Back to features
Governance & trust

Compliance & Audit Evidence

A server-generated, HMAC-signed audit evidence pack — input fingerprints, decision records, model cards and known limitations — ready for governance reviews.

Stage 7 — Delivery

What it is

Every analysis is frozen as an immutable, HMAC-signed Run. From it, the server generates a signed audit evidence pack entirely server-side: executive summary, decision record, findings CSV, model card and known-limitations.

The AI narrative is kept separate from the signed deterministic evidence, and verification is reported in three honest tiers: authentic → integrity-only → failed.

What’s possible

  • Server-authoritative, signed evidence pack (the client never supplies content or hashes for signing)
  • Input fingerprints, architecture decision records, model cards, known limitations
  • Three-tier verification; deterministic evidence cleanly separated from AI narrative

Honest scope & limitations

  • The architect sign-off inside the pack is self-attested, not a formally governed organizational approval.
  • The pack documents a decision aid — it is not an SAP acceptance test, a formal security audit, or SAP certification.

Related

Free · community-built · complementary to your SAP tooling

Try it on your own code.

Get free access