Skip to main content

Compliance

The compliance engine provides audit trails, data provenance tracking, model cards, regulatory reports, and certification tokens for teams operating in regulated environments.
All compliance features require an Enterprise tier subscription. API calls on lower tiers return 403 Forbidden.

Audit Trail

Every significant action in your Lucitra project is automatically recorded as an immutable audit event. No setup is required — events are captured as soon as you use the platform.

Recorded Events

Event TypeTriggered When
dataset.createdA new dataset is created
validation.startedA validation run begins
report.pdf_exportedA report is exported as PDF
compliance_report.createdA compliance report is generated
provenance.createdA provenance record is attached to a dataset
model_card.createdA model card is created
certification_token.createdA certification token is issued
certification_token.revokedA certification token is revoked
drift_check.startedA drift detection check begins
revalidation_trigger.createdA revalidation trigger is configured

Query Audit Events

curl "https://api.lucitra.io/v1/audit/events?event_type=validation.started&resource_type=dataset&since=2026-01-01&until=2026-03-06&limit=50" \
  -H "Authorization: Bearer luci_your_api_key"
event_type
string
Filter by event type (e.g., validation.started). Omit to return all types.
resource_type
string
Filter by resource type (e.g., dataset, report, model_card).
since
string
Start date in YYYY-MM-DD format.
until
string
End date in YYYY-MM-DD format.
limit
integer
default:"50"
Maximum number of events to return.

Provenance

Provenance records link each dataset to the exact simulation parameters, random seeds, source code, and environment used to generate it. This creates a complete reproducibility chain from raw data back to its origin.

Record Provenance

curl -X POST https://api.lucitra.io/v1/provenance \
  -H "Authorization: Bearer luci_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "dataset_id": "ds_7kx9m2",
    "simulator": "isaac-sim",
    "simulator_version": "4.5.0",
    "generation_params": {
      "domain_randomization": true,
      "lighting_variation": "high",
      "object_density": 0.7
    },
    "random_seeds": [42, 1337, 9001],
    "content_hash": "sha256:a1b2c3d4e5f6...",
    "source_repo": "https://github.com/acme/sim-scenes",
    "source_commit": "abc123def456",
    "host_info": {
      "gpu": "A100-80GB",
      "driver": "535.129.03",
      "os": "Ubuntu 22.04"
    }
  }'
dataset_id
string
required
The dataset to attach provenance to.
simulator
string
required
Name of the simulator used (e.g., isaac-sim, carla, unity).
simulator_version
string
required
Version string of the simulator.
generation_params
object
required
The simulation parameters used to generate this dataset. Structure is freeform.
random_seeds
array
required
Random seeds used during generation, enabling exact reproducibility.
content_hash
string
required
Cryptographic hash of the dataset contents for integrity verification.
source_repo
string
URL of the source repository containing scene definitions.
source_commit
string
Git commit SHA of the source code used during generation.
host_info
object
Hardware and software environment details of the generation host.

Get Provenance Chain

Retrieve the full ordered provenance chain for a dataset. If the dataset was derived from other datasets, the chain includes all ancestors. 
curl "https://api.lucitra.io/v1/provenance/ds_7kx9m2" \
  -H "Authorization: Bearer luci_your_api_key"

Model Cards

Model cards document the relationship between training data, validation results, and the models trained on that data. They provide a structured record for internal review and regulatory submissions.

Create a Model Card

curl -X POST https://api.lucitra.io/v1/model-cards \
  -H "Authorization: Bearer luci_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_abc123",
    "name": "warehouse-perception-v3",
    "report_ids": ["rpt_8abc1234", "rpt_9def5678"],
    "training_metadata": {
      "model_architecture": "yolov8-l",
      "framework": "ultralytics",
      "epochs": 300,
      "final_map50": 0.89
    }
  }'
project_id
string
required
The project this model card belongs to.
name
string
required
A descriptive name for this model card.
report_ids
array
required
Validation report IDs to include. Links the model card to specific data quality assessments.
training_metadata
object
required
Training configuration and results. Structure is freeform but should include architecture, framework, and performance metrics.

Retrieve and List Model Cards

curl "https://api.lucitra.io/v1/model-cards/mc_xyz789" \
  -H "Authorization: Bearer luci_your_api_key"

Compliance Reports

Generate regulatory compliance reports that map your validation results against specific standards. Reports are generated asynchronously and returned as downloadable documents.

Supported Standards

EU AI Act

European Union Artificial Intelligence Act. Required for high-risk AI systems deployed in the EU.

FDA 21 CFR Part 11

FDA regulations for electronic records and signatures. Required for medical device AI.

ISO 26262

Functional safety standard for road vehicles. Required for automotive ADAS and AV systems.

Generate a Compliance Report

curl -X POST https://api.lucitra.io/v1/compliance/report \
  -H "Authorization: Bearer luci_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "proj_abc123",
    "reportIds": ["rpt_8abc1234", "rpt_9def5678"],
    "format": "pdf",
    "standard": "eu_ai_act"
  }'
projectId
string
required
The project to generate the compliance report for.
reportIds
array
required
Validation report IDs to include in the compliance assessment.
format
string
required
Output format. Currently pdf is supported.
standard
string
required
Regulatory standard to assess against. One of eu_ai_act, fda_21cfr11, or iso_26262.
Compliance report generation returns 202 Accepted. Poll the report status or use a webhook to be notified when it is ready.

List, Get, and Download

curl "https://api.lucitra.io/v1/compliance/reports?project_id=proj_abc123" \
  -H "Authorization: Bearer luci_your_api_key"
The download endpoint returns a 307 redirect to a time-limited signed GCS URL. Use -L in cURL or allow_redirects=True in Python to follow the redirect automatically.

Certification Tokens

Certification tokens provide time-limited, read-only access to a compliance report without requiring API authentication. Use them to share audit-ready reports with external auditors, regulators, or certification bodies.

Create a Certification Token

curl -X POST https://api.lucitra.io/v1/certification/tokens \
  -H "Authorization: Bearer luci_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "compliance_report_id": "cr_abc123",
    "name": "TUV-audit-march-2026",
    "expires_in_hours": 168,
    "max_access_count": 10,
    "auditor_name": "Dr. Maria Schmidt",
    "auditor_email": "m.schmidt@tuv.com"
  }'
compliance_report_id
string
required
The compliance report to grant access to.
name
string
required
A descriptive name for tracking this token (e.g., the audit or auditor name).
expires_in_hours
integer
required
Token validity period in hours. Must be between 1 and 720 (30 days).
max_access_count
integer
Maximum number of times the token can be used. Null for unlimited access within the expiry window.
auditor_name
string
Name of the auditor or recipient for audit trail purposes.
auditor_email
string
Email of the auditor or recipient for audit trail purposes.
{
  "id": "ctk_m2n3o4p5",
  "token": "cert_a1b2c3d4e5f6g7h8i9j0",
  "prefix": "cert_a1b2",
  "expires_at": "2026-03-13T12:00:00Z"
}
id
string
required
Token identifier for management operations.
token
string
required
The full certification token. Starts with cert_. Shown only once at creation time.
prefix
string
required
A short prefix for identifying the token without exposing the full value.
expires_at
string
required
ISO 8601 timestamp when the token expires.
The token value is only returned at creation time. Store it securely and share it with the auditor through a secure channel. There is no way to retrieve the full token after this response.

Public Report Access

Auditors access the compliance report using the token directly in the URL. No API key or authentication is required. 
curl "https://api.lucitra.io/v1/certification/reports/cert_a1b2c3d4e5f6g7h8i9j0"
Share the full URL with auditors. They can open it directly in a browser to view the compliance report without needing a Lucitra account or API key.