Agent Governance Evidence Pack

Evidence for
AI-agent change governance.

Roam exports a tamper-evident record of every code change an agent made on your repo: which agent touched what, what context it read before editing, which risks it accepted vs mitigated, who authorized risky edits, and which tests closed the loop. The pack supports audit review against SOC 2, ISO 42001, NIST AI RMF, and EU AI Act Article 12 record-keeping expectations — without claiming certification against any of them.

See a sample report Control mapping

Built on the free Apache 2.0 CLI · Evidence stays on your machine and hash-verifies offline · Tamper-evident ledger (HMAC-chained) · Proof bundles signed with in-toto v1

What's in the pack

Five evidence types, one bundle, all generated from the local ledger Roam already keeps when agents run against the CLI or MCP server. Nothing to instrument; the substrate is already in the free CLI.

1. Which agents changed what Per-run ledger: agent identity, model, session, repo SHA at start/end, every command executed, every file touched. Sourced from roam runs with HMAC chain verification.
2. What context each agent read Proof bundle records the symbols, files, and graph queries the agent consumed before editing — roam preflight, roam impact, roam context calls all logged with their results, timestamps, and bundle handles.
3. Risks accepted vs mitigated For each risky edit: the gate verdict (preflight blast radius, complexity, fitness), whether the agent acted on it or overrode it, and the test or critique result that supported the decision. roam pr-bundle emit closes the bundle with the explicit risk ledger.
4. Authorization trail for risky edits When the constitution requires human authorization (autonomous_pr mode disabled, or a policy clause triggered), the lease record names the human approver, the authorized scope, and the timestamp. Re-runs are blocked until a new lease is claimed.
5. Test closure per risk Each risk entry in the bundle links to the test run that closed it — either a pre-existing test the change preserved, or a new test the agent added. Bundles failing to close a high-severity risk are marked partial_success: true and surface in the report.
+ Replay narrative roam replay <run_id> renders the full transcript as a human-readable narrative — useful when a reviewer or auditor wants the story behind a specific PR without reading the raw JSON ledger.

All five evidence types ship as JSON (machine-readable), Markdown (human-readable), and a signed in-toto v1 attestation (cryptographically verifiable with cosign).

Sample report

See the full Governance Pack sample report for a complete deliverable example, with worked control-mapping table and disclaimer block. The pack format mirrors the PR Replay sample report: per-run sections, aggregated risk tables, control-mapping appendix, and the underlying signed JSON ledger. For a redacted draft on your repository, email [email protected].

  1. 1 Generate locally. The free CLI emits every evidence type. Pipe roam runs verify, roam pr-bundle emit --strict, and roam agent-score into the render template; the substrate is in src/roam/runs/ and src/roam/pr_bundle/.
  2. 2 Optional founder review. Commission a written report against your last 30 or 90 agent runs the same way the PR Replay engagement is structured. Same engine, same temporary-clone handling, same DPA, same no-training commitment.
  3. 3 Hand to your auditor. The pack lands as Markdown + PDF + signed JSON. The reviewer can verify the HMAC chain on the ledger and the cosign signature on each bundle without contacting us. The IP is yours; share it inside the audit scope without restriction.

Control mapping

Roam evidence to the controls auditors look for. The mapping documents what the pack supports; it does not claim formal conformity with any framework. Your auditor judges fit for your scope.

Roam evidence SOC 2 CC8.1 ISO/IEC 42001 NIST AI RMF EU AI Act Art. 12
Per-run ledger (HMAC-chained agent timeline) CC8.1 change tracking A.8.3 operational records Govern 1.4, Map 4.1 Automatic record-keeping
Proof bundle (context the agent read) CC8.1 change rationale A.6.2.2 design rationale Measure 2.8 traceability Traceability of decisions
Risk ledger (accepted vs mitigated) CC3.2 risk identification A.5.4 risk treatment Manage 1.3 risk response Risk-management evidence
Authorization trail (leases + mode gates) CC6.3 access authorization A.6.1.2 authorization Govern 2.1 roles Human-oversight evidence
Test closure per risk CC8.1 change verification A.8.4 verification Measure 2.5 validation Post-change verification
in-toto v1 attestation + cosign signature CC7.2 evidence integrity A.8.5 evidence integrity Measure 2.7 integrity Tamper-evident logs

Framework references: SOC 2 Trust Services Criteria (AICPA, 2017 with 2022 revisions); ISO/IEC 42001:2023 AI management system; NIST AI Risk Management Framework 1.0 (Jan 2023); EU Regulation 2024/1689 (AI Act), Article 12 "Record-keeping". Mapping is for evidence support; your conformity assessment is a separate engagement with qualified counsel and auditors.

Evidence support, not certification Roam Code provides evidence-export and control-mapping support for AI-agent change governance. This is evidence support, not formal certification. Roam does not perform compliance attestation; consult qualified counsel and auditors for formal certification against any framework.
Article 12 framing EU AI Act Article 12 (record-keeping) attaches to providers of high-risk AI systems listed in Annex III. Code-generation tooling is not itself in Annex III. If your own product is a high-risk AI system, the pack's tamper-evident ledger is useful evidence for the Article 12 record-keeping expectation and the Article 14 human-oversight expectation. The classification call is for you and your DPO.
Scope The pack documents what an agent did against the local repository. It does not cover model-training evidence, dataset provenance, or production runtime behaviour. Those are outside Roam's measurement surface and require separate evidence.
EU-based, GDPR-native Built in Athens. Made in the EU. The CLI runs entirely on your machine; nothing leaves the local environment. See the security policy, the trust & compliance posture page for named timelines on SOC 2 and ISO 42001, and the procurement packet for the DPA, no-training commitment, and supply-chain posture.

Want a redacted sample on a real repository, or a quote for a written governance pack against your last 30 or 90 agent runs? Email [email protected] — same engagement shape as the PR Replay service, same DPA, same no-training commitment.