Frameworks ask questions; your context pipeline should answer them with enforced controls and verifiable evidence. LeanCTX maps EU AI Act, ISO/IEC 42001 and SOC 2 to mechanisms it actually enforces — and is explicit about everything it cannot.
Honesty first: LeanCTX is tooling support for compliance work — not legal advice. "Aligned" is a technical statement about enforceable controls, not a certification. Every mapping carries this disclaimer, and every uncovered duty is a documented gap.
Machine-readable mapping matrices, pinned to exact framework editions with a semi-annual review cycle. Each ships with a framework policy pack implementing the enforceable slice — inherit it, extend it, or audit your own pack against it.
Regulation (EU) 2024/1689
11 of 14 mapped controls technically enforced
Deployer perspective on the context flow: Art. 12 logging (tamper-evident, always-on), Art. 26(6) six-month log retention, Art. 10(5) regulated-identifier redaction, Art. 14(4) oversight and intervention via hard budget caps, Art. 15(5) access control. Training-data governance and organisational duties are documented gaps — not hidden.
pack: eu-ai-act-deployer
ISO/IEC 42001:2023, Annex A
Enforceable Annex A slices, gaps documented
A.6.2.6 operation logging, A.9.2 responsible-use process — the policy pack is the machine-enforced process definition — A.9.4 intended-use enforcement with recorded violations, A.7.4 data control before use. The AIMS itself is organisational by definition; the mapping says so.
pack: iso42001-aligned
AICPA TSC 2017 (2022 points of focus)
Context-pipeline slice of the TSC, evidence included
CC6.1 logical access (default-deny capability gate), CC6.6 boundary protection (egress denial + path jail), CC7.2 anomaly monitoring (typed security events), C1.1 confidentiality (credential + identifier redaction). Entity-level criteria stay with your org — the mapping draws the boundary.
pack: soc2-context
Source of truth: the mapping matrices in the repository — TOML, reviewable, diffable. Every full coverage claim names the CI test that proves enforcement; a drift test fails the build when claims and tests diverge.
One command renders what assessors actually want to see: per-control verdicts against your real, resolved policy pack — not against a brochure.
$ lean-ctx policy coverage --framework eu-ai-act
AIA-12.1 Art. 12(1) ENGINE hash-chained audit trail, always-on AIA-26.6 Art. 26(6) ENFORCED audit_retention_days = 365 (≥ 180 d) AIA-10.5 Art. 10(5) ENFORCED 4/4 regulated-identifier classes redacted AIA-14.4e Art. 14(4)(e) ENFORCED max_context_tokens = 12000 bounds every assembly AIA-10.2 Art. 10(2) GAP training-data governance is outside the pipeline 11 of 14 controls technically enforced (5 pack-verified, 6 engine guarantees) · 3 documented gaps
ENFORCED is verified live against your resolved pack — a weak pack
downgrades to NOT-ENFORCED with exit code 1, so the report is CI-gateable.
ENGINE guarantees cite the test that proves them. GAP
rows state what remains an organisational duty. --json
for your GRC tooling.
lean-ctx audit evidence exports a deterministic, Ed25519-signed ZIP: the tamper-evident audit segment for the period, the resolved policy pack in force, and the coverage reports. Same inputs, byte-identical bundle — regenerate and compare.
The counterpart, leanctx-verify, is a standalone tool with no engine code and four dependencies — an independent second implementation of the open evidence-bundle-v1 contract. It runs offline, on the auditor's machine, in well under a minute:
Archive + manifest
bundle well-formed, version supported
File inventory
every file matches its SHA-256, nothing added or removed
Chain replay
audit hash chain recomputes from anchor to head
Manifest signature
Ed25519 valid — against an out-of-band key if you have one
Entry signatures
each log line individually signed and verified
Mutation-tested: one flipped byte, one dropped line, one wrong key — INVALID. The auditor guide explains in plain language what the evidence proves and what it cannot (events are protected from the moment they are recorded — not before; an honest threat model is part of the format). Verifier source: packages/leanctx-verify.
No tool can claim that, and we don’t. LeanCTX technically enforces the controls that live in the context pipeline — and proves the enforcement with CI tests and runtime evidence. The mapping matrices state per control whether coverage is full (enforced + tested), partial (residual gap described) or none (organisational duty). Compliance is an assessment humans make; LeanCTX hands them enforceable controls and verifiable evidence.
Machine-readable TOML files, one per framework, pinned to an exact framework edition with a semi-annual review cycle. Each control carries the clause, a one-sentence requirement, the LeanCTX mechanism (pack rule, audit event, evidence export), the evidence an assessor receives, the coverage claim — and for every full claim, the name of the CI test that proves enforcement. A drift test fails the build if a claim points at a test that doesn’t exist.
lean-ctx policy coverage --framework eu-ai-act (or iso42001, soc2) renders the audit-conversation artifact: every control as ENFORCED (verified live against your resolved policy pack), ENGINE (CI-proven engine guarantee), NOT-ENFORCED (your pack doesn’t hold the rule — exit code 1, CI-gateable) or GAP (documented organisational duty). Add --json for machines.
A deterministic, Ed25519-signed ZIP produced by lean-ctx audit evidence: the tamper-evident audit-chain segment for a period, the resolved policy pack that was in force, and the CGB + framework coverage reports. Identical inputs produce byte-identical bundles, so two parties can regenerate and compare. The format is an open contract (evidence-bundle-v1).
With leanctx-verify — a standalone tool that shares no code with the engine and implements the published contract independently. It replays the hash chain and checks all signatures offline in five PASS/FAIL steps, in well under a minute. Mutation tests prove that a single flipped byte, a dropped log line or a wrong key turns the verdict INVALID. A plain-language auditor guide explains what the evidence proves — and, just as explicitly, what it cannot prove.
Run the coverage report against your own packs today — locally, free. Or talk to us about a pilot with your compliance team in the loop.