Write policies, version them, require team acknowledgment, track who's read what. SOC 2 prep without the $2,000/mo compliance SaaS.
Every policy your team creates contains context that matters — title, body, version, ack count, status. When that data lives in a third-party service, you are one acquisition or policy change away from losing access. Covenant keeps it local.
Each policy record carries fields for title, body, version, ack count, status. The API accepts partial updates, so you can PATCH individual fields without resubmitting the entire record. Listing endpoints support ?q= for keyword search and ?status= for filtering through the lifecycle. Backups are a file copy of the SQLite database in the data directory.
A solo developer built a weekend project that needed policies tracking. Instead of spinning up Postgres and writing an admin panel, they added Covenant as a sidecar process. The REST API covered every operation the project needed. Development time saved: roughly a full day.
GET /api/policies — List all policies. Supports ?q=keyword for search and ?status=value for filteringPOST /api/policies — Create a new policy. Send JSON with at least titleGET /api/policies/{id} — Fetch one policy by IDPUT /api/policies/{id} — Update fields on an existing policyDELETE /api/policies/{id} — Remove a policyGET /api/stats — Returns total count and breakdown by statusGET /api/health — Returns {"status":"ok"} for uptime monitoringSelf-hosted policy and compliance manager. Self-hosted on your infrastructure. Your data never leaves your server.
curl -fsSL https://stockyard.dev/install.sh | sh -s -- --tool covenant
PORT=9300 ./covenant
http://localhost:9300
Single binary. Embedded SQLite. No Docker. No database. No dependencies.
Your license key arrives by email within 5 minutes of checkout. Set it as an environment variable and restart the binary.
export COVENANT_LICENSE_KEY=stockyard_xxxxxxxxxxxxxxxxxxxx ./covenant
No cloud connectivity required. The binary validates the key offline with Ed25519 signatures.