tractorjuice/arckit-fr-irn

⚠️ Community-contributed command — not part of the officially-maintained ArcKit baseline. Output should be reviewed before reliance.

Note on methodology: This command structures an IRN self-assessment but does not reproduce the aDRI scoring criteria for two explicit reasons:

1. Living repository — the IRN framework evolves actively at gitlab.com/digitalresilienceinitiative/adri-irn. Embedding a copy would create a frozen snapshot that diverges from the official methodology.

2. Licence incompatibility — the IRN is published under CC BY-NC-ND 4.0 (non-commercial, no derivatives). ArcKit is MIT (commercial use permitted). These two licences are incompatible for any derived content.

To score your assessment: consult the official aDRI repository, download the evaluation grid (Questionnaire_IRN_v0.4.xlsx), apply R/NR criteria per pillar and layer, then report your scores in the generated document.

You are helping an enterprise architect structure an IRN (Indice de Résilience Numérique) self-assessment following the aDRI framework. The IRN is a strategic resilience index — not a compliance checklist — designed to give executive committees an objective view of their technological dependencies.

User Input

$ARGUMENTS

Instructions

Note: Before generating, scan projects/ for existing project directories. For each project, list all ARC-*.md artifacts, check external/ for reference documents, and check 000-global/ for cross-project policies. If no external docs exist but they would improve output, ask the user.

Step 0: Read existing artifacts from the project context

RECOMMENDED (read if available, note if missing):

• REQ (Requirements) — Extract: infrastructure choices, SaaS/cloud dependencies, integration points, data sovereignty requirements
• STKE (Stakeholder Analysis) — Extract: organisation type, strategic priorities, key dependencies, vendor relationships
• PRIN (Architecture Principles, 000-global) — Extract: sovereignty principles, cloud strategy, open-source commitments
• RSCH (Research) — Extract: vendor landscape, identified single points of failure

OPTIONAL (read if available, skip silently):

• SECNUM (SecNumCloud Assessment) — pre-populate RES-6 cloud infrastructure section
• ANSSI (ANSSI Security Posture) — pre-populate RES-7 cybersecurity section
• EBIOS (Risk Study) — pre-populate RES-4 operational resilience section
• RGPD / CNIL (GDPR Assessments) — pre-populate RES-2 regulatory compliance section

Step 0b: Read external documents

• Read any documents in external/ — extract existing vendor contracts, SLA reports, cloud audits, dependency maps
• Read any 000-global/policies/ — extract cloud strategy, open-source policy, data sovereignty policy

Step 1: Identify or Create Project

Identify the target project from the hook context. If the project doesn't exist, create it via create-project.sh --json.

Step 2: Determine scope

From the artifacts, determine which of the 5 IRN organisational layers are relevant:

| Layer | In Scope? | Justification | |-------|-----------|---------------| | Applicative | ? | Based on identified SaaS/software dependencies | | Data | ? | Based on data assets, AI/analytics usage | | Platform | ? | Based on dev/deploy/orchestration tooling | | Infrastructure | ? | Based on cloud, compute, storage, network | | Compétences | ? | Based on internal skill assessment, outsourcing level |

If no artifacts exist, include all 5 layers and note that scope confirmation is required.

Step 3: Read Template

• First, check if .arckit/templates-custom/fr-irn-template.md exists in the project root
• If found: use the user's customised template
• If not found: use .arckit/templates/fr-irn-template.md

Step 4: Generate IRN Assessment Document

CRITICAL: Use the Write tool to create the assessment document.

1. Detect version: Check for existing ARC-{PROJECT_ID}-IRN-v*.md files
2. Document ID: ARC-{PROJECT_ID}-IRN-v{VERSION}
3. Classification: OFFICIAL-SENSITIVE (dependency mapping reveals strategic vulnerabilities)

For each of the 8 IRN pillars, create a structured section:

RES-1 — Résilience Stratégique (Vision & roadmap, independence strategy, IT governance) RES-2 — Résilience Économique et Juridique (Regulatory compliance, legal sovereignty, audit) RES-3 — Résilience Data & IA (Data control, AI infrastructure, ethics & transparency) RES-4 — Résilience Opérationnelle (Business continuity, incident management, recovery plans) RES-5 — Résilience Supply-Chain (Critical suppliers, diversification, contracts & SLAs) RES-6 — Résilience Technologique (Infrastructure & cloud, applications & SaaS, open source) RES-7 — Résilience Sécurité (Cybersecurity, data protection, risk management) RES-8 — Résilience Environnementale (Carbon footprint, green IT, digital sustainability)

For each pillar × organisational layer in scope:

• Summarise what is known from project artifacts (pre-populate where possible)
• Leave a scoring placeholder (R / NR / ? — to be filled using the official aDRI grid)
• Flag any obvious dependencies or risks identified from existing artifacts
• Do NOT attempt to score R/NR yourself — the official criteria are in the aDRI evaluation grid

4. Scoring Summary table: Create a placeholder table showing the 8 pillars × 5 layers with R/NR cells to be filled by the assessor after consulting the official methodology.

5. Gap Analysis: Based on what is observable from existing artifacts (NOT from reproduced aDRI criteria), flag obvious dependency concentrations, single-vendor risks, or regulatory exposure as preliminary observations.

Before writing, read .arckit/references/quality-checklist.md and verify all Common Checks pass.

Write to:

projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md

Step 5: Summary Output

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ IRN Assessment Scaffold Generated
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📄 Document: projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md
📋 Document ID: {document_id}
📅 Assessment Date: {date}
🔒 Classification: OFFICIAL-SENSITIVE

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Scope
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Layers in scope: {N}/5
Pre-populated from artifacts: {list}
Cells requiring official aDRI scoring: {N}

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Preliminary observations from existing artifacts
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

{List obvious risks/dependencies visible from project artifacts}

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Next steps:
1. Download the official aDRI evaluation grid:
   https://gitlab.com/digitalresilienceinitiative/adri-irn
2. Score each pillar × layer cell (R/NR) using the official methodology
3. Report scores in the generated document and re-run for gap analysis
{If cloud gaps: 4. Run $arckit-fr-secnumcloud for sovereign hosting assessment}
{If GDPR gaps: 5. Run $arckit-eu-rgpd for full data compliance assessment}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Key References

| Document | Publisher | URL | |----------|-----------|-----| | IRN official repository (evaluation grid v0.4) | aDRI | https://gitlab.com/digitalresilienceinitiative/adri-irn | | aDRI official website | aDRI | https://thedigitalresilience.org/ | | IRN licence (CC BY-NC-ND 4.0) | Creative Commons | https://creativecommons.org/licenses/by-nc-nd/4.0/ |

Why we reference instead of reproduce: The IRN scoring criteria are published under CC BY-NC-ND 4.0 (non-commercial, no derivatives). ArcKit is MIT-licensed (commercial use permitted). These licences are incompatible for derived content. Additionally, the IRN is an actively maintained living standard — embedding a snapshot would drift from the current version. This command structures and documents your assessment; the aDRI repository provides the methodology.

Success Criteria

• ✅ Assessment document created at projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md
• ✅ All 8 IRN pillars present as document sections
• ✅ 5 organisational layers scoped (in/out of scope justified)
• ✅ Existing project artifacts used to pre-populate observable context
• ✅ R/NR scoring placeholders created — NOT pre-filled by AI
• ✅ Link to official aDRI evaluation grid clearly displayed
• ✅ Licence incompatibility and living-repo rationale explained in document
• ✅ Preliminary observations from artifacts noted (dependency concentrations, single vendors)
• ✅ Classification: OFFICIAL-SENSITIVE

Example Usage

$arckit-fr-irn IRN self-assessment for project 001 — AI-driven HR SaaS platform using AWS eu-west-3 with US-based sub-processors

$arckit-fr-irn Assess IRN for a French bank running on Azure with Microsoft 365 across 5,000 employees

$arckit-fr-irn IRN scaffold for a public hospital group — 3 sites, OVHcloud infrastructure, Epic HRIS, strong open-source policy

Suggested Next Steps

After completing this command, consider running:

• $arckit-fr-secnumcloud -- Assess SecNumCloud qualification for sovereign cloud hosting (when RES-6 (Technological Resilience) or RES-5 (Supply-Chain) reveals critical cloud dependency gaps)
• $arckit-eu-rgpd -- Full GDPR compliance assessment for RES-2 regulatory gaps (when RES-2 (Economic and Legal Resilience) identifies GDPR compliance gaps)
• $arckit-eu-nis2 -- NIS2 compliance assessment for essential/important entity obligations (when RES-2 or RES-7 identifies NIS2 obligations)
• $arckit-fr-anssi -- ANSSI hygiene assessment for RES-7 cybersecurity gaps (when RES-7 (Security Resilience) reveals significant gaps)
• $arckit-fr-ebios -- EBIOS risk study for operational resilience gaps (when RES-4 (Operational Resilience) reveals significant risk management gaps)