PalveronPalveronDocs

Compliance Reports

Generate Annex IV-oriented PDF documentation in one call.

Compliance reports bundle the evidence an auditor expects — project metadata, compliance score, agent inventory, policy catalogue, trace statistics, blockchain anchoring configuration, retention posture — into a single PDF.

Generate a report

curl https://gateway.palveron.com/api/v1/compliance/report \
  -H "Authorization: Bearer pv_live_..." \
  -G --data-urlencode "from=2026-01-01" --data-urlencode "to=2026-03-31" \
  -o compliance-report.pdf
QueryDefaultValues
from— (optional)ISO 8601 date — start of the trace date range
to— (optional)ISO 8601 date — end of the trace date range

The report always covers all frameworks active on the project; there is no per-framework or per-agent filter. from/to scope the trace statistics — omit both for an all-time report. Invalid dates return 400 (never a silently widened scope). The endpoint requires the compliance_report_pdf entitlement (403 feature_not_entitled otherwise) and streams application/pdf.

Contents

SectionSource
Project metadataProject name, id, environment, tier
Compliance scoreThe same weighted 5-dimension calculation the dashboard shows, with per-dimension breakdown
Trace statisticsTotals, blocked, modified, anchored — scoped by from/to
Agent inventoryRegistered agents with type and risk classification
Policy catalogueActive policies
Recent tracesLatest governance decisions with provenance
Blockchain anchoringFlare network, contract, wallet, anchor interval
Data retentionThe project's resolved retention posture (configured value + tier cap)
NGE architectureThe deployed analysis pipeline and escalation posture
Regulatory timelineEU AI Act obligations already in force vs. scheduled

Every statement in the report is backed by the deployed code or the live database — regulatory dates come from the sourced regulatory timeline, retention from the same resolution the retention worker enforces, and the score from the dashboard's calculation. Nothing is hand-maintained.

Incident reports are filed and listed via the Compliance API (POST /api/v1/compliance/incidents); for exportable audit evidence beyond the PDF, see GET /api/v1/compliance/evidence-package and the CSV export in the Traces API.

On this page