Compliance
The compliance engine provides audit trails, data provenance tracking, model cards, regulatory reports, and certification tokens for teams operating in regulated environments.
All compliance features require an Enterprise tier subscription. API calls on lower tiers return 403 Forbidden .
Audit Trail
Every significant action in your Lucitra project is automatically recorded as an immutable audit event. No setup is required — events are captured as soon as you use the platform.
Recorded Events
Event Type Triggered When dataset.createdA new dataset is created validation.startedA validation run begins report.pdf_exportedA report is exported as PDF compliance_report.createdA compliance report is generated provenance.createdA provenance record is attached to a dataset model_card.createdA model card is created certification_token.createdA certification token is issued certification_token.revokedA certification token is revoked drift_check.startedA drift detection check begins revalidation_trigger.createdA revalidation trigger is configured
Query Audit Events
curl "https://api.lucitra.io/v1/audit/events?event_type=validation.started&resource_type=dataset&since=2026-01-01&until=2026-03-06&limit=50" \
-H "Authorization: Bearer luci_your_api_key"
import requests
resp = requests.get(
"https://api.lucitra.io/v1/audit/events" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
params = {
"event_type" : "validation.started" ,
"resource_type" : "dataset" ,
"since" : "2026-01-01" ,
"until" : "2026-03-06" ,
"limit" : 50 ,
},
)
events = resp.json()
Filter by event type (e.g., validation.started). Omit to return all types.
Filter by resource type (e.g., dataset, report, model_card).
Start date in YYYY-MM-DD format.
End date in YYYY-MM-DD format.
Maximum number of events to return.
Provenance
Provenance records link each dataset to the exact simulation parameters, random seeds, source code, and environment used to generate it. This creates a complete reproducibility chain from raw data back to its origin.
Record Provenance
curl -X POST https://api.lucitra.io/v1/provenance \
-H "Authorization: Bearer luci_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"dataset_id": "ds_7kx9m2",
"simulator": "isaac-sim",
"simulator_version": "4.5.0",
"generation_params": {
"domain_randomization": true,
"lighting_variation": "high",
"object_density": 0.7
},
"random_seeds": [42, 1337, 9001],
"content_hash": "sha256:a1b2c3d4e5f6...",
"source_repo": "https://github.com/acme/sim-scenes",
"source_commit": "abc123def456",
"host_info": {
"gpu": "A100-80GB",
"driver": "535.129.03",
"os": "Ubuntu 22.04"
}
}'
resp = requests.post(
"https://api.lucitra.io/v1/provenance" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
json = {
"dataset_id" : "ds_7kx9m2" ,
"simulator" : "isaac-sim" ,
"simulator_version" : "4.5.0" ,
"generation_params" : {
"domain_randomization" : True ,
"lighting_variation" : "high" ,
"object_density" : 0.7 ,
},
"random_seeds" : [ 42 , 1337 , 9001 ],
"content_hash" : "sha256:a1b2c3d4e5f6..." ,
"source_repo" : "https://github.com/acme/sim-scenes" ,
"source_commit" : "abc123def456" ,
"host_info" : {
"gpu" : "A100-80GB" ,
"driver" : "535.129.03" ,
"os" : "Ubuntu 22.04" ,
},
},
)
The dataset to attach provenance to.
Name of the simulator used (e.g., isaac-sim, carla, unity).
Version string of the simulator.
The simulation parameters used to generate this dataset. Structure is freeform.
Random seeds used during generation, enabling exact reproducibility.
Cryptographic hash of the dataset contents for integrity verification.
URL of the source repository containing scene definitions.
Git commit SHA of the source code used during generation.
Hardware and software environment details of the generation host.
Get Provenance Chain
Retrieve the full ordered provenance chain for a dataset. If the dataset was derived from other datasets, the chain includes all ancestors.
curl "https://api.lucitra.io/v1/provenance/ds_7kx9m2" \
-H "Authorization: Bearer luci_your_api_key"
resp = requests.get(
"https://api.lucitra.io/v1/provenance/ds_7kx9m2" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
)
chain = resp.json()
Model Cards
Model cards document the relationship between training data, validation results, and the models trained on that data. They provide a structured record for internal review and regulatory submissions.
Create a Model Card
curl -X POST https://api.lucitra.io/v1/model-cards \
-H "Authorization: Bearer luci_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"project_id": "proj_abc123",
"name": "warehouse-perception-v3",
"report_ids": ["rpt_8abc1234", "rpt_9def5678"],
"training_metadata": {
"model_architecture": "yolov8-l",
"framework": "ultralytics",
"epochs": 300,
"final_map50": 0.89
}
}'
resp = requests.post(
"https://api.lucitra.io/v1/model-cards" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
json = {
"project_id" : "proj_abc123" ,
"name" : "warehouse-perception-v3" ,
"report_ids" : [ "rpt_8abc1234" , "rpt_9def5678" ],
"training_metadata" : {
"model_architecture" : "yolov8-l" ,
"framework" : "ultralytics" ,
"epochs" : 300 ,
"final_map50" : 0.89 ,
},
},
)
model_card = resp.json()
The project this model card belongs to.
A descriptive name for this model card.
Validation report IDs to include. Links the model card to specific data quality assessments.
Training configuration and results. Structure is freeform but should include architecture, framework, and performance metrics.
Retrieve and List Model Cards
Get
List by project
Export PDF
curl "https://api.lucitra.io/v1/model-cards/mc_xyz789" \
-H "Authorization: Bearer luci_your_api_key"
curl "https://api.lucitra.io/v1/projects/proj_abc123/model-cards" \
-H "Authorization: Bearer luci_your_api_key"
curl "https://api.lucitra.io/v1/model-cards/mc_xyz789/pdf" \
-H "Authorization: Bearer luci_your_api_key" \
-o model-card.pdf
Compliance Reports
Generate regulatory compliance reports that map your validation results against specific standards. Reports are generated asynchronously and returned as downloadable documents.
Supported Standards
EU AI Act European Union Artificial Intelligence Act. Required for high-risk AI systems deployed in the EU.
FDA 21 CFR Part 11 FDA regulations for electronic records and signatures. Required for medical device AI.
ISO 26262 Functional safety standard for road vehicles. Required for automotive ADAS and AV systems.
Generate a Compliance Report
curl -X POST https://api.lucitra.io/v1/compliance/report \
-H "Authorization: Bearer luci_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"projectId": "proj_abc123",
"reportIds": ["rpt_8abc1234", "rpt_9def5678"],
"format": "pdf",
"standard": "eu_ai_act"
}'
resp = requests.post(
"https://api.lucitra.io/v1/compliance/report" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
json = {
"projectId" : "proj_abc123" ,
"reportIds" : [ "rpt_8abc1234" , "rpt_9def5678" ],
"format" : "pdf" ,
"standard" : "eu_ai_act" ,
},
)
# Returns 202 Accepted
compliance = resp.json()
The project to generate the compliance report for.
Validation report IDs to include in the compliance assessment.
Output format. Currently pdf is supported.
Regulatory standard to assess against. One of eu_ai_act, fda_21cfr11, or iso_26262.
Compliance report generation returns 202 Accepted . Poll the report status or use a webhook to be notified when it is ready.
List, Get, and Download
curl "https://api.lucitra.io/v1/compliance/reports?project_id=proj_abc123" \
-H "Authorization: Bearer luci_your_api_key"
curl "https://api.lucitra.io/v1/compliance/reports/cr_abc123" \
-H "Authorization: Bearer luci_your_api_key"
curl -L "https://api.lucitra.io/v1/compliance/reports/cr_abc123/download" \
-H "Authorization: Bearer luci_your_api_key" \
-o compliance-report.pdf
The download endpoint returns a 307 redirect to a time-limited signed GCS URL. Use -L in cURL or allow_redirects=True in Python to follow the redirect automatically.
Certification Tokens
Certification tokens provide time-limited, read-only access to a compliance report without requiring API authentication. Use them to share audit-ready reports with external auditors, regulators, or certification bodies.
Create a Certification Token
curl -X POST https://api.lucitra.io/v1/certification/tokens \
-H "Authorization: Bearer luci_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"compliance_report_id": "cr_abc123",
"name": "TUV-audit-march-2026",
"expires_in_hours": 168,
"max_access_count": 10,
"auditor_name": "Dr. Maria Schmidt",
"auditor_email": "m.schmidt@tuv.com"
}'
resp = requests.post(
"https://api.lucitra.io/v1/certification/tokens" ,
headers = { "Authorization" : "Bearer luci_your_api_key" },
json = {
"compliance_report_id" : "cr_abc123" ,
"name" : "TUV-audit-march-2026" ,
"expires_in_hours" : 168 ,
"max_access_count" : 10 ,
"auditor_name" : "Dr. Maria Schmidt" ,
"auditor_email" : "m.schmidt@tuv.com" ,
},
)
token_data = resp.json()
# Save token_data["token"] — it is only shown once
The compliance report to grant access to.
A descriptive name for tracking this token (e.g., the audit or auditor name).
Token validity period in hours. Must be between 1 and 720 (30 days).
Maximum number of times the token can be used. Null for unlimited access within the expiry window.
Name of the auditor or recipient for audit trail purposes.
Email of the auditor or recipient for audit trail purposes.
{
"id" : "ctk_m2n3o4p5" ,
"token" : "cert_a1b2c3d4e5f6g7h8i9j0" ,
"prefix" : "cert_a1b2" ,
"expires_at" : "2026-03-13T12:00:00Z"
}
Token identifier for management operations.
The full certification token. Starts with cert_. Shown only once at creation time.
A short prefix for identifying the token without exposing the full value.
ISO 8601 timestamp when the token expires.
The token value is only returned at creation time. Store it securely and share it with the auditor through a secure channel. There is no way to retrieve the full token after this response.
Public Report Access
Auditors access the compliance report using the token directly in the URL. No API key or authentication is required.
curl "https://api.lucitra.io/v1/certification/reports/cert_a1b2c3d4e5f6g7h8i9j0"
https://api.lucitra.io/v1/certification/reports/cert_a1b2c3d4e5f6g7h8i9j0
Share the full URL with auditors. They can open it directly in a browser to view the compliance report without needing a Lucitra account or API key.