The open-source compliance platform.
Learn more Β»
Discord
Β·
Website
Β·
Documentation
Β·
Issues
Β·
Roadmap
Comp AI is the fastest way to get compliant with frameworks like SOC 2, ISO 27001, HIPAA and GDPR. Comp AI automates evidence collection, policy management, and control implementation while keeping you in control of your data and infrastructure.
Contact our founders at [email protected] to learn more about how we can help you achieve compliance.
Get access to the cloud hosted version of Comp AI.
To get a local copy up and running, please follow these simple steps.
Here is what you need to be able to run Comp AI.
- Node.js (Version: >=20.x)
- Bun (Version: >=1.1.36)
- Postgres (Version: >=15.x)
To get the project working locally with all integrations, follow these extended development steps.
-
Clone the repo:
git clone https://github.com/trycompai/comp.git
-
Navigate to the project directory:
cd comp -
Install dependencies using Bun:
bun install- Install
concurrentlyas a dev dependency:
bun add -d concurrentlyCreate the following .env files and fill them out with your credentials:
comp/apps/app/.envcomp/apps/portal/.envcomp/packages/db/.env
You can copy from the .env.example files:
cp apps/app/.env.example apps/app/.env
cp apps/portal/.env.example apps/portal/.env
cp packages/db/.env.example packages/db/.envcopy apps\app\.env.example apps\app\.env
copy apps\portal\.env.example apps\portal\.env
copy packages\db\.env.example packages\db\.envCopy-Item apps\app\.env.example -Destination apps\app\.env
Copy-Item apps\portal\.env.example -Destination apps\portal\.env
Copy-Item packages\db\.env.example -Destination packages\db\.envAdditionally, ensure the following required environment variables are added to .env in comp/apps/app/.env:
AUTH_SECRET="" # Use `openssl rand -base64 32` to generate
DATABASE_URL="postgresql://user:password@host:port/database"
RESEND_API_KEY="" # Resend (https://resend.com/api-keys) - Resend Dashboard -> API Keys
NEXT_PUBLIC_PORTAL_URL="http://localhost:3002"
REVALIDATION_SECRET="" # Use `openssl rand -base64 32` to generateβ Make sure you have all of these variables in your
.envfile. If you're copying from.env.example, it might be missing the last two (NEXT_PUBLIC_PORTAL_URLandREVALIDATION_SECRET), so be sure to add them manually.
Some environment variables may not load correctly from .env β in such cases, hard-code the values directly in the relevant files (see Hardcoding section below).
- Create an account on https://cloud.trigger.dev
- Create a project and copy the Project ID
- In
comp/apps/app/trigger.config.ts, set:project: 'proj_****az***ywb**ob*';
-
Create an OAuth client:
- Type: Web Application
- Name:
comp_app# You can choose a different name if you prefer!
-
Add these Authorized Redirect URIs:
http://localhost http://localhost:3000 http://localhost:3002 http://localhost:3000/api/auth/callback/google http://localhost:3002/api/auth/callback/google http://localhost:3000/auth http://localhost:3002/auth -
After creating the app, copy the
GOOGLE_IDandGOOGLE_SECRET- Add them to your
.envfiles - If that doesnβt work, hard-code them in:
comp/apps/portal/src/app/lib/auth.ts
- Add them to your
- Go to https://console.upstash.com
- Create a Redis database
- Copy the Redis URL and TOKEN
- Add them to your
.envfile, or hard-code them if the environment variables are not being recognized in:comp/packages/kv/src/index.ts
Start and initialize the PostgreSQL database using Docker:
-
Start the database:
bun docker:up
-
Default credentials:
- Database name:
comp - Username:
postgres - Password:
postgres
- Database name:
-
To change the default password:
ALTER USER postgres WITH PASSWORD 'new_password';
-
If you encounter the following error:
HINT: No function matches the given name and argument types...Run the fix:
psql "postgresql://postgres:<your_password>@localhost:5432/comp" -f ./packages/db/prisma/functionDefinition.sqlExpected output:
CREATE FUNCTIONπ‘
compis the database name. Make sure to use the correct port and database name for your setup. -
Apply schema and seed:
# Generate Prisma client
bun db:generate
# Push the schema to the database
bun db:push
# Optional: Seed the database with initial data
bun db:seedOther useful database commands:
# Open Prisma Studio to view/edit data
bun db:studio
# Run database migrations
bun db:migrate
# Stop the database container
bun docker:down
# Remove the database container and volume
bun docker:cleanOnce everything is configured:
bun run devOr use the Turbo repo script:
turbo devπ‘ Make sure you have Turbo installed. If not, you can install it using Bun:
bun add -g turboπ Yay! You now have a working local instance of Comp AI! π
Steps to deploy Comp AI on Docker are coming soon.
Steps to deploy Comp AI on Vercel are coming soon.
This repository uses semantic-release to automatically publish packages to npm when merging to the release branch. The following packages are published:
@comp/db- Database utilities with Prisma client@comp/email- Email templates and components@comp/kv- Key-value store utilities using Upstash Redis@comp/ui- UI component library with Tailwind CSS
- NPM Token: Add your npm token as
NPM_TOKENin GitHub repository secrets - Release Branch: Create and merge PRs into the
releasebranch to trigger publishing - Versioning: Uses conventional commits for automatic version bumping
# Install a published package
npm install @comp/ui
# Use in your project
import { Button } from '@comp/ui/button'
import { client } from '@comp/kv'# Build all packages
bun run build
# Build specific package
bun run -F @comp/ui build
# Test packages locally
bun run release:packages --dry-runComp AI, Inc. is a commercial open source company, which means some parts of this open source repository require a commercial license. The concept is called "Open Core" where the core technology (99%) is fully open source, licensed under AGPLv3 and the last 1% is covered under a commercial license (["/ee" Enterprise Edition"]).
Tip
We work closely with the community and always invite feedback about what should be open and what is fine to be commercial. This list is not set and stone and we have moved things from commercial to open in the past. Please open a discussion if you feel like something is wrong.