{"slug": "we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path", "title": "We built a SOC 2 reviewer for AI sessions, and kept AI out of the execution path", "summary": "The developer team behind Chron, an MCP server that records AI coding sessions to a local SQLite database, has shipped a SOC 2 review layer. The tool scans session history for findings against SOC 2 Trust Services Criteria using pure pattern matching, without any model inference or API calls. It generates reports with severity ratings and stable finding IDs, and supports actions like accept, dismiss, and resolve to manage findings over time.", "body_md": "We built a SOC 2 reviewer for AI sessions — and kept AI out of the execution path\n\nAI coding tools now touch auth code, modify Terraform, handle credentials, and change deployment pipelines. Most teams have no record of this. For teams under SOC 2, that gap is becoming a real problem.\n\nWe built [Chron](https://www.npmjs.com/package/chron-mcp) to fix the audit trail problem. Today we're shipping the review layer.\n\nChron is an MCP server. It sits in every AI conversation and records structured events to a local SQLite database:\n\n`code_change`\n\n— file path, operation (create/edit/delete), diff`tool_call`\n\n/ `tool_result`\n\n— what tools the AI invoked`secret_detected`\n\n— masked credential or PII (no plaintext stored)Every message is hash-chained. Sessions can be Ed25519 signed. Nothing leaves the machine.\n\nAfter a few weeks of use you have a tamper-evident history of everything your AI coding assistant did.\n\n```\nchron review --framework=soc2\n```\n\nThis scans your session history and flags findings against SOC 2 Trust Services Criteria. No model inference. No API calls. Pure pattern matching on the structured events Chron already captured.\n\nSample output:\n\n```\nChron Review  SOC2  162 session(s) reviewed\n\n7 findings  across  2 controls\n\nThis report identifies AI-session evidence that may require control-owner review.\nIt is not a certification of compliance or evidence of any violation.\n\n  CRITICAL  CC6.1, CC6.6    e252bc5e  SIEM integrations sprint\n    A sensitive credential or secret was detected in an AI session.\n    • secret_detected: env_value (SPLU****oken)\n    • secret_detected: password (PASS****234!)\n    Suggested: Confirm no plaintext credential was committed to version control\n\n  HIGH      CC6.1           12b9bc1e  Auth refactor — JWT migration\n    AI modified code in an access-control-sensitive path.\n    • code_change: src/auth/jwt.ts\n    • code_change: src/auth/session.ts\n    Suggested: PR approval with human reviewer\n```\n\nSeverity is per secret type — `private_key`\n\nand `credit_card`\n\nare critical, API keys are high, email addresses are medium. Not everything Chron detects warrants the same response.\n\n```\nchron review --framework=soc2 --since=30d\n```\n\nUseful for quarterly reviews or pre-audit prep. The `--since`\n\nflag accepts `7d`\n\n, `30d`\n\n, or `YYYY-MM-DD`\n\n.\n\n```\nchron review --framework=soc2 --output=review.html\n```\n\nGenerates a printable HTML report with finding cards, severity badges, evidence lists, and suggested review actions. The disclaimer is on the cover page — it is not a compliance certification.\n\nFindings have stable IDs across runs (SHA-256 of rule + session). The default view shows only open findings. You act on them as you review:\n\n```\n# Accept — reviewed, risk accepted\nchron review accept abc12345 --note=\"approved by security team, PR #441\"\n\n# Dismiss — not applicable\nchron review dismiss abc12345 --note=\"test fixture, not production code\"\n\n# Resolve — evidence gathered\nchron review resolve abc12345 --note=\"credential rotated, no commit exposure\"\n\n# See everything including reviewed findings\nchron review --all\n```\n\nNext time you run `chron review`\n\n, accepted and dismissed findings don't reappear as noise. New findings — from sessions since your last review — surface cleanly.\n\nThe obvious question: why not just ask Claude \"is this a SOC 2 violation?\"\n\nTwo reasons.\n\nFirst, it would overclaim. A model asked \"does this violate CC6.1?\" will give you a confident-sounding answer. That answer is not evidence. A licensed CPA conducting a SOC 2 Type II examination needs to evaluate whether your controls were *suitably designed and operated effectively over the audit period* — a judgment call that requires sampling, period evidence, and professional opinion. No model output replaces that.\n\nSecond, you can't audit an AI's reasoning. If a model decides a finding is real or dismissed, there's no inspectable rule to challenge. Human-designed rules are reviewable, editable, and arguable. If the `auth`\n\npath keyword fires on a test fixture you don't care about, you can dismiss it with a note. If the rule is wrong, you can open an issue.\n\nThe constraint that keeps this trustworthy: **AI explains, never decides.** Rules execute deterministically. AI will eventually help generate evidence narratives and answer questions about your session history — but the findings themselves come from rules a human can read and reason about.\n\n| Rule | Controls | What triggers it |\n|---|---|---|\n| Access control code | CC6.1 |\n`code_change` to auth/iam/rbac/jwt/oauth paths |\n| Credential detected | CC6.1, CC6.6 | Any `secrets_detected` entry |\n| Infrastructure change | CC7.2, CC8.1 |\n`code_change` to terraform/k8s/docker/pipeline paths |\n| Monitoring change | CC7.2 |\n`code_change` to logging/monitoring/alerting paths |\n| Data handling change | CC6.1, CC6.7 |\n`code_change` to encryption/gdpr/retention paths |\n\n`chron ask \"which sessions touched auth code last quarter?\"`\n\n— natural language over the audit DB\n\n```\nnpm install -g chron-mcp\n```\n\nAdd the MCP server to Claude Code, Cursor, Windsurf, or any MCP-compatible tool. Run `chron doctor`\n\nto verify setup. Start a session. Then:\n\n```\nchron review --framework=soc2\n```\n\n4,107 installs. If you're dealing with AI governance questions in your SOC 2 audit, I'd like to hear what you're seeing.", "url": "https://wpnews.pro/news/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path", "canonical_source": "https://dev.to/sirinivask/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path-2pic", "published_at": "2026-07-09 20:26:55+00:00", "updated_at": "2026-07-09 21:05:49.442092+00:00", "lang": "en", "topics": ["developer-tools", "ai-safety", "ai-ethics", "ai-agents"], "entities": ["Chron", "SOC 2", "MCP", "SQLite", "Ed25519"], "alternates": {"html": "https://wpnews.pro/news/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path", "markdown": "https://wpnews.pro/news/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path.md", "text": "https://wpnews.pro/news/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path.txt", "jsonld": "https://wpnews.pro/news/we-built-a-soc-2-reviewer-for-ai-sessions-and-kept-ai-out-of-the-execution-path.jsonld"}}