@prova-ai/audit
v0.2.0
Published
EU AI Act compliance infrastructure for autonomous AI agents. Annex III classification, oversight gates, immutable audit log, Annex IV doc-ready.
Maintainers
Readme
@prova-ai/audit
EU AI Act compliance infrastructure for autonomous AI agents.
Wrap any agent with a full compliance envelope — Annex III classification, configurable oversight gates, immutable audit log — in a few lines of code. Produce regulator-ready Annex IV documentation on demand.
Enforcement: August 2, 2026.
Install
npm install @prova-ai/audit
# or
pnpm add @prova-ai/auditQuick start
import { ProvaAudit } from "@prova-ai/audit";
const agent = new ProvaAudit({
agentId: "loan-screener-v2",
riskProfile: "high-risk",
oversightGates: ["credit_decision", "application_denial"],
apiKey: process.env.PROVA_API_KEY, // omit for local JSONL logging (free tier)
});
const result = await agent.run(
"Approve this loan application for $45,000",
{},
async (msg) => callYourLLM(msg),
);
// result.status: 'compliant' | 'flagged' | 'escalated_approved' | 'escalated_rejected' | 'blocked'
// result.auditId: UUID for this execution's audit record
// result.riskScore: 0-100
// result.annexIIICategory: EU AI Act Annex III category, if classified
// result.output: agent response (undefined if blocked)Terminal states
| Status | Meaning |
| --- | --- |
| compliant | All checks passed. Response returned. |
| flagged | Elevated risk. Logged. Human review recommended. Response returned. |
| escalated_approved | Human oversight gate triggered. Human approved. Response returned. |
| escalated_rejected | Human oversight gate triggered. Human rejected. Response suppressed. |
| blocked | Action blocked by policy. Incident filed. Response suppressed. |
| aborted | Execution aborted (timeout, error, or manual). |
| error | Unrecoverable error during compliance evaluation. |
Audit-only mode
Call the LLM yourself, then record the compliance envelope:
const response = await myLLM(message);
await agent.audit(message, response);Storage
local(default, free) — JSONL file at./prova-audit.jsonl. Use for dev + self-hosted.supabase— POSTs to the PROVA cloud audit endpoint. RequiresapiKey.custom— passauditEndpointto stream to your own collector.
Schema
See supabase/migration.sql for the append-only audit log schema. It is append-only — RLS blocks UPDATE and DELETE to satisfy EU AI Act Article 12 immutability requirements.
What PROVA gives you that nothing else does
- Annex IV auto-generation. Every audit record is structured for Annex IV §1–§7. Click export. Get a PDF a DPA would accept.
- Annex III classifier. Weighted keyword signals across all 8 high-risk categories. Real-time, sub-millisecond.
- Oversight gates.
block,escalate,flagpolicies with configurable fallback and timeout — Article 14 in code. - Immutable log. PII-safe hashing, append-only RLS, 7-year retention hooks.
Links
- Dashboard + Annex IV generator: https://getprova.dev
- MCP wrapper for Claude / OpenAI agents:
@prova-ai/mcp-server
License
MIT.
