Sentinel Sovereignty Report

Project: sentinel-preview · Storage: sqlite · Data residency: EU-DE · Sovereign scope: EU
Generated: 2026-04-11T13:42:52
EU AI Act Annex III enforcement: 2 August 2026. High-risk AI systems must prove automatic tamper-resistant logging.
113
days remaining

Executive summary

Your system meets EU sovereignty requirements.

The runtime sovereignty score is 100% — that is the fraction of installed Python packages with no US CLOUD Act exposure. EU AI Act overall status: PARTIAL. Automated coverage of the required articles: 50%.

Where the report flags partial or non-compliant items, the "recommended actions" block below names each one in priority order. Every action corresponds to a specific file or configuration change.

100%
Sovereignty score

60 of 60 installed packages are EU-sovereign or neutral. 1 are US-incorporated and subject to the CLOUD Act. 46 are unknown.

Critical-path violations: 0. This is a runtime snapshot. CI/CD and infrastructure are reported separately below.

EU AI Act compliance

Overall: PARTIAL · Automated coverage: 50%

Article Title Status Detail What to do
Art. 9Risk managementPARTIALPolicy evaluator configured; every decision records the policy result.Configure a PolicyEvaluator — SimpleRuleEvaluator or LocalRegoEvaluator.
Art. 10Data governanceACTION_REQUIREDData governance is not automatable by a middleware kernel.Data governance is a human process — see docs/bsi-profile.md.
Art. 11Technical documentationACTION_REQUIREDAnnex IV technical documentation is a human deliverable.Review manually.
Art. 12Automatic record keepingCOMPLIANTEvery wrapped call produces a DecisionTrace automatically, stored append-only.Enable storage backend for append-only trace persistence.
Art. 13Transparency & information to deployersCOMPLIANTTraces record agent, model, policy name/version, and result per decision.Populate agent, model, and policy metadata on every trace.
Art. 14Human oversightCOMPLIANTKill switch implemented; every override recorded as linked trace entry.Test the kill switch with engage_kill_switch() before go-live.
Art. 15Accuracy, robustness, cybersecurityACTION_REQUIREDModel evaluation and adversarial testing are outside the trace layer.Configure accuracy thresholds and human review workflows.
Art. 17Quality management systemCOMPLIANTContinuous, append-only trace record satisfies the traceability requirement.Run sentinel compliance check as part of CI on every release.

Recommended actions

HIGH
Art. 9 — Risk management
Configure a PolicyEvaluator — SimpleRuleEvaluator or LocalRegoEvaluator.
MEDIUM
Art. 10 — Data governance
Data governance is a human process — see docs/bsi-profile.md.
MEDIUM
Art. 11 — Technical documentation
Review manually.
MEDIUM
Art. 15 — Accuracy, robustness, cybersecurity
Configure accuracy thresholds and human review workflows.

Manifesto status

Overall manifesto score: 100%

DimensionDetail
jurisdiction0 critical-path violations
kill_switchkill switch API present
storagebackend: sqlite
bsitargeting 2026-12-31

Runtime packages

Showing first 60 of 60 installed packages. Sovereign: 60 · US-owned: 1 · Unknown: 46

Package Version Parent Jurisdiction CLOUD Act Critical
shellingham1.5.4UnknownUnknownno
requests2.33.1Python Software FoundationNeutralNOno
more-itertools10.8.0UnknownUnknownno
pexpect4.9.0UnknownUnknownno
platformdirs4.9.4UnknownUnknownno
rfc39862.0.0UnknownUnknownno
jaraco.classes3.4.0UnknownUnknownno
click8.3.1PalletsNeutralNOno
ptyprocess0.7.0UnknownUnknownno
certifi2026.2.25UnknownUnknownno
iniconfig2.3.0UnknownUnknownno
jaraco.context6.1.2UnknownUnknownno
virtualenv21.2.0UnknownUnknownno
pytest-cov7.1.0pytest-covNeutralNOno
uv0.11.3UnknownUnknownno
tomlkit0.14.0UnknownUnknownno
hyperlink21.0.0UnknownUnknownno
idna3.11UnknownUnknownno
distlib0.4.0UnknownUnknownno
build1.4.2UnknownUnknownno
rich14.3.3UnknownUnknownno
userpath1.9.2UnknownUnknownno
librt0.8.1UnknownUnknownno
tomli_w1.2.0UnknownUnknownno
httpcore1.0.9UnknownUnknownno
filelock3.25.2UnknownUnknownno
nh30.3.4UnknownUnknownno
markdown-it-py4.0.0UnknownUnknownno
sentinel-kernel0.1.0sentinel-kernelEUNOyes
docutils0.22.4UnknownUnknownno
hatchling1.29.0Ofek LevNeutralNOno
twine6.2.0UnknownUnknownno
h110.16.0UnknownUnknownno
coverage7.13.5Coverage.pyNeutralNOno
Pygments2.20.0UnknownUnknownno
mdurl0.1.2UnknownUnknownno
pathspec1.0.4UnknownUnknownno
PyYAML6.0.3YAMLNeutralNOno
pytest-asyncio1.3.0pytest-devNeutralNOno
id1.6.1UnknownUnknownno
urllib32.6.3urllib3NeutralNOno
readme_renderer44.0UnknownUnknownno
typing_extensions4.15.0UnknownUnknownno
jaraco.functools4.4.0UnknownUnknownno
trove-classifiers2026.1.14.14UnknownUnknownno
hatch1.16.5Ofek LevNeutralNOno
charset-normalizer3.4.7UnknownUnknownno
ruff0.15.8AstralUSNOno
mypy1.20.0Python Software FoundationNeutralNOno
pluggy1.6.0UnknownUnknownno
python-discovery1.2.1UnknownUnknownno
requests-toolbelt1.0.0UnknownUnknownno
packaging26.0UnknownUnknownno
httpx0.28.1EncodeNeutralNOno
pyproject_hooks1.2.0UnknownUnknownno
keyring25.7.0UnknownUnknownno
mypy_extensions1.1.0UnknownUnknownno
pip26.0UnknownUnknownno
pytest9.0.2pytest-devNeutralNOno
anyio4.13.0UnknownUnknownno

CI/CD findings

File Component Vendor Jurisdiction CLOUD Act
.github/workflows/ci.ymlgithub_actionsGitHub (Microsoft)USYES
.github/workflows/pages.ymlgithub_actionsGitHub (Microsoft)USYES
.github/workflows/release.ymlgithub_actionsGitHub (Microsoft)USYES
pyproject.tomlpypiPython Package IndexUSNO

Infrastructure findings

File Component Vendor Jurisdiction CLOUD Act
No infrastructure findings