@tenet/offboarding-audit

Local CLI that audits an employee roster for ghost accounts, shadow-AI tool access, stale admin roles, and contractor expiry blind spots. Deterministic, zero network calls, hash-only audit log — built for VP People + CIO + CISO at 500-5,000 employee mid-market B2B companies preparing for state-privacy audits (CCPA / CPRA / NY SHIELD / Colorado AI Act) and EU AI Act Article 26 (August 2, 2026).

Why this exists

At the mid-market tier (500-5,000 employees), the typical offboarding reality is this: HRIS says the employee was terminated 90 days ago, but 30 percent of their SaaS accounts are still active. Nobody can give a straight answer to "is it revoked?" Meanwhile the 2026 regulatory calendar is closing fast:

• EU AI Act Article 26 (August 2, 2026) — operator records of AI system use by employees for high-risk systems. An orphaned ChatGPT Enterprise seat on a former employee is a failed audit.
• California CCPA / CPRA — 45-day data-subject access requests covering former employees, with per-subject evidence lineage.
• NY SHIELD Act Section 899-bb — reasonable access controls and audit logging, with a $5,000-per-violation civil penalty ceiling plus procurement risk through downstream enterprise buyers.
• Colorado AI Act (effective February 2026) — operator obligations on consequential decisions, including employment-adjacent contexts.

Enterprise IGA (SailPoint, Saviynt) solves this for 5,000+ emp orgs with dedicated identity programs. Adjacent SaaS management tools (BetterCloud, Torii, Zluri) have lifecycle as a module. Existing mid-market reality: spreadsheets and quarterly theater.

@tenet/offboarding-audit is the free, open-source starting point. A CSV in, a ranked ghost-account report out. The same heuristics run inside the hosted Tenet product across 40+ SaaS connectors.

Install

# Run ephemerally from the hosted tarball (works today — recommended)
npx -y https://tenet.grindworks.ai/tenet-offboarding-audit-0.1.0.tgz --demo

# Or install globally
npm install -g https://tenet.grindworks.ai/tenet-offboarding-audit-0.1.0.tgz

# Shortly (once the npm registry name is claimed):
npm install -g @tenet/offboarding-audit

Node 20+ required. Package ships as pure JavaScript (no native dependencies). Built tarball is under 40 KB.

Usage

# Audit the bundled 40-row sample roster (table output)
tenet-audit --demo

# Audit your own roster
tenet-audit path/to/employees.csv

# JSON for pipelines (e.g. pipe to jq / feed into the hosted Tenet product)
tenet-audit employees.csv --format=json

# Markdown for a runbook or Notion paste-in
tenet-audit employees.csv --format=md > report.md

# CSV export for auditors
tenet-audit employees.csv --format=csv > findings.csv

# Print the heuristic catalog and exit
tenet-audit --list-rules

Expected CSV schema

The CLI reads a header-row CSV with these columns. Extra columns are ignored, so it's safe to export directly from your HRIS and strip nothing.

| Column | Required | Notes | |---|---|---| | employee_id | yes | Any stable internal ID | | email | yes | Employee corporate email | | status | yes | One of active, terminated, leave, contractor | | termination_date | required when status=terminated | ISO YYYY-MM-DD | | leave_start_date | required when status=leave | ISO YYYY-MM-DD | | contractor_end_date | required when status=contractor | ISO YYYY-MM-DD | | role_level | yes | ic, manager, director, admin, super_admin, owner, root | | apps_accessed | yes | JSON array (["slack","github"]) OR semicolon-delimited (slack;github) |

Heuristic catalog (7 built-in rules)

| ID | Severity | Rule | |---|---|---| | H01 | high | Terminated employee still in at least one SaaS app | | H02 | high | Chronic ghost — terminated more than 90 days ago with any app access | | H03 | critical | Terminated employee still holding high-sensitivity or admin app access (Snowflake, Salesforce admin, GitHub org admin, AWS IAM, Okta admin, Workday admin, …) | | H04 | high | Terminated employee with AI tool access — shadow-AI audit angle for EU AI Act Article 26 | | H05 | medium | Employee on leave more than 180 days still holding admin-level role | | H06 | high | Contractor past contractor_end_date still active in apps | | H07 | critical | Terminated employee with role_level=admin / super_admin / owner / root — crosses NYDFS 23 NYCRR 500 72-hour revocation line for regulated entities |

Exact logic lives in src/heuristics.ts. Read it. Modify it. The point is the rules are auditable source, not opaque scoring.

High-sensitivity app slugs (for H03) and AI tool slugs (for H04) are in the same file as HIGH_SENSITIVITY_APPS and SHADOW_AI_APPS. Add to the sets for your own org's app catalog.

Audit log format

Every tenet-audit run appends one JSONL line to ~/.tenet/audit.jsonl (override with TENET_LOG_PATH):

{"ts":"2026-04-17T09:45:12.345Z","session_id":"a1b2c3d4e5f60708","version":"0.1.0","event":"offboarding_audit_run","source":"demo","input_digest":"8f2a7c1e9b4d5a62","employee_count":40,"findings_count":12,"counts_by_severity":{"critical":3,"high":7,"medium":2,"low":0},"findings_digests":[{"heuristicId":"H03","severity":"critical","emailDigest":"d7a4f1e09c6b3520","priority":1}]}

No plaintext employee data is ever written to the log. Only lengths, counts, and SHA-256 digests truncated to 16 hex chars. This is a deliberate design choice: the audit log is the artifact an auditor reviews, so it must not become a new CCPA / CPRA liability by retaining plaintext email addresses of former employees.

State-privacy alignment

• California CCPA / CPRA — the log satisfies CCPA §1798.105 (right to delete) and §1798.110 (right to know) use-case tracking because it records evidence of action without retaining the subject's PII. Pair with your application-layer deletion pipeline.
• NY SHIELD Act §899-bb(2)(b)(ii)(B) — "reasonable administrative safeguards, including regular risk assessments and training" — the run cadence itself is the assessment; the log is the evidence.
• Colorado AI Act (SB 205) — documents operator-consequential decisions on employment AI systems. Shadow-AI findings (H04) map directly to the "developer and deployer obligations" evidence requirement.

EU AI Act Article 26(1) mapping

Article 26(1) requires "maintained records of AI system use." When H04 fires for a former employee, the log proves:

1. The operator detected the orphaned AI-tool grant,
2. Which rule fired (H04) with which severity,
3. A tamper-evident digest of both the input roster and the subject's identity — without retaining the plaintext.

Framework standards

• ISO 42001 A.6.2.3 — AI data handling. Findings document the data-access surface; the revocation decision is logged downstream.
• NIST AI RMF MAP-4.1 — documented approaches to enhance data privacy. Read src/heuristics.ts; that IS the documentation.
• SOC 2 Type II (CC6.2) — logical access restrictions to the entity's information assets. The run + log pair is the control evidence.

Environment variables

| Var | Default | Purpose | |---|---|---| | TENET_LOG_DIR | ~/.tenet/ | Directory where the audit log is written | | TENET_LOG_PATH | {LOG_DIR}/audit.jsonl | Full audit log path override |

What this CLI does NOT do (v0.1 scope)

Clear-eyed scope statement so it's useful, not oversold:

• No live SaaS connectors. The CLI reads a CSV you exported. It does not call Okta, Rippling, Workday, or any other vendor API. That's the hosted Tenet product. This CLI is the local spot-check.
• No revocation. The output is a ranked report with reason + priority. Human takes the action.
• No org-specific app sensitivity classification. Ship with a sensible default high-sensitivity + AI tool list. Edit HIGH_SENSITIVITY_APPS and SHADOW_AI_APPS in src/heuristics.ts for your org, or wait for v0.2 which will accept a config file.
• No guaranteed zero false negatives. Heuristics cover the major patterns. Long-tail mid-market SaaS apps may slip. Contribute additions via GitHub PR.
• No ML or LLM classifier. Every rule is deterministic and readable in 200 lines of TypeScript. Your CISO can reproduce every finding by hand.
• No centralized reporting. One machine, one audit log. Fleet aggregation is the hosted Tenet product.

Design principles

1. Local only. Zero network calls in v0.1. Read the source — no fetch, no http, no axios.
2. Deterministic. Same CSV + same --now → byte-identical output. The --now=<iso> flag exists so test runs + CI pipelines reproduce across time.
3. Audit-first. Every run emits a log line. Hash-only. Always.
4. Trust by construction. Apache-2.0 source. Published tarball matches the commit. No obfuscation.

Upgrade path — hosted Tenet

The free CLI is the start. When you need:

• 40+ SaaS connectors reading actual IAM / HRIS / finance state (not a CSV export)
• Shadow-AI discovery via email telemetry + finance signal + browser telemetry
• Per-subject state-privacy evidence export for CCPA, CPRA, NY SHIELD, Colorado AI Act, Virginia CDPA, Connecticut CTDPA, Texas TDPSA
• EU AI Act Article 26 operator record export templates
• Tri-buyer UX (VP People sees policy documentation, CIO sees SCIM/connector health, CISO sees shadow-AI and access-rights register, Compliance sees the DSAR-ready export)
• Connector write-back to 40+ apps (SCIM/API) plus long-tail admin-console workflow wrappers

→ tenet.grindworks.ai/#waitlist

Design-partner program is open for 500-5,000 employee NA B2B mid-market orgs. Email [email protected] with "tenet-cli user" in the subject for a 15-minute conversation this week.

Contributing

Issues and PRs welcome. Target audience: VP People, CIO, CISO at 500-5,000 employee NA B2B mid-market companies. If you are one of them, we want to hear which app slugs are missing from HIGH_SENSITIVITY_APPS / SHADOW_AI_APPS for your industry context.

License

Apache-2.0. Use commercially, modify freely. Attribution appreciated in audit evidence packs.

Built by Grindworks Studio — a venture studio shipping NA B2B infrastructure products in the AI Agent era. Sister ventures: Veladon (AI governance DLP), Prova (agentic SOX assurance).