AUDITOR WORKBENCH

For accountants and compliance firms — evidence in one signed ZIP

One click, one download URL, valid for 24 hours. No access to live monsys data, no integration required — everything sits locally in the bundle.

Talk to sales Read the docs

How you run an audit

Three steps, no monsys credentials needed after the download.

1. Customer delivers bundle

Customer logs in to monsys, picks a period, hits Generate. Gets a one-shot 24h URL they forward to you.

2. You download + verify

Unzip the bundle. Run python3 verify.py. Each evidence pack is checked against the bundled signing keys.

3. Write your report

All evidence sits in evidence_packs/. compliance_summary.md gives you a first-draft report skeleton.

What's in the bundle

Open spec: one manifest.json + one Python verifier + every evidence pack from the period. No vendor tools required.

monsys-auditor-bundle-d2f60e21.zip
├── manifest.json              # bundle metadata + pack list + signing keys
├── verify.py                  # offline Ed25519 verifier (pynacl)
├── signing_keys.json          # public keys + rotation reasons in periode
├── compliance_summary.md      # markdown audit-rapport
└── evidence_packs/
    ├── 1234.tar.gz            # signed pack from period
    ├── 1235.tar.gz
    └── ...

verify.py only depends on pynacl. The script returns exit code 0 if all packs validate, 1 if anything broke.

Why this is trustworthy

Ed25519-signed packs — Each pack carries a signature over the canonical SHA256 of its manifest.
Key-rotation tracking — signing_keys.json shows which key was rotated when, and why.
Path-traversal guard — Bundles only contain packs from allowlisted storage paths — no /etc/shadow injection through a tampered DB row.
TOTP-gated generation — In production, generating a bundle requires a fresh 6-digit authenticator code.

Ready to run a proof of concept?

Send us an email with the tenant and the period you'd like to see — we'll send back a test bundle within one business day.

Talk to sales