AI compliance and audit logging infrastructure with multi-framework support

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers
Report project as malware

Project description

rotalabs-comply

PyPI version Python versions License Tests

AI compliance and audit logging infrastructure with multi-framework support.

Features

  • Audit Logging: Encrypted, privacy-preserving audit trails for AI interactions
  • Multi-Framework Support: EU AI Act, SOC2 Type II, HIPAA compliance checking
  • Report Generation: Customizable compliance reports in Markdown, JSON, or HTML
  • Privacy-First Design: Hash-only mode or encrypted content storage
  • Multiple Storage Backends: File, S3, or in-memory storage
  • Async-First: Built for high-performance async applications

Installation

pip install rotalabs-comply

With S3 storage support:

pip install rotalabs-comply[s3]

Quick Start

Audit Logging

import asyncio
from rotalabs_comply import AuditLogger, EncryptionManager, MemoryStorage

async def main():
    # Set up encrypted audit logging
    encryption = EncryptionManager()
    storage = MemoryStorage()
    logger = AuditLogger(storage, encryption=encryption, store_content=True)

    # Log an AI interaction
    entry_id = await logger.log(
        input="What is the capital of France?",
        output="The capital of France is Paris.",
        provider="openai",
        model="gpt-4",
        safety_passed=True,
        latency_ms=245.5,
    )

    print(f"Logged entry: {entry_id}")

    # Retrieve the entry
    entry = await logger.get_entry(entry_id)
    print(f"Provider: {entry.provider}, Model: {entry.model}")

asyncio.run(main())

Privacy Mode (Hash-Only)

# Only store content hashes, not actual content
logger = AuditLogger(
    "/var/log/ai-audit",
    store_content=False,  # Only store SHA-256 hashes
    retention_days=365,
)

Compliance Checking

from rotalabs_comply import EUAIActFramework, SOC2Framework, HIPAAFramework
from rotalabs_comply.frameworks.base import AuditEntry, ComplianceProfile
from datetime import datetime

async def check_compliance():
    # Create frameworks
    eu_ai = EUAIActFramework()
    soc2 = SOC2Framework()

    # Create an audit entry to check
    entry = AuditEntry(
        entry_id="test-001",
        timestamp=datetime.utcnow(),
        event_type="inference",
        actor="user@example.com",
        action="Generated text response",
        human_oversight=True,
        user_notified=True,
    )

    # Create compliance profile
    profile = ComplianceProfile(
        profile_id="high-risk",
        name="High Risk AI System",
        risk_level="high",
    )

    # Check compliance
    result = await eu_ai.check(entry, profile)
    print(f"EU AI Act compliant: {result.is_compliant}")
    print(f"Violations: {len(result.violations)}")

    for violation in result.violations:
        print(f"  - {violation.rule_id}: {violation.description}")

asyncio.run(check_compliance())

Report Generation

from datetime import datetime, timedelta
from rotalabs_comply import ReportGenerator, MemoryStorage
from rotalabs_comply.core import ComplianceProfile, Framework

async def generate_report():
    storage = MemoryStorage()
    generator = ReportGenerator(storage)

    # Define compliance profile
    profile = ComplianceProfile(
        frameworks=[Framework.EU_AI_ACT, Framework.SOC2],
        risk_level="high",
    )

    # Generate report for last 30 days
    end = datetime.utcnow()
    start = end - timedelta(days=30)

    report = await generator.generate(
        period_start=start,
        period_end=end,
        profile=profile,
    )

    # Export to markdown
    markdown = generator.export_markdown(report)
    print(markdown)

asyncio.run(generate_report())

Compliance Frameworks

EU AI Act

European Union's comprehensive AI regulation for high-risk systems:

Rule ID Description Category
EUAI-001 Human oversight documentation oversight
EUAI-002 AI interaction notification transparency
EUAI-003 Risk assessment risk_management
EUAI-004 Technical documentation documentation
EUAI-005 Training data documentation documentation
EUAI-006 Error handling robustness risk_management
EUAI-007 Accuracy monitoring risk_management
EUAI-008 Cybersecurity measures security

SOC2 Type II

AICPA Trust Service Criteria:

Rule ID Description Category
SOC2-CC6.1 Logical access controls security
SOC2-CC6.2 System boundary definition security
SOC2-CC7.1 System monitoring security
SOC2-CC7.2 Incident response security
SOC2-CC8.1 Availability monitoring availability
SOC2-PI1.1 Processing integrity processing_integrity
SOC2-C1.1 Confidentiality classification confidentiality
SOC2-P1.1 Privacy notice privacy

HIPAA

US healthcare data protection (with HITECH updates):

Rule ID Description Category
HIPAA-164.312(a) Access control access_control
HIPAA-164.312(b) Audit controls audit
HIPAA-164.312(c) Integrity controls integrity
HIPAA-164.312(d) Person authentication authentication
HIPAA-164.312(e) Transmission security transmission
HIPAA-164.502 Uses and disclosures privacy
HIPAA-164.514 De-identification privacy

Storage Backends

File Storage

from rotalabs_comply import AuditLogger, FileStorage

# JSONL files with automatic rotation
storage = FileStorage("/var/log/ai-audit", rotation_size_mb=100)
logger = AuditLogger(storage)

S3 Storage

from rotalabs_comply import AuditLogger, S3Storage

# Requires: pip install rotalabs-comply[s3]
storage = S3Storage(
    bucket="my-audit-bucket",
    prefix="ai-audit/",
    region="us-east-1",
)
logger = AuditLogger(storage)

Memory Storage (Testing)

from rotalabs_comply import AuditLogger, MemoryStorage

storage = MemoryStorage(max_entries=10000)
logger = AuditLogger(storage)

Encryption

All audit content can be encrypted using Fernet symmetric encryption:

from rotalabs_comply import EncryptionManager, generate_key

# Auto-generate key
encryption = EncryptionManager()
key = encryption.get_key()  # Save this securely!

# Or provide your own key
key = generate_key()
encryption = EncryptionManager(key=key)

# Use with AuditLogger
logger = AuditLogger(
    storage,
    encryption=encryption,
    store_content=True,  # Store encrypted content
)

API Reference

Core Types

  • RiskLevel - Enum: LOW, MEDIUM, HIGH, CRITICAL
  • Framework - Enum: EU_AI_ACT, SOC2, HIPAA, GDPR, NIST_AI_RMF, ISO_42001
  • AuditEntry - Audit log entry data model
  • ComplianceProfile - Compliance configuration
  • ComplianceViolation - Detected violation
  • ComplianceCheckResult - Framework check result

Audit Module

  • AuditLogger - Main audit logging interface
  • EncryptionManager - Encryption utilities
  • FileStorage - JSONL file storage
  • MemoryStorage - In-memory storage
  • S3Storage - AWS S3 storage

Frameworks

  • EUAIActFramework - EU AI Act compliance
  • SOC2Framework - SOC2 Type II compliance
  • HIPAAFramework - HIPAA compliance

Reports

  • ReportGenerator - Generate compliance reports
  • ComplianceReport - Report data model
  • ReportSection - Report section

Links

License

MIT License - see LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers

Release history Release notifications | RSS feed

1.0.0

0.2.0

This version

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rotalabs_comply-0.1.0.tar.gz (64.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rotalabs_comply-0.1.0-py3-none-any.whl (68.6 kB view details)

Uploaded Python 3

File details

Details for the file rotalabs_comply-0.1.0.tar.gz.

File metadata

  • Download URL: rotalabs_comply-0.1.0.tar.gz
  • Upload date:
  • Size: 64.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for rotalabs_comply-0.1.0.tar.gz
Algorithm Hash digest
SHA256 44a5c6a9ecaa2b219801a66b30d7d0d827a5d481b556d434a2d00e24fc42c7a3
MD5 48b1346e1f4c02748d77b426d981b6b4
BLAKE2b-256 296cb1545da9d24f426bfd47709ead12cdc0d15eee3c298719e828a2b991b537

See more details on using hashes here.

File details

Details for the file rotalabs_comply-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for rotalabs_comply-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0a35e2fe4799e2201533f9b2af7c4242c8b88cee03f755f710e9403c738c7e23
MD5 930315e550da006f85597209ca9e5819
BLAKE2b-256 ccd01f93ace37135002b9ed122453a2e770bdce6b9dfdeeb23238124fb095598

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page