Product
DAVA Trust
The compliance layer underneath every product. Lineage chain, immutable audit log with hash chain, retention enforcement, right-to-erasure orchestration, policy decision point, downloadable evidence packs, EU AI Act mode switch.
Quickstart (Python)
bashpip install dava-trustpythonimport asyncio
from dava_trust import Client
async def main():
async with Client(api_key="dava_live_…") as c:
# Recent audit events.
events = await c.recent_events(limit=20)
for e in events:
print(f"{e.created_at} {e.event}")
# Active PDP policies.
policies = await c.list_policies()
print(f"{len(policies)} active policies")
# Lineage for one subject.
graph = await c.lineage("job", "abc-123")
for edge in graph.edges:
print(edge)
asyncio.run(main())Quickstart (TypeScript)
typescriptimport { Client } from "@avaresearch/dava-trust";
const c = new Client({ apiKey: process.env.DAVA_API_KEY! });
const events = await c.recentEvents(20);
const policies = await c.listPolicies();What Trust covers
Trust is unusual: it's both a substrate every other product depends on AND its own product SKU. Customers running just Trust use it to govern data they already have without bringing it through DAVA's ingest pipeline. Customers running Norm/Dedup/Connect/Agent get Trust included because those products literally cannot run without the audit chain.
API surface (canonical /v1/trust/*)
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /v1/trust/events | Recent audit-log entries with hash-chain integrity. |
| GET | /v1/trust/verify | Recompute the hash chain for one subject and return chain_intact + first divergence (if any). |
| GET | /v1/trust/lineage/{type}/{id} | Lineage graph for one subject (job, file, dataset). |
| GET | /v1/trust/policies | Active policy-decision-point rules. |
| GET | /v1/trust/policies/retention | Per-subject-type TTLs the retention worker enforces nightly. |
Legacy /v1/governance/*, /v1/lineage/*, /v1/policies/* paths still work for backwards-compat. New integrations should use /v1/trust/*.