Verdict

Compliance layer for AI coding agents

Verdict sits between your AI agent and your codebase, capturing full session provenance and mapping it to regulatory controls in real time.

Three-layer architecture

Layer 1

Capture

Hooks into AI agent runtimes and records every session: prompts, file access, tool invocations, commands, and git context. PHI detection runs locally before anything is stored.

  • Claude Code HTTP hooks
  • Cursor extension (coming)
  • Copilot adapter (coming)
  • PHI regex + filepath detection
  • Jira ticket auto-detection and enrichment
  • Auto-redaction before storage
Layer 2

Evaluate

Each Change Record is evaluated against configurable compliance policies and mapped to specific regulatory controls across SOC 2, HIPAA, and HITRUST frameworks.

  • Policy engine with configurable rules
  • Ticket traceability (SOC 2 CC8.1)
  • Compliance assessment reports
  • Regulatory control mapping table
  • Change classification (standard/emergency)
Layer 3

Deliver

Compliance verdicts appear on pull requests and inside Claude Desktop via MCP. Evidence syncs to your GRC platform. Auditors get continuously updated evidence without chasing developers.

  • Claude Desktop plugin (MCP)
  • GitHub PR annotations
  • Vanta / Drata / Secureframe sync
  • Natural language compliance queries
  • Auditor-ready export format

Everything you need for compliant AI development

Session Capture

Every prompt, file read, file write, command execution, and tool invocation — captured with microsecond precision.

PHI Detection

10+ HIPAA identifier patterns plus file path matching. PHI is detected and redacted before storage. Pluggable — bring your own DLP.

Policy Engine

Configurable rules that evaluate every session. Require ticket linkage with Jira traceability, flag unreviewed changes, enforce approval workflows.

Compliance Mapping

Every Change Record field maps to SOC 2 CC6/CC7/CC8, HIPAA §164.312, and HITRUST CSF controls. Not generic — regulatory-specific.

PR Annotations

Compliance verdict badges on every pull request. Reviewers see policy violations, PHI status, and control mappings before approving.

GRC Sync

One-click sync to Vanta, Drata, and Secureframe. Your auditor sees continuously updated evidence. No manual uploads ever again.

Local-First

All capture data stays on the developer's machine by default. No telemetry. No network calls. HIPAA-safe by architecture.

Agent-Agnostic

Pluggable hook interface supports any AI coding agent. Claude Code today. Cursor, Copilot, and custom agents on the roadmap.

Audit Export

One-command export of compliance summaries for auditors. JSON, summary, or AI-powered assessment formats.

Integrations

Verdict plugs into your existing workflow — from AI agent to GRC platform.

Claude Ecosystem

  • Claude Desktop (MCP)New
  • Claude CodeAvailable
  • CursorQ3 2026

GRC Platforms

  • VantaAvailable
  • DrataAvailable
  • SecureframeAvailable

Development

  • GitHubAvailable
  • GitLabQ4 2026
  • JiraAvailable

Ready to see Verdict in action?

We'll walk you through a live demo with your team's actual workflow.

Schedule a Demo