Modern enterprise audits are increasingly complex. Security teams are often buried in fragmented documents, risk logs, and compliance policies — both internal and external. We asked ourselves: “What if there were a secure, intelligent assistant that could help prove compliance using structured reasoning, real documents, and live policy snapshots?”
Inspired by the Model Context Protocol (MCP) vision and the need for auditable GenAI, we built an agent that actually thinks like an auditor — filtering documents by role, integrating live compliance signals, and reasoning using LLMs.
Built a modular RAG agent using:
- FastAPI backend for clean APIs
- JWT + RBAC to enforce secure role-based document access
- MongoDB Atlas to store embedded documents and logs
- Wiz JSON to simulate internal security findings
- Bright Data MCP to fetch live policies (e.g. Cloudflare, GDPR)
- Amazon Bedrock (Mistral 7B) for structured audit reasoning
- Audit Logs stored in MongoDB Atlas for traceability
The core logic follows MCP principles:
- Context selection
- Role-aware access
- Modular prompt composition
- Secure, logged output
Built With
- bedrock
- fastapi
- jwt
- mcp
- mongodb
- rbac
- sentence-transformers
- wiz
Log in or sign up for Devpost to join the conversation.