Nolixan

Compliance map

Machine-checked mappings from Nolixan controls to OWASP Agentic Top-10 and SOC 2 — plus tenant data export, deletion, audit retention, and SIEM forwarding.

Nolixan ships a machine-checked compliance map: every control is tied to an exact source anchor in the codebase, and CI fails the moment an anchor moves — so the mapping can't silently rot. It's a self-assessment, not a certification, but the evidence is real and verifiable.

Frameworks

curl https://your-host/api/v1/compliance/frameworks \
  -H "Authorization: Bearer <JWT>"

Returns the control mappings for:

  • OWASP Agentic Top-10 — e.g. ASI-01 control hijacking (fail-closed policy gate), ASI-02 tool misuse (per-action policy + SoD), ASI-04 audit tampering (hash-chain + signed receipts), ASI-05 runaway cost (spend governor), ASI-06 sensitive-information disclosure (content redaction + encryption), ASI-08 identity/RBAC.
  • SOC 2 (Trust Services Criteria) — CC6.x access/encryption, CC7.x monitoring/audit integrity, CC8.1 change management (approvals + SoD), A1.1 SLOs, C1.x confidentiality (data minimization + redaction), PI1.1 signed receipts.

Each control carries a status (covered / partial / gap), a summary, and file:line evidence anchors. The same data powers the in-app Compliance page.

Evidence snapshot

Produce a point-in-time evidence bundle for an auditor:

curl https://your-host/api/v1/compliance/evidence-snapshot \
  -H "Authorization: Bearer <JWT>"

Tenant data rights (GDPR/CCPA)

MethodPathPurpose
GET/compliance/data-exportMachine-readable export of all tenant data
POST/compliance/account-deletionSchedule tenant offboarding — body { "confirm_email": "…" } (canManageBilling)

Audit retention

Control how long audit events are kept and when older entries are redacted:

MethodPathPurpose
GET/compliance/audit-retentionCurrent retention policy
PUT/compliance/audit-retentionSet { retention_days, redaction_after_days, enabled }

Retention is capped by your plan; the response reports both your requested and the effective values.

SIEM forwarding

Stream audit events to your SIEM (Splunk, Datadog, etc.). Requires a Business/Enterprise plan and canManageBilling.

MethodPathPurpose
GET/compliance/siem-destinationsList destinations (URLs masked)
POST/compliance/siem-destinationsAdd a destination { endpoint_url, signing_secret?, event_filter? }
PATCH/compliance/siem-destinations/{id}Update
DELETE/compliance/siem-destinations/{id}Remove
POST/compliance/siem-destinations/{id}/testSend a test event

See also: Audit log, Receipts, and the standards crosswalks in docs/REDACTION_COMPLIANCE.md and docs/SOC2_READINESS.md.

On this page