| name | compliance-rgi |
| description | Ensures system interoperability via open standards, documented APIs, and standardized data exchange |
| category | Interoperability & Standards |
| keywords | RGI, interoperability, APIs, REST, OpenAPI, OAuth 2.0, standards, integration |
| license | MIT |
SKILL: RGI — Référentiel Général d'Interopérabilité
📖 What is RGI?
Référentiel Général d'Interopérabilité (v2.0, December 2015)
- Scope: System interoperability across political, legal, organizational, semantic, and technical levels
- Applies to: French administrative authorities, public services, and their integrations
- Key requirement: All systems must use open standards and be verifiably interoperable
- Details on levels/standards: See
STANDARDS-REFERENCE.md and INTEROPERABILITY-PROFILES.md
- Reference: https://www.numerique.gouv.fr/offre-accompagnement/reference-interoperabilite-rgi/
⚡ How to Use This SKILL
First time? → Read INDEX.md for complete document navigation
Quick eval? → Use QUICK-ASSESSMENT.md (5 minutes)
Detailed audit? → Use CONFORMANCE-CHECKLIST.md (1-2 hours)
Learning standards? → Use STANDARDS-REFERENCE.md (reference)
Quick Navigation:
QUICK-ASSESSMENT.md — 5-minute compliance scoring
CONFORMANCE-CHECKLIST.md — 50+ detailed items (formal audit)
STANDARDS-REFERENCE.md — All RGI-approved standards
INTEROPERABILITY-PROFILES.md — 5 integration patterns (A2A, A2B, A2C, M2M, OpenData)
INDEX.md — Document index and workflows
- Project-specific: See
docs/compliance/RGI-IMPLEMENTATION.md in your codebase
🎯 Quick: Identify Applicable RGI Criteria
Answer these questions to determine what applies:
- Does your project expose APIs to other systems? → Apply Technical Standards (REST, OAuth 2.0, OpenAPI)
- Does your project share data with other organizations? → Apply Semantic, Legal, Organizational criteria
- Are you integrating with external systems (government, business, partners)? → Apply all levels (see decision matrix below)
- Is this only internal company code? → Only apply Technical Standards (no inter-org requirements)
Decision Matrix: What to Check
| Scenario | Political | Legal | Organizational | Semantic | Technical |
|---|
| Internal API (no external callers) | ✓ | ✓ | ✓ | ✓ | ✓✓ |
| Public-facing API (third-party integrations) | ✓ | ✓ | ✓ | ✓ | ✓✓ |
| Inter-org data exchange (A2A, A2B, A2C) | ✓✓ | ✓✓ | ✓✓ | ✓✓ | ✓✓ |
| Microservice integration (internal, same org) | — | — | — | ✓ | ✓ |
(✓ = verify, ✓✓ = critical)
✅ Essential Checklists (Compressed)
For APIs (Public or Inter-organizational)
Must have:
Should have (if data is sensitive/shared):
For Data Ownership & Structure
Must have:
Should have:
For Organizational Readiness (If Inter-org)
Must have:
For Political Commitment (If Inter-org)
Must have:
🔌 Technical Standards Verification
Quick Test: Is This API RGI-Compliant?
curl -i https://api.example.fr/api/v1/users
curl https://api.example.fr/api/docs
curl -H "Authorization: Bearer INVALID" https://api.example.fr/api/v1/users
curl -X POST https://api.example.fr/api/v1/users -d '{invalid json}'
curl https://api.example.fr/api/v1/users?skip=0&take=20
Standards Cheat Sheet
| Need | Standard | Example |
|---|
| Secure transport | TLS 1.2+ | https:// (not http) |
| API documentation | OpenAPI 3.0 | /api/docs endpoint |
| Auth (external APIs) | OAuth 2.0 | Bearer token (JWT) |
| User identity (federation) | OpenID Connect | FranceConnect integration |
| Data format | JSON | UTF-8, ISO 8601 dates |
| Unique IDs | UUID v4 | 550e8400-e29b-41d4-a716-446655440000 |
| Countries/languages | ISO standards | FR, fr |
| DateTime | ISO 8601 | 2024-04-01T10:30:00Z |
| Async messaging | AMQP | RabbitMQ, SMTP, webhooks |
| Geospatial | GeoJSON, WGS 84 | If location data used |
For exhaustive standards list, see STANDARDS-REFERENCE.md
💾 Code Examples: RGI Requirements
✅ REST API with OpenAPI (NestJS)
import {
Controller,
Get,
Post,
Put,
Delete,
Query,
Param,
HttpCode,
Body,
} from '@nestjs/common'
import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger'
@ApiTags('Resources')
@Controller('api/v1/resources')
export class ResourceController {
@Get()
@ApiOperation({ summary: 'List resources' })
@ApiResponse({ status: 200, description: 'List with pagination' })
async list(@Query('skip') skip = 0, @Query('take') take = 20) {
return { items: [], paging: { skip, take, total: 0 } }
}
@Get(':id')
@ApiOperation({ summary: 'Get resource by ID' })
@ApiResponse({ status: 200, description: 'Found' })
@ApiResponse({ status: 404, description: 'Not found' })
async getOne(@Param('id') id: string) {
return this.service.findById(id)
}
@Post()
@HttpCode(201)
@ApiOperation({ summary: 'Create resource' })
@ApiResponse({ status: 201, description: 'Created' })
async create(@Body() dto: CreateResourceDto) {
return this.service.create(dto)
}
@Put(':id')
@ApiOperation({ summary: 'Update resource' })
@ApiResponse({ status: 200, description: 'Updated' })
async update(@Param('id') id: string, @Body() dto: UpdateResourceDto) {
return this.service.update(id, dto)
}
@Delete(':id')
@HttpCode(204)
@ApiOperation({ summary: 'Delete resource' })
async delete(@Param('id') id: string) {}
}
✅ Standard Error Response
{
"error": {
"code": "RESOURCE_NOT_FOUND",
"message": "Resource with ID 123...",
"httpStatus": 404,
"timestamp": "2024-04-01T10:30:00Z",
"traceId": "abc-123-def"
}
}
✅ Data with Standard Formats
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2024-04-01T10:30:00Z",
"firstName": "Jean",
"country": "FR",
"language": "fr",
"amount": 100.5,
"currency": "EUR"
}
✅ Data Export (GDPR Article 20)
@Get(':userId/export')
@UseGuards(AuthGuard)
async exportPersonalData(@Param('userId') userId: string) {
const data = await this.service.getAllPersonalData(userId)
return {
data,
exported: new Date().toISOString(),
schema_version: '1.0'
}
}
✅ OAuth 2.0 Token (for external APIs)
POST /oauth/token
client_id=my-app&
client_secret=secret&
grant_type=client_credentials&
scope=read:resources
{
"access_token": "eyJhbGc...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "read:resources"
}
✅ Webhook Notification (Async Events)
POST https:
Authorization: Bearer signature="..."
Content-Type: application/json
{
"event": "resource.created",
"data": { },
"timestamp": "2024-04-01T10:30:00Z",
"deliveryAttempt": 1
}
🗂️ Reference Documents
STANDARDS-REFERENCE.md: Complete list of all RGI standards by category (network, transport, APIs, data formats, identifiers)
INTEROPERABILITY-PROFILES.md: 5 integration patterns (A2A, A2B, A2C, M2M, OpenData) with specific standards for each
CONFORMANCE-CHECKLIST.md: 50+ detailed checklist items by level (use for exhaustive assessment)
- Project Implementation Guide: Check
docs/compliance/RGI-IMPLEMENTATION.md in your codebase for platform-specific guidance
- Official RGI v2.0: https://www.numerique.gouv.fr/offre-accompagnement/reference-interoperabilite-rgi/
🎯 How to Use This SKILL
- Identify your scenario using the Decision Matrix above
- Check the essential checklist for your API/data type
- Run the quick tests to verify compliance
- Reference code examples for implementation
- Consult detailed docs (
STANDARDS-REFERENCE.md, etc.) for exhaustive requirements
- Use
CONFORMANCE-CHECKLIST.md for formal assessment
⚠️ Common Pitfalls
❌ Don't:
- Use HTTP (must be HTTPS)
- Create undocumented APIs
- Use sequential IDs (privacy risk)
- Return generic error messages
- Mix data formats (stick to JSON)
- Skip pagination on large endpoints
✅ Do:
- Use UUID v4 for identifiers
- Publish OpenAPI 3.0 schema
- Return structured error responses
- Use ISO 8601 for dates
- Support pagination from day 1
- Add deprecation notice 6 months before breaking changes