Clausi — AI Compliance Auditing CLI

Founded and built Clausi — a developer-first AI compliance auditing CLI that scans codebases against EU-AIA, GDPR, HIPAA, ISO 42001, NIST AI Framework, and SOC 2 regulations, generating PDF/HTML/JSON audit reports in one command. Full-stack system: Python CLI (Click/Rich) → FastAPI backend → GPT-powered code analysis → automated report generation.

Built the Python CLI using Click for command parsing and Rich for terminal UI rendering — progress bars, styled tables, and colored output for scan results. The CLI supports multiple scan modes: quick scan (samples representative files for fast feedback), full scan (analyzes every file against all applicable regulation clauses), and targeted scan (specific regulation frameworks only). Users configure scans via clausi.yaml with project-level settings: company name, industry vertical, applicable regulations, file exclusion patterns, and report template selection (default, detailed, executive). Before each scan, the CLI displays an estimated cost based on token count projections, requiring user confirmation before API calls — critical for enterprise adoption where unexpected AI costs are unacceptable.

Designed the FastAPI backend with a modular architecture: the GPT Mapper module reads each source file, constructs regulation-specific prompts that include the relevant compliance clauses (loaded from YAML regulation definition files), and sends them to OpenAI's GPT-4 API for analysis. Each regulation (EU-AIA, GDPR, HIPAA, etc.) has its own YAML file defining articles, clauses, and compliance criteria — making it trivial to add new regulations by writing a YAML template without touching application code. The Report Generator uses WeasyPrint + Jinja2 to produce professional PDF reports with company branding, executive summary, per-file findings with severity ratings (Critical/High/Medium/Low/Info), specific code references with line numbers, and actionable remediation recommendations.

Built a PostgreSQL-backed audit trail tracking every scan: timestamp, user, project, files analyzed, findings count by severity, token usage, and cost. This enables compliance teams to demonstrate continuous monitoring — a requirement under SOC 2 Type II and ISO 42001. API key authentication with rate limiting protects the backend. The system supports CI/CD integration via exit codes (non-zero on Critical/High findings) for automated compliance gates in GitHub Actions, GitLab CI, and Jenkins pipelines.

Developed a Next.js documentation site (clausi.ai) with quickstart guides, API reference, command documentation, pricing calculator, and an embedded demo video showing a complete scan workflow. The site uses MDX for documentation pages with interactive code blocks that let visitors copy clausi scan commands directly. Designed to match the aesthetics of modern developer tools like Vercel, Linear, and Stripe's documentation.