Metadata-Version: 2.4
Name: bondfoundry-finos
Version: 0.3.0
Summary: FINOS AI Governance Framework v2.0 tooling — coverage reporter, evidence-pack generator, mitigation submission renderer.
Project-URL: Homepage, https://bondfoundry.dev
Project-URL: Documentation, https://bondfoundry.dev
Project-URL: Repository, https://github.com/Skelf-Research/bondfoundry
Project-URL: Issues, https://github.com/Skelf-Research/bondfoundry/issues
Project-URL: Changelog, https://github.com/Skelf-Research/bondfoundry/blob/main/ROADMAP.md
Author: BondFoundry contributors
License-Expression: MIT
License-File: LICENSE
Keywords: ai-governance,aigf,compliance,eu-ai-act,evidence-pack,finos,iso-42001,nist-ai-rmf,owasp-llm,sr-11-7
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Financial and Insurance Industry
Classifier: Intended Audience :: Legal Industry
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Office/Business :: Financial
Classifier: Topic :: Software Development :: Documentation
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Typing :: Typed
Requires-Python: >=3.12
Requires-Dist: bondfoundry-policy<0.4.0,>=0.3.0
Requires-Dist: click>=8.1
Requires-Dist: jinja2>=3.1
Requires-Dist: pydantic>=2.7
Requires-Dist: python-ulid>=2.7
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.7
Provides-Extra: engine
Requires-Dist: bondfoundry-engine<0.4.0,>=0.3.0; extra == 'engine'
Provides-Extra: eval
Requires-Dist: bondfoundry-eval<0.4.0,>=0.3.0; extra == 'eval'
Description-Content-Type: text/markdown

# bondfoundry-finos

> Map your AI-governance implementation to the FINOS AI Governance Framework v2.0 — coverage reports, evidence packs, mitigation submissions, cross-framework crosswalk.

[![PyPI](https://img.shields.io/pypi/v/bondfoundry-finos.svg)](https://pypi.org/project/bondfoundry-finos/)
[![Python](https://img.shields.io/pypi/pyversions/bondfoundry-finos.svg)](https://pypi.org/project/bondfoundry-finos/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![FINOS AIGF v2.0](https://img.shields.io/badge/FINOS-AIGF%20v2.0-blue)](https://air.finos.org/)

**Docs**: <https://bondfoundry.dev> · **Source**: <https://github.com/Skelf-Research/bondfoundry> · **Issues**: <https://github.com/Skelf-Research/bondfoundry/issues>

## What is this?

`bondfoundry-finos` is the tooling layer that turns an AI deployment into an auditable record against the **FINOS AI Governance Framework v2.0** (AIR). It ships a CLI that produces the artefacts compliance teams and regulators ask for: a control-mapping table from AIR risks/mitigations to your concrete implementation, a coverage report computed from eval-harness output, evidence packs over date ranges, audit-chain verification, mitigation submissions ready for upstream FINOS PR, and shields.io badges.

It is the reference implementation of how the AIGF maps onto a working trading system, and is **framework-agnostic** at the data layer — the same CLI works for any product whose policy gate and eval harness emit AIR-compatible references. Adjacent frameworks (NIST AI RMF, NIST SP 800-53r5, EU AI Act, ISO/IEC 42001, FFIEC IT Handbook, OWASP LLM Top-10, MAS FEAT/Veritas, SR 11-7) are surfaced through the `--enrich` and `cross-framework` commands.

## Install

```bash
pip install bondfoundry-finos
# or
uv add bondfoundry-finos
```

Optional integrations:

```bash
pip install "bondfoundry-finos[engine]"  # pull audit fixtures from the engine
pip install "bondfoundry-finos[eval]"    # read coverage from eval reports
```

## Quickstart

```python
from bondfoundry_finos import build_mapping_table
from bondfoundry_finos.mapping import render_markdown, render_json

rows = build_mapping_table()
print(render_markdown(rows))   # markdown table of AIR-* ids → implementations
data = render_json()           # same data as list[dict] for downstream tooling
```

From the shell:

```bash
bondfoundry-finos mapping --format markdown --enrich > docs/control-mapping.md
bondfoundry-finos coverage --results-dir evals/results/latest --threshold 0.85
bondfoundry-finos evidence-pack --period 2026Q1 --out evidence/2026Q1.zip
bondfoundry-finos verify-chain --side both
bondfoundry-finos badges --results-dir evals/results/latest --out badges/
```

## Use cases

- **Regulator-ready evidence** — generate a control-mapping table that names each AIR risk/mitigation, the file:line it is implemented at, the eval cases that cover it, and the tier it sits at.
- **Continuous coverage gating** — fail CI if AIGF coverage drops below a threshold (default 85%) after a code change or new risk publication.
- **Submission to FINOS upstream** — render canonical mitigation pages (`mi-*.md`) for PR to the FINOS AIR repository.
- **Cross-framework crosswalk** — surface adjacent obligations (NIST AI RMF, EU AI Act, ISO 42001, OWASP LLM Top-10, SR 11-7) for a single AIR id.
- **Audit-chain verification** — re-derive the hash chain over the engine + agent append-only audit tables and confirm there has been no tamper.

## CLI

| Command | Purpose |
|---|---|
| `bondfoundry-finos mapping` | Emit AIR-id → implementation mapping (markdown or JSON; `--enrich` adds cross-framework refs). |
| `bondfoundry-finos coverage` | Compute AIGF risk coverage from latest eval report; fail under threshold. |
| `bondfoundry-finos evidence-pack` | Bundle audit rows, eval results, and mappings for a reporting period. |
| `bondfoundry-finos verify-chain` | Re-derive and verify the engine + agent audit hash chains. |
| `bondfoundry-finos verify-restore` | Validate a database dump restores to a hash-identical chain. |
| `bondfoundry-finos catalog-coverage` | Coverage check against the AIR risk + mitigation catalog. |
| `bondfoundry-finos submission render` | Render canonical `mi-*.md` mitigation pages for FINOS upstream PR. |
| `bondfoundry-finos badges` | Generate shields.io badge JSON (coverage, AIGF version, status). |
| `bondfoundry-finos cross-framework` | Emit the crosswalk between AIR ids and adjacent frameworks. |

## Where it fits

`bondfoundry-finos` depends on [`bondfoundry-policy`](https://pypi.org/project/bondfoundry-policy/) for the canonical AIR risk and mitigation ids, and optionally on [`bondfoundry-engine`](https://pypi.org/project/bondfoundry-engine/) and [`bondfoundry-eval`](https://pypi.org/project/bondfoundry-eval/) for audit fixtures and eval output. It is import-safe to use standalone in any system whose policy gate exports `FrameworkRef` objects.

## Frameworks covered

FINOS AIGF v2.0 (23/23 risks, 6 agentic + 7 cross-cutting mitigations), NIST AI RMF, NIST SP 800-53r5, EU AI Act, ISO/IEC 42001, FFIEC IT Handbook, OWASP LLM Top-10 (2025), MAS FEAT/Veritas, SR 11-7.

## Links

- Documentation: <https://bondfoundry.dev>
- Source: <https://github.com/Skelf-Research/bondfoundry>
- Issues: <https://github.com/Skelf-Research/bondfoundry/issues>
- Changelog: <https://github.com/Skelf-Research/bondfoundry/blob/main/ROADMAP.md>
- FINOS AIR: <https://air.finos.org/>

## License

MIT — see [LICENSE](./LICENSE).
