How It Works Features Frameworks Pricing FAQ Install Free on VS Code
For Financial Software Teams

Code Documentation Regulators Trust.

Automatically generates audit-ready JSDoc, compliance flags, and regulator-grade reports for financial software — directly inside VS Code. Purpose-built for teams subject to FINRA, SEC, SOX, PCI-DSS, GLBA, CFTC, and GDPR oversight.

⬇ Install Free on VS Code See how it works →
FINRA SEC 17a-4 SOX 302 · 404 PCI-DSS GDPR GLBA CFTC

Generate audit report

Financial code documentation.

Ready for regulator.

Manual documentation takes time

Senior engineers spend an average of 12–18 hours per audit preparing code documentation. That time is taken away from building product.

Cost: $8,000–$20,000/audit cycle in engineering time
⚠️

Compliance gaps go undetected until audit day

Without automated scanning, cardholder data exposure, missing audit trails, and supervisory control gaps are discovered by regulators — not your team. At that point, the cost is a fine, not a fix.

Cost: FINRA fines avg. $350,000 per violation
📋

consistent Documentation across teams

Junior developers write documentation that passes internal review but fails regulatory inspection. Compliance officers rewrite it. Engineers resent the process. The documentation still doesn't reference specific rule codes.

Cost: 2–4 weeks of back-and-forth per audit
🔍

Regulators demand rule-specific evidence

FINRA Rule 3110, SEC Rule 17a-4, SOX Section 404 — auditors expect documentation that explicitly references these rules. Generic comments like "saves trade data" are rejected. Your team rarely knows the specific rule numbers by heart.

Cost: Exam failures, remediation orders, reputational damage

How It Works

From code to audit-ready documentation in 10 seconds.

01

Select your code

Highlight any function, class, or module

02

Choose a compliance action

Right-click → choose => Generate Docs (compliance), Explain Code (compliance), Refactor Code (compliance), or Audit Reports (compliance).

03

Analyzes for compliance

04

Receive regulator-grade output

Documentation with rule references, risk levels, audit trail assessment, and compliance flags opens instantly.

Before & After

The difference regulators actually see.

The same function — before compliandoc Documenter, and after. The right panel is what your compliance officer submits to FINRA examiners.

tradeProcessor.js BEFORE 
// Saves trade to database
function executeTradeOrder(
  clientId, ticker,
  quantity, price
) {
  const total = quantity * price;
  const record = {
    clientId, ticker,
    quantity, price, total,
    timestamp: new Date()
  };
  db.insert('trades', record);
  return record;
}
⚠ Issues found by regulators
FINRA-3110 — No supervisory control documented
SEC-17a-4 — No immutability or retention evidence
SOX-302 — No data classification noted
Audit trail missing — no log of who executed trade
tradeProcessor.js — AI Documented AFTER 
/**
 * @function executeTradeOrder
 * @description Executes and persists an institutional
 *   trade order to the immutable trade ledger.
 *
 * @compliance FINRA-3110 Supervisory Control —
 *   Subject to supervisory review per Rule 3110.
 *
 * @compliance SEC-17a-4 Records Retention —
 *   Written to immutable store; retained 6 years.
 *
 * @compliance SOX-302 Executive Certification —
 *   Affects financial reporting. Requires sign-off.
 *
 * @data-classification Financial / PII
 * @risk-level          Critical
 * @audit-trail         ✓ Logged via tradeAuditLog
 * @param {string} clientId  - Client identifier (PII)
 * @param {string} ticker    - Exchange ticker symbol
 * @param {number} quantity  - Number of shares
 * @param {number} price     - Execution price per share
 * @returns {TradeRecord} Persisted record with audit ID
 * @throws {ComplianceError} If supervisory hold active
 */
function executeTradeOrder(
  clientId, ticker,
  quantity, price
) {
  checkSupervisoryHold(clientId);
  const total = quantity * price;
  const record = {
    clientId, ticker,
    quantity, price, total,
    timestamp: new Date(),
    immutable: true,
    retentionYears: 6
  };
  tradeAuditLog.write(record);
  return db.insert('trades', record);
}
✓ Audit-ready status
FINRA-3110 — Supervisory control documented
SEC-17a-4 — Retention requirement noted
SOX-302 — Sign-off requirement flagged
Risk level: Critical — routed to compliance team

Features

Four tools. One audit-ready engineering team.

📖

Compliance-Grade Documentation

Generate complete JSDoc with compliance annotations that regulators and auditors accept without revision. Every output includes the specific rule numbers that apply across FINRA, SEC, SOX, PCI-DSS, GLBA, CFTC, and GDPR — not generic comments that fail inspection. Each tag is sourced directly from the regulatory text, not paraphrased.

  • Automatic @compliance tag injection with rule codes
  • @data-classification for PII, Financial, Internal data
  • @risk-level from Low to Critical based on code analysis
  • @audit-trail assessment — flags missing logging
  • @throws with compliance-specific error conditions
🔍

Plain-English Code Explanation

Translate complex financial algorithms into plain English that compliance officers, legal teams, and non-technical auditors can read and approve. Particularly valuable for risk model code, pricing engines, and trade routing logic that regulators scrutinize most heavily.

  • Written for compliance officers, not developers
  • Identifies PHI, PII, and financial data flows
  • Flags data retention and access control gaps
  • Suitable for direct inclusion in examination responses
🔧

Compliance-Focused Refactoring

Receive specific, actionable refactoring recommendations that fix compliance gaps — not just code quality issues. Each suggestion includes the rule it addresses, the severity level, and a working code example. Changes that require compliance officer sign-off are clearly flagged before implementation.

  • Identifies missing audit trail implementations
  • Flags unencrypted PII or cardholder data storage
  • Highlights missing access controls and authorization
  • Marks changes requiring sign-off before deployment
📊

Formal Audit Report Generation

Generate regulator-ready audit reports in seconds — the kind that previously required a compliance consultant at $300–$500 per hour. Reports include an executive summary, regulatory mapping table, gap analysis, and sign-off readiness assessment. Submit directly to FINRA examiners or internal audit teams.

  • Executive summary written for non-technical reviewers
  • Regulatory mapping table with rule-by-rule status
  • Numbered gap list with severity and remediation steps
  • Sign-off readiness: Ready / Needs Remediation / Blocked

Compliance Frameworks

Every framework your team is accountable to.

AI Compliance Documenter ships with built-in rules for the major financial regulatory frameworks. Pro users can add custom rules specific to their firm.

FINRA

Financial Industry Regulatory Authority

Covers broker-dealer supervision, trade review, business continuity, and communications compliance for registered firms.

  • Rule 3110 — Supervisory Control
  • Rule 4370 — Business Continuity
  • Rule 2010 — Standards of Commercial Honor
  • Rule 3120 — Supervisory Control System
SEC

Securities & Exchange Commission

Governs recordkeeping, reporting obligations, and system integrity requirements for registered investment advisers and broker-dealers.

  • Rule 17a-4 — Records Retention
  • Rule 15c3-5 — Market Access
  • Regulation SCI — System Compliance
  • Rule 17a-3 — Required Records
SOX

Sarbanes-Oxley Act

Mandates internal control documentation, executive certification of financial reporting systems, and auditor access to technical systems.

  • Section 302 — Executive Certification
  • Section 404 — Internal Controls
  • Section 906 — Criminal Certification
  • Section 802 — Records Destruction
PCI-DSS

Payment Card Industry Data Security

Protects cardholder data across systems that process, store, or transmit payment card information. Required for all firms handling card payments.

  • Requirement 3.4 — Cardholder Data Masking
  • Requirement 6.3 — Secure Development
  • Requirement 7 — Access Control
  • Requirement 10 — Audit Logs
GLBA

Gramm-Leach-Bliley Act

Requires financial institutions to protect consumers personal financial information and implement a written information security program.

  • Section 501 — Customer Data Protection
  • Section 502 — Opt-Out Requirements
  • Rule 314 — Safeguards Rule
  • Rule 313 — Privacy Notice Requirements
CFTC

Commodity Futures Trading Commission

Governs derivatives, futures, and swaps trading systems. Required for hedge funds, commodity trading firms, and derivatives desks.

  • Rule 1.31 — Records Retention (5 years)
  • Rule 23.606 — Swap Data Reporting
  • Rule 23.400 — Business Conduct Standards
  • Rule 1.73 — Pre-Trade Risk Controls
GDPR

General Data Protection Regulation

Applies to any financial firm processing personal data of EU residents. Increasingly enforced across global fintech and banking platforms.

  • Article 17 — Right to Erasure
  • Article 25 — Data Protection by Design
  • Article 32 — Security of Processing
  • Article 83 — Administrative Fines

Why Trust Us

Built with enterprise security as a first principle.

🔒

Your code never leaves your control

Code snippets are transmitted over TLS 1.3, processed, and discarded. We do not store your source code on our servers beyond the duration of a single API call. Your intellectual property remains yours.

📜

Compliance rules from primary sources

Every rule in our system is sourced directly from FINRA, SEC, SOX legislation, PCI-DSS, GDPR, CFTC and GLBA council documentation. We do not interpret or paraphrase — we reference the exact rule codes regulators use during examinations.

🏗

Enterprise-grade infrastructure

Backed by PostgreSQL for audit log durability, Redis for performance, and a stateless Node.js API. Your compliance history is stored, queryable, and exportable for internal audit review at any time.

Pricing

Start free. Pay when it saves you more than it costs.

A single FINRA violation costs an average of $350,000. AI Compliance Documenter pays for itself on day one.

Free
$0 / month

For individual developers evaluating the tool. No credit card required.

  • 10 AI operations per month
  • All 4 AI features (Explain, Document, Refactor, Audit)
  • All 7 compliance frameworks
  • VS Code extension
  • Compliance history & export
  • Custom compliance rules
  • Team management
Install Free
Most Popular
Pro
$29.99 / month

For individual developers at regulated firms. Expense without approval under most firm policies.

  • Unlimited AI operations
  • All 4 AI features
  • All 7 compliance frameworks
  • 30-day audit trail report
  • Custom compliance rules (up to 10)
  • Email support (24hr response)
  • Team management & SSO
Start Pro — $29.99/mo

All plans include a 10 ops free trial. No credit card required to start. Cancel anytime.

FAQ

Frequently Asked Questions.

Is my source code stored on your servers?
No. Code snippets are transmitted over TLS 1.3 to our API, processed by the AI model, and the raw source code is discarded immediately after the response is generated. We store only the output documentation, compliance flags, and metadata (timestamp, feature used, tokens consumed) — never the original source code. Your intellectual property is protected.
Can documentation be submitted to FINRA examiners?
Yes, with review. Our output is designed to meet the standard that FINRA, SEC, SOX, GDPR, CFTC and GLBA auditors apply during examinations. However, we always recommend that a qualified compliance officer reviews documentation before submission. The output provides the correct structure, rule references, and risk assessments — human review ensures accuracy for your specific firm context.
How accurate are the compliance rule mappings?
All rules are sourced directly from FINRA rulebooks, SEC releases, SOX legislation, and PCI-DSS council documentation. compliancedoc identifies patterns in code that match known compliance risk areas for each rule. Accuracy depends on code complexity — simple functions are mapped very accurately, while complex multi-system logic may require compliance officer review to confirm the mapping is complete.
Can we add our firm's internal compliance rules?
Yes. Pro users can add up to 10 custom compliance rules through the compliance rules API. This allows you to encode firm-specific policies — for example, internal trade surveillance rules, proprietary data classification standards, or policies from your most recent FINRA examination findings.
Does this work for languages other than JavaScript?
Yes. compliancedoc works with all major languages used in financial systems: JavaScript, TypeScript, Python, Java, C#, Go, Rust, and SQL. The compliance analysis is language-agnostic — it focuses on what the code does, not the syntax it uses. Python trading algorithms and Java risk models receive the same compliance treatment as JavaScript APIs.

Get Started Today

Your next audit starts with this conversation.

Install free in 30 seconds. No credit card. No configuration. Generate your first compliance-grade documentation before your next standup.

⬇ Install Free on VS Code Marketplace Talk to Enterprise Sales →