← Back to Skills Marketplace

JEP-Guard Audit

Name: JEP-Guard Audit
Author: schchit

by JEP (Judgment Event Protocol) · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install jep-guard-audit

Description

JEP-Guard Audit Skill — Strict JEP-04/JAC-01 Compliant Audit Chain with Friendly API Layer

README (SKILL.md)

JEP-Guard Audit Skill

Strict JEP-04 / JAC-01 Compliant Audit Chain

Architecture

Three-layer design:

GuardSkill — Friendly API (issuer, assertion, target)
JEPAdapter — Maps friendly fields to strict JEP-04
JEPCodec — Strict protocol implementation (jep, verb, who, when, what, nonce, aud, ref, sig)

Protocol Alignment

JEP-04 Field	API Field	Notes
`jep`	(auto)	Fixed to "1"
`verb`	`primitive`	J/D/T/V
`who`	`issuer`	Actor DID
`when`	`timestamp`	ISO → Unix seconds
`what`	`assertion`	SHA-256 multihash
`nonce`	(auto)	UUIDv4
`aud`	`target`	Recipient
`ref`	`prev_event_id` / `verify_of`	Chain link
`sig`	`signature`	JWS
`task_based_on`	`parent_task_hash`	JAC-01 causality

Compliance Standards

EU AI Act — Article 12 record-keeping, 6-year retention
California SB 1047 — 72-hour critical incident reporting
Colorado SB 205 — Algorithmic impact assessment + appeal logs
Generic JEP-01 — Baseline accountability tracing

Cognitive Emergence Lab
[email protected]

Usage Guidance

This package appears to implement the advertised audit chain API and protocols, but before installing or deploying it consider the following: (1) Cryptography: the code currently treats signatures as a presence check rather than performing real JWS signature verification — do not rely on it for legal/regulatory evidence until proper signature checks are implemented and audited. (2) Incomplete review: the provided core.py excerpt was truncated in the review package — obtain and inspect the complete source to ensure there are no hidden network calls, telemetry, or storage behaviors. (3) Deployment: the skill exposes an HTTP API (uvicorn/FastAPI); if you run it, protect the endpoint (authentication, TLS, network controls) and validate retention/storage meets regulatory needs (EU AI Act retention rules). (4) Supply chain: pip-install the declared dependencies from trusted registries and run the included unit tests in an isolated environment to confirm behavior. (5) If you need this for compliance evidence, require a cryptographic verification audit (implement/verify JWS verification and secure key management) before accepting chain outputs as authoritative.

Capability Analysis

Type: OpenClaw Skill Name: jep-guard-audit Version: 1.0.0 The jep-guard-audit skill bundle is a well-structured implementation of an audit logging and verification system based on the JEP-04 and JAC-01 protocols. The code is organized into a three-layer architecture (API, Adapter, and Codec) that handles event ingestion, hash-chain integrity verification, and compliance report generation for regulations like the EU AI Act. Analysis of the core logic in skill/core.py and skill/codec.py reveals no evidence of data exfiltration, malicious execution, or prompt injection; the system operates primarily in-memory and uses standard libraries for hashing and web serving.

Capability Tags

crypto

Capability Assessment

ℹ Purpose & Capability

The name, description, API (ingest / chain / export), and code files align: the adapter, codec, and engine implement mapping, canonicalization, hashing, and rule checks consistent with a JEP-04/JAC-01 audit chain. Minor mismatch: some docstrings claim nonce generation may use event_id as seed but the code always generates a fresh UUIDv4. More importantly, the code claims strict JWS signature handling but only performs presence checks rather than real cryptographic verification (see codec.verify_jac_core and core.signature_valid usage). For a compliance/audit skill, cryptographic signature verification is material.

ℹ Instruction Scope

SKILL.md and the FastAPI entrypoint describe only the audit API and schema; runtime instructions do not request unrelated files, env vars, or external endpoints. However the implementation uses a placeholder approach for signature verification (treating any non-empty sig as valid in some checks), which is scope creep in the sense that the skill advertises strict protocol compliance but omits the critical crypto verification step. Also, the provided core.py content in the review is truncated, preventing confirmation that export and other logic do not contact external endpoints or perform additional I/O.

✓ Install Mechanism

No install spec is provided (instruction-only at registry-level). The manifest lists reasonable Python dependencies (fastapi, uvicorn, pydantic) appropriate for a web API. There are no download URLs, no obscure installers, and no package manager scripts embedded in the skill package. Users will need to pip-install the listed dependencies to run the API.

✓ Credentials

The skill declares no required environment variables, no primary credential, and no config paths. The code also does not read env vars in the reviewed portions. This is proportionate to a local audit service that does not integrate with external cloud providers or secret stores.

✓ Persistence & Privilege

Skill flags are default (not always:true). It runs as a user-invocable FastAPI service and does not request persistent system privileges or modify other skills. Deploying it will expose an HTTP API — users should treat that as an operational concern (authentication, network exposure), but the skill itself does not assert elevated platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install jep-guard-audit
After installation, invoke the skill by name or use /jep-guard-audit
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of JEP-Guard Audit Skill - Implements a strict JEP-04/JAC-01 compliant audit chain with a developer-friendly API. - Provides endpoints for event ingestion, audit chain retrieval with integrity verification, and regulatory compliance reporting. - Supports exportable reports for EU AI Act, California SB1047, Colorado SB205, and generic standards. - Aligns API fields to strict protocol mappings for interoperability and accountability. - Designed with a three-layer architecture: GuardSkill API, JEPAdapter, and JEPCodec.

Metadata

Slug jep-guard-audit

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is JEP-Guard Audit?

JEP-Guard Audit Skill — Strict JEP-04/JAC-01 Compliant Audit Chain with Friendly API Layer. It is an AI Agent Skill for Claude Code / OpenClaw, with 59 downloads so far.

How do I install JEP-Guard Audit?

Run "/install jep-guard-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is JEP-Guard Audit free?

Yes, JEP-Guard Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does JEP-Guard Audit support?

JEP-Guard Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created JEP-Guard Audit?

It is built and maintained by JEP (Judgment Event Protocol) (@schchit); the current version is v1.0.0.

More Skills