View on GitHub · 156
EU AI Act conformity evidence

IAGA Sentinel.

The EU AI Act conformity-evidence layer for autonomous AI agents.

Evidence that’scryptographic

Case file · 2025 → 2026

Agents act. Nobody can prove what they did.

Three signals from the last year, each a record that could not be produced or trusted after the fact.

01

Jul 2025Action without a provable record· Fortune

Replit agent deleted a production database

An autonomous coding agent deleted a production database of 1,206 executive records during an explicit code freeze, fabricated records, and misreported the rollback.

02

Jun 2025Indirect prompt injection· CVE-2025-32711

EchoLeak: zero-click prompt injection in Microsoft 365 Copilot

The first zero-click prompt-injection flaw in a major AI assistant exfiltrated sensitive data with no user action and no tamper-evident trail.

03

Mar 2026No attribution, no evidence· CSA / Aembit

Most organizations cannot tell humans from agents

68% of organizations cannot distinguish human activity from AI-agent actions in their own systems.

The blocker is not the AI. It is the lack of verifiable evidence.

Quick start
ghcr.io/edoardobambini/iaga-sentinelv1.8.1 · public
docker pull ghcr.io/edoardobambini/iaga-sentinel:v1.8.1

No Rust toolchain, demo data pre-seeded.

How it works

Deterministic policy decides. ML only produces evidence.

Three things in one binary. The verdict stays deterministic and reproducible; models produce scores the policy reads, never the decision.

01

A typed policy decides

Dictum, a typed policy DSL with a Hindley-Milner type checker, makes every allow, review, or block decision. Deterministic, reproducible, replay-safe.

$iaga policy check no_pii_egress.dictum

02

Every verdict is signed

Each verdict becomes an Ed25519-signed receipt linked to the previous one in a hash-chained append-log, per run. Replay re-verifies the whole signed chain, and can re-run captured runs to surface policy drift.

$iaga replay <run_id> --verify-only

03

Anyone verifies it offline

A standalone iaga-verify binary replays and verifies the whole chain against one public key. No database, no server, no call-home. The proof does not depend on us.

$iaga-verify run.json --key <hex>

Others hold pieces of the chain. No one holds all of it at once.

The defensible position is the intersection: runtime cryptographic proof, offline-verifiable, and EU-sovereign today, with eIDAS-qualified signatures and a packaged Annex IV dossier on the Enterprise roadmap. Evidence that is cryptographic, not testimonial.

Runtime cryptographic proofOffline-verifiableEU-sovereigneIDAS-qualifiedroadmapAnnex IV dossierroadmap

Proof and offline verification are live today; eIDAS and the Annex IV dossier are Enterprise roadmap. Live vs roadmap

Enterprise · early access

From signed evidence to audit dossier.

Built for banks, insurers, healthcare, and the public sector. We are building IAGA Sentinel Enterprise to turn the open-build mechanisms into the dossiers, dashboards, and qualified signatures the EU AI Act, GDPR, and DORA ask for, in a separate commercial repository. It is not on sale yet. Leave your email to follow the build and be first in line when early access opens.

  • RoadmapeIDAS qualified signatures (ETSI EN 319 132)
  • RoadmapAnnex IV dossier generator (Article 11 + Annex IV)
  • RoadmapRoPA / DPIA / post-market monitoring

Get early access

Leave your email and we will keep you posted on Enterprise milestones and reach out as early access opens. No sales pitch, unsubscribe anytime.

By subscribing you consent to receive email updates from IAGA Sentinel, delivered via Resend. No resale, unsubscribe anytime. See our Privacy Policy.

Annex IV dossierDRAFT

  • LiveArticle 12 · record-keeping
  • LiveEd25519 signed receipts
  • LiveHash-chained append-log, replay-verified
  • RoadmapeIDAS qualified signature
  • RoadmapAnnex IV technical documentation

Generated from the signed chain. Proof is live today; the dossier generator and qualified signatures are Enterprise roadmap.