squash-action — AI Compliance Gate for GitHub Actions

Squash violations, not velocity.

One step in your CI pipeline that attests your AI model for EU AI Act compliance, generates cryptographically signed artifacts (ML-BOM, SBOM, Annex IV), and fails the build on policy violations — before the model ever reaches production.

⏰ EU AI Act enforcement: August 2, 2026. Up to €35M / 7% global turnover.

---

Quick start

# .github/workflows/attest.yml
name: Compliance Gate

on: [push, pull_request]

jobs:
  attest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Attest AI model
        uses: konjoai/squash-action@v1
        with:
          model-path: ./my-model
          policy: eu-ai-act
          sign: true
          fail-on-violation: true

The step produces:

• attestation.json — cryptographically signed compliance record
• cyclonedx-mlbom.json — CycloneDX 1.7 ML Bill of Materials
• sbom.spdx.json — SPDX 2.3 Software Bill of Materials
• policy-report.json — per-framework policy results

All artifacts are uploaded and available in the Actions run summary.

---

Inputs

Input	Required	Default	Description
model-path	✅	—	Path to model directory, weight file, or hf://owner/repo
policy		eu-ai-act	Policy (or comma-separated list): eu-ai-act, nist-ai-rmf, iso-42001, owasp-llm-top10, fedramp, cmmc, enterprise-strict
sign		false	Sign with Sigstore keyless via Rekor transparency log
fail-on-violation		true	Exit non-zero on policy violation
annex-iv		false	Generate EU AI Act Annex IV documentation (12 sections)
scan-adapter		—	Path to LoRA/adapter file — scans for poisoning before attestation
require-safetensors		false	Fail if adapter is not in safetensors format
output-dir		<model-path>/squash/	Artifact output directory
api-key		—	Squash Cloud API key for dashboard upload (${{ secrets.SQUASH_API_KEY }})
squash-version		latest	Pin squash-ai version (e.g. 1.4.0)
python-version		3.11	Python runtime version

Outputs

Output	Description
passed	"true" if all policies passed
score	Compliance score (0–100)
artifacts-dir	Path to generated artifacts
bom-digest	SHA-256 of the CycloneDX ML-BOM
attestation-id	att://sha256:… URI (set when api-key is provided)

---

Examples

Multi-policy attestation

- uses: konjoai/squash-action@v1
  with:
    model-path: ./my-model
    policy: "eu-ai-act,nist-ai-rmf,iso-42001"
    sign: true
    annex-iv: true

LoRA adapter security scan + attestation

- uses: konjoai/squash-action@v1
  with:
    model-path: ./base-model
    scan-adapter: ./lora-adapter.safetensors
    require-safetensors: true
    policy: eu-ai-act

The adapter scan detects: kurtosis anomalies (spike-weight backdoors), dangerous pickle opcodes (GLOBAL/REDUCE/STACK_GLOBAL), shell-injection strings, safetensors OOB read vectors, and NaN/Inf weight injection.

Cloud dashboard upload

- uses: konjoai/squash-action@v1
  with:
    model-path: ./my-model
    policy: eu-ai-act
    api-key: ${{ secrets.SQUASH_API_KEY }}

Results appear in the Squash dashboard at squash.works and the compliance badge updates automatically.

Advisory mode (non-blocking)

- uses: konjoai/squash-action@v1
  with:
    model-path: ./my-model
    policy: eu-ai-act
    fail-on-violation: false  # Report but never block

Conditional deployment

- id: squash
  uses: konjoai/squash-action@v1
  with:
    model-path: ./my-model
    policy: eu-ai-act

- name: Deploy only on compliance pass
  if: steps.squash.outputs.passed == 'true'
  run: ./deploy.sh

Pin a specific version

- uses: konjoai/squash-action@v1
  with:
    model-path: ./my-model
    squash-version: "1.4.0"

---

How it works

┌─────────────────────────────────────────────────────────┐
│  Your GitHub Actions workflow                           │
│                                                         │
│  1. install squash-ai                                   │
│  2. (optional) scan LoRA adapter for poisoning         │
│  3. squash attest ./model --policy eu-ai-act --sign     │
│     ├── ModelScan (pickle, GGUF, ONNX, safetensors)    │
│     ├── CycloneDX 1.7 ML-BOM                           │
│     ├── SPDX 2.3 SBOM                                  │
│     ├── Policy check (eu-ai-act / nist-rmf / …)        │
│     ├── SLSA Level 2 provenance                        │
│     └── Sigstore keyless signing → Rekor log           │
│  4. (optional) Annex IV documentation                  │
│  5. Upload artifacts → Actions run summary             │
│  6. Exit 0 (pass) or 1 (violation)                    │
└─────────────────────────────────────────────────────────┘

Every attestation produces a att://sha256:… URI that procurement teams and regulators can query via squash lookup or the Procurement Scoring API.

---

Policy frameworks

Policy ID	Regulation	Scope
eu-ai-act	EU AI Act — Annex III/IV	High-risk AI systems in EU
nist-ai-rmf	NIST AI Risk Management Framework	US federal + enterprise
iso-42001	ISO/IEC 42001:2023	AI management system certification
owasp-llm-top10	OWASP LLM Top 10	LLM security
fedramp	FedRAMP AI components	US government contractors
cmmc	CMMC Level 2 AI	DoD supply chain
enterprise-strict	Squash Enterprise	All of the above

---

EU AI Act — what gets generated

When annex-iv: true is set, the action generates all 12 required Annex IV sections:

1. General description of the AI system
2. Detailed description of elements and development process
3. Monitoring, functioning, and control information
4. Description of system validation and testing procedures
5. Technical robustness and accuracy specifications
6. Training and testing data characteristics
7. Logging capabilities (Article 12)
8. Transparency documentation
9. Cybersecurity measures (Article 15)
10. Metrics for measurement of accuracy
11. Description of human oversight
12. Detailed description of system instructions

---

Pricing

Tier	Attestations/month	Dashboard	Annex IV	Drift alerts
Community (free)	10	—	—	—
Professional ($299/mo)	200	✓	✓	✓
Startup ($499/mo)	500	✓	✓	✓
Team ($899/mo)	1,000	✓	✓	✓
Enterprise	Unlimited	✓	✓	✓

The action is fully functional without an API key (Community tier, 10 attestations/month, self-hosted results only).

---

Requirements

• GitHub Actions runner: ubuntu-latest, ubuntu-22.04, or ubuntu-24.04
• Python 3.10, 3.11, or 3.12 (set via python-version input)
• Network access to PyPI (to install squash-ai)

---

Security

Vulnerabilities should be reported to security@squash.works (do not open public issues). We follow coordinated disclosure with a 90-day embargo.

The action:

• Never uploads model weights — only derived metadata (hashes, scores, policy results)
• Signs outputs with Sigstore keyless signing (opt-in via sign: true)
• Stores no credentials beyond the runner lifetime

---

License

Apache 2.0 — see LICENSE.

The squash-ai package installed by this action is also Apache 2.0 (Community tier). Enterprise features require a commercial license.

---

Links

• 📦 PyPI: squash-ai
• 📖 Documentation
• 🌐 squash.works
• 🐛 Issues
• 💬 Discord