Compliance agent quickstart
Diligio Compliance is done by an agent and certified by a human. This page gets the agent part running in minutes, for people and for the agents themselves: use the built-in Diligio agent with one click, or connect your own over MCP or REST and hand it the instructions below.
Two ways to start
| Built-in Diligio agent | Bring your own agent | |
|---|---|---|
| Setup | None. It is part of the product. | Mint a token, point your agent at our MCP or REST endpoint. |
| Runs on | Diligio’s models, inside your normal AI fair-use allowance. | Your models and your tokens; Diligio only retrieves and persists. |
| Best for | Getting value on day one, no agent infrastructure. | Deep automation, your own tooling, and zero-custody operation. |
| Certification | A human certifies everything it stages. | A human certifies everything it stages. |
They are not exclusive: many teams click Run on day one and connect their own agent later. Both are included in the standard price.
Fastest: the built-in Diligio agent
- Open Compliance in your dashboard. Admins see the Diligio agent panel under the attention queue.
- Click Run agent. One bounded run executes: it fills cross-mapped frameworks from what you already certified, proposes statuses only where linked evidence backs them, and drafts remediation for gaps without a plan.
- Review the inline report, then certify the staged proposals in the framework review panel. Nothing changes your attested posture until you do.
Bring your own agent, in five steps
- 1. Ask us to enable agent access for your workspace (it is off by default). Email support@diligio.co.
- 2. Opt in and mint a token in your profile's AI agent access card. Pick the full level if the agent should write; the token can never exceed your own role.
- 3. Connect. MCP endpoint
https://www.diligio.co/api/mcpwith the token as a bearer header, or plain REST at/api/agent/v1. Full details in the BYO-agent guide. - 4. Hand your agent the instructions below. They encode the working loop, the conservatism rules, and the zero-custody protocol.
- 5. Let it work, then certify. Its proposals arrive in the same review panel, flagged agent-authored, with the evidence cited.
{
"mcpServers": {
"diligio": {
"url": "https://www.diligio.co/api/mcp",
"headers": { "Authorization": "Bearer dgo_agent_..." }
}
}
}Drop-in instructions for your agent
Paste this into your agent's standing instructions: a Claude Desktop project, an Agent SDK system prompt, or the equivalent in any MCP-capable client. It is the same playbook the built-in Diligio agent follows.
You are working a compliance programme on Diligio (ISO 27001, SOC 2 and other frameworks) through its agent tools. Work carefully; a human certifies everything you stage.
THE LOOP
1. Start every session with grc_next_actions. It returns the prioritised worklist; each item names the tool to call next. Work items in priority order.
2. Before working a control, call grc_evidence_recipe for it (one control per call, budgeted per day). It tells you what proof the control needs, how fresh it must be, and the zero-custody route.
3. Reuse before creating: check grc_list_evidence before adding evidence, and grc_list_proposals before proposing.
4. Batch your writes: stage statuses with grc_propose_many (up to 200 per call), each citing its evidence_ids. Use grc_fill_mapped to stage untouched controls whose cross-framework mapping is already certified.
5. Create remediation items (grc_create_remediation) for gaps you cannot evidence yet, with a concrete title, description and due date.
RULES
- Propose only what the evidence in front of you demonstrates. If evidence is thin or stale, say so in the note and skip or propose a weaker status (planned/partial).
- Never propose not_applicable; exclusions need a human justification.
- Never certify unless the tenant has explicitly delegated certification to you; check grc_next_actions guidance on the proposals item.
- Cite evidence on every proposal. An uncited proposal wastes the reviewer's time.
- Respect budgets and caps in tool errors; do not retry past them.
ZERO-CUSTODY MODE (if the workspace has custody mode on)
- Your credentials never go to Diligio. Run checks on the client's own infrastructure and push verdicts with grc_record_check_runs against the credential-less connector.
- Register artifacts by hash: compute the file's SHA-256 locally and pass it as content_hash to grc_add_evidence; the file itself stays put. Verify later with grc_verify_evidence_anchor.
- Export the signed posture with grc_export and prove it with grc_verify_export when preparing for an audit.Run everything zero-custody
In zero-custody mode Diligio never holds credentials to your systems: your agent (or a plain script) runs the checks on your infrastructure and pushes results. The whole loop is public API; here it is end to end over REST. Discover the check keys for your connector kind with grc_get_connector, and what each control needs with grc_evidence_recipe.
BASE=https://www.diligio.co; TOKEN=dgo_agent_...
dgo() { curl -s -X POST "$BASE/api/agent/v1/tools/$1" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$2"; }
# 1. What should I do today? (one read, prioritised, tool-annotated)
dgo grc_next_actions '{}'
# 2. What does this control need? (per-control recipe, budgeted)
dgo grc_evidence_recipe '{"framework":"iso27001","control_key":"A.8.15"}'
# 3. Capture the artifact ON YOUR infrastructure, then register its hash.
# The file never travels; Diligio anchors and signs the SHA-256.
HASH=$(shasum -a 256 logging-config.json | cut -d' ' -f1)
dgo grc_add_evidence '{"framework":"iso27001","control_key":"A.8.15",
"title":"Centralised logging config","type":"config","content_hash":"'$HASH'"}'
# 4. Run your checks yourself and push the verdicts (self-attested, append-only).
dgo grc_record_check_runs '{"connector_id":"<id>","runs":[
{"check_key":"aws_rds_encryption","status":"pass","resource":"db-prod-1"}]}'
# 5. Propose statuses citing the evidence; a human certifies the diff.
dgo grc_propose_many '{"proposals":[{"framework":"iso27001","control_key":"A.8.15",
"status":"implemented","note":"Centralised logging live; config hash-anchored.",
"evidence_ids":["<evidence id>"]}]}'
# 6. Prove integrity any time later.
dgo grc_verify_evidence_anchor '{"evidence_id":"<id>","content_hash":"'$HASH'"}'
dgo grc_export '{"framework":"iso27001","format":"json"}' # digest-signed
Verdicts pushed this way land stamped self-attested, hash-anchored evidence is tamper-evident, the audit log is hash-chained, and exports carry a verifiable signature: your auditor can see exactly who did what, and prove nothing changed after the fact.
What no agent can do
- Certify posture (unless your workspace explicitly delegates it, with a status allow-list and a daily cap). The certify gate is the product's integrity spine.
- Publish the Trust Center, decide trust-access requests, or mint auditor share links. Outward-facing acts stay human.
- Read or store connector credentials. In zero-custody mode there are none to read.
- Outlive its human. Tokens resolve the owner's live role on every call; offboarding or demotion narrows or kills them instantly.