Open Standard

Machine-readable AI compliance metadata

Agent Passport is an open JSON Schema that makes AI compliance data portable, verifiable, and automatable. Like package.json — but for regulatory compliance.

View on GitHub →

Open SourceJSON Schemav1.0

Schema Preview

complior.json

{
  "name": "Customer Support AI",
  "vendorName": "Acme Corp",
  "description": "AI-powered customer service chatbot for EU market",
  "purpose": "Automated customer query resolution",
  "domain": "customer-service",
  "riskLevel": "limited",
  "autonomyLevel": "L2",
  "framework": "langchain",
  "modelProvider": "openai",
  "modelId": "gpt-4o",
  "dataResidency": "EU",
  "lifecycleStatus": "active",
  "detectionPatterns": [
    "langchain",
    "@langchain/openai"
  ],
  "versions": {
    "sdk": "0.2.1",
    "model": "gpt-4o-2024-08-06"
  },
  "manifestVersion": "1.0",
  "extendedFields": {
    "gdprDpia": true,
    "humanOversightContact": "compliance@acme.com"
  }
}

Field Reference

namestring

AI tool/agent name

vendorNamestring

Organization that built the tool

descriptionstring

What the tool does (max 5000 chars)

purposestring

Intended use case

domainstring

Industry domain (healthcare, finance...)

riskLevelenum

prohibited | high | gpai | limited | minimal

autonomyLevelenum

L1 (human-in-loop) → L5 (fully autonomous)

frameworkstring

ML framework (pytorch, langchain...)

modelProviderstring

LLM provider (openai, mistral...)

modelIdstring

Specific model identifier

dataResidencystring

Where data is processed (EU, US...)

lifecycleStatusenum

draft | review | active | suspended | retired

detectionPatternsstring[]

Patterns for automatic discovery

versionsobject

Version map (sdk, model versions)

manifestVersionstring

Schema version (e.g., "1.0")

extendedFieldsobject

Custom org-specific fields

How It Works

01Init

~30 seconds

$ npx complior agent:init

? AI tool name: Customer Support AI
? Vendor name: Acme Corp
? Risk level: limited
? Framework: langchain

✓ Created complior.json

Creates complior.json in your project root with guided prompts.

02Scan

~2 minutes

$ npx complior

Scanning project...
  ✓ Detected: langchain, @langchain/openai
  ✓ Model: gpt-4o (OpenAI)
  ✓ Data residency: EU
  ✓ 12/36 fields populated
  ⚠ Recommended: add autonomyLevel

Score: 68/100 (Grade: C)

CLI reads your passport, scans your codebase, and auto-fills detected metadata.

03Sync

~10 seconds

$ npx complior sync --token YOUR_API_KEY

Syncing to Complior dashboard...
  ✓ Passport uploaded
  ✓ Score recalculated: 72/100
  ✓ Dashboard updated

View: https://app.complior.ai/tools/customer-support-ai

Push compliance data to Complior dashboard for monitoring and reporting.

Use Cases

🔄

Dev to Dashboard

Developers commit complior.json to their repo. CI/CD syncs it to the Complior dashboard. Compliance team sees real-time status without bothering developers.

🔍

Vendor Transparency

AI vendors publish their compliance passport alongside their product. Customers can verify compliance claims before procurement.

📋

Audit-Ready

Auditors use the structured passport data instead of reviewing hundreds of pages. Machine-readable = faster, cheaper audits.

📊

Portfolio View

Organizations with 10+ AI tools track all compliance passports in one dashboard. Spot gaps across your entire AI portfolio.

Getting Started

Quick Start

# Initialize a new passport in your project

$ npx complior agent:init

# Scan and auto-fill detected metadata

$ npx complior

# Sync passport to Complior dashboard

$ npx complior sync --token YOUR_API_KEY

Validation

$ npx complior agent:validate

✓ complior.json is valid

✓ 12/36 fields populated

⚠ Recommended: add riskLevel, autonomyLevel, dataResidency

CI/CD Integration

# .github/workflows/compliance.yml
name: Compliance Check
on: [push]
jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx complior agent:validate
      - run: npx complior sync --token ${{ secrets.COMPLIOR_TOKEN }}

Community & Contribution

Agent Passport is an open RFC. We welcome contributions from the compliance and developer community.

New Fields

Propose new schema fields via RFC issue

Industry Extensions

Domain-specific extendedFields schemas (healthcare, finance...)

Tool Integrations

Parsers for other compliance tools and formats

Translations

Schema descriptions in other EU languages

GitHub Issues →RFC Discussions →

Add compliance metadata to your AI project

One file. One command. Full EU AI Act compliance tracking.

View on GitHub →