Depth-tracked encrypted audit primitives for privacy-preserving AI governance.
An open-source Python library for generating signed, parameter-bound technical evidence for fairness, drift, calibration, provenance, concordance, and model-disagreement audits — with a plaintext slot-vector reference path and an optional TenSEAL CKKS execution path. Maintained by VaultBytes Innovations Ltd.
Six audit primitives, each implemented as a depth-tracked circuit over an internal slot-vector model. Every primitive runs in plaintext by default. The optional [fhe] extra installs TenSEAL and lets the same primitives execute under CKKS for inputs that must remain encrypted at the auditor.
| Primitive | API | Module | Depth | Purpose |
|---|---|---|---|---|
| Fairness | audit_fairness |
egf_imss |
4 | Demographic parity, equal opportunity, predictive parity |
| Provenance | audit_provenance |
etk_fpa_hbc |
3 | Top-K training-data provenance histogram |
| Concordance | audit_concordance |
esc_cia |
4 | Harrell C-index for survival / risk models |
| Calibration | audit_calibration |
ecp_qssp |
3 | Conformal prediction-set calibration |
| Drift | audit_drift |
ew1_cdsf |
3 | CDF-distance drift statistic |
| Disagreement | audit_disagreement |
ecmd_jps |
5 | Cross-model disagreement over surrogate models |
A run produces a signed audit envelope with canonical JSON, parameter-set hashes, input commitments, and a SHA-256 receipt. Two audiences are served by the same surface area: the audited entity (client) running audit_* primitives, and the regulator or external auditor running verify_receipt(...).
The v0.0.7 release gate runs end-to-end on a fresh checkout in CI. It is the first signal we expect a reviewer to read.
py_compile across modulesimport regaudit_fhe--helpWe track scope honestly. The library is open for technical review. It is not a regulator-endorsed product, has not been independently audited, and does not by itself produce legal compliance.
| Area | Status |
|---|---|
| Syntax / imports / tests | Verified by CI |
| Plaintext primitives (six) | Implemented |
| TenSEAL CKKS backend | Implemented |
| Signed audit envelopes (Ed25519) | Implemented |
| JSON schemas | Implemented |
| Reproducible benchmark harness | Included in repo |
| Independent cryptography review | Not yet performed |
| Regulator endorsement | None claimed |
| Production compliance certification | Not claimed |
regaudit-fhe produces technical evidence — encrypted scalars, signed envelopes, parameter-set hashes, and depth-budget attestations — that may support compliance workflows in jurisdictions including the EU AI Act, NYC LL144, the Colorado AI Act, FDA SaMD, OCC SR 11-7, GDPR, HIPAA, and 21 CFR Part 11. It does not constitute legal compliance, conformity assessment, regulatory acceptance, or a recognised audit. Read COMPLIANCE.md for the binding scope statement.
regaudit-fhe is distributed under AGPL-3.0-or-later. The source repository, packaging, and reference benchmarks are all open.
Commercial licensing and integration support are available for regulated deployments that cannot adopt AGPL terms — b@vaultbytes.com.