@radu_api/sentinel-scan

v1.2.17

Published

2 days ago

Deterministic AI compliance infrastructure for the EU AI Act. Offline WebAssembly CLI that audits AI systems, manifests, and technical documentation for regulatory alignment.

0High
0Medium
0Low

radu_api

ai-compliance eu-ai-act devsecops ai-governance sarif github-actions audit policy-engine wasm offline-scanner trustworthy-ai

Sentinel Scan

Deterministic AI compliance scanner for the EU AI Act.

Run local audits on AI systems, manifests, and documentation.
Works offline. No external API calls. No telemetry by default.

Install

npm install -g @radu_api/sentinel-scan

Or run instantly:

npx @radu_api/sentinel-scan@latest check --manifest sentinel.manifest.json

Sentinel enforces a zero-ambiguity CLI contract.
Positional arguments are NOT supported.

🚀 Quick Start (Recommended Flow)

# 1. Initialize manifest
npx @radu_api/sentinel-scan@latest init

# 2. (Optional) Discover signals in your project
npx @radu_api/sentinel-scan@latest discover

# 3. Scaffold missing compliance structure
npx @radu_api/sentinel-scan@latest fix --apply

# 4. Run compliance check
npx @radu_api/sentinel-scan@latest check --threshold 90 --manifest sentinel.manifest.json

CLI Usage

Default behavior

Runs a scan on sentinel.manifest.json in the current directory:

npx @radu_api/sentinel-scan@latest

Explicit behavior (recommended)

npx @radu_api/sentinel-scan@latest check --threshold 90 --manifest sentinel.manifest.json

Manifest Example

{
  "app_name": "hr-cv-screening-ai",
  "risk_category": "high",
  "declared_flags": [
    "transparency_disclosure_provided",
    "user_notification_ai_interaction"
  ],
  "human_oversight": {
    "description": "Human reviewer monitors decisions and can override outputs."
  },
  "oversight_evidence_path": "docs/compliance/human_oversight.md",
  "logging_capabilities": {
    "enabled": true,
    "events_logged": ["input", "output", "decision"]
  },
  "logging_evidence_path": "docs/compliance/data_governance.md"
}

Required Supporting Documents

For high-risk systems:

docs/compliance/risk_assessment.md (Art. 9)
docs/compliance/human_oversight.md (Art. 14)
docs/compliance/data_governance.md (Art. 20)

Example Output

Sentinel Check: PASS
Score: 100/100
Risk Category: high

Verified Articles:
Art. 9, Art. 13, Art. 14, Art. 20

Verified Articles indicate substantiated requirements.
They do NOT imply full legal compliance.

Risk Model

Minimal → Basic transparency (Art. 13)
Limited → Transparency + evidence required
High-Risk → Full coverage (Art. 9, 13, 14, 20)
Unacceptable → Immediate HARD FAIL

Policy System

Sentinel uses deterministic policy resolution:

Local: sentinel.policy.json
Fallback: internal default policy

Used ONLY when no local policy exists to ensure consistent CI behavior.

CI Integration

- name: Sentinel Compliance Scan
  run: npx @radu_api/sentinel-scan@latest check --manifest sentinel.manifest.json

Returns:

0 → pass
non-zero → failure

Philosophy

Deterministic
Explainable
Offline-first
Standard-aligned (EU AI Act 2024/1689)