Adraca TDD Engine v2.3

Production-hardened AI Security Auditor for B2B Technical Due Diligence.

Overview

The Adraca TDD Engine is a deterministic security auditing system that maps technical vulnerabilities to high-level business risks (GDPR, SOC2, ISO 27001).

Key Features

• Deterministic Scanning: Real-world SAST (Semgrep) and Secret Detection (Trufflehog).
• Unbreakable Handshake: Logic-gated pipeline ensures synthesis only occurs on valid scan data.
• B2B Risk Synthesis: High-output compliance mapping using adraca-prime (Claude 3.5 Sonnet) or qwen-max.
• ARM64 Native: Optimized for Oracle Cloud Ampere A1 infrastructure.
• Security Hardened: Non-root execution and memory-resilient orchestration.

Quick Start

1. Configure .env with ALICLOUD_API_KEY or AWS Bedrock credentials.
2. Deploy via Docker Compose:

   docker-compose up -d --build

3. Run an audit:

   curl -X POST "http://localhost:8000/run-audit" \
        -H "Content-Type: application/json" \
        -d '{"repo_url": "https://github.com/your-org/your-repo"}'

Compliance Coverage

• GDPR Article 32: Security of processing.
• SOC2 CC7.1: System Monitoring & Protection.
• ISO 27001: Secure development and information labeling.

---

© 2026 Adraca AI. All Rights Reserved.