5 minutes to your first audit trail

From pip install to tamper-evident audit logs

Add EU AI Act compliance infrastructure to your AI agent with zero configuration. SQLite storage, HMAC-SHA256 signing, policy enforcement — all out of the box.

1
Install AIR Blackbox

One package. No dependencies beyond Pydantic. Works on Python 3.10+.

Terminal
$ pip install air-blackbox Collecting air-blackbox Downloading air_blackbox-0.2.0-py3-none-any.whl Installing collected packages: air-blackbox Successfully installed air-blackbox-0.2.0
2
Run the demo

See the full agent action lifecycle: policy checks, human approval gates, blocked actions, and cryptographic chain verification. No server needed.

Terminal
$ air-blackbox demo AIR BLACKBOX — The AI Action Firewall [1/7] Agent searches for candidates Agent: recruiting-agent-001 Action: search → linkedin_search Decision: AUTO-ALLOWED ✓ [2/7] Agent wants to send outreach email Decision: PENDING APPROVAL ⏳ [3/7] Human approves the email Decision: APPROVED by [email protected] Human-in-the-loop oversight: Article 14 ✓ [4/7] Agent tries to delete records Decision: BLOCKED ✗ AI agents cannot delete data — ever [5/7] Simulating 5 more approved emails ✓ Email #1: Alex Chen (Netflix) ✓ Email #2: Maria Garcia (Airbnb) ✓ Email #3: James Wilson (Databricks) [6/7] Verifying HMAC-SHA256 audit chain Chain integrity: VALID 8 events verified. Zero tampering detected. [7/7] Audit summary Total events: 8 | Approved: 6 | Blocked: 1 EU AI Act: Art.9 ✓ Art.12 ✓ Art.14 ✓ Art.15 ✓
What just happened

Your AI agent ran 8 actions through AIR Blackbox. Every action was policy-checked, signed with HMAC-SHA256, and chained into a tamper-evident audit trail stored in a local SQLite database. No external services, no API keys, no configuration files.

3
Add to your own agent

Drop AIR Blackbox into your existing code. Record actions, enforce policies, and verify audit chains programmatically.

your_agent.py
from gate.events import EventStore, GateEvent from gate.policy import PolicyEngine, PolicyRule # Initialize — SQLite storage, zero config store = EventStore( signing_key="your-secret-key", storage_path="audit.db" ) policy = PolicyEngine(rules=[ PolicyRule( name="approve-emails", action_type="email", decision="require_approval", ), PolicyRule( name="block-deletes", action_type="db_delete", decision="block", ), ]) # Before your agent takes any action: decision = policy.evaluate( agent_id="my-agent", action_type="email", tool_name="send_email", ) # Record the event (signed + chained automatically) event = GateEvent( agent_id="my-agent", action_type="email", tool_name="send_email", payload={"to": "[email protected]"}, result=decision["decision"], ) store.record(event) # Verify the chain anytime result = store.verify_chain() print(f"Chain valid: {result['valid']}")

What you get out of the box

Every feature maps directly to an EU AI Act article requirement.

Policy Engine
Article 9 — Risk Management
Data Validation
Article 10 — Data Governance
HMAC Audit Chains
Article 12 — Record-Keeping
Approval Gates
Article 14 — Human Oversight
Action Blocking
Article 15 — Robustness
PII Detection
GDPR + Article 10

Next steps

Start the full server

For production use with REST API, Slack approvals, and compliance reports:

$ pip install air-blackbox[server] $ uvicorn gate.proxy:app --reload

Scan your existing code

Check your Python AI project for EU AI Act compliance patterns:

$ pip install air-blackbox-mcp $ air-blackbox-mcp scan .

Docker Compose full stack

Gateway + Dashboard + Jaeger tracing in one command:

$ git clone https://github.com/airblackbox/air-gate $ cd air-gate && docker compose up Gate API → http://localhost:8000 Dashboard → http://localhost:3000 Jaeger Tracing → http://localhost:16686

The EU AI Act deadline is August 2, 2026

Start building compliance infrastructure today. It takes 5 minutes.

Install from PyPI View on GitHub