Skip to content
Venturalítica

Quickstart

🟡 Partial — The e2e arc runs on the repository's fixtures (Python+DVC); the resulting Annex IV is still partial.

This quickstart runs the loan example bundled in the repository: a high-risk credit classifier with a fairness control (disparate impact) whose first version fails the gate and whose treatment — promoted as a commit — closes it. The arc materialises the ISO 23894 §6.4–§6.5 risk treatment loop with signed evidence (ECDSA-P256+DSSE+in-toto).

Requirements

Section titled “Requirements”
  • sei built (Installation).
  • uv (Python ≥ 3.11) and dvc ≥ 3 installed and on the PATH.
  • The monorepo cloned locally.

Fastest path: run the integration test

Section titled “Fastest path: run the integration test”

The loan project files live in crates/seigarrena-cli/tests/resources/loan/. The integration harness (crates/seigarrena-cli/tests/scenarios.rs) sets up the project in a temporary directory, initialises the uv environment, and runs the full arc:

Terminal
cargo test -p seigarrena-cli --test scenarios loan -- --nocapture

The test verifies all arc steps (red gate → treatment → green gate → conformance → cycle reconstruction) and fails if any invariant is not met. This is the canonical way to confirm that the installation works.

The arc step by step

Section titled “The arc step by step”

The following steps are exactly what the test above runs; you can reproduce them manually on the crates/seigarrena-cli/tests/resources/loan/ directory in a temporary copy.

  1. Compile the risk program to OSCAL

    Terminal
    sei compile

    Converts the risk program — the risk: section of sei.yaml (5 risks, 16 measures, Art. 9) — into the OSCAL assessment plan (10 ex-ante controls). Writes the file declared in the oscal.assessment_plan field of sei.yaml.

  2. Run V1 — red gate

    Terminal
    sei run

    sei run invokes dvc repro (pipeline featurize → evaluate), measures the 10 ex-ante controls with venturalitica-sdk, and applies the risk gate. Produces .sei/bundle.json (signed) and sei.lock.

    The blocking control unfair-credit-exclusion fails: the gender disparate impact measures above the 0.03 threshold (EU AI Act Art. 10; DORA Art. 6). sei run exits with a non-zero code. The bundle is still signed and anchored.

  3. Explore the treatment candidate (without committing)

    Terminal
    cp train_mitigated.py train.py
    dvc exp run
    dvc exp show

    dvc exp run executes V2 (ExponentiatedGradient + DemographicParity mitigation) as a DVC experiment without committing. dvc exp show compares the candidate metric against the V1 baseline and confirms that the disparate impact would close the gate.

  4. Commit the treatment (V2)

    Terminal
    git add train.py
    git commit -m "T1: treatment — promote V2 (mitigated train.py, candidate that closes the gate)"

    The commit is the ISO 23894 §6.5 treatment: a versioned change to which sei reconstruct can attribute the FAIL→PASS arc. Only train.py changes; featurize.py, the data and the classification are reused (type-B drift, Art. 15).

  5. Run V2 — green gate

    Terminal
    sei run

    dvc repro detects that train.py (a dependency of the evaluate stage) changed, recomputes only that stage, and produces the new metrics.json and dvc.lock. The unfair-credit-exclusion control passes (disparate impact ≈ 0.015 < 0.03). sei run exits 0.

  6. Project conformance onto the applicable standards

    Terminal
    sei conformance

    The same signed bundle is projected onto the clause catalogues of prEN 18228 (priority) and ISO 23894 and emits one report per standard (COVERED / PARTIAL / GAP per clause).

  7. Record management approval

    Terminal
    sei approve --by "Jane Roe <jane@org>"

    Creates an empty git commit with a Sei-Approved-by: trailer. The act is timestamped and attributed; sei reconstruct picks it up as ISO 42001 §6.1.3 approval.

  8. Reconstruct the treatment cycle

    Terminal
    sei reconstruct --out

    Deterministic replay of the bundle’s git history. Produces .sei/reconstruct.json (signed): the complete per-risk cycle (①identification → ②analysis → ③evaluation → ④treatment → ⑤residual).

  9. Commit the signed evidence

    Terminal
    git add .sei/
    git commit -m "evidence: cycle T1 (signed bundle + conformance + reconstruction)"

    Depositing the signed evidence in the repository is the act the cloud plane reads to assemble and render the Annex IV (Art. 11). The engine does not emit the Annex IV: the cloud builds it from the signed bundle.json.

Artifacts produced

Section titled “Artifacts produced”
ArtifactProduced byContents
.sei/bundle.json + .sigsei runSigned evidence (controls, treatments, risk analysis, dvc.lock)
sei.locksei runFreshness anchor (pipeline phase hashes)
.sei/conformance/*.json + .sigsei conformance --outPer-standard conformance reports (prEN 18228, ISO 23894)
.sei/reconstruct.json + .sigsei reconstruct --outISO 23894 treatment cycle reconstructed per risk

The Annex IV (Art. 11) is not an engine artifact: the cloud plane assembles and renders it from the signed bundle.json. See View the Annex IV.

Next steps

Section titled “Next steps”
Your first compliant system Full walkthrough: create a project from scratch, declare risks, run the complete arc.
What is Risk-Driven Development The normative frame (ISO 23894, EU AI Act Art. 9) and the red/green analogy.
Status & gaps Source of truth on project maturity and the gaps towards a complete Annex IV.