⚠️
Demo dossier — synthetic runtime data. These audits are published for demonstration purposes. Runtime traces were synthetically generated to illustrate the behavioral audit methodology. Systems are anonymised. Full production dossiers with live execution evidence are available under NDA — contact@factnotebook.com
⚠️
STATIC ANALYSIS — Limited confidence Code and documentation were analysed statically — the audit engine did not execute the system live. Where session traces were provided, behavioural findings derive from those traces, not from live execution. Some verdicts rely on heuristic signals and are labelled accordingly; they may not reflect actual runtime behaviour. For a full technical dossier with executable evidence and SHA-256 seal, contact contact@factnotebook.com.

System DNA Report

agents-for-openbb

Audit ID: CSVA-20260614-9BE11290 | Generated: 2026-06-17 09:47 UTC

Technical topology, AI density, dependency exposure, and structural health analysis.


6. 🧬 SYSTEM DNA (ANNEXE EXPERTE)


A. CARTOGRAPHIE ET TOPOLOGIE DE L'ACTIF

L'analyse a révélé la structure physique, et a extrait la densité de l'intelligence embarquée.
Indicateur DNA Diagnostic Expert Valeur / Score
Topology 🕸️ MICRO-MESH See glossary below
Code Maturity MODERATE Core logic / boilerplate ratio
AI Logic Density 30.0% AI Density = AI-logic LOC / Total LOC
Normalized Complexity Index 0.05 / 1.0 Normalized Complexity Index = raw McCabe complexity / max observed. Raw complexity: 1 = trivial, 5-10 = moderate, >20 = high risk.
Technical Maturity Index 78.21 / 100 Formula: 30% doc coverage + 30% implementation + 20% dependency health + 20% governance
Structural Debt 21.8% derived from skeleton pattern analysis
Deployment Exposure Cloud indicators detected Confidence: Moderate — inferred from 7 technical signals (cloud APIs, CDN, remote endpoints). Does not assert actual data residency or hosting location.

Topology Glossary:

Type Criteria Characteristics
MONOLITH < 20 modules Single deployable unit, low coupling
MODULAR 20–100 modules Distinct components, moderate coupling
MICRO-MESH > 100 interconnected modules High modularity, distributed logic
DISTRIBUTED Multi-service architecture Service boundaries, network communication

B. DOCUMENTATION FIDELITY INDEX (DFI)

⚠️ DFI ≠ Compliance Score. These are two independent dimensions:
- DFI measures truthfulness — does the documentation make claims the code contradicts?
- Compliance Score measures evidence maturity — how strongly are required controls proven?
A system can have DFI=100% (no false claims) and still score 54/100 (insufficient evidence). Both are expected when governance documentation is absent.

The **Documentation Fidelity Index** measures whether documented controls are contradicted by actual code.

DFI Score : 100.0%
Interpretation : ✅ High Fidelity — no documented controls were contradicted by code.

Formula:
```
DFI = controls_where_DOC_and_CODE_agree / controls_where_DOC_makes_a_claim × 100

DFI = 100%  → documentation makes no false claims (but may be silent on many controls)
DFI < 100%  → documentation asserts compliance that code does not support (❌ ABSENT risk)

Note: DFI is unaffected by controls absent from both DOC and CODE.
Those are Evidence Coverage Gaps — a separate metric.
```

No true DOC↔CODE contradictions detected — documentation does not claim controls that code contradicts. SCI = 100% is valid.

Evidence gaps (6 shown) — not observed in analysed artefacts:

ℹ️ No evidence of these controls was found in the analysed artefacts (source code, configuration, documentation). This does not assert they are absent from the full system — only that no evidence was detected in the current audit scope. These gaps increase the Evidence Coverage deficit but do not reduce the Documentation Fidelity Index (DFI), since no false claims were detected.

Control Article Status
Agent Over Privilege Article 14 ABSENT
Cyber Pickle Risk Article 15 ABSENT
Error Handling Article 15 ABSENT
Prompt Guardrail Article 15 ABSENT
Risk Mitigation Article 9 ABSENT
Audit Trail Article 12 ABSENT
    La Semantic Collision Index (100.00%) mesure les contradictions actives CODE ↔ DOC. Un score élevé indique l'absence de direct collision. L'écart d'intégrité de 100.00% reflète les points sans implémentation technique (promesses documentaires seules), et non des contradictions volontaires.

C. TECHNICAL FOOTPRINT & CRITICAL DEPENDENCIES

Software supply chain analysis identified by the collision engine:

D. FOUR-AXIS ASSESSMENT SUMMARY

These four axes are independent — a system can score well on one axis and poorly on another.
High documentation fidelity (Axis C) does not imply regulatory compliance (Axis A).

Axis Score What it measures
A — Regulatory Compliance 79 / 100 EU AI Act article-level conformance (Art. 9-15 evidence found vs. required)
B — Evidence Strength **72.5 ** Runtime or static evidence quality (E0-E6 levels)
C — Documentation Fidelity 100.0% DOC-CODE consistency — DFI / SCI (absence of contradictions, ≠ completeness)
D — Technical Maturity 78.21 / 100 Software architecture quality (complexity, debt, dependency health)

⚠️ Reading guide: "Regulatory Compliance = 79/100"
means EU AI Act controls are 79% evidenced across audited articles.
"Documentation Fidelity = 100.0%" means documentation and code are consistent
— it does
not mean the system is compliant.
A high Axis C with a low Axis A means:
honest documentation of an incomplete implementation**.


E. COMPONENT SEGMENTATION

Segmentation from static code analysis — must sum to 100%.
Component % Definition
CORE LOGIC 32.0% Weights, prompts, decision algorithms, inference logic
STUB_IMPLEMENTATION 21.8% Structural code without business value (stubs, generated code, boilerplate)
SUPPORT 16.7% API connectors, database drivers, interfaces
OTHER / UNCLASSIFIED 29.5% Documentation, config, test infrastructure

Expert Note: Architecture topology detected: 🕸️ MICRO-MESH.
✅ Balance between sovereign code and third-party services is acceptable.
Structural debt of 21.8% (derived from skeleton pattern analysis) requires technical documentation update to reflect actual system state (Art. 11).

    # 🧠 SANTÉ TECHNIQUE DE L'ACTIF

📌 INTERMEDIATE SYSTEM

⚖️ Regulatory Status

REQUIRES_REVIEW

🧩 Classification AI Act

UNCERTAIN_COMPLIANCE


📊 Compliance Score

57.2 / 100

⚠️ Risk level

MEDIUM


🧠 Analyse

Hybrid state requiring additional audit


LEGAL STATUS: TECHNICAL EVIDENCE REPORT — This document is an automated factual report. It documents technical alignment with EU AI Act control points. It does not constitute legal advice or regulatory certification.

Methodology Notice
Evidence levels (E0–E5), contradiction detection, assurance scoring and control mapping are defined in the FactNotebook Technical Evidence Framework.
View methodology →
💬 Feedback
Does this report convince you? ×