LightworksBETA
FDA · ISO 13485 · IEC 62304 · 21 CFR Part 11

Regulatory clearance,
shipped from main.

The Quality Management System for AI SaMD startups. Markdown that feels like Notion, databases you query with branch-aware SQL, and a Design History File that builds itself from your release tag — all version-controlled in your own repo.

Request access Tour the appFree for pre-seed · No card · No vendor lock-in
§ 02HOW IT WORKS

Four moves from repo to clearance.

01

Connect

Install the Lightworks app on the GitHub repos that ship your model and product code.

$ gh auth · install lightworks
02

Write

Quality Manual, SOPs — authored in our Notion-like editor, stored as markdown in /qms.

qms/sop/SOP-014.md · editing
03

Automate

Traceability matrix and SBOM rebuild on every commit. Drift between requirements and tests fails CI.

✓ traceability ✓ sbom
04

Clear

Release a version and Lightworks compiles a Design History File you can hand to your auditor.

release/v1.4.0 → DHF.pdf
LIGHTWORKS QUERY LANGUAGE

Query your QMS at any commit.

LQL extends SQL with two new primitives: AT TAG for point-in-time queries and TRACE for requirement-to-test joins. Run a coverage report at any release tag, diff your traceability matrix across versions, or pull every gap before a submission — without leaving your QMS.

  • AT TAG 'v2.5'Query historical state without checking out
  • Schema-awarestatus · multi-select · person · esign · date
  • Saveable queriesPin to dashboards, share via PR comment
app.lightworks.md/demo/qms/console
Run
1
2
TRACE requirements tests
AT TAG 'v2.5'
⎇ v2.5|c7e99fc4 requirements × 4 tests1gap|⏱ 1.17s
requirements →
↓ tests
Audit logs shall be immutableData at rest shall be encrypted with AES-256User authentication shall use MFASystem shall enforce role-based access control
MFA login flow verification··
Audit log tamper detection··
Encryption key rotation validation···
TOTP token rejection test···
app.lightworks.md/qms/change-log

Merge pull request #82

AuthorZ@ZachMoreno
Committed onApril 25, 2026 at 10:24 PM
Hashm3
Changes+4-41 file
CHANGE LOG

Every merge is a QMS event.

The Change Log is your QMS's audit trail rendered as a git graph. Every merge carries a hash-chained, MFA-backed signature — reviewable at any commit, exportable per release. Your engineers ship; the audit trail writes itself.

  • Branch-awareView QMS state at any branch or tag
  • ImmutableSHA-256 chained, tamper-evident
  • ExportableOne-click PDF for auditors and submissions
API & INTEGRATIONS

Your QMS in your pipeline.

Lightworks ships a REST API and a first-class GitHub Actions integration. Traceability checks, eSignature gates, SBOM generation, and LQL queries all run as status checks on your PRs — or from any script that can make an HTTP request.

bash — lightworks-sync
$ curl -sf -X POST "$LW_API_URL/api/v1/records" \
-H "Authorization: Bearer $LW_API_TOKEN" \
-d { "db": "tests",
"properties": {
"title": "MFA login flow verification",
"results": "passed" } }
{ "object": "record", "id": "test-a3f7k2" }
bash — lightworks-sync
$ curl -sf -X POST "$LW_API_URL/api/v1/prs/pr-42/finalize" \
-H "Authorization: Bearer $LW_API_TOKEN"
{
"object": "pr",
"prNumber": 7,
"prUrl": "https://github.com/acme/qms/pull/7"
}
§ 04BENEFITS

Version quality like you version code.

Your QMS is plain markdown, in your repo.

Notion's history doesn't pass an audit, and proprietary QMS vendors hold your data hostage. Lightworks writes everything as markdown into /qms. Take it with you. Host it elsewhere. Your auditor reads it without an account.

WHY THIS, WHY NOW

FDA cleared 950+ AI/ML-enabled devices through 2024. None of the QMS tools their teams used were built for engineers.

18 mo
average 510(k) prep when QMS lives in Word + SharePoint
3 wks
to reproduce a single audit trail in a Notion-only QMS
0
lines of code most QMS vendors will let you write
1
git push from compliant
§ 06QUESTIONS

What engineers ask before they install.

Each workspace can issue scoped API tokens (read:databases, write:databases) from Settings → API Tokens. Tokens are hashed on creation — we never store the raw value. Use them in CI scripts, external dashboards, or any tool that needs programmatic access to your QMS data.

Yes. The Lightworks GitHub App listens to push and pull_request events. SBOM generation, traceability coverage checks, and eSignature gates all run as status checks on your PRs — no separate CI config required. You can also trigger LQL queries from your own workflows via the API.

Every commit to your /qms directory triggers an incremental re-index. Content is indexed by document title, heading, body text, and database field values. Search is branch-aware — you can scope results to main, a feature branch, or any release tag.

Yes. When you connect a repo you specify a qms_path (e.g. packages/qms or services/device-a/qms). Multiple product lines in the same repo each get their own isolated QMS path, separate audit trails, and separate DHF outputs.

Yes. The QMS lives as plain markdown in your repo. Uninstall the GitHub App and you keep every artefact, every signature hash, forever — no export wizard, no vendor lock-in.

Lightworks
NO GURUS · NO MASTERS · NO VENDOR LOCK-IN

Earn your regulatory clearance,
one commit at a time.

Connect a repo, pick a template, ship a Design History File from your release tag.

Connect a repo →Book a 20-min demo