Builders·Framework API v2.0·CC BY 4.0·No auth required

The framework is open.
Build on it.

50 engineering protocols, machine-readable, free to query. Build governance checks into your agents, pipelines, and platforms. One GET request. No auth. No rate limits.

GET/api/framework/protocols

What builders use it for

Agent pre-flight checks

Query the framework before an agent ships code. Does the repo have branch protection? Are ADRs in place? Pull the protocol definition and score signal before the PR opens.

⛓️
CI/CD gate

Gate deployments on governance scores. Pull protocol definitions into your pipeline, map them to your controls, fail the build if Bastion-critical standards are below threshold.

🛡️
GRC enrichment

Enrich your compliance platform with engineering-layer evidence. Map Concordance protocols to SOC 2 controls, ISO 27001, NIST SSDF. Live scores, not questionnaires.

📡
Internal dashboards

Pull org-level governance scores into your engineering metrics platform. Combine with DORA, velocity, and incident data for the full picture.

Quick start

curl -s https://getconcordance.com/api/framework/protocols | jq '.protocols[:3]'

Response schema

application/json200 OK
{
  "protocols": [
    {
      "id": "3.1",
      "name": "Branch Protection",
      "phase": "Development",
      "dataSource": "scm",
      "aiRelevant": true
    },
    {
      "id": "3.9",
      "name": "Secrets Management",
      "phase": "Development",
      "dataSource": "scm",
      "aiRelevant": true
    },
    {
      "id": "4.1",
      "name": "CI Pipeline Exists",
      "phase": "Testing",
      "dataSource": "scm",
      "aiRelevant": true
    }
    // ... 47 more protocols
  ],
  "total": 50,
  "license": "CC BY 4.0",
  "version": "2.0"
}
idstringProtocol identifier. First digit = stage (1=Requirements through 6=Operations).
namestringHuman-readable protocol name.
phasestringstage. One of: Requirements, Design, Development, Testing, Release, Operations.
dataSourcestringSignal source. One of: scm, tracker, scm+tracker.
aiRelevantboolean?True on the 10 protocols where AI integration materially increases risk. Sentinel activation standards.
50
Protocols
6
stages
10
Sentinel
5
Maturity levels
⚖️
Creative Commons BY 4.0

The Concordance Framework is open. Use it, extend it, build on it. Commercial products, open-source tools, research, compliance platforms. Attribution required: cite "Concordance Framework, Concordance Labs LLC" and link to getconcordance.com/framework.

On the roadmap

Enterprise API
COMING

Authenticated access to your org's live scores, evidence, and trends. Scoped to your teams, queryable by standard, exportable to your GRC platform or SIEM.

Trigger scans programmatically
Pull org-level scores and evidence
Gate CI/CD on governance thresholds
Webhook alerts on degradation
Request access
MCP Server
COMING

Native MCP server so Claude Code, Cursor, and other agents can query governance protocols directly before opening a PR.

"Does this change meet the branch protection standard?"
→ Scored answer from live repository signals
Request access

Run the full assessment.

Free for one team. All 50 protocols. Live signals from your actual toolchain.

Get Started FreeBrowse the Framework
Concordance Labs LLC · © 2026
FrameworkMethodologyPricingAPI ↗