Open-Source Compliance Tool Automates SOC 2 Evidence Collection for Small AWS Teams

·1 views

A Northeastern University student has built an open-source, customizable compliance automation tool aimed at small SaaS, fintech, and healthtech teams of 1–30 people using AWS and GitHub. The tool connects via AWS APIs to collect evidence, map it to compliance controls, and generate auditor-ready reports in under an hour. Unlike traditional black-box compliance dashboards, it uses SHA-256 tamper-evident chains of custody to make each evidence item verifiable by timestamp, control, and service. Users can create their own custom controls reflecting their company's unique policies and integrate them into the SOC 2 framework through a managed organizational workspace. The project was motivated by the developer's firsthand observation of manual compliance processes and broken automation tools wasting significant time for teams pursuing their first SOC 2 Type I audit.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

AI SDK 7 Launches Unified Primitives to Standardize Production Agent Development

AI SDK 7 has been released with four core primitives—typed tool context, runtime context, file/skill uploads, and MCP Apps—designed to eliminate per-provider boilerplate in production agent codebases. The update also ships runtime infrastructure for operating agents in production, including durable execution, tool approval gates, multimodal support, and provider-agnostic reasoning control. Developers can migrate from v6 using the npx @ai-sdk/codemod v7 tool, which handles most breaking changes automatically. Notable requirements include Node.js 22 or higher and an ESM-only package format, which may cause import issues in CommonJS-heavy services. The release also expands the Harness package with two new coding-agent runtimes, Deep Agents and OpenCode, accessible through a unified API that allows runtime swaps without changing application code.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds AI Cost Tool Where LLM Explains Decisions, Not Makes Them

A developer building an Azure Cost Intelligence Platform discovered that AI-generated infrastructure recommendations often contained errors, including non-existent VM types and invalid CLI commands. To fix this, the architecture was redesigned so that independent components — including a metrics engine, pricing engine, and deterministic rule-based recommendation engine — gather and process real data before any AI is involved. The large language model is only used at the final step to explain pre-verified recommendations in plain language, never to generate them. The platform pulls live data from Azure Monitor, Azure Advisor, and Azure Pricing APIs, ensuring all suggestions are grounded in verified facts. The developer concluded that AI tools in cloud infrastructure are most reliable when they assist human understanding rather than drive automated decision-making.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Free Self-Hosted Remote Desktop Stack Combines RustDesk, Tailscale, and WSL2

A developer has published an open-source guide for building a fully self-hosted, end-to-end encrypted remote desktop setup on Windows 11, replacing paid tools like TeamViewer and AnyDesk. The stack combines RustDesk as the remote desktop server, Tailscale for private zero-config VPN networking, and Docker running on WSL2 to host Linux containers without a separate virtual machine. MagicDNS provides stable private hostnames, eliminating the need for public IP addresses, dynamic DNS services, or TLS certificates. The setup requires no open inbound firewall ports and uses Ed25519 key pinning to cryptographically verify every connection, with unverified peers rejected outright. All configuration files, setup instructions, and troubleshooting steps are available in a public GitHub repository.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why AI Agent Runtimes Need Session State as Core Infrastructure

AI agent runtimes lack a persistent state machine, meaning every conversation turn forces the model to reconstruct context from scratch rather than tracking it reliably. When tool calls fail or context overflows, the model continues reasoning as if nothing went wrong, leaving users to manually debug and retry. A proposed solution calls for three infrastructure components: a typed, inspectable state schema, a queryable commit log of every state change, and a diff-inspection layer showing what changed between turns. This approach would convert common failure modes — such as failed tool calls, context overflow, and poisoned reasoning traces — from human debugging problems into structured engineering problems. The core design principle is to externalize only state mutations that could change the agent's next action, such as tool results and pending actions, while leaving internal reasoning details out of the session record.

0 comments Read more at DEV Community