Programming

Company as Code: A DSL and Graph to Run Organizations Programmatically

Infrastructure as CodeCompliance AutomationDeveloper ToolingSoftware Architecture
Added Feb 5
Link129
Article: PositiveCommunity: NegativeMixed
Company as Code: A DSL and Graph to Run Organizations Programmatically

The author proposes “Company as Code,” a programmatic, version-controlled, queryable model of organizational structure, policies, and compliance. He outlines a declarative DSL and a graph-based architecture with integrations for evidence collection, automated validation, and potential enforcement across SaaS systems. A low/no-code UI would make it accessible, and while viability is unproven, the approach appears buildable and likely valuable.

Key Points

  • Modern organizations treat infrastructure and deployments as code but still describe their core structure and policies with static documents, creating friction in audits and change management.
  • A declarative DSL can model roles, org units, people, policies, external requirements, and mappings, forming a versioned, queryable organizational graph.
  • An implementation would pair a graph database (relationships), a relational store (evidence/metadata), and an event store (audit trail), plus plug-in integrations for data collection, validation, and enforcement.
  • Automated verification and impact analysis (e.g., MFA compliance checks) shift compliance from manual documentation to continuous, testable processes.
  • A low/no-code interface can make the model accessible to non-technical stakeholders while preserving a single source of truth in code.

Sentiment

The community is broadly skeptical. While many find the vision intellectually appealing, the dominant sentiment is that it underestimates how messy, political, and human real organizations are. Most commenters see it as a rediscovery of existing enterprise tools (LDAP, ERP, HRIS) dressed up in developer-friendly terminology, with the added critique that trying to make it prescriptive would be either impossible or counterproductively rigid.

In Agreement

  • Structured, version-controlled organizational documentation would genuinely improve compliance auditing and impact analysis
  • GitLab's open handbook and individual practitioners (law firms using Recfiles, the author's own tool) demonstrate that limited versions of this concept can work in practice
  • LLMs and AI agents could make the concept more viable by operating in digital spaces where enforcement can be automated, unlike human workers
  • Model-based systems engineering (SysML v2) and GRC engineering share similar goals and have made progress in regulated industries like nuclear and automotive
  • Moving away from PDFs and Word docs toward programmatically accessible formats is a natural progression as AI is incorporated into businesses

Opposed

  • This essentially reinvents LDAP, Active Directory, and ERP systems like SAP — the concept is decades old and already widely implemented in enterprise software
  • Infrastructure as Code is prescriptive (code creates reality), but Company as Code would be descriptive (catching up to reality), making drift inevitable without enforcement mechanisms
  • Real organizations operate in fuzzy domains and gray zones where ambiguity is a feature — high-agency workers thrive precisely because they operate outside codified rules
  • Power dynamics prevent adoption: compliance officers and executives benefit from keeping organizational knowledge siloed and would resist the transparency this implies
  • Without a system that actually enforces the declared state, this is just 'more structured documentation' — no different from a Word doc in practice
  • The human element makes organizations fundamentally different from infrastructure — people are not CPUs and won't follow code that defines their roles