CredRisk.AI Underwriter Workbench is a local Streamlit demo for SME lending. It combines an applicant-owned Loan Intake Portal, a lender Personal Workspace, Random Forest application-risk scoring, document validation, optional AI review, analyst publication, and an applicant-facing returned rating.
This is a decision-support demo for academic and product exploration. It is not a production underwriting, legal, compliance, or fraud-decision system.
Python 3.10+ is recommended.
Windows:
Run_App.bat
Manual terminal run:
pip install -r requirements.txt
streamlit run Home.pyThe app normally opens at http://localhost:8501.
- Log in as
SME companywith usernameDemoUser. - Use
SME SSO, enter any password, then enter any six-digit verification code. - Open
Loan Intake Portal. - Load a sample intake or choose
Blank manual intake. - Complete the company data, including the required five-row five-year plan.
- Save or upload evidence documents, then submit the application to lender review.
- Sign out and log in as
Lender analystwithYourBank SSO. - Open the submitted case from
HomeorPersonal Workspace. - Review the locked intake, validate documents, generate the AI output, complete Case Review, and publish the lender rating/report.
- Sign out and log back in as
SME companyto view the published outcome.
Use Clear Session at the bottom-left sidebar. Confirm the warning checkbox and click Clear.
This removes local demo-session state, saved SME documents, sample evidence files, lender reviews, AI outputs, validation results, support tickets, and login state. It also creates a new local demo_session link and sends you back to the login screen.
To stop the running app, return to the terminal where Streamlit is running and press:
Control-C
Close the browser tab after the terminal process has stopped.
The login screen has two demo roles:
SME company: applicant-side data entry, evidence upload, submission, and published-rating view.Lender analyst: bank-side case review, scoring, document validation, AI output, decision recording, and publication.
Use username DemoUser. The SSO buttons are role-specific:
- SME login:
SME SSO - Bank login:
YourBank SSO
The password and six-digit verification code are demo controls; any values are accepted.
The SME owns the intake. The lender does not edit applicant data.
In Loan Intake Portal, the SME can:
- load prepared evidence cases: clean, neutral, risky, fraudulent, ambiguous, or blank manual intake;
- enter company profile, loan request, financial snapshot, working-capital amounts, business context, and executive context;
- complete a required five-year plan with one row per year for revenue, employees, free cash flow, and remaining debt;
- simulate PSD2/Open Banking, accounting, registry/KYB, and document connections;
- save generated fictional CSV evidence examples into the local document vault;
- upload local evidence files;
- review credit-health readiness before lender submission;
- submit a locked snapshot to lender review.
The five-year plan is stored as annual submitted rows. The app derives the older model-facing year-5 and CAGR fields from that submitted table so the Random Forest model remains compatible.
The sample cases live on the SME side because the SME creates the intake:
Clean evidence: complete package, stable growth, improving cash flow, and gradually declining debt.Neutral evidence: modest dip and recovery, then controlled growth.Risky evidence: lumpy growth, weak or negative early cash flow, and slow debt reduction.Fraudulent evidence: aggressive jumps, unsupported cash-flow improvement, debt-story contradictions, and red-flag wording in generated documents.Ambiguous evidence: volatile plan and mixed evidence without being clearly fraudulent.Blank manual intake: empty manual entry path requiring the user to fill the application and five-year plan.
Generated documents are fictional CSV files for financial statements, bank statements, tax returns, ownership/KYB, and forecast support. Forecast-support examples contain annual five-year plan rows.
After submission, the lender opens the SME-submitted file from Home or Personal Workspace.
The lender view treats the intake as read-only. The analyst can:
- inspect the locked company profile, loan request, financial snapshot, five-year plan, applicant narrative, executive context, and evidence checklist;
- score the submitted case with the Random Forest baseline;
- review application risk score, A-F grade, model recommendation, repayment metrics, DSCR, stressed DSCR, risk drivers, and interpretation columns;
- validate saved SME documents using deterministic local checks and optional explicit AI assistance;
- generate the required AI output in
LLM Integration; - complete Case Review only after AI output exists;
- choose lender action, analyst rating, internal note, and adjustment rationale;
- publish a lender-reviewed rating, message, and applicant-safe SME evaluation report.
The model score, AI output, analyst review, and published SME report are kept separate for auditability.
The app works without external AI. Deterministic output is available by default.
Optional providers:
OpenAI API: requiresOPENAI_API_KEYin Streamlit secrets or the environment.Local server: works with OpenAI-compatible local endpoints such as LM Studio or Ollama/v1.
Local settings can save only:
- endpoint/IP;
- model name.
API tokens are not saved to disk. They remain session-only unless supplied through environment variables.
Default local profile locations:
- Windows:
%LOCALAPPDATA%\CredRiskAI\llm_models\local_server.json - macOS:
~/Library/Application Support/CredRiskAI/llm_models/local_server.json - Linux:
${XDG_CONFIG_HOME:-~/.config}/CredRiskAI/llm_models/local_server.json
Override with:
CREDRISK_LLM_MODELS_DIR=/path/to/local/profile/folderAfter the lender publishes, log back in as SME company.
The SME can see:
- published lender rating;
- lender decision label;
- lender message;
- downloadable SME evaluation report if attached;
- applicant-safe credit-health and what-if planning views.
Internal lender details such as provisional scores, AI scores, validation metrics, and private notes remain lender-side.
Home.py: employee homepage with SME Portal Intake, suggested actions, Slack/workspace updates, and calendar context.pages/1_Personal_Workspace.py: lender single-case review, scoring, document validation, AI-output gate, analyst review, and publication.pages/2_Operations_Desk.py: synthetic queue workboard for non-SME demo queue cases, evidence gaps, SLA status, and bulk actions.pages/3_Risk_Dashboard.py: portfolio monitoring, grade distribution, review history, and live session decisions.pages/4_Model_Insights.py: Random Forest performance, feature importance, grade thresholds, and derived-signal explanations.pages/5_LLM_Integration.py: deterministic, hosted, or local AI evaluation package generation.pages/6_SME_Credit_Health.py: SME-only Loan Intake Portal, data connections, document uploads, submission, and published results.pages/7_Profile_Settings.py: profile, connected-app simulation, permissions, and dark-mode preference.pages/8_About.py: lender-only scoring and policy reference.pages/9_Support.py: role-aware lender support and SME consultant-support simulation.pages/10_Tutorials.py: text-first role-aware tutorials.pages/11_Acronym_Guide.py: role-aware acronym and metric guide.
The app writes local demo state under .tmp/.
Important paths:
.tmp/demo_sessions/<demo_session>.json: refresh-safe session state..tmp/sme_documents/<demo_session>/<application>/: saved SME uploads and generated sample evidence.
Both paths are ignored by Git.
Clear Session deletes the active local demo-session file and document vault, creates a fresh demo_session token, logs the user out, and returns the browser to a new login-state demo.
To fully stop the instance, press Control-C in the Streamlit terminal.
| Grade | Application risk score | Model recommendation |
|---|---|---|
| A | Below 0.15 |
Approve |
| B | 0.15 to <0.28 |
Approve |
| C | 0.28 to <0.42 |
Manual Review |
| D | 0.42 to <0.58 |
Manual Review |
| E | 0.58 to <0.74 |
Reject |
| F | 0.74 and above |
Reject |
Useful local checks:
python3 -m compileall -q Home.py pages src tests
python3 -m unittest discover -s tests
git diff --checkRun the full app for visual workflow validation:
streamlit run Home.pyFor the research grounding behind risk ratios, fraud signals, cash-flow signals, and detection measures, see data/docs/fraud_research.md.
Copyright (c) 2026 Daniel Kroeders and Joost Gaasbeek.