Sovereignty Auditor
The Sovereignty Auditor ensures that your AI model is executing within the required geographical and legal jurisdiction by using cryptographic "Landmark" probes.
π‘οΈ Use Case
- Data Residency: Enforced compliance with US/EU data sovereignty laws by proving the TEE is hardware-anchored to a specific data center.
- Geofencing: Prevent sensitive model inference in unauthorized regions.
π Implementation
This auditor performs an active probe to "Anchor Nodes" in the Request phase.
import os
from lucid_sdk import create_auditor, Proceed, Deny
builder = create_auditor(auditor_id="sovereignty-auditor")
REQUIRED_REGION = os.getenv("REQUIRED_JURISDICTION", "US")
@builder.on_request
def check_sovereignty(data: dict):
# The SDK's underlying LucidClient communicates with 'Landmark' nodes
# to verify the hardware's physical proximity and jurisdiction.
# Simple check for demo purposes:
current_region = os.getenv("NODE_REGION", "US")
if current_region != REQUIRED_REGION:
return Deny(
reason=f"Jurisdiction violation: Workload in {current_region}, policy requires {REQUIRED_REGION}"
)
return Proceed(jurisdiction=current_region)
auditor = builder.build()
βΈοΈ Deployment Configuration
Add this to your auditors.yaml. Notice the use of environment variables to configure the required jurisdiction.
chain:
- name: sovereignty-auditor
image: "lucid/sovereignty-auditor:v1"
port: 8083
env:
REQUIRED_JURISDICTION: "US"
ANCHOR_URLS: "http://anchor-dc1.lucid-system.svc.cluster.local:8001"
π Behavior
- Verification: The auditor queries local Anchor nodes for signed receipts.
- Attestation: These receipts are sent to the Verifier, and the final AI Passport includes a "Location Verified" assertion.