sdk(P2.2): typed compliance events + attest/session + Article 12 report
Typed events as SDK-side conventions (no backend change): ModelDecision / HumanOverride / IncidentReport (NIS2 field names) / DataAccess as Python dataclasses, TypeScript builders, and Go structs — each serializing to a plain payload with regulation_refs (EU AI Act Art.12/14, NIS2 Art.23, AI-Act Art.62, GDPR Art.30/6) and self-validating against the committed-payload number policy. Python ergonomics: @attest(client, stream_id=...) wraps any function — one event per call with commitments over args/kwargs and result (raw values never leave the process), .last_receipt on the wrapper, exceptions log an IncidentReport-shaped event (commitment over the traceback) and re-raise; logging failures never break the workload (log-and-continue; strict=True is the only raising mode — all test-enforced). session(...) groups typed events under shared session_id/actor_ref metadata. Evidence report: attesto.reports.article12(...) in Python and `attesto report article12 --stream ... --output report.md` in the Go CLI — deterministic templating (never LLM-generated) built only from existing tenant endpoints: Art.12(2) coverage table, per-type event counts, P1.3 completeness verdict, checkpoint -> anchor-tx -> block path, and replayable verification commands. Claims discipline test-enforced in both languages: the words "compliant"/"compliance guaranteed" never appear — the report states evidence recorded and independently verifiable. The mock emulators now expose event_type in tenant listings so report tests run end-to-end against P2.3. Sweep green: Python 94, TS 59, Go all packages. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
17
README.md
17
README.md
@@ -129,6 +129,23 @@ client, _ := attesto.NewClient(apiKey, attesto.WithHeadStore(attesto.NewFileHead
|
||||
client, _ = attesto.NewClient(apiKey, attesto.WithHeadStore(nil))
|
||||
```
|
||||
|
||||
## Typed compliance events and the evidence report
|
||||
|
||||
```go
|
||||
decision := attesto.ModelDecision{Model: "credit-v1", Decision: "approve", ConfidenceBp: 8700}
|
||||
payload, _ := decision.ToPayload() // regulation_refs attached, number-policy validated
|
||||
client.LogEvent(ctx, streamID, attesto.EventInput{
|
||||
SourceRef: "d-1", EventType: decision.EventType(), Payload: payload,
|
||||
})
|
||||
```
|
||||
|
||||
```bash
|
||||
attesto report article12 --stream str_... --output report.md
|
||||
```
|
||||
|
||||
The report is a deterministic template (never LLM-generated) stating what is
|
||||
recorded and independently verifiable — it never asserts conformity.
|
||||
|
||||
## Testing without Attesto: attestotest
|
||||
|
||||
`go.attesto.eu/sdk/attestotest` starts a local httptest emulator with **real**
|
||||
|
||||
Reference in New Issue
Block a user