Metadata-Version: 2.4
Name: coreason_auditor
Version: 0.2.0
Summary: coreason-auditor
License: # The Prosperity Public License 3.0.0
         
         Contributor: CoReason, Inc.
         
         Source Code: https://github.com/CoReason-AI/coreason_auditor
         
         ## Purpose
         
         This license allows you to use and share this software for noncommercial purposes for free and to try this software for commercial purposes for thirty days.
         
         ## Agreement
         
         In order to receive this license, you have to agree to its rules.  Those rules are both obligations under that agreement and conditions to your license.  Don't do anything with this software that triggers a rule you can't or won't follow.
         
         ## Notices
         
         Make sure everyone who gets a copy of any part of this software from you, with or without changes, also gets the text of this license and the contributor and source code lines above.
         
         ## Commercial Trial
         
         Limit your use of this software for commercial purposes to a thirty-day trial period.  If you use this software for work, your company gets one trial period for all personnel, not one trial per person.
         
         ## Contributions Back
         
         Developing feedback, changes, or additions that you contribute back to the contributor on the terms of a standardized public software license such as [the Blue Oak Model License 1.0.0](https://blueoakcouncil.org/license/1.0.0), [the Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html), [the MIT license](https://spdx.org/licenses/MIT.html), or [the two-clause BSD license](https://spdx.org/licenses/BSD-2-Clause.html) doesn't count as use for a commercial purpose.
         
         ## Personal Uses
         
         Personal use for research, experiment, and testing for the benefit of public knowledge, personal study, private entertainment, hobby projects, amateur pursuits, or religious observance, without any anticipated commercial application, doesn't count as use for a commercial purpose.
         
         ## Noncommercial Organizations
         
         Use by any charitable organization, educational institution, public research organization, public safety or health organization, environmental protection organization, or government institution doesn't count as use for a commercial purpose regardless of the source of funding or obligations resulting from the funding.
         
         ## Defense
         
         Don't make any legal claim against anyone accusing this software, with or without changes, alone or with other technology, of infringing any patent.
         
         ## Copyright
         
         The contributor licenses you to do everything with this software that would otherwise infringe their copyright in it.
         
         ## Patent
         
         The contributor licenses you to do everything with this software that would otherwise infringe any patents they can license or become able to license.
         
         ## Reliability
         
         The contributor can't revoke this license.
         
         ## Excuse
         
         You're excused for unknowingly breaking [Notices](#notices) if you take all practical steps to comply within thirty days of learning you broke the rule.
         
         ## No Liability
         
         ***As far as the law allows, this software comes as is, without any warranty or condition, and the contributor won't be liable to anyone for any damages related to this software or this license, under any kind of legal claim.***
License-File: LICENSE
License-File: LICENSE_HEADER.txt
License-File: NOTICE
Author: Gowtham A Rao
Author-email: gowtham.rao@coreason.ai
Requires-Python: >=3.11
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: OS Independent
Requires-Dist: aiofiles (>=23.2.1,<24.0.0)
Requires-Dist: anyio (>=4.12.1,<5.0.0)
Requires-Dist: coreason-identity (>=0.1.0,<0.2.0)
Requires-Dist: cryptography (>=46.0.3,<47.0.0)
Requires-Dist: cyclonedx-python-lib (>=11.6.0,<12.0.0)
Requires-Dist: httpx (>=0.28.1,<0.29.0)
Requires-Dist: loguru (>=0.7.2,<0.8.0)
Requires-Dist: pydantic (>=2.12.5,<3.0.0)
Requires-Dist: pydantic-settings (>=2.12.0,<3.0.0)
Requires-Dist: pyyaml (>=6.0.3,<7.0.0)
Requires-Dist: reportlab (>=4.4.7,<5.0.0)
Project-URL: Documentation, https://github.com/CoReason-AI/coreason_auditor
Project-URL: Homepage, https://github.com/CoReason-AI/coreason_auditor
Project-URL: Repository, https://github.com/CoReason-AI/coreason_auditor
Description-Content-Type: text/markdown

# coreason-auditor

**Regulatory Compliance, AI-BOM Generation, & Audit Trail Reporting for the CoReason Ecosystem.**

[![License](https://img.shields.io/badge/license-Prosperity%203.0-blue)](https://prosperitylicense.com/versions/3.0.0)
[![CI](https://github.com/CoReason-AI/coreason_auditor/actions/workflows/main.yml/badge.svg)](https://github.com/CoReason-AI/coreason_auditor/actions)
[![Code Style: Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
[![Documentation](https://img.shields.io/badge/docs-Product%20Requirements-blue)](docs/product_requirements.md)

---

**"If it isn't documented in a PDF, it didn't happen. Turn logs into Law."**

`coreason-auditor` is the automated reporting engine for the CoReason ecosystem. It bridges the gap between "Technical Logging" (JSON streams) and "Regulatory Submission" (Human-readable documents) by generating cryptographically signed Audit Packages.

## Features

Based on the [Product Requirements](docs/product_requirements.md):

*   **Traceability Engine:** Maps Requirements $\to$ Tests $\to$ Results (RTM). Fails generation if critical requirements are uncovered.
*   **AI-BOM Generator:** Creates Software Bill of Materials (CycloneDX Standard) for models, data lineage, and dependencies.
*   **Session Replayer:** Forensic tool that reconstructs user sessions, displaying hidden "Thought Chains" and "Tool Calls" alongside user input.
*   **21 CFR Part 11 Signer:** Applies digital signatures to exported reports for immutability and authenticity.
*   **Deviation Reporting:** Prioritizes failures and interventions (Exception-First Reporting).

## Installation

```bash
pip install coreason-auditor
```

## Usage

```python
from pathlib import Path
from coreason_auditor.orchestrator import AuditOrchestrator
from coreason_auditor.models import AgentConfig, AssayReport, BOMInput

# Initialize Orchestrator (Dependencies injected via DI container in production)
orchestrator = AuditOrchestrator(...)

# Load Inputs
agent_config = AgentConfig(...)
assay_report = AssayReport(...)
bom_input = BOMInput(...)

# Generate Signed Audit Package
package = orchestrator.generate_audit_package(
    agent_config=agent_config,
    assay_report=assay_report,
    bom_input=bom_input,
    user_id="compliance_officer_01",
    agent_version="1.2.0"
)

# Export to PDF
orchestrator.export_to_pdf(package, "audit_report_v1.2.0.pdf")
```

For CLI usage:

```bash
python -m coreason_auditor.main \
  --agent-config agent.yaml \
  --assay-report assay_report.json \
  --bom-input bom_input.json \
  --output report.pdf \
  --agent-version 1.0.0
```

## License

Copyright (c) 2025 CoReason, Inc.
Licensed under the **Prosperity Public License 3.0**.
See [LICENSE](LICENSE) for details.

