OPEN SOURCE · APACHE 2.0 · ZERO TELEMETRY

Start here.

Engineer-first tools that produce machine-readable evidence for the EU AI Act articles your auditor will actually ask about. Install in 30 seconds. Run in CI. Pipe the output to the next tool. Apache 2.0, runs offline.

Browse 14 toolsWhere to start
pip install riskforge
Shipped tools
4+ 1 alpha
Articles covered
5+ NIST RMF
License
Apache 2.0commercial-OK
Telemetry
NoneCI-enforced
4 flagships · narrative load-bearing

If you adopt only a handful, adopt these.

Each anchors a high-stakes article, ships as a PyPI package, and produces evidence the rest of the toolchain consumes.

Full library · 14 tools

Browse the whole toolchain.

Filter by status, search by article or capability. Click any card for install, quick-start, regulatory mapping, FAQ, and known limitations.

/
Evidence flow

One tool covers one article. The full set covers your audit.

Every tool emits an artefact the next tool reads as input — LCC’s SBOM goes into RiskForge’s risk file, RiskForge’s threat list informs RAG-Bench’s evaluation, LitmusAI’s verdict gates the pipeline. Schemas are versioned and forwards-compatible. Dashed edges activate as in-development tools ship.

LitmusAIArticle 5
PASS / FAIL gate
RiskForgeArticle 9
LCCArticle 53
SBOM + dataset risk
RiskForgeArticle 9
TraceForgeArticle 10
Dataset governance
RiskForgeArticle 9
ADAArticles 11 + 19
Structured JSON evidence
RiskForgeArticle 9
RAG-BenchArticle 15
Accuracy + robustness report
TransparencyDeckArticle 13
RiskForgeArticle 9
RMF JSON
ConformityBotArticle 43
TransparencyDeckArticle 13
Article 13 doc pack
SigilArticles 14 + 17
Not sure where to start?

Pick by what you’re shipping today.