Documentation
¶
Overview ¶
Package audit builds an auditor-ready compliance export for a governed run. It maps the controls RiskKernel actually recorded — budgets, human approvals, tool governance, and the cost ledger — to the relevant OWASP and EU AI Act references, and emits a hash-chained, tamper-evident event log.
Honesty note (a deliberate product constraint): this is an EVIDENCE export, not a legal compliance determination. It reports what RiskKernel deterministically enforced and recorded and which framework control each piece of evidence supports; an auditor evaluates sufficiency. Nothing here is inferred by an LLM.
Index ¶
Constants ¶
const Disclaimer = "" /* 172-byte string literal not displayed */
Disclaimer is included verbatim in every report so the framing can't be lost.
Variables ¶
This section is empty.
Functions ¶
func VerifyChain ¶
VerifyChain re-derives the event chain and reports whether it matches each event's stored hash and the given head — the auditor-side check.
Types ¶
type Control ¶
type Control struct {
Control string `json:"control"`
Statement string `json:"statement"`
OWASP []string `json:"owasp"`
EUAIAct []string `json:"euAiAct"`
Evidence map[string]any `json:"evidence"`
}
Control is one governance control, the framework references it supports, and the evidence RiskKernel recorded for it.
type Event ¶
type Event struct {
Seq int `json:"seq"`
Type string `json:"type"`
At time.Time `json:"at"`
Detail map[string]any `json:"detail"`
Hash string `json:"hash"`
}
Event is one entry in the append-only, hash-chained log. Hash = sha256(prevHash + canonical(seq,type,at,detail)); any reorder/edit breaks it.
type Integrity ¶
type Integrity struct {
Algo string `json:"algo"`
Events int `json:"events"`
ChainHead string `json:"chainHead"`
HowToVerify string `json:"howToVerify"`
}
Integrity lets an auditor re-derive and verify the chain.
type Report ¶
type Report struct {
Report string `json:"report"`
Version int `json:"version"`
GeneratedAt time.Time `json:"generatedAt"`
Disclaimer string `json:"disclaimer"`
Run RunView `json:"run"`
Controls []Control `json:"controls"`
Events []Event `json:"events"`
Integrity Integrity `json:"integrity"`
}
Report is the compliance export.
type RunData ¶
type RunData struct {
Run storage.RunRecord
Ledger []storage.LedgerEntry
Totals storage.LedgerTotals
ToolCalls []storage.ToolCallRecord
Approvals []storage.ApprovalRecord
}
RunData is everything a compliance report is built from — all read from the durable store, nothing recomputed.
type RunView ¶
type RunView struct {
ID string `json:"id"`
Name string `json:"name"`
Status string `json:"status"`
HaltReason string `json:"haltReason,omitempty"`
Budget map[string]any `json:"budget"`
Usage map[string]any `json:"usage"`
CreatedAt time.Time `json:"createdAt"`
}
RunView is the run's governance summary.
Source Files