EU AI Act compliance suite: Articles 11, 12, 13 + GDPR Article 30 from code and traces. One command, three articles.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for bipinrimal314 from gravatar.com bipinrimal314

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Bipin Rimal
  • Tags ai , annex-iv , audit , compliance , data-flow , eu-ai-act , gdpr , llm , mermaid , nist , observability , traceability
  • Requires: Python >=3.11
  • Provides-Extra: pdf
Classifiers
Report project as malware

Project description

AI Trace Auditor

Audit LLM traces against regulatory compliance requirements. Open-source CLI that sits between your observability stack (Langfuse, Arize, OTel) and regulatory frameworks (EU AI Act, NIST AI RMF).

Your observability tools collect traces. Your GRC platform manages policies. Nothing translates traces into compliance evidence. This tool does.

Install

pip install ai-trace-auditor

Or from source:

git clone https://github.com/BipinRimal314/ai-trace-auditor.git
cd ai-trace-auditor
pip install -e .

Quick Start

# Audit traces against all regulations
aitrace audit traces.json

# Audit against a specific regulation
aitrace audit traces.json -r "EU AI Act" -o report.md

# Audit your Claude Code conversation traces
aitrace audit ~/.claude/projects/*/session-id.jsonl

# Inspect what requirements exist
aitrace requirements --show EU-AIA-12.1

# Just ingest and summarize traces
aitrace ingest traces.json --summary

GitHub Action

Add compliance checks to your CI pipeline:

- name: Audit AI traces
  uses: BipinRimal314/ai-trace-auditor@v0.2.0
  with:
    path: traces/exported.json
    regulation: "EU AI Act"
    output: compliance-report.md
    fail-on-gaps: "true"

The action fails if compliance gaps are found. Set fail-on-gaps: "false" to report without blocking.

What It Checks

EU AI Act Article 12 (Record-Keeping):

  • Event timestamps, operation identification
  • Risk situation logging (errors, failure modes)
  • Model version tracking for post-market monitoring
  • Resource consumption (tokens, latency)
  • Content recording (opt-in)
  • Tool/function call audit trails
  • Trace linkage for multi-step operations

NIST AI RMF:

  • Production monitoring (MEASURE 2.4)
  • Transparency documentation (MEASURE 2.8)
  • Model explainability (MEASURE 2.9)
  • Risk tracking (MEASURE 3.1)
  • Post-deployment monitoring (MANAGE 4.1)
  • Incident communication (MANAGE 4.3)

Supported Trace Formats

Format Source
OTel OTLP JSON OpenTelemetry GenAI semantic conventions
Langfuse JSON Langfuse trace exports
Claude Code ~/.claude/projects/ conversation traces
Raw JSONL Any provider's API logs

Auto-detected. Use --format to override.

Example Output

Real output from auditing 1,522 Claude Code spans:

Overall Compliance Score: 79.3%

| Status    | Count |
|-----------|-------|
| Satisfied |    10 |
| Partial   |     5 |
| Missing   |     3 |

Top gaps:
  1. Not logging: Temperature parameter controlling output randomness
  2. Not logging: Maximum token limit for output generation
  3. Incomplete: Output responses generated by the AI model (31.9% coverage)
  4. Incomplete: Input prompts/messages (4.7% coverage)
  5. Not logging: Operation latency in milliseconds

CI Integration

Exit code 0 = all satisfied, 1 = gaps found:

aitrace audit traces.json -r "EU AI Act" || echo "Compliance gaps detected"

Library API

Use programmatically in your own tools:

from ai_trace_auditor.ingest import ingest_file
from ai_trace_auditor.analysis.engine import ComplianceAnalyzer
from ai_trace_auditor.regulations.registry import RequirementRegistry

traces = ingest_file(Path("traces.json"))

registry = RequirementRegistry()
registry.load()

report = ComplianceAnalyzer(registry).analyze(
    traces=traces,
    regulations=["EU AI Act"],
)

print(f"Score: {report.overall_score:.1%}")
for result in report.requirement_results:
    if result.gaps:
        print(f"  {result.requirement.id}: {result.gaps[0].recommendation}")

Disclaimer

This tool provides automated compliance assessments based on its interpretation of regulatory requirements. It is not legal advice. Consult qualified legal counsel for compliance decisions.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for bipinrimal314 from gravatar.com bipinrimal314

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Bipin Rimal
  • Tags ai , annex-iv , audit , compliance , data-flow , eu-ai-act , gdpr , llm , mermaid , nist , observability , traceability
  • Requires: Python >=3.11
  • Provides-Extra: pdf
Classifiers

Release history Release notifications | RSS feed

0.16.0

0.15.0

0.14.0

0.13.0

This version

0.12.0

0.11.0

0.10.1

0.10.0

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ai_trace_auditor-0.12.0.tar.gz (136.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ai_trace_auditor-0.12.0-py3-none-any.whl (121.4 kB view details)

Uploaded Python 3

File details

Details for the file ai_trace_auditor-0.12.0.tar.gz.

File metadata

  • Download URL: ai_trace_auditor-0.12.0.tar.gz
  • Upload date:
  • Size: 136.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ai_trace_auditor-0.12.0.tar.gz
Algorithm Hash digest
SHA256 ea85f450f97f210881cf98a531aa56f2682bb567df3389e8466d8b722a2c629f
MD5 265dfdece62d4637fd0b37f05a5378d5
BLAKE2b-256 00994102821dc23f0181f480b5d69a167189cc34bdeb771920e63f3c2daf8b01

See more details on using hashes here.

Provenance

The following attestation bundles were made for ai_trace_auditor-0.12.0.tar.gz:

Publisher: publish.yml on BipinRimal314/ai-trace-auditor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ai_trace_auditor-0.12.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ai_trace_auditor-0.12.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cb7557e0d4242eab1d19177f72969a330fec5fc34e133d2a7e24e74b29a3b244
MD5 87352a25d23294ca9fad308635558994
BLAKE2b-256 eada92f34206e465eac4fdbbfd20bb8656f44ba1f82b024f2b5506d6022e8801

See more details on using hashes here.

Provenance

The following attestation bundles were made for ai_trace_auditor-0.12.0-py3-none-any.whl:

Publisher: publish.yml on BipinRimal314/ai-trace-auditor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page