EU AI Act compliance suite: Articles 11, 12, 13 + GDPR Article 30 from code and traces. One command, three articles.
Project description
AI Trace Auditor
Audit LLM traces against regulatory compliance requirements. Open-source CLI that sits between your observability stack (Langfuse, Arize, OTel) and regulatory frameworks (EU AI Act, NIST AI RMF).
Your observability tools collect traces. Your GRC platform manages policies. Nothing translates traces into compliance evidence. This tool does.
Install
pip install ai-trace-auditor
Or from source:
git clone https://github.com/BipinRimal314/ai-trace-auditor.git
cd ai-trace-auditor
pip install -e .
Quick Start
# Audit traces against all regulations
aitrace audit traces.json
# Audit against a specific regulation
aitrace audit traces.json -r "EU AI Act" -o report.md
# Audit your Claude Code conversation traces
aitrace audit ~/.claude/projects/*/session-id.jsonl
# Inspect what requirements exist
aitrace requirements --show EU-AIA-12.1
# Just ingest and summarize traces
aitrace ingest traces.json --summary
GitHub Action
Add compliance checks to your CI pipeline:
- name: Audit AI traces
uses: BipinRimal314/ai-trace-auditor@v0.2.0
with:
path: traces/exported.json
regulation: "EU AI Act"
output: compliance-report.md
fail-on-gaps: "true"
The action fails if compliance gaps are found. Set fail-on-gaps: "false" to report without blocking.
What It Checks
EU AI Act Article 12 (Record-Keeping):
- Event timestamps, operation identification
- Risk situation logging (errors, failure modes)
- Model version tracking for post-market monitoring
- Resource consumption (tokens, latency)
- Content recording (opt-in)
- Tool/function call audit trails
- Trace linkage for multi-step operations
NIST AI RMF:
- Production monitoring (MEASURE 2.4)
- Transparency documentation (MEASURE 2.8)
- Model explainability (MEASURE 2.9)
- Risk tracking (MEASURE 3.1)
- Post-deployment monitoring (MANAGE 4.1)
- Incident communication (MANAGE 4.3)
Supported Trace Formats
| Format | Source |
|---|---|
| OTel OTLP JSON | OpenTelemetry GenAI semantic conventions |
| Langfuse JSON | Langfuse trace exports |
| Claude Code | ~/.claude/projects/ conversation traces |
| Raw JSONL | Any provider's API logs |
Auto-detected. Use --format to override.
Example Output
Real output from auditing 1,522 Claude Code spans:
Overall Compliance Score: 79.3%
| Status | Count |
|-----------|-------|
| Satisfied | 10 |
| Partial | 5 |
| Missing | 3 |
Top gaps:
1. Not logging: Temperature parameter controlling output randomness
2. Not logging: Maximum token limit for output generation
3. Incomplete: Output responses generated by the AI model (31.9% coverage)
4. Incomplete: Input prompts/messages (4.7% coverage)
5. Not logging: Operation latency in milliseconds
CI Integration
Exit code 0 = all satisfied, 1 = gaps found:
aitrace audit traces.json -r "EU AI Act" || echo "Compliance gaps detected"
Library API
Use programmatically in your own tools:
from ai_trace_auditor.ingest import ingest_file
from ai_trace_auditor.analysis.engine import ComplianceAnalyzer
from ai_trace_auditor.regulations.registry import RequirementRegistry
traces = ingest_file(Path("traces.json"))
registry = RequirementRegistry()
registry.load()
report = ComplianceAnalyzer(registry).analyze(
traces=traces,
regulations=["EU AI Act"],
)
print(f"Score: {report.overall_score:.1%}")
for result in report.requirement_results:
if result.gaps:
print(f" {result.requirement.id}: {result.gaps[0].recommendation}")
Disclaimer
This tool provides automated compliance assessments based on its interpretation of regulatory requirements. It is not legal advice. Consult qualified legal counsel for compliance decisions.
License
Apache 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ai_trace_auditor-0.10.1.tar.gz.
File metadata
- Download URL: ai_trace_auditor-0.10.1.tar.gz
- Upload date:
- Size: 117.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aeb0d4ea2a668250a25afb49598e30d89eea0c06c39f1862c11059263b77640b
|
|
| MD5 |
16b828e97b1b2f2bd6ee3fa080d7bb21
|
|
| BLAKE2b-256 |
c12a1892c04fbd1f11a63779124284c4f39948c34129f7d3e4b871c7317df9a5
|
File details
Details for the file ai_trace_auditor-0.10.1-py3-none-any.whl.
File metadata
- Download URL: ai_trace_auditor-0.10.1-py3-none-any.whl
- Upload date:
- Size: 111.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65c1e16f4b0cd5f8fb134798625097bad291576f66136a7f1a100343b3a57866
|
|
| MD5 |
c2c9b88588652e96f63d31c909ff11f7
|
|
| BLAKE2b-256 |
dcaa05cf712218581887caa7014aa5ec0fd0286d5fea437af549a36624afe5c2
|
