Skip to content

Compliance & observability

The evidence you already produce doubles as control evidence and slots into the observability trace your tooling already shows. Both ride standards, so neither asks you to adopt a new system.

Compliance evidence exports

A single command maps a run's gated receipts to a named control set and writes a report a reviewer can re-verify:

python3 tools/compliance_export.py
compliance export: 16 gated receipts → control evidence
  [satisfied] SOC 2          SOC2-CC8.1            (16 receipts)
  [satisfied] EU AI Act      EU-AI-Act-Art-12      (16 receipts)
  [satisfied] EU AI Act      EU-AI-Act-Art-26.6    (16 receipts)
  [satisfied] ISO/IEC 42001  ISO-42001-A.6.2.6     (16 receipts)
Control Framework What the gated receipts show
CC8.1 SOC 2 Changes are authorized, tested, and approved before deployment.
Art. 12 EU AI Act Automatic logging of events across the system's lifecycle.
Art. 26(6) EU AI Act The deployer keeps the automatically generated logs.
A.6.2.6 ISO/IEC 42001 Verification and validation records are retained.

Grounded, not asserted

The difference from a compliance dashboard is that the export is grounded in real receipts. Every control marked satisfied lists the backing receipt hashes, and a verifier fails closed unless each one exists in the run — so the export cannot claim a control it can't substantiate. A reviewer re-checks the claim against the receipts; they don't take a green cell on faith.

Proof is a stronger form of the same evidence

Most regulations mandate logs, not cryptographic proof. A re-verifiable attestation is a stronger version of exactly that: a log entry a third party can independently confirm was not edited after the fact.

Bound to your observability trace

When an agent runs under an OTEL span, the verdict carries the trace and span it was produced under — parsed from a W3C traceparentinside the signed attestation. Because the ids are in the signed predicate, a mutated trace reference breaks the signature.

↳ bound to OTEL trace 4bf92f3577b3… span 00f067aa0ba9…

So the cryptographic verdict and your observability tooling reference the same span: the referee rides the trace distribution you already run, rather than fighting it. verify_all reports the binding as part of offline verification.

Context hygiene, attested

Each cycle is signed off by a freshly-minted agent, distinct per cycle. Distinct cycles use distinct agents, so no signing context is carried between them — and that property is attested, not assumed:

[ok ] fresh    16/16 cycles each used a distinct fresh agent

A verifier checks that every cycle's attestation is valid and that the fresh agents are all distinct; a reused agent fails the check. Context hygiene — the "no state carried between runs" property — becomes offline-checkable evidence rather than a claim in a README.