53 standards as nodes. Gaps as edges that don't exist.
Every architecture decision your team has made — or hasn't made — is visible in the graph. Standards without an addressing ADR are gaps. A single query finds them. A single team review closes them.
The model
Standards as nodes. Decisions as edges.
53 industry standards across Execution, Development, Operations, Security, and Infrastructure architecture are stored in the graph, sourced from 12-factor, OWASP, NIST, SRE practice, and cloud-native patterns. Each standard links to an Architecture Decision Record (ADR) via an ADDRESSES edge. Standards with no ADDRESSES edge are gaps — returned by a single query.
An initial audit on a live codebase identified 14 genuine gaps and 8 compliant-but-undocumented standards in one session.
Standards domains
Five domains. 53 standards. One query to find gaps.
Formbricks — the PII defect, architecture-level
Three standards with no ADR. One defect that followed.
Running the orphan query against the Formbricks instance surfaced the direct architecture-level cause of DEF-FBK-001 (PII included in anonymised survey exports):
Architecture Decision Records
ADRs as first-class nodes. Decisions linked to standards and modules.
Architecture Decision Records are SysArchDecision nodes with ADDRESSES edges to standards and CONSTRAINED_BY edges from modules. Sessions see the architecture state at session start — not just the code, but the decisions behind it.
Architecture compliance as a graph query, not a review.
The architecture standards YAML is included in the SysEdge bootstrap kit. Load the standards once, link your ADRs, and every session starts knowing which standards are addressed and which are gaps. Unaddressed standards become queryable facts — not surprises discovered six months later in a security audit.