Skip to content
Venturalítica

Glossary

✅ Stable

Reference glossary for humans and agents. Each term includes a one- or two-line definition and a link to the page where it is described in depth. Entries are ordered alphabetically.

A

Section titled “A”

Annex IV — Technical documentation required by EU AI Act Art. 11 for high-risk systems. It contains the system description, training data (§2), human oversight (§7), accuracy and robustness (§8), among other sections. It is not an artifact emitted by the engine: it is assembled and rendered by the cloud (control plane) from the signed bundle.json, with provenance per field, and delivered as a PDF. See EU AI Act.

risk appetite — The level of risk the organisation is willing to accept for each dimension (individual, society, organisation). Declared in sei.yaml under risk.appetite and used in the ISO 23894 §6.4.4 evaluation: if the inherent level exceeds the appetite, the risk requires treatment. See ISO 23894.

AssuranceProgram — The Art. 9 risk programme: the set of risks, measures, appetite, and provenance. It is not a separate file but a section of sei.yaml (the risk: block, alongside context: and system.potential_misuses). sei compile reads that section, builds the AssuranceProgram in memory, and generates the OSCAL assessment plan. See OSCAL/AssuranceProgram reference.

B

Section titled “B”

red/green loop — The central cycle of Risk-Driven Development: sei run measures the system against declared controls; a failing blocking control returns a RED gate (exit ≠ 0) and requires a treatment; the treatment is committed; sei run re-measures; the gate turns GREEN. See The red/green loop.

evidence bundle — The signed artefact .sei/bundle.json (ECDSA-P256+DSSE+in-toto) that anchors, in each iteration, the code, model, dataset, metrics, and gate result. The signature guarantees the bundle was not altered after execution. See .sei/* artefacts.

C

Section titled “C”

conformance by projection — Mechanism by which a single AssuranceProgram and evidence bundle are projected onto N standards (sei conformance --standard <id>) without re-annotating the scenario. The sei engine supports prEN 18228 and ISO 23894. See Guide: dual conformance and Crosswalk reference.

Croissant — Dataset metadata format (mlcommons/croissant) declared in sei.yaml under dataset.croissant. The descriptor declares the dataset’s provenance and fairness attributes; the engine anchors its digest in the bundle. Satisfies the governance requirements of EU AI Act Art. 10. See Guide: datasets with Croissant.

D

Section titled “D”

declared / proposed_by_kag / derived_from_gap — The three values of the provenance field for a risk in the AssuranceProgram. declared: the risk was written by the team. proposed_by_kag: the KAG proposed it during sei assess and the human approved it. derived_from_gap: it emerged from a data_gap detected by the engine. See Living AssuranceProgram.

typed drift A/B/C — Classification of changes affecting the system: A (substantial: changes input, output, or purpose → full re-triage), B (routine: changes model or prompt → re-measurement only), C (data: changes the dataset). See Typed drift.

DSSE / in-toto — Artefact signing standards. Dead Simple Signing Envelope (DSSE) is the signing envelope; in-toto provides the chain-of-custody model. The sei engine signs each .sei/* with ECDSA-P256+DSSE+in-toto+JCS. See Guide: sign and verify evidence.

E

Section titled “E”

ECDSA-P256 — Elliptic-curve signature algorithm (NIST P-256, SHA-256, deterministic RFC 6979 signatures). The sei engine uses it to sign each .sei/* artefact via the p256 crate (RustCrypto); the signing backend is pluggable (LocalSigner or ScalewayKmsSigner). The public key (uncompressed SEC1, 65 bytes) allows signature verification without access to the private key. See Guide: sign and verify evidence.

F

Section titled “F”

freshness gate — Check that no pipeline dependency (code, model, data, parameters) has changed since the last anchor without re-execution. sei status detects the stale state without recomputing. See Two gates.

risk gate — Check that all blocking controls in the AssuranceProgram pass in the current iteration. A single failing control returns exit ≠ 0 (RED gate). See Two gates and The red/green loop.

K

Section titled “K”

KAG — Knowledge Assessment Graph. Python component that proposes undeclared risks during sei assess from the system context (Croissant metadata, historical metrics, etc.). In v1 it is a deterministic mock; the real API service is a future line. See Guide: run the KAG.

O

Section titled “O”

OSCAL — Open Security Controls Assessment Language (NIST). Standard format for assessment plans and conformance statements. sei compile generates the assessment_plan.oscal.yaml from the AssuranceProgram; each control is an OSCAL control. See Reference: AssuranceProgram / OSCAL.

P

Section titled “P”

provenance — Origin of each field in the bundle or AssuranceProgram. When the cloud assembles the Annex IV from the signed bundle, it tags each field: declared (from sei.yaml), derived_from_bundle (from the pipeline and metrics), derived_from_git (from the commit history). For risks: declared, proposed_by_kag, derived_from_gap. See Guide: Render the Annex IV.

R

Section titled “R”

RDD — Risk-Driven Development — A software-engineering term (Boehm, spiral model; Fairbanks, risk-driven architecture) that Venturalítica specializes for AI conformity: a development framework in which AI risk treatment (ISO 23894 §6.5) is expressed as versioned changes in git, so that each treatment commit closes a traceable, attributable, and signed risk cycle. See What is RDD and its lineage.

residual (per-risk vs global) — Residual risk can be evaluated at two levels: per-risk (§6.5 ISO 23894): the level remaining after applying the declared measures for a specific risk. Global (prEN 18228 cl. 10): the system-level aggregate risk, which may exceed the criterion declared in overall_residual_criterion even if individual risks are closed. See ISO 23894 and prEN 18228.

S

Section titled “S”

Reproducer seam — Core Rust interface that abstracts pipeline reproduction. Based on the value of pipeline.tool in sei.yaml, it dispatches to the corresponding adapter (DVC, MLflow, Dagster). The core never imports any MLOps tool SDK directly. See Guide: integrate your pipeline.

sei.lock — Anchor file generated by sei run recording the digests of code, model, dataset, and the pipeline_lock_digest (from dvc.lock). sei status uses it to detect which components are stale without recomputing. See Reference: sei.lock.

sei.yaml — Single system manifest: declares intended_purpose, modality, task type, evaluator, pipeline, Croissant dataset, and the Art. 9 risk programme (the risk: section, with the appetite and the risks). It is the entry point for sei compile and sei run. See Reference: sei.yaml.

.sei/* / SeiArtifact — Set of signed artefacts written by the engine under the .sei/ directory: bundle.json, conformance/<slug>.json, and reconstruct.json, each with its .sig. The Annex IV is not here: the cloud assembles it from bundle.json. SeiArtifact<T> is the Rust type that wraps the typed content with the signature. See Reference: .sei/* artefacts.

UNDERPOWERED / power-stats — Warning emitted by the engine when the bootstrap confidence interval of a metric (with cluster by patient or by sample) crosses the control threshold. In v1 it is advisory (does not block); in production it would require expanding the validation cohort (EU AI Act Art. 10(5)). See The red/green loop.

T

Section titled “T”

treatment (+ the three modalities) — Action that closes an ISO 23894 §6.5 risk cycle. The three supported modalities are: (1) code change (modifies the trainer, e.g. adding bias mitigation), (2) parameter adjustment (modifies params.yaml, e.g. use_mitigated: false → true in retinopathy), (3) prompt adjustment (planned, deferred to a later version). All are committed to git. See The three treatment modalities.