Platform & Backend
azuma nori is more than the desktop app: it is backed by a small cloud control plane that manages licensing, policy definitions, identity, and API keys, and keeps a synchronized, high-level record of your analysis runs. Crucially, this backend is a control plane, not a data plane — it never receives your source code.
What the backend does
The Nori backend is the central service the Standalone Client talks to. It is responsible for:
- Policy definitions: serving the compliance frameworks (and their controls) that your client evaluates against. Policies are managed centrally so every operator in your organization runs the same, up-to-date definitions.
- Licensing & workspaces: determining which policies and features your organization is entitled to (see Workspaces below).
- Identity: authenticating operators through azuma doa (OpenID Connect) and issuing API keys for headless use. New accounts are self-registered in the Standalone desktop app — there is no separate web sign-up.
- Run telemetry: receiving the high-level status and metrics of completed runs so your organization has a synchronized record of project state.
What the backend never receives
The privacy boundary is strict and is covered in detail under Telemetry & Privacy. In short, the backend never receives:
- your source code,
- your secrets or credentials, or
- the detailed text of individual findings or vulnerabilities.
Only high-level telemetry — run IDs, git metadata, execution metrics, per-control pass/fail statuses, and the overall score — is synchronized.
Workspaces & licensing
At sign-in you choose a workspace — your organization's licensed environment. Only workspaces carrying the nori license are selectable, and the workspace determines which policies you can run.
- Freemium: some policies expose a free subset of controls, so you can trial a framework before a full license is in place.
- Policy stability: each policy carries a Stable / Beta / Preview maturity label; see the Glossary. Preview policies may be limited in availability.
API keys
For automated or headless execution, the backend issues API keys that authenticate a run
without an interactive browser login. You generate and revoke keys from your azuma doa
Developer Settings, and provide them to the engine via the AZUMA_API_KEY environment
variable. Full details and examples are in Authentication.
Where you view results
Your analysis runs, findings, and reports live in the Standalone Client on your workstation, where the full detail (per-control findings, evidence, deep-dives, and exports) is available. The backend holds only the synchronized high-level record described above.
Organization-level administration of the platform is handled by azuma through internal administration tooling and is outside the scope of the client documentation.