Auditor Export Runtime

Status

Implemented in OP-037R. Auditor export requests now generate real redacted CSV and visible-watermark PDF artifacts from tenant-scoped compliance evidence.

What Was Implemented

compliance_exports storage with Postgres RLS and SQLite local support.
POST /api/v1/compliance/exports synchronous export generation.
GET /api/v1/compliance/exports and detail/status reads with audit records.
GET /api/v1/compliance/exports/{export_id}/artifacts/{csv|pdf} artifact reads.
CSV metadata header with auditor, organization, tenant, export date, export ID, scope, redaction policy, and SHA-256 body hash metadata.
PDF generation with visible text watermark containing auditor, organization, tenant, and date.
CSV and PDF SHA-256 hashes stored on the export record.
compliance.export.requested and compliance.export.completed event publication.
Compliance console export status and hash visibility.

Security / Tenant Isolation

Exports are generated from the auditor-safe evidence path and reuse auditor-default-v1 redaction before artifact creation. Export request, status, and artifact reads are tenant-scoped and audited. Operators cannot request exports; auditors, tenant admins, and system admins in explicit tenant context can access the export surfaces.

Validation

make validate-contracts
make typecheck-python
make lint
make test-sqlite
make docs-build

Known Limitations

Export generation is synchronous for Phase 1 demo readiness.
Redacted artifacts are stored in the relational export record.
S3/KMS object storage, short-lived signed URLs, background workers, tenant redaction policy editing, and approval workflows remain future scoped work.

Status​

What Was Implemented​

Security / Tenant Isolation​

Validation​

Known Limitations​

Status

What Was Implemented

Security / Tenant Isolation

Validation

Known Limitations