Compliance Health Scanner - Like Lynis, but for regulations. GDPR, AI Act, DORA (Financial), NIS2, BIO2 (Dutch Gov), and 10+ frameworks in one scan.
npm install tibet-audit> Compliance Health Scanner - Like Lynis, but for regulations.
Scan your projects for GDPR, AI Act, DORA, BIO2, NIS2, PIPA, APPI, PDPA, LGPD, JIS compliance in seconds.
Digital Operational Resilience Act - EU regulation for financial entities.
``bash
$ tibet-audit scan --framework dora --org "ING Bank"
š¦ DORA COMPLIANCE MODE
Pillars: 5 | BIO2 overlap: ~60%
TIBET = Pillar 5 compliance (Information Sharing)
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā Overall Grade: B š¢ ā
ā Score: 14/17 checks passed (82.4%) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
PILLAR 1: ICT Risk Management (6/6 = 100%) ā
PILLAR 5: Information Sharing (1/1 = 100%) ā
TIBET detected!
`
Key insight: TIBET provides automatic Pillar 5 compliance!
`
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāā āāāāāā āāā āāāāāāāāāā āāāāāāāāāāāā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāāāāā āāāāāāāāāāāāāāāāāāāāāāā
āāā āāāāāāāāāāāāāāāāā āāā āāāāāāāāāāā āāāāāā āāāāāā āāā
āāā āāāāāāāāāāāāāāāāā āāā āāāāāāāāāāā āāāāāā āāāāāā āāā
āāā āāāāāāāāāāāāāāāāāāā āāā āāā āāāāāāāāāāāāāāāāāāāāāāā āāā
āāā āāāāāāāāāā āāāāāāāā āāā āāā āāā āāāāāāā āāāāāāā āāā āāā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
"SSL secures the connection. TIBET secures the timeline."
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
`bash`
npm install -g tibet-audit
Or run directly with npx:
`bash`
npx tibet-audit scan
`bashScan current directory
tibet-audit scan
Programmatic Usage
typescript
import { scan, getFixableIssues, applyFixes } from 'tibet-audit';// Basic scan
const result = await scan('./my-project');
console.log(
Score: ${result.score}/100 (Grade: ${result.grade}));// Scan specific categories
const result = await scan('.', { categories: ['gdpr', 'ai_act'] });
// Sovereign mode (no cloud APIs)
const result = await scan('.', { sovereignMode: true });
// Fix issues
const fixable = getFixableIssues(result.results);
await applyFixes(fixable);
`Supported Regulations
| Category | Region | Checks |
|----------|--------|--------|
| GDPR | EU | Privacy policy, DPO, consent, DPIA, breach notification |
| AI Act | EU | Risk classification, documentation, human oversight |
| PIPA | South Korea | Explicit consent, CPO, 24h breach notification |
| APPI | Japan | Privacy manager, cross-border transfers |
| PDPA | Singapore | Consent, DPO, 3-day breach notification |
| LGPD | Brazil | Legal basis, Encarregado, ARCO rights |
| JIS | Universal | Bilateral consent, TIBET provenance, intent verification |
| BIO2 | Netherlands | Dutch government security baseline (17 automated checks) |
| NIS2 | EU | Network security directive (via BIO2 + ISO 27001) |
š³š± BIO2 Framework - Dutch Government Baseline
71 dagen tot NIS2 deadline (18 april 2026)
BIO2 = Baseline Informatiebeveiliging Overheid 2, de Nederlandse overheidsstandaard voor informatiebeveiliging. tibet-audit ondersteunt nu 17 geautomatiseerde BIO2 checks met Grade A-F scoring.
bash
BIO2 scan met organisatienaam
tibet-audit scan --framework bio2 --org "Gemeente Amsterdam"
`Output voorbeeld:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā BIO2 Compliance Report ā
ā Gemeente Amsterdam ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā£
ā Overall Grade: A ā
ā
ā Score: 17/17 checks passed (100.0%) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
$3
> "BIO2 + ISO 27001 certificering = NIS2 zorgplicht invulling"
> ā CIP/MinBZK guidance
| BIO2 Chapter | Domain | Automated Checks |
|--------------|--------|------------------|
| 5 | Organisatorisch | 5 checks |
| 6 | Personeel | Planned |
| 7 | Fysiek | Planned |
| 8 | Technologisch | 12 checks |
CLI Options
$3
tibet-audit scan [path] [options]Options:
--categories, -c Categories to check (gdpr,ai_act,pipa,appi,pdpa,lgpd,jis)
--framework, -f Framework: bio2, nis2, gdpr, ai_act, dora
--org Organization name for compliance report
--output, -o Output format: terminal, json
--quiet, -q Minimal output
--cry Verbose mode - all the details
--sovereign No cloud APIs, fully local
$3
tibet-audit fix [path] [options]Options:
--auto, -a Diaper Protocol: fix everything, no questions
--wet-wipe, -w Preview what would be fixed (dry-run)
--sovereign No cloud APIs, fully local
The Diaper Protocol
One command, hands free, compliance done.
bash
tibet-audit fix --auto
`Like a diaper change - press the button, hands free, mess cleaned up.
Sovereign Mode
Run all checks locally without any cloud API calls:
bash
tibet-audit scan --sovereign
tibet-audit fix --sovereign --auto
`Your data never leaves your machine.
Scoring
- A (90-100): Excellent compliance
- B (80-89): Good compliance
- C (70-79): Adequate compliance
- D (60-69): Needs improvement
- F (<60): Critical gaps
Also Available
- Python:
- npm: MIT License - Jasper van de Meent & HumoticaOS
---
Part of the TIBET Ecosystem - Transparent Immutable Bilateral Event Trails
"SSL secures the connection. TIBET secures the timeline."