GitHub - bohdan1288-dotcom/ai-audit-orchestrator: Turn an AI coding agent into a disciplined, read-only compliance auditor. Evidence or silence; method public, results private. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

bohdan1288-dotcom

ai-audit-orchestrator

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>3 Commits<br>3 Commits

agents

agents

examples

examples

prompts

prompts

templates

templates

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

SECURITY.md

SECURITY.md

View all files

Repository files navigation

ai-audit-orchestrator

A read-only, evidence-gated audit harness for AI coding agents (Claude Code, Cursor,<br>Codex, etc.). It runs a chain of single-purpose audit subagents over your own<br>repository, one framework at a time, and forces every finding to carry a<br>path:line citation — or the literal words No evidence found . State is passed<br>from one subagent to the next through a small Resume Packet .

It is designed to instruct the agent not to fix, edit, run, commit, or print<br>secrets — and to produce only findings you can verify yourself by opening the cited<br>line. These are prompt-level constraints, not technical guarantees : the prompt<br>tells a capable agent to stay read-only, but it does not enforce it. Run it in an<br>environment that enforces read-only for real (see Operating safely below).

Built by one person who does not write code, by directing AI. This is the<br>auditing method that came out of that — extracted, anonymized, and given away.

Why this exists

LLM coding agents are fluent and confident, and they hallucinate. When you ask one<br>"is my platform SOC 2 ready?", a normal agent will write you a reassuring paragraph.<br>This harness is built to do the opposite: to be adversarial about its own claims .

Four rules make that work:

Evidence or silence. Every finding needs a file path and line number. If the<br>agent can't point at a line, it must write No evidence found — never a guess.

Design vs. operation (Type I / Type II). A control that exists in code (Type I<br>design) is separated from a control that has durable proof it actually ran (Type II<br>operating evidence). Most "we're compliant" claims die at this split.

Current standards only. Before auditing a framework, the agent must confirm the<br>edition/version in force as of the audit date from an official source — never<br>audit against an older edition it happens to remember. A superseded standard is<br>itself a finding.

One subagent per turn, then stop. Each turn audits exactly one framework and<br>hands the next turn a Resume Packet. This keeps context small and stops the agent<br>from sprawling into a single unverifiable mega-answer.

Layout

evidence index<br>agents/ # example single-purpose reviewer subagents (sanitized)<br>examples/<br>redacted-finding.md # what one finding looks like (no real platform data)<br>redacted-evidence-register.yaml # Evidence Pack register shape (synthetic)<br>redacted-control-evidence-map.csv # Evidence Pack control->evidence index (synthetic)<br>SECURITY.md # how to run it safely; what you must never commit back<br>.gitignore # blocks audit output, filled packets/registers, secrets, dumps">prompts/<br>00-orchestrator.md # the master prompt: state header + rules + run loop<br>frameworks/README.md # framework briefs (one section per framework), edit to taste<br>evidence/ # OPTIONAL Evidence Pack: turn gaps into a private evidence register<br>templates/<br>audit-state-header.md # the header every subagent turn starts with<br>resume-packet.yaml # the state object passed between subagents<br>evidence-register.yaml # (Evidence Pack) metadata-only register; filled-in copy is PRIVATE<br>control-evidence-map.csv # (Evidence Pack) flat control->evidence index<br>agents/ # example single-purpose reviewer subagents (sanitized)<br>examples/<br>redacted-finding.md # what one finding looks like (no real platform data)<br>redacted-evidence-register.yaml # Evidence Pack register shape (synthetic)<br>redacted-control-evidence-map.csv # Evidence Pack control->evidence...