I’m building Sentinel, an independent engineering project focused on the technical requirements of the EU AI Act.
Most compliance tools today are LLM-wrappers. The problem is that LLMs are non-deterministic—using an LLM to audit another LLM for legal compliance creates a circular dependency that doesn't hold up under technical scrutiny.
Sentinel follows a 90/10 Radical Efficiency rule: 90% of the audit is handled by a deterministic engine (Regex, Tree-sitter, and WebAssembly) that runs at $0 computational cost. We use AI only for the remaining 10% of high-level reasoning.
The Baseline Audit:
I recently ran a baseline audit on 265 major AI repositories (including vLLM, Dify, and Microsoft OSS components). Most scored 100/100 on our Risk Scale because they lack an automated "Technical File" (Article 11) or verifiable audit trails.
Technical Stack:
Privacy-First: The core binary is compiled in WASM. It executes locally in your GitHub Actions runner. Your source code never leaves your infrastructure.
Edge-Native: We use Cloudflare D1 for the immutable ledger and Workers for the signed integrity reports.
Artifact-Based: It turns Article 11 compliance into a standard build artifact (a signed JSON/Markdown file).
I’m moving away from the "SaaS subscription" model towards a "Sovereign Asset" approach—the logic is compiled, the execution is local, and compliance is a deterministic outcome of the build process.
I’d love to hear your thoughts on using WASM for local regulatory auditing.
I’m building Sentinel, an independent engineering project focused on the technical requirements of the EU AI Act.
Most compliance tools today are LLM-wrappers. The problem is that LLMs are non-deterministic—using an LLM to audit another LLM for legal compliance creates a circular dependency that doesn't hold up under technical scrutiny.
Sentinel follows a 90/10 Radical Efficiency rule: 90% of the audit is handled by a deterministic engine (Regex, Tree-sitter, and WebAssembly) that runs at $0 computational cost. We use AI only for the remaining 10% of high-level reasoning.
The Baseline Audit: I recently ran a baseline audit on 265 major AI repositories (including vLLM, Dify, and Microsoft OSS components). Most scored 100/100 on our Risk Scale because they lack an automated "Technical File" (Article 11) or verifiable audit trails.
Technical Stack:
Privacy-First: The core binary is compiled in WASM. It executes locally in your GitHub Actions runner. Your source code never leaves your infrastructure.
Edge-Native: We use Cloudflare D1 for the immutable ledger and Workers for the signed integrity reports.
Artifact-Based: It turns Article 11 compliance into a standard build artifact (a signed JSON/Markdown file).
I’m moving away from the "SaaS subscription" model towards a "Sovereign Asset" approach—the logic is compiled, the execution is local, and compliance is a deterministic outcome of the build process.
I’d love to hear your thoughts on using WASM for local regulatory auditing.