Issue Type
Documentation
Description
Summary
Add a runnable notebook under examples/ that demonstrates, against real ZeroID data, the four audit queries
CoSAI Appendix D lists "prove control on demand" as evidence.
Motivation
CoSAI §3.6 / Appendix D: "Organizations MUST be able to reconstruct which agents existed, what they were allowed to do, what delegations they held, and what actions they performed, using immutable logs and lineage." The paper lists four example queries. ZeroID already stores the raw data needed for most of them. A working example that shows how to assemble the queries is the single highest-leverage artifact to produce from the paper, and it converts an aspirational checklist into something you can demo live.
Proposed change
New notebook examples/prove_control_on_demand.ipynb, same style as the existing zeroid_quickstart.ipynb /
langchain/scope_aware_tools.ipynb. Walks through:
- Agents active in a time window — query identities filtered by created_at and status/revocation events.
- Actions by originating principal — query issued_credentials filtered by user_id or identity_id, joined to
introspection results.
- Delegation chain reconstruction — walk the act.sub chain via parent_jti (existing field) or correlation_id
once issue #N lands; note the limitation and show what's possible today.
- Failed attestations (last 7 days) — query cae_signals where signal_type = attestation.failed.
Each query is shown as a Python call against the ZeroID admin API + (where needed) direct SQL over the demo DB. Output rendered inline.
Out of scope
- Building a new query API. If an existing endpoint can't serve the query, note the gap and either fall back to
SQL or file a follow-up enhancement.
Acceptance criteria
- Notebook runs end-to-end against the docker-compose stack.
- All four queries produce realistic output against seeded demo data.
- README links to it alongside the existing example notebooks.
- Each query cites the CoSAI Appendix D bullet it satisfies.
- Limitations (e.g., correlation_id not yet wired) are called out in the notebook rather than hidden.
Issue Type
Documentation
Description
Summary
Add a runnable notebook under examples/ that demonstrates, against real ZeroID data, the four audit queries
CoSAI Appendix D lists "prove control on demand" as evidence.
Motivation
CoSAI §3.6 / Appendix D: "Organizations MUST be able to reconstruct which agents existed, what they were allowed to do, what delegations they held, and what actions they performed, using immutable logs and lineage." The paper lists four example queries. ZeroID already stores the raw data needed for most of them. A working example that shows how to assemble the queries is the single highest-leverage artifact to produce from the paper, and it converts an aspirational checklist into something you can demo live.
Proposed change
New notebook examples/prove_control_on_demand.ipynb, same style as the existing zeroid_quickstart.ipynb /
langchain/scope_aware_tools.ipynb. Walks through:
introspection results.
once issue #N lands; note the limitation and show what's possible today.
Each query is shown as a Python call against the ZeroID admin API + (where needed) direct SQL over the demo DB. Output rendered inline.
Out of scope
SQL or file a follow-up enhancement.
Acceptance criteria