Quick Start

Prerequisites

• Bun ≥ 1.1 or Node.js ≥ 18

Install

# with Bun
bun install -g rulestatus

# with npm / npx (no install needed)
npx rulestatus init

Setup

1. Create your config

   Run in your project root:

   rulestatus init

   The first prompt asks what’s driving the setup. Select the option that matches your situation — if an enterprise customer asked for EU AI Act compliance, pick that and the rest of the prompts will pre-fill the right defaults.

   This creates .rulestatus.yaml.

2. Generate compliance templates

   rulestatus generate --all

   Creates all required documentation stubs in docs/ and config/. Each file has inline comments explaining what every field means and what auditors look for.

3. Fill in the TODOs

   Open the generated files and replace every # TODO with your actual system details. The more complete the information, the higher the evidence strength score.

4. Run checks

   rulestatus run

   Output:

   Rulestatus v1.0 — EU AI Act (2024/1689)
   System: My AI System v1.0
   Actor: provider | Risk level: high-risk
   ──────────────────────────────────────────────────
   
   Art. 9 - Risk Management
     PASS   ASSERT-EU-AI-ACT-009-001-01   Risk management system documentation exists
     FAIL   ASSERT-EU-AI-ACT-009-002-B-01  Risk register includes emerging risks
       -> No risk entries with source: emerging or category: misuse found.
   
   ──────────────────────────────────────────────────
   Results: 38 passed | 5 gaps | 0 warnings | 2 attested | 1 manual

5. Fix each gap

   rulestatus explain ASSERT-EU-AI-ACT-009-002-B-01

   Shows the legal basis, what was scanned, what was found, and exactly what to add. For EU AI Act rules it also shows why that specific gap blocks enterprise deals — useful context when you’re fixing gaps ahead of a security review.

Next steps

• Configuration reference — all .rulestatus.yaml fields
• GitHub Actions — block PRs on evidence gaps
• EU AI Act checks — all 43 assertions explained