Probo is an open-source, self-hostable Governance, Risk, and Compliance (GRC) platform designed for engineering and security teams. It addresses the full GRC lifecycle, including risk identification, control tracking, vendor risk, data privacy, and audit programs, enabling teams to automate compliance workflows through code, scripts, or LLM agents.

How It Works

Probo is AI-native by design, exposing over 270 Model Context Protocol (MCP) tools that grant any MCP-compatible LLM agent direct read/write access to GRC data. This allows for automated policy drafting, risk assessments, and evidence generation. The platform offers comprehensive GRC coverage and integrates with multiple interfaces: a web console, a robust prb CLI, an MCP API, a GraphQL API, and an n8n community node for no-code automation.

Quick Start & Requirements

• Prerequisites: Go 1.26+, Node.js 22+, Docker (latest), mkcert (latest).
• Installation: Clone with submodules, install Go and npm dependencies, run make stack-up, make build, make dev-config.
• Run: Execute bin/probod -cfg-file cfg/dev.yaml. The web console is accessible at http://localhost:8080. Refer to CONTRIBUTING.md for detailed development environment setup.

Highlighted Details

• AI-native architecture with 270+ MCP tools for LLM integration.
• Full GRC coverage: Risk Management, Controls, Vendor Risk, Data Privacy (DPIA/TIA), Access Reviews, Audit Programs, Evidence, Document Management, Compliance Page, Cookie & Consent.
• Multiple interfaces for automation: Web console, prb CLI, MCP API, GraphQL, n8n node.
• Audit-ready features including policy-based RBAC, immutable audit logs, and electronic document sign-off workflows.

Maintenance & Community

Contributions are welcome via pull requests after reviewing CONTRIBUTING.md. All commits require a Developer Certificate of Origin (DCO) sign-off; no CLA is needed. For security vulnerabilities, email security@getprobo.com as per SECURITY.md. Community channels include Discord, Twitter/X, and LinkedIn.

Licensing & Compatibility

Probo is released under the permissive ISC license, which generally allows for commercial use and integration into closed-source projects without copyleft restrictions.

Limitations & Caveats

The provided README does not explicitly detail any limitations, alpha status, or known bugs.