FINOS AI Governance Framework v2.0 tooling — coverage reporter, evidence-pack generator, mitigation submission renderer.
Project description
bondfoundry-finos
Map your AI-governance implementation to the FINOS AI Governance Framework v2.0 — coverage reports, evidence packs, mitigation submissions, cross-framework crosswalk.
Docs: https://bondfoundry.dev · Source: https://github.com/Skelf-Research/bondfoundry · Issues: https://github.com/Skelf-Research/bondfoundry/issues
What is this?
bondfoundry-finos is the tooling layer that turns an AI deployment into an auditable record against the FINOS AI Governance Framework v2.0 (AIR). It ships a CLI that produces the artefacts compliance teams and regulators ask for: a control-mapping table from AIR risks/mitigations to your concrete implementation, a coverage report computed from eval-harness output, evidence packs over date ranges, audit-chain verification, mitigation submissions ready for upstream FINOS PR, and shields.io badges.
It is the reference implementation of how the AIGF maps onto a working trading system, and is framework-agnostic at the data layer — the same CLI works for any product whose policy gate and eval harness emit AIR-compatible references. Adjacent frameworks (NIST AI RMF, NIST SP 800-53r5, EU AI Act, ISO/IEC 42001, FFIEC IT Handbook, OWASP LLM Top-10, MAS FEAT/Veritas, SR 11-7) are surfaced through the --enrich and cross-framework commands.
Install
pip install bondfoundry-finos
# or
uv add bondfoundry-finos
Optional integrations:
pip install "bondfoundry-finos[engine]" # pull audit fixtures from the engine
pip install "bondfoundry-finos[eval]" # read coverage from eval reports
Quickstart
from bondfoundry_finos import build_mapping_table
from bondfoundry_finos.mapping import render_markdown, render_json
rows = build_mapping_table()
print(render_markdown(rows)) # markdown table of AIR-* ids → implementations
data = render_json() # same data as list[dict] for downstream tooling
From the shell:
bondfoundry-finos mapping --format markdown --enrich > docs/control-mapping.md
bondfoundry-finos coverage --results-dir evals/results/latest --threshold 0.85
bondfoundry-finos evidence-pack --period 2026Q1 --out evidence/2026Q1.zip
bondfoundry-finos verify-chain --side both
bondfoundry-finos badges --results-dir evals/results/latest --out badges/
Use cases
- Regulator-ready evidence — generate a control-mapping table that names each AIR risk/mitigation, the file:line it is implemented at, the eval cases that cover it, and the tier it sits at.
- Continuous coverage gating — fail CI if AIGF coverage drops below a threshold (default 85%) after a code change or new risk publication.
- Submission to FINOS upstream — render canonical mitigation pages (
mi-*.md) for PR to the FINOS AIR repository. - Cross-framework crosswalk — surface adjacent obligations (NIST AI RMF, EU AI Act, ISO 42001, OWASP LLM Top-10, SR 11-7) for a single AIR id.
- Audit-chain verification — re-derive the hash chain over the engine + agent append-only audit tables and confirm there has been no tamper.
CLI
| Command | Purpose |
|---|---|
bondfoundry-finos mapping |
Emit AIR-id → implementation mapping (markdown or JSON; --enrich adds cross-framework refs). |
bondfoundry-finos coverage |
Compute AIGF risk coverage from latest eval report; fail under threshold. |
bondfoundry-finos evidence-pack |
Bundle audit rows, eval results, and mappings for a reporting period. |
bondfoundry-finos verify-chain |
Re-derive and verify the engine + agent audit hash chains. |
bondfoundry-finos verify-restore |
Validate a database dump restores to a hash-identical chain. |
bondfoundry-finos catalog-coverage |
Coverage check against the AIR risk + mitigation catalog. |
bondfoundry-finos submission render |
Render canonical mi-*.md mitigation pages for FINOS upstream PR. |
bondfoundry-finos badges |
Generate shields.io badge JSON (coverage, AIGF version, status). |
bondfoundry-finos cross-framework |
Emit the crosswalk between AIR ids and adjacent frameworks. |
Where it fits
bondfoundry-finos depends on bondfoundry-policy for the canonical AIR risk and mitigation ids, and optionally on bondfoundry-engine and bondfoundry-eval for audit fixtures and eval output. It is import-safe to use standalone in any system whose policy gate exports FrameworkRef objects.
Frameworks covered
FINOS AIGF v2.0 (23/23 risks, 6 agentic + 7 cross-cutting mitigations), NIST AI RMF, NIST SP 800-53r5, EU AI Act, ISO/IEC 42001, FFIEC IT Handbook, OWASP LLM Top-10 (2025), MAS FEAT/Veritas, SR 11-7.
Links
- Documentation: https://bondfoundry.dev
- Source: https://github.com/Skelf-Research/bondfoundry
- Issues: https://github.com/Skelf-Research/bondfoundry/issues
- Changelog: https://github.com/Skelf-Research/bondfoundry/blob/main/ROADMAP.md
- FINOS AIR: https://air.finos.org/
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bondfoundry_finos-0.3.0-py3-none-any.whl.
File metadata
- Download URL: bondfoundry_finos-0.3.0-py3-none-any.whl
- Upload date:
- Size: 32.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.11 {"installer":{"name":"uv","version":"0.11.11","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3fdac606dc728c1abe4515a86f9d5b61b039cdbe7441a4974f2887d48edc94a9
|
|
| MD5 |
19f23600ddfe0344b5b221f76060983f
|
|
| BLAKE2b-256 |
69b82e591a272cb38426f76d937b51bfb8ea891d2aa1e94a4207af4f22bd50b2
|
