What It Is#
GRCLanker is a collection of spec-driven templates for building compliance automation tools. Each spec describes a vendor’s APIs, authentication flows, security controls, and framework mappings in enough detail that an AI coding agent can generate a working Go CLI from it. No vendor lock-in, no SaaS platform, just markdown files that produce real tools.
How It Works#
You grab a spec file from the catalog, feed it to your AI coding agent, and it generates a working Go CLI that audits a vendor’s security configuration against compliance frameworks.
- spec.md files — structured blueprints describing vendor APIs, authentication, data models, CLI commands, and output formats
- Framework mappings — each spec maps controls to FedRAMP, CMMC, SOC 2, CIS, PCI-DSS, and STIG
- Agent-agnostic — works with Claude Code, Codex, Gemini CLI, Cursor, Copilot, Aider, or any agent that reads markdown
- Companion CLI —
@grclanker/companionprovides interactive workflows for investigation, auditing, and posture assessment
Vendor Coverage#
30+ specs across major platforms:
| Category | Vendors |
|---|---|
| Cloud Infrastructure | AWS, Azure, GCP, Oracle OCI, Snowflake |
| Identity & Access | Cisco Duo, Google Workspace |
| Security & Network | CrowdStrike, Palo Alto, Zscaler, Cloudflare |
| Vuln & AppSec | Qualys, Tenable, Veracode, KnowBe4 |
| Monitoring & Observability | Splunk, Datadog, New Relic, Sumo Logic, Elastic |
| SaaS & Collaboration | Salesforce, ServiceNow, Slack, Zoom, Webex, Zendesk, Box |
| DevOps & Developer | GitHub, PagerDuty, LaunchDarkly, MuleSoft |
Stack#
- Site: Astro 6.x + Tailwind CSS 4 (dark terminal aesthetic, Catppuccin Frappe theme)
- Specs: Markdown (
spec.mdformat) - Generated tools: Go
- Companion CLI: Node.js + TypeScript
Journey#
Monaco Editor & Branding
Apr 2026
Added Monaco code editor with Catppuccin Frappe theme for inline spec viewing. Added "by hackIDLE" attribution to the nav. Tightened catalog layout and simplified spec page chrome.Initial Release
Mar 29, 2026
Launched grclanker.com with 31 GRC compliance automation specs across 7 vendor categories. Built on Astro 6 + Tailwind CSS 4 with a retro cockpit/terminal aesthetic. Agent-agnostic design, works with Claude Code, Codex, Gemini, Cursor, and others.The Cockpit
Design Inspiration
The early website designs leaned hard into a cockpit-style interface, and that wasn’t accidental. Gundam was part of the inspiration: the idea of sitting in a command seat, scanning telemetry, and making calls on complex systems. GRCLanker’s terminal aesthetic started there.
The Gist
Mar 27, 2026
Frustrated by the lack of transparency in security compliance tooling, drafted a GitHub Gist laying out compliance automation specs for 34 FedRAMP Marketplace services. The idea: no agents to install, no SaaS platform to buy, just Go CLIs that tell you where you stand. This became the seed for GRCLanker.The Frustration
Mid 2025
Why are we taking a million screenshots when we can just programmatically pull this information? FedRAMP 20x was taking shape and the gap between what compliance tooling could do and what it should do was impossible to ignore. This became the talk GRC Engineering in the Cloud at BSides Orlando, and eventually the specs that became GRCLanker.The Real Origin
~1998
Before there were specs, before there were APIs, there was JumpStart Adventures 3rd Grade: Mystery Mountain. Polly Spark built robots to change history, and you had to investigate clues, solve puzzles, and figure out what went wrong. GRCLanker is the same energy: something is misconfigured, here are the clues, go fix it.
What’s Next#
- TBD
