Praxa

Praxa

The compliance audit trail
for your AI agents.

Tamper-evident logs for every decision your AI agents make. Designed for B2B SaaS shipping LLM features into regulated industries — fintech, healthtech, legaltech, edtech, HR-tech.

Start free →See pricing

How it works

From npm install to audit-ready in three steps.

01

Install the SDK

Wrap your existing AI calls with a 3-line change. Works with Vercel AI SDK, OpenAI, Anthropic, LangChain.

02

Events flow in

Every model call logs to Praxa — input, output, rationale, downstream effects — chained with SHA-256 so tampering is detectable.

03

Download evidence

Generate NIST AI RMF report, EU AI Act Annex IV pack, or SOC 2 evidence kit on demand. Auditor-ready markdown or JSON.

What you get

One artifact for every audit conversation.

  • Tamper-evident audit chain

    SHA-256 hash chain per agent. Any altered, inserted, or deleted event breaks continuity from that point — independently verifiable by your auditor via the public REST API.

  • EU AI Act Annex IV pack

    Auto-generate the §1-§5 documentation Annex IV requires of high-risk system providers. The deployer fills in product-specific narrative; Praxa contributes the monitoring + change-log evidence.

  • NIST AI RMF report

    GOVERN / MAP / MEASURE / MANAGE sections populated from your real event data. Per-agent inventory + usage profile + operational metrics + incident log.

  • SOC 2 evidence kit

    CC6 (logical access) + CC7 (system operations) + CC8 (change management) evidence pulled from API key usage, event flow, and agent registration history.

Why Praxa

Different wedge from financial / AML audit trails.

Tools like attestr.io do tamper-evident audit trails for financial decisions — fraud, AML, payments. They’re excellent at what they do.

Praxa is positioned for AI-agent-decision auditing specifically: the EU AI Act, NIST AI RMF, and SOC 2 controls that apply toAI features in production, not to financial workflows. Different audience (DPOs + AI/ML leads, not fraud examiners), different regulator (data-protection authorities, not financial regulators), different buying motion (developers shipping AI features, not bank compliance teams).