ABS Core v3.5.0

ComplyChain

Automated Compliance Reporting & Audit Translation

ComplyChain transforms raw audit logs into human-readable compliance reports (SOC2, GDPR, ISO27001) using automated analysis.

Instead of manual review of JSON logs, ComplyChain generates structured reports that explain policy enforcement and data access patterns in plain language.

Key Features

  • Automated Reporting: Generate PDF/Markdown compliance summaries on demand.
  • Context-Aware Analysis: Explains technical events in business terms.
  • Multi-Standard Support: Pre-built mappings for SOC2, GDPR, and ISO27001.
  • Privacy First: Automatic PII masking before data processing.

Usage (MCP Tool)

You can generate reports directly from your authorized LLM interface using the abs_generate_report tool.

Example Prompt

"Generate a SOC2 compliance report for all agent activities in the last 24 hours."

Tool Spec

{
  "name": "abs_generate_report",
  "description": "Generates a compliance report (SOC2/GDPR) from audit logs.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "standard": {
        "type": "string",
        "enum": ["SOC2", "GDPR", "ISO27001"],
        "description": "The compliance standard to report against."
      },
      "timeRange": {
        "type": "string",
        "description": "Time range for logs (e.g., '24h', '7d')."
      }
    },
    "required": ["standard"]
  }
}

Architecture

  1. Ingestion: ReporterService fetches raw AuditEvent logs from the immutable ledger.
  2. Sanitization: PII is masked before analysis.
  3. Analysis: The comply-chain engine sends the sanitized context to the LLM (Gemini).
  4. Generation: The LLM compares the logs against the requested standard's controls and writes the report.

Reliability & async safety

As of v3.0.0, two reliability fixes were applied to the ReporterService:

  • Missing await: The async call to fetch audit events was not awaited, causing reports to be generated against an empty event set. Fixed — all async operations are now correctly awaited.
  • Unknown type handling: The raw LLM API response was unsafely cast to the internal AuditEvent type. A proper runtime type guard now validates the response shape before processing, preventing silent data corruption in edge cases (e.g., partial Gemini responses or API schema changes).

These fixes are included in v3.0.0 and require no configuration changes.

Status: Alpha (MVP)
Supported Models: Google Gemini 1.5 Flash

On this page

Key FeaturesUsage (MCP Tool)Example PromptTool SpecArchitectureReliability & async safety