Compliance

What does the Govern section include?

The Govern section in the Console sidebar contains two views: Compliance (route: /memories/:id/verify) for automated compliance checks and policy management, and Audit (route: /memories/:id/audit) for the hash-chained audit trail and recall provenance tracking.

Compliance view

The Compliance view has two tabs: Checks and Policies.

The Checks tab runs automated compliance verification across seven regulatory frameworks and displays results as a dashboard. The top shows total checks passed alongside severity counters (critical, warning, info). Filter pills let you narrow by regulation. Each violation is expandable with details, affected namespaces, and remediation guidance. Click “Run Verification” to trigger a fresh compliance scan via the POST /api/memories/{memory_id}/verify/run endpoint. Results are retrieved from GET /api/memories/{memory_id}/verify/latest and compliance metrics from GET /api/memories/{memory_id}/compliance/metrics.

The Policies tab displays the active governance policy configuration including encryption requirements, consent level, erasure support, audit requirements, PII/PHI detection settings, and retention periods. Policy history shows a timeline of policy changes with diffs. You can simulate policy changes to preview their impact before applying them via POST /api/memories/{memory_id}/policy/simulate.

Audit view

The Audit view has two tabs: Trails and Provenance.

The Trails tab displays a hash-chained, tamper-evident event log of all operations performed on the context database. Events use dot-notation types (e.g., memory.added, memory.recalled, memory.forgotten, consent.granted, consent.revoked, key.rotated, key.destroyed, policy.upgraded, authz.granted). Each entry shows the event type, description, actor, timestamp, and block hash. The chain integrity is verified — a green indicator confirms the hash chain is unbroken.

The Provenance tab tracks recall provenance: every query the engine has served, which grains were returned, score breakdowns (BM25, vector, RRF, interference penalty, recency decay), and latency. This allows you to audit exactly why a particular grain was (or was not) included in a recall result.

How do I review the audit trail?

Filter the audit trail table by event type, time range, or search text to inspect specific events, then click any row to see the full event detail.

The audit trail captures every operation performed on AI memory grains in the context database. Each event is immutable — once written, it cannot be modified or deleted, even by administrators. In distributed mode, audit events are replicated via Raft to all nodes.

# Equivalent API call for querying audit events (replace {memory_id} with your memory ID)
curl -s "http://localhost:4009/api/memories/{memory_id}/audit?event_type=memory.forgotten&limit=50"

# Filter by time range (epoch milliseconds)
curl -s "http://localhost:4009/api/memories/{memory_id}/audit?from=1735689600000&to=1740873600000"

# Search text in audit details
curl -s "http://localhost:4009/api/memories/{memory_id}/audit?query=encryption&limit=20"

How do I manage consent records?

Consent is managed through consent-type grains. The Compliance view’s Checks tab includes consent-related compliance checks that flag missing or inconsistent consent records.

Consent records are first-class objects in the context database. When a subject grants consent for a processing scope, the autonomous memory engine records a consent.granted audit event and begins enforcing the consent scope on all subsequent writes and recalls for that subject. When consent is withdrawn, a consent.revoked event is emitted and the engine stops returning grains that require the revoked consent scope.

You can also check consent status programmatically via the GET /api/memories/{memory_id}/consent/status endpoint, or grant and revoke consent via POST /api/memories/{memory_id}/consent/grant and POST /api/memories/{memory_id}/consent/revoke.

# Grant consent via the dedicated consent endpoint
import requests
memory_id = "my-memory"
requests.post(f"http://localhost:4009/api/memories/{memory_id}/consent/grant", json={
    "subject": "user-123",
    "scope": "personalization",
    "basis": "explicit_consent"
})

# Revoke consent
requests.post(f"http://localhost:4009/api/memories/{memory_id}/consent/revoke", json={
    "subject": "user-123",
    "scope": "personalization"
})

# Alternatively, add a consent grain directly
requests.post(f"http://localhost:4009/api/memories/{memory_id}/add", json={
    "grain_type": "consent",
    "fields": {
        "subject_did": "user-123",
        "grantee_did": "agent-456",
        "scope": "personalization",
        "basis": "explicit_consent",
        "is_withdrawal": False
    }
})

Related

• Console: Console overview and setup
• Policy: Policy preset configuration details
• Audit Trail: Audit event schema and retention
• Explorer: Browse and inspect grains