Issue Station
Sign In
Tools hereToolbox

langchain - ✅(Solved) Fix feat: EU AI Act compliance hooks for agent action logging and verifiable audit trails [1 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
langchain-ai/langchain#36617Fetched 2026-04-09 07:50:57
View on GitHub
Comments
1
Participants
2
Timeline
4
Reactions
0
Author
ascender1729ascender1729
Participants
ascender1729ascender1729org-membership-reviewer[bot]org-membership-reviewer[bot]
Timeline (top)
closed ×1commented ×1cross-referenced ×1labeled ×1

LangChain agents execute tool calls, chain steps, and autonomous decisions. When these agents are deployed in the EU (enforcement begins August 2, 2026), organizations must demonstrate compliance with the EU AI Act, including:

  • Article 10: Training data governance documentation
  • Article 11: Model lineage and technical documentation
  • Article 12: Automatic logging of agent actions (tamper-evident audit trails)
  • Article 43: Conformity assessment (self or third-party depending on risk category)
  • Annex V: Declaration of Conformity generation

Root Cause

LangChain agents execute tool calls, chain steps, and autonomous decisions. When these agents are deployed in the EU (enforcement begins August 2, 2026), organizations must demonstrate compliance with the EU AI Act, including:

  • Article 10: Training data governance documentation
  • Article 11: Model lineage and technical documentation
  • Article 12: Automatic logging of agent actions (tamper-evident audit trails)
  • Article 43: Conformity assessment (self or third-party depending on risk category)
  • Annex V: Declaration of Conformity generation

Fix Action

Fixed

PR fix notes

PR #41: feat: add 7 framework integration examples and 15 integration tests

Description (problem / solution / changelog)

Summary

Working integration examples for 7 major AI agent frameworks, each demonstrating the exact pattern proposed in the corresponding GitHub issue.

FrameworkExampleGitHub IssueTests
LangChainintegrations/examples/langchain_compliance.pylangchain-ai/langchain#366173
CrewAIintegrations/examples/crewai_compliance.pycrewAIInc/crewAI#53603
OpenAI Agentsintegrations/examples/openai_agents_compliance.pyopenai/openai-agents-python#28623
Semantic Kernelintegrations/examples/semantic_kernel_compliance.pymicrosoft/semantic-kernel#138531
Difyintegrations/examples/dify_compliance.pylanggenius/dify#347661
Google ADKintegrations/examples/google_adk_compliance.pygoogle/adk-python#52121
AWS Strandsintegrations/examples/strands_compliance.pystrands-agents/sdk-python#20963

All examples work without framework dependencies. 15 integration tests pass.

Test plan

  • All 7 examples run with exit code 0
  • 15 integration tests pass
  • 315 total tests pass (300 existing + 15 new)
  • No framework dependencies required
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

Summary by CodeRabbit

  • New Features

    • Added example integrations demonstrating compliance workflows for CrewAI, Dify, Google ADK, LangChain, OpenAI Agents, Semantic Kernel, and Strands frameworks.
    • Introduced bulk HTML report generation for multi-agent compliance summaries.
    • Added digital signature verification section to compliance reports.
    • Enhanced credential reporting with proof type and verification method details.

  • Tests

    • Added comprehensive integration tests for all supported framework integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Changed files

  • integrations/examples/crewai_compliance.py (added, +561/-0)
  • integrations/examples/dify_compliance.py (added, +376/-0)
  • integrations/examples/google_adk_compliance.py (added, +527/-0)
  • integrations/examples/langchain_compliance.py (added, +502/-0)
  • integrations/examples/openai_agents_compliance.py (added, +496/-0)
  • integrations/examples/semantic_kernel_compliance.py (added, +619/-0)
  • integrations/examples/strands_compliance.py (added, +634/-0)
  • services/report_service.py (modified, +214/-2)
  • tests/integration/test_framework_integrations.py (added, +413/-0)
  • tests/unit/test_report.py (modified, +118/-0)

Code Example

from langchain.callbacks import CallbackHandler
from services.identity_service import IdentityService
from services.provenance_service import ProvenanceService
from services.compliance_service import ComplianceService

class AttestixComplianceCallback(CallbackHandler):
    def on_tool_start(self, tool, input_str, **kwargs):
        # Log action to hash-chained audit trail (Article 12)
        self.provenance.log_action(
            agent_id=self.agent_id,
            action_type="inference",
            input_summary=input_str[:200],
        )
    
    def on_chain_end(self, outputs, **kwargs):
        # Verify compliance before returning output
        status = self.compliance.get_compliance_status(self.agent_id)
        if not status.get("compliant"):
            # Flag non-compliant outputs
            outputs["compliance_warning"] = status.get("missing", [])
RAW_BUFFERClick to expand / collapse

Context

LangChain agents execute tool calls, chain steps, and autonomous decisions. When these agents are deployed in the EU (enforcement begins August 2, 2026), organizations must demonstrate compliance with the EU AI Act, including:

  • Article 10: Training data governance documentation
  • Article 11: Model lineage and technical documentation
  • Article 12: Automatic logging of agent actions (tamper-evident audit trails)
  • Article 43: Conformity assessment (self or third-party depending on risk category)
  • Annex V: Declaration of Conformity generation

Problem

Currently there is no standardized way for a LangChain agent to:

  1. Prove its identity cryptographically (WHO made this decision?)
  2. Produce machine-verifiable compliance documentation (not PDFs)
  3. Log actions to a tamper-evident, hash-chained audit trail
  4. Attach EU AI Act risk classification metadata to agent outputs

Proposed Integration

An MCP-based compliance layer that hooks into LangChain's callback system:

from langchain.callbacks import CallbackHandler
from services.identity_service import IdentityService
from services.provenance_service import ProvenanceService
from services.compliance_service import ComplianceService

class AttestixComplianceCallback(CallbackHandler):
    def on_tool_start(self, tool, input_str, **kwargs):
        # Log action to hash-chained audit trail (Article 12)
        self.provenance.log_action(
            agent_id=self.agent_id,
            action_type="inference",
            input_summary=input_str[:200],
        )
    
    def on_chain_end(self, outputs, **kwargs):
        # Verify compliance before returning output
        status = self.compliance.get_compliance_status(self.agent_id)
        if not status.get("compliant"):
            # Flag non-compliant outputs
            outputs["compliance_warning"] = status.get("missing", [])

The output format is W3C Verifiable Credentials with Ed25519 signatures, meaning any system can independently verify the compliance evidence without trusting the agent.

Existing Implementation

This is available as an open-source MCP server with 47 tools: pip install attestix

  • 13 EU AI Act articles automated
  • W3C VC 1.1, W3C DID 1.0, UCAN v0.9.0
  • 291 tests (193 functional + 91 conformance benchmarks + 7 report tests)
  • Apache 2.0

GitHub: https://github.com/VibeTensor/attestix Docs: https://attestix.io/docs

extent analysis

TL;DR

Integrate the proposed AttestixComplianceCallback into LangChain agents to enable EU AI Act compliance features, such as cryptographically proving identity, producing machine-verifiable compliance documentation, and logging actions to a tamper-evident audit trail.

Guidance

  • Implement the AttestixComplianceCallback class, which hooks into LangChain's callback system, to log actions and verify compliance before returning output.
  • Utilize the attestix library, available via pip install attestix, to leverage its existing implementation of 13 EU AI Act articles and W3C Verifiable Credentials with Ed25519 signatures.
  • Review the documentation at https://attestix.io/docs to understand the usage and configuration of the AttestixComplianceCallback and the attestix library.
  • Ensure the LangChain agent is properly configured to use the AttestixComplianceCallback, including setting up the necessary services (e.g., IdentityService, ProvenanceService, ComplianceService).

Example

from langchain import Agent
from attestix.callbacks import AttestixComplianceCallback

# Create a LangChain agent with the AttestixComplianceCallback
agent = Agent(callbacks=[AttestixComplianceCallback()])

Notes

The proposed solution relies on the attestix library, which is available as an open-source MCP server with 47 tools. The library provides an implementation of 13 EU AI Act articles and supports W3C Verifiable Credentials with Ed25519 signatures.

Recommendation

Apply the AttestixComplianceCallback workaround to enable EU AI Act compliance features in LangChain agents, as it provides a standardized way to prove identity, produce machine-verifiable compliance documentation, and log actions to a tamper-evident audit trail.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#tool integration#LLM response#prompt template#agent execution#callback error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING