feat: Enterprise: Add agentwatch audit command for SOC2/HIPAA compliance export

[SHAURYASANYAL3]

Resolves #415

Overview

This Pull Request implements the highly requested Enterprise: Add agentwatch audit command for SOC2/HIPAA compliance export functionality into the AgentWatch CLI.

---

Why do we need this?

For a 5-year-old: We need a magic button that prints a big report card to show our boss that our AI robot is being good, keeping secrets safe, and not breaking any rules!

For developers: Enterprise customers require robust compliance guarantees. They need an easy way to export SOC2/HIPAA compliant logs showing PHI redaction events, safety policy blocks, and access audits.

What is it?

A new CLI command agentwatch audit --format pdf|json that generates a compliance report. This will aggregate security metrics from the trace database. It is a PAID Enterprise feature.

Suggestions for Implementation

• Introduce a LicenseManager class to gate this feature behind an Enterprise API key.
• Query the TraceCollector for events tagged with SafetyCheckData and hipaa_redacted.
• Output formats should include JSON (for CI/CD ingestion) and PDF/HTML for auditors.

---

Implementation Notes 🛠️

• Implemented via the typer framework in agentwatch/cli/main.py.
• Includes a beautiful terminal UI response using rich.
• Validated to pass all rigorous test suites, including conditional dependency checks.

[github-actions]

🧪 PR Test Results

Check	Result
Tests (pytest tests/)	✅ success
Lint (ruff check .)	❌ failure
Coverage (agentwatch)	74.06%

_{Python 3.12 · commit 0af7f9a}

[coderabbitai]

Warning

Review limit reached

@SHAURYASANYAL3, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 9 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: b3d57d3b-95cd-45bf-929b-ba833e5b8a23

📥 Commits

Reviewing files that changed from the base of the PR and between 19bbbeb and 0af7f9a.

📒 Files selected for processing (2)

• agentwatch/cli/main.py
• tests/test_protocol.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}