Company as Code

Original Article ↗ Hacker News Discussion ↗

Overall reaction to “company as code”

  • Many find the vision compelling: using structured, version-controlled representations of org structure, roles, policies, and compliance to enable automation, querying, and better audits.
  • Others see it as overreach: organizations are social systems; trying to fully encode them risks rigidity, drift from reality, and dehumanization.

“This already exists” vs novelty

  • Multiple commenters say the idea strongly resembles:
    • LDAP / Active Directory and enterprise directories.
    • HRIS, ERP, and identity/access management systems.
    • Policy-as-code, DevSecOps, and compliance automation.
    • GitLab-style “handbook as repo.”
  • Several argue the article largely rediscovers long-standing enterprise practices, just with modern dev tooling and AI gloss.

Technical feasibility and scope

  • Narrow, infrastructure-adjacent use cases are seen as very doable:
    • Terraform/Pulumi for org-related infra, GitHub/Slack identity, “org graph as code,” central DBs that audit cross-system inconsistencies.
    • Small-scale experiments using Recfiles, markdown+YAML, custom DSLs, graph or logic languages (Prolog, datalog, Mangle, SysML, MBSE).
  • Major concerns:
    • Keeping a “single source of truth” in sync with messy reality; documentation and code already drift.
    • Descriptive vs prescriptive: infra-as-code creates state; org-as-code mostly chases it.
    • Enforcement and side effects (e.g., permissions, secret rotation, layoffs) are hard and politically sensitive.

Human, social, and power dynamics

  • Several note that roles and responsibilities are emotionally loaded; people want empathy and flexibility, not just machine-verified rules.
  • High-agency workers and real workflows rely on gray zones and rule-bending; strict codification can kill innovation.
  • Strong theme that power holders (execs, compliance pros, managers) may resist such systems because they:
    • Threaten gatekeeping and opaque discretion.
    • Make decisions more auditable and constrain arbitrary power.

Compliance, regulation, and AI

  • Compliance frameworks (ISO 27001, SOC 2, GDPR) are messy, ambiguous, and deeply human; fully formalizing legal obligations is seen as intractable.
  • Some see “company as code” as an extension of GRC engineering and model-based systems engineering, with promise for automated evidence and real-time dashboards.
  • Others think LLMs applied to existing docs, tickets, and logs are more realistic than forcing humans to author everything as code.