Tutorial: Exporting Compliance Evidence

This tutorial shows you how to use the kt export commands to generate compliance evidence packages from gateway decision events, filter by date range, policy, and team, choose output formats, set up recurring exports, and deliver artifacts to S3-compatible storage.

Use this page when

• You need to generate compliance evidence packages from gateway decision events.
• You are exporting events filtered by date range, policy, or team in CSV, JSON, or PDF format.
• You want to set up recurring scheduled exports to S3-compatible storage.
• You are preparing audit evidence for compliance reviews (SOC 2, HIPAA, ISO 27001).

Primary audience

• Primary: Compliance officers and security engineers producing audit evidence
• Secondary: Platform engineers automating recurring exports; legal teams requiring data retention artefacts

Prerequisites

• kt CLI installed (first-run tutorial)
• A running Keeptrusts API instance with historical events
• An API token with export permissions
• jq installed for JSON processing

How Exports Work

The Keeptrusts API runs background export jobs that:

1. Query decision events within your specified filters
2. Package the results into the requested format (CSV, JSON, or PDF)
3. Store the artifact for download or deliver it to an S3-compatible bucket
4. Record an audit trail entry for the export itself

Step 1: Set Up API Access

Configure the CLI to point at your Keeptrusts API:

export KEEPTRUSTS_API_URL="http://localhost:8080"
export KEEPTRUSTS_API_TOKEN="your-admin-token"

Step 2: Create a One-Time Export (JSON)

Export all events from the past 7 days as JSON:

kt export create \
  --from "2026-04-16T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format json

Expected output:

✓ Export job created
  Job ID:  exp_abc123
  Format:  json
  Status:  queued
  Range:   2026-04-16T00:00:00Z → 2026-04-23T23:59:59Z

Step 3: Check Export Status

Poll the export job until it completes:

kt export status --id exp_abc123

Expected output:

Export: exp_abc123
  Status:    completed
  Format:    json
  Records:   1,247
  File size: 2.3 MB
  Created:   2026-04-23T14:30:00Z
  Completed: 2026-04-23T14:30:12Z

Step 4: Download the Export

Download the completed artifact:

kt export download --id exp_abc123 --output compliance-report.json

Inspect the contents:

jq '.events | length' compliance-report.json
# Output: 1247

jq '.events[0] | {id, timestamp, model, policy, action, result}' compliance-report.json

Example event record:

{
  "id": "evt_d4e5f6",
  "timestamp": "2026-04-20T09:15:32Z",
  "model": "gpt-4o-mini",
  "policy": "pii-redaction",
  "action": "redact",
  "result": "modified"
}

Step 5: Export as CSV for Spreadsheet Review

Create a CSV export filtered to a specific policy:

kt export create \
  --from "2026-04-01T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format csv \
  --filter-policy "pii-redaction"

Download and inspect:

kt export download --id exp_def456 --output pii-audit.csv
head -5 pii-audit.csv

Expected output:

id,timestamp,model,policy,action,result,tokens,latency_ms
evt_a1b2c3,2026-04-02T08:12:00Z,gpt-4o-mini,pii-redaction,redact,modified,98,312
evt_d4e5f6,2026-04-02T09:45:00Z,gpt-4o-mini,pii-redaction,redact,modified,145,285
evt_g7h8i9,2026-04-03T11:20:00Z,gpt-4o,pii-redaction,redact,modified,210,401
evt_j0k1l2,2026-04-03T14:05:00Z,gpt-4o-mini,pii-redaction,redact,modified,87,290

Step 6: Filter by Team

Export events for a specific team:

kt export create \
  --from "2026-04-01T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format json \
  --filter-team "engineering"

Combine multiple filters:

kt export create \
  --from "2026-04-01T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format csv \
  --filter-team "engineering" \
  --filter-policy "content-filter"

Step 7: Export as PDF Report

Generate a formatted PDF evidence report:

kt export create \
  --from "2026-04-01T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format pdf \
  --title "Q2 2026 AI Compliance Report"

Download the PDF:

kt export download --id exp_ghi789 --output q2-compliance.pdf

Step 8: Deliver Exports to S3

Configure S3 delivery for automated artifact storage:

kt export create \
  --from "2026-04-01T00:00:00Z" \
  --to "2026-04-23T23:59:59Z" \
  --format json \
  --s3-bucket "compliance-artifacts" \
  --s3-prefix "keeptrusts/2026/q2/" \
  --s3-region "us-east-1"

Expected output:

✓ Export job created
  Job ID:    exp_s3_001
  Format:    json
  Delivery:  s3://compliance-artifacts/keeptrusts/2026/q2/
  Status:    queued

The export worker uploads the artifact directly to S3 and records the S3 URI in the job metadata.

Step 9: Schedule Recurring Exports

Set up a weekly recurring export for continuous compliance evidence:

kt export schedule \
  --name "weekly-compliance" \
  --cron "0 2 * * MON" \
  --window "7d" \
  --format json \
  --s3-bucket "compliance-artifacts" \
  --s3-prefix "keeptrusts/weekly/"

Expected output:

✓ Recurring export scheduled
  Name:     weekly-compliance
  Schedule: Every Monday at 02:00 UTC
  Window:   7 days
  Delivery: s3://compliance-artifacts/keeptrusts/weekly/

List scheduled exports:

kt export schedule list

Step 10: List and Clean Up Old Exports

View all export jobs:

kt export list --limit 10

Expected output:

ID           Format  Status     Records  Created
exp_abc123   json    completed  1,247    2026-04-23T14:30:00Z
exp_def456   csv     completed  312      2026-04-23T14:35:00Z
exp_ghi789   pdf     completed  1,247    2026-04-23T14:40:00Z
exp_s3_001   json    completed  1,247    2026-04-23T14:45:00Z

Delete an old export artifact:

kt export delete --id exp_abc123

Summary

• kt export create generates compliance evidence with date range, format, and filters
• Supported formats: JSON, CSV, and PDF
• Filter by --filter-policy and --filter-team for targeted evidence
• --s3-bucket delivers artifacts directly to S3-compatible storage
• kt export schedule automates recurring exports on a cron schedule
• Every export job is itself an auditable event in the system

For AI systems

• Canonical terms: Keeptrusts API, compliance export, decision events, export job, recurring schedule, S3 delivery.
• CLI commands: kt export create, kt export status --id <id>, kt export download --id <id>, kt export list, kt export schedule.
• Flags: --from, --to, --format (json, csv, pdf), --policy, --team, --s3-bucket, --schedule.
• Best next pages: Event Tailing, Escalation Workflows, DLP & Data Classification.

For engineers

• Prerequisites: kt CLI, running Keeptrusts API with historical events, admin API token, jq.
• Quick export: kt export create --from <start> --to <end> --format json creates a one-time job.
• Check status: kt export status --id exp_abc123 — wait for completed before downloading.
• Download: kt export download --id exp_abc123 --output report.json.
• S3 delivery: add --s3-bucket and --s3-prefix to deliver directly without manual download.
• Recurring: kt export schedule --interval weekly --format csv --s3-bucket <bucket> for automated compliance.

For leaders

• Automated exports reduce the manual effort of preparing compliance evidence for auditors.
• Recurring schedules ensure evidence is always up-to-date without human intervention.
• S3 delivery supports existing data retention and archival workflows.
• Export jobs themselves generate audit trail entries, providing tamper-evident evidence of when reports were produced.

Next steps

• Event Tailing — real-time debugging of events before export
• Escalation Workflows — include escalation records in compliance packages
• DLP & Data Classification — DLP events as compliance evidence