sentinel-scan-action 1.2.1

package/.github/workflows/main.yml

@@ -0,0 +1,18 @@
+name: Sentinel Compliance
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  sentinel:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Run Sentinel scan
+        uses: MOXO08/sentinel-scan-action@v1
+        with:
+          manifest: manifest.json

package/GUIDE.md

@@ -0,0 +1,46 @@
+# 📘 Mastering EU AI Act Compliance
+**A Developer's Handbook to the 2026 Regulation**
+
+## Introduction
+The EU AI Act is the world's first comprehensive AI law. For developers, this shifts compliance from a "legal problem" to a "technical requirement." Sentinel helps you bridge this gap in seconds.
+
+## ⚖️ The 4 Risk Categories
+1. **Unacceptable Risk**: (e.g., Social Scoring) — **Banned.**
+2. **High Risk**: (e.g., Recruitment AI) — **Strict requirements.**
+3. **Limited Risk**: (e.g., Chatbots) — **Transparency obligations.**
+4. **Minimal Risk**: (e.g., Spam filters) — **Free use.**
+
+## 🛠️ How to Prepare Your Manifest
+Sentinel uses a `manifest.json` to understand your AI's capabilities. Here is the checklist for a **High-Risk** system:
+
+### 1. Transparency (Art. 13)
+Ensure users know they are interacting with AI.
+- `transparency_disclosure_provided`: true
+
+### 2. Data Governance (Art. 10)
+Verify that your training data is documented and assessed for bias.
+- `bias_assessment_performed`: true
+- `data_governance_policy_documented`: true
+
+### 3. Human Oversight (Art. 14)
+The system must be designed to be overseen by natural persons.
+- `human_oversight_enabled`: true
+
+## 🚀 Integrating Sentinel in 3 Steps
+
+### Step 1: Install
+```bash
+npx @radu_api/sentinel-scan --init
+```
+
+### Step 2: Audit
+Run a local audit to find violations Before they reach production.
+```bash
+npx @radu_api/sentinel-scan ./manifest.json
+```
+
+### Step 3: Automate
+Add the Sentinel GitHub Action to block non-compliant PRs.
+
+---
+_Need a Pro license for enterprise support? Visit [sentinel-ai.dev](https://sentinel-ai.dev)_

package/LICENSE

@@ -0,0 +1,26 @@
+# Sentinel Proprietary License
+
+Copyright (c) 2026 Sentinel AI. All Rights Reserved.
+
+## 1. OWNERSHIP AND GRANT OF USE
+Sentinel ("the Software"), including its source code, binaries, WebAssembly (WASM) modules, and associated documentation, is the exclusive intellectual property of Sentinel AI ("the Licensor"). 
+
+The Licensor grants you a limited, non-exclusive, non-transferable right to use the Software solely through its official distribution channels (e.g., GitHub Actions). This grant does not include access to the underlying source code.
+
+## 2. RESTRICTIONS
+You are strictly prohibited from:
+- **Reverse Engineering**: You shall not decompile, disassemble, or otherwise attempt to derive the source code from the WASM engine or any obfuscated components.
+- **Redistribution**: You shall not copy, modify, distribute, or create derivative works of the Software without explicit written permission from the Licensor.
+- **Sublicensing**: You shall not sell, rent, or lease the Software to any third party.
+
+## 3. PROPRIETARY RIGHTS
+All intellectual property rights in and to the Software are and shall remain the sole property of the Licensor. Nothing in this License shall be construed as a transfer of ownership.
+
+## 4. TERMINATION
+This License is effective until terminated. Your rights under this License will terminate automatically without notice from the Licensor if you fail to comply with any of its terms.
+
+## 5. DISCLAIMER OF WARRANTY
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN NO EVENT SHALL THE LICENSOR BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY ARISING FROM THE USE OF THE SOFTWARE.
+
+---
+For commercial licensing inquiries, contact: license@sentinel-ai.dev

package/README.md

@@ -0,0 +1,176 @@
+![EU AI Act Scan](https://img.shields.io/badge/Sentinel-EU%20AI%20Act%20Scan-blue)
+![CI Integration](https://img.shields.io/badge/GitHub%20Action-ready-green)
+
+# 🛡 Sentinel — Deterministic AI Compliance for CI/CD
+
+Sentinel is a compliance-as-code engine that verifies AI repositories against EU AI Act requirements directly inside developer workflows.
+
+It performs deterministic regulatory checks during pull requests and CI builds, validates required documentation, and generates audit-ready compliance evidence.
+
+Sentinel integrates with GitHub Actions and exports SARIF reports directly into GitHub Security.
+
+---
+
+# Why Sentinel Exists
+
+The EU AI Act introduces strict compliance obligations for organizations building or deploying AI systems.
+
+Companies must prove:
+
+• documented risk management  
+• traceable training data sources  
+• model documentation and governance  
+• regulatory audit evidence  
+• continuous monitoring of AI systems  
+
+Most teams only discover compliance gaps during legal reviews or regulatory audits.
+
+Sentinel shifts compliance **left** by embedding regulatory checks directly into CI/CD pipelines.
+
+Developers get immediate feedback during pull requests before compliance issues reach production.
+
+---
+
+# 🚀 Quick Start
+
+Add Sentinel to your GitHub workflow.
+
+```yaml
+- name: Sentinel AI Compliance Scan
+  uses: MOXO08/sentinel-scan-action@v1
+```
+
+Sentinel will automatically run EU AI Act compliance checks during pull requests and builds.
+
+No additional configuration is required for basic scans.
+
+## 📸 How Sentinel Works
+
+### CLI Compliance Scan
+Runs deterministic EU AI Act checks locally. Developers can run scans before pushing code.
+```bash
+npx sentinel-scan ./manifest.json
+```
+
+### GitHub Action Integration
+Sentinel runs automatically inside CI pipelines. It scans repositories during pull requests and builds. Results appear directly inside the pull request and GitHub Security tab.
+
+### SARIF Security Reporting
+Sentinel exports compliance findings as SARIF. These appear as native GitHub Security alerts. Developers can review compliance issues exactly like security vulnerabilities.
+
+### Evidence Generation
+Sentinel generates structured documentation templates required for regulatory audits.
+```bash
+npx sentinel-scan evidence generate --policy-pack eu-ai-act-high-risk
+```
+This creates `docs/compliance/` with structured compliance documentation templates.
+
+---
+
+## What Sentinel Checks
+
+Sentinel enforces compliance policies across AI repositories. It performs:
+
+• Manifest verification  
+• Policy pack enforcement  
+• Baseline-aware compliance checks  
+• Documentation validation  
+• SARIF security reporting  
+• Compliance evidence generation  
+
+These checks run automatically during CI/CD.
+
+---
+
+## Example GitHub Workflow
+
+```yaml
+name: Sentinel Compliance
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  sentinel:
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Sentinel Compliance Scan
+        uses: MOXO08/sentinel-scan-action@v1
+        with:
+          manifest: "./manifest.json"
+          policy_pack: "eu-ai-act-high-risk"
+```
+
+---
+
+## Policy Packs
+
+Sentinel ships with built-in regulatory rule sets. Available policy packs:
+
+• `eu-ai-act-minimal`  
+• `eu-ai-act-high-risk`  
+
+List installed packs locally:
+```bash
+npx sentinel-scan policy-pack list
+```
+
+---
+
+## Sentinel Verified Registry
+
+Public AI repositories scanned with Sentinel are listed in the Sentinel Verified registry.
+
+[https://moxo08.github.io/sentinel-verified/](https://moxo08.github.io/sentinel-verified/)
+
+Projects using Sentinel can appear in the registry of AI systems scanned for EU AI Act readiness.
+
+---
+
+## Sentinel Ecosystem
+
+Sentinel consists of multiple components:
+
+• Sentinel CLI  
+• Sentinel GitHub Action  
+• Compliance evidence generator  
+• Policy pack engine  
+
+Main repository: [https://github.com/MOXO08/sentinel](https://github.com/MOXO08/sentinel)  
+NPM CLI: [https://www.npmjs.com/package/sentinel-scan](https://www.npmjs.com/package/sentinel-scan)
+
+---
+
+## License
+
+UNLICENSED — Commercial use requires a Sentinel subscription. For enterprise licensing contact: [https://gettingsentinel.com](https://gettingsentinel.com)
+
+---
+
+## About
+
+Sentinel is a deterministic compliance engine for AI systems. It enables organizations to verify EU AI Act readiness directly inside developer workflows.
+
+**Topics:** `ci-cd` • `devsecops` • `ai-compliance` • `ai-governance` • `eu-ai-act` • `ai-risk` • `ai-audit`
+
+---
+
+# Who Should Use Sentinel
+
+Sentinel is designed for:
+
+• **AI startups** preparing for EU market entry  
+• **Enterprises** building regulated AI systems  
+• **ML teams** shipping production AI models  
+• **DevSecOps teams** implementing compliance pipelines  
+• **Companies** deploying high-risk AI systems under the EU AI Act
+Test: Sentinel PR comment validation.

package/action.yml

@@ -0,0 +1,47 @@
+name: "Sentinel AI Compliance Scan"
+
+description: "CI guardrail for EU AI Act compliance. Runs policy packs, verifies documentation, generates SARIF security alerts."
+
+author: "MOXO08"
+
+branding:
+  icon: "shield"
+  color: "blue"
+
+inputs:
+  manifest:
+    description: "Path to AI manifest.json"
+    required: false
+    default: "./manifest.json"
+
+  enforce:
+    description: "If true, fails the CI job on compliance violations"
+    required: false
+    default: "false"
+
+  policy_pack:
+    description: "Sentinel policy pack (eu-ai-act-minimal | eu-ai-act-high-risk)"
+    required: false
+    default: "eu-ai-act-minimal"
+
+  baseline:
+    description: "Path to baseline file"
+    required: false
+
+  sarif:
+    description: "Generate SARIF report for GitHub Security"
+    required: false
+    default: "true"
+
+  evidence:
+    description: "Generate compliance evidence templates"
+    required: false
+    default: "false"
+
+  license_token:
+    description: "Sentinel Pro/Enterprise license token"
+    required: false
+
+runs:
+  using: "node20"
+  main: "index.js"