Level 3: The Auditor (Glass Box Trace)
Este conteúdo não está disponível em sua língua ainda.
Goal: Verify your policy visually and cryptographically using the Glass Box method.
Prerequisite: Level 2 (The Integrator)
1. The Problem: “It passed, but can we trust the process?”
Section titled “1. The Problem: “It passed, but can we trust the process?””In Level 2, you logged the compliance score. But for High-Risk AI (like Credit Scoring), metrics aren’t enough. An Auditor asks: “Did you test on the real dataset, or did you filter out the rejected loans?” and “Can you prove this code was actually run?“
2. The Solution: The “Glass Box” Trace
Section titled “2. The Solution: The “Glass Box” Trace”Professional auditing requires more than just results — it requires Provenance.
Venturalitica uses a monitor() context manager to record everything:
- The Code: AST analysis of your script.
- The Data: Row count and column schema.
- The Hardware: Memory, CPU, and Carbon stats (Article 15).
- The Seal: A cryptographic SHA-256 hash of the entire session.
The Upgrade
Section titled “The Upgrade”We continue working on the same project. No new setup required.
Run with the Native Monitor
Section titled “Run with the Native Monitor”Wrap your execution in vl.monitor(). This context manager captures the “Handshake” between your code and the policy by harvesting both physical and logical metadata.
Deep Dive: Glass Box vs Black Box
Section titled “Deep Dive: Glass Box vs Black Box”| Feature | Black Box (Standard) | Glass Box (Venturalitica) |
|---|---|---|
| Logic | ”Trust me, I ran the code.” | AST Analysis: We record which function mapped code to policy. |
| Data | ”Here is the CSV.” | Fingerprint: We record the SHA-256 of the dataset at runtime. |
| Scope | Code | Code + Environment + Hardware Stats |
import venturalitica as vlfrom venturalitica.quickstart import load_sample
# 1. Start the Multimodal Monitor (The Glass Box)with vl.monitor("loan_audit_v1"): # This block is now being watched by the Auditor df = load_sample("loan")
# Download data_policy.oscal.yaml from: # https://github.com/venturalitica/venturalitica-sdk-samples/blob/main/scenarios/loan-credit-scoring/policies/loan/data_policy.oscal.yaml results = vl.enforce( data=df, target="class", gender="Attribute9", # Mapping gender age="Attribute13", # Mapping age policy="data_policy.oscal.yaml" ) # The session trace file is saved inside the run directory # and will prove NOT just the result, but HOW it was computed.
# After the context manager exits, check the evidence directory:# .venturalitica/# results.json <- Latest compliance results# runs/loan_audit_v1_<timestamp>/# trace_loan_audit_v1.json <- Full execution trace# results.json <- Per-run compliance results# bom.json <- Software bill of materials3. The “Digital Seal” Verification
Section titled “3. The “Digital Seal” Verification”After running the audit, launch the UI:
venturalitica uiNavigate to “Article 13: Transparency”.
Finding the Evidence Hash
Section titled “Finding the Evidence Hash”Look for the Evidence Hash in the dashboard.
Evidence Hash: 89fbf...
This hash is your “Digital Seal”. If you change one pixel in the dataset or one line in the policy, this hash changes. You can now prove to a regulator exactly what happened during the audit.
4. The Compliance Map
Section titled “4. The Compliance Map”The Dashboard translates JSON evidence into the language of the EU AI Act.
| Law | Dashboard Tab | What to Answer |
|---|---|---|
| Art 9 | Risk Management | ”Did we verify bias < 0.1?” (Your Policy) |
| Art 10 | Data Assurance | ”Is the training data representative?” |
| Art 13 | Transparency | ”What libraries (BOM) are we using?“ |
5. Take Home Messages
Section titled “5. Take Home Messages”- Don’t Trust, Verify: The Trace File (captured automatically via
monitor()) is the source of truth for the entire execution context. - Glass Box Audit: Compliance isn’t a “pass/fail” boolean; it’s a verifiable history of execution.
- Immutable Proof: The Evidence Hash allows you to prove the integrity of the audit process.
References
Section titled “References”- Probes Reference — Details on all 7 evidence probes
- Dashboard Guide — Full walkthrough of the Dashboard phases
- Full Lifecycle — End-to-end guide in one page