Getting Started
AIR Blackbox is an open-source compliance scanning platform for Python AI agents. It checks your code against EU AI Act Articles 9, 10, 11, 12, 14, and 15 and provides actionable remediation guidance.
What It Does
- Scans Python AI agent code for compliance gaps
- Detects frameworks (LangChain, CrewAI, AutoGen, OpenAI, RAG)
- Reports findings with severity levels and article references
- Remediates by generating trust layer code you can copy-paste
- Protects against prompt injection with 15+ detection patterns
- Verifies audit trails via HMAC-SHA256 chains
Quick Install
```bash pip install air-blackbox-mcp ```
Three Ways to Use AIR Blackbox
1. MCP Server (Claude Desktop)
The fastest way to get started. Install the MCP server and use it directly in Claude Desktop:
```bash pip install air-blackbox-mcp ```
Then add to your Claude Desktop config. See the MCP Server guide for full setup.
2. Python Library
Import and use directly in your Python projects:
```python from air_blackbox_mcp.scanner import scan_code
results = scan_code(your_agent_code) print(results) ```
3. GitHub Action
Add compliance scanning to your CI/CD pipeline:
```yaml
- uses: airblackbox/air-compliance-action@v1 with: path: ./src ```
See the GitHub Action guide for full configuration.
EU AI Act Articles Covered
| Article | Requirement | What AIR Checks |
|---|---|---|
| Art. 9 | Risk Management | Risk classification of tools and functions |
| Art. 10 | Data Governance | Data handling and privacy controls |
| Art. 11 | Technical Documentation | Logging and audit trail presence |
| Art. 12 | Record-Keeping | Audit ledger and HMAC chain verification |
| Art. 14 | Human Oversight | Human-in-the-loop and approval gates |
| Art. 15 | Accuracy & Robustness | Input validation and injection protection |
Supported Frameworks
AIR Blackbox detects and provides framework-specific guidance for:
- LangChain / LangGraph — via `air-langchain-trust`
- CrewAI — via `air-crewai-trust`
- AutoGen — via `air-autogen-trust`
- OpenAI SDK — direct integration
- RAG pipelines — custom trust layer support
Next Steps
- Scanning Guide — How compliance scanning works
- MCP Server Setup — Use in Claude Desktop
- GitHub Action — Add to CI/CD
- Trust Layers — Framework integrations