Your compliance evidence is scattered.
Put a clanker on it.

CMVP certificates, KEV feeds, EPSS scores, framework mappings. One terminal session. Nothing leaves your machine.

Specs in

Feed a spec to any agent. It has enough context to build.

Terminal-first

Evidence gathering stays in your terminal.

Local-first

Your data stays on your machine. Or choose a hosted path.

What You Ask → What It Does

What 0.0.1 does well.

0.0.1 experimental

grclanker "what is the CMVP certificate for BoringCrypto?"

Resolve the exact validation record and answer with the cert, standard, and status.

grclanker investigate "CVE-2024-3094"

Trace KEV status, EPSS likelihood, and ransomware linkage in one pass.

grclanker "read specs/aws-sec-inspector.spec.md and build the tool"

Use the repo’s own spec files as build inputs instead of treating them like a separate product.

Evidence first // controls mapped // build from specs

Four structured workflows. Pick one, stay on it.

/investigate /audit /assess /validate

/investigate

Trace crypto status, KEVs, EPSS, and ransomware linkage for a module, vendor, product, or CVE.

/audit

Map gathered evidence against the requested framework and classify what is satisfied, partial, absent, or unverifiable.

/assess

Produce an evidence-backed posture readout with top risks, confidence notes, and remediation order.

/validate

Answer the narrow FIPS question cleanly: active, historical, in process, or absent.