kcp-harness — compliance export demo
1 / 8
Tutorial Steps
1
The Problem Why agents need compliance
2
Audit Log Every decision recorded
3
Run Export One command, full evidence
4
Evidence Bundle Structured output
5
SOC 2 Mapping Trust Services Criteria
6
ISO 27001 Mapping Annex A controls
7
Summary Report Auditor-ready markdown
8
The Big Picture Deterministic compliance

The Problem

AI agents read knowledge. Auditors ask: can you prove what was read, why, and when?
0%
Agents with audit trails
100%
Auditors who ask
5 min
To generate evidence
the auditor's questions
"Which knowledge sources did the agent access?"
"Was access authorized before or after the fact?"
"Did the agent exceed its information budget?"
"Were there any temporal drifts in source material?"
"Can you map agent actions to SOC 2 / ISO 27001 controls?"
kcp-harness answers all of these. Automatically.

The Audit Log

Every tool call through the harness produces an append-only audit event
.kcp-harness/audit.jsonl
// Agent starts a session — harness records it
{"type":"session_start","sessionId":"s-7a3f","timestamp":"2026-07-07T09:00:00Z"}
// Agent calls Read — target is in a governed domain
{"type":"tool_call","outcome":"approved","sessionId":"s-7a3f","sequence":1,
"toolCall":{"name":"Read","args":{"path":"docs/architecture.md"}},
"classification":{"governed":true,"reason":"path matches docs/"},
"governance":{"mode":"auto","reason":"matched unit: architecture-overview"}}
// Agent tries to read outside approved plan — blocked
{"type":"tool_call","outcome":"blocked","sessionId":"s-7a3f","sequence":2,
"toolCall":{"name":"Read","args":{"path":"docs/internal/secrets.md"}},
"classification":{"governed":true,"reason":"path matches docs/"},
"governance":{"mode":"auto","reason":"no matching unit in plan"}}
// Agent calls fetch — not in governed domain, passes through
{"type":"tool_call","outcome":"pass-through","sessionId":"s-7a3f","sequence":3,
"toolCall":{"name":"Bash","args":{"command":"npm test"}},
"classification":{"governed":false,"reason":"not a knowledge-nav tool"}}
// Budget spend recorded
{"type":"budget_spend","sessionId":"s-7a3f","sequence":4,
"budget":{"totals":{"USDC":0.25},"ceiling":{"amount":1.00}}}
{"type":"session_end","sessionId":"s-7a3f","timestamp":"2026-07-07T09:15:00Z"}

Run the Export

One command generates a complete evidence bundle for your auditors
terminal
$ kcp-harness export \
--format both \
--org "Acme Corp" \
--from 2026-07-01 \
--to 2026-07-07 \
--out evidence/
[kcp-harness] exported 14 files to evidence/
[kcp-harness] 847 events, 23 sessions
manifest.json
raw/sessions.json
raw/statistics.json
soc2/CC6.1-logical-access.json
soc2/CC6.3-authorized-access.json
soc2/CC6.6-system-boundaries.json
soc2/CC7.2-monitoring.json
soc2/CC8.1-change-management.json
soc2/summary.md
iso27001/A.8.3-access-restriction.json
iso27001/A.8.4-source-code-access.json
iso27001/A.8.15-logging.json
iso27001/A.8.16-monitoring.json
iso27001/A.5.23-cloud-services.json
audit.jsonl
847 events
kcp-harness export
classify & map
evidence/
14 files

Evidence Bundle

Structured directory with raw data + framework-specific evidence
evidence/
manifest.json — generator, date range, statistics
raw/
sessions.json — all sessions with event counts
statistics.json — aggregate metrics
soc2/ — Trust Services Criteria
CC6.1-logical-access.json
CC6.3-authorized-access.json
CC6.6-system-boundaries.json
CC7.2-monitoring.json
CC8.1-change-management.json
summary.md — auditor-ready report
iso27001/ — Annex A Controls
A.8.3-access-restriction.json
A.8.4-source-code-access.json
A.8.15-logging.json
A.8.16-monitoring.json
A.5.23-cloud-services.json
summary.md — auditor-ready report
manifest.json
{
"generator": "kcp-harness",
"generatedAt": "2026-07-07T12:00:00Z",
"organization": "Acme Corp",
"format": "both",
"dateRange": { "from": "2026-07-01", "to": "2026-07-07" },
"statistics": {
"sessions": 23,
"events": 847,
"governed": 312,
"blocked": 7,
"budgetExceeded": 2,
"drifts": 1,
"signatureBlocked": 3
}
}

SOC 2 Type II Controls

Audit events map deterministically to Trust Services Criteria
CC6.1
Logical Access Controls
Every governed tool call is logged with its classification and authorization decision
312 evidence items
CC6.3
Authorized Access
Plan-first mode ensures access is pre-authorized before execution
198 evidence items
CC6.6
System Boundaries
Every call classified as governed or pass-through — clear boundary enforcement
847 evidence items
CC7.2
Monitoring Activities
All events logged: tool calls, budget spend, temporal drift, session lifecycle
847 evidence items
CC8.1
Change Management
Temporal drifts and plan invalidations tracked as change events
1 evidence items
soc2/CC6.1-logical-access.json (excerpt)
{
"controlId": "CC6.1",
"controlName": "Logical and Physical Access Controls",
"evidenceCount": 312,
"events": [
{
"timestamp": "2026-07-07T09:00:12Z",
"sessionId": "s-7a3f",
"type": "tool_call",
"outcome": "approved",
"detail": "approved: matched unit architecture-overview"
},
...
]
}

ISO 27001 Annex A Controls

The same audit events, mapped to ISO 27001:2022 control objectives
A.8.3
Information Access Restriction
Governed tool calls with classification and authorization decision
312 evidence items
A.8.4
Access to Source Code
Read, Glob, Grep calls in governed domains with access decisions
156 evidence items
A.8.15
Logging
Session lifecycle events — start and end of every agent session
46 evidence items
A.8.16
Monitoring Activities
Anomaly detection: temporal drifts, budget exceeded, blocked access
10 evidence items
A.5.23
Cloud Services Security
Manifest signature verification for supply chain integrity
89 evidence items
Audit Event
type + outcome
Predicate Filter
e.g. governed + Read
A.8.4 Evidence
source code access

Summary Report

Auto-generated markdown report — ready for your compliance team

SOC 2 Type II — Evidence Summary

Organization: Acme Corp
Generated: 2026-07-07T12:00:00Z
Period: 2026-07-01 — 2026-07-07

Overview

MetricValue
Sessions23
Total events847
Governed access attempts312
Blocked7
Budget exceeded2
Temporal drifts1
Signature-blocked3

Controls

ControlNameEvidence
CC6.1Logical Access Controls312
CC6.3Authorized Access198
CC6.6System Boundaries847
CC7.2Monitoring Activities847
CC8.1Change Management1

The Big Picture

Deterministic compliance — from agent action to auditor evidence
13
Gate cascade
2
Frameworks
10
Control mappings
the compliance stack
┌─────────────────────────────────────────────┐
│ Agent (any MCP-capable agent) │
└────────────────────┬────────────────────────┘
│ tool call
┌────────────────────▼────────────────────────┐
│ kcp-harness (MCP proxy) │
│ │
│ classify ─▸ govern ─▸ audit ─▸ respond │
│ │
│ Side outputs: │
│ ├─ audit.jsonl (append-only) │
│ ├─ budget ledger (spend tracking) │
│ └─ temporal watch (drift detection) │
└────────────────────┬────────────────────────┘
│ kcp-harness export
┌────────────────────▼────────────────────────┐
│ Compliance Evidence Bundle │
│ │
│ SOC 2 │ ISO 27001 │
│ CC6.1 CC6.3 │ A.8.3 A.8.4 │
│ CC6.6 CC7.2 │ A.8.15 A.8.16 │
│ CC8.1 │ A.5.23 │
└─────────────────────────────────────────────┘
The agent can't bypass governance. The audit log is append-only.
The evidence is deterministic. The auditor gets proof, not promises.