Skip to content

AIGP Log Harvest — Extracting Governance from Vendor Logs

AIGP Log Harvest — Extracting Governance from Vendor Logs

PRIVATE AND PROPRIETARY. Owned by Kanjani AI Research & Causum. See NOTICE.md.

Status: SPEC (Experimental)

Purpose

When vendors won’t implement AIGP natively, harvest AIGP-equivalent records from their existing logs. Produces normalized AIGP RECORDs from heterogeneous vendor telemetry using system-to-system manifest files.

The Problem

Embedded AI vendors produce logs in their own format (or don’t log at all). Without native AIGP support, you have:

  • Scattered telemetry across dozens of vendor dashboards
  • No unified view of AI activity
  • No way to apply consistent governance across vendors

The Solution

Vendor Logs (their format)
↓ API / S3 / stream / webhook
aigp-log-harvest engine
↓ manifest-driven field mapping
AIGP RECORD (normalized)
governance-server → unified audit trail → governance decisions

Architecture

┌─────────────────────────────────────────────────────┐
│ aigp-log-harvest │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │Salesforce│ │ Azure │ │ AWS │ ... │
│ │ Manifest │ │ Manifest │ │ Manifest │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ ↓ ↓ ↓ │
│ ┌─────────────────────────────────────────┐ │
│ │ Harvest Engine │ │
│ │ - Poll/stream vendor logs │ │
│ │ - Apply manifest field mapping │ │
│ │ - Normalize to AIGP RECORD schema │ │
│ │ - Mark completeness level │ │
│ │ - Deduplicate │ │
│ └─────────────────────┬───────────────────┘ │
│ ↓ │
│ ┌─────────────────────────────────────────┐ │
│ │ AIGP RECORD (normalized) │ │
│ └─────────────────────┬───────────────────┘ │
└─────────────────────────┼───────────────────────────┘
governance-server ingest

Manifest File Format

Each vendor/system gets a manifest that defines how to extract AIGP-equivalent data:

manifests/salesforce-einstein.yaml
manifest_version: "1.0"
vendor: "Salesforce"
system: "Einstein AI"
source:
type: "rest_api"
endpoint: "/services/data/v59.0/query"
auth: "oauth2"
poll_interval_seconds: 300
query: "SELECT Id, CreatedDate, UserId, Action, EntityType FROM SetupAuditTrail WHERE Action LIKE '%Einstein%'"
field_mapping:
# AIGP RECORD field → vendor log field (or derivation)
actor: "UserId"
operation: "Action"
timestamp: "CreatedDate"
target_service: "'salesforce-einstein'" # static
model_id: null # not available in logs
input_hash: null # vendor doesn't log prompts
output_summary: "EntityType"
confidence: null
prompt_length: null
derived_fields:
app_id: "'SALESFORCE_EINSTEIN'"
sensitivity: "UNKNOWN" # can't determine from logs alone
completeness: "PARTIAL"
missing_fields:
- model_id
- input_hash
- confidence
- prompt_length
notes: "Salesforce audit trail captures AI feature usage but not prompt/response content."
manifests/aws-bedrock.yaml
manifest_version: "1.0"
vendor: "AWS"
system: "Bedrock"
source:
type: "cloudtrail"
event_source: "bedrock.amazonaws.com"
s3_bucket: "cloudtrail-logs-705909755305"
poll_interval_seconds: 60
field_mapping:
actor: "userIdentity.arn"
operation: "eventName"
timestamp: "eventTime"
target_service: "'aws-bedrock'"
model_id: "requestParameters.modelId"
input_hash: null # CloudTrail doesn't log prompt content
output_summary: null
confidence: null
prompt_length: null
derived_fields:
app_id: "userIdentity.principalId"
sensitivity: "UNKNOWN"
completeness: "PARTIAL"
missing_fields:
- input_hash
- output_summary
- confidence
notes: "CloudTrail captures invocation metadata (who, which model, when) but not prompt/response content. Enable Bedrock model invocation logging for full content."
manifests/microsoft-copilot.yaml
manifest_version: "1.0"
vendor: "Microsoft"
system: "365 Copilot"
source:
type: "graph_api"
endpoint: "/auditLogs/signIns"
auth: "oauth2_app"
poll_interval_seconds: 600
filter: "appDisplayName eq 'Microsoft 365 Copilot'"
field_mapping:
actor: "userPrincipalName"
operation: "appDisplayName"
timestamp: "createdDateTime"
target_service: "'microsoft-copilot'"
model_id: null
input_hash: null
output_summary: null
confidence: null
completeness: "MINIMAL"
missing_fields:
- model_id
- input_hash
- output_summary
- confidence
- prompt_length
- operation_detail
notes: "Microsoft Graph audit logs show Copilot was USED but not WHAT was asked or answered. Minimal governance value without Microsoft Purview AI Hub."

Completeness Levels

Level Meaning Fields Available
FULL Native AIGP — all fields present All
HIGH Most fields, missing only content hashes actor, operation, model, timestamp, sensitivity
PARTIAL Metadata only — who/when/which-service actor, timestamp, target_service
MINIMAL Usage detection only — “it was used” actor, timestamp
NONE No logs available Nothing — paper governance only

Harvest Engine (Python)

class HarvestEngine:
def __init__(self, manifests_dir: str):
self.manifests = self._load_manifests(manifests_dir)
async def harvest(self, manifest_id: str) -> list[AigpRecord]:
manifest = self.manifests[manifest_id]
raw_events = await self._poll_source(manifest["source"])
records = []
for event in raw_events:
record = self._map_to_aigp(event, manifest["field_mapping"], manifest["derived_fields"])
record["completeness"] = manifest["completeness"]
record["source_manifest"] = manifest_id
records.append(record)
return records
async def ingest_to_gov_app(self, records: list[AigpRecord]):
for record in records:
await gov_app_client.post("/api/v1/aigp/record", json=record)

Integration with governance-server

Harvested records appear in governance-server alongside native AIGP records, but clearly marked:

Source Badge Trust Level
Native AIGP ✅ Full High — DNA-signed, schema-validated
AIGP-Lite (edge) ⚡ Lite Medium — buffered, signed on sync
Log Harvest 📋 Harvested Low — derived from vendor logs, partial
No data ❌ None None — paper governance only

Value Proposition

Even PARTIAL records are valuable:

  • “We know Salesforce Einstein was used 847 times last week by 23 users”
  • “We know Bedrock was invoked with model X by role Y at time Z”
  • “We know Copilot was active but can’t see what it did”

This turns “we have no idea” into “we have partial visibility” — which is enough to:

  • Identify high-usage AI systems for deeper review
  • Detect shadow AI (unexpected services appearing in logs)
  • Prioritize which vendors to push for native AIGP support
  • Demonstrate governance effort to auditors (even if incomplete)

Limitations (Honest)

  • Harvested records are NOT evidence — they’re derived metadata
  • Cannot be DNA-signed (content not available to hash)
  • Vendor log formats change without notice (manifests need maintenance)
  • Some vendors log almost nothing useful (MINIMAL completeness)
  • Latency: logs may be hours/days behind real-time
  • Cannot prevent — only observe after the fact