HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sentinel_ai_act

no profile record

Submissions

[untitled]

1 points·by sentinel_ai_act·4 tháng trước·0 comments

Show HN: Sentinel – Deterministic WASM Auditor for EU AI Act Compliance

github.com
2 points·by sentinel_ai_act·4 tháng trước·2 comments

[untitled]

1 points·by sentinel_ai_act·4 tháng trước·0 comments

comments

sentinel_ai_act
·4 tháng trước·discuss
A few more technical details for those interested:

Why Rust/WASM? I needed the audit to be lightning-fast and portable across different CI environments without requiring the user to install complex dependencies. WASM allowed me to package the entire Tree-sitter logic into a single, sandboxed binary that runs locally.

Deterministic Logic: We map specific code patterns and metadata (model provenance, data usage) against the Article 11 requirements of the EU AI Act. If the manifest doesn't change, the hash doesn't change—making it a reliable build artifact.

The Edge Layer: While the audit is local, we use Cloudflare D1 for the immutable ledger to sign the integrity reports, ensuring they are tamper-proof.

I'm here to answer any questions about the WASM implementation or how we're translating the EU AI Act into deterministic code!
sentinel_ai_act
·4 tháng trước·discuss
Hi HN,

I’m building Sentinel, an independent engineering project focused on the technical requirements of the EU AI Act.

Most compliance tools today are LLM-wrappers. The problem is that LLMs are non-deterministic—using an LLM to audit another LLM for legal compliance creates a circular dependency that doesn't hold up under technical scrutiny.

Sentinel follows a 90/10 Radical Efficiency rule: 90% of the audit is handled by a deterministic engine (Regex, Tree-sitter, and WebAssembly) that runs at $0 computational cost. We use AI only for the remaining 10% of high-level reasoning.

The Baseline Audit: I recently ran a baseline audit on 265 major AI repositories (including vLLM, Dify, and Microsoft OSS components). Most scored 100/100 on our Risk Scale because they lack an automated "Technical File" (Article 11) or verifiable audit trails.

Technical Stack:

Privacy-First: The core binary is compiled in WASM. It executes locally in your GitHub Actions runner. Your source code never leaves your infrastructure.

Edge-Native: We use Cloudflare D1 for the immutable ledger and Workers for the signed integrity reports.

Artifact-Based: It turns Article 11 compliance into a standard build artifact (a signed JSON/Markdown file).

I’m moving away from the "SaaS subscription" model towards a "Sovereign Asset" approach—the logic is compiled, the execution is local, and compliance is a deterministic outcome of the build process.

I’d love to hear your thoughts on using WASM for local regulatory auditing.
sentinel_ai_act
·4 tháng trước·discuss
Hi HN,

I’ve been working on a way to automate the heavy lifting of the EU AI Act for engineering teams. Most "AI Governance" tools are just high-level dashboards, so I built Sentinel-AI-Compliance.

It’s a GitHub Action powered by a WASM-compiled binary. It follows a 90/10 rule: 90% of the audit is solved deterministically (Regex/Tree-sitter) for $0 cost, and AI is only used as a "higher instance" for the remaining 10%.

To test it, I ran Sentinel against 265 high-profile AI repositories (including vLLM, Dify, and Microsoft projects). The results: Over 90% hit a 100/100 Risk Score, primarily due to missing Art. 10 (Data Governance) and Art. 14 (Human Oversight) manifests.

Why WASM?

Privacy-First: The binary runs entirely within your CI/CD pipeline. Your code never leaves your infrastructure.*

Speed: Scans manifest files in milliseconds.*

Deterministic: No LLM hallucinations in the compliance trail.*

This is an independent engineering project focusing on making compliance a "git push" away rather than a legal nightmare.

I’d love to hear your thoughts on the deterministic vs. AI approach to compliance!