Registries roadmap

One engine. Every registry. Adding a new registry means adding a parser, not launching a new product. Same compliance frameworks apply uniformly — only the adapter layer is registry-specific.

/hflive

HuggingFace

1M+ models, 200k+ datasets, 100k+ spaces

API: https://huggingface.co/api

When: ✓ live in this release

Largest open AI artefact registry. Standard model-card spec. Highest immediate demand from EU AI Act + ISO 42001 customers.

/kaggleplanned

Kaggle

300k+ datasets, 50k+ notebooks, competitions

API: https://www.kaggle.com/api/v1/

When: next customer ask

Largest dataset registry. Strong demand from healthcare + insurance customers. License-inheritance checks especially relevant for competition datasets.

/modelscopeplanned

ModelScope (Alibaba)

China-region model registry

API: https://modelscope.cn/api/v1/

When: China-region customer onboarding

Required for any tenant operating in China or with PIPL exposure. Adapter pattern identical to HF; data-residency considerations addressed at engine layer.

/replicateplanned

Replicate

Hosted inference + community models

API: https://api.replicate.com/v1/

When: Q+1 from launch

Different artefact shape — inference-first rather than weights-first. Compliance angles: usage-volume disclosure, inference-time governance, output retention.

/civitaiplanned

Civitai

Image-gen models (Stable Diffusion family)

API: https://civitai.com/api/v1/

When: creator-economy customer onboarding

Highest IP-risk registry — model + LoRA outputs frequently derive from copyrighted source material. License-inheritance + dataset-provenance checks are the differentiator.

/mlflowplanned

MLflow Registry (self-hosted)

Customer's own model registry

API: MLflow Tracking Server REST API

When: Enterprise tier upgrade

Enterprise tier — banks + insurers run their own MLflow registries inside their VPC. Adapter pulls from customer-controlled endpoint with their own auth.

/gh-releasesplanned

GitHub Releases

Tagged-release model files in GH repos

API: https://api.github.com/repos/{owner}/{repo}/releases

When: low-cost extension

Many academic + bespoke models ship via GH Releases rather than HF. The existing Code Constitution GH App already has read access; adapter is a thin layer.

Why one composition

Each registry's adapter implements the same LogSourceAdapter + ArtefactInspector interfaces. The compliance-evaluation engine consumes the normalised LogEntry and ArtefactMetadata shapes — never registry-specific structures. This means the same EU AI Act check that runs against a HuggingFace model also runs against a ModelScope model, a Replicate model, a Civitai LoRA, or a private MLflow artefact — with zero engine changes.

See compliancetoarchitecture.com for the open methodology spec.