Automate security, compliance, and gap analyses across 231+ frameworks with Agentic AI.
-00e599?style=for-the-badge&logo=postgresql){kind=icon}
Standard is an enterprise-grade compliance assessment API. It automates security evaluations against SOC 2, ISO 27001, HIPAA, NIST, and 231+ regulatory frameworks. By uploading your security documents, Standard's AI agents analyze them against the Secure Controls Framework (1,468 controls, 32,903 requirements, 15,717 crosswalk mappings) to automatically produce gap analyses, maturity scores, remediation plans, and audit-ready reports.
Your application calls the API β Standard does the compliance intelligence.
Get started instantly without spinning up heavy infrastructure. Standard runs on the Edge.
# Health check (no auth required)
curl https://standard-api.bekaa.eu/health
# List compliance frameworks
curl -H "Authorization: ApiKey YOUR_KEY" \
https://standard-api.bekaa.eu/api/v1/scf/frameworks
# Create an assessment
curl -X POST -H "Authorization: ApiKey YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"organization_id":"YOUR_ORG","name":"Q2 Assessment"}' \
https://standard-api.bekaa.eu/api/v1/assessmentsExplore the API: Interactive API Explorer | Cookbook
The core of Standard is our Agentic Assessment Model. Specialized AI agents collaborate under controlled orchestration to automate the entire compliance lifecycle while maintaining strict schema validation, human-in-the-loop approvals, and absolute traceability.
graph LR
A[Upload Docs] --> B[Ingestion & RAG]
B --> C[SCF Pre-Analysis]
C --> D[Scope & SoA]
D --> E{Approval}
E --> F[Evidence Gap Analysis]
F --> G[Maturity Scoring]
G --> H[POA&M & Reports]
H --> I((Closed))
style E fill:#f59e0b,stroke:#d97706,stroke-width:2px,color:#fff
Our system architecture is comprehensively documented using the Arc42 Framework and C4 Model.
π Read the Full Arc42 Architecture Documentation
- API-First & SaaS-Ready: Every functional lifecycle is exposed via API (
/api/v1). - Multi-Organization Isolation: Deep isolation across all PostgreSQL tables and Cloudflare assets.
- Edge-Native Infrastructure: Built heavily on Cloudflare (Workers, Workflows, Queues, R2, Vectorize).
- Security & Guardrails: Enforced API keys (SHA-256), AI Gateway for prompt injection defense, and role-based access control.
We believe that great architecture requires great documentation. Our knowledge base is organized to help you navigate the codebase quickly.
| Topic | Primary Resource | Description |
|---|---|---|
| System Architecture | Arc42 Document | Complete system context, containers, and structural decisions. |
| Data Model | Data Architecture | PostgreSQL schemas, tenancy isolation, and state transitions. |
| Agent Behavior | Agentic AI Model | How the AI specialists interact, handle memory, and validate schemas. |
| Public API | OpenAPI Spec | Full specification of our RESTful API endpoints. |
| Project Context | CONTEXT.md | Development context and glossary. |
For a full index of architectural decisions and detailed module descriptions, browse the docs/ folder.
We use a modern pnpm monorepo with Dockerized PostgreSQL for a clean local setup.
# 1. Install dependencies
pnpm install
# 2. Start local PostgreSQL database
docker compose -f infra/docker/docker-compose.yml up -d
# 3. Apply database migrations
pnpm db:migrate
# 4. Start the API Gateway and Web Application
pnpm devFor background jobs, run the workers in separate terminals:
pnpm dev:workflows
pnpm dev:queues
pnpm dev:ingestionWe take security seriously. All platform capabilities enforce zero-trust principles.
- For vulnerability reporting, please see our Security Policy.
- Our
/.well-known/security.txtis active in production.
We welcome contributions to the Standard GRC ecosystem! Please review our Contributing Guidelines to understand our branching strategy, AI commitments, and testing requirements.
Built with β€οΈ for Security & Compliance Teams.
Licensed under the Business Source License 1.1.