Architecture¶
Opencomplai is a monorepo with three deployment modes: local-only (CLI + SDK), service-backed (CLI gateway API), and full Docker Compose stack.
Components¶
| Component | Kind | Language | Responsibility |
|---|---|---|---|
opencomplai-core | Python package | Python 3.11, Pydantic v2 | Rule engine — deterministic risk assessment, no HTTP. |
opencomplai-cli | Python package | Python 3.11, Typer, Rich | CLI tool — init, check, risk classify, validate-manifest, docs generate, sync metadata, dashboard. |
opencomplai (SDK) | Python package | Python 3.11 | Stable pip-installable surface wrapping core. |
gateway-api | Service | Node.js 20, TypeScript, Fastify | REST API gateway — request validation, routing to backend services. |
risk-engine | Service | Python, FastAPI | Risk classification as a service. |
evidence-vault | Service | Python, FastAPI, PostgreSQL | Append-only Merkle ledger + content-addressed evidence storage. |
doc-generator | Service | Python, FastAPI | Annex IV compliance dossier generation. |
egress-proxy | Service | Python, FastAPI | Allowlisted outbound traffic enforcer (REQ-ARC-001). |
Two execution modes¶
Local mode (no Docker required)¶
Text Only
Developer machine
│
└── opencomplai check
│
├── Reads system-manifest.json
├── Calls opencomplai-core engine (in-process)
├── Produces RiskResult
└── Writes compliance-artifact.json
This is the default. No services, no network.
Service-backed mode (OPENCOMPLAI_API_URL set)¶
Text Only
Developer machine / CI runner
│
└── opencomplai check
│
└── HTTP gateway-api :8080
│
┌───────┼───────────┐
▼ ▼ ▼
risk- evidence- doc-
engine vault generator
:8001 :8002 :8003
│ │
└───────┘
egress-proxy :8004
(allowlist enforcement)
Deployment stack¶
See Architecture: System Design and Deployment Quickstart.
Sections¶
- System Design — service interactions and the 10-step scan workflow.
- Data Model — Pydantic models that form the shared data contract.