ShadowAudit Compliance Assessment

Scanned: {{ path }} · Taxonomy: {{ taxonomy_name }} · {{ total_files }} file(s)

{% if has_findings %}
{{ risk_score }}
{{ risk_label }}

Executive Summary

{{ total_tools }}
Total Tools
{{ gated_count }}
Gated ✓
{{ ungated_count }}
Ungated ⚠
{% if critical_ungated > 0 %}
{{ critical_ungated }}
Critical Risk
{% endif %}
{{ coverage_percent }}%
Coverage

Coverage Map

{% for tool in tools %}
{{ tool.name[:12] }}{% if tool.name|length > 12 %}..{% endif %} {% if tool.is_wrapped %}Gated{% else %}Ungated{% endif %}
{% endfor %}

Gated: {{ gated_count }} Ungated: {{ total_tools - gated_count }} {{ gated_count }} of {{ total_tools - safe_tools }} risky tools are protected with ShadowAuditTool.

Tool Inventory

{% for tool in tools %} {% if tool.needs_action %} {% endif %} {% endfor %}
Tool Category Status Risk Location
{{ tool.name }} {% if tool.framework != "unknown" %}
{{ tool.framework }} {% endif %} 		{{ tool.category }} {% if tool.taxonomy_description %}
{{ tool.taxonomy_description }} {% endif %} 		{% if tool.is_wrapped %} ✓ Gated {% else %} ❌ Ungated {% endif %} {{ tool.risk_level }} {{ tool.file.split('/')[-1] }}:{{ tool.line }}
Remediation: {{ tool.remediation }}
{% if categories %}

Category Breakdown

{% for cat_name, cat_data in categories.items() %} {% endfor %}
Category Total Gated Ungated Critical/High
{{ cat_name }} {{ cat_data.count }} {{ cat_data.gated }} {{ cat_data.ungated }} {% if cat_data.critical > 0 or cat_data.high > 0 %} {{ cat_data.critical + cat_data.high }} {% else %} — {% endif %}
{% endif %} {% if recommended_taxonomy %}

Recommended Taxonomy

Auto-generated taxonomy based on detected tools. Save as a .json file for reuse with --taxonomy. 

{
{% for cat_name, cat_config in recommended_taxonomy.items() %}  "{{ cat_name }}": {
    "delta": {{ cat_config.delta }},
    "risk_keywords": [
{% for kw in cat_config.risk_keywords %}      "{{ kw }}"{% if not loop.last %},{% endif %}
{% endfor %}    ],
    "description": "{{ cat_config.description }}"
  }{% if not loop.last %},{% endif %}
{% endfor %}}
{% endif %} {% if implementation_plan %}

Implementation Plan

Step-by-step instructions to wrap each ungated tool with ShadowAudit enforcement.

{% for step in implementation_plan %}
{{ step.step }} {{ step.tool_name }} {{ step.risk_level }}

Wrap {{ step.tool_name }} (category: {{ step.category }}) with ShadowAuditTool to enforce runtime governance. 

{{ step.code }}
{% endfor %}
{% endif %} {% else %}
🔍

No AI Agent Tools Detected

No tool classes inheriting from BaseTool were found in the scanned path.

If you expected tools, ensure they inherit from BaseTool (LangChain, CrewAI, or AutoGen).

{% endif %} {% if compliance_mappings %}

Compliance Control Mapping

How ShadowAudit controls map to regulatory requirements for {{ taxonomy_name or "general" }} agents.

SOX 302 — Corporate Responsibility

{{ compliance_mappings.sox_302 }}

SOX 404 — Internal Controls

{{ compliance_mappings.sox_404 }}

PCI-DSS 3.4 — Data Protection

{{ compliance_mappings.pci_dss_3_4 }}

PCI-DSS 10.2 — Audit Trails

{{ compliance_mappings.pci_dss_10_2 }}

PCI-DSS 6.5 — Secure Coding

{{ compliance_mappings.pci_dss_6_5 }}

{% endif %}