A flight recorder for every AI call your ministry, bank, or university makes.
Wrap any function that touches an AI model with one line of TypeScript. eventParity captures the call, masks declared identifiers in the browser, and writes a tamper-evident audit row keyed to your organisation, ready for an NITDA, NDPA, or EU AI Act regulator to read.
Built for organisations answerable to a regulator.
A federal ministry or state digital-economy department piloting AI on regulated citizen data. You need NITDA AI Code §7.2 non-repudiation evidence on every model call, not retrospectively reconstructed from logs.
Banks, insurers, hospitals, universities. NDPA Section 25 lawful-basis evidence, model cards, and cross-border transfer attestations are due to your DPO this quarter and the dev team is the bottleneck.
You run on-prem or in a national cloud (Galaxy Backbone, Rack Centre) and your governance plane has to live behind the same firewall as your data and models. The Fabric runs against your own collector URL.
What you wrap, in twelve lines.
// Illustrative — see /docs/fabric/quickstart for a runnable version.
import { govern } from './lib/eventparity/sdk';
const callModel = async (prompt: string) => {
return await myLLM.complete(prompt);
};
const governed = govern(callModel, {
domainId: '<your-organisation-uuid>',
piiFields: ['patient_name', 'phone_number'],
});
await governed('Summarise the visit history for patient X.');
// Heartbeat lands in your Governance Hub with PII hashed, not raw.The SDK is not yet on npm. Your engineers copy src/lib/eventparity/sdk.ts into their repo, point a Supabase client at the eventParity collector, and they’re recording. The authenticated Integrate panel in your dashboard pre-fills your real organisation UUID and sends a test heartbeat in one click.
Live evidence, not reconstructed logs.
Live heartbeats
Every wrapped call lands in the Governance Hub Live Feed in real time, scoped to your organisation. No batching, no daily ETL.
Versioned data contracts
The first time the Fabric sees a new function shape it auto-registers a contract at version 1. The next shape change mints version 2, an honest schema-drift audit trail without a manual cataloguing step.
Evidence pack on demand
Heartbeats and contracts feed the NITDA AI Code, EU AI Act, and NDPA evidence packs already shipping in eventParity. Regenerate the CSV + Markdown bundle from the Compliance tab whenever an inspector asks.
What we promise, and what we don’t.
- PII hashing is org-scoped, not secret-keyed. Values for keys you list in
piiFieldsare HMAC-SHA-256 hashed in the browser, keyed by your organisation UUID (or an explicitsaltyou supply). Different tenants produce different digests, so a global rainbow table will not match across orgs. The organisation UUID is observable in network traces, treat it as a namespace, not a secret. - Free-text PII is your responsibility. A name embedded inside a sentence, or a NIN inside a stack trace, will not be auto-detected. Pre-redact anything you would not want a regulator to read. The collector applies a server-side scrubber for Bearer tokens, API keys, and direct identifiers as a second line of defence, not a substitute for the first.
- The collector is tamper-evident. Once a heartbeat is written it cannot be altered or deleted, enforced at the database layer. Audit evidence does not get rewritten.
- Cross-tenant writes are blocked. Every heartbeat is bound to the JWT-verified organisation membership, not to a body-supplied identifier.
- What we do not yet ship: a published npm package, FastAPI / Express / Deno wrappers, an “ep-local” Docker image, or pre-built NDX endpoint adapters. These are roadmap, not shipping. We will not pretend otherwise.