Filho (2026) — ESAA-Security the "auditable by construction" audit architecture

Why it matters for NETEVO

ESAA-Security structures security review of AI-generated code as an evidence-oriented audit process governed by contracts and append-only events rather than a free-form LLM conversation. The review runs as a governed pipeline of reconnaissance, domain audit, risk classification and reporting (26 tasks, 16 security domains, 95 executable checks): agents emit structured intentions under constrained protocols, the orchestrator validates and persists accepted outputs to an append-only log, reprojects derived views, and verifies consistency through replay and hashing.

The phrase "auditable by construction" names the property of the audit report this architecture produces. A policy document can assert that a control exists, but a document does not enforce anything; code does. An event-sourced audit pipeline can reproduce its own findings by inspection, because every accepted output is persisted to the append-only log and the derived views can be re-verified through replay and hashing. Where an audit finding must rest on evidence that is reproducible by inspection, it is the engineered pipeline, not the document that describes it, that supplies that evidence.

ESAA-Security is a same-author specialisation of ESAA, applying the general event-sourcing architecture to the specific problem of security auditing; the two papers are best read together where the audit application is in scope. Within the international academic audit lineage it sits alongside Raji's SMACTR and Mökander's three-layered audit framework: Raji specifies the internal audit procedure, Mökander specifies the audit architecture, and ESAA-Security specifies the engineering architecture that produces an auditable artefact in the first place.