Export Compliance Evidence with the CLI
Regulatory reviews, internal audits, and compliance certifications require documented evidence of your AI governance controls. The kt export command generates structured exports of decision events, policy configurations, and escalation records — in formats ready for auditors, data teams, and compliance tools.
Use this page when
- You need to generate audit-ready exports of decision events, escalation records, or policy configs for a compliance review.
- You are setting up scheduled exports or S3 upload for continuous evidence retention.
- You want to build pre-audit scripts that package all required artifacts.
Primary audience
- Primary: Compliance Engineers and Technical Engineers preparing audit evidence
- Secondary: Compliance Officers, Data Teams ingesting exports into warehouses
Creating an export
# Export all events from the last 30 days as JSON
kt export create --since 30d --format json
# Export blocked events only, as CSV
kt export create --since 30d --filter "outcome=blocked" --format csv
# Export with a descriptive name for audit tracking
kt export create --since 90d --format parquet --name "Q1-2025-compliance-review"
Export output
Export created successfully
─────────────────────────
Export ID: exp-a1b2c3d4
Name: Q1-2025-compliance-review
Format: Parquet
Time range: 2025-01-01T00:00:00Z — 2025-03-31T23:59:59Z
Events: 47,832
Size: 12.4 MB
Status: processing
Track progress: kt export status exp-a1b2c3d4
Download: kt export download exp-a1b2c3d4
Export formats
| Format | Flag | Best for |
|---|---|---|
| JSON | --format json | API integrations, programmatic analysis, archival |
| CSV | --format csv | Spreadsheet analysis, auditor-friendly tabular data |
| Parquet | --format parquet | Data warehouse ingestion, large-scale analytics |
JSON structure
{
"export_id": "exp-a1b2c3d4",
"created_at": "2025-04-23T10:00:00Z",
"time_range": {
"from": "2025-01-01T00:00:00Z",
"to": "2025-03-31T23:59:59Z"
},
"events": [
{
"event_id": "evt-1234",
"timestamp": "2025-01-15T09:23:41Z",
"gateway": "gw-prod-01",
"outcome": "blocked",
"triggered_policy": "prompt-injection-guard",
"user": "alice",
"provider": "openai/gpt-4o",
"latency_ms": 8
}
]
}
Tracking export status
Large exports run asynchronously. Track progress with:
# Check status of a specific export
kt export status exp-a1b2c3d4
# List all recent exports
kt export list
# List exports with status filter
kt export list --status completed
Export Status
─────────────
ID: exp-a1b2c3d4
Name: Q1-2025-compliance-review
Status: completed
Progress: 47,832 / 47,832 events
Size: 12.4 MB
Created: 2025-04-23T10:00:00Z
Completed: 2025-04-23T10:02:34Z
Downloading exports
# Download to current directory
kt export download exp-a1b2c3d4
# Download to a specific path
kt export download exp-a1b2c3d4 --output /path/to/exports/
# Download and verify checksum
kt export download exp-a1b2c3d4 --verify
Uploading to S3
Send exports directly to S3-compatible storage for long-term retention:
# Upload to S3 during export creation
kt export create --since 90d --format parquet \
--name "Q1-2025-audit" \
--s3-bucket my-compliance-bucket \
--s3-prefix exports/2025/Q1/
# Upload an existing export
kt export upload exp-a1b2c3d4 \
--s3-bucket my-compliance-bucket \
--s3-prefix exports/2025/Q1/
S3 configuration
Configure default S3 settings to avoid repeating credentials:
# ~/.keeptrusts/config.yaml
export:
s3:
bucket: my-compliance-bucket
prefix: exports/
region: us-east-1
# Credentials from AWS environment or IAM role
With defaults configured:
# Uses default bucket and prefix
kt export create --since 30d --format parquet --s3-upload
Scheduled exports
Automate recurring exports for continuous compliance evidence:
# Create a monthly export schedule
kt export schedule create \
--name "monthly-compliance" \
--frequency monthly \
--format parquet \
--s3-upload \
--filter "outcome=blocked,escalated"
# List active schedules
kt export schedule list
# Pause a schedule
kt export schedule pause sched-abc123
# View schedule history
kt export schedule history sched-abc123
Cron-based scheduling
For environments where the kt CLI runs as a service, use cron:
# /etc/cron.d/keeptrusts-exports
# Weekly compliance export every Monday at 2 AM
0 2 * * 1 kt export create --since 7d --format parquet \
--name "weekly-$(date +\%Y-\%W)" --s3-upload 2>&1 | logger -t keeptrusts-export
Audit preparation workflows
Pre-audit checklist export
Generate a comprehensive package for auditors:
#!/bin/bash
# audit-prep.sh — Generate a complete audit package
PERIOD="--since 90d"
OUTPUT_DIR="audit-package-$(date +%Y-%m-%d)"
mkdir -p "$OUTPUT_DIR"
# 1. All decision events
kt export create $PERIOD --format csv --output "$OUTPUT_DIR/events.csv"
# 2. Blocked events with full detail
kt export create $PERIOD --format json \
--filter "outcome=blocked" \
--output "$OUTPUT_DIR/blocked-events.json"
# 3. Escalation records
kt export create $PERIOD --format csv \
--type escalations \
--output "$OUTPUT_DIR/escalations.csv"
# 4. Current policy configuration (resolved snapshot)
kt config show --format json > "$OUTPUT_DIR/policy-config-snapshot.json"
# 5. Export manifest
cat > "$OUTPUT_DIR/manifest.json" <<EOF
{
"generated_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"period": "last 90 days",
"contents": [
"events.csv",
"blocked-events.json",
"escalations.csv",
"policy-config-snapshot.json"
]
}
EOF
echo "Audit package ready: $OUTPUT_DIR/"
Regulatory-specific exports
# HIPAA — focus on healthcare-related blocks and PII redactions
kt export create --since 90d --format json \
--filter "policy=pii-redaction,hipaa-guard" \
--name "hipaa-quarterly"
# EU AI Act — high-risk system decision log
kt export create --since 30d --format parquet \
--filter "gateway=gw-high-risk" \
--name "eu-ai-act-monthly"
# SOC 2 — full event trail with configuration snapshots
kt export create --since 365d --format json \
--name "soc2-annual-review"
Business outcomes
| Outcome | How export workflows help |
|---|---|
| Audit readiness | Pre-built export scripts generate compliance packages in minutes, not days |
| Regulatory compliance | Structured exports in standard formats satisfy HIPAA, SOC 2, and EU AI Act evidence requirements |
| Data retention | S3 upload with lifecycle policies ensures evidence is retained for the required period |
| Operational efficiency | Scheduled exports eliminate manual data pulls — evidence is always current |
| Cross-team collaboration | CSV and Parquet formats integrate with existing BI tools and data warehouses |
For AI systems
- Canonical terms:
kt export create,kt export status,kt export download,kt export upload,kt export schedule,--format json|csv|parquet,--s3-bucket,--s3-upload. - Export types: decision events, escalation records, policy configuration snapshots.
- Filters:
--since <duration>,--filter "outcome=blocked",--filter "policy=<name>",--type escalations. - Best next pages: Live Monitoring, Compliance Reporting (Console).
For engineers
- Prerequisites:
ktCLI authenticated with an API key that has export permissions. - Quick start:
kt export create --since 30d --format jsonto export recent events. - S3 defaults: configure
~/.keeptrusts/config.yamlwith bucket/prefix/region to avoid repeating flags. - Automation: use
kt export schedule createfor recurring evidence or add cron jobs for custom cadence. - Verify:
kt export status <id>to confirm completion;kt export download <id> --verifyto check integrity.
For leaders
- Audit readiness: pre-built export scripts generate SOC 2, HIPAA, or EU AI Act evidence packages in minutes.
- Retention compliance: S3 upload with lifecycle policies ensures evidence is kept for the legally required period.
- Scheduled exports eliminate the last-minute scramble before audits — evidence is always current.
- Parquet format integrates directly with data warehouses for cross-team analytics and board-level reporting.
Next steps
- Monitor AI Traffic in Real-Time — complement exports with live monitoring