GitHunt
IT

itsoumya-d/certiflow-ai

AI-powered compliance automation platform β€” autonomous agents verify SOC 2, ISO 27001 controls 24/7

audit-automationcompliancedevsecopsgemini-aigovernance-risk-compliancegrciso27001nextjssecurity-compliancesoc2typescript

CertiFlow AI πŸ”

Agentic GRC & Continuous Trust Platform

Stop manually chasing compliance evidence. Let AI agents do it for you β€” continuously.

License: MIT
Next.js
Gemini AI
TypeScript
PRs Welcome

The Problem

Modern engineering teams juggle SOC 2, ISO 27001, HIPAA, and more β€” each demanding continuous evidence collection, control verification, and audit trails. Most teams still do this manually: screenshots, spreadsheets, and frantic prep before audits.

CertiFlow AI changes that. Autonomous agents run your compliance checks 24/7, collect evidence automatically, and keep your trust posture real-time β€” so audits become a formality, not a fire drill.

✨ What It Does

Feature Description
πŸ€– Autonomous Agents AI agents powered by Gemini continuously verify your controls (AWS, GitHub, Okta, and more)
πŸ“Š Live Trust Dashboard Animated compliance score ring with real-time agent status via Server-Sent Events
πŸ“ Evidence Library Upload, tag, and AI-analyze compliance artifacts β€” auto-linked to controls
πŸ” Role-Based Access Admin, User, and Auditor roles with scoped permissions
πŸ”„ Continuous Monitoring SSE-powered live updates β€” no polling, no refresh
πŸ“± Mobile Responsive Full compliance visibility from any device

🎬 Demo

Live demo accounts β€” no signup required:

Role Email Password
Admin admin@certiflow.ai admin123
User user@certiflow.ai user123
Auditor auditor@certiflow.ai auditor123

πŸš€ Quick Start

Prerequisites

Setup

git clone https://github.com/itsoumya-d/certiflow-ai.git
cd certiflow-ai
npm install
cp env.example.txt .env.local

Edit .env.local:

GEMINI_API_KEY=your_gemini_api_key
NEXTAUTH_SECRET=any_random_string_here
NEXTAUTH_URL=http://localhost:3000
npm run dev

Open http://localhost:3000 β€” you're in.

πŸ€– Built-In Compliance Workflows

awsS3Encryption        // Verify S3 bucket encryption settings
awsMfa                 // Check MFA enforcement for IAM users
githubBranchProtection // Verify branch protection rules
oktaMfa                // Check Okta MFA policy configuration

Each workflow runs autonomously using Gemini's Computer Use β€” the agent navigates, checks, and reports back without human intervention.

πŸ› οΈ Tech Stack

  • Framework: Next.js 14 (App Router)
  • AI: Google Gemini Pro/Flash with Computer Use
  • Auth: NextAuth.js with role-based sessions
  • Real-time: Server-Sent Events (SSE)
  • Language: TypeScript throughout

πŸ—ΊοΈ Roadmap

  • Slack/Teams notifications for compliance drift alerts
  • SOC 2 Type II, ISO 27001, HIPAA, PCI DSS frameworks
  • Custom no-code workflow builder
  • Evidence auto-expiry + renewal reminders
  • CI/CD integration (GitHub Actions)
  • Audit report PDF export

🀝 Contributing

New compliance workflows, bug fixes, UI improvements β€” open a PR. Let's build the open-source compliance layer together.

πŸ“„ License

MIT β€” see LICENSE for details.

Built with ❀️ by itsoumya-d · Powered by Gemini AI

Languages

TypeScript95.2%CSS4.4%JavaScript0.3%Dockerfile0.1%

Contributors

IT
Created December 24, 2025
Updated March 14, 2026
itsoumya-d/certiflow-ai | GitHunt