Level 3: The Auditor (Glass Box Trace)

Este conteúdo não está disponível em sua língua ainda.

Goal: Verify your policy visually and cryptographically using the Glass Box method.

Prerequisite: Level 2 (The Integrator)

1. The Problem: “It passed, but can we trust the process?”

In Level 2, you logged the compliance score. But for High-Risk AI (like Credit Scoring), metrics aren’t enough. An Auditor asks: “Did you test on the real dataset, or did you filter out the rejected loans?” and “Can you prove this code was actually run?“

2. The Solution: The “Glass Box” Trace

Professional auditing requires more than just results — it requires Provenance.

Venturalitica uses a monitor() context manager to record everything:

The Code: AST analysis of your script.
The Data: Row count and column schema.
The Hardware: Memory, CPU, and Carbon stats (Article 15).
The Seal: A cryptographic SHA-256 hash of the entire session.

The Upgrade

We continue working on the same project. No new setup required.

Run with the Native Monitor

Wrap your execution in vl.monitor(). This context manager captures the “Handshake” between your code and the policy by harvesting both physical and logical metadata.

Deep Dive: Glass Box vs Black Box

Feature	Black Box (Standard)	Glass Box (Venturalitica)
Logic	”Trust me, I ran the code.”	AST Analysis: We record which function mapped code to policy.
Data	”Here is the CSV.”	Fingerprint: We record the SHA-256 of the dataset at runtime.
Scope	Code	Code + Environment + Hardware Stats

import venturalitica as vl
from venturalitica.quickstart import load_sample

# 1. Start the Multimodal Monitor (The Glass Box)
with vl.monitor("loan_audit_v1"):
    # This block is now being watched by the Auditor
    df = load_sample("loan")

    # Download data_policy.oscal.yaml from:
    # https://github.com/venturalitica/venturalitica-sdk-samples/blob/main/scenarios/loan-credit-scoring/policies/loan/data_policy.oscal.yaml
    results = vl.enforce(
        data=df,
        target="class",
        gender="Attribute9",  # Mapping gender
        age="Attribute13",    # Mapping age
        policy="data_policy.oscal.yaml"
    )
    # The session trace file is saved inside the run directory
    # and will prove NOT just the result, but HOW it was computed.

# After the context manager exits, check the evidence directory:
# .venturalitica/
#   results.json                                        <- Latest compliance results
#   runs/loan_audit_v1_<timestamp>/
#     trace_loan_audit_v1.json                          <- Full execution trace
#     results.json                                      <- Per-run compliance results
#     bom.json                                          <- Software bill of materials

3. The “Digital Seal” Verification

After running the audit, launch the UI:

venturalitica ui

Navigate to “Article 13: Transparency”.

Finding the Evidence Hash

Look for the Evidence Hash in the dashboard. Evidence Hash: 89fbf...

This hash is your “Digital Seal”. If you change one pixel in the dataset or one line in the policy, this hash changes. You can now prove to a regulator exactly what happened during the audit.

4. The Compliance Map

The Dashboard translates JSON evidence into the language of the EU AI Act.

Law	Dashboard Tab	What to Answer
Art 9	Risk Management	”Did we verify bias < 0.1?” (Your Policy)
Art 10	Data Assurance	”Is the training data representative?”
Art 13	Transparency	”What libraries (BOM) are we using?“

5. Take Home Messages

Don’t Trust, Verify: The Trace File (captured automatically via monitor()) is the source of truth for the entire execution context.
Glass Box Audit: Compliance isn’t a “pass/fail” boolean; it’s a verifiable history of execution.
Immutable Proof: The Evidence Hash allows you to prove the integrity of the audit process.

References

Probes Reference — Details on all 7 evidence probes
Dashboard Guide — Full walkthrough of the Dashboard phases
Full Lifecycle — End-to-end guide in one page

Go to Level 4: The Architect