00 - Overview

Project Purpose

Comp AI is an open-source compliance automation platform licensed under AGPLv3. It helps startups and mid-size companies achieve and maintain compliance with frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. The platform automates evidence collection, policy generation, risk assessment, and vendor management through a combination of structured workflows and LLM-powered automation.

Target users: Security/compliance teams, CTOs, and GRC professionals at companies preparing for or maintaining compliance certifications.

Open-core model: The core platform is open-source. The hosted version at app.trycomp.ai adds managed infrastructure, integrations, and support.

Tech Stack Breakdown

Category	Technologies
Languages	TypeScript (throughout), SQL (Prisma migrations)
Runtime	Node.js 22 (production), Bun 1.2+ (development/build)
Frontend	Next.js 16, React 19, Tailwind CSS v4, Radix UI, TipTap
Backend	NestJS 11, Express, Prisma 6.18
Database	PostgreSQL 17
AI/ML	Vercel AI SDK, OpenAI (gpt-5, text-embedding-3-small), Anthropic, Groq
Vector DB	Upstash Vector
Cache	Upstash Redis
Auth	Better Auth (magic link, email OTP, OAuth, JWT, bearer)
Jobs	Trigger.dev v4
Email	Resend, React Email
Storage	AWS S3
Web Scraping	Firecrawl, Playwright, Browserbase
Analytics	PostHog, Vercel Analytics
Build	Turborepo, Bun, tsup, esbuild
Testing	Vitest, Jest, Playwright (E2E)
CI/CD	GitHub Actions, semantic-release, Husky, commitlint
Container	Docker multi-stage builds

Repository Structure

comp/
├── apps/
│   ├── app/                    # Next.js 16 — main SaaS frontend (port 3000)
│   ├── api/                    # NestJS 11 — REST API backend
│   └── portal/                 # Next.js 16 — employee/vendor trust portal (port 3002)
├── packages/
│   ├── db/                     # @trycompai/db — Prisma schema, client, migrations
│   ├── ui/                     # @trycompai/ui — shared React component library (Radix)
│   ├── email/                  # @trycompai/email — React Email templates + Resend
│   ├── kv/                     # @trycompai/kv — Upstash Redis wrapper
│   ├── analytics/              # @trycompai/analytics — PostHog client/server
│   ├── integration-platform/   # @comp/integration-platform — integration registry/runtime
│   ├── integrations/           # @trycompai/integrations — third-party connectors
│   ├── utils/                  # @trycompai/utils — shared utility functions
│   ├── tsconfig/               # @trycompai/tsconfig — shared TS configs
│   └── docs/                   # Documentation site content (MDX, OpenAPI spec)
├── Dockerfile                  # Multi-stage build (6 stages)
├── docker-compose.yml          # migrator, seeder, app, portal
├── turbo.json                  # Build pipeline and caching
├── package.json                # Root workspace config (Bun workspaces)
└── .github/workflows/          # CI/CD pipelines

Monorepo Workspace Layout

The project uses Bun workspaces with Turborepo for build orchestration:

{
  "workspaces": ["apps/*", "packages/*"]
}

Apps are deployable applications:

apps/app — The primary Next.js frontend for compliance management
apps/api — NestJS REST API consumed by the frontend and external API users
apps/portal — Next.js portal for employees/vendors to complete tasks, accept policies, and view training

Packages are shared libraries consumed by apps:

Published to npm: @trycompai/db, @trycompai/ui, @trycompai/email, @trycompai/kv, @trycompai/analytics, @trycompai/tsconfig
Workspace-only: @comp/integration-platform, @trycompai/integrations, @trycompai/utils

Key File Map

File	Responsibility
`apps/api/src/main.ts`	NestJS bootstrap: CORS, Helmet, validation, Swagger, versioning
`apps/api/src/app.module.ts`	Registers all 28 NestJS feature modules
`apps/api/src/auth/hybrid-auth.guard.ts`	Dual auth: API key + JWT/Better Auth
`apps/app/src/app/page.tsx`	Frontend root: session check, org redirect
`apps/app/src/app/layout.tsx`	Root layout: providers, analytics, fonts
`apps/app/src/app/api/chat/route.ts`	AI chat endpoint: GPT-5, streaming, tools
`apps/app/src/utils/auth.ts`	Better Auth config: OAuth, magic link, OTP, JWT
`apps/app/src/env.mjs`	T3 Env: type-safe environment validation
`apps/app/src/trigger/tasks/`	Trigger.dev background job definitions
`apps/app/src/trigger/lib/prompts.ts`	LLM prompt templates for policy generation
`apps/api/src/trigger/questionnaire/answer-question-helpers.ts`	RAG pipeline for questionnaire answering
`apps/api/src/vector-store/lib/core/generate-embedding.ts`	OpenAI embedding generation (single + batch)
`apps/app/src/trigger/lib/research.ts`	Firecrawl web scraping integration
`packages/db/prisma/schema/`	30 modular Prisma schema files
`packages/db/scripts/combine-schemas.js`	Combines schema files for distribution
`packages/integration-platform/src/registry/index.ts`	Integration registry singleton with validation
`turbo.json`	Build pipeline: task ordering, caching, env vars
`Dockerfile`	Multi-stage build: deps, migrator, app-builder, app, portal-builder, portal
`docker-compose.yml`	Local dev: migrator, seeder, app (3000), portal (3002)