Common Issues¶
Real issues encountered during setup and CI integration, with exact remediation steps.
POSTGRES_PASSWORD not set — stack refuses to start¶
Symptom:
or the PostgreSQL container exits immediately with:
Cause: POSTGRES_PASSWORD has no default and Docker Compose will not start the PostgreSQL container without it.
Fix:
Port 8080 is already in use¶
Symptom:
Fix: Change GATEWAY_PORT in infra/compose/.env:
Then restart the stack and update OPENCOMPLAI_API_URL accordingly:
OPENCOMPLAI_API_URL not set — running in local mode unexpectedly¶
Symptom: opencomplai check passes even though you expect it to route through the Docker Compose services.
Cause: When OPENCOMPLAI_API_URL is unset, the CLI silently falls back to local engine mode (no services required). This is correct behaviour for quickstart use, but not for service-backed CI.
Fix:
Confirm service-backed mode is active by looking for gateway service calls in the output, or by checking compliance-artifact.json for non-empty evidence_hashes.
opencomplai init — "signing keypair already exists"¶
Symptom:
Cause: opencomplai init is idempotent — it skips key generation if ~/.opencomplai/signing.key already exists. This is not an error.
If you want a fresh keypair (e.g. rotating keys):
Manifest validation error (exit code 2)¶
Symptom:
Cause: The system-manifest.json is missing a required field (system_id, intended_purpose, etc.), or the JSON is malformed.
Fix:
opencomplai check exits with code 1 (CONTROL_FAIL)¶
Cause: One or more critical compliance controls failed. This is the expected blocking behaviour in CI — the pipeline should fail when controls fail.
Fix:
- Check
compliance-artifact.jsonfor thefailed_controlslist. - Review the relevant rule in
packages/core/src/opencomplai_core/rules.py. - Either remediate the system to pass the control, or update
system-manifest.jsonto provide the correctanswersfor that rule.
opencomplai check exits with code 4 (TRAP_DETECTED)¶
Cause: The SubstantialModificationRule (EU_AIA_ART25_MODIFICATION_TRAP) triggered — the model or system was found to have substantially changed in a way that triggers Art. 25 re-assessment obligations.
Fix: Review the system change against EU AI Act Article 25 obligations. If the modification is intentional and documented, set:
only after completing the appropriate conformity assessment.
opencomplai check exits with code 3 (POLICY_BLOCK)¶
Cause: The system was classified as unacceptable risk under EU AI Act Title II (Art. 5). Prohibited AI practices produce this result regardless of other controls.
Fix: Review your intended_purpose — if it describes a prohibited practice (social scoring, real-time biometric identification in public spaces, etc.), the block is correct by design.
Signing fails — cryptography not installed¶
Symptom:
Fix:
Exit code reference¶
| Code | ScanResult | Meaning |
|---|---|---|
| 0 | pass | All controls passed. |
| 1 | control_fail | One or more critical controls failed. |
| 2 | validation_fail | Manifest or input validation error. |
| 3 | policy_block | Egress or policy enforcement blocked the operation. |
| 4 | trap_detected | Substantial modification or profiling trap triggered. |
See Exit codes for the full table.