Your auditor called. You're ready.
Turns the hash-chained audit trail from ZLAR Gate into compliance reports. PCI-DSS, SOC 2, OSFI B-13, SOX, EU AI Act โ mapped and formatted. Hash chain verification included.
| Command | What it does |
|---|---|
| summary | Overview of events, decisions, and risk distribution for a time period |
| query | Filter audit events by domain, action, risk level, time range, or regex |
| verify | Verify the SHA-256 hash chain โ detect tampering or gaps |
| export | Export audit data as CSV, JSON, JSONL, or Splunk CIM format |
| report | Generate full compliance, incident, or executive summary reports |
| digest | Generate daily, weekly, or monthly digest for scheduled reporting |
Full HTML report with framework mapping table. Shows which audit events map to which compliance controls across all supported frameworks.
Denied and high-risk events for security review. Timeline of blocked actions, risk scores, policy rules matched, and agent identifiers.
One-page overview for board reporting. Total actions, allow/deny ratio, high-risk events, hash chain integrity, and trend lines.
Reports are HTML, designed for browser print-to-PDF. All report data is derived from the ZLAR Gate audit trail โ what the gate observed, formatted for human consumption.
| Framework | What AU covers |
|---|---|
| PCI-DSS 10 | Audit log requirements โ all access to cardholder data, tool calls, policy decisions, admin actions |
| SOC 2 | Availability, security, and change management โ tool call audit trail, deny events, policy version history |
| OSFI B-13 | Technology risk and operational resilience โ agent action logging, risk scoring, incident-level events |
| SOX | IT general controls โ access logs, change controls, segregation of duties evidence from audit trail |
| EU AI Act | High-risk AI system logging requirements โ decision records, human oversight events, risk classifications |
| Format | Best for |
|---|---|
| CSV | Auditor analysis in Excel or Google Sheets |
| JSON | Structured data for custom processing or dashboards |
| JSONL | Filtered raw audit trail โ subset of original events |
| Splunk CIM | Drop into your SIEM using Common Information Model field mapping |
ZLAR Gate writes every audit event with a SHA-256 hash that includes the previous event's hash. This creates a chain: if any event is modified or deleted, all subsequent hashes become invalid.
zlar-au verify walks the entire chain and reports the first broken link, if any.
What it proves: The audit trail has not been modified since it was written.
What it doesn't prove: That the gate recorded everything. The hash chain protects against post-hoc modification, not against a compromised gate that failed to log events in the first place. See Legal for complete terms.
HTML reports only. Reports are designed for browser print-to-PDF. There is no native PDF generation.
Splunk CIM mapping is best-effort. Validate against your schema before ingestion into a production SIEM.
Reports reflect what the gate observed. They do not constitute a guarantee of complete containment or a compliance certification.
Compliance mappings are informational. ZLAR-AU does not guarantee compliance with PCI-DSS, SOC 2, OSFI B-13, SOX, or the EU AI Act. Consult qualified professionals for formal compliance guidance.
The tool reduces compliance burden. It does not replace professional audit guidance.
| Product | Platform | What it does |
|---|---|---|
| ZLAR-OC | OpenClaw | OS-level containment โ user isolation, kernel sandbox, pf firewall, gate daemon, signed policy, audit trail |
| ZLAR-CC | Claude Code | Hook-based gate โ tool-call interception, risk classification, signed policy, Telegram approval |
| ZLAR Gate | Claude Code + Cursor + Windsurf | Universal gate โ one policy across multiple editors, framework-specific adapters |
| ZLAR-LT | Claude Code + Cursor + Windsurf | Zero-config governance โ one command, instant protection, deny-heavy defaults |
| ZLAR-AU | ZLAR Gate audit trail | Compliance reporting โ hash chain verification, framework mapping, Splunk export |
| ZLAR-NT | Cross-platform | Network egress policy โ destination-aware, domain-level, gate-integrated |
| ZLAR-FL | Cross-platform | Fleet governance โ registry, health monitoring, audit aggregation, policy comparison |
Built by Vincent Nijjar and ZLAR Inc.
Open source under Apache License 2.0. Free to use, modify, and distribute.