EU AI Act compliance suite: Articles 11, 12, 13, 25 + GDPR Article 30. Multi-agent DAG auditing with per-agent compliance scoring.
Project description
AI Trace Auditor
Audit LLM traces against regulatory compliance requirements. Open-source CLI that sits between your observability stack (Langfuse, Arize, OTel) and regulatory frameworks (EU AI Act, NIST AI RMF).
Your observability tools collect traces. Your GRC platform manages policies. Nothing translates traces into compliance evidence. This tool does.
Install
pip install ai-trace-auditor
Or from source:
git clone https://github.com/BipinRimal314/ai-trace-auditor.git
cd ai-trace-auditor
pip install -e .
Quick Start
# Audit traces against all regulations
aitrace audit traces.json
# Audit against a specific regulation
aitrace audit traces.json -r "EU AI Act" -o report.md
# Audit your Claude Code conversation traces
aitrace audit ~/.claude/projects/*/session-id.jsonl
# Inspect what requirements exist
aitrace requirements --show EU-AIA-12.1
# Just ingest and summarize traces
aitrace ingest traces.json --summary
GitHub Action
Add compliance checks to your CI pipeline:
- name: Audit AI traces
uses: BipinRimal314/ai-trace-auditor@v0.13.0
with:
path: traces/exported.json
regulation: "EU AI Act"
output: compliance-report.md
fail-on-gaps: "true"
The action fails if compliance gaps are found. Set fail-on-gaps: "false" to report without blocking.
What It Checks
EU AI Act Article 12 (Record-Keeping):
- Event timestamps, operation identification
- Risk situation logging (errors, failure modes)
- Model version tracking for post-market monitoring
- Resource consumption (tokens, latency)
- Content recording (opt-in)
- Tool/function call audit trails
- Trace linkage for multi-step operations
EU AI Act Article 25 (Value Chain Accountability) -- NEW in v0.13.0:
- Agent identity traceability across multi-agent systems
- Delegation chain documentation (who delegated what to whom)
- MCP boundary transparency (cross-boundary tool calls)
- Substantial modification detection (deployer-to-provider liability shift)
- Bottom-up penalty propagation: downstream agent failures cascade to upstream delegators
- Per-agent compliance scores with system-level aggregation
NIST AI RMF:
- Production monitoring (MEASURE 2.4)
- Transparency documentation (MEASURE 2.8)
- Model explainability (MEASURE 2.9)
- Risk tracking (MEASURE 3.1)
- Post-deployment monitoring (MANAGE 4.1)
- Incident communication (MANAGE 4.3)
Supported Trace Formats
| Format | Source |
|---|---|
| OTel OTLP JSON | OpenTelemetry GenAI semantic conventions |
| Langfuse JSON | Langfuse trace exports |
| Claude Code | ~/.claude/projects/ conversation traces |
| Raw JSONL | Any provider's API logs |
Auto-detected. Use --format to override.
Multi-Agent Support (v0.13.0)
Automatically detects multi-agent traces from LangGraph, CrewAI, AutoGen, and Google ADK. When multiple agents are detected:
- Reconstructs the execution DAG from parent-child span relationships
- Computes per-agent compliance scores with bottom-up penalty propagation
- Checks Article 25 "value chain accountability" requirements
- Detects liability shifts when deployers may become providers
- Generates Mermaid DAG visualizations with
--show-dag
# Audit a multi-agent trace with DAG visualization
aitrace audit multi_agent_traces.json --show-dag
# Output includes per-agent scores:
# Per-Agent Compliance Scores
# | orchestrator-1 | 33.0% | (red: penalized for downstream failures)
# | researcher-1 | 66.4% | (amber: own gaps + some coverage)
# | writer-1 | 66.4% | (amber: own gaps + some coverage)
Single-agent traces continue to work identically. Article 25 requirements are only checked when multiple agents are detected.
Example Output
Real output from auditing 1,522 Claude Code spans:
Overall Compliance Score: 79.3%
| Status | Count |
|-----------|-------|
| Satisfied | 10 |
| Partial | 5 |
| Missing | 3 |
Top gaps:
1. Not logging: Temperature parameter controlling output randomness
2. Not logging: Maximum token limit for output generation
3. Incomplete: Output responses generated by the AI model (31.9% coverage)
4. Incomplete: Input prompts/messages (4.7% coverage)
5. Not logging: Operation latency in milliseconds
CI Integration
Exit code 0 = all satisfied, 1 = gaps found:
aitrace audit traces.json -r "EU AI Act" || echo "Compliance gaps detected"
Library API
Use programmatically in your own tools:
from ai_trace_auditor.ingest import ingest_file
from ai_trace_auditor.analysis.engine import ComplianceAnalyzer
from ai_trace_auditor.regulations.registry import RequirementRegistry
traces = ingest_file(Path("traces.json"))
registry = RequirementRegistry()
registry.load()
report = ComplianceAnalyzer(registry).analyze(
traces=traces,
regulations=["EU AI Act"],
)
print(f"Score: {report.overall_score:.1%}")
for result in report.requirement_results:
if result.gaps:
print(f" {result.requirement.id}: {result.gaps[0].recommendation}")
Disclaimer
This tool provides automated compliance assessments based on its interpretation of regulatory requirements. It is not legal advice. Consult qualified legal counsel for compliance decisions.
License
Apache 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ai_trace_auditor-0.14.0.tar.gz.
File metadata
- Download URL: ai_trace_auditor-0.14.0.tar.gz
- Upload date:
- Size: 526.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c5660bb5e274ab51e61ba1625f7d825af55b4b65ff0c82ab26560cf710653976
|
|
| MD5 |
f830a21d81044101e884db25b5d37e69
|
|
| BLAKE2b-256 |
aa90734c73a970d136a3874f45688654c6570bedab655b2238c082ef21ed76e4
|
File details
Details for the file ai_trace_auditor-0.14.0-py3-none-any.whl.
File metadata
- Download URL: ai_trace_auditor-0.14.0-py3-none-any.whl
- Upload date:
- Size: 153.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
51dd2cf569b9bf734d4a29834c1390f11718c0158681c43ed8ea5e8e57103e7d
|
|
| MD5 |
0c5e529e1d2eb5594052a82c863e04a9
|
|
| BLAKE2b-256 |
bf4ea87d22143c8a7895807fcd3a50b1152f46cfbab212aaa02343661ce93139
|
