AI compliance and audit logging infrastructure with multi-framework support

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers
Report project as malware

Project description

rotalabs-comply

PyPI version Python versions License Tests

AI compliance and audit logging infrastructure with multi-framework support.

Features

  • Audit Logging: Encrypted, privacy-preserving audit trails for AI interactions
  • Multi-Framework Support: EU AI Act, SOC2 Type II, HIPAA compliance checking
  • Report Generation: Customizable compliance reports in Markdown, JSON, or HTML
  • Privacy-First Design: Hash-only mode or encrypted content storage
  • Multiple Storage Backends: File, S3, or in-memory storage
  • Async-First: Built for high-performance async applications

Installation

pip install rotalabs-comply

With S3 storage support:

pip install rotalabs-comply[s3]

Quick Start

Audit Logging

import asyncio
from rotalabs_comply import AuditLogger, EncryptionManager, MemoryStorage

async def main():
    # Set up encrypted audit logging
    encryption = EncryptionManager()
    storage = MemoryStorage()
    logger = AuditLogger(storage, encryption=encryption, store_content=True)

    # Log an AI interaction
    entry_id = await logger.log(
        input="What is the capital of France?",
        output="The capital of France is Paris.",
        provider="openai",
        model="gpt-4",
        safety_passed=True,
        latency_ms=245.5,
    )

    print(f"Logged entry: {entry_id}")

    # Retrieve the entry
    entry = await logger.get_entry(entry_id)
    print(f"Provider: {entry.provider}, Model: {entry.model}")

asyncio.run(main())

Privacy Mode (Hash-Only)

# Only store content hashes, not actual content
logger = AuditLogger(
    "/var/log/ai-audit",
    store_content=False,  # Only store SHA-256 hashes
    retention_days=365,
)

Compliance Checking

from rotalabs_comply import EUAIActFramework, SOC2Framework, HIPAAFramework
from rotalabs_comply.frameworks.base import AuditEntry, ComplianceProfile
from datetime import datetime

async def check_compliance():
    # Create frameworks
    eu_ai = EUAIActFramework()
    soc2 = SOC2Framework()

    # Create an audit entry to check
    entry = AuditEntry(
        entry_id="test-001",
        timestamp=datetime.utcnow(),
        event_type="inference",
        actor="user@example.com",
        action="Generated text response",
        human_oversight=True,
        user_notified=True,
    )

    # Create compliance profile
    profile = ComplianceProfile(
        profile_id="high-risk",
        name="High Risk AI System",
        risk_level="high",
    )

    # Check compliance
    result = await eu_ai.check(entry, profile)
    print(f"EU AI Act compliant: {result.is_compliant}")
    print(f"Violations: {len(result.violations)}")

    for violation in result.violations:
        print(f"  - {violation.rule_id}: {violation.description}")

asyncio.run(check_compliance())

Report Generation

from datetime import datetime, timedelta
from rotalabs_comply import ReportGenerator, MemoryStorage
from rotalabs_comply.core import ComplianceProfile, Framework

async def generate_report():
    storage = MemoryStorage()
    generator = ReportGenerator(storage)

    # Define compliance profile
    profile = ComplianceProfile(
        frameworks=[Framework.EU_AI_ACT, Framework.SOC2],
        risk_level="high",
    )

    # Generate report for last 30 days
    end = datetime.utcnow()
    start = end - timedelta(days=30)

    report = await generator.generate(
        period_start=start,
        period_end=end,
        profile=profile,
    )

    # Export to markdown
    markdown = generator.export_markdown(report)
    print(markdown)

asyncio.run(generate_report())

Compliance Frameworks

EU AI Act

European Union's comprehensive AI regulation for high-risk systems:

Rule ID Description Category
EUAI-001 Human oversight documentation oversight
EUAI-002 AI interaction notification transparency
EUAI-003 Risk assessment risk_management
EUAI-004 Technical documentation documentation
EUAI-005 Training data documentation documentation
EUAI-006 Error handling robustness risk_management
EUAI-007 Accuracy monitoring risk_management
EUAI-008 Cybersecurity measures security

SOC2 Type II

AICPA Trust Service Criteria:

Rule ID Description Category
SOC2-CC6.1 Logical access controls security
SOC2-CC6.2 System boundary definition security
SOC2-CC7.1 System monitoring security
SOC2-CC7.2 Incident response security
SOC2-CC8.1 Availability monitoring availability
SOC2-PI1.1 Processing integrity processing_integrity
SOC2-C1.1 Confidentiality classification confidentiality
SOC2-P1.1 Privacy notice privacy

HIPAA

US healthcare data protection (with HITECH updates):

Rule ID Description Category
HIPAA-164.312(a) Access control access_control
HIPAA-164.312(b) Audit controls audit
HIPAA-164.312(c) Integrity controls integrity
HIPAA-164.312(d) Person authentication authentication
HIPAA-164.312(e) Transmission security transmission
HIPAA-164.502 Uses and disclosures privacy
HIPAA-164.514 De-identification privacy

Storage Backends

File Storage

from rotalabs_comply import AuditLogger, FileStorage

# JSONL files with automatic rotation
storage = FileStorage("/var/log/ai-audit", rotation_size_mb=100)
logger = AuditLogger(storage)

S3 Storage

from rotalabs_comply import AuditLogger, S3Storage

# Requires: pip install rotalabs-comply[s3]
storage = S3Storage(
    bucket="my-audit-bucket",
    prefix="ai-audit/",
    region="us-east-1",
)
logger = AuditLogger(storage)

Memory Storage (Testing)

from rotalabs_comply import AuditLogger, MemoryStorage

storage = MemoryStorage(max_entries=10000)
logger = AuditLogger(storage)

Encryption

All audit content can be encrypted using Fernet symmetric encryption:

from rotalabs_comply import EncryptionManager, generate_key

# Auto-generate key
encryption = EncryptionManager()
key = encryption.get_key()  # Save this securely!

# Or provide your own key
key = generate_key()
encryption = EncryptionManager(key=key)

# Use with AuditLogger
logger = AuditLogger(
    storage,
    encryption=encryption,
    store_content=True,  # Store encrypted content
)

API Reference

Core Types

  • RiskLevel - Enum: LOW, MEDIUM, HIGH, CRITICAL
  • Framework - Enum: EU_AI_ACT, SOC2, HIPAA, GDPR, NIST_AI_RMF, ISO_42001
  • AuditEntry - Audit log entry data model
  • ComplianceProfile - Compliance configuration
  • ComplianceViolation - Detected violation
  • ComplianceCheckResult - Framework check result

Audit Module

  • AuditLogger - Main audit logging interface
  • EncryptionManager - Encryption utilities
  • FileStorage - JSONL file storage
  • MemoryStorage - In-memory storage
  • S3Storage - AWS S3 storage

Frameworks

  • EUAIActFramework - EU AI Act compliance
  • SOC2Framework - SOC2 Type II compliance
  • HIPAAFramework - HIPAA compliance

Reports

  • ReportGenerator - Generate compliance reports
  • ComplianceReport - Report data model
  • ReportSection - Report section

Links

License

MIT License - see LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers

Release history Release notifications | RSS feed

1.0.0

This version

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rotalabs_comply-0.2.0.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rotalabs_comply-0.2.0-py3-none-any.whl (107.2 kB view details)

Uploaded Python 3

File details

Details for the file rotalabs_comply-0.2.0.tar.gz.

File metadata

  • Download URL: rotalabs_comply-0.2.0.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for rotalabs_comply-0.2.0.tar.gz
Algorithm Hash digest
SHA256 84bf231fabfdc0135569dbb29d8012df012c15c4ffb8c6aac58b40bf2b700b24
MD5 2f1c51e6dccf6769d3f20d7e107b9fd9
BLAKE2b-256 f412d39405454c57b62b9da2168faebaf4e6dcb80ae6e637bf554b39f71d7914

See more details on using hashes here.

File details

Details for the file rotalabs_comply-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for rotalabs_comply-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 44fd44c8505156f6e75e065b7ba85731d852eae4b6922e22cfef04b8a1e6bdaf
MD5 fb3e8e89db1860953352237eea9ad203
BLAKE2b-256 ffc6326a892ad083c384eb97122cd6e92916360592284a3cb0ab9679e74bb2f3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page