Audit Bundle
At cutover, the IDE exports a tamper-evident audit bundle that records every translation decision, approval, divergence, and sign-off. The bundle is your compliance evidence for regulated migrations.
Structure
IAuditBundle {
sessionId: string // session identifier
exportedAt: number // Unix timestamp (ms)
migrationPattern: string // e.g. "cobol-to-typescript"
sourceProjects: string[] // source project labels
targetProjects: string[] // target project labels
complianceFrameworks: string[] // detected frameworks (e.g. ["iso-26262", "iec-61508"])
units: IAuditUnitRecord[] // one record per approved unit
bundleHash: string // FNV-1a hash of all unit records
chainIntegrity: boolean // true = hash verified on export
}Unit Record
IAuditUnitRecord {
unitId: string
sourceFile: string // relative path in source project
targetFile: string // relative path in target project
sourceLang: string
targetLang: string
outcome: 'approved' | 'skipped' | 'rejected'
confidence: 'high' | 'medium' | 'low'
fingerprintSimilarity: number // 0.0–1.0
translationVersion: number // how many times this unit was re-translated
decisions: IAuditDecision[] // all human decisions raised + resolved
divergences: IAuditDivergence[] // all divergences detected + reviewed
approvedBy?: string // user ID who approved
approvedAt?: number // approval timestamp
signOffs: IAuditSignOff[] // compliance officer sign-offs
techDebtItems: string[] // tech debt categories detected at discovery
blockers: string[] // blocker types detected at planning
}Decision Record
IAuditDecision {
decisionId: string
type: 'type-mapping' | 'naming' | 'rule-interpretation' | 'architecture'
description: string
resolution: string // what was decided
resolvedBy: string
resolvedAt: number
}Divergence Record
IAuditDivergence {
divergenceId: string
type: string // see Validation divergence types
description: string
reviewedBy: string
reviewedAt: number
accepted: boolean // true = accepted as expected difference
}Sign-off Record
IAuditSignOff {
role: string // e.g. "compliance-officer", "security-architect"
signedBy: string
signedAt: number
comment?: string
}Tamper Evidence
The bundle hash is a FNV-1a hash computed over the serialised unit records array (JSON, sorted by unitId). It is computed and embedded at export time.
To verify integrity after the fact:
import { verifyAuditBundleIntegrity } from 'neural-inverse-sdk'
const bundle = JSON.parse(fs.readFileSync('migration-audit.json', 'utf8'))
const isIntact = verifyAuditBundleIntegrity(bundle)
// true = bundle has not been modified since exportverifyAuditBundleIntegrity re-computes the FNV-1a hash over the unit records and compares against the stored bundleHash. Any post-export modification — even whitespace changes in the unit records — will cause the check to fail.
Exporting the Bundle
The audit bundle is exported automatically at cutover. It is also available for manual export at any time after cutover:
Neural Inverse: Export Audit BundleThe bundle is written to the target project root as migration-audit-<sessionId>.json.
Using the Bundle for Compliance
The bundle provides evidence for:
- ISO 26262: Traceability from source ASIL-rated units to approved translated equivalents with formal verification sign-offs
- IEC 61508: SIL-rated unit translation history with independent verification records
- MISRA-C: Decision records showing rationale for deviations
- IEC 62443: Audit trail for OT/ICS modernisation with zone isolation sign-offs
- 3GPP / GSMA: Security architect sign-offs on key material externalisation
The chainIntegrity: true field is your tamper-evidence assertion. Include the bundle as an attachment in your safety case or compliance dossier.
Last edited