#✓ActProof
Events
ADOPTION PATHS / ACTPROOF EVENTSone source-bound profile · five practical uses · bounded claimspackage · JSON · NDJSON · OpenAPI · MCP-oriented manifests
Who uses it / how they use it / what not to overclaim

One package, five practical uses.

ActProof Events turns a regulatory profile into a reusable object that different teams can consume in different ways.

Compliance teams use it to prevalidate drafts. GRC builders use it as a public source-bound reference. Auditors use it to inspect mappings. AI agents use it as a callable grounding layer. Maintainers use it to build public profiles without turning law into private JSON.

Open live DORA profile →Machine-readable API →Agent contract →PyPI ↗
Compliancelint a draft
Buildersmap product schemas
Reviewerschallenge source basis
Agentscall safe endpoints
Maintainersship public profiles
01 / Compliance and regulatory teams

Prevalidate a draft before it reaches review.

For compliance, risk and regulatory reporting teams, ActProof is useful before the expensive review step. It identifies missing required fields, unknown fields, high-judgement fields, private fields and evidence expectations against the source-bound DORA profile.

Use it when you need to know whether a draft is structurally ready, not whether it is legally compliant.

pip install actproof-events

actproof-events lint-report \
  op:eu.dora.ict_incident_notification_initial.v1 \
  draft-report.json
What they get

A bounded readiness signal.

Missing required fields, high-interpretive fields, private disclosure tiers and evidence labels are surfaced before signing, timestamping, anchoring or submission preparation.

Pre-validation page →Example draft JSON →
02 / GRC and regtech builders

Use ActProof as the source-bound layer beneath the workflow.

GRC and regtech products already own forms, workflows, evidence queues, dashboards and case management. ActProof should sit underneath: a public profile object that product schemas can align against.

The goal is not to replace the workflow. The goal is to make the workflow explainable field by field.

JSONfrontend/data

Profile-view JSON.

Use /assets/data/dora.profile-view.json as the complete browser-ready profile projection.

NDJSONcrawl/index

Field streams.

Use /api/v1/profiles/dora/fields.ndjson and stream.ndjson for incremental field intelligence.

OpenAPIcontract

Integration surface.

Use /openapi.json to discover field-source and prevalidation contracts.

03 / Audit, assurance and review teams

Inspect the mapping, not only the outcome.

Auditors and reviewers need to know whether a regulatory data structure has a traceable source basis and where judgement entered. ActProof exposes field derivations, source atoms, review gates, hashes and boundary claims.

That makes the profile challengeable: a weak source locator, overbroad derivation, missing evidence label or unsupported claim can be discussed field by field.

Reviewers can inspect
  • field source basis and source atoms
  • binding granularity and release scope
  • review status and draft gates
  • semantic and artifact hashes
  • non-claims and boundaries
Reviewers should not infer
  • legal compliance certification
  • supervisory acceptance
  • factual correctness of submitted values
  • external legal review unless explicitly recorded
04 / AI-agent and MCP implementers

Give agents small, safe, recoverable calls.

AI agents should not scrape long PDFs or infer regulatory meaning from marketing pages. They should use compact machine-readable entrypoints that say what the service can answer, what it must not claim, and which call to make next.

For agents, ActProof is a bounded contract: explain a field, stream fields, lint a draft, prevalidate readiness.

GET /.well-known/agent-card.json
GET /llms.txt
GET /api/v1/profiles/dora/fields.ndjson
GET /api/v1/profiles/dora/fields/classification_criteria_triggered/source.json
GET /api/v1/profiles/dora/fields/classification_criteria_triggered/events.ndjson
Agent guidance

Preferred calls are explicit.

Agents can discover the service card, choose a field stream, request a specific field source explanation, and quote the built-in safe summary and boundary instead of inventing one.

Agent contract page →Agent JSON →
05 / Public-interest profile maintainers and standards groups

Build profiles that remain inspectable.

Machine-readable regulation should not become private, unreviewable JSON controlled by individual vendors. Public-interest maintainers can reuse the ActProof model to publish source atoms, field derivations, profile-view projections and review gates.

Schemasource_atoms.v1

Name the source units.

Articles, template fields, glossary entries, classification criteria and obligation contexts become discrete source atoms.

Schemafield_derivations.v1

Show the mapping decision.

Every operational field can carry derivation type, source atoms, review gate, release scope and non-claims.

Exportprofile_view.v1

Publish the projection.

The same profile can feed a website, API, NDJSON stream, MCP manifest, audit pack or local verifier.

06 / Field names and external schemas

ActProof field IDs are reference anchors, not universal market names.

External systems may call the same DORA concept by different names. ActProof does not require anyone to rename their fields. It provides stable, source-bound profile-local identifiers that other schemas can map to.

Map by source atoms, template locators, evidence expectations and meaning — not by field name alone.

Use the IDs for
  • reference mapping across internal and vendor schemas
  • agent grounding and field-source explanations
  • reviewing whether a field is required, contextual or interpretive
  • future schema-comparison workflows
Do not claim
  • ActProof names are universal
  • external systems must adopt the same names
  • an unmapped field is irrelevant
  • the profile is exhaustive or regulator-approved
Field mapping page →Mapping guidance JSON →
06 / Same object, different surfaces

The DORA profile travels without changing shape.

ActProof is most useful when the same source-bound object can be read by people, packages, agents and review tools without rewriting the underlying claim.

SurfaceBest forEntry point
Python packagereproducible generation and local checkspip install actproof-events
CLIdeveloper, compliance and CI checksactproof-events lint-report …
Profile-view JSONwebsites, audit packs and dashboards/assets/data/dora.profile-view.json
NDJSON streamsagents, crawlers and indexing/api/v1/profiles/dora/stream.ndjson
OpenAPIintegration tooling/openapi.json
MCP manifeststool-using AI systems/.well-known/mcp.json
Live frontendhuman field inspection/profiles/dora/live/
07 / Boundary

Useful because it refuses to pretend.

ActProof Events should be used as a source-bound profile and pre-validation layer. It should not be used as a legal opinion, compliance certificate, reporting gateway, evidence storage system, incident-response platform, or proof that a submitted value is factually correct.

Use ActProof for
  • field-source explanations
  • draft structure checks
  • schema alignment and review
  • agent grounding and safe summaries
  • public profile maintenance
Do not use ActProof for
  • legal advice or certification
  • supervisory submission
  • factual verification of incident values
  • evidence storage or case management
  • claiming native MCP runtime unless explicitly shipped

Use the layer that fits your role.

The same source-bound profile gives each audience a different operational surface without changing the underlying evidence object.

Live DORA profile →Compliance pre-validation →API and agent surfaces →Reviewer path →Catalogue →