Compliance
Read compliance posture, generate Annex IV reports, and verify Flare attestations.
These endpoints expose the compliance engine: framework-by-framework readiness, exportable evidence, and public attestation verification.
Palveron is not itself certified under SOC 2, ISO 27001, ISO 42001, or HIPAA. The platform provides controls, evidence, and reporting so that your project can pursue and maintain those certifications — the framework listings below describe what Palveron supports, not certifications Palveron holds.
GET /api/v1/compliance/dashboard
Returns the current readiness state for every framework that customers can enable on the project — Palveron supports controls for EU AI Act, DORA, NIST AI RMF, GDPR, HIPAA, SOC 2, ISO 27001, ISO 42001, OWASP, Singapore PDPA, Colorado AI Act, and more.
{
"frameworks": [
{
"id": "eu_ai_act",
"name": "EU AI Act",
"readiness_pct": 0.87,
"missing_controls": 2,
"implemented_controls": 18,
"enforced_controls": 14
}
],
"controls": [
{
"id": "ctrl.shadow_ai.asset_inventory",
"status": "enforced",
"frameworks": ["eu_ai_act", "dora", "nist_ai_rmf"]
}
]
}Statuses: missing, documented, partial, implemented, enforced. Use enforced to drive your "audit-ready" gauge.
GET /api/v1/compliance/report
GET /api/v1/compliance/report?framework=eu_ai_act&format=pdf| Query | Default | Values |
|---|---|---|
framework | — (required) | eu_ai_act, dora, nist_ai_rmf, gdpr, … |
format | pdf | pdf, json |
as_of | now | ISO 8601 timestamp — generates a report frozen at that point in time |
Generates an Annex IV-conforming PDF (or its JSON source) bundling: project metadata, agent inventory, policy catalogue with versions, recent traces, FRIA documents, incident reports, and Flare anchor proofs. Streamed as application/pdf or returned inline JSON.
POST /api/v1/verify-proof
Public endpoint — no authentication required. Given a trace ID or integrity hash, returns its Flare anchor proof and the verification result.
{
"trace_id": "trc_01HVB...",
"integrity_hash": "sha256:...",
"flare_tx_hash": "0x...",
"merkle_proof": ["0x...", "0x..."],
"verified": true,
"network": "flare_mainnet"
}Use this to let external auditors independently confirm a governance decision against the blockchain without an account on your project.
POST /api/v1/compliance/incidents
Report a compliance incident (EU AI Act Art. 73 — serious incident reporting).
{
"agent_id": "agent_...",
"severity": "HIGH",
"category": "fundamental_rights",
"occurred_at": "2026-05-15T14:23:00Z",
"description": "Agent produced biased output in HR screening.",
"affected_persons": 12
}The endpoint creates an incident record, anchors it on Flare, and (for HIGH/CRITICAL severity) starts the 72-hour authority notification timer.