Control Catalog V0

Status

Implemented for OP-009. The compliance foundation now has a tenant-scoped starter catalog for SOC 2, HIPAA, and GLBA controls.

What Was Implemented

Postgres migration for global framework/control reference data and tenant-scoped control status with RLS.
25+ seeded starter controls across SOC 2, HIPAA, and GLBA.
FastAPI read endpoints for framework list, control list, and control detail.
Control detail includes tenant-safe linked evidence references.
Compliance evidence UI reads and displays the control catalog alongside the auditor-safe evidence chain.

Validation

make validate-contracts
make typecheck-python
make lint
make test-sqlite
make docs-build

Security / Tenant Isolation

Control definitions are global reference data. Tenant status and linked evidence references are tenant-scoped and protected by Postgres RLS. Read actions are audited by the API route layer.

Known Limitations

No policy forking runtime in this branch.
No visual policy editor, approval workflow, or bulk status management.
No export runtime.

Status​

What Was Implemented​

Validation​

Security / Tenant Isolation​

Known Limitations​

Status

What Was Implemented

Validation

Security / Tenant Isolation

Known Limitations