Compliance Reports
Generate Annex IV-oriented PDF documentation in one call.
Compliance reports bundle the evidence an auditor expects — project metadata, compliance score, agent inventory, policy catalogue, trace statistics, blockchain anchoring configuration, retention posture — into a single PDF.
Generate a report
curl https://gateway.palveron.com/api/v1/compliance/report \
-H "Authorization: Bearer pv_live_..." \
-G --data-urlencode "from=2026-01-01" --data-urlencode "to=2026-03-31" \
-o compliance-report.pdf| Query | Default | Values |
|---|---|---|
from | — (optional) | ISO 8601 date — start of the trace date range |
to | — (optional) | ISO 8601 date — end of the trace date range |
The report always covers all frameworks active on the project; there is no per-framework or per-agent filter. from/to scope the trace statistics — omit both for an all-time report. Invalid dates return 400 (never a silently widened scope). The endpoint requires the compliance_report_pdf entitlement (403 feature_not_entitled otherwise) and streams application/pdf.
Contents
| Section | Source |
|---|---|
| Project metadata | Project name, id, environment, tier |
| Compliance score | The same weighted 5-dimension calculation the dashboard shows, with per-dimension breakdown |
| Trace statistics | Totals, blocked, modified, anchored — scoped by from/to |
| Agent inventory | Registered agents with type and risk classification |
| Policy catalogue | Active policies |
| Recent traces | Latest governance decisions with provenance |
| Blockchain anchoring | Flare network, contract, wallet, anchor interval |
| Data retention | The project's resolved retention posture (configured value + tier cap) |
| NGE architecture | The deployed analysis pipeline and escalation posture |
| Regulatory timeline | EU AI Act obligations already in force vs. scheduled |
Every statement in the report is backed by the deployed code or the live database — regulatory dates come from the sourced regulatory timeline, retention from the same resolution the retention worker enforces, and the score from the dashboard's calculation. Nothing is hand-maintained.
Incident reports are filed and listed via the Compliance API (POST /api/v1/compliance/incidents); for exportable audit evidence beyond the PDF, see GET /api/v1/compliance/evidence-package and the CSV export in the Traces API.