Skip to content

linus10x/cre-agent-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
.github
.github
 
 
config
config
 
 
docs
docs
 
 
examples
examples
 
 
governance-artifacts
governance-artifacts
 
 
scripts
scripts
 
 
src/cre_agent_audit
src/cre_agent_audit
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.zenodo.json
.zenodo.json
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
AUTONOMY_LADDER.md
AUTONOMY_LADDER.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CITATION.cff
CITATION.cff
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DISCLAIMER.md
DISCLAIMER.md
 
 
FAILURE-MODES.md
FAILURE-MODES.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PUBLICATIONS.md
PUBLICATIONS.md
 
 
README.md
README.md
 
 
ROADMAP.md
ROADMAP.md
 
 
SECURITY.md
SECURITY.md
 
 
THESIS.md
THESIS.md
 
 
WORKED_EXAMPLE.md
WORKED_EXAMPLE.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

cre-agent-audit

Nine MIT-licensed governance patterns for AI agents in commercial real estate operations — tenant screening, lease abstraction, and pricing — with a hash-chained audit trail. Durable artifacts, not slideware.

CI Coverage 86% Tests 336 License: MIT Python 3.10+ DOI v0.2.4 Autonomy Ladder family

What this is: a reference architecture — production Python, zero runtime dependencies — for governing AI agents in CRE operations: a DEFCON state machine, a non-overridable sovereign veto, a hash-chained audit ledger, a Fair-Housing Pre-Flight Gate, and the A0→A4 Autonomy Ladder. What this is not: legal, regulatory, audit, or fairness-testing advice; a deployed production control; or a substitute for counsel. Regulatory characterizations are summaries — consult qualified counsel for jurisdiction-specific compliance. See DISCLAIMER.md. Who this is for: a CRE owner/operator, or a proptech screening / compliance lead, who owns tenant-screening, lease-abstraction, or pricing decisions and needs to prove the AI stayed bounded.

30-second tour

git clone https://github.com/linus10x/cre-agent-audit.git
cd cre-agent-audit
pip install -e .
python examples/worked_example_fair_housing_preflight.py

An agent submits two tenant-screening decisions. The bounded one passes. The one that reaches for a housing-voucher feature — the pattern named in the Louis v. SafeRent settlement — is vetoed with a named reason code (FHA-VOUCHER), recorded in the hash-chained ledger, and the recurring pattern demotes the system one DEFCON rung, mechanically pausing the capability until a human clears it. Every step is evidence. Cold-clone to verified output: under 60 seconds.

Read me first

  1. Run a Fair-Housing-Pre-Flight testpython examples/worked_example_fair_housing_preflight.py, or pip install -e ".[dev]" && pytest tests/test_fair_housing_preflight.py. See the rail fire on real code.
  2. WORKED_EXAMPLE.md — the one decision class (tenant screening) walked end to end: agent acts → pre-flight catches it → audit entry → demotion, using the real public API.
  3. autonomy-ladder.io — the framework and whitepaper behind the A0→A4 ladder. Pattern-to-rung mapping: AUTONOMY_LADDER.md.

Install

pip install -e .                  # runtime: stdlib only, zero dependencies
pip install -e ".[dev]"           # + pytest, ruff, mypy, hypothesis
pip install -e ".[dev,audit-verify]"   # + cryptography (RFC 3161 timestamp verification)
make verify                       # ruff + mypy + pytest (336 tests, 86% coverage) + JSON-sync + wheel

⚠ Notice. This repository is a reference architecture, not legal, regulatory, audit, or fairness-testing advice. Regulatory characterizations are summaries; readers must consult qualified counsel for jurisdiction-specific compliance. No attorney-client relationship is formed by use of this repository. See DISCLAIMER.md.

Why this matters — three regulatory matters in 24 months

The U.S. Department of Justice filed U.S. v. RealPage, Inc. et al. on August 23, 2024 — DOJ plus eight state attorneys general, civil antitrust under the Sherman Act §§ 1 AND 2, alleging algorithmic rent-coordination across commercial real estate operating companies. Current posture: DOJ filed a proposed consent judgment with RealPage on Nov 24, 2025 (pending court approval under the Tunney Act); co-defendant final judgments have been entered (e.g., Greystar, Mar 2, 2026). Resolved without admission of liability — not adjudicated, not "ongoing litigation." The Louis v. SafeRent Solutions, LLC class settlement (No. 1:22-cv-10800, D. Mass., approximately $2.275M, November 20, 2024) named tenant-screening AI that scored applicants below threshold with no documented reason; the settlement included a five-year score-use injunction on voucher-holder applicants. The Trans Union Rental Screening Solutions joint FTC/CFPB consent orders (October 2023, $15M) named systemic accuracy failures in its rental-screening reports under FCRA § 607(b).

Each matter named the same operator-side gap: no audit trail of the model decision. No human-in-loop documentation. No way to prove the system stayed bounded.

cre-agent-audit is the artifact stack that addresses that gap. Nine MIT-licensed governance patterns for AI-enabled CRE workflows — written for the operators who own tenant-screening, lease abstraction, pricing, underwriting, vendor-data flow, and lease-renewal decisions. Production Python. Fourteen architectural decision records (ADRs) with primary-source regulatory citations. Three runnable worked examples plus three regulatory-incident replays. Companion to finserv-agent-audit and four other regulated-vertical libraries (see the Autonomy Ladder family below).

The Colorado AI Act (SB 24-205, as amended by SB 26-189 signed May 14, 2026) — compliance horizon January 1, 2027 — is the next state-level regulatory checkpoint for CRE operators in the housing branch.

Table of contents

At a glance
Patterns 9 core (ADR-0001 → ADR-0009) + 4 hardening (ADR-0010 retention; ADR-0011 vendor adapter; ADR-0012 persistence / timestamps / witness anchor; ADR-0013 MI Proxy) + 1 category-claim (ADR-0014 operator-side AI governance)
Tests 336 passing — 318 deterministic + 18 Hypothesis property/fuzz tests totaling 51,000 generated examples (enterprise-scrutiny campaign in tests/test_enterprise_scrutiny_campaign.py)
Branch coverage 86% (above 85% gate; v0.2.0 baseline was 89.18% on a smaller surface)
Runtime dependencies 0 (stdlib only)
Python 3.10, 3.11, 3.12 (CI matrix)
License MIT
Type-checked mypy --strict clean
Linted ruff clean
Sibling linus10x/finserv-agent-audit (financial services)

Proof strip (verified by make verify on main): 336 tests passing · 86% branch coverage (above the 85% gate) · 14 ADRs · 13 control description tables · mypy --strict clean · ruff clean · 0 runtime dependencies · 18 Hypothesis property/fuzz tests summing to 51,000 generated examples (the enterprise-scrutiny campaign in tests/test_enterprise_scrutiny_campaign.py).

Why this exists for frontier autonomy stacks

The controls in this library are domain-agnostic. The DEFCON state machine, the non-overridable sovereign veto (a separate-process control the agent cannot switch off), the hash-chain audit ledger (it detects tampering within its trust boundary), the hard envelopes with mechanical escalation, the sampled-review tripwires, and monitor-led promotion were forged in real multi-agent production systems under consequence — and they apply directly to any high-stakes coordinated autonomy (vehicles, robots, agent swarms) where invisible promotion or cascade failure is unacceptable. The decision class is a parameter: this repo encodes it for commercial real estate, but the same A0→A4 deployment-authority structure lifts into any decision class without inheriting financial-services assumptions.

For reviewers & safety teams: every control here is falsifiable — the test suite (336 tests · 51,000-example property campaign) turns each rule into a runnable check, and the veto and ledger are infrastructure with operational properties (separate process boundary, distinct credentials, a gate the agent cannot reach; write-once retention). These are reference implementations for adoption, not deployed production controls.

Why this exists

The three matters above named the same evidentiary gap — no documented decision trail, no human-in-loop record, no documented record of bounded operation. The patterns below are extracted from production work in regulated industries — financial services, wealth platforms, and now CRE — and they survive risk-committee scrutiny because they were designed for it.

Most operator AI surface is vendor-mediated. Tenant-screening models come from SafeRent, RentGrow, TransUnion SmartMove. Revenue-management models come from RealPage, AppFolio, Yardi Revenue IQ. Lease-abstraction models come from Leverton/MRI, V7 Lease, Reonomy. For those surfaces, the patterns in this repo translate to procurement-clause power as much as engineering rails — see docs/vendor-clauses/ for the contractual companion to the code.

Quick start

git clone https://github.com/linus10x/cre-agent-audit.git
cd cre-agent-audit
pip install -e ".[dev]"
make verify                                           # ruff + mypy + pytest + JSON-sync + wheel-build
python examples/02_tenant_screening_preflight/run.py  # demonstrates FHA-PROXY/VOUCHER/SOI/CRIM/DISPARATE

Sample output (abridged) — example 02:

→ PASS:  applicant_id=A-001  credit=720 income_x_rent=3.5  → ALLOW
→ PASS:  applicant_id=A-002  credit=680 income_x_rent=2.8  → REVIEW
→ VETO reason: FHA-VOUCHER  (voucher-status proxy detected)
→ VETO reason: FHA-CRIM     (blanket criminal-history exclusion attempted)
Total audit entries: 7 (every decision recorded)
Audit chain verified intact ✓

The example demonstrates the Fair-Housing Pre-Flight Gate (Pattern 8) firing, the Sovereign Veto (Pattern 2) rejecting, the hash-chained Audit Ledger (Pattern 3) recording every decision, and the human-review handoff. Cold-clone to verified-output target: under 60 seconds.

Full reproduction guide: docs/REPRODUCE.md.

Architecture overview

Three subpackages under src/cre_agent_audit/:

  • governance/ — nine pattern primitives (DEFCON, Sovereign Veto, Audit Ledger, Autonomy Ladder, Regulation Loader, Shadow Router, Lease Provenance, Fair-Housing Preflight, Tenant PII Residency)
  • agents/ — six agent base classes (one functional, five v0.3 stubs)
  • schemas/ — typed decision objects (lease clause, screening decision)

Patterns compose into a runtime via the orchestrator (see ARCHITECTURE.md). Every decision routes through DEFCON state filter → domain pre-flight → Sovereign Veto → Audit Ledger. Veto'd decisions write to the ledger as fully as executed ones.

Maturity (honest)

The governance layer is production-grade Python; the agent layer is mostly scaffolding. This table keeps the "production Python" claim from over-reaching.

Layer What ships Maturity
governance/ — the 9 pattern primitives + hardening modules (DEFCON, Sovereign Veto, hash-chain ledger, Autonomy Ladder, Regulation Loader, Shadow Router, Lease Provenance, Fair-Housing Preflight, Tenant PII Residency, VendorScoreGate, persistence/timestamps/witness, MI Proxy, MI-threshold detector) Production — fully implemented, mypy --strict, 86% branch coverage, 51,000-example property campaign
schemas/ — typed decision objects (lease clause, screening decision) Production — typed, validated, tested
examples/regulatory-incidents/ — 3 runnable replays + cre-replay CLI Functional — runs end-to-end; produces 6-artifact evidence bundles
agents/ — 6 agent base classes 1 functional reference (orchestrator) + 5 stubs (audit, monitor, risk, strategy, domain_intelligence) — base classes/seams, not full agents

The runnable value is in the governance primitives and the replays — not in the agent stubs.

Deployment economics

For an interim CTO or fractional CAIO scoping adoption:

Item Estimate
Engineering hours to integrate per pattern 0.5–3 dev-days
Ongoing CPU / memory cost Negligible (stdlib only; ledger size grows linearly with decision volume)
Exception-review headcount 0.1–0.3 FTE compliance reviewer per A2+ workflow at portfolio scale
What it offsets The runtime-gate + audit-primitive layer of a commercial AI-governance platform subscription (typical tier: $120K–$280K/yr) for the patterns this repo covers — does NOT replace policy authoring, vendor-risk workflow, or board-reporting modules those platforms also provide; complementary, not competitive (see Section 11). Also offsets ~40 hours/month manual GC review of decision logs.
Hardest integration item Wiring Sovereign-Veto authority resolver to your IdP (Okta, Azure AD) — 4–6 months at most enterprises
Cold-clone-to-running examples < 60 seconds

The 90-day deployment cadence is in examples/FIRST_90_DAYS.md.

Patterns included

# Pattern File Regulation anchor Control doc
1 DEFCON State Machine src/cre_agent_audit/governance/defcon.py EU AI Act Art. 9, 15 · NIST AI RMF GOVERN CTRL-001
2 Sovereign Veto src/cre_agent_audit/governance/sovereign_veto.py EU AI Act Art. 14 · FHA · three-lines-of-defense CTRL-002
3 Hash-Chained Audit Ledger src/cre_agent_audit/governance/audit_chain.py EU AI Act Art. 12 · SOC 2 CC7.2 · SEC 17a-4 CTRL-003
4 Autonomy Ladder™ A0→A4 src/cre_agent_audit/governance/autonomy_ladder.py EU AI Act Art. 14 · CO AI Act CTRL-004
5 Regulation Loader (pattern↔reg map) src/cre_agent_audit/governance/regulation_loader.py self-referential (governs all others) CTRL-005
6 Shadow-Mode Rollout src/cre_agent_audit/governance/shadow_mode.py SR 11-7 (model risk; superseded 2026-04-17) · EU AI Act Art. 15 CTRL-006
7 Lease-Abstraction Provenance src/cre_agent_audit/governance/lease_provenance.py Litigation discovery defensibility · SOC 2 CC7.2 CTRL-007
8 Fair-Housing Pre-Flight Gate src/cre_agent_audit/governance/fair_housing_preflight.py Fair Housing Act § 3604 · ICP v Texas (576 U.S. 519) · ECOA · CO AI Act CTRL-008
9 Tenant PII Data Residency src/cre_agent_audit/governance/tenant_pii_residency.py GDPR Art. 6 · CCPA/CPRA · state tenant-data statutes CTRL-009

Two ADRs added in v0.2.0 from adversarial-review fold-in (design + policy layer):

Two more ADRs added in v0.2.1 (in flight, on main):

For the four-framework mapping (NIST AI RMF × ISO/IEC 42001 × COSO ICAIR × Big-4 taxonomy) see docs/MAPPING-MATRICES.md.

Real-world use cases

1. Tenant-screening fair-housing audit (multifamily). The SafeRent matter named tenant-screening AI that scored voucher-holder applicants below threshold with no documented reason. The Fair-Housing Pre-Flight Gate (Pattern 8) flags protected-class proxy features against a configurable blocklist before model evaluation; the Audit Ledger (Pattern 3) records every decision with cohort statistics. The artifact stack materially reduces the class of failure modes the SafeRent matter exposed — it does not, standing alone, establish FHA compliance.

2. Lease-abstraction discovery defense (office + industrial). When a lease term is contested in litigation, courts ask: how was that clause extracted, what was the model's confidence, and who validated it? Lease-Abstraction Provenance (Pattern 7) tags every clause with source-document hash, OCR confidence, and extraction confidence. Discovery becomes a forensic exercise instead of a credibility one — if the lease-abstraction pipeline (typically a third-party vendor) exposes the clause-level provenance object. For vendor-shipped outputs that do not expose provenance, see docs/vendor-clauses/abstraction.md for the contractual SLA template that obligates provenance disclosure.

3. Pricing-model good-faith documentation (multifamily + industrial). U.S. v. RealPage — filed Aug 23, 2024 (DOJ + 8 state AGs; Sherman Act §§ 1 AND 2). Current posture: DOJ filed a proposed consent judgment with RealPage on Nov 24, 2025 (pending court approval under the Tunney Act); co-defendant final judgments have been entered (e.g., Greystar, Mar 2, 2026). Resolved without admission of liability — not adjudicated, not "ongoing litigation." Pattern 3 (Audit Ledger) + Pattern 4 (Autonomy Ladder A2 with sampled per-cycle audit) produce process evidence relevant to good-faith defenses under rule-of-reason analysis. They do not cure per se exposure from data-pooling — antitrust counsel must independently assess data-input topology; software governance does not substitute for input-side antitrust review.

4. AI-mediated resident communication (chatbots, leasing agents). Most large multifamily operators run vendor chatbots (EliseAI, Hyly, Funnel Leasing) on resident communication. These surfaces touch TCPA, Reg-Z disclosure, and fair-housing-steering risk simultaneously. Pattern 8's protected-surface list already names tenant_communication_personalization; the Audit Ledger captures every interaction; the Sovereign Veto fires on protected-class-adjacent topics. ADR-0011 (Vendor-Output Adapter, design) covers the vendor-mediated case.

How it compares

cre-agent-audit finserv-agent-audit NIST AI RMF Playbook OWASP LLM Top 10
Target CRE operating cos FSI regulated systems Universal Security awareness
Form MIT reference architecture MIT reference architecture Government playbook Threat list
Runnable patterns ✅ 9 patterns + 336 tests ✅ 6 patterns Conceptual guidance Conceptual guidance
Kill switch ✅ Sovereign Veto
Audit trail ✅ Hash-chained ✅ Hash-chained Recommended
Decision-class autonomy ✅ A0→A4 ✅ A0→A4 Recommended
Regulation mapping ✅ EU AI Act · FHA · CO AI Act · NIST + Treasury ✅ EU AI Act · MiFID II · SEC · NIST + Treasury ✅ NIST only
Zero runtime deps ✅ stdlib only ✅ stdlib only N/A N/A
Python typed (mypy --strict) N/A N/A

Commercial AI-governance platforms — Credo AI, Holistic AI, Fairly AI, Monitaur, IBM watsonx.governance, Microsoft Purview AI Hub — are a different category. They are managed services with subscriptions in the $50K–$300K/yr range, opinionated workflow tooling, vendor-managed control evidence storage, and ongoing policy-as-code maintained by the vendor. cre-agent-audit is a reference architecture you fork into your own stack. It is complementary, not competitive: many adopters use a commercial platform for policy + reporting and cre-agent-audit's patterns for the runtime gates and audit primitives the platform integrates with.

Who this is for

  • CRE operating companies (multifamily, office, industrial) running AI in tenant-screening, leasing, pricing, underwriting, or vendor-data workflows
  • Risk and compliance leaders at CRE operating companies preparing for the next state regulatory checkpoint in the AI consequential-decision branch
  • PE operating partners with CRE portfolio exposure scoping AI-governance posture across portfolio companies — see docs/PE_DUE_DILIGENCE.md
  • Audit firms mapping AI-governance controls into assurance frameworks for CRE clients — see docs/controls/ + docs/MAPPING-MATRICES.md
  • CTOs and Chief AI Officers at CRE operating companies establishing governance frameworks before regulators ask for them

Repo layout

cre-agent-audit/
├── README.md · ARCHITECTURE.md · LICENSE · DISCLAIMER.md
├── CITATION.cff · CODE_OF_CONDUCT.md · CONTRIBUTING.md · SECURITY.md · ROADMAP.md
├── Makefile                              # `make verify` runs full gate
├── pyproject.toml                        # zero runtime deps
├── docs/
│   ├── adr/                              # 14 architectural decision records (0001-0014)
│   ├── controls/                         # 13 Control Description Tables (CTRL-001..013)
│   ├── vendor-clauses/                   # drop-in contract addenda for vendor-mediated AI
│   ├── MAPPING-MATRICES.md               # NIST × ISO 42001 × COSO ICAIR × Big-4 taxonomy
│   ├── LIMITATIONS.md                    # what this stack does NOT do
│   ├── PRIOR-ART.md                      # intellectual lineage + academic citations
│   ├── PE_DUE_DILIGENCE.md               # 10-question checklist for PE operating partners
│   └── REPRODUCE.md                      # cold-clone to all-green in 5 commands
├── src/cre_agent_audit/                  # src-layout namespace package, py.typed
│   ├── governance/                       # 9 pattern implementations
│   ├── agents/                           # 6 agent classes (1 functional + 5 v0.3 stubs)
│   └── schemas/                          # typed decision objects
├── examples/                             # 3 runnable demos + 3 regulatory-incident replays + FIRST_90_DAYS.md
├── config/
│   ├── compliance_rules.yaml             # author-time source of truth
│   └── compliance_rules.json             # runtime artifact (generated; CI-verified in sync)
├── governance-artifacts/                 # 3 FINOS-format contributory control drafts
├── scripts/build_compliance_json.py      # author-time YAML → JSON converter
└── tests/                                # 336 tests (318 deterministic + 18 Hypothesis) · 86% branch coverage

Part of the Autonomy Ladder™ family

Six co-equal regulated-vertical reference libraries implementing the Autonomy Ladder — a governance framework for autonomous AI in regulated operations (A0→A4, every rung demotable). Family index: autonomy-ladder-libraries. Framework + whitepaper: autonomy-ladder.io. This repo's pattern-to-rung mapping is in AUTONOMY_LADDER.md.

Vertical Library
Cross-vertical financial services finserv-agent-audit
Banking (model risk · ECOA/Reg B · BSA/AML/OFAC) banking-agent-audit
Payments (OFAC · Reg E · rail finality) payments-agent-audit
Health-insurance payer (UM · prior auth · appeals) payer-agent-audit
SEC-registered investment advisers (Advisers Act §206) private-capital-agent-audit
Commercial real estate cre-agent-audit

The financial-services library shares the most pattern overlap with this one:

linus10x/finserv-agent-audit — Six governance patterns for AI in regulated financial services. Anchored to NIST AI RMF, Treasury FS AI RMF, SEC record-retention, and MiFID II. (Model-risk references that previously cited SR 11-7 note it was superseded on 2026-04-17.)

Pattern finserv-agent-audit cre-agent-audit
DEFCON state machine
Sovereign Veto
Hash-chained Audit Ledger
Autonomy Ladder A0→A4
Regulation Mapping ✅ MiFID II · SEC · SR 11-7 (superseded 2026-04-17) ✅ FHA · CO AI Act · EU AI Act
Shadow-Mode Rollout
Lease-Abstraction Provenance ✅ CRE-specific
Fair-Housing Pre-Flight Gate ✅ CRE-specific
Tenant PII Data Residency ✅ CRE-specific

Both repos: MIT, zero runtime dependencies, primary-source regulatory citations, mypy --strict clean, ≥85% branch coverage.

The umbrella discipline — Regulated-Operations AI Governance — is documented at autonomy-ladder.io. One framework, six co-equal regulated verticals, one author.

Governance artifacts (FINOS-format contributory)

The FINOS AI Risk Initiative is the financial-services industry's open-source AI risk-control catalog. Three control drafts in governance-artifacts/ are written in the FINOS AIR artifact format and released here under MIT — fork them into your own control library, cite them in your AI risk register, adapt them to your jurisdictions. Each draft maps to a pattern in this repo.

Important. These three drafts have not been reviewed, endorsed, or accepted by FINOS or the AIR Working Group as of v0.2.0. They are released independently. The full 19-artifact submission package (with 16 additional risk and mitigation files in author-draft form) is under separate working-group-bound development on a private branch and is not in this folder by design.

Vendor clauses

Most CRE operators do not run their own tenant-screening, lease-abstraction, or pricing models. They buy from SafeRent, Yardi/RentCafe, RentGrow, Leverton/MRI, V7, RealPage, AppFolio, Yardi Revenue IQ. For vendor-mediated AI surfaces, docs/vendor-clauses/ holds drop-in contract addenda mapping the patterns to procurement-clause language:

  • screening.md — DPA + model-risk addendum + four-fifths-rule reporting SLA
  • abstraction.md — lease-vendor SLA + clause-level provenance-disclosure requirement
  • pricing.md — independent-decision contract clause + data-input-topology disclosure

Roadmap

See ROADMAP.md. Highlights for v0.3: pluggable persistence backend for the audit ledger, RFC 3161 trusted-timestamp integration, OpenTimestamps / Sigstore Rekor witness-anchor reference implementation, VendorScoreGate concrete implementation, MI-threshold learned-proxy detection in the Fair-Housing gate, five-state regulatory-mapping community contributions (TX/NY/CA/WA/FL).

Author

Kunjar Bhaduri — 25-year financial-services and technology executive. Rescued a $750M multi-year wealth-management platform anchor account at a top-3 wealth-platform vendor. Rebuilt production infrastructure on Azure during a 12-day ransomware attack with no DR available — SOC 2 Type 2 and ISO 27001 cleared in the same 50-day window. Three-time JPMorgan Chase Partner of the Year (2007 · 2009 · 2010). Operated through a PE-acquisition-to-divestiture arc at a regulated-industry technology platform.

These patterns translate financial-services AI-governance discipline to CRE failure modes documented in the three named regulatory matters. The cross-domain pattern (FSI governance → CRE adoption) is intentional; CRE operators face the same audit-trail, human-in-loop, and proof-of-bounded-operation expectations that FSI institutions resolved over the last decade.

LinkedIn · NTCI Portfolio

Community

Acknowledgements

  • NIST AI Risk Management Framework 1.0 — function categories used in every pattern mapping
  • Treasury Financial Services AI Risk Management Framework — 230 control objectives, Feb 2026
  • FINOS AI Risk Initiative — artifact format the governance-artifacts/ folder targets
  • Marcos López de Prado — named advisor on adjacent work on a private quantitative options research program; methodological discipline applied here
  • Solon Barocas, Moritz Hardt, Arvind NarayananFairness and Machine Learning foundational text
  • Andrew Selbst, Danah Boyd, Sorelle Friedler, Suresh Venkatasubramanian, Janet Vertesi — Fairness and Abstraction in Sociotechnical Systems (FAT* 2019)
  • Margaret Mitchell, Simone Wu, Andrew Zaldivar et al. — Model Cards for Model Reporting (FAT* 2019)
  • Timnit Gebru, Jamie Morgenstern, Briana Vecchione et al. — Datasheets for Datasets (CACM 2021)
  • Inioluwa Deborah Raji et al. — Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing (FAT* 2020)

Citation

If you cite this work in research or in adoption-decision memos, use the metadata in CITATION.cff. The concept DOI 10.5281/zenodo.20437081 always resolves to the latest archived version; the author mints a new version DOI on Zenodo for selected releases (Zenodo metadata is driven by .zenodo.json).

@software{bhaduri_cre_agent_audit_2026,
  author       = {Bhaduri, Kunjar},
  title        = {{cre-agent-audit: Governance Patterns for AI in
                   Commercial Real Estate Operations}},
  year         = 2026,
  publisher    = {Zenodo},
  version      = {v0.2.0},
  url          = {https://github.com/linus10x/cre-agent-audit}
}

Related work + intellectual lineage

These patterns build on prior work. The Autonomy Ladder A0→A4 ladder structure is intentionally isomorphic to existing staged-autonomy frameworks (SAE J3016 driving-automation taxonomy; OECD AI Principles staged-oversight language; NIST AI RMF MANAGE 2.3 maturity scaffolding; Shavit et al. 2023 Practices for Governing Agentic AI Systems; Anderljung et al. 2023 Frontier AI Regulation). What this work contributes is the CRE-vertical mapping of autonomy tier to specific patterns and to specific regulatory matters — the ladder is borrowed scaffolding, the per-tier-per-pattern + per-tier-per-matter mapping is the novel contribution. Doctrinal foundation for the Fair-Housing Pre-Flight Gate is Texas Dept. of Housing v. Inclusive Communities Project, 576 U.S. 519 (2015), which constitutionalized disparate-impact under the FHA. Full lineage in docs/PRIOR-ART.md.

Failure modes

FAILURE-MODES.md is the repo-root matrix of 8 adversarial / partition / corruption failure-mode classes: storage drift, sequence gap / split-brain, adversarial replay in-trust-boundary, timestamp tampering, witness disagreement, backend permission revocation, verifier compromise (the Module Integrity Proxy in ADR-0013), and vendor AI scoring drift (the VendorScoreGate). Each row names the detection mechanism (resolved to a real callable in the codebase or marked NOT YET IMPLEMENTED · tracking: ADR-XXXX) and the recovery action. A companion test (tests/test_failure_modes_matrix.py) enforces doc/code parity — the build fails on drift.

The audit chain is tamper-detecting within its trust boundary by default. Tamper-evidence against an attacker who controls the ledger host requires the external witness pattern shipped in v0.2.1 (RFC 3161 trusted timestamps via TimestampSource + Sigstore Rekor / OpenTimestamps via WitnessRegister, per docs/adr/0012-persistence-witness-timestamp-pattern.md). Tamper-detection of the verifier itself requires the MI Proxy hook shipped in v0.2.1 (docs/adr/0013-mi-proxy-module-integrity.md) — out-of-band SHA-256 + HMAC attestation by default, opt-in SLSA / in-toto / Sigstore cosign.

Regulatory incidents

Three runnable replays of named CRE-AI matters under examples/regulatory-incidents/, implementing ADR-0014's operator-side category claim:

  • TransUnion Rental Screening Solutions — FTC + CFPB consent orders, October 2023, $15M civil money penalty, FCRA § 607(b) accuracy
  • Louis v. SafeRent Solutions, LLC — D. Mass. class settlement, November 20, 2024, approximately $2.275M with a five-year score-use injunction
  • U.S. v. RealPage, Inc. et al. — filed Aug 23, 2024 (DOJ + 8 state AGs; Sherman Act §§ 1 AND 2); DOJ filed a proposed consent judgment with RealPage on Nov 24, 2025 (pending Tunney Act approval); co-defendant final judgments entered (e.g., Greystar, Mar 2, 2026); resolved without admission of liability — not adjudicated, not "ongoing litigation" (framed as alleged conduct throughout)

Each replay produces a six-artifact audit-evidence bundle (chain export + verify report + MI Proxy attestation + findings + controls description table + executive narrative). Run them:

cre-replay list                                    # show all matters
cre-replay run 01_transunion_rental_screening      # run one matter
cre-replay run-all                                 # run all matters
cre-replay verify <bundle.zip>                     # re-validate a bundle

Engage

Seven productized-service templates under docs/services/:

Service Price Shape
Diagnostic $5K 90-min interview + 20-page deliverable
Audit $40K 4 weeks; full audit-evidence bundle
Retainer $15K/quarter Quarterly rerun + new-incident + regulatory-update brief
Workshop $25K–$50K 1-day on-site or 2-day virtual
Cohort $50K–$200K 8-week program; 20–40 seats
Private intel $25K–$100K/yr Gated newsletter + private failure-mode catalog + playbook library
Practitioner bench $10K–$50K/yr Invite-only practitioner community

Email contact@autonomy-ladder.io with the service name in the subject.

Thesis + publications

  • THESIS.md — three-year project commitment (2026–2028) — version roadmap, publishing cadence, productization commitment, what the project will NOT become
  • PUBLICATIONS.md — academic publication track — four target venues (ACM SEMS, ACM FAccT, Journal of Risk & Financial Management, SAFE consortium / NIST AI RMF profile), four draft outlines, citation discipline
  • ADR-0014 — operator-side AI governance for regulated industries (the category claim)

Limitations and what this stack does NOT do

  • Lexical-first proxy detection, with an opt-in MI-threshold learned-proxy detector. The Fair-Housing Pre-Flight Gate (Pattern 8) checks for named-feature proxies against a configurable blocklist. The mutual-information-based MI-threshold learned-proxy detector (ADR-0008 update) shipped in v0.2.2 and is opt-in via FairHousingPreflightGate(mi_proxy_detector=...); it emits FHA-MI-PROXY when a feature's MI against a protected-class reference exceeds the threshold. Lexical + MI detection together still do NOT cover behavioral-signal proxies (browser fingerprints, language patterns) or every geospatial-granularity proxy.
  • Internally-consistent ledger by default; adversarial tamper-evidence requires the witness pattern. The hash-chained Audit Ledger (Pattern 3) detects modification by an honest holder of the chain head. Adversarial integrity against an attacker with full ledger-host write access requires anchoring the chain head to an external witness register. v0.2.1 ships RekorWitness (Sigstore), OpenTimestampsWitness, and the anchor_to_witness() helper that binds the receipt back into the chain (ADR-0012 Seam 3). Scheduling the anchor is the deployer's responsibility.
  • Four-fifths-rule monitor only. The disparate-impact check is the standard four-fifths-rule selection-rate comparison. It does not engage the fairness-metric pluralism / impossibility-result literature (Kleinberg/Mullainathan/Raghavan 2016; Chouldechova 2017) — adopters owning a regulator-facing fairness defense should choose their fairness metric in consultation with counsel and document the choice.
  • Vendor-mediated AI scoring captured via VendorScoreGate in v0.2.1. The Protocol + InMemoryVendorScoreGate default backend ship (ADR-0011 update; FAILURE-MODES.md Row 8); score-drift on (vendor_id, input_hash, model_version) surfaces as a flagged chain entry and, by default, raises to halt the pipeline. Vendor-clauses remain the procurement-side companion.
  • Five state regulatory mappings ship in v0.2.0. TX, NY, CA, WA, FL state mappings tracked as community-contribution good-first-issues — primary-source citation required per PR.
  • Engages the operator's deployment, not the model's training. Selbst et al. 2019 Fairness and Abstraction in Sociotechnical Systems — fairness is sociotechnical, not technical. This stack governs how AI is deployed by an operator. Training-time controls are out of scope.
  • Pre-revenue research artifact; no production-deployment warranties. Adopters own validation. See DISCLAIMER.md and docs/LIMITATIONS.md for the full statement.

License + trademark

License: MIT — fork freely; no warranty.

Trademark: Autonomy Ladder™ is a common-law trademark of Kunjar Bhaduri. USPTO registration is planned in classes 9, 35, 41, 42. The framework is open for use under the MIT license; the name is reserved during the registration period.

Authored by Kunjar Bhaduri · Dallas, TX · 2026.

About

Nine MIT-licensed governance patterns for AI in commercial real estate — Fair-Housing Pre-Flight, Lease Provenance, Tenant PII Residency, Autonomy Ladder. Durable artifacts, not slideware. Companion to finserv-agent-audit.

autonomy-ladder.io

Topics

autonomous-agents proptech cre kill-switch audit-trail commercial-real-estate tenant-screening ai-governance agentic-ai eu-ai-act fair-housing regulated-ai compliance-by-design colorado-ai-act lease-abstraction autonomy-ladder

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

v0.2.4 Latest
Jun 9, 2026
+ 4 releases

Packages

 
 
 

Contributors

Languages