Aribot - Economic, Regulatory & Security APIs for Modern Applications

Analyze your tech stack. Optimize architecture. Model costs. Identify threats dynamically.

APIs that help you build better systems with practical, actionable recommendations.


Why Aribot?

Modern applications need more than just security scanning. They need intelligent analysis that understands your architecture, quantifies your risks in dollars, and ensures compliance across 100+ regulatory standards.

Aribot is the API layer your security, finance, and compliance teams have been waiting for.

Platform Capabilities

| Capability | What It Does |
|------------|--------------|
| Advanced Threat Modeling | Multi-framework analysis: STRIDE, PASTA, NIST, Aristiun Framework |
| Cloud Security (CSPM/CNAPP) | Real-time posture management across AWS, Azure, GCP |
| 100+ Compliance Standards | SOC2, ISO27001, PCI-DSS, GDPR, HIPAA, NIST, FedRAMP, CIS... |
| Economic Intelligence | ROI calculations, TCO analysis, risk quantification in real dollars |
| FinOps | Cloud cost optimization with security-aware recommendations |
| Red Team Automation | Simulate attacks before attackers do |
| Living Architecture | Dynamic diagrams that evolve with your infrastructure |
| AI-Powered Analysis | Multi-provider AI (Google, OpenAI, Anthropic, Azure) |
| Digital Twin | Architecture digital twins with cloud provider integration |
| SBOM Management | Software Bill of Materials tracking and vulnerability analysis |

Installation

``bash


npm

npm install @ayurak/aribot-cli

yarn

yarn add @ayurak/aribot-cli

pnpm

pnpm add @ayurak/aribot-cli

Global install for CLI

npm install -g @ayurak/aribot-cli
`

Quick Start (60 Seconds to Value)

$3

`bash


1. Authenticate

aribot login

2. Analyze your architecture

aribot analyze architecture.png

3. See your threats (multi-framework)

aribot threats

4. Run compliance assessment

aribot compliance --standard SOC2

5. Get economic analysis

aribot economics --cost

AI-powered multi-framework threat modeling in 5 commands.

`

$3

`typescript
import { AribotClient } from '@ayurak/aribot-cli';

const client = new AribotClient({ apiKey: 'ak_...' });

// Upload diagram, get AI threats across all frameworks
const diagram = await client.threatModeling.upload('architecture.png');
const threats = await client.threatModeling.getThreats(diagram.id);

console.log(Found ${threats.length} threats across STRIDE, PASTA, NIST & Aristiun);
threats.forEach(t => {
console.log( [${t.severity.toUpperCase()}] ${t.title} - ${t.category});
});

// Run compliance assessment
const assessment = await client.compliance.assess(diagram.id, 'SOC2');
console.log(SOC2 Score: ${assessment.score}%);

// Calculate security ROI
const roi = await client.economics.calculateROI(100000, 50);
console.log(3-Year ROI: ${roi.roi_percent}%);
`

API Coverage (100+ Endpoints)

$3


`typescript
client.threatModeling.upload(file) // AI-powered multi-framework analysis
client.threatModeling.list() // List all diagrams
client.threatModeling.get(id) // Get diagram details
client.threatModeling.getThreats(id) // Threats from STRIDE, PASTA, NIST, Aristiun
client.threatModeling.generateThreats(id) // On-demand AI threat generation
client.threatModeling.export(id, { format }) // Export reports (JSON/PDF)
`

$3

`typescript
client.ai.getUsage() // AI usage statistics
client.ai.getQuota() // AI quota and limits
client.ai.getModels() // Available AI models
client.ai.configure(options) // Configure AI settings
client.ai.analyze(content, options) // Run AI analysis
client.ai.getQueueStatus() // AI job queue status
`

$3

`typescript
client.compliance.assess(id, 'SOC2') // Single standard assessment
client.compliance.runScan(id, ['SOC2', 'GDPR']) // Multi-standard scan
client.compliance.listStandards() // List available standards
client.compliance.listReports() // Compliance reports
client.compliance.getRemediation(findingId) // Fix guidance
`

$3

`typescript
client.economics.calculateROI(investment) // Security ROI
client.economics.calculateTCO('aws') // Total cost of ownership
client.economics.analyzeCosts(diagramId) // Diagram cost analysis
client.economics.getMarketIntelligence() // Industry benchmarks
client.economics.getDashboard() // Economic dashboard
`

$3

`typescript
client.cloudSecurity.scanPosture() // Cloud security scan
client.cloudSecurity.getFindings({ severity }) // Security findings
client.cloudSecurity.getDashboard() // Security dashboard
client.cloudSecurity.remediate(id, autoFix) // Auto-remediation
`

$3

`typescript
client.redteam.runSimulation(targetId, type) // Attack simulation
client.redteam.getAttackPaths(diagramId) // Attack path analysis
client.redteam.listSimulations() // List simulations
client.redteam.getSimulation(id) // Simulation details
`

$3

`typescript
client.architecture.listComponents(diagramId) // List components
client.architecture.getComponent(id, compId) // Component details
client.architecture.updateComponent(id, updates) // Update component
client.architecture.getConnections(diagramId) // Get connections
`

CLI Commands

$3

`bash
aribot login # Authenticate with API key
aribot login --open-portal # Open developer portal for API key
aribot logout # Clear credentials
aribot whoami # Current user info
aribot status # API status & rate limits
`

$3

`bash
aribot diagrams # List your diagrams
aribot diagrams --limit 50 # List with limit
aribot analyze # Upload & analyze diagram
aribot analyze -n name # With custom name
aribot threats # View threats for diagram
aribot threats -s high # Filter by severity
aribot generate-threats # AI threat generation
aribot export # Export JSON report
aribot export -f pdf # Export PDF report
`

$3

`bash
aribot redteam --methodologies # List threat modeling methodologies
aribot redteam --intelligence # Get threat intelligence summary
aribot redteam --attack-paths -d # Analyze attack paths
aribot redteam --analyze # Comprehensive threat analysis
aribot redteam --requirements # Generate security requirements
aribot redteam --ai-insights # AI architecture insights
aribot redteam --simulate APT29 --target # Adversary simulation
`

$3

`bash
aribot compliance --list-standards # List 100+ compliance standards
aribot compliance # Run SOC2 assessment (default)
aribot compliance -s ISO27001 # Specific standard
aribot cloud-security --scan # Cloud security scan
aribot cloud-security --scan aws # Provider-specific scan
aribot cloud-security --findings # View security findings
aribot cloud-security --findings -s critical # Filter by severity
aribot cloud-security --dashboard # Security dashboard
`

$3

`bash

Dynamic scanning

aribot cloud-security --dynamic-scan # Run dynamic cloud scan

Unified scanning with scope

aribot cloud-security --unified-scan --scope account --account-id 123
aribot cloud-security --unified-scan --scope standard --scope-id CIS-AWS
aribot cloud-security --unified-scan --scope diagram --scope-id

Scanner rules management

aribot cloud-security --rules # List scanner rules
aribot cloud-security --rules -s critical # Filter by severity
aribot cloud-security --create-rule # Create custom rule (interactive)
aribot cloud-security --sync-rules # Sync from cloud providers
aribot cloud-security --scanner-stats # View scanner statistics

Remediation

aribot cloud-security --remediate-preview --account-id 123
aribot cloud-security --remediate --account-id 123
`

$3

`bash
aribot economics --dashboard # Economic intelligence dashboard
aribot economics --roi 100000 # Calculate security ROI
aribot economics --tco # TCO for diagram
aribot economics --cost # Cost intelligence
aribot economics --analyze # Cost analysis
`

$3

`bash
aribot digital-twin --providers # List cloud providers (AWS, Azure, GCP)
aribot digital-twin --resources # List cloud resources
aribot digital-twin --resources aws # Filter by provider
aribot digital-twin --health # Digital twin health status
aribot digital-twin --sync # Sync cloud resources
aribot digital-twin --discover # Discover new resources
`

$3

`bash
aribot dashboard --overview # Overall security dashboard
aribot dashboard --recent # Recent activity
aribot dashboard --risk # Risk summary
`

TypeScript Support

Full TypeScript support with exported types:

`typescript
import {
AribotClient,
AribotConfig,
Diagram,
Threat,
ComplianceAssessment,
SecurityFinding,
PaginatedResponse,
AribotError,
AuthenticationError,
RateLimitError,
APIError,
RequestSigner,
SecureCredentialManager,
analyzeDiagram,
runComplianceCheck,
} from '@ayurak/aribot-cli';
`

Supported Compliance Standards

Financial: SOC2, PCI-DSS, PCI-DSS-4.0, SOX, GLBA
Healthcare: HIPAA, HITRUST
Privacy: GDPR, CCPA, LGPD, PIPEDA
Government: FedRAMP-Low/Moderate/High, FISMA, NIST 800-53, NIST 800-171
Cloud: CIS AWS, CIS Azure, CIS GCP, CIS Kubernetes
Security: ISO27001, ISO27017, ISO27018, ISO22301, NIST CSF, CSA CCM, CSA STAR
Attack Frameworks: MITRE ATT&CK, OWASP TOP-10

Environment Variables

`bash


Set API key via environment variable

export ARIBOT_API_KEY=ak_your_api_key_here

Then use without passing apiKey

const client = new AribotClient();
`

Error Handling

`typescript
import { AribotClient, AuthenticationError, RateLimitError, APIError } from '@ayurak/aribot-cli';

try {
const client = new AribotClient({ apiKey: 'ak_...' });
const diagrams = await client.threatModeling.list();
} catch (error) {
if (error instanceof AuthenticationError) {
console.error('Invalid API key');
} else if (error instanceof RateLimitError) {
console.error(Rate limited. Retry after ${error.retryAfter}s);
} else if (error instanceof APIError) {
console.error(API Error: ${error.statusCode} - ${error.message});
}
}
`

Security Features

- Secure Credential Storage: API keys stored securely using OS-native storage
- Request Signing: HMAC-SHA256 signatures for API request integrity
- Automatic Retry: Exponential backoff with jitter for reliability
- Rate Limit Handling: Graceful handling of rate limits
- No Keys in Code: Environment variable support for CI/CD

Resources

- Platform: aribot.ayurak.com
- Developer Portal: developer.ayurak.com
- API Docs: developer.ayurak.com/docs
- Support: support@ayurak.com

Changelog

$3


- Framework-Specific Compliance Scoring: Each compliance standard now returns its own real score
- NIST 800-53: 80.87% (183 controls, 148 passed, 35 failed)
- SOC2: 90.99% (111 controls, 101 passed, 10 failed)
- Powered by ResultsRegulatory per-framework, per-scan data
- All 19 CLI commands tested end-to-end against production API
- whoami, status, diagrams, threats, export, generate-threats, compliance, economics,
cloud-security, redteam, ai, sbom, digital-twin, pipeline, api-keys, marketplace, dashboard
- Celery Task Registration Fix: Backend compliance task now properly dispatched via async Celery

$3

- Compliance Assessment: Fixed polling and real-time score retrieval
- Diagram ID Resolution: Support integer IDs and UUID prefix matching

$3

- Digital Twin API: Full cloud provider integration (AWS, Azure, GCP)
- aribot digital-twin --providers - List connected providers
- aribot digital-twin --health - Health status
- aribot digital-twin --resources - List cloud resources
- Economics Dashboard: Real-time cost intelligence
- aribot economics --dashboard - Economic intelligence
- Red Team Methodologies: Threat modeling frameworks
- aribot redteam --methodologies - STRIDE, PASTA, NIST, MITRE ATT&CK, OWASP
- Dashboard Overview: Security metrics
- aribot dashboard --overview - Compliance status
- Attack Path Analysis: AI-powered attack simulation
- aribot redteam --attack-paths -d `
- Fixed endpoint URLs for v2 API compatibility
- All endpoints tested against production API

$3

- Added AI resource with usage tracking and configuration
- Added Digital Twin health and provider endpoints
- Added SBOM document management
- Added Marketplace templates and categories
- Added Knowledge Base with real-time threats
- Added Pipeline Security scanning
- Improved economic intelligence with cost analysis
- 111+ working API endpoints documented
- Updated compliance assessment endpoints

$3

- Initial release with core threat modeling features

License

MIT License - Copyright (c) 2026 Ayurak AI

---

Built for teams who take security seriously. Start analyzing in 60 seconds.