grcorsair

grcorsair/corsair

Compliance trust shouldn't require emailing PDFs and hoping nobody tampered with them. Corsair signs compliance findings as verifiable digital certificates that anyone can check with a standard JWT library.

2 stars 0 forks 2 watchers TypeScript Apache License 2.0
bun compliance did-web ed25519 grc jwt scitt soc2 typescript verifiable-credentials
View on GitHub Website
1 Open Issue Need Help Last updated: Feb 14, 2026

Open Issues Need Help

View All on GitHub
feat: compliance.txt — compliance proof discovery at /.well-known/ about 2 months ago

AI Summary: This issue proposes the addition of a `compliance.txt` file at `/.well-known/compliance.txt` to enable the discovery of an organization's verifiable compliance proofs. This file will act as a central point for verifiers to find information about an organization's identity, active proofs (like CPOEs), transparency logs, and real-time signals, reducing the need for out-of-band coordination.

Complexity: 2/5
enhancement good first issue
grcorsair/corsair
2

Compliance trust shouldn't require emailing PDFs and hoping nobody tampered with them. Corsair signs compliance findings as verifiable digital certificates that anyone can check with a standard JWT library.

TypeScript
#bun#compliance#did-web#ed25519#grc#jwt#scitt#soc2#typescript#verifiable-credentials