Tork

Feature

Compliance Receipts

Every AI operation generates an HMAC-signed, tamper-evident receipt. Prove to auditors exactly what policies were applied, when, and with what result—with cryptographic certainty.

What's In A Receipt?

compliance_receipt.json

{
  "receipt_id": "rcpt_a3f2c1b8d4e5f6a7",
  "timestamp": "2025-01-01T12:00:00.000Z",
  "version": "1.0",
  
  "evaluation": {
    "decision": "REDACT",
    "policies_applied": ["pii-protection", "content-safety"],
    "policies_passed": ["content-safety"],
    "policies_triggered": ["pii-protection"],
    "duration_ms": 3
  },
  
  "content": {
    "input_hash": "sha256:a3f2c1...",
    "output_hash": "sha256:b4e5d6...",
    "pii_detected": ["email", "phone"],
    "redaction_count": 2
  },
  
  "context": {
    "user_id": "user_123",
    "session_id": "sess_456",
    "endpoint": "/api/chat",
    "framework": "langchain"
  },
  
  "signature": {
    "algorithm": "HMAC-SHA256",
    "hmac": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9..."
  }
}

Tamper-Evident Signatures

Valid Receipt

HMAC signature matches. Receipt has not been modified since creation.

Tampered Receipt

HMAC mismatch detected. Someone has modified the receipt data.

Verify a receipt

from tork import ComplianceReceipt

receipt = ComplianceReceipt.load("receipt.json")

# Verify signature integrity
is_valid = receipt.verify(secret_key="your-signing-key")

if is_valid:
    print("Receipt is authentic and unmodified")
else:
    print("WARNING: Receipt has been tampered with!")

Flexible Storage

Local Files

Free

JSON files on disk. Simple, no dependencies.

PostgreSQL

Free

Relational database with full query support.

Cloud Storage

Starter

S3, GCS, or Azure Blob with automatic rotation.

Tork Cloud

Starter

Managed storage with dashboard and analytics.

Webhook

Pro

Real-time delivery to your SIEM or logging system.

Custom

Enterprise

Implement your own storage adapter.

Audit-Ready Documentation

SOC 2 Type II

Demonstrate continuous monitoring and policy enforcement over time

GDPR Article 30

Records of processing activities with data minimization proof

HIPAA Audit Trail

Track all access to PHI with timestamped evidence

Internal Compliance

Prove to legal/compliance teams that AI is governed

Incident Response

Forensic evidence for investigating AI-related incidents

Build Your Audit Trail

Start generating compliance receipts today.

Start Free Trial View on GitHub