Audience: Developers · DevSecOps · Platform · Forensic teams
This report contains execution details, data flows, system topology and the traceability of generated tests. It complements the Regulatory Report.
It is not intended for regulators, executives or investors.
⚠️ No AI Act-impacting technical workflow detected.
L'analyse a révélé la structure physique, et a extrait la densité de l'intelligence embarquée.
| Indicateur DNA | Diagnostic Expert | Valeur / Score |
|---|---|---|
| Topology | 🕸️ MICRO-MESH | See glossary below |
| Code Maturity | MODERATE | Core logic / boilerplate ratio |
| AI Logic Density | 30.0% | AI Density = AI-logic LOC / Total LOC |
| Normalized Complexity Index | 0.05 / 1.0 | Normalized Complexity Index = raw McCabe complexity / max observed. Raw complexity: 1 = trivial, 5-10 = moderate, >20 = high risk. |
| Technical Maturity Index | 78.21 / 100 | Formula: 30% doc coverage + 30% implementation + 20% dependency health + 20% governance |
| Structural Debt | 21.8% | derived from skeleton pattern analysis |
| Deployment Exposure | Cloud indicators detected | Confidence: Moderate — inferred from 7 technical signals (cloud APIs, CDN, remote endpoints). Does not assert actual data residency or hosting location. |
Topology Glossary:
| Type | Criteria | Characteristics |
|---|---|---|
| MONOLITH | < 20 modules | Single deployable unit, low coupling |
| MODULAR | 20–100 modules | Distinct components, moderate coupling |
| MICRO-MESH | > 100 interconnected modules | High modularity, distributed logic |
| DISTRIBUTED | Multi-service architecture | Service boundaries, network communication |
⚠️ DFI ≠ Compliance Score. These are two independent dimensions:
- DFI measures truthfulness — does the documentation make claims the code contradicts?
- Compliance Score measures evidence maturity — how strongly are required controls proven?
A system can have DFI=100% (no false claims) and still score 54/100 (insufficient evidence). Both are expected when governance documentation is absent.
The **Documentation Fidelity Index** measures whether documented controls are contradicted by actual code.
DFI Score : 100.0%
Interpretation : ✅ High Fidelity — no documented controls were contradicted by code.
Formula:
```
DFI = controls_where_DOC_and_CODE_agree / controls_where_DOC_makes_a_claim × 100
DFI = 100% → documentation makes no false claims (but may be silent on many controls)
DFI < 100% → documentation asserts compliance that code does not support (❌ ABSENT risk)
Note: DFI is unaffected by controls absent from both DOC and CODE.
Those are Evidence Coverage Gaps — a separate metric.
```
✅ No true DOC↔CODE contradictions detected — documentation does not claim controls that code contradicts. SCI = 100% is valid.
Evidence gaps (6 shown) — not observed in analysed artefacts:
ℹ️ No evidence of these controls was found in the analysed artefacts (source code, configuration, documentation). This does not assert they are absent from the full system — only that no evidence was detected in the current audit scope. These gaps increase the Evidence Coverage deficit but do not reduce the Documentation Fidelity Index (DFI), since no false claims were detected.
| Control | Article | Status |
|---|---|---|
| Agent Over Privilege | Article 14 | ABSENT |
| Cyber Pickle Risk | Article 15 | ABSENT |
| Error Handling | Article 15 | ABSENT |
| Prompt Guardrail | Article 15 | ABSENT |
| Risk Mitigation | Article 9 | ABSENT |
| Audit Trail | Article 12 | ABSENT |
La Semantic Collision Index (100.00%) mesure les contradictions actives CODE ↔ DOC. Un score élevé indique l'absence de direct collision. L'écart d'intégrité de 100.00% reflète les points sans implémentation technique (promesses documentaires seules), et non des contradictions volontaires.
Software supply chain analysis identified by the collision engine:
Not detectedNoneThese four axes are independent — a system can score well on one axis and poorly on another.
High documentation fidelity (Axis C) does not imply regulatory compliance (Axis A).
| Axis | Score | What it measures |
|---|---|---|
| A — Regulatory Compliance | 79 / 100 | EU AI Act article-level conformance (Art. 9-15 evidence found vs. required) |
| B — Evidence Strength | **72.5 ** | Runtime or static evidence quality (E0-E6 levels) |
| C — Documentation Fidelity | 100.0% | DOC-CODE consistency — DFI / SCI (absence of contradictions, ≠ completeness) |
| D — Technical Maturity | 78.21 / 100 | Software architecture quality (complexity, debt, dependency health) |
⚠️ Reading guide: "Regulatory Compliance = 79/100"
means EU AI Act controls are 79% evidenced across audited articles.
"Documentation Fidelity = 100.0%" means documentation and code are consistent
— it does not mean the system is compliant.
A high Axis C with a low Axis A means: honest documentation of an incomplete implementation**.
Segmentation from static code analysis — must sum to 100%.
| Component | % | Definition |
|---|---|---|
| CORE LOGIC | 32.0% | Weights, prompts, decision algorithms, inference logic |
| STUB_IMPLEMENTATION | 21.8% | Structural code without business value (stubs, generated code, boilerplate) |
| SUPPORT | 16.7% | API connectors, database drivers, interfaces |
| OTHER / UNCLASSIFIED | 29.5% | Documentation, config, test infrastructure |
Expert Note: Architecture topology detected: 🕸️ MICRO-MESH.
✅ Balance between sovereign code and third-party services is acceptable.
Structural debt of 21.8% (derived from skeleton pattern analysis) requires technical documentation update to reflect actual system state (Art. 11).
# 🧠 SANTÉ TECHNIQUE DE L'ACTIF
REQUIRES_REVIEW
UNCERTAIN_COMPLIANCE
57.2 / 100
MEDIUM
Hybrid state requiring additional audit
This section lists the executable tests generated by CAMSVA for each regulatory obligation. It constitutes the behavioural evidence dossier presentable to the notified body or regulator.
Evidence strength scale: E0 = absent · E1 = declared (documentation claim only) · E2 = implemented (code artifact detected) · E3 = tested (automated test evidence) · E4 = executed (runtime trace available) · E5 = verified (runtime + cryptographic seal)
Traceability chain: Article → Paragraph → Regulatory Obligation → Control Objective → Checkpoint → Test Evidence → Verdict. Each row below traces a single checkpoint from the EU AI Act text through the control it verifies to the executable test result.
Summary: 69 tests across 74 control mappings — ✅ 0 PASSED · ❌ 74 FAILED · ⏭️ 0 SKIPPED (per mapping) — 0.0 %
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 10 §5 | ensuring bias monitoring, detection and correction… | Bias Metrics | Presence of bias metrics (fairness metrics) in reports or co… | test_FACT_BIAS_METRICS_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §3 | Training, validation and testing data sets shall b… | Data Cleansing & Anonymisation | Presence of data sanitization pipelines (PII scrubbing, anon… | test_FACT_DATA_SANITIZATION_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §2 | appropriate data governance and management practic… | Physical Dataset Existence | Presence of real data files used for training or testing. | test_FACT_DATASET_ARTIFACT_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §3 | training, validation and testing data sets shall b… | Balancing & Representativeness | Presence of a sample analysis to verify labels/metadata prov… | test_FACT_DATASET_BALANCING_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §2(e) | examination in view of possible biases that are li… | Data Traceability | Documentation of the complete data flow (source to transform… | test_FACT_DATA_LINEAGE_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §2(f) | appropriate data governance and management practic… | Dataset Quality | Explicit definition of quality criteria (completeness, accur… | test_FACT_DATA_QUALITY_DOC_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §2(b) | data collection processes and the origin of data | Data Inventory | Existence of a registry identifying data sources, types and … | test_FACT_DATA_REGISTRY_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §5 + RGPD Art. 25 | strictly necessary for the purpose of ensuring bia… | PII Masking Before External Transmission | Verification (via Lineage) that sensitive data flows pass th… | test_query_FACT_PII_MASKING[Ex\xe9cution nominale avec un message utilisateur valide-N/A-Donn\xe9e toujours RAW_UNTRUSTED apr\xe8s PII Masking Before External Transmission \u2014 finding potentiel-Succ\xe8s-kwargs0-corrupted_files0-mock_injections0-assert spy['dump'].called or spy['csv'].called, '\U0001f534 Aucun artefact produit \u2014 fonction void avec side-effects attendus'-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 10 §5 | ensuring bias monitoring, detection and correction… | Bias Metrics | Presence of bias metrics (fairness metrics) in reports or co… | test_FACT_BIAS_METRICS_behavioral |
❌ FAILED | 1780148701.9348292 |
| Art. 10 §5 + RGPD Art. 25 | strictly necessary for the purpose of ensuring bia… | PII Masking Before External Transmission | Verification (via Lineage) that sensitive data flows pass th… | test_FACT_PII_MASKING_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 11 §1 + Annexe IV §2(b) | description of the system's components and of the … | Model Card | Presence of a model technical sheet (intended use, limits, p… | test_FACT_MODEL_CARD_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 11 §1 + Annexe IV §1 | general description of the AI system including its… | System Architecture | Complete description (architecture, components, flows) detec… | test_FACT_SYSTEM_DESCRIPTION_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 11 §1 | technical documentation [...] shall be drawn up be… | Version Management | Versioning mechanisms (tags, version numbers, branches) dete… | test_FACT_VERSIONING_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 11 §1 + Annexe IV §1 | general description of the AI system including its… | System Architecture | Complete description (architecture, components, flows) detec… | test_FACT_SYSTEM_DESCRIPTION_L2_doc_artifact |
❌ FAILED | 1780147430.691141 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 12 §2 | traceability of the AI system's functioning [...] … | Decision Record Structure | Each automated decision must be recorded with accountability… | test_query_FACT_DECISION_RECORD_AR[AR: Decision Record [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Decision Record Structure | ABSENT : Aucun enregistrement de d\xe9cision automatis\xe9e avec les champs dimputabilit\xe9 requis.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §2 | level of traceability [...] appropriate to the int… | Audit Trail | Traceability mechanisms for critical events (audit trail) in… | test_FACT_AUDIT_TRAIL_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §1 | High-risk AI systems shall technically allow for t… | Logging Implementation | Presence of log generation instructions (log.info, log.error… | test_FACT_LOG_IMPLEMENTATION_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §2 | appropriate level of traceability of the AI system… | Logging Integrity | Verifies that logging functions are not empty shells (pass) … | test_FACT_LOG_INTEGRITY_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §2 | traceability of the AI system's functioning [...] … | Decision Record Structure | Each automated decision must be recorded with accountability… | test_correlation_id_present |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §1 + §2 | logging capabilities shall ensure a level of trace… | Storage Definition | Identification of log storage mechanisms and locations (file… | test_FACT_LOG_ARTIFACTS_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §1 | automatic recording of events throughout the lifet… | Real Execution Traces | Presence of recent log files (e.g. .log, .jsonl, .txt) demon… | test_FACT_LOG_ARTIFACT_DETECTED_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 12 §4 | providers [...] shall keep the logs [...] for a pe… | Log Retention Policy | Explicit definition of log retention duration (minimum 6 mon… | test_FACT_LOG_RETENTION_POLICY_coverage_gap |
❌ FAILED | 1780081970.7900453 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 13 §1 | sufficiently transparent to enable deployers to in… | System Explainability | Documentation of elements explaining model decisions or logi… | test_FACT_EXPLAINABILITY_DOC_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 13 §2(b)(vi) | known or foreseeable circumstances [...] in which … | Limitations Disclosure | Explicit identification and communication of known limits an… | test_FACT_LIMITATIONS_DISCLOSURE_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 13 §2(b) | characteristics, capabilities and limitations of p… | User Notice | Presence of an information notice explaining the system oper… | test_FACT_TRANS_NOTICE_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 13 §1 | sufficiently transparent to enable deployers to in… | System Explainability | Documentation of elements explaining model decisions or logi… | test_FACT_EXPLAINABILITY_DOC_L2_static_code |
❌ FAILED | 1780147430.691141 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 14 §1 | effectively overseen by natural persons — a system… | Agent Tool Scope | Analysis of the tool catalogue (tools/functions) provided to… | test_query_FACT_AGENT_OVER_PRIVILEGE_AR[AR: Agent Over Privilege [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Agent Tool Scope | DISABLED : Aucun outil externe nest fourni \xe0 lagent, donc pas de risque de sur-privil\xe8ge.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(d) | decide, in any particular situation, not to use th… | Authority Delegation | Analysis of whether the agent delegates tasks to sub-agents … | test_query_FACT_DELEGATION_RISK_AR[AR: Delegation Risk [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Authority Delegation | DISABLED : Aucune d\xe9l\xe9gation \xe0 des sous-agents ou outils externes, donc pas de risque de d\xe9l\xe9gation non supervi")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(d) | decide, in any particular situation, not to use th… | Human-in-the-Loop Mechanism | Presence of a human approval mechanism before executing crit… | test_query_FACT_HITL_LOOP_AR[AR: Hitl Loop [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Human-in-the-Loop Mechanism | ABSENT : Aucun m\xe9canisme dapprobation humaine avant ex\xe9cution doutils critiques.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(e) | intervene on the operation of the high-risk AI sys… | User Override | Technical capability for a human to modify, reject or block … | test_query_FACT_OVERRIDE_CONTROL_AR[AR: Override Control [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | User Override | ABSENT : Aucune possibilit\xe9 pour un humain de modifier ou rejeter une d\xe9cision automatis\xe9e.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(b) | be aware of the possible tendency of automatically… | Escalation to Human | Detection of a human fallback triggered by low model confide… | test_FACT_HUMAN_FALLBACK_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §1 + §4(c) | effectively overseen by natural persons [...] corr… | Human Validation | Garantie d'une supervision humaine effective (interface de v… | test_FACT_HUMAN_OVERSIGHT_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §1 | effectively overseen by natural persons — a system… | Agent Tool Scope | Analysis of the tool catalogue (tools/functions) provided to… | test_FACT_AGENT_OVER_PRIVILEGE_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(d) | decide, in any particular situation, not to use th… | Authority Delegation | Analysis of whether the agent delegates tasks to sub-agents … | test_FACT_DELEGATION_RISK_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(d) | decide, in any particular situation, not to use th… | Human-in-the-Loop Mechanism | Presence of a human approval mechanism before executing crit… | test_FACT_HITL_LOOP_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(e) | intervene on the operation of the high-risk AI sys… | User Override | Technical capability for a human to modify, reject or block … | test_FACT_OVERRIDE_CONTROL_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(e) | interrupt the system through a 'stop' button or a … | Automatic Blocking Linked to Human Rejection | Human rejection triggers automatic blocking — oversight enfo… | test_FACT_AUTO_BLOCK_LINKED_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Art. 14 §4(e) | intervene on the operation of the high-risk AI sys… | Human Decision Endpoint | An HTTP/API endpoint receives human approval or rejection de… | test_FACT_HUMAN_ENDPOINT_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Art. 14 §1 | effectively overseen by natural persons during the… | Human Approval Gates Execution | Human approval is required before automatic action executes … | test_FACT_HUMAN_GATES_EXECUTION_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Art. 14 §1 + §4(a)(b)(c)(d)(e) | effectively overseen by natural persons [...] full… | Full Workflow Integration | Complete workflow: AI prediction → confidence threshold → hu… | test_FACT_WORKFLOW_INTEGRATION_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 15 §1 | achieve an appropriate level of accuracy, robustne… | Contextual Memory Limitation | Verification that agent memory or conversation history has a… | test_query_FACT_CONTEXT_BOUND_AR[AR: Context Bound [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Contextual Memory Limitation | ABSENT : Aucune borne sup\xe9rieure technique (sliding window, token limit) sur lhistorique des conversations.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Unsafe Serialization Formats | Absence of dangerous deserialisation formats (e.g. Pickle, M… | test_query_FACT_CYBER_PICKLE_RISK_AR[AR: Cyber Pickle Risk [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Unsafe Serialization Formats | DISABLED : Conception saine par d\xe9faut, aucun format de d\xe9s\xe9rialisation dangereux utilis\xe9.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §3 | robustness of high-risk AI systems may be achieved… | Error Handling | Presence of exception handling blocks (try/catch) preventing… | test_query_FACT_ERROR_HANDLING_AR[AR: Error Handling [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Error Handling | ABSENT : Aucune gestion dexception (try/catch) dans le endpoint /v1/query, risque de fuite dinformations tech")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Bypass Detection | Search for execution paths (shortcuts) that allow critical a… | test_query_FACT_GUARDRAIL_BYPASS_AR[AR: Guardrail Bypass [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Bypass Detection | DISABLED : Aucun guardrail nest impl\xe9ment\xe9, donc aucun risque de contournement.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(e) | interrupt the system through a 'stop' button or a … | Execution Limits (Guardrails) | Detection of limits on iterations or execution time to preve… | test_query_FACT_MAX_ITERATIONS_AR[AR: Max Iterations [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Execution Limits (Guardrails) | ABSENT : Aucune limite sur les it\xe9rations ou le temps dex\xe9cution pour \xe9viter les boucles infinies.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Prompt Guardrail / Injection Detection | Verification that user inputs for agents or LLMs pass throug… | test_query_FACT_PROMPT_GUARDRAIL_AR[AR: Prompt Guardrail [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Prompt Guardrail / Injection Detection | ABSENT : Aucune couche de sanitization s\xe9mantique ou guardrail (ex: Llama Guard) pour bloquer les jailbreaks.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §1 | achieve an appropriate level of accuracy, robustne… | Component Obsolescence | Verification that AI libraries and tools used are up to date… | test_FACT_OBSOLETE_TOOLS_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §1 | achieve an appropriate level of accuracy, robustne… | Contextual Memory Limitation | Verification that agent memory or conversation history has a… | test_FACT_CONTEXT_BOUND_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Unsafe Serialization Formats | Absence of dangerous deserialisation formats (e.g. Pickle, M… | test_FACT_CYBER_PICKLE_RISK_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against [...] adversarial attacks or dat… | Secure Format Policy | Presence of a documented policy mandating secure formats (ON… | test_FACT_CYBER_SECURE_FORMAT_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §3 | robustness of high-risk AI systems may be achieved… | Error Handling | Presence of exception handling blocks (try/catch) preventing… | test_FACT_ERROR_HANDLING_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Bypass Detection | Search for execution paths (shortcuts) that allow critical a… | test_FACT_GUARDRAIL_BYPASS_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Input Robustness | Presence of input controls and validation (type checking, sa… | test_FACT_INPUT_VALIDATION_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 14 §4(e) | interrupt the system through a 'stop' button or a … | Execution Limits (Guardrails) | Detection of limits on iterations or execution time to preve… | test_FACT_MAX_ITERATIONS_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against [...] adversarial attacks or dat… | Cybersecurity Audit | External security scan report validating model robustness an… | test_FACT_MODEL_SECURITY_SCAN_L2_cve_scan |
❌ FAILED | 1780081970.7900453 |
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Prompt Guardrail / Injection Detection | Verification that user inputs for agents or LLMs pass throug… | test_FACT_PROMPT_GUARDRAIL_L2_na_justified |
❌ FAILED | 1780081970.7900453 |
| Robustness Level Reality | Documentation certifies AES-256 encryption everywhere, but c… | test_SYS_CONTRADICTION_CYBER_L2_contradiction |
❌ FAILED | 1780081970.7900453 | ||
| Art. 15 §4 | resilient against attempts by unauthorised third p… | Input Robustness | Presence of input controls and validation (type checking, sa… | test_query_FACT_INPUT_VALIDATION[Validation d'entr\xe9e nominale-Article 15(1) - Pr\xe9cision et Robustesse-V\xe9rifier que la validation Pydantic accepte une entr\xe9e correcte.-La fonction doit accepter la requ\xeate sans erreur.-kwargs0-corrupted_files0-mock_injections0-assert exception_caught is None, '\U0001f534 ERREUR : La validation a \xe9chou\xe9 sur une entr\xe9e valide'-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Robustness Level Reality | Documentation certifies AES-256 encryption everywhere, but c… | test_SYS_CONTRADICTION_CYBER_L2_contradiction |
❌ FAILED | 1780147430.691141 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 25 §1 + Art. 49 §1 | Where a [...] third-party places a high-risk AI sy… | Provider Identity | Explicit identification of the AI system provider (legal nam… | test_FACT_PROVIDER_IDENTITY_coverage_gap |
❌ FAILED | 1780081970.7900453 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 26 §1 | Deployers of high-risk AI systems shall take appro… | Deployer Identity | Identification of the entity deploying the AI system (name, … | test_FACT_DEPLOYER_IDENTITY_coverage_gap |
❌ FAILED | 1780081970.7900453 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 27 §1 | deployers of high-risk AI systems that are bodies … | FRIA — Fundamental Rights Impact Assessment | Existence of a Fundamental Rights Impact Assessment (FRIA) d… | test_FACT_FRIA_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 4 EU AI Act + ISO 42001 §5.2 | providers and deployers shall take measures to ens… | Documented AI Policy | Existence of a formalised AI policy covering: acceptable use… | test_FACT_AI_POLICY_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 73 §1 + §3 | report any serious incident [...] not later than 1… | Serious Incident Notification Procedure | Existence of a documented procedure for notifying serious in… | test_FACT_INCIDENT_REPORTING_coverage_gap |
❌ FAILED | 1780081970.7900453 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| Art. 9 §4 | adopt suitable risk management measures in accorda… | Risk Mitigation | Mitigation mechanisms (fallback, thresholds, validation) cor… | test_query_FACT_RISK_MITIGATION_AR[AR: Risk Mitigation [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Risk Mitigation | ABSENT : Aucun m\xe9canisme datt\xe9nuation des risques (fallback, seuils, validation) nest impl\xe9ment\xe9 dans le code")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §3 | The risk management system shall be subject to a s… | Continuous Monitoring | Monitoring hooks, metrics or active alerts in code for criti… | test_FACT_RISK_MONITORING_behavioral |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §3 + Art. 72 §1 | providers shall establish and document a post-mark… | Post-Market Plan | Plan de surveillance conforme incluant la gestion des incide… | test_FACT_POST_MARKET_MONITORING_L2_static_code |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §2(b) | estimate and evaluate the risks that may emerge wh… | Risk Matrix | Formalised matrix (probability x impact) categorised and pri… | test_FACT_RISK_MATRIX_DOC_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §4 | adopt suitable risk management measures in accorda… | Risk Mitigation | Mitigation mechanisms (fallback, thresholds, validation) cor… | test_FACT_RISK_MITIGATION_L2_contradiction |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §2 + Art. 26 §1 | risk management system shall identify [...] person… | Risk Ownership Assignment | Explicit identification of accountable roles (Risk Owner, Le… | test_FACT_RISK_OWNERSHIP_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §2(a) | identify and analyse the known and reasonably fore… | Risk Register | Existence d'un exhaustive register de risques exploitable (JSO… | test_FACT_RISK_REGISTRY_L2_doc_artifact |
❌ FAILED | 1780081970.7900453 |
| Art. 9 §3 + Art. 72 §1 | providers shall establish and document a post-mark… | Post-Market Plan | Plan de surveillance conforme incluant la gestion des incide… | test_FACT_POST_MARKET_MONITORING_L2_static_code |
❌ FAILED | 1780147430.691141 |
| Art. 9 §2(a) + Art. 14 §4(b) | known and reasonably foreseeable risks [...] be aw… | Confidence-Based Human Routing | Low confidence automatically routes to human review — risk m… | test_FACT_CONFIDENCE_ROUTING_coverage_gap |
❌ FAILED | 1780955282.8648067 |
| Paragraph | Regulatory obligation | Checkpoint | Control Objective | Test | Result | Executed on |
|---|---|---|---|---|---|---|
| FACT_ART | test_FACT_ART50_DISCLOSURE_coverage_gap |
❌ FAILED | 1780955282.8648067 |