Governance Session Builder

Build a richly-annotated AI decision trace with EU AI Act metadata, guardrail results, content safety flags, and human oversight records — using the fluent VeriproofSession API directly (no framework adapter required).

TypeScriptGovernanceNode.js ≥ 18

Prerequisites


npm install @veriproof/sdk-core

Environment


VERIPROOF_API_KEY=vp_cust_your-tenant.<key-material>
VERIPROOF_APPLICATION_ID=loan-decisioning

Complete example


import {
  VeriproofClient,
  VeriproofSdkOptions,
  DecisionContext,
  DecisionType,
  RiskLevel,
  SessionIntent,
  SessionOutcome,
  StepTags,
} from '@veriproof/sdk-core';
import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
 
// 1. Configure VeriProof once at startup (call this before any sessions)
const provider = new NodeTracerProvider();
const client = new VeriproofClient(
  VeriproofSdkOptions.createDevelopment({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: process.env.VERIPROOF_APPLICATION_ID!,
  }),
);
const { exporter } = client.configureTracing({
  serviceName: process.env.VERIPROOF_APPLICATION_ID!,
  tracerProvider: provider,
  setGlobal: true,
});
provider.register();
process.on('SIGTERM', async () => { await exporter.shutdown(); });
 
// ─── Build the governance session ───────────────────────────────────────────
 
const session = client.startSession(
  'loan-approval-decision',
  process.env.VERIPROOF_APPLICATION_ID,
  {
    sessionIntent: SessionIntent.Decision,
    decisionType: DecisionType.Approval,
    tags: ['loan-application', 'applicant:A-1042'],
  },
);
 
// ─── Step 1: Document extraction & validation ─────────────────────────────
 
session.addStep(
  'document-extraction',
  {
    input: JSON.stringify({ documentType: 'pay-stub', pageCount: 2 }),
    output: JSON.stringify({ extractedFields: ['grossIncome', 'employer', 'payPeriod'] }),
  },
  StepTags.retrieval(),
);
 
// ─── Step 2: Creditworthiness assessment ─────────────────────────────────
 
session.addStep(
  'credit-assessment',
  {
    input: JSON.stringify({ creditScore: 712, debtToIncomeRatio: 0.34 }),
    output: JSON.stringify({ recommendation: 'approve', confidence: 0.88 }),
  },
  StepTags.decision(),
);
session.setRiskLevel(RiskLevel.Low);
 
// ─── Step 3: Final decision ───────────────────────────────────────────────
 
session.addStep(
  'approval-decision',
  {
    output: JSON.stringify({
      summary: 'Loan approved: applicant meets income and credit thresholds.',
    }),
  },
  StepTags.decision(),
);
session
  .setDecision(
    DecisionContext.simple(
      'approve-loan',
      'Approved — applicant meets all thresholds',
    ).withRationale('Credit score 712, DTI 0.34 within policy limits.'),
  )
  .addRiskFactor({
    factor: 'debt-to-income-ratio',
    severity: 'medium',
    description: 'DTI of 0.34 is within acceptable range but above preferred threshold of 0.3.',
  })
  .setRiskLevel(RiskLevel.Medium);
 
// ─── Finalise session ─────────────────────────────────────────────────────
 
session.setOutcome(SessionOutcome.Success);
 
const result = await session.complete();
 
console.log('Session ID   :', result.sessionId);
console.log('Merkle root  :', result.merkleRoot);    // blockchain anchor hash
console.log('Span count   :', result.spanCount);

What you’ll see in VeriProof

Span	Key attributes
`session loan-approval-decision`	`veriproof.session.intent=decision`, `veriproof.decision.type=approval`
`step document-extraction`	`veriproof.step.type=retrieval`
`step credit-assessment`	`veriproof.step.type=decision`, `veriproof.risk.level=low`
`step approval-decision`	`veriproof.step.type=decision`, `veriproof.decision.chosen=Approved — applicant meets all thresholds`

The Merkle root returned in result.merkleRoot is anchored to the Solana blockchain — any subsequent tampering with the session data is cryptographically detectable.

The euAiActArticle and humanOversightType fields feed directly into VeriProof’s EU AI Act compliance evidence export. If your application is a high-risk AI system under Annex III, these fields are required for Article 9 conformity documentation.

Recording post-decision outcomes

Call setOutcomeRating() before complete() to attach an analyst rating to the session. Use this when a human reviewer has evaluated the AI’s decision quality:


import { OutcomeRating } from '@veriproof/sdk-core';
 
// Call before session.complete()
session.setOutcomeRating(OutcomeRating.Good, {
  note: 'Decision aligns with policy and supporting evidence.',
  groundTruthLabels: ['repaid-on-time'],
});
 
const result = await session.complete();

Next steps

TypeScript SDK Core reference — complete VeriproofSession API
SDK Instrumentation guide — manual span annotation reference
EU AI Act compliance — Article 9–17 evidence packaging