R+3 · Tamper-evident Audit Trail · RTI-ready

R+3 Audit Trail

When a regulator asks "show me everything this agent did," R+3 produces a signed PDF in 30 seconds. RTI-compliant for India, FOIA-ready for US, equivalent for EU/UK/UAE.

Tutorial → API reference

specifications

The fundamentals

Hash chain

SHA-256 receipt links

Signature

Ed25519 (RFC 8032)

Canonical form

RFC 8785 JCS

Export format

Signed PDF + JSON bundle

Compliance

RTI · FOIA · DPDP §22

Status

Live · ministry-ready

What R+3 adds on top of R+2

R+2 receipts are individual cryptographically signed action records. R+3 takes a range of those receipts, packages them with their payload sidecars, adds a chain-of-custody record, and wraps everything in an operator-signed envelope suitable for regulator submission.

What you get

/api/audit/export endpoint — request all activity for an agent in a date range
Signed PDF export — readable by humans + ed25519 signature line + hash-chain proof appended
JSON bundle — machine-readable form for downstream forensics tools
Chain-of-custody record — who requested the export, when, under what authority
Operator wrap signature — proves the bundle wasn't tampered with after export
Selective redaction — operator can blank specific PII fields while keeping the hash linkage intact
Sample export available — see tutorial 06

regulatory mapping

Which regulations R+3 satisfies

India — RTI Act 2005: Any citizen can request information from government bodies. R+3 exports satisfy the "format that doesn't disclose process protected by §8" requirement.
India — DPDP §22: Significant Data Fiduciary enhanced audit obligations. R+3 covers the audit-trail requirement directly.
US — FOIA + sectoral: Federal agencies subject to FOIA can produce R+3 exports for AI-system queries. Same machinery works for HIPAA audits, SOX 404 reviews, GLBA examinations.
EU — AI Act high-risk: Article 12 logging + Article 14 human oversight obligations. R+3 export is the operator's evidence package.
UK — UK GDPR + Equality Act: Automated decision audit + right of explanation. R+3 produces the audit; companion R+2 receipts produce the explanation.
UAE — PDPL + AI Governance Framework: Data Office audit requests + AI Office registration audits. R+3 is the submission format.

code

One call. One PDF. Regulator-ready.

POST /api/audit/export
{
  "agent_id": "did:dcs:base:0xbDd1...0f5F:42",
  "from":     "2026-01-01T00:00:00Z",
  "to":       "2026-12-31T23:59:59Z",
  "format":   "pdf+json",
  "requested_by": {
    "name":       "Ministry of XYZ",
    "authority":  "RTI Application 2026/045",
    "contact":    "[email protected]"
  }
}

// Response:
{
  "bundle_id":    "audit-2026-09-15-001",
  "pdf_url":      "https://export.dcslabs.ai/audit-2026-09-15-001.pdf",
  "json_url":     "https://export.dcslabs.ai/audit-2026-09-15-001.json",
  "signature":    "ed25519:...",
  "receipt_count": 14823,
  "chain_proof":  "sha256:..."
}