litmus-screener 1.0.0

LitmusAI — free, deterministic CLI screener for Article 5 of the EU AI Act (Regulation (EU) 2024/1689).

LitmusAI

Free, deterministic Article 5 screener for the EU AI Act.

---

LitmusAI 1.0.0 ships with the AiExponent reference ruleset (UNREVIEWED — internal panel authored, no external lawyer review). Apache 2.0, AS IS.

The package's CLI surface, JSON/SARIF schema, and BYO-ruleset contract are stable for production integration. The reference ruleset has been authored and reviewed by an internal AiExponent panel (six engineering + governance roles) but has not been reviewed by a qualified EU AI Act practising lawyer. Every screening report carries this disclosure prominently. Customers who require lawyer-reviewed output can supply their own signed ruleset via the BYO mechanism — see docs/ruleset-authoring.md.

A full external legal review will land in a ruleset-2024-1689-v1.1 release with legal_status: REVIEWED. Tracked under Legal review status below.

---

Screen your AI system against the eight prohibited-practice categories of Article 5 of the EU AI Act (Regulation (EU) 2024/1689). Get a per-category Red / Amber / Clear verdict with regulatory citations, confidence levels, and remediation guidance — in under 60 seconds, without a sales call, without a paywall, and without uploading data to any server.

Built by AI Exponent LLC. Apache 2.0. Runs entirely offline after pip install.

Quick Start

pip install litmus-screener   # the brand is "LitmusAI"; the PyPI distribution is "litmus-screener"

# Quick screen from a text description
litmus screen --describe "a chatbot for mental health support for teenagers"

# Or from a structured YAML file
litmus init                    # creates system.yaml template
litmus screen system.yaml      # full screening with all 8 categories
litmus export report.json --format pdf

How It Works

graph LR
    A["system.yaml<br/>or --describe"] --> B["Parse +<br/>Validate"]
    B --> C["Rule Engine<br/>(22 rules)"]
    C --> D{"Per-category<br/>verdict"}
    D -->|RED| E["Prohibition<br/>likely"]
    D -->|AMBER| F["Legal review<br/>required"]
    D -->|CLEAR| G["No indicators<br/>found"]

    style A fill:#FCFCFA,color:#0F1419,stroke:#E4E2DC
    style B fill:#FCFCFA,color:#0F1419,stroke:#E4E2DC
    style C fill:#0D5463,color:#FCFCFA,stroke:#0D5463
    style D fill:#F5F4EF,color:#0F1419,stroke:#E4E2DC
    style E fill:#9D2929,color:#FCFCFA,stroke:#9D2929
    style F fill:#B8791C,color:#FCFCFA,stroke:#B8791C
    style G fill:#0B7A4B,color:#FCFCFA,stroke:#0B7A4B

What LitmusAI Does

• Screens AI systems against all 8 categories of Article 5(1)(a)-(h)
• Produces deterministic verdicts: same input = same output, always
• Generates audit-ready reports (JSON, SARIF, Markdown)
• Runs in CI/CD as a pre-merge gate (GitHub Action included)
• Works fully offline — zero network calls, zero telemetry
• Supports Bring-Your-Own-Ruleset — plug in your lawyer's signed interpretation

Article 5 Categories Covered

Category	Prohibition	Verdict logic
5.1.a	Harmful manipulation	RED if subliminal + behaviour change
5.1.b	Exploitation of vulnerabilities	RED if targeting minors/vulnerable + behaviour predictions
5.1.c	Social scoring	RED if individual scores + behaviour history
5.1.d	Criminal risk prediction	RED if profiling-based criminal risk output
5.1.e	Untargeted facial scraping	RED if facial images + scraped data
5.1.f	Emotion inference (work/education)	RED in workplace/education; AMBER in healthcare
5.1.g	Biometric categorisation	RED if biometric + sensitive attribute classification
5.1.h	Real-time remote biometric ID	RED if biometric + public space + real-time

CI/CD Integration

# .github/workflows/article5.yml
- uses: aiexponenthq/litmusai/.github/actions/litmusai-screen@v1
  with:
    path: system.yaml
    fail-on: amber

Commands

Command	Description
litmus init	Create starter system.yaml
litmus screen	Screen a system (YAML or --describe)
litmus verify	Check report hash integrity
litmus portfolio	Batch screen a directory
litmus export	Export to JSON, Markdown, or SARIF
litmus debug	Show rule-firing trace
litmus use-ruleset	Set a custom BYO ruleset
litmus verify-ruleset	Validate a ruleset file
litmus ruleset-info	Show active ruleset provenance

Documentation

• Getting Started
• Article 5 Coverage
• Bring Your Own Ruleset
• CI Integration

Important Disclaimers

Legal review status

UNREVIEWED REFERENCE RULESET

The default LitmusAI ruleset (ruleset-2024-1689-v1.0) is a good-faith engineering interpretation of Article 5, authored by AiExponent's internal compliance panel. It has not been reviewed or signed by a qualified EU AI Act lawyer and is not legal advice.

A full external legal review will land in a future ruleset-2024-1689-v1.1 release with legal_status: REVIEWED and a SIGNED provenance header. The package version (litmusai 1.0.0) reflects API stability — the legal-review status rides on the ruleset version + the explicit ruleset_legal_status: UNREVIEWED line printed by litmus version.

If your organisation needs a lawyer-signed ruleset today, see docs/ruleset-authoring.md for the BYO-ruleset path. A complete dummy-signed example ships in tests/fixtures/rulesets/acme-corp-signed-v1.0.json.

Every screening is a screening, not a certification. Not legal advice. Not a notified body.

Privacy

LitmusAI makes zero network calls during screening. No telemetry, no usage metrics, no crash reports. Your system descriptions never leave your machine. Enforced in CI via pytest-socket --disable-socket.

License

Apache 2.0 — see LICENSE.

---

_{aiexponent.com · hello@aiexponent.com · Built in the open · Apache 2.0}