Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Service Description

This page describes what Pretorin is, the data it processes, the split of responsibilities between Pretorin and you, and how to get support or report a security concern. For a feature-level tour, see the Introduction.

Beta — Pretorin is currently in closed beta. Framework and control browsing works for authenticated users. Platform write features (evidence, narratives, monitoring) require a beta code. Sign up for early access.

What Pretorin Is

Pretorin is an AI-assisted compliance platform. It gives developers and AI agents direct access to compliance framework data, implementation context, and evidence workflows across 30+ frameworks and profiles (NIST 800-53, NIST 800-171, FedRAMP, CMMC, and more). The primary surfaces are the Pretorin CLI, the MCP server, and skill-driven agent workflows, all backed by the hosted Pretorin platform API.

Intended users are compliance and security engineers, GRC teams, and the AI agents they operate on their behalf. See What You Can Do for the full capability list.

Types of Data Processed

Pretorin handles the following categories of data. Sensitivity is a general guide; treat all account-scoped data as confidential to your organization.

Data categoryDescriptionSensitivity
Compliance framework dataControl catalogs, baselines, crosswalks, and AI guidance for supported frameworks. Not customer-specific.Public / reference
Uploaded evidence filesFiles you upload as evidence for controls (documents, screenshots, exports, scan output).Customer-confidential
Implementation narrativesControl implementation text you draft, generate, or push.Customer-confidential
Vendor documents & assessmentsThird-party vendor documents and assessment records you upload or manage.Customer-confidential
System & scope metadataSystem descriptions, asset inventory, scope and policy questionnaire answers.Customer-confidential
Account & authentication dataAPI tokens, user identity, and session data used to authenticate to the platform.Sensitive

Account-scoped data is authenticated and governed by the applicable platform terms in addition to the open-source license for the CLI and MCP code in this repository. The CLI and the MCP server are thin wrappers over the platform API — in bring-your-own-agent mode (pretorin mcp-serve), no LLM runs inside Pretorin; your local agent performs the reasoning. See Architecture.

Shared Responsibilities

Compliance outcomes depend on both Pretorin and you. This is a summary of the split; it is not a substitute for the applicable platform terms and account agreements.

Pretorin is responsible for:

  • Operating and maintaining the hosted platform, API, and CLI/MCP tooling.
  • Storing your account-scoped data and controlling access to it via authentication.
  • Serving accurate compliance framework reference data and keeping it current.

You are responsible for:

  • The accuracy and completeness of evidence, narratives, and other data you upload or generate.
  • Managing your own API tokens and user access, including who in your organization can act on your account.
  • Reviewing and approving AI-generated output (narratives, gap analyses, and compliance artifacts) before relying on it for an audit or authorization decision.
  • Determining whether a given framework, baseline, or control interpretation is appropriate for your system and obligations.

Support and Reporting a Concern

General support and questions — email support@pretorin.com. For bugs and feature requests in the CLI or MCP tooling, use the GitHub issue tracker.

Reporting a security concern — if you believe you have found a security vulnerability or have a security concern about the platform, email support@pretorin.com with the details. Please do not disclose a suspected vulnerability publicly (including in a GitHub issue) until it has been reviewed and addressed.