecture-workflow,arckit-build,mermaid-syntax,plantuml-syntax,wardley-mapping) + 16 agent descriptors. Hooks (9 events) and MCP servers (6) are harness-resolved at runtime and not counted. - On-invoke: ~250 to ~60K tokens per command — paid only when a specific skill or agent fires. Most commands are in the 5–10K range.
On-invoke cost by command
Costs are estimates from the Claude Code tokenizer and may differ from actual usage. Use this table to budget research-heavy multi-command sessions.
| Tier | Range | Commands |
|---|---|---|
| Lightweight | <2K | start, init, build, search, impact, navigator, graph-report, framework, gov-landscape, aws-research, azure-research, gcp-research |
| Standard | 2–7K | customize, score, principles, mermaid-syntax, plantuml-syntax, architecture-workflow, datascout, tenders, competitors, evaluate, hld-review, mlops, devops, finops, research, tcop, wardley-mapping, template-builder, glossary, dld-review, traceability, stakeholders, presentation, dfd, operationalize, requirements, maturity-model, data-model, gov-reuse, strategy, presentation, atrs, gov-code-search, READER-PATTERN |
| Heavy | 7–15K | wardley.value-chain, gcloud-clarify, ai-playbook, sow, sobc, risk, secure, dpia, dos, mod-secure, plan, conformance, roadmap, health, wardley.doctrine, wardley.gameplay, pages, servicenow, gcloud-search, principles-compliance, story, wardley, wardley.climate, data-mesh-contract, platform-design, adr, arckit-build, grants |
| Research-heavy | 15–25K | service-assessment, analyze, backlog, diagram |
| Specialist | >25K | jsp-936 (~60K — MOD JSP 936 AI assurance, defence-only) |
Trimming the footprint
- The five utility skills already use
paths:globs to scope their always-on cost to relevant projects (mermaid-syntaxonly loads under*.mmd,wardley-mappingunder WARD artefacts, etc.). The 73 command-skills are listed but not described in detail in the always-on context — the full prompt only loads on invocation. - Community overlays (
arckit-uae,arckit-fr,arckit-ca,arckit-eu,arckit-at,arckit-au,arckit-au-energy,arckit-us,arckit-uk-finance,arckit-uk-nhs) are independent plugins — install only the jurisdictions / sectors you need. Each adds its own always-on baseline.arckit-uk-finance,arckit-uk-nhs, andarckit-au-energyare sector overlays (arckit-au-energylayers the energy sector on thearckit-aujurisdiction baseline); the rest are jurisdiction-based. - Heavy commands (
jsp-936,analyze,diagram,backlog) are on-invoke only; the always-on cost is unaffected by which heavy commands exist.
To measure your own session footprint, run /context all (Claude Code v2.1.139+) for per-skill token estimates against your active model.
Why ArcKit?
Problem: Architecture Governance is Broken
Traditional enterprise architecture suffers from:
- ❌ Scattered documents across tools (Word, Confluence, PowerPoint)
- ❌ Inconsistent governance enforcement
- ❌ Manual vendor evaluation with bias
- ❌ Lost traceability between requirements and design
- ❌ Stale documentation that doesn't match reality
Solution: Structured, AI-Assisted Governance
ArcKit provides:
- ✅ Template-Driven Quality: Comprehensive templates ensure nothing is forgotten
- ✅ Systematic Workflows: Clear processes from requirements → procurement → design review
- ✅ AI Assistance: Let AI handle document generation, you focus on decisions
- ✅ Enforced Traceability: Automatic gap detection and coverage analysis
- ✅ Version Control: Git-based workflow for all architecture artifacts
UK Government Compliance
ArcKit includes dedicated commands for UK public sector delivery:
/arckit:tcop— Assess all 13 Technology Code of Practice points across delivery phases./arckit:ai-playbook— Produce responsible AI assessments aligned to the UK Government AI Playbook and ATRS./arckit:secure— Generate Secure by Design artefacts covering NCSC CAF, Cyber Essentials, and UK GDPR controls./arckit:mod-secure— Map MOD Secure by Design requirements (JSP 440, IAMM, clearance pathways)./arckit:jsp-936— Deliver JSP 936 AI assurance packs for defence AI systems.
See the demo repositories for end-to-end examples, especially arckit-test-project-v7-nhs-appointment (civilian services) and arckit-test-project-v9-cabinet-office-genai (AI governance).
EU, French & Austrian Regulatory Compliance (Community)
⚠️ Community-contributed. EU and French commands are domain-maintained by @thomas-jardinet; Austrian commands are a seed contribution inviting an Austrian domain maintainer. The 21 commands below cover EU regulations (GDPR, NIS2, AI Act, DORA, CRA, DSA, Data Act), French government standards (SecNumCloud, ANSSI, EBIOS, CNIL, DINUM, etc.), and Austrian government standards (DSG, NISG 2024, BVergG 2018). They are not part of the officially-maintained baseline — output should be reviewed by qualified DPO / CISO / Vergabejurist / legal counsel before reliance, and citations may lag current source text. Each command surfaces with a
[COMMUNITY]prefix in/helplistings and renders a warning banner before generating.
EU regulations (member-state-neutral baselines, applicable across EU/EEA):
/arckit:eu-rgpd— GDPR (EU 2016/679) compliance assessment — legal basis, data subject rights, transfers, DPIA screening, breach notification/arckit:eu-nis2— NIS2 Directive — operators of essential / important entities, Article 21 measures, incident reporting timelines/arckit:eu-ai-act— EU AI Act (Regulation 2024/1689) — risk classification (prohibited / high-risk / GPAI), conformity routes/arckit:eu-dora— Digital Operational Resilience Act (EU 2022/2554) — financial sector ICT risk, TLPT, third-party register/arckit:eu-cra— Cyber Resilience Act (Regulation 2024/2847) — products with digital elements, SBOM, VDP, CE marking/arckit:eu-dsa— Digital Services Act (Regulation 2022/2065) — intermediaries, platforms, VLOPs, ARCOM/arckit:eu-data-act— Data Act (Regulation 2023/2854) — connected products, B2B FRAND, cloud switching, Article 27
French government (apply on top of the EU baseline for French deployments):
/arckit:fr-secnumcloud— SecNumCloud 3.2 qualification (sovereign cloud, OIV/OSE, extraterritorial risk)/arckit:fr-dinum— DINUM standards: RGI, RGAA, RGESN, RGS, doctrine cloud de l'État, FranceConnect, DSFR/arckit:fr-marche-public— French public procurement (code de la commande publique, UGAP, sovereignty clauses)/arckit:fr-rgpd— CNIL-specific GDPR layer (cookies Délibération 2020-091, HDS, age 15, DPO registration)/arckit:fr-ebios— EBIOS Risk Manager — 5-workshop study (VM/ER/SR/CO/SS/SO/MS IDs, MITRE ATT&CK, homologation)/arckit:fr-anssi— ANSSI Guide d'hygiène informatique (42 measures) + cloud security recommendations/arckit:fr-anssi-carto— ANSSI SI cartography across business / application / system / network levels/arckit:fr-dr— Diffusion Restreinte handling under II 901 / SGDSN / ANSSI/arckit:fr-algorithme-public— Public algorithm transparency notice (Article L311-3-1 CRPA, Loi République Numérique)/arckit:fr-pssi— Information System Security Policy (PSSI) per ANSSI / RGS/arckit:fr-code-reuse— Public code reuse assessment (code.gouv.fr, SILL, EUPL) — build-vs-reuse decision matrix
Austrian government (apply on top of the EU baseline for Austrian deployments — seed contribution pending a domain maintainer):
/arckit:at-dsgvo— Austrian DSG layer on GDPR (§§12–13 image processing, ELGA/GTelG health, §96a ArbVG employee monitoring, age 14 consent, DSB enforcement)/arckit:at-nisg— Austrian NISG 2024 (NIS2 transposition) — Essential/Important designation, GovCERT reporting, KSÖ, AT sectoral authorities/arckit:at-bvergg— Bundesvergabegesetz 2018 procurement — Oberschwellen/Unterschwellen, ANKÖ publication, Bestbieterprinzip, BVwG review
These layer cleanly on the existing baseline — fr-rgpd / at-dsgvo extend eu-rgpd, fr-pssi / at-nisg reference eu-nis2, and fr-secnumcloud integrates with arckit.research and arckit.evaluate for procurement workflows. Austrian commands carry extra [NEEDS VERIFICATION] markers reflecting their seed status — a future domain maintainer is expected to tighten the citations.
Canada Federal Overlay (12 commands)
Federal Canadian regulatory baseline as a [COMMUNITY] overlay — covering FITAA (Bill C-70 2024), federal privacy and access (Privacy Act, ATI Act), Treasury Board Directive on Automated Decision-Making, Charter rights design review, ITSG-33 + Standard on Security Categorization, Security of Information Act handling, GC Cloud sovereign residency, GC Digital Standards conformance, Official Languages Act, federal procurement (PSPC + PSAB), and First Nations OCAP® data sovereignty.
| Command | Type code | Purpose |
|---|---|---|
/arckit:ca-fitaa | FITAA | Foreign Influence Transparency and Accountability Act compliance assessment |
/arckit:ca-pia | PIA | Privacy Impact Assessment per Privacy Act + TBS Directive on PIA |
/arckit:ca-atip | ATIP | Access to Information / Privacy Act reconciliation and severance design |
/arckit:ca-aia | AIA | Algorithmic Impact Assessment per TBS Directive on Automated Decision-Making (Levels I–IV) |
/arckit:ca-charter | CHRT | Charter rights design review (s.2 / s.7 / s.8 / s.15) with Oakes proportionality |
/arckit:ca-itsg-33 | ITSG | ITSG-33 Statement of Applicability + Standard on Security Categorization |
/arckit:ca-soia | SOIA | Security of Information Act handling plan for SECRET / TOP SECRET systems |
/arckit:ca-cloud-residency | CACR | GC Cloud sovereign residency assessment with CLOUD-Act analysis |
/arckit:ca-gc-digital-standards | DIGSTD | Government of Canada Digital Standards conformance scorecard |
/arckit:ca-ola | OLA | Official Languages Act review (Parts IV / V / VI) |
/arckit:ca-pspc | PROC | Federal procurement strategy (PSPC Supply Manual + PSAB 5%) |
/arckit:ca-ocap | OCAP | First Nations OCAP® sovereignty assessment with FNIGC pre-engagement gate |
Help wanted: looking for a Canadian federal enterprise architect to co-maintain this overlay. Open an issue or DM @tractorjuice.
UAE Federal Overlay (Community-contributed)
⚠️ Community-contributed overlay. The 12 commands below cover UAE federal regulatory and digital-government instruments and ship as a community-contributed overlay (not part of the officially-maintained baseline of 68). They are anchored on the UAE Cabinet decree of 23 April 2026 mandating that 50% of federal services run on agentic AI by April 2028, and on the federal data, identity, AI governance, and procurement frameworks the decree references. The overlay is currently solo-maintained by @tractorjuice; a UAE domain co-maintainer is being recruited before the overlay can be re-evaluated for official-baseline promotion. Six citations are flagged
[NEEDS VERIFICATION]pending Executive Regulations and authority confirmations — seedocs/guides/uae-overlay-maintenance.md. Output should be reviewed by qualified UAE federal compliance counsel before reliance.
Set governance_framework: UAE Federal and classification_scheme: UAE Smart Data in plugin userConfig to switch the Document Control header into UAE Smart Data classification rendering across every artefact.
Federal data and security:
/arckit:uae-classification— UAE Smart Data Classification Register (Open / Shared / Confidential / Secret / Top Secret) with handling rules and declassification schedule/arckit:uae-pdpl— Federal Decree-Law No. 45 of 2021 (PDPL) compliance assessment — DPIA, lawful-basis register, data-subject-rights procedure, cross-border transfer log/arckit:uae-ias— UAE Cybersecurity Council Information Assurance Standard v2 — Statement of Applicability against 188 controls (60 management M1–M6, 128 technical T1–T9), priority-tiered P1–P4/arckit:uae-cloud-residency— National Cloud Security Policy v2 sovereign cloud assessment — per-classification residency, approved CSPs (Core42 / G42, Microsoft UAE North/Central, TDRA FedNet, e& Sovereign Launchpad on AWS), shared-responsibility matrix, exit/portability plan
Federal identity:
/arckit:uae-uaepass— UAE Pass integration design (OIDC/OAuth flow, claim mapping, Basic vs Verified profile selection, Service Provider onboarding, e-signature audit trail)
Cabinet instruments:
/arckit:uae-zero-bureaucracy— Service Catalogue review under the UAE Code for Government Services and Zero Bureaucracy programme/arckit:uae-digital-records— Digital Records Plan under the UAE Government Services Digital Records Policy (source-of-truth register per service, retention schedule, official-source designation)/arckit:uae-data-sharing— Data Sharing Agreement under the UAE Government Services Data Sharing Policy ("collect once, use securely") with PDPL lawful basis per share/arckit:uae-priorities-alignment— National Priorities Alignment Statement under the UAE Federal Government Guide — reuse-vs-build, capability-reuse register (UAE Pass, FedNet), strategy alignment to NIS 2031 / AI 2031 / We the UAE 2031
AI governance:
/arckit:uae-ai-charter— UAE Charter for the Development and Use of AI compliance assessment (12 principles)/arckit:uae-ai-autonomy-tier— Three-tier AI autonomy posture (Tier 1 internal-productivity, Tier 2 investor-facing-with-approval, Tier 3 regulated/financial) with per-tier guard-rails, approval gates, audit obligations, tier-promotion criteria
Procurement:
/arckit:uae-procurement— Federal procurement strategy under Federal Decree-Law No. 11 of 2023 — ITT/RFP packs against MoF Digital Procurement Platform templates, In-Country Value (ICV) plan, evaluation report structure, contract register
The commands chain together in a canonical order from principles → uae-classification → uae-pdpl → uae-ias → uae-cloud-residency → uae-uaepass → uae-zero-bureaucracy → uae-digital-records → uae-data-sharing → uae-ai-charter → uae-ai-autonomy-tier → uae-priorities-alignment → uae-procurement → sobc → wardley → framework. Full guide: docs/guides/uae-overlay.md.
UK NHS Clinical Safety Overlay (Community-contributed)
⚠️ Community-contributed overlay — first sector-specific overlay in ArcKit. The 4 commands below cover NHS clinical safety (DCB0129 manufacturer + DCB0160 deployer), NHS DTAC procurement assurance, and UK MDR 2002 + EU MDR 2017/745 software-as-medical-device classification. Adopts Dr Marcus Baw's SAFETY.md spec for DCB0129/0160 file naming and YAML-frontmatter hazard log. Output is not clinical, legal, or regulatory advice — MUST be reviewed by a qualified Clinical Safety Officer (CSO with appropriate GMC / NMC / HCPC / GPhC registration) and, for MDR classification, by a qualified Regulatory Affairs specialist before reliance.
Clinical safety (DCB0129 + DCB0160):
/arckit:uk-nhs-dcb0129— NHS DCB0129 manufacturer Clinical Safety Case + Hazard Log. Produces a 3-file set inprojects/{NNN}/clinical-safety/:SAFETY.md(front-door anchor),SAFETY-CASE.md(GSN-inspired safety argument),HAZARD-LOG.md(YAML-frontmatter hazard array + rendered Markdown table; 6 starter hazards covering wrong-patient, stale data, audit, authorisation, alert delivery, write integrity)/arckit:uk-nhs-dcb0160— NHS DCB0160 deployer Clinical Safety Case + Deployment Hazard Log. Produces a 3-file deployer-side set inprojects/{NNN}/clinical-safety/deployment/; 10 starter deployment hazards covering training, workflow integration, BC, parallel running, migration, local configuration, terminology, RBAC, incident reporting
Procurement and regulation:
/arckit:uk-nhs-dtac— NHS Digital Technology Assessment Criteria v3 — 5 sections (Clinical Safety, Data Protection, Technical Assurance, Interoperability, Usability + Accessibility) plus AI annex. Cross-references DCB0129/0160, DPIA, ATRS, Secure by Design/arckit:uk-mdr-classification— UK MDR 2002 (as amended) + EU MDR 2017/745 software-as-medical-device (SaMD) and AI-as-medical-device (AIaMD) classification. UKCA / UKNI / CE marking pathway, Windsor Framework NI handling, conformity-assessment route, MHRA SaMD/AIaMD Programme alignment, ISO 14971 / IEC 62304 / ISO 13485 standards mapping, post-market obligations
The commands compose with — not replace — the UK government baseline (tcop, secure, dpia, atrs, risk, service-assessment). Recipe: uk-nhs-clinical-safety (44 targets across the clinical-safety waves). Proposed domain co-maintainer: Dr Marcus Baw (@pacharanero) — clinical informatician at RCPCH, openEHR, NHS England.
The DCB0129/0160 outputs deliberately do not carry the ARC- prefix — they follow Marcus's SAFETY.md spec convention so they remain readable by clinicians, MHRA reviewers, and procurement teams who do not use ArcKit. Other artefacts cross-reference them by relative path. Full design log: docs/superpowers/specs/2026-05-19-uk-nhs-overlay-design.md.
USA Federal Civilian Overlay (10 commands)
⚠️ Community-contributed overlay. The 10 commands below cover US federal civilian compliance instruments (FedRAMP authorization, FISMA / NIST 800-53 Rev 5, CISA Zero Trust Maturity Model, OMB M-19-17 ICAM, NIST AI RMF + OMB M-24-10/M-25-21 AI assurance, E-Government Act §208 PIA, EO 14028 SBOM self-attestation). They ship as the arckit-us community-contributed overlay (not part of the officially-maintained baseline of 72). EO 14110 was revoked January 2025; the live AI mandates are OMB M-24-10 + M-25-21. FedRAMP completed the Rev 5 transition in 2024. The overlay is currently solo-maintained by @tractorjuice; a US federal-civilian domain co-maintainer is being recruited (CISO / SAOP / FedRAMP PMO / CAIO backgrounds welcome) before the overlay can be re-evaluated for official-baseline promotion. Output should be reviewed by qualified US federal counsel before reliance.
In scope (v1): federal civilian agencies and the vendors that sell to them.
Out of scope (sibling overlays for the future): federal defense (CMMC / RMF / DISA STIGs), state regimes (StateRAMP / TX-RAMP / CJIS / IRS Pub 1075 / CCPA), sector-specific (HIPAA / GLBA / SOX / FERPA / PCI DSS), Section 508 accessibility (deferred to v5.2).
| Command | Anchor | Doc-type |
|---|---|---|
/arckit:us-fisma-categorization | FIPS Publication 199 + NIST SP 800-60 Vol 2 Rev 1 | FIPS199 |
/arckit:us-nist-800-53 | NIST SP 800-53 Rev 5 + SP 800-53B + FedRAMP Rev 5 baselines | NIST |
/arckit:us-fedramp-ssp | FedRAMP SSP Template Rev 5 + NIST SP 800-37 Rev 2 | FRSSP |
/arckit:us-fedramp-readiness | FedRAMP 3PAO Readiness Assessment Report template | FRRR |
/arckit:us-zero-trust | CISA Zero Trust Maturity Model v2.0 + OMB M-22-09 + NIST SP 800-207 | ZTA |
/arckit:us-icam | OMB M-19-17 + NIST SP 800-63-3 (A/B/C) + FIPS 201-3 + login.gov | ICAM |
/arckit:us-ai-rmf | NIST AI RMF 1.0 + NIST AI 600-1 (Generative AI Profile) | AIRMF |
/arckit:us-ai-impact | OMB M-24-10 + OMB M-25-21 | AIIA |
/arckit:us-privacy-pia | E-Government Act §208 + OMB M-03-22 + Privacy Act §552a + NIST SP 800-122 | USPIA |
/arckit:us-sbom-eo-14028 | EO 14028 + OMB M-22-18 + OMB M-23-16 + CISA Self-Attestation Form + NTIA Minimum Elements | SBOM |
Recipe: us-federal (5 waves — baseline → controls → posture → ai → authorization).
Install: claude plugin install arckit arckit-us. See docs/guides/us-federal-overlay.md for the USA Federal Civilian overlay maintenance guide and citation register.
UK Finance Payments Overlay (4 commands) — First Sector Overlay
EXPERIMENTAL sector overlay. The 4 commands below cover UK regulated payment system operators scaling operations under PSD2 SCA-RTS, CASS V, FCA Consumer Duty, and CREST protocols. They ship as the arckit-uk-finance community-contributed overlay — the first sector-specific overlay (distinct from the 7 jurisdictional overlays). Output requires review by qualified UK FS regulatory counsel, MLRO, and SMF holders before implementation.
Payments architecture and compliance:
/arckit:uk-nhs-dcb0129— TBD/arckit:uk-nhs-dcb0160— TBD/arckit:uk-nhs-dtac— TBD/arckit:uk-mdr-classification— TBD
Recipe: uk-fs-payments (multi-wave payment system modernization).
Install: claude plugin install arckit arckit-uk-finance. Help wanted: recruiting a UK financial services domain co-maintainer (CISO / Compliance / Head of Architecture background welcome) to transition to official-baseline status.
UK G-Cloud Supplier Bid-Authoring Overlay (11 commands) — Proprietary
PROPRIETARY, Claude Code only. The 11 commands below are a supplier-side overlay for authoring UK G-Cloud (Digital Marketplace) framework bids: supplier profile, service design, the three Service Definition Document lots, the supplier declaration, pricing, security assertions, competitor benchmarking, submission review, and a final submission pack. Unlike every other ArcKit plugin,
arckit-uk-gcloudships under a proprietary licence (not MIT) and is not distributed to the non-Claude extension formats (Codex / Gemini / OpenCode / Copilot) — it runs on Claude Code only. It is the 4th sector-specific overlay (afterarckit-uk-finance,arckit-uk-nhs,arckit-au-energy) and requires thearckitcore plugin.
G-Cloud bid authoring:
/arckit:supplier-profile— Supplier profile and company capability statement (SUPP)/arckit:service-design— Service design and value proposition (SVCD)/arckit:sdd-lot1— Service Definition Document, Lot 1 Cloud Hosting (SDD)/arckit:sdd-lot2— Service Definition Document, Lot 2 Cloud Software (SDD)/arckit:sdd-lot3— Service Definition Document, Lot 3 Cloud Support (SDD)/arckit:declaration— Supplier declaration and framework attestations (DECL)/arckit:pricing— Pricing document and SFIA rate card (PRIC)/arckit:security— Security assertions and cloud security assessment (SECA)/arckit:gcloud-competitors— G-Cloud competitor benchmark (GCMP)/arckit:review— G-Cloud submission review and gap analysis (GCRV)/arckit:submission-pack— Assemble the final G-Cloud submission pack
Skills: gcloud-framework, cloud-security, sfia-skills. Recipe: uk-gcloud-submission (end-to-end bid assembly).
Install: claude plugin install arckit arckit-uk-gcloud. Proprietary — see the licence-exception note at the foot of this README. Ported from the standalone gcloud-kit plugin.
TOGAF ADM Overlay (arckit-togaf-adm) [COMMUNITY]
Enterprise Architecture Development Method — 9 commands covering the full ADM cycle.
| Command | Doc Type | Phase | Description |
|---|---|---|---|
/arckit:adm-preliminary | ADMP | Preliminary | Architecture vision, scope, drivers, constraints |
/arckit:business-capability-map | BPCM | Phase A | Business capability hierarchy, value streams, maturity |
/arckit:application-inventory | APP | Phase C | Application catalog with strategic fit scoring |
/arckit:application-rationalization | APPR | Phase C | Keep/merge/replace/retire decisions |
/arckit:gap-analysis | GAPA | Phase E | Capability gap matrix, workstream mapping |
/arckit:transition-architecture | TRANS | Phase F | Work packages, migration waves, acceptance criteria |
/arckit:architecture-board | BORD | Phase G | Board charter, compliance scorecard, governance |
/arckit:architecture-change | ACHG | Phase H | Change requests, ADM cycle re-entry |
/arckit:architecture-repository | REPO | Repository | Patterns, standards, reference architectures |
Install: claude plugin install arckit arckit-togaf-adm
Recipe: togaf-adm-full — full ADM cycle via build recipe
AI Agent Architecture Overlay (arckit-agent-architecture) [COMMUNITY]
Governance, design, and security for autonomous AI agent programs — 6 commands.
| Command | Doc Type | Description |
|---|---|---|
/arckit:agent-inventory | AAGI | Agent catalog with capabilities, security classification |
/arckit:agent-design | AAGR | Agent architecture spec — patterns, tools, memory, orchestration |
/arckit:agent-governance | AAOV | Oversight models, approval workflows, audit, compliance |
/arckit:agent-integration | AAIN | Multi-agent orchestration, contracts, shared state |
/arckit:agent-security | AASE | Sandboxing, permissions, injection defences, output validation |
/arckit:agent-maturity | AAMT | 5×5 maturity model for agent programs |
Install: claude plugin install arckit arckit-agent-architecture
Recipe: agent-architecture — full agent architecture lifecycle via build recipe
Combined Recipe: togaf-agent-full
For organisations adopting both enterprise architecture and AI agent governance:
claude agent recipes/togaf-agent-full.yaml
The ArcKit Workflow
ArcKit guides you through the enterprise architecture lifecycle:
Phase 0: Project Planning
/arckit:plan → Create project plan with timeline, phases, and gates
Visualize your entire project delivery:
- GDS Agile Delivery phases (Discovery → Alpha → Beta → Live)
- Mermaid Gantt chart with timeline, dependencies, and milestones
- Workflow diagram showing gates and decision points
- Tailored timeline based on project complexity
- Integration of all ArcKit commands into schedule
- Gate approval criteria for governance
Phase 1: Establish Governance
/arckit:principles → Create enterprise architecture principles
Define your organisation's architecture standards:
- Cloud strategy (AWS/Azure/GCP)
- Security frameworks (Zero Trust, compliance)
- Technology standards
- FinOps and cost governance
Phase 2: Stakeholder Analysis
/arckit:stakeholders → Analyze stakeholder drivers, goals, and outcomes
Do this BEFORE business case to understand who cares about the project and why:
- Identify all stakeholders (internal and external)
- Document underlying drivers (strategic, operational, financial, compliance, risk, personal)
- Map drivers to SMART goals
- Map goals to measurable outcomes
- Create Stakeholder → Driver → Goal → Outcome traceability
- Identify conflicts and synergies
- Define engagement and communication strategies
Phase 3: Risk Assessment
/arckit:risk → Create comprehensive risk register (Orange Book)
Do this BEFORE business case to identify and assess risks systematically:
- Follow HM Treasury Orange Book 2023 framework
- Identify risks across 6 categories (Strategic, Operational, Financial, Compliance, Reputational, Technology)
- Assess inherent risk (before controls) and residual risk (after controls)
- Apply 4Ts response framework (Tolerate, Treat, Transfer, Terminate)
- Link every risk to stakeholder from RACI matrix
- Monitor risk appetite compliance
- Feed into SOBC Management Case Part E
Phase 4: Business Case Justification
/arckit:sobc → Create Strategic Outline Business Case (SOBC)
Do this BEFORE requirements to justify investment and secure approval:
- Use HM Treasury Green Book 5-case model (Strategic, Economic, Commercial, Financial, Management)
- Analyze strategic options (Do Nothing, Minimal, Balanced, Comprehensive)
- Map benefits to stakeholder goals (complete traceability)
- Provide high-level cost estimates (Rough Order of Magnitude)
- Economic appraisal (ROI range, payback period)
- Procurement and funding strategy
- Governance and risk management (uses risk register)
- Enable go/no-go decision BEFORE detailed requirements work
Phase 5: Define Requirements
/arckit:requirements → Document comprehensive requirements
Create detailed requirements informed by stakeholder goals (if SOBC approved):
- Business requirements with rationale
- Functional requirements with acceptance criteria
- Non-functional requirements (performance, security, scalability, compliance)
- Integration requirements (upstream/downstream systems)
- Data requirements (DR-xxx)
- Success criteria and KPIs
Phase 5.3: Platform Strategy Design (Optional - for Multi-Sided Platforms)
/arckit:platform-design → Design multi-sided platform strategy using Platform Design Toolkit
Use this phase when designing ecosystem-based platforms (Government as a Platform, marketplaces, data platforms):
- Ecosystem Canvas: Map supply side, demand side, supporting entities with relationship diagrams
- Entity-Role Portraits: Deep dive into 3-5 key entities (context, pressures, goals, gains)
- Motivations Matrix: Identify synergies and conflicts across entities with mitigation strategies
- Transactions Board: Design 10-20 transactions with cost reduction analysis (search, information, negotiation, coordination, enforcement)
- Learning Engine Canvas: 5+ services that help participants improve (data, feedback loops, network effects)
- Platform Experience Canvas: Journey maps with business model and unit economics
- MVP Canvas: Liquidity bootstrapping strategy to solve chicken-and-egg problem
- Platform Design Canvas: Synthesize all 8 canvases into cohesive platform strategy
- UK Government Context: Aligns with Government as a Platform (GaaP), TCoP Point 8 (share/reuse), Digital Marketplace
Use Cases: NHS appointment booking, local authority data marketplaces, training procurement platforms, citizen services portals
Phase 5.5: Data Modeling
/arckit:data-model → Create comprehensive data model with ERD
Create data model based on Data Requirements (DR-xxx):
- Visual Entity-Relationship Diagram (ERD) using Mermaid
- Detailed entity catalog with attributes, types, validation rules
- PII identification and GDPR/DPA 2018 compliance
- Data governance matrix (business owners, stewards, custodians)
- CRUD matrix showing component access patterns
- Data integration mapping (upstream sources, downstream consumers)
- Data quality framework with measurable metrics
- Requirements traceability (DR-xxx → Entity → Attribute)
Phase 5.7: Data Protection Impact Assessment
// compatibility
| Platforms | cli, api, desktop, web, mobile |
|---|---|
| Operating systems | — |
| AI compatibility | claude |
| License | NOASSERTION |
| Pricing | open-source |
| Language | JavaScript |
// faq
What is arc-kit?
The Enterprise Architecture Governance Harness — strategy, architecture, delivery, and assurance for AI coding assistants. It is open-source on GitHub.
Is arc-kit free to use?
arc-kit is open-source under the NOASSERTION license, so it is free to use.
What category does arc-kit belong to?
arc-kit is listed under mcp-servers in the Claudeers registry of Claude-compatible tools.
// embed badge
[](https://claudeers.com/arc-kit)
// retro hit counter
[](https://claudeers.com/arc-kit)
// reviews
// guestbook
// related in MCP Servers
f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete…
A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io
An open-source AI agent that brings the power of Gemini directly into your terminal.
// built by
1 of its contributors also build on official projects — claude-code, claude-cookbooks, claude-plugins-official
→ see how arc-kit connects across the ecosystem