A four-agent CrewAI stack that inventories your tech, drafts your policies, pulls your evidence, and answers your vendor questionnaires — so we can prove it's decoupleable and give it away.
Maps your stack to applicable Trust Services Criteria. Produces the gap report — what applies, what's met, what's missing.
Drafts the 15 required SOC-2 policies tailored to your actual stack — Access Control, Incident Response, Change Management, and the rest.
Pulls automated evidence from AWS, GitHub, Okta, PagerDuty, Datadog. Timestamps, source attribution, cryptographic hashes.
Answers SIG-Core, CAIQ, and bespoke vendor questionnaires — using your policies + evidence + live posture.
Prioritizes gap fixes by control criticality × severity. Handoff-ready remediation plan.
These four agents run today with real LLM calls. The metrics they produce become the D-Coupler pass/fail checkpoints.
The whole point of building this AI-version is so we can decouple it. Every LLM call above maps to code: Policy Writer → Jinja templates + regex; Evidence Collector → raw API pulls, strip the LLM analysis layer; Questionnaire Responder → RAG over a structured Q&A corpus + rule-based composition, LLM only for genuinely novel questions; Assessor → decision tree on tech-stack signals. Est. 80–90% of runtime LLM calls decouple to code. What's left is the paid product. What we give away is the tool that produced it.