<code/constitution>
<code/constitution>/ hf

Every HuggingFace model — verified.

Map any HF model card to the compliance frameworks your audit scope requires. EU AI Act Art. 13 readiness, ISO 42001 documentation evidence, NIST AI RMF measurement coverage, GDPR Art. 30 training-data provenance — deterministic, signed, evidence-pack-ready.

Verify a modelRoadmap: Kaggle, ModelScope, Replicate, …

Powered by the same Code Constitution engine that runs on your code — extended to the artefacts your code depends on.

Findings trend across model evaluations

Sample distribution showing fail / warn / ok per evaluation window as a tenant tightens its HF model-card disclosures. Real per-tenant numbers in the customer dashboard.

HF model-card · 12 evaluation windows

failwarnok
Q1
Q2
Q3
Q4
Q5
Q6
Q7
Q8
Q9
Q10
Q11
Q12

Framework coverage on day one

Each crosswalk edge cites a published primary source. No fabrication — every reference traces to an Article, Annex, Common Criterion, or Subcategory in the source authority text.

EU_AI_ACT
EU AI Act
Art. 10 / 13 / 15 / 25 / 51 / 53 / 55
ISO_42001
ISO/IEC 42001:2023
5.2 / 6.3 / 8.1-8.4
NIST_AI_RMF
NIST AI RMF
MAP-3.1 / MEASURE-2.3 / 2.6 / 2.7 / MANAGE-1.3
GDPR
GDPR
Art. 13 / 30
HIPAA
HIPAA Security Rule
§164.514 (de-identification)
DORA
DORA
Art. 28 (ICT third-party risk)
NIS2
NIS2 Directive
Art. 21 (essential-entity risk mgmt)
ISO_27001
ISO/IEC 27001:2022
A.5.36

AAOIFI / IFSB (Shariah-permissibility overlay for Islamic-finance consumers) lands in the next release.

How it works

1
Paste a HuggingFace model URL
e.g. https://huggingface.co/meta-llama/Meta-Llama-3-8B-Instruct. We fetch the model card from HF Hub — no install, no SDK, no plugin.
2
Pick your frameworks
Enable the manifests matching your audit scope. Default bundle: EU AI Act + ISO 42001 + NIST AI RMF. SaaS bundle adds SOC 2 + ISO 27001 + GDPR.
3
Deterministic evaluation
The engine parses the model card (YAML frontmatter + markdown sections), maps each present/missing field via crosswalk edges to control refs, emits findings per (framework × control). No LLM in the critical path.
4
Evidence pack + auto-fix PR
Per-run signed JSON evidence pack — auditors consume directly. When the model author connects their HF repo, we open an auto-fix PR with the missing sections drafted (BYO LLM key, opt-in).

One engine, every registry

The /hf section is the first of many. Same engine, same crosswalk pattern — adding a registry means adding a parser, not a new product. Sibling sections planned for /kaggle, /modelscope, /replicate, /civitai, /mlflow, /gh-releases.

/hflive
HuggingFace
1M+ models, 200k+ datasets, 100k+ spaces
/kaggleplanned
Kaggle
Datasets + notebooks + competitions
/modelscopeplanned
ModelScope
Alibaba registry (China)
/replicateplanned
Replicate
Hosted inference + models
/civitaiplanned
Civitai
Image-gen models
/mlflowplanned
MLflow Registry
Self-hosted enterprise registries
/gh-releasesplanned
GitHub Releases
Tagged-release artefacts

Try it on a model you know

Paste any HuggingFace URL.