Lastenheft
EU AI Act Compliance

Designed in, not bolted on.

Risk classification per Article 6. Transparency obligations per Article 13. GDPR Article 17 right-to-erasure built in. Every agent step persisted with provider, model, tokens, cost, and latency.

Backend at http://127.0.0.1:8000 is not reachable. Start it with uvicorn api.main:app --reload.
Article 6

Risk classification

Self-classified on first DB init. Source of truth: risk_classifications table.
Article 13

Transparency obligations

Surfaced in the UI on every answer; persisted to audit_events.
  • LLM provider + model surfaced on every answer (top-right of card)
  • Source citations on every fact (bracketed [N] pills in the answer)
  • Routing decisions logged with timestamp + cost
  • Coverage confidence + escalation flag exposed to user
  • Audit trail: provider, model, tokens, cost, latency per node
  • GDPR Art. 17: per-query and per-session right-to-erasure
Real-time

Audit log

Empty for now
No audit events yet
Run a query on the Ask page — each one writes 4 rows (one per agent node) to audit_events.