{"slug": "tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend", "title": "Tracepath — I Built an AI Agent Audit Middleware in One Weekend", "summary": "A developer built Tracepath, an open-source middleware that makes AI agents auditable, traceable, and compliant with regulations like the EU AI Act and FINRA. The tool intercepts every tool call, signs it with Ed25519, checks it against OPA policies, stores it in an immutable WORM log, and monitors for anomalies in real-time. It features a dashboard with tabs for Audit, Incidents, Policies, Reports, and Gemini for semantic incident classification.", "body_md": "*This is a submission for Weekend Challenge: Passion Edition*\n\n**Tracepath** is an open-source middleware that makes any AI agent — LangChain, CrewAI, AutoGen, or your own — **auditable, traceable, and compliant** with regulations like the EU AI Act and FINRA.\n\nIt's a full audit stack you can spin up with a single `docker compose up`\n\n. Every tool call your agent makes gets intercepted, signed with Ed25519, checked against OPA policies, stored in an immutable WORM log, and monitored in real-time for anomalies.\n\n\"Can you audit what your agents did yesterday?\"— Tracepath answers that.\n\nFive tabs: **Audit** (event trail), **Incidents** (real-time detection), **Policies** (versioned OPA rules with diff & rollback), **Reports** (FINRA & EU AI Act compliance), and **Gemini** (semantic incident classification).\n\nI didn't start in AI. I started in **security**.\n\nWhen I began working in tech, I specialized in web application security — OWASP Top 10, XSS, CSRF, DoS attacks. I spent years thinking about how to **control** what applications do, how to prevent them from being abused, how to draw a boundary between \"allowed\" and \"denied.\"\n\nThen AI happened. And I fell in love with building agents — autonomous systems that can reason, use tools, and make decisions. But the security part of my brain wouldn't shut up:\n\n**That's the passion.** Marrying the two halves of my career: the security engineer who says \"trust nothing, verify everything\" and the AI builder who wants agents to be powerful and autonomous.\n\nThe EU AI Act was the spark. When I read Article 50 — the requirement for high-risk AI systems to maintain logs and enable human oversight — I realized: *this is exactly what I spent years doing for web apps, but nobody's built it for AI agents yet.*\n\nSo I built it. In one weekend. Because that's what passion does — it makes you forget to sleep.\n\n*Quick tour of all five dashboard tabs: Audit, Incidents, Policies, Reports, and Gemini.*\n\n```\ngit clone https://github.com/nujovich/tracepath.git\ncd tracepath/docker\nAUDIT_SIGNING_KEY=$(openssl rand -hex 32) docker compose up -d\n```\n\nThen open `http://localhost:3000`\n\n. You'll see:\n\n| Tab | What it shows |\n|---|---|\nAudit |\nEvery tool call signed, policy-checked, stored in PostgreSQL + MinIO WORM |\nIncidents |\nReal-time detection: denial spikes, budget overruns, suspicious patterns, rate limit breaches |\nPolicies |\nGit-based OPA versioning with visual diff and one-click rollback |\nReports |\nOne-click FINRA and EU AI Act compliance reports |\nGemini |\nGoogle Gemini 2.5 Flash classifying incidents — \"this is a misconfiguration, not an attack\" |\n\n```\ncurl -X POST http://localhost:9001/audit/step \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"session_id\":\"demo\",\"agent_id\":\"researcher\",\"agent_type\":\"researcher\",\n    \"step_number\":1,\"tool_name\":\"web_search\",\n    \"tool_input\":{\"q\":\"EU AI Act Article 50\"},\n    \"tool_output\":{\"results\":3},\"cost_cents\":5,\n    \"timestamp\":\"2026-07-12T12:00:00Z\"\n  }'\n# → {\"status\":\"recorded\",\"signature\":\"<ed25519>\",\"policy_decision\":{\"allowed\":true,\"denials\":[]}}\n```\n\nEvery event is:\n\n**Auditable multi-agent middleware for AI governance.** Make any agent framework (LangChain, CrewAI, AutoGen, LangGraph) compliant with EU AI Act, FINRA, and SOC2 — in a single `docker compose up`\n\n.\n\n\"Can you audit what your agents did yesterday?\"Tracepath answers that with immutable Ed25519-signed logs, real-time policy enforcement, and a compliance dashboard.\n\n🏆\n\nSubmitted to— Best Use of Google AI category[DEV Weekend Challenge: Passion Edition]\n\n```\ngit clone https://github.com/nujovich/tracepath.git\ncd tracepath/docker\nAUDIT_SIGNING_KEY=$(openssl rand -hex 32) docker compose up -d\nhttp://localhost:3000\n```\n\nFive tabs: **Audit**, **Incidents**, **Policies**, **Reports**, and **Gemini**.\n\nThe stack:\n\nThe core pipeline: intercept → sign → check → store. I built the Rust gateway with actix-web, embedded OPA WASM for policy evaluation, and wired Ed25519 signing. PostgreSQL for the queryable audit log, MinIO with S3 Object Lock for immutable WORM storage.\n\nStreamed events from the gateway to NATS JetStream, then built a Python incident detector that watches for four anomaly types: denial spikes, budget overruns, suspicious patterns, and rate limit breaches. All surfaced in a React dashboard with real-time polling.\n\nImplemented git-based policy versioning. Every OPA policy change is a git commit. Built a visual diff viewer and one-click rollback in the dashboard. Added a replay engine that lets you replay historical events against a different policy version to answer: *\"What would have happened if this policy was active then?\"*\n\nGenerated FINRA and EU AI Act compliance reports as HTML. Integrated **Google Gemini 2.5 Flash** via OpenRouter as a semantic classifier — it takes threshold-triggered incidents and refines their severity by analyzing the context. A denial spike from a misconfigured policy gets downgraded from CRITICAL to WARNING. A real attack stays CRITICAL.\n\nThe Gemini integration caches classifications persistently, so the dashboard shows the reasoning behind every severity decision even between container restarts.\n\nArticle 50 of the EU AI Act requires high-risk AI systems to:\n\nTracepath implements all three. The FINRA report validates data integrity (Ed25519 signatures), record retention (WORM storage), and access controls (API authentication).\n\nI'm submitting to **Best Use of Google AI**.\n\nTracepath uses **Gemini 2.5 Flash** (via Google AI) as a semantic classifier that refines incident severity. Instead of blindly flagging every threshold breach as CRITICAL, Gemini analyzes the context:\n\n| Incident | Original Severity | Gemini Reasoning | Final Severity |\n|---|---|---|---|\n6 `image_generate` denials in a session |\nCRITICAL | \"All denials were for image generation, suggesting a misconfiguration rather than a malicious attempt\" |\nWARNING |\n| Budget exceeded by 2x in a single session | WARNING | \"The tools used match a legitimate research workflow with no policy bypass attempts\" |\nINFO |\n\nThis is the difference between a noisy alert system and a useful one — and it's powered by Google AI.\n\nThis is a weekend project, but it's not a toy. The roadmap:\n\n`@audit`\n\ndecorator parity→ [Star the repo](https://github.com/nujovich/tracepath) to follow along.\n\n*Built with ❤️🔥 by Nadia Ujovich — a security engineer turned AI builder who still believes the best agents are auditable ones.*", "url": "https://wpnews.pro/news/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend", "canonical_source": "https://dev.to/nujovich/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend-foi", "published_at": "2026-07-12 20:43:27+00:00", "updated_at": "2026-07-12 21:15:01.681608+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-agents", "developer-tools", "ai-infrastructure"], "entities": ["Tracepath", "LangChain", "CrewAI", "AutoGen", "OPA", "Google Gemini", "EU AI Act", "FINRA"], "alternates": {"html": "https://wpnews.pro/news/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend", "markdown": "https://wpnews.pro/news/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend.md", "text": "https://wpnews.pro/news/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend.txt", "jsonld": "https://wpnews.pro/news/tracepath-i-built-an-ai-agent-audit-middleware-in-one-weekend.jsonld"}}