Fuze Control

The managed compliance dashboard.

Control reads the evidence stream your agents emit through the Fuze SDK and helps you compile the documents regulators ask for: the Annex IV file, the Article 27 FRIA, and the Article 73 incident report. Posture views, retention, and an admin audit log on top.

Screenshot of the Fuze Control dashboard showing a compliance posture overview, signed-evidence integrity counts, resource consumption, a tokens-and-activity chart, and a recent runs feed.

What Control does

From evidence stream to regulator-ready file.

The SDK emits hash-chained spans; Control turns those spans into the artifacts the AI Act asks deployers to produce.

Posture overview

Art. 26
dashboard

Per-agent view of which Articles are emitting evidence, which runs are pending oversight, and where retention sits.

Art. 12 — event recording
Art. 14 — oversight queue
Art. 19 — retention
Art. 27 — FRIA draft
Art. 73 — incident report

Annex IV file

Annex IV
@fuze-ai/agent-annex-iv

Maps evidence span attributes to the Annex IV sections (and ISO 42001 controls) so the technical file compiles from the same data your agent already emits.

1.1 System descriptionresolved
1.2 Intended purposeresolved
3 Risk managementresolved
4 Data governanceresolved
9 Monitoring planresolved

FRIA drafts

Art. 27
@fuze-ai/agent-fria

Compiles a Fundamental Rights Impact Assessment draft from the evidence stream, ready for review before submission.

FRIA.draft

Incident reports

Art. 73
@fuze-ai/agent-incident

Drafts an Article 73 incident report from the same evidence stream — the timeline, the affected runs, the human decisions already attached.

incident.draft

Admin audit log

Art. 26
audit

Privileged actions in the dashboard (config changes, retention edits, role grants) land in their own append-only log.

retention.updateoperator_2c
role.grantoperator_2c
agent.config.editoperator_91

How it connects

Already using the SDK? Add an API key.

Control reads the same evidence stream the SDK already emits. No code changes, no migration. Self-host the SDK alone or route its stream into the managed Control tenant.

agent.ts
import { guard, control } from 'fuze-ai'

const screener = guard(myAgent, {
  article:   'Annex III.4(a)',
  residency: 'eu-central-1',
})

const result = await screener.run(prompt)

// Stream lands in your Control tenant.
await control.emit(result, {
  apiKey: process.env.FUZE_API_KEY,
})
signed · Art. 12, 14, 26 ← evidence chain

Article coverage

What Control produces from the stream today.

Some artifacts are shipping; others are partial or on the roadmap. The split below mirrors the public fuze-ai README so the page can't drift from the SDK.

Shipping

Art. 12Automatic event recordingPer-step JSONL trace of every prompt, tool call, return, and guard event surfaced as a per-agent run feed.
Art. 14Human oversightPending-oversight queue backed by `ctx.requestOversight()`; reviewer signature binds the human decision into the chain.
Art. 26Deployer monitoringRuns, agent health, retention, and an admin audit log of privileged dashboard actions.
Art. 27FRIA`@fuze-ai/agent-fria` compiles a Fundamental Rights Impact Assessment draft from evidence span attributes.
Art. 73Serious incident reporting`@fuze-ai/agent-incident` drafts a regulator-ready Article 73 report from the same stream.

Partial today

Art. 19Log retentionAppend-only event store with configurable retention. HMAC-SHA256 hash chain is in the Python SDK; TypeScript parity is on the roadmap.
annex ivTechnical documentation`@fuze-ai/agent-annex-iv` maps evidence span attributes to Annex IV sections and ISO 42001 controls.

On the roadmap

Art. 9Risk-management systemTooling for residual-risk logs and control-registry tracking.
Art. 10Data & data governanceSource lineage and drift logging for inference and training data.
Art. 13Transparency to deployersCapability cards and a known-limitation registry exported with each run.
Art. 15Accuracy & robustnessEval-suite integration and jailbreak-attempt logging on the hot path.
Art. 72Post-market monitoringDrift alerts and performance-regression diffs per deployment.

Next

Get compliant before August 2.

Start with the free risk classification, then instrument your agent with the SDK and let Control compile the file. Enforcement begins August 2, 2026.