⚠️
Demo dossier — synthetic runtime data. These audits are published for demonstration purposes. Runtime traces were synthetically generated to illustrate the behavioral audit methodology. Systems are anonymised. Full production dossiers with live execution evidence are available under NDA — contact@factnotebook.com
⚠️
STATIC ANALYSIS — Limited confidence Code and documentation were analysed statically — the audit engine did not execute the system live. Where session traces were provided, behavioural findings derive from those traces, not from live execution. Some verdicts rely on heuristic signals and are labelled accordingly; they may not reflect actual runtime behaviour. For a full technical dossier with executable evidence and SHA-256 seal, contact contact@factnotebook.com.

🔬 Technical Forensic Report

agents-for-openbb

Audience: Developers · DevSecOps · Platform · Forensic teams

This report contains execution details, data flows, system topology and the traceability of generated tests. It complements the Regulatory Report.
It is not intended for regulators, executives or investors.


📊 Visualisation des Flux de Transformation

⚠️ No AI Act-impacting technical workflow detected.


6. 🧬 SYSTEM DNA (ANNEXE EXPERTE)


A. CARTOGRAPHIE ET TOPOLOGIE DE L'ACTIF

L'analyse a révélé la structure physique, et a extrait la densité de l'intelligence embarquée.
Indicateur DNA Diagnostic Expert Valeur / Score
Topology 🕸️ MICRO-MESH See glossary below
Code Maturity MODERATE Core logic / boilerplate ratio
AI Logic Density 30.0% AI Density = AI-logic LOC / Total LOC
Normalized Complexity Index 0.05 / 1.0 Normalized Complexity Index = raw McCabe complexity / max observed. Raw complexity: 1 = trivial, 5-10 = moderate, >20 = high risk.
Technical Maturity Index 78.21 / 100 Formula: 30% doc coverage + 30% implementation + 20% dependency health + 20% governance
Structural Debt 21.8% derived from skeleton pattern analysis
Deployment Exposure Cloud indicators detected Confidence: Moderate — inferred from 7 technical signals (cloud APIs, CDN, remote endpoints). Does not assert actual data residency or hosting location.

Topology Glossary:

Type Criteria Characteristics
MONOLITH < 20 modules Single deployable unit, low coupling
MODULAR 20–100 modules Distinct components, moderate coupling
MICRO-MESH > 100 interconnected modules High modularity, distributed logic
DISTRIBUTED Multi-service architecture Service boundaries, network communication

B. DOCUMENTATION FIDELITY INDEX (DFI)

⚠️ DFI ≠ Compliance Score. These are two independent dimensions:
- DFI measures truthfulness — does the documentation make claims the code contradicts?
- Compliance Score measures evidence maturity — how strongly are required controls proven?
A system can have DFI=100% (no false claims) and still score 54/100 (insufficient evidence). Both are expected when governance documentation is absent.

The **Documentation Fidelity Index** measures whether documented controls are contradicted by actual code.

DFI Score : 100.0%
Interpretation : ✅ High Fidelity — no documented controls were contradicted by code.

Formula:
```
DFI = controls_where_DOC_and_CODE_agree / controls_where_DOC_makes_a_claim × 100

DFI = 100%  → documentation makes no false claims (but may be silent on many controls)
DFI < 100%  → documentation asserts compliance that code does not support (❌ ABSENT risk)

Note: DFI is unaffected by controls absent from both DOC and CODE.
Those are Evidence Coverage Gaps — a separate metric.
```

No true DOC↔CODE contradictions detected — documentation does not claim controls that code contradicts. SCI = 100% is valid.

Evidence gaps (6 shown) — not observed in analysed artefacts:

ℹ️ No evidence of these controls was found in the analysed artefacts (source code, configuration, documentation). This does not assert they are absent from the full system — only that no evidence was detected in the current audit scope. These gaps increase the Evidence Coverage deficit but do not reduce the Documentation Fidelity Index (DFI), since no false claims were detected.

Control Article Status
Agent Over Privilege Article 14 ABSENT
Cyber Pickle Risk Article 15 ABSENT
Error Handling Article 15 ABSENT
Prompt Guardrail Article 15 ABSENT
Risk Mitigation Article 9 ABSENT
Audit Trail Article 12 ABSENT
    La Semantic Collision Index (100.00%) mesure les contradictions actives CODE ↔ DOC. Un score élevé indique l'absence de direct collision. L'écart d'intégrité de 100.00% reflète les points sans implémentation technique (promesses documentaires seules), et non des contradictions volontaires.

C. TECHNICAL FOOTPRINT & CRITICAL DEPENDENCIES

Software supply chain analysis identified by the collision engine:

D. FOUR-AXIS ASSESSMENT SUMMARY

These four axes are independent — a system can score well on one axis and poorly on another.
High documentation fidelity (Axis C) does not imply regulatory compliance (Axis A).

Axis Score What it measures
A — Regulatory Compliance 79 / 100 EU AI Act article-level conformance (Art. 9-15 evidence found vs. required)
B — Evidence Strength **72.5 ** Runtime or static evidence quality (E0-E6 levels)
C — Documentation Fidelity 100.0% DOC-CODE consistency — DFI / SCI (absence of contradictions, ≠ completeness)
D — Technical Maturity 78.21 / 100 Software architecture quality (complexity, debt, dependency health)

⚠️ Reading guide: "Regulatory Compliance = 79/100"
means EU AI Act controls are 79% evidenced across audited articles.
"Documentation Fidelity = 100.0%" means documentation and code are consistent
— it does
not mean the system is compliant.
A high Axis C with a low Axis A means:
honest documentation of an incomplete implementation**.


E. COMPONENT SEGMENTATION

Segmentation from static code analysis — must sum to 100%.
Component % Definition
CORE LOGIC 32.0% Weights, prompts, decision algorithms, inference logic
STUB_IMPLEMENTATION 21.8% Structural code without business value (stubs, generated code, boilerplate)
SUPPORT 16.7% API connectors, database drivers, interfaces
OTHER / UNCLASSIFIED 29.5% Documentation, config, test infrastructure

Expert Note: Architecture topology detected: 🕸️ MICRO-MESH.
✅ Balance between sovereign code and third-party services is acceptable.
Structural debt of 21.8% (derived from skeleton pattern analysis) requires technical documentation update to reflect actual system state (Art. 11).

    # 🧠 SANTÉ TECHNIQUE DE L'ACTIF

📌 INTERMEDIATE SYSTEM

⚖️ Regulatory Status

REQUIRES_REVIEW

🧩 Classification AI Act

UNCERTAIN_COMPLIANCE


📊 Compliance Score

57.2 / 100

⚠️ Risk level

MEDIUM


🧠 Analyse

Hybrid state requiring additional audit


🧪 Regulatory Traceability — Tests by AI Act Article

This section lists the executable tests generated by CAMSVA for each regulatory obligation. It constitutes the behavioural evidence dossier presentable to the notified body or regulator.

Evidence strength scale: E0 = absent · E1 = declared (documentation claim only) · E2 = implemented (code artifact detected) · E3 = tested (automated test evidence) · E4 = executed (runtime trace available) · E5 = verified (runtime + cryptographic seal)

Traceability chain: Article → Paragraph → Regulatory Obligation → Control Objective → Checkpoint → Test Evidence → Verdict. Each row below traces a single checkpoint from the EU AI Act text through the control it verifies to the executable test result.

Summary: 69 tests across 74 control mappings — ✅ 0 PASSED · ❌ 74 FAILED · ⏭️ 0 SKIPPED (per mapping) — 0.0 %

❌ Article 10 — 0/10 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 10 §5 ensuring bias monitoring, detection and correction… Bias Metrics Presence of bias metrics (fairness metrics) in reports or co… test_FACT_BIAS_METRICS_behavioral ❌ FAILED 1780081970.7900453
Art. 10 §3 Training, validation and testing data sets shall b… Data Cleansing & Anonymisation Presence of data sanitization pipelines (PII scrubbing, anon… test_FACT_DATA_SANITIZATION_behavioral ❌ FAILED 1780081970.7900453
Art. 10 §2 appropriate data governance and management practic… Physical Dataset Existence Presence of real data files used for training or testing. test_FACT_DATASET_ARTIFACT_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 10 §3 training, validation and testing data sets shall b… Balancing & Representativeness Presence of a sample analysis to verify labels/metadata prov… test_FACT_DATASET_BALANCING_L2_static_code ❌ FAILED 1780081970.7900453
Art. 10 §2(e) examination in view of possible biases that are li… Data Traceability Documentation of the complete data flow (source to transform… test_FACT_DATA_LINEAGE_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 10 §2(f) appropriate data governance and management practic… Dataset Quality Explicit definition of quality criteria (completeness, accur… test_FACT_DATA_QUALITY_DOC_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 10 §2(b) data collection processes and the origin of data Data Inventory Existence of a registry identifying data sources, types and … test_FACT_DATA_REGISTRY_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 10 §5 + RGPD Art. 25 strictly necessary for the purpose of ensuring bia… PII Masking Before External Transmission Verification (via Lineage) that sensitive data flows pass th… test_query_FACT_PII_MASKING[Ex\xe9cution nominale avec un message utilisateur valide-N/A-Donn\xe9e toujours RAW_UNTRUSTED apr\xe8s PII Masking Before External Transmission \u2014 finding potentiel-Succ\xe8s-kwargs0-corrupted_files0-mock_injections0-assert spy['dump'].called or spy['csv'].called, '\U0001f534 Aucun artefact produit \u2014 fonction void avec side-effects attendus'-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 10 §5 ensuring bias monitoring, detection and correction… Bias Metrics Presence of bias metrics (fairness metrics) in reports or co… test_FACT_BIAS_METRICS_behavioral ❌ FAILED 1780148701.9348292
Art. 10 §5 + RGPD Art. 25 strictly necessary for the purpose of ensuring bia… PII Masking Before External Transmission Verification (via Lineage) that sensitive data flows pass th… test_FACT_PII_MASKING_coverage_gap ❌ FAILED 1780955282.8648067

❌ Article 11 — 0/4 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 11 §1 + Annexe IV §2(b) description of the system's components and of the … Model Card Presence of a model technical sheet (intended use, limits, p… test_FACT_MODEL_CARD_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 11 §1 + Annexe IV §1 general description of the AI system including its… System Architecture Complete description (architecture, components, flows) detec… test_FACT_SYSTEM_DESCRIPTION_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 11 §1 technical documentation [...] shall be drawn up be… Version Management Versioning mechanisms (tags, version numbers, branches) dete… test_FACT_VERSIONING_L2_static_code ❌ FAILED 1780081970.7900453
Art. 11 §1 + Annexe IV §1 general description of the AI system including its… System Architecture Complete description (architecture, components, flows) detec… test_FACT_SYSTEM_DESCRIPTION_L2_doc_artifact ❌ FAILED 1780147430.691141

❌ Article 12 — 0/8 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 12 §2 traceability of the AI system's functioning [...] … Decision Record Structure Each automated decision must be recorded with accountability… test_query_FACT_DECISION_RECORD_AR[AR: Decision Record [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Decision Record Structure | ABSENT : Aucun enregistrement de d\xe9cision automatis\xe9e avec les champs dimputabilit\xe9 requis.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 12 §2 level of traceability [...] appropriate to the int… Audit Trail Traceability mechanisms for critical events (audit trail) in… test_FACT_AUDIT_TRAIL_behavioral ❌ FAILED 1780081970.7900453
Art. 12 §1 High-risk AI systems shall technically allow for t… Logging Implementation Presence of log generation instructions (log.info, log.error… test_FACT_LOG_IMPLEMENTATION_behavioral ❌ FAILED 1780081970.7900453
Art. 12 §2 appropriate level of traceability of the AI system… Logging Integrity Verifies that logging functions are not empty shells (pass) … test_FACT_LOG_INTEGRITY_behavioral ❌ FAILED 1780081970.7900453
Art. 12 §2 traceability of the AI system's functioning [...] … Decision Record Structure Each automated decision must be recorded with accountability… test_correlation_id_present ❌ FAILED 1780081970.7900453
Art. 12 §1 + §2 logging capabilities shall ensure a level of trace… Storage Definition Identification of log storage mechanisms and locations (file… test_FACT_LOG_ARTIFACTS_L2_static_code ❌ FAILED 1780081970.7900453
Art. 12 §1 automatic recording of events throughout the lifet… Real Execution Traces Presence of recent log files (e.g. .log, .jsonl, .txt) demon… test_FACT_LOG_ARTIFACT_DETECTED_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 12 §4 providers [...] shall keep the logs [...] for a pe… Log Retention Policy Explicit definition of log retention duration (minimum 6 mon… test_FACT_LOG_RETENTION_POLICY_coverage_gap ❌ FAILED 1780081970.7900453

❌ Article 13 — 0/4 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 13 §1 sufficiently transparent to enable deployers to in… System Explainability Documentation of elements explaining model decisions or logi… test_FACT_EXPLAINABILITY_DOC_L2_static_code ❌ FAILED 1780081970.7900453
Art. 13 §2(b)(vi) known or foreseeable circumstances [...] in which … Limitations Disclosure Explicit identification and communication of known limits an… test_FACT_LIMITATIONS_DISCLOSURE_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 13 §2(b) characteristics, capabilities and limitations of p… User Notice Presence of an information notice explaining the system oper… test_FACT_TRANS_NOTICE_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 13 §1 sufficiently transparent to enable deployers to in… System Explainability Documentation of elements explaining model decisions or logi… test_FACT_EXPLAINABILITY_DOC_L2_static_code ❌ FAILED 1780147430.691141

❌ Article 14 — 0/14 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 14 §1 effectively overseen by natural persons — a system… Agent Tool Scope Analysis of the tool catalogue (tools/functions) provided to… test_query_FACT_AGENT_OVER_PRIVILEGE_AR[AR: Agent Over Privilege [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Agent Tool Scope | DISABLED : Aucun outil externe nest fourni \xe0 lagent, donc pas de risque de sur-privil\xe8ge.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 14 §4(d) decide, in any particular situation, not to use th… Authority Delegation Analysis of whether the agent delegates tasks to sub-agents … test_query_FACT_DELEGATION_RISK_AR[AR: Delegation Risk [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Authority Delegation | DISABLED : Aucune d\xe9l\xe9gation \xe0 des sous-agents ou outils externes, donc pas de risque de d\xe9l\xe9gation non supervi")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 14 §4(d) decide, in any particular situation, not to use th… Human-in-the-Loop Mechanism Presence of a human approval mechanism before executing crit… test_query_FACT_HITL_LOOP_AR[AR: Hitl Loop [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Human-in-the-Loop Mechanism | ABSENT : Aucun m\xe9canisme dapprobation humaine avant ex\xe9cution doutils critiques.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 14 §4(e) intervene on the operation of the high-risk AI sys… User Override Technical capability for a human to modify, reject or block … test_query_FACT_OVERRIDE_CONTROL_AR[AR: Override Control [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | User Override | ABSENT : Aucune possibilit\xe9 pour un humain de modifier ou rejeter une d\xe9cision automatis\xe9e.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 14 §4(b) be aware of the possible tendency of automatically… Escalation to Human Detection of a human fallback triggered by low model confide… test_FACT_HUMAN_FALLBACK_behavioral ❌ FAILED 1780081970.7900453
Art. 14 §1 + §4(c) effectively overseen by natural persons [...] corr… Human Validation Garantie d'une supervision humaine effective (interface de v… test_FACT_HUMAN_OVERSIGHT_behavioral ❌ FAILED 1780081970.7900453
Art. 14 §1 effectively overseen by natural persons — a system… Agent Tool Scope Analysis of the tool catalogue (tools/functions) provided to… test_FACT_AGENT_OVER_PRIVILEGE_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 14 §4(d) decide, in any particular situation, not to use th… Authority Delegation Analysis of whether the agent delegates tasks to sub-agents … test_FACT_DELEGATION_RISK_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 14 §4(d) decide, in any particular situation, not to use th… Human-in-the-Loop Mechanism Presence of a human approval mechanism before executing crit… test_FACT_HITL_LOOP_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 14 §4(e) intervene on the operation of the high-risk AI sys… User Override Technical capability for a human to modify, reject or block … test_FACT_OVERRIDE_CONTROL_L2_static_code ❌ FAILED 1780081970.7900453
Art. 14 §4(e) interrupt the system through a 'stop' button or a … Automatic Blocking Linked to Human Rejection Human rejection triggers automatic blocking — oversight enfo… test_FACT_AUTO_BLOCK_LINKED_coverage_gap ❌ FAILED 1780955282.8648067
Art. 14 §4(e) intervene on the operation of the high-risk AI sys… Human Decision Endpoint An HTTP/API endpoint receives human approval or rejection de… test_FACT_HUMAN_ENDPOINT_coverage_gap ❌ FAILED 1780955282.8648067
Art. 14 §1 effectively overseen by natural persons during the… Human Approval Gates Execution Human approval is required before automatic action executes … test_FACT_HUMAN_GATES_EXECUTION_coverage_gap ❌ FAILED 1780955282.8648067
Art. 14 §1 + §4(a)(b)(c)(d)(e) effectively overseen by natural persons [...] full… Full Workflow Integration Complete workflow: AI prediction → confidence threshold → hu… test_FACT_WORKFLOW_INTEGRATION_coverage_gap ❌ FAILED 1780955282.8648067

❌ Article 15 — 0/19 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 15 §1 achieve an appropriate level of accuracy, robustne… Contextual Memory Limitation Verification that agent memory or conversation history has a… test_query_FACT_CONTEXT_BOUND_AR[AR: Context Bound [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Contextual Memory Limitation | ABSENT : Aucune borne sup\xe9rieure technique (sliding window, token limit) sur lhistorique des conversations.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Unsafe Serialization Formats Absence of dangerous deserialisation formats (e.g. Pickle, M… test_query_FACT_CYBER_PICKLE_RISK_AR[AR: Cyber Pickle Risk [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Unsafe Serialization Formats | DISABLED : Conception saine par d\xe9faut, aucun format de d\xe9s\xe9rialisation dangereux utilis\xe9.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 15 §3 robustness of high-risk AI systems may be achieved… Error Handling Presence of exception handling blocks (try/catch) preventing… test_query_FACT_ERROR_HANDLING_AR[AR: Error Handling [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Error Handling | ABSENT : Aucune gestion dexception (try/catch) dans le endpoint /v1/query, risque de fuite dinformations tech")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Bypass Detection Search for execution paths (shortcuts) that allow critical a… test_query_FACT_GUARDRAIL_BYPASS_AR[AR: Guardrail Bypass [\U0001f7e2]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Bypass Detection | DISABLED : Aucun guardrail nest impl\xe9ment\xe9, donc aucun risque de contournement.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 14 §4(e) interrupt the system through a 'stop' button or a … Execution Limits (Guardrails) Detection of limits on iterations or execution time to preve… test_query_FACT_MAX_ITERATIONS_AR[AR: Max Iterations [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Execution Limits (Guardrails) | ABSENT : Aucune limite sur les it\xe9rations ou le temps dex\xe9cution pour \xe9viter les boucles infinies.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Prompt Guardrail / Injection Detection Verification that user inputs for agents or LLMs pass throug… test_query_FACT_PROMPT_GUARDRAIL_AR[AR: Prompt Guardrail [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Prompt Guardrail / Injection Detection | ABSENT : Aucune couche de sanitization s\xe9mantique ou guardrail (ex: Llama Guard) pour bloquer les jailbreaks.")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 15 §1 achieve an appropriate level of accuracy, robustne… Component Obsolescence Verification that AI libraries and tools used are up to date… test_FACT_OBSOLETE_TOOLS_behavioral ❌ FAILED 1780081970.7900453
Art. 15 §1 achieve an appropriate level of accuracy, robustne… Contextual Memory Limitation Verification that agent memory or conversation history has a… test_FACT_CONTEXT_BOUND_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Unsafe Serialization Formats Absence of dangerous deserialisation formats (e.g. Pickle, M… test_FACT_CYBER_PICKLE_RISK_L2_static_code ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against [...] adversarial attacks or dat… Secure Format Policy Presence of a documented policy mandating secure formats (ON… test_FACT_CYBER_SECURE_FORMAT_L2_static_code ❌ FAILED 1780081970.7900453
Art. 15 §3 robustness of high-risk AI systems may be achieved… Error Handling Presence of exception handling blocks (try/catch) preventing… test_FACT_ERROR_HANDLING_L2_static_code ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Bypass Detection Search for execution paths (shortcuts) that allow critical a… test_FACT_GUARDRAIL_BYPASS_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Input Robustness Presence of input controls and validation (type checking, sa… test_FACT_INPUT_VALIDATION_L2_static_code ❌ FAILED 1780081970.7900453
Art. 14 §4(e) interrupt the system through a 'stop' button or a … Execution Limits (Guardrails) Detection of limits on iterations or execution time to preve… test_FACT_MAX_ITERATIONS_L2_na_justified ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against [...] adversarial attacks or dat… Cybersecurity Audit External security scan report validating model robustness an… test_FACT_MODEL_SECURITY_SCAN_L2_cve_scan ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Prompt Guardrail / Injection Detection Verification that user inputs for agents or LLMs pass throug… test_FACT_PROMPT_GUARDRAIL_L2_na_justified ❌ FAILED 1780081970.7900453
Robustness Level Reality Documentation certifies AES-256 encryption everywhere, but c… test_SYS_CONTRADICTION_CYBER_L2_contradiction ❌ FAILED 1780081970.7900453
Art. 15 §4 resilient against attempts by unauthorised third p… Input Robustness Presence of input controls and validation (type checking, sa… test_query_FACT_INPUT_VALIDATION[Validation d'entr\xe9e nominale-Article 15(1) - Pr\xe9cision et Robustesse-V\xe9rifier que la validation Pydantic accepte une entr\xe9e correcte.-La fonction doit accepter la requ\xeate sans erreur.-kwargs0-corrupted_files0-mock_injections0-assert exception_caught is None, '\U0001f534 ERREUR : La validation a \xe9chou\xe9 sur une entr\xe9e valide'-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Robustness Level Reality Documentation certifies AES-256 encryption everywhere, but c… test_SYS_CONTRADICTION_CYBER_L2_contradiction ❌ FAILED 1780147430.691141

❌ Article 25 — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 25 §1 + Art. 49 §1 Where a [...] third-party places a high-risk AI sy… Provider Identity Explicit identification of the AI system provider (legal nam… test_FACT_PROVIDER_IDENTITY_coverage_gap ❌ FAILED 1780081970.7900453

❌ Article 26 — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 26 §1 Deployers of high-risk AI systems shall take appro… Deployer Identity Identification of the entity deploying the AI system (name, … test_FACT_DEPLOYER_IDENTITY_coverage_gap ❌ FAILED 1780081970.7900453

❌ Article 27 — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 27 §1 deployers of high-risk AI systems that are bodies … FRIA — Fundamental Rights Impact Assessment Existence of a Fundamental Rights Impact Assessment (FRIA) d… test_FACT_FRIA_coverage_gap ❌ FAILED 1780955282.8648067

❌ Article 4 — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 4 EU AI Act + ISO 42001 §5.2 providers and deployers shall take measures to ens… Documented AI Policy Existence of a formalised AI policy covering: acceptable use… test_FACT_AI_POLICY_coverage_gap ❌ FAILED 1780955282.8648067

❌ Article 73 — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 73 §1 + §3 report any serious incident [...] not later than 1… Serious Incident Notification Procedure Existence of a documented procedure for notifying serious in… test_FACT_INCIDENT_REPORTING_coverage_gap ❌ FAILED 1780081970.7900453

❌ Article 9 — 0/9 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
Art. 9 §4 adopt suitable risk management measures in accorda… Risk Mitigation Mitigation mechanisms (fallback, thresholds, validation) cor… test_query_FACT_RISK_MITIGATION_AR[AR: Risk Mitigation [\U0001f534]-AI Act-V\xe9rification depuis analysis_result Phase B-STATIC_FINDING ou conforme-kwargs0-corrupted_files0-mock_injections0-pytest.skip("STATIC_FINDING | Risk Mitigation | ABSENT : Aucun m\xe9canisme datt\xe9nuation des risques (fallback, seuils, validation) nest impl\xe9ment\xe9 dans le code")-public_audits/openbb/agents-for-openbb/20-financial-prompt-optimizer/main.py] ❌ FAILED 1780081970.7900453
Art. 9 §3 The risk management system shall be subject to a s… Continuous Monitoring Monitoring hooks, metrics or active alerts in code for criti… test_FACT_RISK_MONITORING_behavioral ❌ FAILED 1780081970.7900453
Art. 9 §3 + Art. 72 §1 providers shall establish and document a post-mark… Post-Market Plan Plan de surveillance conforme incluant la gestion des incide… test_FACT_POST_MARKET_MONITORING_L2_static_code ❌ FAILED 1780081970.7900453
Art. 9 §2(b) estimate and evaluate the risks that may emerge wh… Risk Matrix Formalised matrix (probability x impact) categorised and pri… test_FACT_RISK_MATRIX_DOC_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 9 §4 adopt suitable risk management measures in accorda… Risk Mitigation Mitigation mechanisms (fallback, thresholds, validation) cor… test_FACT_RISK_MITIGATION_L2_contradiction ❌ FAILED 1780081970.7900453
Art. 9 §2 + Art. 26 §1 risk management system shall identify [...] person… Risk Ownership Assignment Explicit identification of accountable roles (Risk Owner, Le… test_FACT_RISK_OWNERSHIP_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 9 §2(a) identify and analyse the known and reasonably fore… Risk Register Existence d'un exhaustive register de risques exploitable (JSO… test_FACT_RISK_REGISTRY_L2_doc_artifact ❌ FAILED 1780081970.7900453
Art. 9 §3 + Art. 72 §1 providers shall establish and document a post-mark… Post-Market Plan Plan de surveillance conforme incluant la gestion des incide… test_FACT_POST_MARKET_MONITORING_L2_static_code ❌ FAILED 1780147430.691141
Art. 9 §2(a) + Art. 14 §4(b) known and reasonably foreseeable risks [...] be aw… Confidence-Based Human Routing Low confidence automatically routes to human review — risk m… test_FACT_CONFIDENCE_ROUTING_coverage_gap ❌ FAILED 1780955282.8648067

❌ Unknown — 0/1 tests PASSED

Paragraph Regulatory obligation Checkpoint Control Objective Test Result Executed on
FACT_ART test_FACT_ART50_DISCLOSURE_coverage_gap ❌ FAILED 1780955282.8648067

Methodology Notice
Evidence levels (E0–E5), contradiction detection, assurance scoring and control mapping are defined in the FactNotebook Technical Evidence Framework.
View methodology →
💬 Feedback
Does this report convince you? ×