Phase 1 of Chron Intelligence is complete. Chron now supports four deterministic compliance frameworks for AI coding sessions — SOC 2, ISO 27001, EU AI Act, and NIST AI RMF — with the same finding workflow across all of them.
This post covers how the framework layer works, why we kept AI out of the execution path, and where it's going next.
The problem we are solving
AI coding tools now touch auth code, modify Terraform, handle credentials, change deployment pipelines, and update risk scoring logic. Most teams have no structured record of this. When an auditor asks "what did your AI assistant do to access-control code last quarter?" — the answer is usually silence.
Chron fixes the audit trail. The review layer turns that trail into compliance evidence.
How the review layer works
chron review --framework=soc2
chron review --framework=iso27001
chron review --framework=euaiact
chron review --framework=nist-ai-rmf
Each command scans your Chron session history and flags findings against the selected framework. No model inference. No API calls. Pure pattern matching on structured events Chron already captured — code_change, secret_detected, tool_call.
The rule engine is deterministic: a rule fires if the path contains a keyword or a secret was detected. That is the entire execution path. No model decides what counts.
Four frameworks, same workflow
SOC 2 — 5 rules
Controls: CC6.1, CC6.6, CC6.7, CC7.2, CC8.1
Covers AI touching access-control code, credential detection, infrastructure/deployment changes, logging/monitoring changes, and data retention logic.
ISO 27001:2022 Annex A — 6 rules
Controls: A.8.2, A.8.3, A.8.12, A.8.20, A.8.24, A.8.31
Covers privileged access changes, access restriction code, sensitive data in session, network security config, cryptographic code, and production environment files.
EU AI Act (Regulation 2024/1689) — 6 rules
Controls: Art. 9, Art. 10, Art. 12, Art. 13, Art. 14
Covers risk management/guardrails (Art. 9), data governance and sensitive data (Art. 10), record-keeping/audit logging (Art. 12), transparency/explainability code (Art. 13), and human oversight mechanisms (Art. 14).
NIST AI RMF 1.0 — 7 rules
Controls: GOVERN 1.1/1.2, GOVERN 6.1/6.2, MAP 1.1/5.1, MAP 3.5, MEASURE 2.1/2.5, MEASURE 2.7, MANAGE 2.2/4.1
Covers AI governance policy changes, human oversight code, risk assessment/threat modelling, sensitive data in session, model evaluation pipelines, monitoring/drift detection, and incident response/fallback code.
Finding workflow
Every finding has a stable SHA-256 ID — deterministic from rule_id:session_id. It does not change between runs. You act on it once:
chron review accept abc12345 --note="reviewed with security team, PR #512 approved"
chron review dismiss abc12345 --note="test fixture, not production code"
chron review resolve abc12345 --note="credential rotated, no commit exposure confirmed"
Next run, reviewed findings do not reappear as noise. New findings — from sessions since your last review — surface cleanly. --all shows everything including reviewed items.
HTML evidence report
chron review --framework=nist-ai-rmf --output=report.html
Generates a printable HTML report. Each framework produces the correct cover page: "NIST AI Risk Management Framework (AI RMF 1.0)", "not an AI RMF assessment", Article-specific methodology for EU AI Act, Annex A for ISO 27001. The disclaimer is always on page one: findings are potential review items, not violations.
Why no AI in the execution path
The obvious question: why not ask a model to evaluate findings?
Two reasons.
You cannot audit an AI's reasoning. If a model decides a finding is real or dismissed, there is no inspectable rule to challenge. Human-designed rules are reviewable, editable, and arguable. If a rule fires on a test fixture, you dismiss it with a note. If the rule is wrong, you open an issue.
Models overclaim. A model asked "does this violate CC6.1?" will give a confident-sounding answer. That answer is not evidence. A licensed CPA or ISO 27001 auditor needs to evaluate whether your controls were suitably designed and operated effectively — a judgement call that no model output replaces.
The constraint that keeps this trustworthy: AI explains, never decides. Rules execute deterministically. AI will eventually help generate evidence narratives and answer natural-language questions about your session history — but the findings themselves come from rules a human can read and reason about.
Honest coverage
Chron does not cover every control in any of these frameworks. A full SOC 2 examination covers CC1–CC5 (governance, communication, risk assessment) which require board records and policy documents — not session logs. NIST AI RMF has ~70 subcategories; Chron's rule pack touches 11 of them.
The honest architecture:
Chron today:
AI session evidence → targeted deterministic controls
Chron next:
AI session evidence + policy docs + CI/CD + repo evidence → broader coverage
Each control marked: covered / needs_evidence / manual_review / out_of_scope
CLAIIM:
organisation-wide evidence + approvals + policies → full governance workflow
Phase 2 adds control maps for every framework — so users can see exactly which controls Chron covers from session logs and which need additional evidence sources.
What's next
-
Control maps — full list of every control in each framework, classified as
covered,needs_evidence,manual_review, orout_of_scope - Session risk scoring — deterministic risk score at session close based on findings, severity, and code-change volume
-
chron risk --since=30d— top risky sessions, risk reasons, trend view - Multi-session pattern detection — repeated control triggers across sessions
- Evidence connect — bring in policy docs, CI/CD events, repo signals to unlock broader framework coverage
Try it
npm install -g chron-mcp
Already installed:
chron update
Add to Claude Code, Cursor, Windsurf, or any MCP-compatible tool. Run chron doctor to verify. Start a session. Then:
chron review --framework=nist-ai-rmf --output=report.html
204 tests. Four frameworks. One workflow. If you're handling AI governance questions in a SOC 2, ISO 27001, EU AI Act, or NIST AI RMF context — I'd like to hear what you're running into.

Top comments (0)