EU AI Act enforcement · August 2026 · < 90 days

The Compliance Engine for AI Agents.

13 structural compliance primitives. Every EU AI Act article, structurally enforced at the execution layer.
Not configuration files. Not prompts. Code that cannot be bypassed.

See the 13 Primitives ↓ Get Started (OSS)

Apache 2.0 · Free forever 124 unit tests · 100% pass rate HMAC-SHA256 tamper-evident logs Finance · Healthcare · Pharma · Legal · Enterprise

The Compliance Backbone

13 primitives. Every article.
Nothing left to chance.

Each primitive is a concrete Python class in lar.compliance. Not a helper. Not a decorator. A structural graph node that cannot execute unless its compliance condition is satisfied.

Art.12

AuditLogger + HMAC-SHA256

State-diff causal trace at every node. Tamper-evident: one byte changed post-run → verification fails.

GDPR

PIIRedactionEngine

Strips PII before HMAC signing. Satisfies Art. 17 right to erasure while preserving audit integrity.

15(4)

CredentialVault

JIT token provisioning. No static API keys held in agent state — eliminates prompt injection attack surface.

Art.9

PolicyRegistry + RiskScorerNode

Action-level risk taxonomy. Routes to human oversight when confidence + risk tier cross the threshold.

Art.14

HumanJuryNode STRUCTURAL STOP

Graph halts. Not a prompt instruction. The execution graph physically cannot continue until a human approves via CLI or API.

Art.14

BranchTriageNode NEW v2.1.0

Fractal agents: preserves per-branch findings before ReduceNode compression. Human jury sees every CRITICAL flag — not just the rolled-up score.

12/14

AuthorityLedger

HMAC-signed record of every human decision: who approved, their role, rationale, risk score, UTC timestamp. The "Fourth Tier" oversight artefact.

AEPD

LethalTrifectaGuard

AEPD Rule of 2. Blocks simultaneous untrusted input + PII access + autonomous action without a prior HumanJuryNode decision.

Art.5

ProhibitedPracticeGuard

Scans final output for subliminal manipulation, vulnerability exploitation, and social scoring patterns. Raises hard block on any Art. 5 violation before the result leaves the graph.

18283

BiasFilterNode

Scans LLM output for protected characteristics (race, gender, age, disability) before any action. Routes to jury if detected.

13/50

TransparencyEngine + SyntheticMarkerNode

Records AI_INTERACTION_DISCLOSURE events. Appends machine-readable AI content marker to every final output per Art. 50(2).

3(23)

RuntimeStateVersioner

Snapshots tool catalogue + policy bindings before and after execution. Drift vs conformity baseline = Substantial Modification flag.

Step 9

ComplianceManifestGenerator

Static graph traversal before execution. Inventories every tool, LLM, and affected party. The regulatory map your Notified Body needs.

Pre-configured domains

Finance (MiFID II · DORA)Healthcare (MDR · HIPAA)Pharma (ICH GCP · EMA)HR (Equality Act · GDPR)Legal (DSA · UPL)

EU AI Act Deep Dive → Full Reference → Showcase Breakdown →

Live Proof

One run. Three HMAC-signed artefacts.
Verifiable by anyone, anywhere.

Run the EU AI Act Finance Showcase against a simulated €500,000 SME loan application. Every compliance primitive fires in sequence and produces court-admissible audit artefacts.

Artefact 1

compliance_manifest.json

Static inventory of every tool, LLM, and affected party — generated before execution. The regulatory map for your Notified Body.

Regulatory basis: Step 9 (Nannini et al.) · Annex IV

Artefact 2

run_<uuid>.json

Full causal trace — every node, state diff, prompt, and outcome. HMAC-SHA256 signed. PII stripped before signing.

Regulatory basis: Art. 12 — Record-Keeping

Artefact 3

authority_ledger.json

Signed record of every human oversight exercise: who, what role, what they approved, at what risk score, and why.

Regulatory basis: Art. 14 — Human Oversight

Verify any artefact — no vendor access required

$ python examples/compliance/11_verify_audit_log.py

run_<uuid>.json $HMAC_SECRET

[+] VERIFICATION SUCCESSFUL

Why Compliance is Possible

You can't audit a Black Box.
Lár is a Glass Box.

The compliance primitives only work because the execution engine is deterministic. Every decision path is explicit code — no hidden chains, no "magic loops." When a 429 hits, here's the difference:

Architecture Deep Dive → Audit Log Internals →

The Black Box

// support_app_lc.py execution

final_response = full_agent_chain.invoke({"task": task})

Traceback (most recent call last):

File "langchain_core/runnables/base.py", line 2877, in invoke

input = context.run(step.invoke, input, config, **kwargs)

File "langchain_core/runnables/passthrough.py", line 495, in invoke

return self._call_with_config(self._invoke, input, config, **kwargs)

File "langchain_google_genai/chat_models.py", line 198, in _chat_with_retry

return _chat_with_retry(**kwargs)

File "tenacity/__init__.py", line 418, in exc_check

raise retry_exc.reraise()

google.api_core.exceptions.ResourceExhausted: 429 You exceeded your current quota.

> System Crash. Stack depth: 129 lines.
> State lost. Audit trail: none.

The Lár Glass Box

Structured errors. Instant clarity.

{
  "run_id": "ab7c23bb-481e-4241",
  "step": 4,
  "node": "LLMNode",
  "outcome": "error",
  "error": {
    "code": 429,
    "message": "You exceeded your current quota...",
    "status": "RESOURCE_EXHAUSTED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.QuotaFailure",
        "violations": [
          {
            "quotaMetric": "generate_content_free_tier_requests",
            "quotaValue": "2"
          }
        ]
      }
    ]
  }
}

Runtime-Adaptive · Still Compliant

The graph shape changes.
The guarantees don't.

Most pipelines are hardcoded — every branch defined at development time. AdaptiveNode breaks that: the number, type, and sequence of processing nodes is decided at runtime based on what the agent actually receives.

A simple NDA → 1 review node. A multi-party software license → 3 parallel specialists: legal terms, financial liability, GDPR compliance. You define the approved tools. The LLM designs the graph. TopologyValidator — pure Python, not an LLM — enforces the allowlist and rejects cycles before a single node executes.

Every generated spec is logged to the HMAC-signed Causal Trace before execution. All 13 compliance primitives work inside generated subgraphs exactly as in static ones. In fractal agents — a manager spawning parallel specialists — BranchTriageNode ensures the human jury sees per-branch findings, not just a rolled-up score. That is the difference between a rubber stamp and Art. 14 compliance.

How AdaptiveNode works → Fractal agents + compliance →

Without BranchTriageNode

BatchNode → ReduceNode → HumanJuryNode

Human jury sees:

"Overall risk: HIGH"

Which branch triggered it? Unknown.
Art. 14 requires meaningful oversight — this isn't it.

With BranchTriageNode

BatchNode → BranchTriageNode → RouterNode

↓ critical → HumanJuryNode (pre-consolidation)

↓ ok → ReduceNode → HumanJuryNode

Human jury sees:

"Overall: HIGH

⚠ Financial: CRITICAL — uncapped liability

⚠ GDPR: HIGH — retention clause missing

⚠ Legal: MEDIUM — arbitration absent"

Per-branch evidence. Meaningful oversight. Art. 14 compliant.

The Benchmark

Stress Test: 60-Node Swarm

Don't burn money on
Magic Loops.

We built the same "Corporate Swarm" using standard agent frameworks and Lár. The difference isn't just speed. It's viability.

See the Code → View High-Scale Library →

Cost Per Run

$0.00

vs $3.60 (Standard)

Latency

0.08s

vs 64s (Standard)

Crash Rate

Standard agents hit RecursionLimit at step 25.
Lár ran 10,000+ steps without a single error.

No other framework can do this

Every crash is a
resumption point.

Other frameworks can't reliably resume a crashed execution. Their routers are probabilistic — on retry, the LLM may branch differently. The "resume" is actually a new run that happens to start with the same input.

Lár's routers are pure Python functions. Same state in, same decision out — deterministically. When Lár resumes at Step 47, it takes exactly the path Step 47 would have taken. The causal trace is not just an audit log — every entry is a resumption checkpoint.

Resumable Graphs Docs → See the Example →

10,000 runs/day · 40% transient failure rate

RunTokens SentCost (GPT-4o)

Lár — Resume

302

Step 3 only

$0.0006

Competitor — Retry

~776

Steps 0+1+3

$0.0016

$9.48

saved per day

at 10k runs/day with 40% transient failure rate

The same property powers HumanJuryNode: the graph halts before an irreversible action, the process can be killed, and when the human responds — hours later — execution resumes from exactly that node with exactly that state. This is what EU AI Act Art. 14 requires in practice.

Built with Lár

Showcase Projects

Flagship

Lár DMN

A Bicameral Cognitive Architecture. A conscious mind (fast) and a subconscious mind (slow) that sleeps, dreams, and consolidates memories — solving catastrophic forgetting.

Process: lar-dreamer

State: DREAMING...

> Stored in Hippocampus.

View Architecture

Multi-Model

Lár-JEPA

Routes LLMs, JEPA world models, diffusion models, SSMs, and GNNs as first-class nodes in the same deterministic graph. When a JEPA outputs a 768-dim latent tensor, other frameworks crash. Lár routes it.

CRASH at X=10. Vetoing.

→ REPLAN_NODE

Simulation safe. Approved.

→ Agent avoided the crash.

Explore Docs →

The Agentic Workflow

Don't want to read docs?

Lár is Pure Python. No custom DSL. No "Magic Chain" syntax.
This means Cursor, Windsurf, and Copilot are already Lár experts.

Step 1

Clone the Repo

git clone snath-ai/lar

Step 2

Open in Cursor

Or Windsurf / VS Code

Step 3

Just Ask

"Build a compliant Finance agent"

Power Your IDE

Make Cursor or Windsurf an expert Lár Architect.

Step 1: The Brain

Reference the Master Rules file to load the constraints.

IDE_MASTER_PROMPT.md

Step 2: The Hands

Generate any integration (Stripe, Linear, etc) in 30s.

IDE_INTEGRATION_PROMPT.md

Step 3: The Ask

Use the template to scaffold a new agent.

IDE_PROMPT_TEMPLATE.md

(Requires cloning the repo.) | Read the Guide

Ready for Production?

Lár is just a Python library. Deploy it like any other backend service. No proprietary "serving layers." No vendor lock-in.

# examples/basic/4_fastapi_server.py

from fastapi import FastAPI
from lar import GraphExecutor

@app.post("/run")
def run_agent(task):
return executor.run(task)

FastAPI · Queue · Cron · Webhook

Deploy to AWS, Railway, or Heroku. Run as a queue consumer, scheduled job, or persistent service.

Continuously Running Agents → Deployment Guide

Ready to Build?

30+ examples from "Hello World" to full EU AI Act compliance pipelines.

Browse the Full Library → Build a Compliant Agent →