Pretorin Developer & Agent Docs
Beta — Pretorin is currently in closed beta. Framework and control browsing works for authenticated users. Platform write features (evidence, narratives, monitoring) require a beta code. Sign up for early access.
Pretorin gives developers and AI agents direct access to compliance data, implementation context, and evidence workflows. The primary surfaces are the CLI, the MCP server, and skill-driven agent workflows. It supports 30+ compliance frameworks and profiles, including NIST 800-53, NIST 800-171, FedRAMP, and CMMC.
The CLI and MCP tooling in this repository are open source under Apache-2.0. Access to Pretorin-hosted platform services, APIs, and account-scoped data is authenticated and governed separately by the applicable platform terms.
Start Here
Choose the path that matches how you work:
- CLI-first — Use the Pretorin CLI directly for framework browsing, evidence workflows, reviews, scans, and agent execution.
- AI-agent-first — Connect
pretorin mcp-serveto Claude Code, Codex CLI, Cursor, or another MCP-compatible tool. - Hosted agent runtime — Use
pretorin agent runwhen you want Pretorin-managed model execution with built-in skills.
Start with Installation, Authentication, and Quick Start if this is your first time here.
Core Paths
Pretorin is usually used in one of these modes:
-
Pretorin-hosted model mode — Run
pretorin agent runto route model calls through Pretorin’s/v1endpoints. Pretorin manages the AI runtime. -
Bring-your-own-agent mode — Run
pretorin mcp-serveand connect the MCP server to your existing AI tool (Claude Code, Codex CLI, Cursor, Windsurf, etc.). Your agent gets compliance tools without changing your workflow. -
Direct CLI mode — Use
pretorinsubcommands directly for browsing frameworks, managing context, authoring evidence, updating narratives, and running scans.
What You Can Do
- Browse compliance frameworks — Query controls, families, and document requirements from authoritative sources
- Manage implementation context — Set an active system and framework, then track progress across controls
- Create and manage evidence — Generate local evidence files, push them to the platform, and link them to controls
- Write implementation narratives — Draft and push auditor-ready narratives for each control
- Run AI-powered compliance tasks — Use the built-in Codex agent for gap analysis, narrative generation, evidence collection, and security review
- Review code against controls — Analyze your codebase for control coverage
- Track monitoring events — Record security scans, access reviews, configuration changes, and compliance checks
- Generate compliance artifacts — Produce structured JSON artifacts documenting control implementations
- Browse STIGs and CCIs — Look up STIG benchmarks, rules, and trace CCIs through the full control hierarchy
- Manage vendors — Track third-party vendors, link evidence to vendor assessments, and upload vendor documents
- Complete policy and scope questionnaires — Answer org-policy and scope questions through a guided workflow with AI-assisted generation and review
Recommended Sections
- Quick Start for first commands and setup
- MCP Integration for Claude, Codex, Cursor, and other agent tools
- Agent Overview for Pretorin-hosted runtime usage
- CLI Reference for command-level detail
- Workflows for end-to-end compliance tasks
Architecture
┌─────────────────────────────────────────────┐
│ Developer │
│ │
│ ┌──────────┐ ┌──────────────────┐ │
│ │ CLI │ │ AI Agent │ │
│ │ pretorin │ │ (Claude, Codex, │ │
│ │ commands │ │ Cursor, etc.) │ │
│ └────┬─────┘ └────────┬─────────┘ │
│ │ │ │
│ │ ┌────────┴─────────┐ │
│ │ │ MCP Server │ │
│ │ │ pretorin │ │
│ │ │ mcp-serve │ │
│ │ └────────┬─────────┘ │
│ │ │ │
│ └───────────┬───────────┘ │
│ │ │
│ ┌────────┴─────────┐ │
│ │ Pretorin API │ │
│ │ Client │ │
│ └────────┬─────────┘ │
└────────────────────┼─────────────────────────┘
│
┌────────┴─────────┐
│ Pretorin │
│ Platform │
└──────────────────┘