VerifyWise is an open-source AI governance platform designed to help businesses harness the power of AI safely and responsibly. Our platform ensures compliance and robust AI management without compromising on security.
We are democratizing AI best practices with an open-source solution that can be hosted on-premises, giving you complete control over your AI governance.
- The designs and workflows are available for everyone. This link includes 2 pages: dashboard designs and the style guide.
- The VerifyWise presentation, including terminology, why we started this project, technology, and roadmap
- Join our Discord channel to ask your questions and get the latest announcemnets.
- Need to talk to someone? Get with us to see the latest demo, or click here to experience the demo yourself.
The platform simplifies AI governance for organizations, helping them manage risks, ensure regulatory compliance, and promote responsible AI practices throughout their operations.
VerifyWise is designed for:
- Businesses: From those considering AI adoption to organizations developing proprietary AI at scale.
- Compliance officers: Professionals ensuring adherence to EU AI Act regulations and internal policies.
- Risk management teams: Groups tasked with identifying and mitigating AI-related risks.
- Legal and privacy teams: Professionals addressing the legal and ethical implications of AI use.
- AI developers: Teams working on AI projects who need to ensure compliance and responsible development.
- Urgent need for regulatory compliance: Regulations establish clear rules for AI applications, creating a need for organizations to comply with legal requirements.
- Complexity of compliance: Companies will require governance tools to help them navigate a changing regulatory landscape.
- Growing concerns for ethical AI: There is a strong push from governments, businesses, and consumers for more ethical and transparent AI systems.
- Good timing with global AI expansion: Launching an open-source AI governance application now aligns with the AI adoption trend across industries (e.g., healthcare, finance), addressing the need for a deployable governance solution.
- Option to host the application on-premises or in a private cloud
- Open source with a copyleft license (AGPLv3)
- Faster audits using AI-generated answers for compliance and assessment questions
- Full access to the source code for transparency, security audits, and customization
- Docker deployment (also deployable on render.com and similar platforms)
- User registration, authentication, and role-based access control (RBAC) support
- Major features:
- Multiple projects
- Support for EU AI Act and ISO 42001
- Vendors & vendor risks
- AI project risks
- Bias & fairness check of ML systems
- Evidence center
- Reports
- AI literacy training
- More frameworks
- Mappings between frameworks
- AI trust center
- Integration with MIT AI risk repository
- Automated reports
- Risk and control mappings
The VerifyWise application has two components: a frontend built with React.js and a backend built with Node.js. At present, you can use npm (for development) or Docker (production) to run VerifyWise. A PostgreSQL database is required to run VerifyWise.
Prerequisites:
- npm and Docker
- A running PostgreSQL, preferably as a Docker image (eg. using
docker pull postgres:latest)
First, clone the repository to your local machine and go to verifywise directory. Then, navigate to the Clients directory and install the dependencies:
git clone https://github.com/bluewave-labs/verifywise.git
cd verifywise
cd Clients
npm i
Navigate back to the /Servers directory under root to install the dependencies:
cd ..
cd Servers
npm install
Go to the root directory and copy the contents of .env.dev to the .env file. For security, you must set a strong and unpredictable JWT_SECRET in your .env file. This secret is used to sign and verify your JWT tokens, so it must be kept private and cryptographically secure. You can generate a 256-bit base64-encoded secret using openssl rand -base64 32.
cd ..
cp .env.dev Servers/.env
In .env file, change FRONTEND_URL and ALLOWED_ORIGINS:
FRONTEND_URL=http://localhost:5173
ALLOWED_ORIGINS=["http://localhost:5173", "http://localhost:8082"]
Run the PostgreSQL container with the following command:
docker run -d --name mypostgres -p 5432:5432 -e POSTGRES_PASSWORD={env variable password} postgres
Access the PostgreSQL container and create the verifywise database:
docker exec -it mypostgres psql -U postgres
CREATE DATABASE verifywise;
Navigate to the Servers directory and start the server in watch mode:
cd Servers
npm run watch
Navigate to the Clients directory and start the client in development mode:
cd Clients
npm run dev
Note: Make sure to replace {env variable password} with the actual password from your environment variables.
First, ensure you have the following installed:
- npm
- Docker
- Docker Compose
Create a directory in your desired folder:
mkdir verifywise
cd verifywise
Download the required files using wget:
curl -O https://raw.githubusercontent.com/bluewave-labs/verifywise/develop/install.sh
curl -O https://raw.githubusercontent.com/bluewave-labs/verifywise/develop/.env.prod
Make sure to change the JWT_SECRET variable to your liking, and change localhost to the IP of the server. An example is shown below:
BACKEND_URL=http://64.23.242.4:3000
FRONTEND_URL=http://64.23.242.4:8080
ALLOWED_ORIGINS=["http://64.23.242.4:5173", "http://64.23.242.4:8080"]
Change the permissions of the install.sh script to make it executable, and then execute it.
chmod +x ./install.sh
./install.sh
Now the server is running on the IP and the port you defined in .env.prod file (8080 by default).
If the install.sh script doesn't work for some reason, try the following commands:
docker-compose --env-file .env.prod up -d backend
docker ps # to confirm
docker-compose --env-file .env.prod up -d frontend
docker ps # to confirm
If you want to re-run install.sh for some reason (e.g want to change a configuration in .env.prod file), first stop all Docker containers before starting a new one:
docker-compose --env-file .env.prod down
./install.sh
Here are the steps to enable SSL on your system.
-
Make sure to point domain to VM IP
-
Install Nginx:
sudo apt update
sudo apt install nginx -y
- Create a config file (
/etc/nginx/sites-available/verifywise) with the following content. Change the domain name accordingly.
server {
server_name domainname.com;
client_max_body_size 200M;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- Enable the config:
sudo ln -s /etc/nginx/sites-available/verifywise /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
- Install Certbot for SSL:
sudo apt install certbot python3-certbot-nginx -y
- Obtain SSL certificate. Change the domain name accordingly.
sudo certbot --nginx -d domainname.com
- Update the
.env.prodto point to correct domain. Change the domain name accordingly.
BACKEND_URL=https://domainname.com/api
FRONTEND_URL=https://domainname.com
ALLOWED_ORIGINS=["https://domainname.com:5173", "https://domainname.com"]
- Restart the application
./install.sh
Ensure you have following things:
You have created an account on resend
You have your app domain pointing to your server on DNS
-
Create an API Key with
Sending Access -
Add the API Key to
RESEND_API_KEYin the .env.dev or .env.prod based on your environment -
Add a new domain pointing to your doamin name
-
Add the provided
DNS Recordson your DNS config on your DNS provider -
Verify the DNS Records on Resend
-
Update the
EMAIL_IDin env file tono-reply@your-domain
You’ll need to open ports 80 and 443 so VerifyWise can be accessed from the internet.
If you find a vulnerability, please report it here.
