ABS Core
Features

ComplyChain

Automated Compliance Reporting & Audit Translation

ComplyChain (MVP)

ComplyChain transforms raw audit logs into human-readable compliance reports (SOC2, GDPR, ISO27001) using advanced LLM analysis.

Instead of handing your auditor a CSV with a million rows of JSON logs, ComplyChain generates a narrative report that explains why accessing that file was blocked or how your agents are respecting data privacy.

Key Features

  • Automated Reporting: Generate PDF/Markdown reports on demand.
  • Narrative Analysis: Uses Gemini 1.5 Flash to explain technical events in plain English.
  • Multi-Standard: Support for SOC2 (CC6.1), GDPR (Art. 32), and ISO27001.
  • Key Rotation: High availability with automatic API key rotation and failover.

Usage (MCP Tool)

You can generate reports directly from your authorized LLM interface using the abs_generate_report tool.

Example Prompt

"Generate a SOC2 compliance report for all agent activities in the last 24 hours."

Tool Spec

{
  "name": "abs_generate_report",
  "description": "Generates a compliance report (SOC2/GDPR) from audit logs.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "standard": {
        "type": "string",
        "enum": ["SOC2", "GDPR", "ISO27001"],
        "description": "The compliance standard to report against."
      },
      "timeRange": {
        "type": "string",
        "description": "Time range for logs (e.g., '24h', '7d')."
      }
    },
    "required": ["standard"]
  }
}

Architecture

  1. Ingestion: ReporterService fetches raw AuditEvent logs from the immutable ledger.
  2. Sanitization: PII is masked before analysis.
  3. Analysis: The comply-chain engine sends the sanitized context to the LLM (Gemini).
  4. Generation: The LLM compares the logs against the requested standard's controls and writes the report.

Reliability & async safety

As of v10.1.5, two reliability fixes were applied to the ReporterService:

  • Missing await: The async call to fetch audit events was not awaited, causing reports to be generated against an empty event set. Fixed — all async operations are now correctly awaited.
  • Unknown type handling: The raw LLM API response was unsafely cast to the internal AuditEvent type. A proper runtime type guard now validates the response shape before processing, preventing silent data corruption in edge cases (e.g., partial Gemini responses or API schema changes).

These fixes are included in v10.1.5 and require no configuration changes.

Status: Alpha (MVP)
Supported Models: Google Gemini 1.5 Flash

MCP Integration

Model Context Protocol Server for Autonomous Agents

Token Budget Guardian

Prevent runaway AI agent spending. Set cost limits in BRL, detect subagent loops, and receive alerts before budgets are exhausted.

On this page

ComplyChain (MVP)Key FeaturesUsage (MCP Tool)Example PromptTool SpecArchitectureReliability & async safety