|
| 1 | +# CRA Compliance mapping |
| 2 | + |
| 3 | +## EU Cyber Resilience Act — Component Mapping |
| 4 | +Mandatory reporting: September 2026 |
| 5 | +Enforcement: December 2027 |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## Core Position |
| 10 | + |
| 11 | +Traditional compliance is a photograph — a snapshot |
| 12 | +of one day in 365. This stack makes compliance |
| 13 | +continuous and cryptographically tamper-proof. |
| 14 | + |
| 15 | +Every agent action is signed, chained, and audit-ready |
| 16 | +the moment it happens — not the week before an auditor |
| 17 | +arrives. The audit trail operates on the same continuous |
| 18 | +timeline as the adversary. |
| 19 | + |
| 20 | +--- |
| 21 | + |
| 22 | +## Component Mapping to CRA Requirements |
| 23 | + |
| 24 | +### Vulnerability Reporting (Article 11) |
| 25 | +**Component: TrailStax** |
| 26 | +Every gate interaction — pass or deny — is committed |
| 27 | +to an append-only hash-chained audit log with reason |
| 28 | +codes. Vulnerability attempts are logged automatically |
| 29 | +with full context at the moment they occur, not |
| 30 | +reconstructed after the fact. |
| 31 | + |
| 32 | +### Software Supply Chain Security (Article 13) |
| 33 | +**Component: TrailStax guardian.py** |
| 34 | +Pre-install verification and package allowlist |
| 35 | +enforcement for all Python dependencies. Every |
| 36 | +package installation is verified against a |
| 37 | +Redis-backed registry before being permitted. |
| 38 | +Unapproved packages are blocked and logged. |
| 39 | + |
| 40 | +### Access Control and Authentication (Article 13) |
| 41 | +**Component: RealAgentID + ragid_gate** |
| 42 | +Cryptographic keypair authentication with TTL |
| 43 | +enforcement, nonce-based replay attack prevention, |
| 44 | +scope-gate binding, uniform error responses, and |
| 45 | +Redis-backed rate limiting. Two independent |
| 46 | +verification factors required for every agent action. |
| 47 | + |
| 48 | +### Incident Logging (Article 14) |
| 49 | +**Component: TrailStax + ragid_gate** |
| 50 | +Every gate result — authorized or denied — is |
| 51 | +committed to the audit chain with agent identity, |
| 52 | +requested gate, decision, reason code, and timestamp. |
| 53 | +Deny reasons include: keypair_invalid, ttl_expired, |
| 54 | +scope_sig_invalid, nonce_replayed, wrong_gate, |
| 55 | +rate_limited, trail_commit_failed. |
| 56 | + |
| 57 | +### Secure by Default (Article 13) |
| 58 | +**Component: ragid_gate** |
| 59 | +Deny by default at every check. If the audit chain |
| 60 | +is unavailable, nothing gets through. Valid credentials |
| 61 | +at the wrong gate are denied. Rate limiting engages |
| 62 | +before verification compute is spent. Explicit deny |
| 63 | +always beats permitted. |
| 64 | + |
| 65 | +### Software Integrity (Article 13) |
| 66 | +**Component: Ira-Digital-Blueprints + TrailStax** |
| 67 | +Every blueprint is provenance-hashed at generation |
| 68 | +time and committed to TrailStax. Hash is verified |
| 69 | +at application time. Mismatch results in deny and |
| 70 | +quarantine entry. Training data only enters pipelines |
| 71 | +from verified agent sources — enforced at the gate |
| 72 | +level, not by policy. |
| 73 | + |
| 74 | +--- |
| 75 | + |
| 76 | +## Continuous Compliance vs Point-in-Time |
| 77 | + |
| 78 | +Point-in-time audits capture one day in 365. |
| 79 | +This stack generates compliance evidence |
| 80 | +automatically at every agent action. |
| 81 | + |
| 82 | +Key properties: |
| 83 | +- Hash-chained entries cannot be altered retroactively |
| 84 | +- Deletion is recorded as a tombstone, not a silent gap |
| 85 | +- Audit evidence exists before the auditor asks for it |
| 86 | +- Non-compliance is as permanently recorded as compliance |
| 87 | + |
| 88 | +--- |
| 89 | + |
| 90 | +## Known Limitations |
| 91 | + |
| 92 | +**Right to Erasure** |
| 93 | +GDPR Article 17 and CRA create tension with |
| 94 | +immutable audit chains. Mitigation: TTL-based |
| 95 | +retention with erasure tombstones — deletions |
| 96 | +are recorded as chain entries rather than silent |
| 97 | +gaps. Chain integrity is preserved. Planned |
| 98 | +implementation in TrailStax roadmap. |
| 99 | + |
| 100 | +**Insider Threat** |
| 101 | +Cryptographic verification confirms agent identity, |
| 102 | +not the integrity of the human who issued the |
| 103 | +credential. A compromised credential issuer can |
| 104 | +generate legitimate-looking trail entries. |
| 105 | +Mitigation: agent lineage registry and behavioral |
| 106 | +attestation via reasoning.py — planned roadmap items. |
| 107 | + |
| 108 | +**Infrastructure Dependency** |
| 109 | +Hard deny-by-default means TrailStax or Redis |
| 110 | +outages halt agent activity. This is the correct |
| 111 | +security posture but requires careful SLA design |
| 112 | +for production deployments. |
| 113 | + |
| 114 | +**Clock Skew** |
| 115 | +TTL relies on system time. Mitigation: server-side |
| 116 | +timestamp validation and NTP enforcement — planned |
| 117 | +roadmap item. |
| 118 | + |
| 119 | +--- |
| 120 | + |
| 121 | +## Framework Alignment |
| 122 | + |
| 123 | +- SLSA Level 2+ — provenance and build integrity |
| 124 | +- SOC 2 Type II — continuous control monitoring |
| 125 | +- NIST SSDF — secure development framework |
| 126 | +- EU CRA — mandatory reporting and supply chain |
| 127 | +- GDPR — erasure tombstone pattern |
| 128 | +- ISO 27001 — access control and audit logging |
| 129 | + |
| 130 | +--- |
| 131 | + |
| 132 | +*This document covers ragid_gate, RealAgentID, |
| 133 | +TrailStax, and Ira-Digital-Blueprints collectively. |
| 134 | +Each repo's COMPLIANCE.md contains the shared |
| 135 | +cross-system authorization invariant.* |
0 commit comments