Stop manual audits → Start shipping.
OpenComplAI brings EU AI Act compliance directly into your CI/CD pipeline, turning fragmented legal mandates into automated, machine-readable "Pre-Ship Checks."
Watch the OpenComplAI demo (MP4)
Traditional GRC tools are disconnected dashboards that create "velocity tax." We shift compliance left:
- Prevent Non-Compliance: Gate releases by blocking builds that violate safety rules.
- Automated Evidence: Generate audit-ready logs automatically for every deployment.
- Framework-Agnostic: Built to adapt to evolving global standards (EU AI Act, NIST RMF, ISO).
- Define: Create a compliance manifest for your model.
- Integrate: Add the OpenComplAI action to your GitHub/GitLab pipeline.
- Ship: Get an automated "Pass/Fail" result before your code ever hits production.
Check out our Dummy Repo (Sandbox) – Test how we catch AI errors without risking your production code.
opencomplai-core: The rule engine that evaluates controls.opencomplai-cli: Run checks locally in your dev environment.opencomplai-sdk: Programmatically embed compliance into your custom internal tooling.
Get your first compliance check running in under 15 minutes:
pip install opencomplaiThis installs the CLI, core rule engine, and SDK with a stable API contract (see CHANGELOG for exit-code and artifact-schema guarantees).
For contributors who want to work from a checkout instead, install from source — the
core, cli, and sdk-python packages must be installed together:
git clone https://github.com/Opencomplai/opencomplai
cd opencomplai
pip install -e packages/core -e packages/cli -e packages/sdk-python
# or, with uv: uv syncThen run a first assessment:
opencomplai init --system-id my-model --intended-purpose "customer support chatbot"
opencomplai checkOr try it with zero setup first — opencomplai scan --quick . runs a discovery-only
scan with no manifest required and never gates your build:
opencomplai scan --quick .Add Opencomplai to your own .pre-commit-config.yaml to run the quick scan (or the
full compliance gate, once you have a manifest) on every commit:
repos:
- repo: https://github.com/Opencomplai/opencomplai
rev: v0.1.2
hooks:
- id: opencomplai-quick-scan # discovery only, never fails the commit
# - id: opencomplai-check # full EU AI Act gate — requires system-manifest.jsonFull Docker-based deployment is documented in docs/src/deployment/quickstart.md.
We are currently in a Closed Beta Pilot. If you are an AI engineer or ML platform lead, we want your feedback.
- Join our Developer Discord — discuss EU AI Act workflows, pipeline integration, and stress-test the engine with other MLOps engineers
- Report a bug · Request a feature
- LinkedIn · Reddit research community
Not sure whether the EU AI Act applies to your system, or which obligations you carry as a provider versus a deployer? Use the interactive EU AI Act Checker — a browser-based wizard covering scope, high-risk classification, GPAI, and obligations. No account needed. Or run it locally:
opencomplai checker --web # opens the hosted docs page
opencomplai checker --web --local # serves a self-contained copy offline| Component | Kind | Responsibility |
|---|---|---|
| core | package | Risk assessment primitives and policy mapping logic (no HTTP). |
| cli | package | Command-line interface that runs local checks and orchestrates workflows. |
| sdk-python | package | Python SDK that wraps the core and provides a stable integration surface. |
| gateway-api | service | HTTP entrypoint for multi-service deployments; request validation and routing. |
| risk-engine | service | Risk classification execution and rules evaluation as a service. |
| evidence-vault | service | Evidence storage with immutability guarantees and content-addressed artifacts. |
| doc-generator | service | Dossier/document generation (e.g. Annex IV-style outputs) from stored evidence. |
| egress-proxy | service | Allowlisted egress enforcement for controlled external connectivity. |
opencomplai/
├── packages/
│ ├── core/ # Risk assessment engine — Python, Pydantic v2, no HTTP
│ ├── cli/ # CLI tool — Typer + Rich, calls core or gateway-api
│ └── sdk-python/ # Python SDK — pip-installable, wraps core
├── services/
│ ├── gateway-api/ # REST API — Node.js + TypeScript + Fastify (OpenAPI-first)
│ ├── risk-engine/ # Risk classification service — Python + FastAPI
│ ├── evidence-vault/ # Immutable ledger + CAS — Python + FastAPI + PostgreSQL
│ ├── doc-generator/ # Annex IV dossier generator — Python + FastAPI
│ └── egress-proxy/ # Allowlisted egress enforcer — Python + FastAPI
├── tools/
│ └── verify-ledger/ # Evidence ledger chain verification tool
├── infra/
│ ├── docker/ # Dockerfiles (one per service)
│ ├── compose/ # Docker Compose reference deployment + .env.example
│ └── migrations/ # Alembic database migrations
├── docs/ # MkDocs documentation (published via GitHub Actions)
├── examples/ # Working code examples
├── scripts/ # bootstrap.sh, doctor.py, verify-sbom.sh
└── .github/
├── workflows/ # GitHub Actions CI workflows
├── ISSUE_TEMPLATE/
└── pull_request_template.md
Opencomplai is open-core:
- Community Edition — this repository, licensed under AGPL-3.0. The full risk assessment engine, CLI, SDK, services, and EU AI Act checker.
- Enterprise Edition — a hosted premium dashboard, single sign-on, additional rule engines, and commercial support, available under a commercial licence. See opencomplai.com for details.
See CONTRIBUTING.md for development setup, workflow conventions, and code
style. Look for issues labelled good first issue to find starter-sized contributions. All
contributors sign the Contributor Licence Agreement.
Opencomplai's classification logic is fully deterministic and rule-based. No LLM or ML inference is used in production.
All dependency files are scanned in CI to enforce this policy. See docs/security/ai-inventory.md for the full inventory and the process for approving future AI dependencies.
Opencomplai Community Edition is licensed under the GNU Affero General Public Licence v3.0 (AGPL-3.0) — see LICENSE. For use cases that the AGPL does not fit, a commercial licence is available as part of the Enterprise Edition; contact us via opencomplai.com.