zenml-io · marwan37 · May 23, 2025 · May 9, 2025 · May 11, 2025 · May 11, 2025
diff --git a/credit-scorer/README.md b/credit-scorer/README.md
@@ -1,6 +1,6 @@
 # Credit Scoring EU AI Act Demo
 
-Automatically generate complete EU AI Act compliance documentation with minimal manual effort for credit scoring models.
+An end‑to‑end credit‑scoring workflow that automatically generates the technical evidence required by the [EU AI Act](https://www.zenml.io/blog/understanding-the-ai-act-february-2025-updates-and-implications).
 
 <div align="center"> <img src="assets/compliance-dashboard.png" alt="Compliance Dashboard" width="800" /> </div>
 
@@ -15,7 +15,7 @@ Financial institutions must comply with the EU AI Act for any high‑risk AI sys
 
 ## 🔍 Data Overview
 
-This project uses a credit scoring dataset based on the Home Credit Default Risk data. The raw dataset contains potentially sensitive attributes such as `CODE_GENDER`, `DAYS_BIRTH`, `NAME_EDUCATION_TYPE`, `NAME_FAMILY_STATUS`, and `NAME_HOUSING_TYPE`, which can be filtered using the pipeline's `sensitive_attributes` parameter to comply with fairness requirements.
+This project leverages the [Home Credit Default Risk dataset provided by the Home Credit Group](https://www.kaggle.com/c/home-credit-default-risk/overview). The raw dataset contains potentially sensitive attributes such as `CODE_GENDER`, `DAYS_BIRTH`, `NAME_EDUCATION_TYPE`, `NAME_FAMILY_STATUS`, and `NAME_HOUSING_TYPE`, which can be filtered using the pipeline's `sensitive_attributes` parameter to comply with fairness requirements.
 
 Key fields used for modeling:
 
@@ -46,7 +46,7 @@ The system implements three main pipelines that map directly to EU AI Act requir
 | **[Training](src/pipelines/training.py)**                       | **Train** → LightGBM w/ class‑imbalance handling 🎯<br>**Evaluate** → Accuracy, AUC, fairness analysis ⚖️<br>**Assess** → Risk scoring & model registry 📋 | Arts 9, 11, 15  |
 | **[Deployment](src/pipelines/deployment.py)**                   | **Approve** → Human oversight gate 🙋‍♂️<br>**Deploy** → Modal API deployment 🚀<br>**Monitor** → SBOM + post‑market tracking 📈                              | Arts 14, 17, 18 |
 
-Each pipeline run automatically versions all inputs/outputs, generates profiling reports, creates risk assessments, produces SBOM, and compiles complete Annex IV technical documentation.
+Each pipeline run automatically versions all inputs/outputs, generates profiling reports, creates risk assessments, produces a [Software Bill of Materials (SBOM)](https://www.cisa.gov/sbom), and compiles complete Annex IV technical documentation.
 
 ## 🛠️ Project Structure
 
@@ -95,14 +95,26 @@ pip install -r requirements.txt
 zenml init
 ```
 
-3. Install [WhyLogs integration](https://docs.zenml.io/stacks/stack-components/data-validators/whylogs):
+3. Install [WhyLogs integration](https://docs.zenml.io/stacks/stack-components/data-validators/whylogs) for data profiling:
 
 ```bash
-zenml integration install whylogs -y
+zenml integration install whylogs
 zenml data-validator register whylogs_data_validator --flavor=whylogs
 zenml stack update <STACK_NAME> -dv whylogs_data_validator
 ```
 
+4. Install [Slack integration](https://docs.zenml.io/stacks/stack-components/alerters/slack) for deployment approval gate and incident reporting:
+
+```bash
+zenml integration install slack
+zenml secret create slack_token --oauth_token=<SLACK_TOKEN>
+zenml alerter register slack_alerter \
+    --flavor=slack \
+    --slack_token={{slack_token.oauth_token}} \
+    --slack_channel_id=<SLACK_CHANNEL_ID>
+zenml stack update <STACK_NAME> -al slack_alerter
+```
+
 ## 📊 Running Pipelines
 
 ### Basic Commands
@@ -134,7 +146,7 @@ To run the dashboard:
 python run_dashboard.py
 ```
 
-> **Note:** All compliance artifacts are also directly accessible through the ZenML dashboard. The Streamlit dashboard is provided as a convenient additional interface for browsing compliance information interactively.
+> **Note:** All compliance artifacts are also directly accessible through the ZenML dashboard. The Streamlit dashboard is provided as a convenient additional interface for browsing compliance information locally and offline.
 
 ### 🔧 Configuration
 

diff --git a/credit-scorer/docs/releases/3e3ab14b-23d0-406b-b949-02742964d012/README.md b/credit-scorer/docs/releases/3e3ab14b-23d0-406b-b949-02742964d012/README.md
@@ -45,4 +45,4 @@ This documentation supports compliance with the EU AI Act, particularly:
 - **Article 15**: Accuracy, Robustness and Cybersecurity
 - **Article 16**: Post-market monitoring
 
-For a complete mapping of pipeline steps to EU AI Act articles, refer to the [pipeline_to_articles.md](../../pipeline_to_articles.md) file.
+For a complete mapping of pipeline steps to EU AI Act articles, refer to the [pipeline_to_articles.md](../../guides/pipeline_to_articles.md) file.
diff --git a/credit-scorer/modal_app/modal_deployment.py b/credit-scorer/modal_app/modal_deployment.py
@@ -68,10 +68,6 @@ def create_modal_app(python_version: str = "3.12.9"):
             "src/constants/annotations.py",
             remote_path="/root/src/constants/annotations.py",
         )
-        .add_local_file(
-            "src/utils/incidents.py",
-            remote_path="/root/src/utils/incidents.py",
-        )
         .add_local_file(
             "src/utils/storage.py",
             remote_path="/root/src/utils/storage.py",
@@ -133,13 +129,98 @@ def _load_pipeline() -> Any:
 
 def _report_incident(incident_data: dict, model_checksum: str) -> dict:
     """Report incidents to compliance team and log them (Article 18)."""
-    from src.utils.incidents import create_incident_report
+    import json
+    from datetime import datetime
+    from pathlib import Path
+
+    import requests
+    from src.constants.config import SlackConfig as SC
+
+    # Format incident report
+    incident = {
+        "incident_id": f"incident_{datetime.now().isoformat().replace(':', '-')}",
+        "timestamp": datetime.now().isoformat(),
+        "model_name": "credit_scoring_model",
+        "model_version": model_checksum,
+        "severity": incident_data.get("severity", "medium"),
+        "description": incident_data.get(
+            "description", "Unspecified incident"
+        ),
+        "source": "modal_api",
+        "data": incident_data,
+    }
+
+    try:
+        # 1. Append to local log (if accessible)
+        incident_log_path = "docs/risk/incident_log.json"
+        try:
+            existing = []
+            if Path(incident_log_path).exists():
+                try:
+                    with open(incident_log_path, "r") as f:
+                        existing = json.load(f)
+                except json.JSONDecodeError:
+                    existing = []
+
+            existing.append(incident)
+            with open(incident_log_path, "w") as f:
+                json.dump(existing, f, indent=2)
+        except Exception as e:
+            logger.warning(f"Could not write to local incident log: {e}")
+
+        # 2. Direct Slack notification for high/critical severity (not using ZenML)
+        if incident["severity"] in ("high", "critical"):
+            try:
+                slack_token = os.getenv("SLACK_BOT_TOKEN")
+                slack_channel = os.getenv("SLACK_CHANNEL_ID", SC.CHANNEL_ID)
+
+                if slack_token and slack_channel:
+                    emoji = {"high": "🔴", "critical": "🚨"}[
+                        incident["severity"]
+                    ]
+                    message = (
+                        f"{emoji} *Incident from Modal API:* {incident['description']}\n"
+                        f">*Severity:* {incident['severity']}\n"
+                        f">*Source:* {incident['source']}\n"
+                        f">*Model Version:* {incident['model_version']}\n"
+                        f">*Time:* {incident['timestamp']}\n"
+                        f">*ID:* {incident['incident_id']}"
+                    )
+
+                    # Direct Slack API call
+                    response = requests.post(
+                        "https://slack.com/api/chat.postMessage",
+                        headers={"Authorization": f"Bearer {slack_token}"},
+                        json={
+                            "channel": slack_channel,
+                            "text": message,
+                            "username": "Modal Incident Bot",
+                        },
+                    )
+
+                    if response.status_code == 200:
+                        incident["slack_notified"] = True
+                        logger.info("Slack notification sent successfully")
+                    else:
+                        logger.warning(
+                            f"Slack notification failed: {response.text}"
+                        )
+                else:
+                    logger.info(
+                        "Slack credentials not available, skipping notification"
+                    )
+            except Exception as e:
+                logger.warning(f"Failed to send Slack notification: {e}")
 
-    # Add deployment context
-    incident_data["source"] = "modal_api"
+        return {
+            "status": "reported",
+            "incident_id": incident["incident_id"],
+            "slack_notified": incident.get("slack_notified", False),
+        }
 
-    # Create the incident report
-    return create_incident_report(incident_data, model_checksum[:8])
+    except Exception as e:
+        logger.error(f"Error reporting incident: {e}")
+        return {"status": "error", "message": str(e)}
 
 
 def _monitor_data_drift() -> dict:

diff --git a/credit-scorer/run.py b/credit-scorer/run.py
@@ -83,7 +83,7 @@
 @click.option(
     "--auto-approve",
     is_flag=True,
-    default=True,
+    default=False,
     help="Auto-approve deployment (for CI/CD pipelines).",
 )
 @click.option(

diff --git a/credit-scorer/src/configs/deployment.yaml b/credit-scorer/src/configs/deployment.yaml
@@ -40,6 +40,6 @@ steps:
   approve_deployment:
     parameters:
       approval_thresholds:
-        accuracy: 0.80
+        accuracy: 0.70
         bias_disparity: 0.20
         risk_score: 0.40
diff --git a/credit-scorer/src/constants.py b/credit-scorer/src/constants.py
diff --git a/credit-scorer/src/constants/config.py b/credit-scorer/src/constants/config.py
@@ -66,11 +66,11 @@ def get_volume_metadata(cls) -> Dict[str, str]:
         }
 
 
-class Incident:
-    """Incident reporting configuration."""
+class SlackConfig:
+    """Slack configuration parameters."""
 
-    SLACK_CHANNEL = "#credit-scoring-alerts"
-    SLACK_BOT_TOKEN = os.getenv("SLACK_BOT_TOKEN")
+    CHANNEL_ID = os.getenv("SLACK_CHANNEL_ID")
+    BOT_TOKEN = os.getenv("SLACK_BOT_TOKEN")
 
 
 # Initialize required directories at module import