Verification & Scoring

EEP includes an automation-first verification workflow so any platform can be audited consistently. Use the compliance CLI in CI to generate both machine-readable and human-readable reports.

Run an audit

Compliance Audit

npx @eep-dev/compliance-cli \
  --target https://api.yourplatform.com \
  --api-key sk_test_... \
  --entity u/test-entity \
  --report-json ./eep-audit.json \
  --report-md ./eep-audit.md

What you get

score_100 summary for release gates and KPI tracking.
Per-check pass/fail data for policy automation.
Actionable recommendations for each failed check.
Markdown artifact that can be shared directly with engineering and security teams.

CI usage pattern

# Example release gate
if [ "$(jq '.score_100' eep-audit.json)" -lt 90 ]; then
  echo "EEP score below release threshold"
  exit 1
fi

Setup vs compliance reports

@eep-dev/compliance-cli scores a live deployment. eep-setup verify scores generated files on disk — use both where applicable; see EEP-ready verification ↗.

Scope note

Automated checks cover a large portion of Core/Standard conformance and selected Full-path checks. Keep manual validation for environment-specific controls (e.g., production wallet ops, WebSocket commerce hardening, and org-specific legal/policy requirements).