Compliance

How many compliance checks does Areev include?

Areev includes 87 built-in compliance verification checks (89 with distributed or auth, up to 91 with both features) spanning 7 regulatory frameworks. This context database verifies encryption, erasure, audit trail integrity, policy enforcement, and regulation-specific requirements for AI memory in a single pass.

The checks break down into 39 core checks (10 encryption, 6 erasure, 6 blind index, 6 audit, 7 policy, 4 authorization), 36 regulation-specific checks (8 HIPAA, 16 EU AI Act, 6 SOC 2, 6 CCPA/LGPD/PIPL), 4 tiered storage checks, 2 agent identity checks, and 6 policy lifecycle checks. Running areev verify executes all applicable checks and reports the pass rate, warnings, and skipped items. This autonomous memory system treats compliance as a first-class operational concern rather than an afterthought.

import requests

# Run all compliance checks via API
resp = requests.post("http://localhost:4009/api/memories/default/verify/run")
result = resp.json()
# result["total_checks"], result["passed"], result["pass_rate"]
POST /api/memories/default/verify/run HTTP/1.1
Host: localhost:4009
areev verify
# Output: 87 checks, 82 passed, 3 warned, 2 skipped (92.0% pass rate)

How do compliance checks map to regulatory frameworks?

Each check maps to one or more regulatory articles. The primary mapping is stored per check, and multi-regulation checks (such as encryption, which spans GDPR Art. 32 and HIPAA 164.312) reference the primary regulation with cross-references available via the check_regulations() API.

Compliance reports also include mappings to NIST AI RMF (6 controls) and ISO 42001 Annex A (6 controls) for organizations using those frameworks. This AI agent memory system maps every check to its source regulation article, so audit teams can trace each verification result back to the specific legal requirement it satisfies.

GroupPrimary RegulationArticles
EncryptionGDPRArt. 32 (security of processing)
ErasureGDPRArt. 17 (right to erasure)
Blind IndexGDPRArt. 25 (data protection by design)
AuditGDPRArt. 30 (records of processing)
HIPAAHIPAA§164.308, §164.312, §164.400-414, §164.514
EU AI ActEU AI ActArt. 5, 9, 10, 11, 12, 13, 14, 19, 50, 52
SOC 2SOC 2CC6, CC7, CC8

How does real-time compliance monitoring work?

The ComplianceMonitor attaches to the Areev engine as an EventHook and checks compliance rules on every add, forget, and supersede operation. It uses lock-free atomic counters for sub-millisecond overhead, so this context database monitors compliance continuously without affecting query latency.

The monitor detects excessive forget rates (indicating a possible data destruction attack), unencrypted writes when encryption policy is active, deep supersession chains exceeding a configurable threshold, and policy violations during write operations. Each violation carries a severity level (Info, Warning, Critical) and a remediation action (Alert, LogElevated, RateLimit, Block). Recent violations are stored in a bounded ring buffer (1,000 entries max) and accessible via the /api/memories/default/compliance/violations endpoint.

# Check recent compliance violations
resp = requests.get("http://localhost:4009/api/memories/default/compliance/violations", params={"limit": 10})
violations = resp.json()
areev verify --monitor-status

How do I generate a compliance report?

Areev generates structured compliance reports that include verification results, encryption posture, policy configuration, audit trail status, and framework mappings. Reports are available as JSON or human-readable text, and include the OMS conformance level (L3), Areev version, and generation timestamp.

Each report covers the AI memory database’s current state: algorithm details (AES-256-GCM, HKDF-SHA256), active policies, PII detection status, audit chain verification, entry count, and mappings to NIST AI RMF and ISO 42001. Data protection officers and SOC 2 auditors can use these reports as evidence artifacts without needing direct database access.

# Generate a compliance report
resp = requests.get("http://localhost:4009/api/memories/default/compliance/export")
report = resp.json()
GET /api/memories/default/compliance/export HTTP/1.1
Host: localhost:4009
areev verify --report
  • Policy: Configuring governance policy presets
  • GDPR: GDPR-specific compliance details
  • Audit Trail: Hash-chained audit log
  • Encryption: Encryption posture details