- TypeScript 90.1%
- Python 7%
- JavaScript 1.5%
- HTML 0.7%
- CSS 0.3%
- Other 0.3%
|
|
||
|---|---|---|
| .claude | ||
| .cursor/commands | ||
| .github | ||
| agents | ||
| AIGateway | ||
| BackendDocs | ||
| Clients | ||
| CodeRules | ||
| docs | ||
| EvalServer | ||
| EvaluationModule | ||
| GRSModule | ||
| kubernetes | ||
| scripts | ||
| Servers | ||
| shared/user-guide-content | ||
| .dockerignore | ||
| .env.dev | ||
| .env.prod | ||
| .gitignore | ||
| CHANGE_HISTORY_IMPLEMENTATION_GUIDE.md | ||
| checksums.sha256 | ||
| CLAUDE.md | ||
| Clean_Architecture.md | ||
| docker-compose.override.yml | ||
| docker-compose.prod.yml | ||
| docker-compose.yml | ||
| entity-tips-content.md | ||
| install.sh | ||
| ISSUE_DEADLINE_WARNING_SYSTEM.md | ||
| LICENSE.md | ||
| LICENSING-FAQ.md | ||
| mlflow_integration.md | ||
| MODEL_SECURITY_SCANNING_PLAN.md | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| SECURITY.md | ||
| start.sh | ||
| version.json | ||
VerifyWise is a source available AI governance platform designed to help businesses use the power of AI safely and responsibly. Our platform ensures compliance and robust AI management without compromising on security.
We are democratizing AI best practices with a solution that can be hosted on-premises, giving you complete control over your AI governance.
Quick links
- Join our Discord channel to ask your questions and get the latest announcemnets.
- Need to talk to someone? Get with us to see the latest demo, or click here to experience the demo yourself.
- Read our documentation to understand features and capabilities
Screenshots
| The main dashboard | LLM Evals |
|---|---|
| EU AI Act project view | AI Use case risks |
|---|---|
| AI Risk management | AI Model inventory |
|---|---|
| AI Model risks | AI Policy manager and policy templates |
|---|---|
| AI vendors and vendor risks | AI Incident management (with filter example) |
|---|---|
| AI Trust Center | Automations |
|---|---|
| Reporting | |
|---|---|
Features
- Option to host the application on-premises or in a private cloud
- Source available license (BSL 1.1). Dual licensing is also available for enterprises
- Faster audits using AI-generated answers for compliance and assessment questions
- Full access to the source code for transparency, security audits, and customization
- Docker and Kubernetes deployment (also deployable on render.com and similar platforms)
- User registration, authentication, and role-based access control (RBAC) support
- Major features:
- Support for EU AI Act, ISO 42001, NIST AI RMF and ISO 27001
- Dashboard: executive view & operating view
- Vendors & vendor risks
- AI use cases and risks
- Global tasks with timeline view
- Complete LLM Evals and LLM Arena
- Evidence center with folder structure
- AI trust center for public view
- AI literacy training registery
- AI Advisor, AI-powered chat interface providing governance recommendations
- AI Detection Module, which scans code repositories to identify AI-generated content.
- Shadow AI detection and risk management
- AI agent discovery
- Activity history for each entity
- Integration with MIT and IBM AI risk repository
- Model inventory and model risks that keeps a list of models used and risks
- Policy manager to create and manage internal company AI policies
- Risk and control mappings for EU AI Act, ISO 42001, NIST AI RMF and ISO 27001
- CE Marking registry
- Dataset registry
- Desktop notifications
- Approval workflows & approval requests
- Detailed reports with PDF and DOCX export
- Event logs (audits) for enterprise organizations
- AI incident management
- Plugins support with more than 15+ plugins (and counting)
- Automations (when an entity changes, do this, or send period reports, or send webhooks)
- Google OAuth2 and Entra ID (enterprise edition) support for authentication
Installation
The VerifyWise application has two components: a frontend built with React.js and a backend built with Node.js. At present, you can use npm (for development) or Docker/Kubernetes (production) to run VerifyWise. A PostgreSQL database is required.
Installation using npm (for development)
Prerequisites:
- npm and Docker
- Python 3.12+ (for EvalServer)
- A running PostgreSQL, preferably as a Docker image (eg. using
docker pull postgres:latest) - Available ports: 5173 (frontend), 3000 (backend), 5432 (database), 6379 (Redis), 8000 (EvalServer)
Step 1: Clone, install dependencies, and set up databases
First, clone the repository to your local machine and go to verifywise directory. Then, navigate to the Clients directory and install the dependencies:
git clone https://github.com/bluewave-labs/verifywise.git
cd verifywise
cd Clients
npm install
cd ../Servers
npm install
Go to the root directory and copy the contents of .env.dev to the .env file. For security, you must set a strong and unpredictable JWT_SECRET in your .env file. This secret is used to sign and verify your JWT tokens, so it must be kept private and cryptographically secure. You can generate a 256-bit base64-encoded secret using openssl rand -base64 32.
cd ..
cp .env.dev Servers/.env
In .env file, change FRONTEND_URL and set your super admin credentials:
FRONTEND_URL=http://localhost:5173
SUPERADMIN_EMAIL=admin@verifywise.com
SUPERADMIN_PASSWORD=ChangeMe!Str0ng
Important: Change SUPERADMIN_PASSWORD to a strong password (minimum 8 characters). These credentials are used to create the initial super admin account on first setup.
Note: CORS is automatically configured to allow requests from the same host (localhost, 127.0.0.1) where the backend is running.
Run the PostgreSQL container with the following command:
docker run -d --name mypostgres -p 5432:5432 -e POSTGRES_PASSWORD={env variable password} postgres
Run redis with following command:
docker run -d --name myredis -p 6379:6379 redis
Access the PostgreSQL container and create the verifywise database:
docker exec -it mypostgres psql -U postgres
CREATE DATABASE verifywise;
Step 2: Set up EvalServer (for LLM evaluations)
EvalServer is a Python-based service that handles LLM evaluations. If you want to use the evaluation features, follow these steps:
cd EvalServer
python3.12 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
Set up the environment file. You can copy the minimal .env.example file in the EvalServer directory:
cp .env.example .env
Step 3: Start the application
Navigate to the EvalServer/src directory, activate the virtual environment (if not already activated), and start the server:
cd EvalServer/src
source ../venv/bin/activate
python app.py
Navigate to the Servers directory and start the server in watch mode:
cd Servers
npm run watch
Navigate to the Clients directory and start the client in development mode:
cd Clients
npm run dev
Note: Make sure to replace {env variable password} with the actual password from your environment variables.
Note: On a fresh setup, a super admin account is created automatically using the SUPERADMIN_EMAIL and SUPERADMIN_PASSWORD environment variables. Log in with these credentials, then create an organization and invite users to get started. The login page will display a banner guiding you through this process.
Installation using Docker (production)
First, ensure you have the following installed:
- npm
- Docker
- Docker Compose
Create a directory in your desired folder:
mkdir verifywise
cd verifywise
Download the required files using wget:
curl -O https://raw.githubusercontent.com/bluewave-labs/verifywise/develop/install.sh
curl -O https://raw.githubusercontent.com/bluewave-labs/verifywise/develop/.env.prod
Make sure to change the JWT_SECRET variable to your liking, set your super admin credentials (SUPERADMIN_EMAIL and SUPERADMIN_PASSWORD), and change localhost to the IP of the server. An example is shown below:
BACKEND_URL=http://64.23.242.4:3000
FRONTEND_URL=http://64.23.242.4:8080
SUPERADMIN_EMAIL=admin@verifywise.com
SUPERADMIN_PASSWORD=YourStr0ngPassword!
Note: CORS is automatically configured to allow requests from the same host where the backend is running.
Change the permissions of the install.sh script to make it executable, and then execute it.
chmod +x ./install.sh
./install.sh
Now the server is running on the IP and the port you defined in .env.prod file (8080 by default).
If the install.sh script doesn't work for some reason, try the following commands:
docker-compose --env-file .env.prod up -d backend
docker ps # to confirm
docker-compose --env-file .env.prod up -d frontend
docker ps # to confirm
If you want to re-run install.sh for some reason (e.g want to change a configuration in .env.prod file), first stop all Docker containers before starting a new one:
docker-compose --env-file .env.prod down
./install.sh
Note: On a fresh setup, a super admin account is created automatically using the SUPERADMIN_EMAIL and SUPERADMIN_PASSWORD environment variables. Log in with these credentials, then create an organization and invite users to get started.
Installing SSL
Here are the steps to enable SSL on your system.
-
Make sure to point domain to VM IP
-
Install Nginx:
sudo apt update
sudo apt install nginx -y
- Create a config file (
/etc/nginx/sites-available/verifywise) with the following content. Change the domain name accordingly.
server {
server_name domainname.com;
client_max_body_size 200M;
# Custom error page for maintenance/upgrades
error_page 502 503 504 /upgrade.html;
location = /upgrade.html {
root /var/www/verifywise;
internal;
}
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- Create the directory for custom error pages and copy the upgrade page:
sudo mkdir -p /var/www/verifywise
sudo curl -o /var/www/verifywise/upgrade.html https://raw.githubusercontent.com/bluewave-labs/verifywise/develop/Clients/upgrade.html
- Enable the config:
sudo ln -s /etc/nginx/sites-available/verifywise /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
- Install Certbot for SSL:
sudo apt install certbot python3-certbot-nginx -y
- Obtain SSL certificate. Change the domain name accordingly.
sudo certbot --nginx -d domainname.com
- Update the
.env.prodto point to correct domain. Change the domain name accordingly.
BACKEND_URL=https://domainname.com/api
FRONTEND_URL=https://domainname.com
Note: CORS is automatically configured to allow requests from the same host where the backend is running.
- Restart the application
./install.sh
Note: The Nginx configuration includes custom error pages that display a professional "upgrading" message instead of the default "502 Bad Gateway" error when the servers are not running or during maintenance.
Email configuration
VerifyWise supports multiple email service providers through a provider abstraction layer, enabling administrators to choose the most suitable email service for their organization. The system includes security enhancements such as TLS enforcement, input validation and credential rotation for supported providers.
Below is a list of supported email providers. You can use this documentation to setup the email service of your choice.
- Exchange Online (Office 365) - Microsoft's cloud email service
- On-Premises Exchange - Self-hosted Exchange servers
- Amazon SES - AWS Simple Email Service
- Resend - Developer-focused email API
- Generic SMTP - SMTP support for any provider
Ports
You’ll need to open ports 80 and 443 so VerifyWise can be accessed from the internet.
Security
If you find a vulnerability, please report it here.