Framework
/api/v1/grc/frameworksA compliance framework being tracked (SOC 2, ISO, PCI).
listgetcreateupdateSchema
| Field | Type | Notes |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | frontend | backend | server | system | apiWhere the write originated. Defaults to 'api'. |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| slug | string | Stable human-readable slug for the framework. |
| name | string | Full display name of the framework. |
| version | string | Version or edition of the framework. |
| status | string | Lifecycle status of this framework record. |
| authority | json | Issuing regulatory body. |
| jurisdiction | json | ISO 3166-1 alpha-2 country codes where this framework applies. |
| industries | json | Industry sectors this framework targets. |
| effective_date | date-time | Date the framework came into force. |
| compliance_deadline | date-time | Deadline by which organizations must comply. |
| scope_and_applicability | json | Describes what is in scope for this framework. |
| exemptions_and_exceptions | json | Known exemptions or exceptions under this framework. |
| control_categories | json | Top-level control categories defined by this framework. |
| control_count | number | Cached count of controls under this framework. |
| risk_categories | json | Risk categories addressed by this framework. |
| risk_impact | string | Overall risk impact level associated with non-compliance. |
| assurance_level | string | Assurance level this framework provides when achieved. |
| related_framework_ids | json | IDs of related or overlapping frameworks. |
| derived_from_framework_id | string | ID of the parent framework this one is derived from. |
| penalties | json | Penalty or consequence structure for non-compliance. |
| reporting_requirements | json | Reporting obligations imposed by the framework. |
| certification | string | Certification or opinion type issued on compliance. |
| reference_docs | json | URLs or DOIs pointing to official framework documentation. |
| key_terms | json | Glossary of key terms defined by the framework. |
| tags | json | Free-form tags for filtering. |
API
client.grc.frameworks.*Loading manifest…