Skip to main content
Agentic Compliance Automation

azuma nori

Compliance audits without code upload.

nori sets up an Agentic Security Workstation directly on your developer machine. Instead of rigid regex rules, bounded LLM Sub-Agents evaluate your codebase against compliance matrices — your source code never leaves your device.

Standalone Client
LOCAL
BSI TR-03161 · DiGA-Backend94.5%

O.Auth_1

OpenID Connect Enforcement — Pass

O.Cryp_2

Ad-hoc Hashing erkannt — Warning

0 Byte Code Upload

Not a rule engine. A reasoning partner.

Static analysis and manual audits fall short against complex compliance frameworks like BSI TR-03161. nori solves that with local, context-aware Sub-Agents.

Not a rulebook — reasoning

We don't rely on static regular expressions. Local orchestrators spawn dynamically bounded LLM Sub-Agents for every control.

Your code stays local

nori runs as a self-contained desktop app. Your source code is read locally and is never sent to azuma nori's servers.

Pre-computed compliance matrices

Ready-made matrices translate regulatory definitions precisely into evaluation tasks that an LLM can interpret reliably.

Zero-Code-Upload Security Model

Instead of uploading files to a central server, the Standalone Client acts as a local orchestrator and talks directly to the LLM provider you configure. azuma's server only ever receives strictly filtered telemetry — never your source files.

Phase 1 — Wiki Builder: compressed, local Markdown indices of your codebase
Phase 2 — Evaluation: Objective Chunking across bounded Sub-Agents per control
Control Supervisor Summarizer aggregates results without ever suppressing critical findings
Caveman Compression reduces wiki context by up to 60% of tokens

Architecture

Hybrid Architecture

azuma nori architecture diagram: Backend API & Dashboard vs. Standalone Client & CLI

Pre-configured for German and EU standards.

azuma nori ships with ready-made, agentic compliance matrices for the leading BSI standards and EU regulations. Each policy can be booked individually — the price in the Standard plan depends on its complexity.

Available

  • BSI TR-03161 · Part 1

    Mobile applications

    Available
  • BSI TR-03161 · Part 2

    Web applications

    Available
  • BSI TR-03161 · Part 3

    Backend systems

    Available
  • BSI TR-02102-1

    Cryptographic mechanisms: recommendations and key lengths

    Available
  • BSI TR-02102-2

    Cryptographic mechanisms: use of Transport Layer Security (TLS)

    Available

Beta

  • EU Cyber Resilience Act

    Regulation (EU) 2024/2847 · 31 controls

    Beta

In development

  • BSI TR-03107

    Electronic identities

    In development
  • EU AI Act

    Regulation (EU) 2024/1689

    In development
Bring your own Model

You decide where your code gets evaluated.

nori is completely LLM-agnostic. You choose the provider and keep full control over your data sovereignty.

Direct Cloud APIs

Anthropic Claude, OpenAI GPT, or Google Gemini (native SDK) — using your own API key.

Local CLI wrappers

Claude CLI, Gemini CLI, or Cursor CLI running as a local process — for setups close to your own infrastructure.

On-Premise / Private Cloud

A custom API endpoint for a fully air-gapped setup, e.g. Azure OpenAI inside your own VNet.

Telemetry & PrivacyFull Transparency

Never leaves your device

  • Source code of your repository
  • Secrets, environment variables & .env files
  • Attached evidence files (PDFs, images)
  • The exact wording of any vulnerability found

Sent for team synchronization

  • Run ID, commit hash & branch
  • Duration & token usage
  • Pass/fail status per control ID
  • Aggregated compliance score

Reports for every audience.

From the executive briefing to the auditor dossier — every analysis exports exactly the way each audience needs it.

For Engineering Leadership

Executive Briefing

The Control Supervisor Summarizer distills all findings into policy insights, prioritized risk vectors, and a remediation roadmap — exportable as Markdown or PDF.

For Auditors

Auditor Deep-Dive

Full control matrix including line-level evidence (file path & line numbers) and transparent Sub-Agent rationale for every control.

For BSI Regulators

Regulatory Compliance Dossier

A per-control dossier generated deterministically from local logs for every control of the standard — path prefixes are automatically anonymized.
v1.8.0Zero LLM Cost

Start for free.

Self-service Test Access with curated controls, or full compliance coverage on the Standard plan — policies booked individually, priced by complexity.

Free

Ideal for trying nori risk-free on a real project.

0 €

3 curated controls included

  • Self-service registration
  • Unlimited projects, local analysis
  • Executive Summary export
  • SSO via azuma doa included
  • Community support
Get Test Access
Recommended

Standard

For teams that need full compliance coverage — you book exactly the policies you need.

Price per policy on request
  • All available policies — booked individually
  • Price depends on the complexity of the policy
  • Unlimited projects
  • All export types incl. Regulatory Compliance Dossier
  • Per-phase model assignment & budget limits
  • On-prem / air-gapped models
  • Dedicated support
Get in Touch

Start your first compliance scan

Get your Test Access or discuss your individual compliance roadmap with our experts.