Metadata-Version: 2.4
Name: dingdawg-compliance
Version: 1.0.1
Summary: AI governance compliance scanner — Colorado SB 205 AI Act self-assessment
License: Apache-2.0
Project-URL: Homepage, https://dingdawg.com/compliance
Project-URL: Repository, https://github.com/dingdawg/dingdawg-compliance
Project-URL: Issues, https://github.com/dingdawg/dingdawg-compliance/issues
Keywords: ai-governance,compliance,colorado,sb205,ai-act
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.9
Description-Content-Type: text/markdown

# dingdawg-compliance

**Colorado SB 205 AI Act compliance scanner.** Run it in 60 seconds. Get your score. Know your gaps before June 30, 2026.

```bash
pip install dingdawg-compliance
python3 -m dingdawg_compliance scan
```

---

## What it does

Colorado SB 205 requires any company using AI for consequential decisions (employment, housing, credit, insurance, healthcare, education) to:

- Conduct impact assessments before deployment
- Disclose AI use to consumers at point of decision
- Provide appeal and human review mechanisms
- Designate a Responsible AI Officer
- Test for discriminatory bias
- Maintain a 3-year audit trail

This tool scores your readiness across all 25 SB 205 controls. **Free. No signup. Runs locally.**

---

## Install

```bash
pip install dingdawg-compliance
```

Requires Python 3.9+. No external dependencies — stdlib only.

---

## Usage

### Interactive scan (recommended)

```bash
python3 -m dingdawg_compliance scan
```

Walk through all 25 controls. Answer y/n/skip for each. Get your score at the end.

**Example output:**
```
──────────────────────────────────────────────────────
  Overall Score: 44/100  [████████░░░░░░░░░░░░]  NEEDS WORK
──────────────────────────────────────────────────────

  Category Scores:
    ~ scope                  100%
    ✗ impact_assessment        0%
    ✗ transparency            33%
    ✗ appeal                   0%
    ~ governance              50%
    ✗ bias_testing             0%
    ✗ data_governance          0%
    ✗ incident_response       50%
    ✓ audit                  100%

  ⚠ Critical gaps (2) — mandatory under SB 205:
    • CO-3   Pre-Deployment Impact Assessment
    • CO-6   Consumer Disclosure at Point of Decision

  Need the full remediation report?
  → dingdawg.com/compliance  (CO SB 205 gap report — $199)
```

### Score from a JSON file

```bash
python3 -m dingdawg_compliance score responses.json
```

Format for `responses.json`:
```json
{
  "CO-1": true,
  "CO-2": true,
  "CO-3": false,
  "CO-4": null
}
```

`true` = implemented, `false` = not implemented, `null` = unknown (scored as not implemented).

### List all 25 controls

```bash
python3 -m dingdawg_compliance controls
```

---

## Use as a library

```python
from dingdawg_compliance import calculate_co_sb205_score, CO_SB_205_CONTROLS

# Score a self-assessment
responses = {
    "CO-1": True,   # scope: identified consequential decisions
    "CO-3": False,  # impact_assessment: no pre-deployment assessment yet
    "CO-6": True,   # transparency: consumer disclosure implemented
    # ... rest of controls
}

result = calculate_co_sb205_score(responses)
print(result["score"])           # 0-100
print(result["gaps"])            # list of unimplemented controls
print(result["critical_gaps"])   # CO-3, CO-6, CO-10, CO-14 if missing
```

### Track assessments in SQLite

```python
from dingdawg_compliance import ComplianceStore, ComplianceScorer, ComplianceFramework

store = ComplianceStore()  # stored at ~/.dingdawg/compliance/compliance.db

# Register and assess a control
store.assess_control("CO-3", status="COMPLIANT", assessor="legal-team", notes="Completed Q1 2026")

# Score
scorer = ComplianceScorer(store)
print(scorer.overall_posture_score())   # e.g. 72.0
print(scorer.per_framework_score())     # per-framework breakdown
print(scorer.gap_analysis())            # prioritized gap list
```

### Automated checks (read-only)

```python
from dingdawg_compliance import AutoAssessor
from pathlib import Path

assessor = AutoAssessor(
    base_dir=Path("./src"),
    db_paths=[Path("./data/app.db")]
)

results = assessor.run_all_checks()
print(results["checks"]["access_controls"]["summary"])
print(results["checks"]["audit_logging"]["summary"])
```

---

## The 25 CO SB 205 Controls

| ID | Category | Control | Critical |
|----|----------|---------|---------|
| CO-1 | scope | Consequential Decision Identification | |
| CO-2 | scope | High-Risk AI System Classification | |
| CO-3 | impact_assessment | Pre-Deployment Impact Assessment | ★ |
| CO-4 | impact_assessment | Annual Impact Assessment Review | |
| CO-5 | impact_assessment | Impact Assessment Documentation | |
| CO-6 | transparency | Consumer Disclosure at Point of Decision | ★ |
| CO-7 | transparency | Disclosure Timing | |
| CO-8 | transparency | Disclosure Content — AI Role | |
| CO-9 | transparency | Disclosure Content — Data Used | |
| CO-10 | appeal | Appeal Mechanism | ★ |
| CO-11 | appeal | Human Review Option | |
| CO-12 | appeal | Opt-Out Mechanism | |
| CO-13 | appeal | Appeal Response Timeline | |
| CO-14 | governance | Responsible AI Officer Designation | ★ |
| CO-15 | governance | AI Inventory | |
| CO-16 | governance | Vendor Due Diligence | |
| CO-17 | governance | Policy Documentation | |
| CO-18 | bias_testing | Pre-Deployment Bias Testing | |
| CO-19 | bias_testing | Ongoing Bias Monitoring | |
| CO-20 | bias_testing | Protected Class Analysis | |
| CO-21 | data_governance | Training Data Documentation | |
| CO-22 | data_governance | Data Minimization | |
| CO-23 | incident_response | AI Incident Response Plan | |
| CO-24 | incident_response | Error Notification | |
| CO-25 | audit | Third-Party Audit Trail | |

★ Critical — mandatory remediation required before June 30, 2026.

---

## What this doesn't include

This scanner shows **what** to check and **where your gaps are**. It does not generate remediation plans, regulatory citations, evidence templates, or audit-ready documentation.

For the full gap report with remediation guidance → [dingdawg.com/compliance](https://dingdawg.com/compliance)

---

## License

Apache 2.0 — free to use, fork, and contribute.

## Contributing

PRs welcome for new indicators, additional frameworks, or CLI improvements. Open an issue first for anything structural.
