v0.1 · MIT-licensed · self-hosted

NYC Local Law 144 — the open-source attestation layer your bias audit was missing.

Per-tool-call attestation + § 20-871 compliance auto-mapping. Vendors emit signed evidence in the exact shape your selection-rate and impact-ratio calculations need. You skip the data-plumbing and bill more analysis hours.

★ Get the toolkit on GitHub Book a 20-min screen-share →

What changed on December 2, 2025

The NYC Comptroller published an audit of the DCWP's enforcement of Local Law 144 covering July 2023 – June 2025 and concluded the agency's enforcement system was "ineffective." DCWP responded by ramping up enforcement in early 2026. Penalties under § 20-873 are now $500–$1,500 per violation per day. The compliance market isn't theoretical anymore — it's live and growing weekly.

Who this is for

You audit AEDTs for a living — at BABL AI, Holistic AI, Warden AI, VerifyWise, ORCAA, DCI Consulting, or one of a dozen smaller boutiques. Your typical engagement looks like:

Vendor sends you input data in whatever shape they hand-rolled. Per-engagement.
You spend 40-60% of the audit hours wrangling that data into a usable form.
You actually compute selection rates + impact ratios, write the report, deliver.
Step 2 happens again, from scratch, on the next engagement.

AttestProto turns step 2 into 0 hours. Vendors emit cryptographically-signed attestations in a fixed schema. You ingest. You compute. Done.

What the toolkit ships, today

Per-tool-call attestation

Each AI hiring decision (resume screen, ranking, interview-pass-fail) is signed with Ed25519 over the candidate-input + agent-output. Tamper-evident.

§ 20-871(c) inputs preserved

fields-redacted redaction policy keeps demographic-bearing fields available for impact-ratio computation. Full-redacted blocks the audit; we flag it as a high-severity finding so you don't get caught.

Auto-mapping to LL144

The compliance engine auto-tags every attestation against § 20-870 (definitions), § 20-871(a) (annual audit), § 20-871(c) (impact ratio), § 20-871(d) (public posting), § 20-872(a) (10-day candidate notice), § 20-872(b) (alternative process).

Self-hosted, MIT, no callhome

Your client's HR data never leaves their infrastructure. Run the ledger on a Mac mini or a Postgres + uvicorn box. We don't see anything.

Cryptographic evidence package

Auto-generate a regulator-ready PDF + JSON evidence bundle per engagement. Includes Merkle-anchored proof of inclusion that's verifiable in 2030 without us.

Cross-language SDKs

Python + Node reference impls. Cross-language conformance vectors verify identically. Vendors integrate in one afternoon.

30-second example — what your auditor sees

# Input: a signed attestation from the vendor's AEDT
$ attestproto compliance hiring-att-2026-05-04.json --json
[
  {
    "framework": "nyc-ll144",
    "citation": "§ 20-870 (definitions)",
    "severity": "info",
    "detail": "AEDT use detected; attestation provides §20-870 audit-trail evidence."
  },
  {
    "framework": "nyc-ll144",
    "citation": "§ 20-871(a) (annual bias audit obligation)",
    "severity": "medium",
    "detail": "AEDT in use; § 20-871(a) requires an independent bias audit completed within the past year."
  },
  {
    "framework": "nyc-ll144",
    "citation": "§ 20-871(c) (impact-ratio inputs)",
    "severity": "high",
    "detail": "AEDT attestation with fully-redacted input; impact ratio per § 20-871(c) cannot be computed downstream without demographic-bearing input data."
  },
  {
    "framework": "nyc-ll144",
    "citation": "§ 20-872(a) (10-day candidate notice)",
    "severity": "medium",
    "detail": "AEDT in use without 'll144-candidate-notice-sent' reputation tag; § 20-872(a) requires 10-business-day advance notice to candidates."
  }
]

What this is NOT

Not a competitor to your audit firm. We don't author audits or compete for your clients.
Not a vendor selling certifications. The bias audit is yours; we ship the input format that makes it cheaper.
Not closed. MIT-licensed reference impls, CC0 spec. If we disappear tomorrow, you keep running.

Get the toolkit

★ Star + clone on GitHub Read the LL144 rules 20-min screen-share →

Audit-firm partnership program

If you run audits at one of the named firms above and you'd like AttestProto to ship vendor adapters in your engagements' shape, drop a line. The first three firms get co-design seats: we ship the integration, you give feedback, nobody pays anyone.

Audit-firm partnership inbound →

AttestProto is built by Lex Oleksiienko (Calgary, AB). Open source, MIT. Not legal advice. The Local Law 144 rules engine implements the publicly- available text of the law and DCWP's published enforcement guidance; consult your firm's counsel before relying on it for client deliverables.