Compliance
/api/v1/legal/complianceA legal compliance assessment against a framework.
listgetcreateupdatedeleteSchema
| Field | Type | Notes |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | frontend | backend | server | system | apiWhere the write originated. Defaults to 'api'. |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| title* | string | Compliance assessment title. |
| framework | enum | gdpr | hipaa | sox | pci_dss | iso_27001 | fedramp | otherCompliance framework. |
| status | enum | compliant | non_compliant | in_progress | not_assessedCompliance status. |
| assessed_at | date-time | ISO 8601 date the assessment was performed. |
| assessor_id | string | User ID of the assessor. |
| findings | string | Assessment findings. |
| remediation_plan | string | Plan to remediate findings. |
| next_review_date | date-time | ISO 8601 date of the next review. |
| control_id | string | Identifier of the compliance control (e.g. CC6.1). |
| description | string | Description of the control. |
| category | string | Control category (e.g. Access Control). |
| owner | string | User ID of the control owner. |
| evidence | json | Collected evidence supporting the control. |
| last_assessed_at | date-time | ISO 8601 date the control was last assessed. |
| next_review_at | date-time | ISO 8601 date of the next control review. |
| linked_asset_ids | json | IDs of assets linked to this control. |
API
Loading manifest…