Agent Governance Evidence Pack

Evidence for
AI-agent change governance.

Roam exports a tamper-evident record of every agent code change: which agent touched what, what context it read, which risks it accepted vs mitigated, who authorized risky edits, and which tests closed the loop. The pack maps to SOC 2 CC8.1, ISO/IEC 42001, NIST AI RMF, and EU AI Act Article 12 controls — evidence support, not certification.

Read the sample report See the eight questions

Built on the free Apache 2.0 CLI · Evidence stays on your machine and hash-verifies offline · Tamper-evident ledger (HMAC-chained) · Optional in-toto v1 attestation, verifiable offline with cosign

What's in the pack

Five evidence types, one bundle, all generated from the local ledger Roam already keeps when agents run against the CLI or MCP server. Nothing to instrument; the substrate is already in the free CLI.

1. Which agents changed what Per-run ledger: agent identity, model, session, repo SHA at start/end, every command executed, every file touched. Sourced from roam runs with HMAC chain verification.

2. What context each agent read Proof bundle records the symbols, files, and graph queries the agent consumed before editing — roam preflight, roam impact, roam context calls all logged with their results, timestamps, and bundle handles.

3. Risks accepted vs mitigated For each risky edit: the gate verdict (preflight blast radius, complexity, fitness), whether the agent acted on it or overrode it, and the test or critique result that supported the decision. roam pr-bundle emit closes the bundle with the explicit risk ledger.

4. Authorization trail for risky edits When the constitution requires human authorization (autonomous_pr mode disabled, or a policy clause triggered), the lease record names the human approver, the authorized scope, and the timestamp. Re-runs are blocked until a new lease is claimed.

5. Test closure per risk Each risk entry in the bundle links to the test run that closed it — either a pre-existing test the change preserved, or a new test the agent added. Bundles failing to close a high-severity risk are marked partial_success: true and surface in the report.

+ Replay narrative roam replay <run_id> renders the full transcript as a human-readable narrative — useful when a reviewer or auditor wants the story behind a specific PR without reading the raw JSON ledger.

All five evidence types ship as JSON (machine-readable), Markdown (human-readable), and an optional in-toto v1 attestation (cryptographically verifiable offline with cosign).

The eight evidence questions

Every Roam audit answers eight axes about an AI-assisted code change. The pack covers all eight; the sample report shows worked coverage with per-axis evidence rows, and evidence-checklist.md names the exact command for each axis.

Q1. Who acted? Per-run agent identity, model, MCP client id, and git author from roam runs show.

Q2. What authority existed? Mode, permits, leases, and policy decisions from roam mode, roam permit, roam lease.

Q3. What context was read? Pre-edit commands, symbols, and files from the bundle's context_read block.

Q4. What changed? Diff hash, commit SHA, and affected symbols from roam diff + roam pr-risk.

Q5. What could break? Blast radius and findings from roam preflight, roam impact, roam critique.

Q6. What policy applied? Rules config hash, constitution hash, and policy-decision events from roam runs show.

Q7. What verified it? Required vs run tests from the bundle's tests_required[] / tests_run[] reconciliation.

Q8. Who accepted risk? Authorizer and accepted-risk records from the bundle's approvals[] / accepted_risks[] arrays. Approvals recorded outside the substrate surface as redactions[].reason = "producer_not_available".

Sample report

Read the full Governance Pack sample report (schema governance-pack/1.0) for a complete deliverable example, with the eight-question coverage table, worked control-mapping, recommended next steps, and disclaimer block. Reproduce the same artifact extraction on your own repo with evidence-checklist.md; for the control map and wording-discipline rules, see control-mapping-README.md. The companion PR Replay sample covers merged-history detector replay (no run ledger required). For a redacted draft on your repository, email hello@roam-code.com.

1 Generate locally. Run roam runs verify, roam pr-bundle emit --strict, and roam agent-score against an indexed repo, then feed the JSON envelopes through the render template. The substrate lives in src/roam/runs/, src/roam/pr_bundle/, and src/roam/evidence/.
2 Optional founder review. Commission a written report against your last 30 or 90 agent runs the same way the PR Replay engagement is structured. Same engine, same temporary-clone handling, same DPA, same no-training commitment.
3 Hand to your auditor. The pack lands as Markdown + PDF + signed JSON. The reviewer can verify the HMAC chain on the ledger and the cosign signature on each bundle without contacting us. The IP is yours; share it inside the audit scope without restriction.

Control mapping

Roam evidence to the controls auditors look for. The mapping documents what the pack supports; it does not claim formal conformity with any framework. Your auditor judges fit for your scope.

Roam evidence types mapped to SOC 2 CC8.1, ISO/IEC 42001, NIST AI RMF, and EU AI Act Article 12.
Roam evidence	SOC 2 CC8.1	ISO/IEC 42001	NIST AI RMF	EU AI Act Art. 12
Per-run ledger (HMAC-chained agent timeline)	CC8.1 change tracking	A.8.3 operational records	Govern 1.4, Map 4.1	Automatic record-keeping
Proof bundle (context the agent read)	CC8.1 change rationale	A.6.2.2 design rationale	Measure 2.8 traceability	Traceability of decisions
Risk ledger (accepted vs mitigated)	CC3.2 risk identification	A.5.4 risk treatment	Manage 1.3 risk response	Risk-management evidence
Authorization trail (leases + mode gates)	CC6.3 access authorization	A.6.1.2 authorization	Govern 2.1 roles	Human-oversight evidence
Test closure per risk	CC8.1 change verification	A.8.4 verification	Measure 2.5 validation	Post-change verification
in-toto v1 attestation + cosign signature	CC7.2 evidence integrity	A.8.5 evidence integrity	Measure 2.7 integrity	Tamper-evident logs

Framework references: SOC 2 Trust Services Criteria (AICPA, 2017 with 2022 revisions); ISO/IEC 42001:2023 AI management system; NIST AI Risk Management Framework 1.0 (Jan 2023); EU Regulation 2024/1689 (AI Act), Article 12 "Record-keeping". Mapping is for evidence support; your conformity assessment is a separate engagement with qualified counsel and auditors.

Evidence support, not certification Roam Code provides evidence-export and control-mapping support for AI-agent change governance. This is evidence support, not formal certification. Roam does not perform compliance attestation; consult qualified counsel and auditors for formal certification against any framework.

Article 12 framing EU AI Act Article 12 (record-keeping) attaches to providers of high-risk AI systems listed in Annex III. Code-generation tooling is not itself in Annex III. If your own product is a high-risk AI system, the pack's tamper-evident ledger is useful evidence for the Article 12 record-keeping expectation and the Article 14 human-oversight expectation. The classification call is for you and your DPO.

Scope The pack documents what an agent did against the local repository. It does not cover model-training evidence, dataset provenance, or production runtime behaviour. Those are outside Roam's measurement surface and require separate evidence.

EU-based, GDPR-native Built in Athens. Made in the EU. The CLI runs entirely on your machine; nothing leaves the local environment. See the security policy, the trust & compliance posture page for current certification status, DPA, and roadmap posture, the security & procurement packet for the DPA, no-training commitment, and supply-chain posture, and architecture docs for what runs where. Tier pricing on /pricing.

Commission a written Governance Evidence Pack against your last 30 or 90 agent runs, or request a redacted sample on a real repository. Email hello@roam-code.com — same engagement shape as the PR Replay service, same DPA, same no-training commitment.