June 12, 2026

The Compliance Agent — Seven Steps Between QA and Archive

How Datarim's Compliance agent runs a structured 7-step hardening check after QA passes: re-validating against the PRD, simplifying code, verifying coverage and lint, and producing a compliance report.

Passing QA is not the same as being ready to ship. Tests confirm behavior; they do not confirm that the behavior matches what was originally asked for, that the code is as simple as it can be, or that references and coverage hold. The Compliance agent runs the gap between QA and archive.

It executes a fixed 7-step hardening workflow from the compliance skill. The steps are not a checklist to rush through — each one has a specific failure mode it is designed to catch. The agent produces a compliance report and routes to archive if clean, or back to implementation if something material is found.

What the seven steps cover

The workflow starts with re-validation: the agent reads the original PRD and task description, then checks whether the implementation actually delivers what was specified. Feature drift — where the code solves a slightly different problem than the one agreed upon — is common and hard to catch any other way.

Step two is code simplification. Only recently modified code is in scope. The question is whether any of it can be made shorter or clearer without changing behavior. Simpler code has fewer failure modes. Steps three through six cover references, test coverage, lint, and whether any new tests were actually added for new behavior. Step seven produces the report.

One concrete example

A task adds a new API endpoint. QA passes. The Compliance agent re-reads the PRD and finds the endpoint was supposed to return a paginated response, but the implementation returns a flat array. Tests pass because the test was written against the implementation, not the spec. The agent flags this as non-compliant and routes back to /dr-do with a precise finding rather than a vague "something is wrong."

Where it sits

The Compliance agent runs at /dr-compliance, the stage that follows /dr-qa. A COMPLIANT result routes forward to /dr-archive. A NON-COMPLIANT result routes back — to /dr-do by default, or to an earlier stage if a PRD or plan gap is identified. Every response ends with a structured CTA block so the next step is always unambiguous.

See the full reference on the Compliance agent card, or read what Datarim is for context on how agents fit together.