compliance-agent 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. compliance_agent-0.1.0/.gitignore +42 -0
  2. compliance_agent-0.1.0/LICENSE +21 -0
  3. compliance_agent-0.1.0/PKG-INFO +541 -0
  4. compliance_agent-0.1.0/README.md +504 -0
  5. compliance_agent-0.1.0/examples/sample-chatbot/README.md +28 -0
  6. compliance_agent-0.1.0/pyproject.toml +64 -0
  7. compliance_agent-0.1.0/rules/annex3.yaml +106 -0
  8. compliance_agent-0.1.0/src/compliance_agent/__init__.py +34 -0
  9. compliance_agent-0.1.0/src/compliance_agent/analyzer/__init__.py +5 -0
  10. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/__init__.py +53 -0
  11. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art10.py +41 -0
  12. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art11.py +41 -0
  13. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art12.py +41 -0
  14. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art13.py +59 -0
  15. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art14.py +43 -0
  16. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art15.py +68 -0
  17. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art26.py +66 -0
  18. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art28.py +61 -0
  19. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art50.py +41 -0
  20. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art6.py +47 -0
  21. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art7.py +45 -0
  22. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/art9.py +37 -0
  23. compliance_agent-0.1.0/src/compliance_agent/analyzer/articles/base.py +237 -0
  24. compliance_agent-0.1.0/src/compliance_agent/analyzer/gaps.py +41 -0
  25. compliance_agent-0.1.0/src/compliance_agent/classifier/__init__.py +5 -0
  26. compliance_agent-0.1.0/src/compliance_agent/classifier/annex3.py +34 -0
  27. compliance_agent-0.1.0/src/compliance_agent/classifier/risk.py +109 -0
  28. compliance_agent-0.1.0/src/compliance_agent/cli.py +367 -0
  29. compliance_agent-0.1.0/src/compliance_agent/models/__init__.py +5 -0
  30. compliance_agent-0.1.0/src/compliance_agent/models/findings.py +111 -0
  31. compliance_agent-0.1.0/src/compliance_agent/models/recommendations.py +17 -0
  32. compliance_agent-0.1.0/src/compliance_agent/recommender/__init__.py +5 -0
  33. compliance_agent-0.1.0/src/compliance_agent/recommender/engine.py +122 -0
  34. compliance_agent-0.1.0/src/compliance_agent/recommender/rules.py +139 -0
  35. compliance_agent-0.1.0/src/compliance_agent/reporter/__init__.py +10 -0
  36. compliance_agent-0.1.0/src/compliance_agent/reporter/json_report.py +30 -0
  37. compliance_agent-0.1.0/src/compliance_agent/reporter/markdown.py +187 -0
  38. compliance_agent-0.1.0/src/compliance_agent/reporter/pdf_report.py +323 -0
  39. compliance_agent-0.1.0/src/compliance_agent/reporter/templates/report.html +263 -0
  40. compliance_agent-0.1.0/src/compliance_agent/reporter/terminal.py +305 -0
  41. compliance_agent-0.1.0/src/compliance_agent/scanner/__init__.py +5 -0
  42. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/__init__.py +22 -0
  43. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/agents.py +180 -0
  44. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/base.py +92 -0
  45. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/__init__.py +24 -0
  46. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/autogen.py +71 -0
  47. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/base.py +81 -0
  48. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/crewai.py +61 -0
  49. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/langchain.py +80 -0
  50. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/frameworks/langgraph.py +51 -0
  51. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/patterns.py +196 -0
  52. compliance_agent-0.1.0/src/compliance_agent/scanner/detectors/providers.py +156 -0
  53. compliance_agent-0.1.0/src/compliance_agent/scanner/engine.py +199 -0
  54. compliance_agent-0.1.0/src/compliance_agent/scanner/parser.py +41 -0
  55. compliance_agent-0.1.0/templates/README.md +34 -0
  56. compliance_agent-0.1.0/templates/art10/data_governance.py +84 -0
  57. compliance_agent-0.1.0/templates/art11/technical_documentation.py +114 -0
  58. compliance_agent-0.1.0/templates/art12/event_logging.py +137 -0
  59. compliance_agent-0.1.0/templates/art14/human_oversight.py +132 -0
  60. compliance_agent-0.1.0/templates/art50/content_marking.py +85 -0
  61. compliance_agent-0.1.0/templates/art50/deepfake_disclosure.py +92 -0
  62. compliance_agent-0.1.0/templates/art50/transparency_notice.py +95 -0
  63. compliance_agent-0.1.0/templates/art9/risk_management.py +133 -0
  64. compliance_agent-0.1.0/templates/common/ai_disclosure_banner.html +49 -0
  65. compliance_agent-0.1.0/templates/common/ai_disclosure_middleware.py +67 -0
  66. compliance_agent-0.1.0/templates/common/compliance_config.yaml +33 -0
  67. compliance_agent-0.1.0/tests/__init__.py +0 -0
  68. compliance_agent-0.1.0/tests/conftest.py +90 -0
  69. compliance_agent-0.1.0/tests/test_articles.py +191 -0
  70. compliance_agent-0.1.0/tests/test_classifier.py +148 -0
  71. compliance_agent-0.1.0/tests/test_cli.py +110 -0
  72. compliance_agent-0.1.0/tests/test_detectors.py +137 -0
  73. compliance_agent-0.1.0/tests/test_framework_detectors.py +174 -0
  74. compliance_agent-0.1.0/tests/test_package.py +20 -0
  75. compliance_agent-0.1.0/tests/test_parser.py +29 -0
  76. compliance_agent-0.1.0/tests/test_pdf_reporter.py +170 -0
  77. compliance_agent-0.1.0/tests/test_recommender.py +149 -0
  78. compliance_agent-0.1.0/tests/test_scanner.py +159 -0
@@ -0,0 +1,42 @@
1
+ # Python-generated files
2
+ __pycache__/
3
+ *.py[oc]
4
+ build/
5
+ dist/
6
+ wheels/
7
+ *.egg-info
8
+
9
+ # Virtual environments
10
+ .venv
11
+ venv/
12
+ env/
13
+
14
+ # Environment / secrets
15
+ .env
16
+ .env.*
17
+
18
+ # Tooling caches
19
+ .mypy_cache/
20
+ .pytest_cache/
21
+ .ruff_cache/
22
+ .coverage
23
+ htmlcov/
24
+ coverage.xml
25
+
26
+ # Editor
27
+ .idea/
28
+ .vscode/
29
+ .DS_Store
30
+
31
+ # Generated compliance reports
32
+ compliance-report-*.pdf
33
+ compliance-report-*.md
34
+
35
+ # Runtime artifacts from templates/demos
36
+ ai_logs*/
37
+ oversight_audit.jsonl
38
+ risk_register.json
39
+ dataset_cards*/
40
+
41
+ # Unrelated sibling checkout (ECC plugin repo)
42
+ ECC/
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 latreon
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,541 @@
1
+ Metadata-Version: 2.4
2
+ Name: compliance-agent
3
+ Version: 0.1.0
4
+ Summary: EU AI Act compliance scanner for AI projects
5
+ Author-email: latreon <ferdakerim@gmail.com>
6
+ License: MIT License
7
+
8
+ Copyright (c) 2026 latreon
9
+
10
+ Permission is hereby granted, free of charge, to any person obtaining a copy
11
+ of this software and associated documentation files (the "Software"), to deal
12
+ in the Software without restriction, including without limitation the rights
13
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14
+ copies of the Software, and to permit persons to whom the Software is
15
+ furnished to do so, subject to the following conditions:
16
+
17
+ The above copyright notice and this permission notice shall be included in all
18
+ copies or substantial portions of the Software.
19
+
20
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26
+ SOFTWARE.
27
+ License-File: LICENSE
28
+ Keywords: ai,cli,compliance,eu-ai-act,scanner
29
+ Requires-Python: >=3.12
30
+ Requires-Dist: pathspec>=1.1.1
31
+ Requires-Dist: pydantic>=2.13.4
32
+ Requires-Dist: pyyaml>=6.0.3
33
+ Requires-Dist: rich>=15.0.0
34
+ Requires-Dist: typer>=0.26.8
35
+ Requires-Dist: weasyprint>=69.0
36
+ Description-Content-Type: text/markdown
37
+
38
+ # ComplianceAgent
39
+
40
+ **Check if your AI project follows EU rules.**
41
+
42
+ [![CI](https://github.com/latreon/compliance-agent/actions/workflows/ci.yml/badge.svg)](https://github.com/latreon/compliance-agent/actions)
43
+ [![Python 3.12+](https://img.shields.io/badge/python-3.12+-blue.svg)](https://www.python.org/downloads/)
44
+ [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
45
+
46
+ The EU has new rules for AI. If you're building with OpenAI, Anthropic, LangChain,
47
+ or any AI framework, you need to check whether you comply. This tool does it for
48
+ you — one command, about 5 seconds.
49
+
50
+ [30-Second Start](#30-second-start) · [What It Does](#what-it-does-simple-version) · [How It Works](#how-it-works) · [Examples](#real-examples) · [All Commands](#command-reference) · [FAQ](#common-questions)
51
+
52
+ ---
53
+
54
+ ## 30-Second Start
55
+
56
+ ```bash
57
+ # Install
58
+ pip install compliance-agent
59
+
60
+ # Check your project
61
+ compliance-agent scan .
62
+
63
+ # That's it — read what it found.
64
+ ```
65
+
66
+ ## What It Does (Simple Version)
67
+
68
+ 1. **Scans your code** — finds where you use AI (OpenAI, LangChain, etc.).
69
+ 2. **Checks the rules** — compares your code against EU AI Act requirements.
70
+ 3. **Tells you what's missing** — shows exactly what you need to fix.
71
+ 4. **Gives you the code** — provides copy-paste fixes for each problem.
72
+
73
+ ## What You'll See
74
+
75
+ When you run `compliance-agent scan .`, you get something like:
76
+
77
+ ```text
78
+ YOUR PROJECT STATUS
79
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
80
+ Risk Level: LIMITED (some rules apply)
81
+ AI Found: OpenAI chatbot, LangChain agent
82
+ Issues: 3 things to fix
83
+
84
+ WHAT TO FIX
85
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
86
+ 1. Add a "You're talking to AI" notice to your chat
87
+ → Copy this file: templates/art50/transparency_notice.py
88
+
89
+ 2. Log all AI conversations (EU requires record-keeping)
90
+ → Copy this file: templates/art12/event_logging.py
91
+
92
+ 3. Add error handling for AI failures
93
+ → Add try/except blocks around AI calls
94
+
95
+ NEXT STEPS
96
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
97
+ Get the fix files: compliance-agent recommend . --output ./fixes
98
+ ```
99
+
100
+ ## Do I Need This?
101
+
102
+ **Yes, if you:**
103
+
104
+ - Use OpenAI, Anthropic, Google, or any AI API
105
+ - Build chatbots or AI assistants
106
+ - Use LangChain, CrewAI, AutoGen, or LangGraph
107
+ - Deploy AI in the EU or serve EU users
108
+ - Want to avoid fines (up to €35M)
109
+
110
+ **No, if you:**
111
+
112
+ - Don't use AI in your project
113
+ - Only use AI for personal projects (not a business)
114
+ - Don't operate in, or serve users in, the EU
115
+
116
+ ## Installation
117
+
118
+ ### For most users
119
+
120
+ ```bash
121
+ pip install compliance-agent
122
+ ```
123
+
124
+ That's it. Skip to the [30-Second Start](#30-second-start).
125
+
126
+ **If `pip install` fails**, try:
127
+
128
+ ```bash
129
+ python -m pip install compliance-agent
130
+ ```
131
+
132
+ **If you get "Permission denied":**
133
+
134
+ ```bash
135
+ pip install --user compliance-agent
136
+ ```
137
+
138
+ **If you use a virtual environment**, activate it first:
139
+
140
+ ```bash
141
+ source venv/bin/activate # Linux / macOS
142
+ venv\Scripts\activate # Windows
143
+ pip install compliance-agent
144
+ ```
145
+
146
+ **If you use `uv`:**
147
+
148
+ ```bash
149
+ uv pip install compliance-agent
150
+ ```
151
+
152
+ **Install the latest unreleased version from GitHub:**
153
+
154
+ ```bash
155
+ pip install git+https://github.com/latreon/compliance-agent.git
156
+ ```
157
+
158
+ **Verify it worked:**
159
+
160
+ ```bash
161
+ compliance-agent version
162
+ # ComplianceAgent v0.1.0
163
+ ```
164
+
165
+ Trouble installing or running? See the [Troubleshooting guide](docs/TROUBLESHOOTING.md).
166
+
167
+ ## How It Works
168
+
169
+ ### Step 1: Scan your code
170
+
171
+ The scanner reads your project files and looks for AI-related patterns:
172
+
173
+ - `import openai` — you're using OpenAI
174
+ - `from langchain` — you're using LangChain
175
+ - `AgentExecutor()` — you're running an AI agent
176
+ - `client.chat.completions.create()` — you're calling an AI API
177
+
178
+ It uses **AST parsing** (not just text search) to avoid false positives. A comment
179
+ that mentions "OpenAI" won't trigger a finding — only real code does.
180
+
181
+ ### Step 2: Classify risk
182
+
183
+ Based on what it finds, the tool assigns a risk level:
184
+
185
+ | Risk Level | What It Means | Rules That Apply |
186
+ |------------|---------------|------------------|
187
+ | **MINIMAL** | Basic AI usage, no user interaction | Almost none |
188
+ | **LIMITED** | AI interacts with users | Transparency rules (Art. 50) |
189
+ | **HIGH** | AI makes important decisions | Full compliance required |
190
+ | **UNACCEPTABLE** | Banned AI practices (Art. 5) | Cannot be deployed |
191
+
192
+ ### Step 3: Check compliance
193
+
194
+ The tool checks 12 specific articles of the EU AI Act:
195
+
196
+ | Article | What It Checks | When It Matters |
197
+ |---------|----------------|-----------------|
198
+ | Art. 50 | "You're talking to AI" notice | Any user-facing AI |
199
+ | Art. 12 | Logging AI conversations | All AI systems |
200
+ | Art. 14 | Human oversight for decisions | High-risk / agentic AI |
201
+ | Art. 15 | Error handling and robustness | All AI systems |
202
+ | ... | [see the full list](#compliance-coverage) | ... |
203
+
204
+ ### Step 4: Recommend fixes
205
+
206
+ For each issue found, the tool:
207
+
208
+ 1. Explains what's wrong
209
+ 2. Shows which rule requires the fix
210
+ 3. Provides a code template you can copy
211
+ 4. Tells you exactly where to put it
212
+
213
+ ```text
214
+ ISSUE: No "You're talking to AI" notice
215
+ RULE: EU AI Act Article 50(1)
216
+ FIX: Copy templates/art50/transparency_notice.py into your project
217
+ WHERE: Add it before your chat endpoint
218
+ ```
219
+
220
+ ## Real Examples
221
+
222
+ ### Example 1: Simple chatbot (Limited risk)
223
+
224
+ A basic chatbot using OpenAI:
225
+
226
+ ```python
227
+ # chatbot.py
228
+ import openai
229
+
230
+ client = openai.OpenAI()
231
+
232
+ def chat(user_input):
233
+ return client.chat.completions.create(
234
+ model="gpt-4",
235
+ messages=[{"role": "user", "content": user_input}],
236
+ ).choices[0].message.content
237
+ ```
238
+
239
+ Scan result:
240
+
241
+ ```text
242
+ RISK: LIMITED (Article 50 applies)
243
+ ISSUES: 2
244
+ 1. No "You're talking to AI" notice
245
+ 2. No logging of conversations
246
+ FIX: Add a transparency notice + logging.
247
+ ```
248
+
249
+ ### Example 2: LangChain agent (Higher risk)
250
+
251
+ An agent that can search the web and send emails:
252
+
253
+ ```python
254
+ # agent.py
255
+ from langchain.agents import AgentExecutor
256
+ from langchain.tools import Tool
257
+
258
+ tools = [
259
+ Tool(name="search", func=search_web, description="Search the web"),
260
+ Tool(name="email", func=send_email, description="Send an email"),
261
+ ]
262
+
263
+ executor = AgentExecutor(agent=agent, tools=tools)
264
+ ```
265
+
266
+ Scan result:
267
+
268
+ ```text
269
+ RISK: HIGH (agent with tool access)
270
+ FRAMEWORKS: LangChain (agent, tools)
271
+ ISSUES: 5
272
+ 1. No human oversight before tool use
273
+ 2. No logging of tool calls
274
+ 3. No error handling for API failures
275
+ 4. No "You're talking to AI" notice
276
+ 5. No data governance documentation
277
+ FIX: Add human-in-the-loop, logging, error handling, transparency.
278
+ ```
279
+
280
+ ### Example 3: CrewAI multi-agent (High risk)
281
+
282
+ A crew of agents researching and writing:
283
+
284
+ ```python
285
+ # crew.py
286
+ from crewai import Agent, Task, Crew
287
+
288
+ researcher = Agent(role="Researcher", tools=[search])
289
+ writer = Agent(role="Writer", tools=[write])
290
+
291
+ crew = Crew(
292
+ agents=[researcher, writer],
293
+ tasks=[Task(description="Research", agent=researcher),
294
+ Task(description="Write", agent=writer)],
295
+ )
296
+ crew.kickoff()
297
+ ```
298
+
299
+ Scan result:
300
+
301
+ ```text
302
+ RISK: HIGH (multiple autonomous agents)
303
+ FRAMEWORKS: CrewAI (agent, crew, task)
304
+ ISSUES: 4
305
+ 1. No oversight before crew execution
306
+ 2. No logging of agent actions
307
+ 3. No documentation of agent roles
308
+ 4. No incident reporting procedure
309
+ FIX: Add an approval workflow, logging, documentation, incident plan.
310
+ ```
311
+
312
+ ## Command Reference
313
+
314
+ ```bash
315
+ # Scan a folder ('.' = current folder)
316
+ compliance-agent scan .
317
+
318
+ # Output types
319
+ compliance-agent scan . --format markdown # for reading (default)
320
+ compliance-agent scan . --format json # for computers / CI
321
+ compliance-agent scan . --format pdf # for sharing
322
+
323
+ # Only show serious issues
324
+ compliance-agent scan . --severity high
325
+
326
+ # Skip folders
327
+ compliance-agent scan . --exclude "tests/*" --exclude "docs/*"
328
+
329
+ # Show how to fix each problem
330
+ compliance-agent scan . --fix
331
+
332
+ # Copy fix templates into your project
333
+ compliance-agent recommend . --output ./fixes
334
+
335
+ # Make a shareable report file
336
+ compliance-agent report . --output audit-2026.pdf
337
+
338
+ # For CI/CD: plain output, fail the build on serious issues
339
+ compliance-agent scan . --ci --fail-on high
340
+ ```
341
+
342
+ Run `compliance-agent scan --help` to see every option explained.
343
+
344
+ **Exit codes:** `0` success · `1` `--fail-on` threshold met · `2` usage error.
345
+ `.gitignore` is honored automatically, and vendored directories are always skipped.
346
+
347
+ JSON output is a versioned envelope — safe to parse in CI:
348
+
349
+ ```json
350
+ {
351
+ "schema_version": "1.0",
352
+ "tool_version": "0.1.0",
353
+ "scan_result": { "files_scanned": 2, "risk_tier": "limited", "findings": ["..."] }
354
+ }
355
+ ```
356
+
357
+ ## What It Detects
358
+
359
+ **AI providers**
360
+
361
+ - OpenAI (GPT-4, GPT-4o, o1)
362
+ - Anthropic (Claude)
363
+ - Google (Gemini)
364
+ - Mistral
365
+ - Local models (Ollama, vLLM, transformers, llama.cpp, torch)
366
+
367
+ **Agent patterns**
368
+
369
+ - MCP servers and tool definitions
370
+ - Tool calls and function calling
371
+ - Multi-agent orchestration (CrewAI, AutoGen, LangGraph)
372
+ - Prompt templates and system prompts
373
+
374
+ ### Framework-aware detection
375
+
376
+ Beyond generic provider detection, dedicated detectors understand what each
377
+ framework construct means for compliance (only in files that actually import the
378
+ framework — AST-verified):
379
+
380
+ | Framework | Detection | Compliance Mapping |
381
+ |-----------|-----------|--------------------|
382
+ | LangChain | Agents, tools, memory, chains | Art. 14 (oversight), Art. 9 (risk), Art. 12 (logging), Art. 50 (transparency) |
383
+ | CrewAI | Crews, agents, tasks, processes | Art. 14 (oversight), Art. 12 (logging), Art. 11 (docs) |
384
+ | AutoGen | Agents, group chat, function/code execution | Art. 50 (transparency), Art. 12 (logging), Art. 9 (risk) |
385
+ | LangGraph | State graphs, conditional edges, tool nodes, checkpoints | Art. 12 (logging), Art. 11 (docs), Art. 14 (oversight) |
386
+
387
+ ## Compliance Coverage
388
+
389
+ ComplianceAgent checks the following EU AI Act articles and reports a per-article
390
+ status (Met / Partial / Missing / Not applicable):
391
+
392
+ | Article | Title | When Applicable |
393
+ |---------|-------|-----------------|
394
+ | 6 | High-risk definition | High-risk tier |
395
+ | 7 | Conformity assessment | High-risk tier |
396
+ | 9 | Risk management | High-risk tier |
397
+ | 10 | Data governance | Data processing or high-risk tier |
398
+ | 11 | Technical documentation | Any AI usage |
399
+ | 12 | Record-keeping | Any AI usage |
400
+ | 13 | Transparency to deployers | User-facing systems |
401
+ | 14 | Human oversight | Agentic patterns or high-risk tier |
402
+ | 15 | Accuracy, robustness, cybersecurity | Any AI usage |
403
+ | 26 | Provider obligations | High-risk tier |
404
+ | 28 | Distributor obligations | Deployment artifacts present |
405
+ | 50 | User transparency | User-facing AI |
406
+
407
+ ## Fix Templates
408
+
409
+ ComplianceAgent doesn't just find problems — it ships solutions. Every gap maps to
410
+ a real, copy-pasteable template ([index](templates/README.md)):
411
+
412
+ | Article | Template | Purpose |
413
+ |---------|----------|---------|
414
+ | 50 | `transparency_notice.py` | AI interaction disclosure (decorator + ASGI middleware) |
415
+ | 50 | `content_marking.py` | Machine-readable AI content marking |
416
+ | 50 | `deepfake_disclosure.py` | Synthetic media labeling |
417
+ | 12 | `event_logging.py` | AI event logging with retention + cleanup |
418
+ | 14 | `human_oversight.py` | Human-in-the-loop checkpoints with audit trail |
419
+ | 9 | `risk_management.py` | Risk register and review cycle |
420
+ | 10 | `data_governance.py` | Dataset provenance cards |
421
+ | 11 | `technical_documentation.py` | Annex IV technical documentation generator |
422
+
423
+ Each template is fully working Python (compile-checked in CI), well-commented, and
424
+ framework-agnostic (FastAPI, Flask, Streamlit).
425
+
426
+ ## PDF Reports
427
+
428
+ Generate an audit-ready PDF for compliance teams, legal, or auditors:
429
+
430
+ ```bash
431
+ compliance-agent scan . --format pdf
432
+ # Report saved to: compliance-report-myproject.pdf
433
+
434
+ # Or the dedicated report command (PDF or Markdown, custom path)
435
+ compliance-agent report . --output audit-2026.pdf
436
+ ```
437
+
438
+ The PDF includes a cover page, an executive summary with a risk-tier badge and
439
+ metrics, a risk assessment with deadlines, a color-coded findings table, compliance
440
+ gaps with remediation steps, fix recommendations with code snippets, and an EU AI
441
+ Act reference appendix.
442
+
443
+ > PDF generation uses [WeasyPrint](https://weasyprint.org/), which needs the pango
444
+ > native libraries: `brew install pango` (macOS — run with
445
+ > `DYLD_FALLBACK_LIBRARY_PATH=/opt/homebrew/lib` if needed) or
446
+ > `apt install libpango-1.0-0 libpangoft2-1.0-0` (Debian/Ubuntu). Markdown and JSON
447
+ > formats work without it.
448
+
449
+ ## CI/CD Integration
450
+
451
+ **GitHub Actions**
452
+
453
+ ```yaml
454
+ - name: EU AI Act Compliance Check
455
+ run: |
456
+ pip install compliance-agent
457
+ compliance-agent scan . --ci --fail-on high
458
+ ```
459
+
460
+ **Pre-commit hook**
461
+
462
+ ```yaml
463
+ # .pre-commit-config.yaml
464
+ repos:
465
+ - repo: https://github.com/latreon/compliance-agent
466
+ rev: v0.1.0
467
+ hooks:
468
+ - id: compliance-agent-scan
469
+ args: [--fail-on, high]
470
+ ```
471
+
472
+ ## Common Questions
473
+
474
+ **Is this legal advice?**
475
+ No. It's a technical tool that checks your code. Consult a lawyer for legal advice.
476
+
477
+ **Will this slow down my CI/CD?**
478
+ No. It takes about 5 seconds on most projects.
479
+
480
+ **What if I'm not in the EU?**
481
+ If you serve EU users, you still need to comply. The EU AI Act applies to anyone
482
+ providing AI to EU residents.
483
+
484
+ **What if I find issues?**
485
+ The tool gives you exact code fixes. Copy the templates into your project and
486
+ re-run the scan.
487
+
488
+ **Can I use this in production?**
489
+ Yes. Add it to your CI/CD pipeline to catch issues automatically.
490
+
491
+ ## Troubleshooting
492
+
493
+ Common problems and fixes are in the [Troubleshooting guide](docs/TROUBLESHOOTING.md).
494
+ Quick hits:
495
+
496
+ - **`command not found: compliance-agent`** → run `python -m compliance_agent scan .`
497
+ - **PDF generation fails** → `brew install pango` (macOS), or just use
498
+ `--format markdown` / `--format json`
499
+ - **Too many findings** → `--exclude "tests/*"` or `--severity high`
500
+
501
+ ## Development
502
+
503
+ ```bash
504
+ git clone https://github.com/latreon/compliance-agent.git
505
+ cd compliance-agent
506
+ uv sync
507
+ uv run pytest # tests with coverage
508
+ uv run compliance-agent scan . # dogfood: scan this repo
509
+ ```
510
+
511
+ ## Contributing
512
+
513
+ Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md).
514
+
515
+ Priority areas:
516
+
517
+ - New detector patterns (LlamaIndex, Haystack)
518
+ - Additional templates for other articles
519
+ - Integration with more AI frameworks
520
+ - Documentation improvements
521
+
522
+ ## Roadmap
523
+
524
+ - [ ] PyPI release + GitHub Action on the Marketplace
525
+ - [ ] Project config file (`compliance.yaml`) for declared posture and scan defaults
526
+ - [ ] SARIF output for GitHub code scanning integration
527
+ - [ ] JS/TS project scanning
528
+
529
+ ## Resources
530
+
531
+ - [EU AI Act (Regulation (EU) 2024/1689) — full text](https://eur-lex.europa.eu/eli/reg/2024/1689/oj)
532
+ - [EU AI Act explorer](https://artificialintelligenceact.eu/)
533
+
534
+ ## License
535
+
536
+ MIT License — see [LICENSE](LICENSE).
537
+
538
+ ## Disclaimer
539
+
540
+ This tool provides technical analysis, not legal advice. Consult qualified legal
541
+ counsel for EU AI Act compliance decisions.