Skip to main content
Generate reports from Rampart audit logs for compliance, auditing, and security analysis.

Usage

rampart report [flags]                # HTML report (default)
rampart report compliance [flags]     # AIUC-1 compliance report

Subcommands

report (default)

Generate a self-contained HTML report.
--audit-dir
string
default:"~/.rampart/audit"
Directory containing audit JSONL files
--output
string
default:"report.html"
Output HTML file path
--last
string
default:"24h"
Time window (e.g., 24h, 7d, 30d)

compliance

Generate an AIUC-1 compliance evidence report.
--audit-dir
string
default:"~/.rampart/audit"
Directory containing audit JSONL files
--since
string
Reporting period start date (YYYY-MM-DD, default: 30 days ago)
--until
string
Reporting period end date (YYYY-MM-DD, default: now)
--format
string
default:"text"
Output format: text or json
--output
string
Write report to file instead of stdout

HTML report

Generate

rampart report

Reading audit events from ~/.rampart/audit...
Found 1523 total events
Filtered to 145 events within 24h
Generating HTML report...
✅ Report generated: /home/user/report.html
Open report.html in your browser.

Custom time window

# Last 7 days
rampart report --last 7d

# Last 30 days
rampart report --last 30d

# Last 12 hours
rampart report --last 12h

Custom output path

rampart report --output weekly-report.html --last 7d

Report contents

The HTML report includes:
  1. Executive summary
    • Total events
    • Allow/deny breakdown
    • Top blocked commands
    • Time range
  2. Event timeline
    • Chronological list of all events
    • Color-coded by decision
    • Filterable by tool, decision, policy
  3. Statistics
    • Events by hour/day
    • Top policies matched
    • Tool usage breakdown
  4. Blocked events
    • All deny events with details
    • Matched policy names
    • Timestamps

AIUC-1 compliance report

AIUC-1 (AI Unified Controls v1) is the first compliance standard for AI agent operations.

Controls evaluated

AIUC-1.1 Tool Call Authorization
  • All tool calls evaluated against policy
  • Evidence: audit log completeness
AIUC-1.2 Audit Logging
  • Tamper-evident audit chain maintained
  • Evidence: JSONL integrity, sequential timestamps
AIUC-1.3 Human-in-the-Loop
  • Sensitive operations require human approval
  • Evidence: require_approval decisions logged
AIUC-1.4 Data Exfiltration Prevention
  • Credential/sensitive path access blocked
  • Evidence: deny events for credential patterns

Generate compliance report (text)

rampart report compliance

╭──────────────────────────────────────────────────────────────────────╮
│  AIUC-1 Compliance Report                                              │
│  Rampart v0.7.0                                                        │
├──────────────────────────────────────────────────────────────────────┤
│  Period: 2026-02-01 to 2026-02-28                                      │
│  Generated: 2026-03-03 15:04:05 UTC                                    │
╰──────────────────────────────────────────────────────────────────────╯

AIUC-1.1 Tool Call Authorization .......... ✅ COMPLIANT
  • 1,234 tool calls evaluated
  • 100% policy coverage
  • Evidence: audit-2026-02.jsonl

AIUC-1.2 Audit Logging .................... ✅ COMPLIANT
  • Tamper-evident JSONL format
  • Sequential timestamps verified
  • No gaps detected

AIUC-1.3 Human-in-the-Loop ................ ✅ COMPLIANT
  • 45 approvals required
  • 12 approvals granted
  • 33 approvals denied or expired

AIUC-1.4 Data Exfiltration Prevention ..... ✅ COMPLIANT
  • 8 credential access attempts blocked
  • 0 sensitive files exfiltrated
  • Policy: credential-theft (active)

──────────────────────────────────────────────────────────────────────
Overall Status: COMPLIANT

This report provides evidence that Rampart is enforcing AIUC-1 required
controls. It can be shared with auditors or security teams.

Generate compliance report (JSON)

rampart report compliance --format json

{
  "version": "aiuc-1",
  "rampart_version": "v0.7.0",
  "period": {
    "start": "2026-02-01T00:00:00Z",
    "end": "2026-02-28T23:59:59Z"
  },
  "generated_at": "2026-03-03T15:04:05Z",
  "controls": [
    {
      "id": "AIUC-1.1",
      "name": "Tool Call Authorization",
      "status": "compliant",
      "evidence": {
        "total_calls": 1234,
        "policy_coverage": 100.0,
        "audit_files": ["audit-2026-02.jsonl"]
      }
    },
    {
      "id": "AIUC-1.2",
      "name": "Audit Logging",
      "status": "compliant",
      "evidence": {
        "format": "jsonl",
        "integrity": "verified",
        "gaps": 0
      }
    }
  ],
  "overall_status": "compliant"
}

Custom date range

rampart report compliance --since 2026-01-01 --until 2026-01-31
Report for January 2026 only.

Save to file

rampart report compliance --format json --output aiuc1-report.json

Wrote compliance report to aiuc1-report.json

Use cases

Weekly security review

# Generate weekly HTML report
rampart report --last 7d --output weekly-$(date +%Y-%m-%d).html

# Email to security team
mail -s "Weekly Rampart Report" [email protected] < weekly-2026-03-03.html

Monthly compliance audit

# Generate monthly AIUC-1 report
rampart report compliance \
  --since 2026-02-01 \
  --until 2026-02-28 \
  --format json \
  --output compliance-2026-02.json

# Archive for auditors
cp compliance-2026-02.json /mnt/audit-archive/

CI/CD validation

#!/bin/bash
# Ensure compliance before deployment
rampart report compliance --format json > compliance.json
status=$(jq -r .overall_status compliance.json)
if [ "$status" != "compliant" ]; then
  echo "AIUC-1 compliance check failed"
  cat compliance.json | jq .controls
  exit 1
fi

Incident investigation

# Generate report for last 24h
rampart report --last 24h --output incident-report.html

# Review blocked events
open incident-report.html

Quarterly audit

# Q1 2026 compliance report
rampart report compliance \
  --since 2026-01-01 \
  --until 2026-03-31 \
  --output Q1-2026-compliance.txt

# Share with auditors
cat Q1-2026-compliance.txt | mail -s "Q1 Compliance" [email protected]

Compliance status

COMPLIANT

All controls are satisfied:
  • Audit logs exist for the period
  • Policy is active and enforced
  • No integrity issues detected

NON-COMPLIANT

One or more controls failed:
  • No audit logs for the period
  • Policy not enforced (default_action: allow)
  • Audit integrity issues
Note: Fresh installations with no audit history show NON-COMPLIANT. Run Rampart with an agent to generate logs.

Troubleshooting

No events found

no events found in ~/.rampart/audit
No audit logs exist. Run Rampart to generate events: 
rampart setup claude-code
# Use Claude Code to generate events
rampart report

No events in time window

no events found within the last 24h
Increase the time window: 
rampart report --last 7d

Non-compliant report

Overall Status: NON-COMPLIANT
Check which controls failed: 
rampart report compliance --format json | jq '.controls[] | select(.status != "compliant")'
Fix issues and regenerate: 
rampart init --profile standard
rampart serve install
rampart report compliance

Invalid date format

report: invalid --since date "2026-02" (expected YYYY-MM-DD)
Use full date format: 
rampart report compliance --since 2026-02-01

See also

Build docs developers (and LLMs) love

Get started for freeTalk to us