Resources
QuickstartCompliance

Compliance agent quickstart

Diligio Compliance is done by an agent and certified by a human. This page gets the agent part running in minutes, for people and for the agents themselves: use the built-in Diligio agent with one click, or connect your own over MCP or REST and hand it the instructions below.

Two ways to start

Built-in Diligio agentBring your own agent
SetupNone. It is part of the product.Mint a token, point your agent at our MCP or REST endpoint.
Runs onDiligio’s models, inside your normal AI fair-use allowance.Your models and your tokens; Diligio only retrieves and persists.
Best forGetting value on day one, no agent infrastructure.Deep automation, your own tooling, and zero-custody operation.
CertificationA human certifies everything it stages.A human certifies everything it stages.

They are not exclusive: many teams click Run on day one and connect their own agent later. Both are included in the standard price.

Fastest: the built-in Diligio agent

  • Open Compliance in your dashboard. Admins see the Diligio agent panel under the attention queue.
  • Click Run agent. One bounded run executes: it fills cross-mapped frameworks from what you already certified, proposes statuses only where linked evidence backs them, and drafts remediation for gaps without a plan.
  • Review the inline report, then certify the staged proposals in the framework review panel. Nothing changes your attested posture until you do.
On demand, on your allowance
The agent runs only when you click, and its model calls count against your workspace's normal AI fair-use allowance. If the workspace hits the allowance, the run stops cleanly and reports it.

Bring your own agent, in five steps

  • 1. Ask us to enable agent access for your workspace (it is off by default). Email support@diligio.co.
  • 2. Opt in and mint a token in your profile's AI agent access card. Pick the full level if the agent should write; the token can never exceed your own role.
  • 3. Connect. MCP endpoint https://www.diligio.co/api/mcp with the token as a bearer header, or plain REST at /api/agent/v1. Full details in the BYO-agent guide.
  • 4. Hand your agent the instructions below. They encode the working loop, the conservatism rules, and the zero-custody protocol.
  • 5. Let it work, then certify. Its proposals arrive in the same review panel, flagged agent-authored, with the evidence cited.
Claude Desktop: claude_desktop_config.jsonjson
{
  "mcpServers": {
    "diligio": {
      "url": "https://www.diligio.co/api/mcp",
      "headers": { "Authorization": "Bearer dgo_agent_..." }
    }
  }
}

Drop-in instructions for your agent

Paste this into your agent's standing instructions: a Claude Desktop project, an Agent SDK system prompt, or the equivalent in any MCP-capable client. It is the same playbook the built-in Diligio agent follows.

Agent instructions: copy everything belowtext
You are working a compliance programme on Diligio (ISO 27001, SOC 2 and other frameworks) through its agent tools. Work carefully; a human certifies everything you stage.

THE LOOP
1. Start every session with grc_next_actions. It returns the prioritised worklist; each item names the tool to call next. Work items in priority order.
2. Before working a control, call grc_evidence_recipe for it (one control per call, budgeted per day). It tells you what proof the control needs, how fresh it must be, and the zero-custody route.
3. Reuse before creating: check grc_list_evidence before adding evidence, and grc_list_proposals before proposing.
4. Batch your writes: stage statuses with grc_propose_many (up to 200 per call), each citing its evidence_ids. Use grc_fill_mapped to stage untouched controls whose cross-framework mapping is already certified.
5. Create remediation items (grc_create_remediation) for gaps you cannot evidence yet, with a concrete title, description and due date.

RULES
- Propose only what the evidence in front of you demonstrates. If evidence is thin or stale, say so in the note and skip or propose a weaker status (planned/partial).
- Never propose not_applicable; exclusions need a human justification.
- Never certify unless the tenant has explicitly delegated certification to you; check grc_next_actions guidance on the proposals item.
- Cite evidence on every proposal. An uncited proposal wastes the reviewer's time.
- Respect budgets and caps in tool errors; do not retry past them.

ZERO-CUSTODY MODE (if the workspace has custody mode on)
- Your credentials never go to Diligio. Run checks on the client's own infrastructure and push verdicts with grc_record_check_runs against the credential-less connector.
- Register artifacts by hash: compute the file's SHA-256 locally and pass it as content_hash to grc_add_evidence; the file itself stays put. Verify later with grc_verify_evidence_anchor.
- Export the signed posture with grc_export and prove it with grc_verify_export when preparing for an audit.

Run everything zero-custody

In zero-custody mode Diligio never holds credentials to your systems: your agent (or a plain script) runs the checks on your infrastructure and pushes results. The whole loop is public API; here it is end to end over REST. Discover the check keys for your connector kind with grc_get_connector, and what each control needs with grc_evidence_recipe.

The zero-custody loopbash
BASE=https://www.diligio.co; TOKEN=dgo_agent_...
dgo() { curl -s -X POST "$BASE/api/agent/v1/tools/$1" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$2"; }

# 1. What should I do today? (one read, prioritised, tool-annotated)
dgo grc_next_actions '{}'

# 2. What does this control need? (per-control recipe, budgeted)
dgo grc_evidence_recipe '{"framework":"iso27001","control_key":"A.8.15"}'

# 3. Capture the artifact ON YOUR infrastructure, then register its hash.
#    The file never travels; Diligio anchors and signs the SHA-256.
HASH=$(shasum -a 256 logging-config.json | cut -d' ' -f1)
dgo grc_add_evidence '{"framework":"iso27001","control_key":"A.8.15",
  "title":"Centralised logging config","type":"config","content_hash":"'$HASH'"}'

# 4. Run your checks yourself and push the verdicts (self-attested, append-only).
dgo grc_record_check_runs '{"connector_id":"<id>","runs":[
  {"check_key":"aws_rds_encryption","status":"pass","resource":"db-prod-1"}]}'

# 5. Propose statuses citing the evidence; a human certifies the diff.
dgo grc_propose_many '{"proposals":[{"framework":"iso27001","control_key":"A.8.15",
  "status":"implemented","note":"Centralised logging live; config hash-anchored.",
  "evidence_ids":["<evidence id>"]}]}'

# 6. Prove integrity any time later.
dgo grc_verify_evidence_anchor '{"evidence_id":"<id>","content_hash":"'$HASH'"}'
dgo grc_export '{"framework":"iso27001","format":"json"}'   # digest-signed

Verdicts pushed this way land stamped self-attested, hash-anchored evidence is tamper-evident, the audit log is hash-chained, and exports carry a verifiable signature: your auditor can see exactly who did what, and prove nothing changed after the fact.

What no agent can do

  • Certify posture (unless your workspace explicitly delegates it, with a status allow-list and a daily cap). The certify gate is the product's integrity spine.
  • Publish the Trust Center, decide trust-access requests, or mint auditor share links. Outward-facing acts stay human.
  • Read or store connector credentials. In zero-custody mode there are none to read.
  • Outlive its human. Tokens resolve the owner's live role on every call; offboarding or demotion narrows or kills them instantly.