You can’t govern what
you can’t see.
SpanForge is the compliance and governance platform for agentic AI systems. Structured RFC-0001 events, HMAC-signed audit chains, PII redaction, and regulatory evidence packages — provable compliance before auditors or incidents find the problem first.
See it in action.
Three scenarios. Three ways SpanForge generates compliance evidence that your dashboards miss. Switch between tabs to explore — consent records, audit chain verification, and PII redaction events.
These are representative examples. Real output varies by agent configuration and playbook definitions.
Everything production AI needs.
Structured compliance events
Every LLM call, tool invocation, decision, and guardrail check is recorded as a typed RFC-0001 event — a structured envelope with required fields, audit metadata, and schema-validated payloads.
HMAC-SHA256 audit chains
Every emitted event is cryptographically signed with HMAC-SHA256 and chained to its predecessor via prev_id. Verifying the chain proves the event stream has not been modified, reordered, or truncated.
PII redaction before export
First-class PII detection and redaction via the llm.redact.* namespace. Sensitivity levels, custom redaction policies, and field-level re-identification risk — before any event reaches a backend.
Regulatory framework mapping
ComplianceMappingEngine maps events to obligations under EU AI Act, GDPR, SOC 2, ISO 42001, and NIST AI RMF. HMAC-signed evidence packages are generated on demand for auditors and regulators.
Schema governance
Consumer registry, deprecation tracking, and schema migration tooling. Block or warn on disallowed event types, declare schema dependencies, and ensure every consumer is compatible before you ship.
Export to any backend
OTLP, Webhook, JSONL, Datadog, Grafana Loki, and Cloud export backends. EventStream multiplexer with Apache Kafka support for streaming compliance pipelines.
Up and running in an afternoon.
Instrument
pip install spanforge and emit RFC-0001 events from every LLM call, tool invocation, and decision point. Zero required dependencies.
Sign
Every event carries an HMAC-SHA256 signature chained to the previous — tamper-evident audit trail by design, not by configuration.
Validate
Run spanforge validate in CI. Catch non-compliant events, schema violations, and broken audit chains at build time — not post-incident.
Prove
ComplianceMappingEngine generates HMAC-signed evidence packages mapped to EU AI Act, GDPR, SOC 2, ISO 42001, and NIST AI RMF.
Built for regulated, high-stakes AI.
Financial services
Credit decisions, fraud detection, customer communication agents, AML monitoring.
Healthcare
Clinical decision support, triage routing, patient-facing assistants, prior authorisation agents.
Legal & compliance
Contract analysis, regulatory monitoring, compliance automation, document review agents.
Operations & Automation
Procurement automation, HR decision support, internal knowledge agents, IT service automation.
The complete SpanForge stack.
From the open standard to the production SDK and developer tooling — every layer of the compliance stack is documented and ready to use.
RFC-0001 SPANFORGE
The schema specification at the core of the ecosystem. Defines the event envelope, 15 compliance & governance namespaces, HMAC audit chains, and four conformance profiles. Open and vendor-neutral.
Read the standard →SpanForge SDKpip install spanforge
The reference implementation. pip-installable, zero required dependencies, covers all 15 namespaces with quickstart, integrations, and a full CLI.
Explore the SDK →Developer ToolSpanForge Debug
Inspect, replay, and visualise SpanForge traces. Timeline views, span trees, tool-call analysis, cost attribution, and trace diffing for debugging production behaviour.
Explore SpanForge Debug →Compliance ToolSpanForge Validate
Reference validation CLI and Python SDK. Validate JSON/JSONL event streams against the SPANFORGE schema, verify HMAC chains, and integrate into CI pipelines for compliance gating.
Explore SpanForge Validate →Know what your AI is doing. Always.
SpanForge is the compliance and governance platform for agentic AI systems. Instrument, sign, validate, and prove compliance from day one.