Open-source AI Governance, Risk & Compliance (AI-GRC) Platform
Getting Started · Architecture · API Reference · Guard Module · RAG Module · Report a Bug
Every company shipping AI in Europe now faces legal obligations under the EU AI Act (in force April 2026). Most compliance tools cost thousands per month and are closed-source.
AegisAI is the open-source alternative — a full-stack platform that combines three things into one:
| Module | What it does |
|---|---|
| Compliance Engine | Register AI systems, classify EU AI Act risk (Minimal / Limited / High / Unacceptable), generate required documentation |
| LLM Guard | Real-time prompt injection detection using regex + DistilBERT/DeBERTa ML classifier — protect your LLM APIs |
| RAG Intelligence | Ask natural language questions about EU AI Act, GDPR, ISO 42001 — grounded answers from regulatory source docs |
| Layer | Technology |
|---|---|
| Frontend | React 18, TypeScript, Vite, Tailwind CSS |
| Backend | Python 3.11, FastAPI, SQLAlchemy, PostgreSQL |
| ML (Guard) | PyTorch, HuggingFace Transformers (DeBERTa-v3), scikit-learn |
| RAG | LangChain, FAISS, OpenAI Embeddings |
| MLOps | MLflow, Prometheus metrics |
| Infra | Docker, Kubernetes (HPA configs included) |
| Auth | JWT, bcrypt |
| Payments | Stripe (optional) |
git clone https://github.com/SdSarthak/AegisAI.git
cd AegisAI
cp backend/.env.example backend/.env
# Edit backend/.env — add your GEMINI_API_KEY and/or OPENAI_API_KEY
docker compose up -d- Frontend: http://localhost:5173
- Backend API + Swagger: http://localhost:8000/docs
# Backend
cd backend
python -m venv venv && source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
cp .env.example .env # fill in values
uvicorn app.main:app --reload
# Frontend (new terminal)
cd frontend
npm install
npm run devAegisAI/
├── backend/
│ ├── app/
│ │ ├── api/v1/ # REST endpoints (auth, ai_systems, guard, rag, ...)
│ │ ├── core/ # Config, DB, JWT security
│ │ ├── models/ # SQLAlchemy ORM models
│ │ ├── schemas/ # Pydantic request/response schemas
│ │ └── modules/
│ │ ├── guard/ # LLM Guard — regex + ML classifier + sanitizer
│ │ ├── rag/ # RAG — vector store, retrieval chain, MLflow
│ │ └── llm/ # LLM client (OpenAI-compatible)
│ ├── data/ # Training data for Guard classifier
│ └── tests/
├── frontend/ # React + TypeScript dashboard
├── infra/ # Kubernetes deployment & HPA configs
├── notebooks/ # Jupyter — train Guard classifier on GPU (Colab-ready)
├── docs/ # Architecture, API reference, module guides
└── docker-compose.yml
- EU AI Act risk classification engine
- AI system registry + compliance dashboard
- Compliance document generation (Technical Docs, Risk Assessment, Conformity Declaration)
- LLM Guard — regex filter + ML intent classifier + sanitizer
- RAG query endpoint (plug in your regulatory documents)
- Pre-loaded regulatory knowledge base (EU AI Act, GDPR, ISO 42001, NIST AI RMF)
- Audit log for all Guard scan decisions
- Stripe billing integration
- OAuth2 / SSO support
- Multi-regulation support (UK AI Bill, India DPDP)
- Analytics dashboard (compliance score over time)
- Slack / webhook notifications for compliance drift
These open items are great places to contribute — see CONTRIBUTING.md.
We welcome contributions of all kinds — code, docs, tests, regulatory expertise.
See CONTRIBUTING.md for the full guide.
Not sure where to start? Browse issues labelled:
good first issue— beginner-friendlyhelp wanted— intermediatehigh priority— advanced / impactful
AegisAI is licensed under AGPL-3.0-only.
- Free for open-source and self-hosted use.
- If you run a modified version as a SaaS, you must release your source code.
- For commercial licensing, contact the author.
Copyright (C) 2024 Sarthak Doshi (@SdSarthak)