iris-security-core 0.1.0__py3-none-any.whl

iris_core/__init__.py

@@ -0,0 +1,33 @@
+"""
+iris-core: shared Cedar evaluation engine, policy types, and CRD schemas.
+This package is the foundation for all IRIS SDKs and runs fully local.
+No network access required. Cedar evaluation is in-process.
+"""
+
+# ── Package version ────────────────────────────────────────────────────────────
+__version__ = "0.1.0"
+
+# ── Public API ─────────────────────────────────────────────────────────────────
+from iris_core.models.passport import AgentPassport, DataClassification, Environment
+from iris_core.models.policy import PolicyResult, Violation, Severity
+from iris_core.models.region import RegionPolicy, EndpointRegionMap, TransferRule
+from iris_core.engine.cedar import CedarEngine
+from iris_core.engine.compiler import PolicyCompiler
+from iris_core.compliance.registry import ComplianceRegistry
+from iris_core.evidence.vault import EvidenceVault
+
+__all__ = [
+    "AgentPassport",
+    "DataClassification",
+    "Environment",
+    "PolicyResult",
+    "Violation",
+    "Severity",
+    "RegionPolicy",
+    "EndpointRegionMap",
+    "TransferRule",
+    "CedarEngine",
+    "PolicyCompiler",
+    "ComplianceRegistry",
+    "EvidenceVault",
+]

iris_core/compliance/bundles/colorado_ai_act.py

@@ -0,0 +1,162 @@
+"""
+Colorado AI Act (SB 24-205) Compliance Bundle.
+Effective: July 1, 2026.
+
+This is the IRIS launch headline compliance bundle. Colorado SB 24-205
+is the first US state law specifically governing high-risk AI systems.
+IRIS is the first developer tool that ships Colorado AI Act compliance
+out of the box.
+
+Key obligations for high-risk AI developers:
+  1. Inventory: know what high-risk AI systems you are deploying
+     → Satisfied by: AgentPassport with is_high_risk_ai=True
+  2. Impact assessment: assess risk before deployment
+     → Satisfied by: Evidence Vault impact assessment entry
+  3. Transparency: disclose AI use to affected consumers
+     → Satisfied by: policy-intent.md transparency disclosure
+  4. Opt-out: allow consumers to opt out of consequential decisions
+     → Satisfied by: user_consent_logged context field
+  5. Non-discrimination: AI must not discriminate on protected characteristics
+     → Satisfied by: Dynamic Guardrail Engine (Phase 2)
+  6. Annual review: high-risk systems must be reviewed annually
+     → Satisfied by: Evidence Vault review schedule
+
+What counts as "high-risk" under the Act:
+  - Consequential decisions in: education, employment, financial services,
+    government, healthcare, housing, insurance, legal services
+  - Systems that make or substantially assist in decisions affecting these domains
+"""
+
+from __future__ import annotations
+from typing import List, Dict, Any
+
+
+COLORADO_AI_ACT_RULES: Dict[str, Any] = {
+    "bundle_id": "colorado-ai-act",
+    "full_name": "Colorado AI Act (SB 24-205)",
+    "effective_date": "2026-07-01",
+    "jurisdiction": "Colorado, USA",
+    "iris_version": "0.1.0",
+    "rules": [
+        {
+            "rule_id": "CO-001",
+            "name": "High-risk AI inventory",
+            "severity": "CRITICAL",
+            "description": (
+                "Developers of high-risk AI systems must maintain an inventory "
+                "of all deployed systems."
+            ),
+            "iris_control": "AgentPassport.is_high_risk_ai = True",
+            "how_iris_satisfies": (
+                "Every agent with is_high_risk_ai=True is automatically inventoried "
+                "in the IRIS agent registry with full provenance."
+            ),
+            "check": "passport.is_high_risk_ai == True and passport.agent_id is not None",
+        },
+        {
+            "rule_id": "CO-002",
+            "name": "Impact assessment required",
+            "severity": "CRITICAL",
+            "description": (
+                "High-risk AI systems must have a completed impact assessment "
+                "before production deployment."
+            ),
+            "iris_control": "EvidenceVault.impact_assessment entry",
+            "how_iris_satisfies": (
+                "IRIS generates and records impact assessments in the Evidence Vault. "
+                "Production deployment is blocked until the assessment is complete."
+            ),
+            "check": "passport.evidence_vault_id is not None",
+        },
+        {
+            "rule_id": "CO-003",
+            "name": "Transparency disclosure",
+            "severity": "HIGH",
+            "description": (
+                "Consumers must be informed when AI systems make or substantially "
+                "assist in consequential decisions affecting them."
+            ),
+            "iris_control": "policy-intent.md transparency disclosure",
+            "how_iris_satisfies": (
+                "IRIS auto-generates a policy-intent.md for every agent that serves "
+                "as the Colorado AI Act transparency disclosure. "
+                "It is committed to the GitOps repo and versioned."
+            ),
+            "check": "passport.intent_ref is not None",
+        },
+        {
+            "rule_id": "CO-004",
+            "name": "Consumer opt-out",
+            "severity": "HIGH",
+            "description": (
+                "Consumers must be able to opt out of consequential AI decisions "
+                "and request human review."
+            ),
+            "iris_control": "context.user_consent_logged = True + HITL gate",
+            "how_iris_satisfies": (
+                "IRIS enforces user_consent_logged context for agents handling "
+                "consequential decisions. The HITL gate provides the human review path."
+            ),
+            "check": "context.user_consent_logged == True for consequential actions",
+        },
+        {
+            "rule_id": "CO-005",
+            "name": "Non-discrimination",
+            "severity": "CRITICAL",
+            "description": (
+                "High-risk AI systems must not discriminate against consumers "
+                "based on protected characteristics."
+            ),
+            "iris_control": "Dynamic Guardrail Engine (Phase 2)",
+            "how_iris_satisfies": (
+                "Phase 2: IRIS Dynamic Guardrail Engine monitors agent outputs "
+                "for discriminatory patterns and blocks non-compliant responses."
+            ),
+            "check": "dynamic_guardrail.discrimination_check == PASS",
+            "phase": 2,
+        },
+        {
+            "rule_id": "CO-006",
+            "name": "Annual review",
+            "severity": "MEDIUM",
+            "description": (
+                "High-risk AI systems must be reviewed and re-assessed annually."
+            ),
+            "iris_control": "EvidenceVault.review_schedule",
+            "how_iris_satisfies": (
+                "IRIS tracks the last_reviewed_at date on the AgentPassport and "
+                "alerts the security engineer when an annual review is due."
+            ),
+            "check": "passport.last_reviewed_at within 365 days",
+        },
+    ],
+    "high_risk_domains": [
+        "education",
+        "employment",
+        "financial_services",
+        "government",
+        "healthcare",
+        "housing",
+        "insurance",
+        "legal_services",
+    ],
+    "iris_coverage": {
+        "phase_1": ["CO-001", "CO-002", "CO-003", "CO-004", "CO-006"],
+        "phase_2": ["CO-005"],
+        "coverage_percent_phase_1": 83,
+        "coverage_percent_phase_2": 100,
+    }
+}
+
+
+def get_colorado_rules() -> Dict[str, Any]:
+    return COLORADO_AI_ACT_RULES
+
+
+def get_phase_1_rules() -> List[Dict[str, Any]]:
+    phase_1_ids = COLORADO_AI_ACT_RULES["iris_coverage"]["phase_1"]
+    return [r for r in COLORADO_AI_ACT_RULES["rules"] if r["rule_id"] in phase_1_ids]
+
+
+def is_high_risk_domain(domain: str) -> bool:
+    return domain.lower().replace(" ", "_") in COLORADO_AI_ACT_RULES["high_risk_domains"]

iris_core/compliance/bundles/gdpr.py

@@ -0,0 +1,168 @@
+"""
+GDPR compliance bundle — full rule set (IRIS Pro).
+
+General Data Protection Regulation (EU) 2016/679.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Dict, List
+
+from iris_core.compliance.license import require_license
+from iris_core.models.passport import AgentPassport
+from iris_core.models.policy import Severity, Violation
+
+
+GDPR_RULES: List[Dict[str, Any]] = [
+    {
+        "rule_id": "GDPR-001",
+        "name": "Lawful basis for processing",
+        "severity": "CRITICAL",
+        "description": (
+            "Personal data processing requires a lawful basis such as "
+            "consent or legitimate interest."
+        ),
+        "iris_control": "context.user_consent_logged + passport.consent_basis",
+        "how_iris_satisfies": (
+            "IRIS enforces user_consent_logged for consequential processing and "
+            "records the declared lawful basis on the AgentPassport."
+        ),
+        "check": "context.user_consent_logged == True or passport.consent_basis is declared",
+        "article_reference": "Article 6",
+    },
+    {
+        "rule_id": "GDPR-002",
+        "name": "Data minimization",
+        "severity": "HIGH",
+        "description": "Only collect and process personal data that is necessary.",
+        "iris_control": "ToolPermission.data_classifications_allowed",
+        "how_iris_satisfies": (
+            "IRIS scopes tool permissions to declared data classifications "
+            "and blocks undeclared data access at runtime."
+        ),
+        "check": "len(passport.tool_permissions) > 0 and all tools have scoped classifications",
+        "article_reference": "Article 5(1)(c)",
+    },
+    {
+        "rule_id": "GDPR-003",
+        "name": "Purpose limitation",
+        "severity": "HIGH",
+        "description": "Data must be used only for the declared processing purpose.",
+        "iris_control": "policy-intent.md processing purpose",
+        "how_iris_satisfies": (
+            "IRIS binds policy-intent.md as the declared purpose and flags Cedar "
+            "drift when runtime actions exceed that purpose."
+        ),
+        "check": "passport.intent_ref is not None",
+        "article_reference": "Article 5(1)(b)",
+    },
+    {
+        "rule_id": "GDPR-004",
+        "name": "Storage limitation",
+        "severity": "MEDIUM",
+        "description": "A retention period must be declared for personal data.",
+        "iris_control": "EvidenceVault.retention_policy",
+        "how_iris_satisfies": (
+            "IRIS requires a retention policy entry in the Evidence Vault before "
+            "production deployment for agents processing personal data."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "Article 5(1)(e)",
+    },
+    {
+        "rule_id": "GDPR-005",
+        "name": "Cross-border transfer restrictions",
+        "severity": "CRITICAL",
+        "description": (
+            "Transfers of personal data outside the EU require adequacy, SCCs, "
+            "or another Chapter 5 mechanism."
+        ),
+        "iris_control": "RegionPolicy.restricted_transfers",
+        "how_iris_satisfies": (
+            "IRIS RegionPolicy blocks EU→China and EU→non-adequacy destinations; "
+            "allows EU→US (SCCs), EU→UK, EU→Canada."
+        ),
+        "check": "cross_region_transfer complies with adequacy/SCC rules",
+        "article_reference": "Chapter V (Articles 44–49)",
+        "restricted_transfers": ["EU→China", "EU→non-adequacy"],
+        "allowed_transfers": ["EU→US (SCCs)", "EU→UK", "EU→Canada"],
+    },
+    {
+        "rule_id": "GDPR-006",
+        "name": "Right to erasure",
+        "severity": "HIGH",
+        "description": "Agents must support data deletion requests (right to be forgotten).",
+        "iris_control": "AgentPassport.supports_data_deletion",
+        "how_iris_satisfies": (
+            "IRIS requires agents handling personal data to declare deletion "
+            "capability and routes erasure requests through the Evidence Vault."
+        ),
+        "check": "passport supports data deletion workflow",
+        "article_reference": "Article 17",
+    },
+    {
+        "rule_id": "GDPR-007",
+        "name": "Data breach notification",
+        "severity": "CRITICAL",
+        "description": "An incident response plan is required for personal data breaches.",
+        "iris_control": "EvidenceVault.incident_response_plan",
+        "how_iris_satisfies": (
+            "IRIS links each governed agent to an incident response plan in the "
+            "Evidence Vault and alerts on breach indicators."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "Articles 33–34",
+    },
+    {
+        "rule_id": "GDPR-008",
+        "name": "Privacy by design",
+        "severity": "HIGH",
+        "description": "Data classification must be declared before processing personal data.",
+        "iris_control": "AgentPassport.data_classification",
+        "how_iris_satisfies": (
+            "IRIS requires an explicit data_classification on every AgentPassport "
+            "and enforces classification-appropriate controls at runtime."
+        ),
+        "check": "passport.data_classification is declared (not default-only for PII agents)",
+        "article_reference": "Article 25",
+    },
+]
+
+GDPR_BUNDLE: Dict[str, Any] = {
+    "bundle_id": "gdpr",
+    "full_name": "General Data Protection Regulation (GDPR)",
+    "jurisdiction": "European Union",
+    "iris_version": "0.1.0",
+    "rules": GDPR_RULES,
+}
+
+
+def get_gdpr_rules() -> Dict[str, Any]:
+    require_license("gdpr")
+    return GDPR_BUNDLE
+
+
+def check_gdpr_passport(passport: AgentPassport) -> List[Violation]:
+    """Runtime passport checks for GDPR rules (Phase 1)."""
+    violations: List[Violation] = []
+    if passport.intent_ref is None:
+        violations.append(
+            Violation(
+                rule_id="GDPR-003",
+                severity=Severity.HIGH,
+                message=f"Agent '{passport.name}' has no declared processing purpose (policy-intent.md).",
+                compliance_refs=["gdpr:article-5-purpose-limitation"],
+                remediation=f"Run: iris policy compile --agent {passport.name}",
+            )
+        )
+    if passport.evidence_vault_id is None:
+        violations.append(
+            Violation(
+                rule_id="GDPR-004",
+                severity=Severity.MEDIUM,
+                message=f"Agent '{passport.name}' has no retention policy in the Evidence Vault.",
+                compliance_refs=["gdpr:article-5-storage-limitation"],
+                remediation=f"Run: iris evidence init --agent {passport.name}",
+            )
+        )
+    return violations

iris_core/compliance/bundles/hipaa.py

@@ -0,0 +1,156 @@
+"""
+HIPAA compliance bundle — full rule set (IRIS Pro).
+
+Health Insurance Portability and Accountability Act (US).
+"""
+
+from __future__ import annotations
+
+from typing import Any, Dict, List
+
+from iris_core.compliance.license import require_license
+from iris_core.models.passport import AgentPassport, DataClassification
+from iris_core.models.policy import Severity, Violation
+
+
+HIPAA_RULES: List[Dict[str, Any]] = [
+    {
+        "rule_id": "HIPAA-001",
+        "name": "PHI access controls",
+        "severity": "CRITICAL",
+        "description": "Only authorized agents may access protected health information (PHI).",
+        "iris_control": "AgentPassport.tool_permissions + data_classification=phi",
+        "how_iris_satisfies": (
+            "IRIS blocks any agent without PHI classification and declared tool "
+            "permissions from accessing PHI-classified resources."
+        ),
+        "check": "passport.data_classification == phi and tool_permissions declared",
+        "article_reference": "45 CFR §164.312(a)(1)",
+    },
+    {
+        "rule_id": "HIPAA-002",
+        "name": "Audit controls",
+        "severity": "CRITICAL",
+        "description": "All PHI access must be logged.",
+        "iris_control": "EvidenceVault.audit_log",
+        "how_iris_satisfies": (
+            "IRIS records every PHI access attempt in the Evidence Vault audit trail "
+            "with agent identity, action, and timestamp."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "45 CFR §164.312(b)",
+    },
+    {
+        "rule_id": "HIPAA-003",
+        "name": "Transmission security",
+        "severity": "CRITICAL",
+        "description": "PHI must not leave approved geographic regions.",
+        "iris_control": "RegionPolicy + passport.allowed_regions",
+        "how_iris_satisfies": (
+            "IRIS RegionPolicy enforces approved regions for PHI and blocks "
+            "cross-region transfers outside the declared allowlist."
+        ),
+        "check": "destination_region in passport.allowed_regions",
+        "article_reference": "45 CFR §164.312(e)(1)",
+    },
+    {
+        "rule_id": "HIPAA-004",
+        "name": "Minimum necessary",
+        "severity": "HIGH",
+        "description": "Agents may access only the minimum PHI required for the task.",
+        "iris_control": "ToolPermission.allowed_actions scoped to minimum",
+        "how_iris_satisfies": (
+            "IRIS enforces least-privilege tool permissions so agents cannot "
+            "access PHI fields beyond their declared scope."
+        ),
+        "check": "len(passport.tool_permissions) > 0",
+        "article_reference": "45 CFR §164.502(b)",
+    },
+    {
+        "rule_id": "HIPAA-005",
+        "name": "Business Associate Agreement",
+        "severity": "CRITICAL",
+        "description": "A BAA is required for any processor handling PHI on your behalf.",
+        "iris_control": "EvidenceVault.baa_on_file",
+        "how_iris_satisfies": (
+            "IRIS tracks BAA status in the Evidence Vault and blocks production "
+            "deployment until a signed BAA is recorded for PHI processors."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "45 CFR §164.502(e)",
+    },
+    {
+        "rule_id": "HIPAA-006",
+        "name": "Breach notification",
+        "severity": "CRITICAL",
+        "description": "PHI breaches must be reported within 60 days.",
+        "iris_control": "EvidenceVault.breach_notification_plan",
+        "how_iris_satisfies": (
+            "IRIS links PHI agents to a breach notification plan and triggers "
+            "alerts when breach indicators are detected."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "45 CFR §164.410",
+    },
+    {
+        "rule_id": "HIPAA-007",
+        "name": "De-identification",
+        "severity": "HIGH",
+        "description": "PHI must be de-identified when full identifiers are not required.",
+        "iris_control": "policy de-identification requirement in policy-intent.md",
+        "how_iris_satisfies": (
+            "IRIS policy compiler flags intents that retain full PHI identifiers "
+            "when de-identified data would suffice."
+        ),
+        "check": "passport.intent_ref is not None",
+        "article_reference": "45 CFR §164.514",
+    },
+]
+
+HIPAA_BUNDLE: Dict[str, Any] = {
+    "bundle_id": "hipaa",
+    "full_name": "HIPAA Security & Privacy Rule",
+    "jurisdiction": "United States",
+    "iris_version": "0.1.0",
+    "rules": HIPAA_RULES,
+}
+
+
+def get_hipaa_rules() -> Dict[str, Any]:
+    require_license("hipaa")
+    return HIPAA_BUNDLE
+
+
+def check_hipaa_passport(passport: AgentPassport) -> List[Violation]:
+    violations: List[Violation] = []
+    if passport.data_classification != DataClassification.PHI:
+        violations.append(
+            Violation(
+                rule_id="HIPAA-001",
+                severity=Severity.CRITICAL,
+                message=f"Agent '{passport.name}' handles health data but is not classified as PHI.",
+                compliance_refs=["hipaa:164.312-access-control"],
+                remediation="Set data_classification: phi on passport.yaml",
+            )
+        )
+    if passport.evidence_vault_id is None:
+        violations.append(
+            Violation(
+                rule_id="HIPAA-002",
+                severity=Severity.CRITICAL,
+                message=f"Agent '{passport.name}' has no audit log (Evidence Vault).",
+                compliance_refs=["hipaa:164.312-audit"],
+                remediation=f"Run: iris evidence init --agent {passport.name}",
+            )
+        )
+    if not passport.tool_permissions:
+        violations.append(
+            Violation(
+                rule_id="HIPAA-004",
+                severity=Severity.HIGH,
+                message=f"Agent '{passport.name}' has no minimum-necessary tool permissions declared.",
+                compliance_refs=["hipaa:164.502-minimum-necessary"],
+                remediation="Declare tool_permissions in passport.yaml",
+            )
+        )
+    return violations

iris_core/compliance/bundles/soc2.py

@@ -0,0 +1,156 @@
+"""
+SOC 2 Type II compliance bundle — full rule set (IRIS Pro).
+
+AICPA Trust Services Criteria (Security, Availability).
+"""
+
+from __future__ import annotations
+
+from typing import Any, Dict, List
+
+from iris_core.compliance.license import require_license
+from iris_core.models.passport import AgentPassport
+from iris_core.models.policy import Severity, Violation
+
+
+SOC2_RULES: List[Dict[str, Any]] = [
+    {
+        "rule_id": "SOC2-CC6.1",
+        "name": "Logical access controls",
+        "severity": "CRITICAL",
+        "description": "Agents must have declared permissions before accessing resources.",
+        "iris_control": "AgentPassport.tool_permissions",
+        "how_iris_satisfies": (
+            "IRIS blocks undeclared tool access at runtime — only tools listed "
+            "in tool_permissions are permitted."
+        ),
+        "check": "len(passport.tool_permissions) > 0",
+        "article_reference": "CC6.1",
+    },
+    {
+        "rule_id": "SOC2-CC6.2",
+        "name": "Authentication",
+        "severity": "CRITICAL",
+        "description": "Agent identity must be verified and attributable.",
+        "iris_control": "AgentPassport.agent_id + owner",
+        "how_iris_satisfies": (
+            "Every AgentPassport has a unique agent_id and declared owner for "
+            "full attribution in audit logs."
+        ),
+        "check": "passport.agent_id is not None and passport.owner is not None",
+        "article_reference": "CC6.2",
+    },
+    {
+        "rule_id": "SOC2-CC6.3",
+        "name": "Authorization",
+        "severity": "HIGH",
+        "description": "Least privilege — agents may use only declared tools.",
+        "iris_control": "ToolPermission.allowed_actions",
+        "how_iris_satisfies": (
+            "IRIS Cedar policies enforce least privilege from declared "
+            "tool_permissions; undeclared tools are denied."
+        ),
+        "check": "all runtime tools ⊆ passport.tool_permissions",
+        "article_reference": "CC6.3",
+    },
+    {
+        "rule_id": "SOC2-CC7.1",
+        "name": "System monitoring",
+        "severity": "CRITICAL",
+        "description": "All agent actions must be logged.",
+        "iris_control": "EvidenceVault.audit_log",
+        "how_iris_satisfies": (
+            "IRIS Evidence Vault captures every policy evaluation and agent "
+            "action with full provenance."
+        ),
+        "check": "passport.evidence_vault_id is not None",
+        "article_reference": "CC7.1",
+    },
+    {
+        "rule_id": "SOC2-CC7.2",
+        "name": "Anomaly detection",
+        "severity": "HIGH",
+        "description": "Policy violations must trigger alerts.",
+        "iris_control": "ViolationAction.notify channels",
+        "how_iris_satisfies": (
+            "IRIS routes CRITICAL and HIGH violations to configured notify "
+            "channels (Slack, PagerDuty, email)."
+        ),
+        "check": "violations trigger configured alerts",
+        "article_reference": "CC7.2",
+    },
+    {
+        "rule_id": "SOC2-CC8.1",
+        "name": "Change management",
+        "severity": "HIGH",
+        "description": "Policy changes must go through GitOps PR review.",
+        "iris_control": "policy-intent.md + policy.cedar in GitOps repo",
+        "how_iris_satisfies": (
+            "IRIS treats policy-intent.md as source of truth; Cedar is compiled "
+            "output committed via PR. Direct Cedar edits flag intent drift."
+        ),
+        "check": "passport.intent_ref is not None and passport.policy_ref is not None",
+        "article_reference": "CC8.1",
+    },
+    {
+        "rule_id": "SOC2-A1.1",
+        "name": "Availability",
+        "severity": "MEDIUM",
+        "description": "Agents must have defined error handling for production availability.",
+        "iris_control": "policy-intent.md error handling section",
+        "how_iris_satisfies": (
+            "IRIS policy compiler validates that policy-intent.md documents "
+            "error handling before production deployment."
+        ),
+        "check": "passport.intent_ref is not None",
+        "article_reference": "A1.1",
+    },
+]
+
+SOC2_BUNDLE: Dict[str, Any] = {
+    "bundle_id": "soc2",
+    "full_name": "SOC 2 Type II",
+    "jurisdiction": "Global (AICPA TSC)",
+    "iris_version": "0.1.0",
+    "rules": SOC2_RULES,
+}
+
+
+def get_soc2_rules() -> Dict[str, Any]:
+    require_license("soc2")
+    return SOC2_BUNDLE
+
+
+def check_soc2_passport(passport: AgentPassport) -> List[Violation]:
+    violations: List[Violation] = []
+    if not passport.tool_permissions:
+        violations.append(
+            Violation(
+                rule_id="SOC2-CC6.1",
+                severity=Severity.CRITICAL,
+                message=f"Agent '{passport.name}' has no declared logical access permissions.",
+                compliance_refs=["soc2:CC6.1"],
+                remediation="Declare tool_permissions in passport.yaml",
+            )
+        )
+    if not passport.owner:
+        violations.append(
+            Violation(
+                rule_id="SOC2-CC6.2",
+                severity=Severity.CRITICAL,
+                message=f"Agent '{passport.name}' has no verified owner identity.",
+                compliance_refs=["soc2:CC6.2"],
+                remediation="Set owner on passport.yaml",
+            )
+        )
+    if passport.evidence_vault_id is None:
+        violations.append(
+            Violation(
+                rule_id="SOC2-CC7.1",
+                severity=Severity.CRITICAL,
+                message=f"Agent '{passport.name}' has no system monitoring (Evidence Vault).",
+                compliance_refs=["soc2:CC7.1"],
+                remediation=f"Run: iris evidence init --agent {passport.name}",
+            )
+        )
+    return violations