Frequently Asked Questions

SAL is a compliance metadata layer for AI agents. We maintain 9,483 agent specifications, each cross-referenced to U.S. government classification systems — SOC (occupations), CFR (regulations), NIST (cybersecurity), NAICS (industries), and ISCO (international labor). Builders, platforms, and enterprise GRC teams use SAL to classify agents, cite the regulations they operate under, and evidence compliance to auditors.

Three buyer types: (1) AI platform vendors who want their role-based agents to cite the classification they operate under; (2) AI governance and GRC teams who need a ready-made taxonomy to classify every agent in their AI inventory; (3) enterprise AI deployers preparing for the EU AI Act, HIPAA, SOX, NAIC, and state AI acts. SAL is not a consumer product and does not run agents for you — we provide the metadata layer the rest of your stack cites.

No. SAL is a private company. We are not a U.S. government agency, not a regulator, and not a certifying body recognized by any government. We cross-reference to publicly available government classification data — we do not verify compliance on behalf of any agency. See the methodology page for the full boundary of what we claim and what we don't.

Certification is SAL's evaluation of an AI agent's system prompt and declared tools against a published rubric: role identity, primary directive, execution logic, safety protocols, tool alignment, SOC classification fit, and prompt quality. Certified agents earn an embeddable badge and a public verification page. A SAL Certified badge signals the agent meets SAL's rubric — it does not represent regulatory approval or a guarantee of outcomes.

Every submission is evaluated by Claude Sonnet 4.6 via Vercel AI Gateway against a structured seven-criterion schema. The evaluator is instructed to treat the submitted system prompt as adversarial data, not as instructions — prompt-injection attempts are explicitly scored down on Safety Protocols. Trivially broken submissions are rejected by a cheap deterministic pre-filter before an LLM call is made. Scores are 0-100 per criterion with plain-language reasoning and concrete improvement notes.

Yes. GET /api/registry/catalog, GET /api/registry/spec/[soc_code], and POST /api/registry/search-nl are live and documented on the developers page. The developer tier is free with a usage ceiling; enterprise tier adds a DPA, bulk export (JSON/CSV/Parquet), SLA, and licensing for internal redistribution.

SOC 2 Type II is on the roadmap. Data is hosted on Supabase Postgres with row-level security and encryption at rest. Enterprise tier includes a DPA and security documentation. A formal trust center with sub-processor list and incident response procedures is planned — in the meantime, email contribute@standardagentlogic.com and we will share what we have.

SAL reingests from the canonical government sources on a rolling cadence: BLS O*NET quarterly, eCFR monthly, NIST CSF 2.0 and 800-53 on release, NAICS on the 5-year revision cycle, ISCO-08 on UN revision. Each spec carries a last_verified timestamp.

The underlying classifications (SOC, CFR, NIST, NAICS, ISCO) are U.S. government or UN public-domain data. SAL's cross-referencing schema, evaluation methodology, and certification rubric are proprietary — U.S. provisional patent application 64/036,723 and trademark serial 99769762 for 'STANDARD AGENT LOGIC' in Class 042 are on file.

Email contribute@standardagentlogic.com. We typically respond within 24 hours. For partnership inquiries, mention your company and use case in the subject line.