Enterprise Reporting

A BI stack for AI governance — without the SQL, without the risk, without the bespoke instrumentation.

Most AI platforms emit strong per-domain dashboards and then dead-end. Audit teams, CFOs, and risk officers need something different: a horizontal reporting layer that lets them compose their own views, export them to the formats their tooling already understands, and have them show up in their inboxes every Monday morning. Trinitite ships that layer.

The Semantic Stack

Semantic Layer — Safe Reporting Without Raw SQL

Five layers, each doing one thing:

Whitelisted sources — governance_daily, proxy_logs, policy_versions, ledger_rollups, and the rest. Tenants never query raw platform tables; they query typed, aggregated sources curated by the platform.
Typed semantic layer — dimensions, metrics, filters, and time grains exposed through GET /v1/reports/semantic-sources. Every field has a type, a label, and a permissible operator set.
Report definitions — the curated catalog (below) plus tenant-authored reports saved as JSON via the safe query builder.
Compiled query — every query the platform runs carries a mandatory organization_id predicate, which the compiler enforces at validation time. No raw SQL is ever accepted from tenants.
Render + deliver — any definition becomes JSON, CSV, PDF, branded PDF, or XLSX, and ships on a schedule via email, webhook, SFTP, or S3.

The Curated Catalog

Curated Report Catalog — Grouped by Persona

CEO / Board

7

→ Executive Summary (30d)
→ Governance Health Trend
→ AI ROI — Quarterly
+ 4 more

CFO

8

→ AI Spend Summary
→ Spend by Model / Provider
→ Tool Cost by Invocation Type
+ 5 more

CISO

8

→ MCP Alerts by Severity
→ Threat-Source Breakdown
→ Blocked Calls by Threat
+ 5 more

General Counsel

7

→ Audit Events by Action
→ Failed Audit Events
→ Correction-Pattern Trend
+ 4 more

Auditor

7

→ Monthly Audit Events (12m)
→ Blocks / Corrections Evidence
→ Governance Coverage
+ 4 more

Ops

8

→ Top Upstream Errors by Tool
→ Tool Block / Correction Rates
→ Privilege Escalations
+ 5 more

Every report is parameterized (time range, filters), chart-hinted, and entitlement-gated. Schedule the ones you need; they land in inboxes, SFTP drops, or S3 buckets every Monday morning.

45+ reports, grouped by persona so buyers can map it to the roles they already sell to internally. Every catalog entry is a pure ReportDefinition referencing the semantic layer — no bespoke code.

All reports are:

Parameterized — time periods, filters, segmenting.
Chart-hinted — KPI tiles, bar / line / stacked-bar / pie picked to match the data shape.
Entitlement-gated — reporting is its own entitlement; particular catalog families can be scoped to specific editions.

Tenants can duplicate a catalog report as a starting point for customization. Changes save as a new saved_report.

Safe Query Builder

Tenants with the enterprise_reporting.builder entitlement can author their own reports without writing SQL:

Pick a source from a drop-down (governance_daily, proxy_logs, ledger_rollups, etc.).
Select dimensions, metrics, filters, and a time grain from pickers populated by GET /v1/reports/semantic-sources.
Save the definition. It's stored as JSON in saved_reports.

The server revalidates the definition on every save and on every run:

Source must be whitelisted.
Every field must exist in the semantic catalog.
Every operator must be permitted for that field.
Every filter value must pass type coercion.
The organization_id predicate is injected at compile time.

No raw SQL is ever accepted from tenants. No string concatenation. No cross-tenant access surface.

Delivery That Your Ops Team Already Accepts

POST /v1/reports/schedules
{
  "report_id":   "rpt_audit_monthly",
  "cron":        "0 8 1 * *",
  "delivery": {
    "channel":   "email",
    "to":        ["audit@example.com"],
    "format":    "branded_pdf"
  }
}

Channels supported:

Channel	Format options
Email	Attached JSON / CSV / PDF / branded PDF / XLSX
Webhook	JSON POST with HMAC signature
SFTP	JSON / CSV / XLSX drop into your existing directory
S3	Any format, any bucket you control
Download URL	HMAC-signed URL with bounded TTL

Every run writes a tamper-evident audit row. Every artifact is addressable only via an HMAC-signed URL with a TTL. A signed URL cannot be reused after expiry.

Branded PDFs

For reports that end up in board packs, audit opinions, or regulator submissions, Trinitite renders branded PDFs with your organization's logo, color scheme, cover page, and footer language. Branding is a tenant-level config applied automatically when format: "branded_pdf" is requested. A PDF carries a QR code + short URL to the public verifier — your auditor opens the PDF, scans the QR, and lands on the JWKS-backed verification page without ever needing a Trinitite login.

Scheduled Cron

Every schedule is evaluated in the tenant's configured timezone. Failed deliveries are retried with exponential backoff and surfaced on the schedule status endpoint. You see which reports ran, which succeeded, which failed, and why — without writing observability yourself.

What You Get

Capability	DIY BI on platform data	Trinitite Enterprise Reporting
Data access	Raw SQL over production tables	Typed semantic layer
Tenancy	App-layer `WHERE org_id = ?` everywhere	Compiled mandatory predicate
Author surface	SQL / dbt / Looker	Safe query builder
Catalog	Build your own	45+ persona-grouped starters
Formats	Custom rendering	JSON / CSV / PDF / branded PDF / XLSX
Delivery	Custom cron + scripts	Native schedules over email / webhook / SFTP / S3
Verification	Unsigned	HMAC-signed URLs + Glass-Box anchored
Auditor-ready	Screenshots	Branded PDF with QR to public verifier

Next Steps

→ Compliance Architecture — the companion surface for regulator-facing artifacts.

→ Observability — the live streams (as opposed to the rolled-up semantic sources).

→ Glass Box Ledger — where every report run is anchored.

The Semantic Stack​

The Curated Catalog​

Safe Query Builder​

Delivery That Your Ops Team Already Accepts​

Branded PDFs​

Scheduled Cron​

What You Get​

Next Steps​