AI compliance and audit logging infrastructure with multi-framework support

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers
Report project as malware

Project description

rotalabs-comply

PyPI version Python versions License Tests

AI compliance and audit logging infrastructure with multi-framework support.

Features

  • Audit Logging: Encrypted, privacy-preserving audit trails for AI interactions
  • 7 Compliance Frameworks: EU AI Act, SOC2, HIPAA, GDPR, NIST AI RMF, ISO 42001, MAS FEAT
  • 96 Compliance Rules: Comprehensive coverage across all major AI regulations
  • Report Generation: Customizable compliance reports in Markdown, JSON, or HTML
  • Privacy-First Design: Hash-only mode or encrypted content storage
  • Multiple Storage Backends: File, S3, or in-memory storage
  • Async-First: Built for high-performance async applications

Installation

pip install rotalabs-comply

With S3 storage support:

pip install rotalabs-comply[s3]

Quick Start

Audit Logging

import asyncio
from rotalabs_comply import AuditLogger, EncryptionManager, MemoryStorage

async def main():
    # Set up encrypted audit logging
    encryption = EncryptionManager()
    storage = MemoryStorage()
    logger = AuditLogger(storage, encryption=encryption, store_content=True)

    # Log an AI interaction
    entry_id = await logger.log(
        input="What is the capital of France?",
        output="The capital of France is Paris.",
        provider="openai",
        model="gpt-4",
        safety_passed=True,
        latency_ms=245.5,
    )

    print(f"Logged entry: {entry_id}")

    # Retrieve the entry
    entry = await logger.get_entry(entry_id)
    print(f"Provider: {entry.provider}, Model: {entry.model}")

asyncio.run(main())

Privacy Mode (Hash-Only)

# Only store content hashes, not actual content
logger = AuditLogger(
    "/var/log/ai-audit",
    store_content=False,  # Only store SHA-256 hashes
    retention_days=365,
)

Compliance Checking

from rotalabs_comply import EUAIActFramework, SOC2Framework, HIPAAFramework
from rotalabs_comply.frameworks.base import AuditEntry, ComplianceProfile
from datetime import datetime

async def check_compliance():
    # Create frameworks
    eu_ai = EUAIActFramework()
    soc2 = SOC2Framework()

    # Create an audit entry to check
    entry = AuditEntry(
        entry_id="test-001",
        timestamp=datetime.utcnow(),
        event_type="inference",
        actor="user@example.com",
        action="Generated text response",
        human_oversight=True,
        user_notified=True,
    )

    # Create compliance profile
    profile = ComplianceProfile(
        profile_id="high-risk",
        name="High Risk AI System",
        risk_level="high",
    )

    # Check compliance
    result = await eu_ai.check(entry, profile)
    print(f"EU AI Act compliant: {result.is_compliant}")
    print(f"Violations: {len(result.violations)}")

    for violation in result.violations:
        print(f"  - {violation.rule_id}: {violation.description}")

asyncio.run(check_compliance())

Report Generation

from datetime import datetime, timedelta
from rotalabs_comply import ReportGenerator, MemoryStorage
from rotalabs_comply.core import ComplianceProfile, Framework

async def generate_report():
    storage = MemoryStorage()
    generator = ReportGenerator(storage)

    # Define compliance profile
    profile = ComplianceProfile(
        frameworks=[Framework.EU_AI_ACT, Framework.SOC2],
        risk_level="high",
    )

    # Generate report for last 30 days
    end = datetime.utcnow()
    start = end - timedelta(days=30)

    report = await generator.generate(
        period_start=start,
        period_end=end,
        profile=profile,
    )

    # Export to markdown
    markdown = generator.export_markdown(report)
    print(markdown)

asyncio.run(generate_report())

Compliance Frameworks

7 frameworks with 96 total compliance rules:

Framework Description Rules Key Categories
EU AI Act European AI regulation 8 transparency, oversight, risk_management
SOC2 Type II AICPA Trust Service Criteria 10 security, availability, privacy
HIPAA US healthcare data protection 8 access_control, audit, privacy
GDPR EU data protection regulation 14 data_protection, consent, data_subject_rights
NIST AI RMF US AI Risk Management Framework 15 governance, context, measurement, risk_treatment
ISO 42001 AI Management System standard 23 context, leadership, planning, operation
MAS FEAT Singapore financial AI governance 18 fairness, ethics, accountability, transparency 
from rotalabs_comply import (
    EUAIActFramework,
    SOC2Framework,
    HIPAAFramework,
    GDPRFramework,
    NISTAIRMFFramework,
    ISO42001Framework,
    MASFramework,
)

# Check against multiple frameworks
frameworks = [
    EUAIActFramework(),
    GDPRFramework(),
    MASFramework(),
]

for fw in frameworks:
    result = await fw.check(entry, profile)
    print(f"{fw.name}: {'PASS' if result.is_compliant else 'FAIL'}")

Storage Backends

File Storage

from rotalabs_comply import AuditLogger, FileStorage

# JSONL files with automatic rotation
storage = FileStorage("/var/log/ai-audit", rotation_size_mb=100)
logger = AuditLogger(storage)

S3 Storage

from rotalabs_comply import AuditLogger, S3Storage

# Requires: pip install rotalabs-comply[s3]
storage = S3Storage(
    bucket="my-audit-bucket",
    prefix="ai-audit/",
    region="us-east-1",
)
logger = AuditLogger(storage)

Memory Storage (Testing)

from rotalabs_comply import AuditLogger, MemoryStorage

storage = MemoryStorage(max_entries=10000)
logger = AuditLogger(storage)

Encryption

All audit content can be encrypted using Fernet symmetric encryption:

from rotalabs_comply import EncryptionManager, generate_key

# Auto-generate key
encryption = EncryptionManager()
key = encryption.get_key()  # Save this securely!

# Or provide your own key
key = generate_key()
encryption = EncryptionManager(key=key)

# Use with AuditLogger
logger = AuditLogger(
    storage,
    encryption=encryption,
    store_content=True,  # Store encrypted content
)

API Reference

Core Types

  • RiskLevel - Enum: LOW, MEDIUM, HIGH, CRITICAL
  • Framework - Enum: EU_AI_ACT, SOC2, HIPAA, GDPR, NIST_AI_RMF, ISO_42001, MAS
  • AuditEntry - Audit log entry data model
  • ComplianceProfile - Compliance configuration
  • ComplianceViolation - Detected violation
  • ComplianceCheckResult - Framework check result

Audit Module

  • AuditLogger - Main audit logging interface
  • EncryptionManager - Encryption utilities
  • FileStorage - JSONL file storage
  • MemoryStorage - In-memory storage
  • S3Storage - AWS S3 storage

Frameworks

  • EUAIActFramework - EU AI Act compliance (8 rules)
  • SOC2Framework - SOC2 Type II compliance (10 rules)
  • HIPAAFramework - HIPAA compliance (8 rules)
  • GDPRFramework - GDPR compliance (14 rules)
  • NISTAIRMFFramework - NIST AI RMF compliance (15 rules)
  • ISO42001Framework - ISO 42001 compliance (23 rules)
  • MASFramework - MAS FEAT compliance (18 rules)

Reports

  • ReportGenerator - Generate compliance reports
  • ComplianceReport - Report data model
  • ReportSection - Report section

Links

License

MIT License - see LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rotalabs from gravatar.com rotalabs

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: Subhadip Mitra
  • Tags ai , audit , compliance , eu-ai-act , gdpr , hipaa , logging , privacy , security , soc2
  • Requires: Python >=3.9
  • Provides-Extra: all , dev , docs , s3
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rotalabs_comply-1.0.0.tar.gz (1.6 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rotalabs_comply-1.0.0-py3-none-any.whl (119.3 kB view details)

Uploaded Python 3

File details

Details for the file rotalabs_comply-1.0.0.tar.gz.

File metadata

  • Download URL: rotalabs_comply-1.0.0.tar.gz
  • Upload date:
  • Size: 1.6 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for rotalabs_comply-1.0.0.tar.gz
Algorithm Hash digest
SHA256 90d8218edbce8f92755b7eaf0008b4494ce69102b49440da825630b864190097
MD5 49296c2e85e400d371140eec87a2cc17
BLAKE2b-256 39cadd51f54ed0b57c6c6c0e9b9ce39368378620872057022c500248c7753576

See more details on using hashes here.

File details

Details for the file rotalabs_comply-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for rotalabs_comply-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 baa965b10ad62b48e5f0cf44033305e226c5946945327f1aa44880de539d296f
MD5 751326dd332f6db4dcf5cce819de06cd
BLAKE2b-256 1432bfbc4891299ca5930caaead120a12f33cc769400c144f2fac344a3b23d48

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page