Build SOC/ISO ready solutions
in days not months
POC → MVP → Production
A zero dependency, full-stack, AI-Native, TypeScript platform with SOC-ready multi-tenancy, authentication, encryption, audit logging, RBAC, and MFA — all wired up and working before you write your first feature.
For Developers not Vibe Coders
Ziggy is for developers who want total control over everything they build with absolutely no external dependencies. You control the client, server, storage, Redis, DevOps and anything else you want to add or tweak.
Ziggy is AI first, with comprehensive CLAUDE.md files in all app components, SKILLS.md files to automate code changes and SOC doc generation.
See what you can build in 10 days
ZIntegrate is a full-blown, multi-tenant, AI-first orchestration and development system for building data automations, integrations and migrations. You get it for free with Ziggy.
It comes with API frameworks in TypeScript and GoLang where you build your integration functionality using regular AI coding tools.
What you get on day one
Every module is built, tested, and integrated. Clone the repo and start building your product.
Client Styling
Shadcn styling framework out of the box or switch out for your preferred UI framework.
Authentication
Local login, Google & Microsoft OAuth, LDAP/Active Directory, invitation-only signup, account lockout, password policies, session management — 5 strategies, fully configurable.
Multi-Factor Auth
TOTP authenticator apps, email OTP, backup codes, trusted devices, mandatory MFA for admin roles with grace periods, admin emergency controls.
Role-Based Access
Casbin policy engine with 5-level role hierarchy, per-endpoint authorization, multi-tenant organizations, team-based additive roles, SOC policy export.
Field-Level Encryption
AES-256-GCM transparent encryption via Prisma extension — PII, MFA, and HIPAA key scopes, deterministic mode for searchable fields, versioned keys with rotation.
Audit & Compliance
40+ event types logged with IP, user-agent, and metadata. Organization-scoped access. 1-year retention (2 years for security events). SOC audit endpoint built in.
Security Alerting
Configurable severity mappings, email digest notifications, per-user preferences, acknowledgement tracking — connected to audit events automatically.
AI Integration
Anthropic and OpenAI provider support with encrypted API keys, per-request cost tracking, usage logging, and model-specific configuration.
DevOps Admin Portal
Separate admin application with WebSocket real-time communication, SSH integration, and infrastructure management.
Database Monitoring
PostgreSQL health metrics — connections, cache hit ratio, dead tuples, replication lag, lock waits — with configurable thresholds and alerting.
Instance Monitoring
Multi-instance CPU, RAM, and disk tracking with heartbeat detection, stale instance cleanup, and threshold-based alerts.
Email System
SMTP integration with TLS/STARTTLS, attachment support, HTML templates — used across invitations, MFA, password resets, and alert digests.
Backup & Recovery
pg_dump-based backup/restore with email verification, system reset with two-step confirmation, automated retention cleanup.
Key Rotation
Encryption key lifecycle management — generate, audit, migrate, pause/resume — with dry-run mode and progress tracking.
Distributed Coordination
PostgreSQL advisory lock leader election, transaction-scoped distributed locks, single-instance cron execution.
Background Jobs
Async job tracking with status polling, UI indicator, toast notifications on completion or failure.
Terraform Infrastructure
Multi-cloud provisioning included in the /devops sub-project — infrastructure as code, fully integrated.
DevOps Portal
A full DevOps portal for provisioning, building, deployment and monitoring.
You might not need a SOC audit but it's great to be ready
- Make clear, confident statements to your customers and users about how their data is protected
- If you ever want SOC or ISO certification, you’re most of the way there
- Having enterprise-grade authentication, RBAC and many other security features is only a plus — especially as you don’t have to code it
Pass your SOC/ISO audit without the panic
- Seven security layers — from network/transport through to operational security — all implemented and integrated
- Audit logging with 40+ event types, organization scoping, and configurable retention
- Encryption at rest with AES-256-GCM, three key scopes (PII, MFA, HIPAA), and built-in key rotation
- Policy engine with exportable policy registry for auditor review
- Built-in Claude Code skills for SOC documentation generation — scan your codebase and produce audit artifacts automatically
- Alert severity mappings, digest notifications, and acknowledgement workflows ready for compliance evidence
- Password policies, account lockout, session management, and rate limiting — all configurable, all logged
AI first coding the way the world's going
- You don't have to use AI everywhere or even at all, but it sure makes life easier.
- Designed from the ground up to help AI coding tools work fast and efficiently with the codebase
- CLAUDE.md files at every level — project root, app, server, client, admin, devops — giving Claude Code full architectural context
- Custom Claude Code skills ship with the platform: codebase scanning, architecture fingerprinting, SOC template generation
- AI understands your module boundaries, naming conventions, database schema, and security patterns from the start
Your app and your ops, together
- Three sub-projects in one TypeScript monorepo: /app (your product), /admin (DevOps portal), /devops (Terraform)
- The Admin portal gives operations teams real-time visibility — WebSocket communication, SSH integration, infrastructure management
- Terraform modules for multi-cloud provisioning included, not sold separately
- Shared type safety across the entire stack — client, server, admin, infrastructure
- One repo, one language, one team — no context-switching between application code and infrastructure
What development skills do you need?
Building POCs and prototypes can be done even without strong development skills. Building a more serious application is best done by junior developers and up.
- Prototyping and POCs: Basic development skills recommended
- Larger applications: Junior developers can do all the heavy lifting. Having a more senior developer on hand is recommended.
- Extending the Core: Although the actual coding is straightforward, you will want to consult with developers with a grasp of security compliance if you intend to undergo a SOC audit.
- Extending the DevOps portal: It is recommended there is someone with a solid grasp of standard devops. The detail is managed by Terraform scripts so you can easily use AI to modify everything.
- Training and services: Mid-level developers won't really need training although we're happy to provide it if and where needed.
- We can build solutions: We also offer development services for any type of solution. We can hand all the code over whenever you're ready.
Delivered as source code. Extend everything, with or without AI.
- You get the full codebase — not a package, not an SDK, not a hosted service
- Every module can be modified, extended, or replaced — there is no abstraction you cannot look inside
- Core/App module split means your business logic stays cleanly separated from platform infrastructure
- Add modules following established patterns: NestJS module structure, Prisma schema extension, Zustand stores, policy registry entries
- No per-seat pricing. No API call limits. No vendor lock-in. Fork it, ship it, own it.
Front end out of the box
Configure and style your client as you require. Standard application and user settings are available pre-built.
SuperAdmins can configure and monitor in detail
Users can configure their own settings and switch organizations
Modern TypeScript, all the way down
Server
- NestJS
- Prisma
- PostgreSQL
- Casbin
- Passport.js
Client
- React
- Vite
- Zustand
- Tailwind CSS
- Shadcn default UI
Infrastructure
- Terraform
- Docker