Open-source CLI that audits AI codebases and traces against EU AI Act requirements. One command. Articles 11, 12, 13, 50 + GDPR Article 30.
Scans your codebase. Generates Annex IV documentation, data flow diagrams, and GDPR RoPA. 60 seconds. No API keys. Everything stays local.
Technical documentation skeleton with auto-populated sections: providers detected, models in use, deployment configs, evaluation scripts. Fill the gaps, not the boilerplate.
Feed your OTel, Langfuse, or raw traces. Get a gap report: which fields are logged, which are missing, and exactly what to add to satisfy Article 12.
Auto-detects AI providers, vector DBs, cloud services. Generates Mermaid diagrams and GDPR Article 30 Records of Processing Activities with transfer safeguard warnings.
Detects user-facing AI endpoints. Flags Article 50 disclosure obligations: users must know they're talking to AI. A UI obligation the tool reminds you about.
Add one step. Every PR gets a compliance check. Fail the build if gaps appear.
| Capability | Langfuse / Arize | Credo AI | OneTrust / Vanta | aitrace |
|---|---|---|---|---|
| Collect LLM traces | Yes | - | - | Ingests theirs |
| Map traces to regulations | - | - | - | Yes |
| Generate Annex IV docs | - | - | - | Yes |
| GDPR data flow mapping | - | - | Manual | Auto |
| CI/CD integration | - | - | - | GitHub Action |
| Open source | Partial | No | No | Apache 2.0 |
| Runs locally | Cloud | Cloud | Cloud | 100% local |
| Price | $$$ | $$$$ | $$$$ | Free |
Compliance guides generated by this tool have been submitted and reviewed on:
Reviewed by Greptile, cubic-dev, and Gemini Code Assist. All flagged issues fixed and fed back into the product.