AEOESS
ContactGet Started
aeoess/solutions/Compliance

Audit trails as
cryptographic evidence.

Replace text logs with signed receipts. Map every action to EU AI Act, NIST AI RMF, ISO 42001 articles. Auditors verify the trail without going through us.

Live primitivesApache-2.0
Life of an Action

One action, one signed receipt.

Auditors read the action receipt. The receipt cites the delegation. The delegation cites the passport. The chain is verifiable without us.

Who this is for

Regulated industries, EU operators, compliance leads.

A regulator asks for the audit trail behind an agent action. Today the answer is text logs in Datadog or Kibana, with no chain of authority, no signed scope, no contestability surface, no proof of which inputs the agent saw at decision time. APS replaces text logs with cryptographic evidence that holds up under independent verification.

What ships

Three primitives, three frameworks.

Public modules. Mapped to articles your auditor already reads.

Cryptographic audit trail mapped to real frameworks. EU AI Act Articles 14 and 26. NIST AI RMF across Govern, Map, Measure, Manage. ISO 42001 audit requirements. Generated from receipts on disk.

src/core/euaiact.ts
generateComplianceReport({ standard, receipts })

Action receipts as evidence, not as logs. Every receipt is signed, contestable, replayable. Authority-boundary receipts prove what the agent was authorized to do. Custody receipts prove what data the agent saw.

src/v2/accountability/{action,authority-boundary,
custody,contestability,bundle}.ts

Cascade revocation as enforcement. When a delegation is revoked, downstream actions invalidate without a manual log search. The receipt ledger answers is this still authorized in a single signature check.

src/v2/cognitive_attestation/*
src/v2/instruction_provenance/*
Architecture

Mapping primitives to articles.

FrameworkArticleRequiresAPS primitive
EU AI ActArt. 14Human oversightAuthorityBoundaryReceipt + HumanEscalationFlag
EU AI ActArt. 26Transparency to deployerActionReceipt with signed scope chain
NIST AI RMFGOVERN-1.1Accountability structuresCharter + offices, separation of powers
NIST AI RMFMEASURE-2.7Risk evaluation evidenceCustodyReceipt + ContestabilityReceipt
ISO 42001A.6.2.6Decision audit trailDecisionLineageReceipt, replayable
ISO 42001A.9.2Continuous monitoringAPSBundle Merkle aggregation

The protocol specifies procedural validity. Effect safety is a separate axis, catalogued in Paper 8 (The Evidence-Safety Gap). We cite our own limits.

Proof

Verifiable on the public record.

  • NIST CAISI input acknowledged.
    Acknowledged in writing by Drew Keller. Email on file.
  • Two NCCoE concept-paper comments in federal record.
    Filed alongside BSA on the NCCoE site.
  • AAIF project proposal #14 in review.
    Linux Foundation path for cross-vendor agent interoperability.
  • IETF Internet-Draft live.
    draft-pidlisnyi-aps-00. Eight Zenodo papers including Paper 8.
Adjacent
deep
Receipts reference
Action, custody, authority-boundary, contestability.
open →
solution
Content
Signed governance, derivation lineage, cascade revoke.
open →
solution
Enterprise
BYO identity, charter governance, fleet-scale audit.
open →
Self-serve

Generate compliance reports.

Issue receipts from your agents, run generateComplianceReport against the framework you operate under, hand the output to your auditor.

npm install agent-passport-system
Managed

Managed audit trail.

Hosted receipt store, framework templates, signed exports for regulators. Pricing on request.

[email protected]