Add vaara-governed-tool-call under Security & Systems
@vaaraiochecks…add-vaara-governed-tool-call → master1 files · +1 −0updated 3d agoloading diff…
@vaaraiochecks…add-vaara-governed-tool-call → master1 files · +1 −0updated 3d ago@vaaraiochecks…add-vaara-governed-tool-call → master1 files · +1 −0updated 3d agoAdds one entry under Security & Systems, linking to the skill in its own repo (same external-link pattern as threat-hunting-with-sigma-rules).
What it does: it puts a human-oversight checkpoint and an auditable record in front of a high-risk tool call, the kind of action a human should be able to stop and a regulator should be able to verify later (writing to a clinical or genomic database, submitting to a regulator, moving money, deleting data). It gates the call to allow, escalate, or deny, routes escalations to a human review queue, and appends every decision, escalation, resolution, and outcome to a hash-chained trail that exports to a signed package and verifies offline. It wraps the open-source vaara package (pip install vaara), no server needed.
Real use case: EU AI Act Article 14 (human oversight) and Article 12 (record-keeping) for agents running consequential actions. It drops in next to capability skills, a clinical or genomic database skill ships the action, this ships the oversight and the record. Tested in Claude Code against the package, and used to govern the development of the package itself.