Agent-operated SecOps

The compliance framework your own AI agent operates.

CalibraOps turns controls, policies, evidence, risks, incidents, vendors, tasks and customer signals into a typed operational graph. Your Claude Code, Cursor or in-house agent executes through a governed CLI/API; CalibraOps keeps the facts, grounding and immutable audit trail.

Explore the platform Open dogfood workspace

Controls14

Evidence45

Open tasks4

Weekly evidence health checkcompleted · cited chunks attached

Quarterly access reviewneeds human · approval gate

Vendor DPA reviewagent queue · rationale required

calibra apply --kind task --op complete \
  --rationale "evidence reviewed"

No built-in LLM No MCP lock-in Postgres FTS Air-gap ready Immutable ChangeRecord

What it is

A system of record for agent-driven compliance operations.

CalibraOps is not another checklist UI and not a hosted AI agent. It is the typed framework, knowledge layer and governed write path that lets external agents and humans operate compliance without losing auditability.

Typed operational graph

Frameworks, requirements, controls, policies, SOPs, evidence, vendors, systems, risks, incidents and tasks are first-class objects, not loose notes.

Full-text grounding

Documents are chunked and indexed with Postgres FTS. Answers, policies and requirements cite controlled chunks instead of unverifiable summaries.

Governed writes

Every CLI/API write requires intent and rationale. CalibraOps records who changed what, why, when and with which cited material.

Task-centered operations

Recurring tasks, human work, agent queue items and execution history are organized around Task as the unit of work.

Typed graph

From standards to proof, with the relationship chain preserved.

A standard clause maps to a unified control. A policy implements that control. A system component is in scope. An evidence source collects proof. An answer cites the exact chunk used. ChangeRecord closes the loop.

Framework and requirement crosswalks
Policy and SOP mapping to controls
Evidence freshness and audit status
Risk and incident relationships
Customer questionnaire answers with citations

Framework

Requirement

Control

Policy / SOP

Evidence

ChangeRecord

Operating model

Agents consume tasks. People approve decisions. The graph keeps provenance.

Tasks

One-time, recurring, conditional, human and agent-driven work live in a single task workbench.

Plans

Annual, quarterly or ad-hoc plans group work around compliance objectives without becoming the execution engine.

Calendar

Events and task due dates appear in one calendar, while Event remains a calendar object and Task remains the execution unit.

Executions

Every agent run records skill, input, output summary, created/updated records, block reason and rationale.

Sovereign by design

Deploy where your compliance data needs to live.

CalibraOps is designed around self-hostable infrastructure: Phoenix/Ash, Postgres, Kratos/Hydra and static SPAs. No mandatory external AI service, no vector database and no vendor-controlled agent runtime.

BackendElixir / Phoenix / Ash

StoragePostgres + FTS

IdentityKratos / Hydra

FrontendConsole + Compliance + Website

Current production dogfood

Built in production, not in slides.

CalibraOps is being operated against AlpineAds as the first production dogfood tenant: compliance planning, evidence health, vendor DPA review, access review, risks, incidents and change provenance are all modeled in the graph.

Talk to the builder