Governance System

The AICR governance system provides enterprise-grade control over AI-assisted development through policy enforcement, approval workflows, and comprehensive audit trails.

Core Components

1. AI Interceptor

7-step gating mechanism for all AI model invocations:

Context Extraction - Extract tenant, user, action context
Policy Lookup - Find applicable policies
Policy Evaluation - Evaluate against rules
Risk Classification - Assess risk level
Approval Check - Determine if approval needed
Execution - Proceed or create proposal
Evidence Recording - Log to Spine

2. Proposal System

16-state machine for formal governance:

Phase	States
Creation	`intent_detected` → `proposal_created`
Evaluation	`policy_evaluated` → `auto_approved` / `require_approval` / `deny`
Decision	`awaiting_decision` → `approved` / `modified` / `denied`
Execution	`executing` → `completed` / `failed` / `rolled_back`
Terminal	`rejected` / `recorded` → `post_check`

3. Policy Engine

Deterministic policy evaluation:

interface Policy {
  id: string;
  name: string;
  rules: PolicyRule[];
  actions: string[];
  resources: string[];
  effect: 'allow' | 'deny' | 'require_approval';
}

4. Spine (Audit Trail)

Immutable event log for all governance actions:

Event sourcing pattern
Cryptographic verification
Compliance reporting
Evidence recording

API Endpoints

GET  /api/admin/v4/proposals - List proposals
POST /api/admin/v4/proposals - Create proposal
GET  /api/admin/v4/proposals/[id] - Get proposal
PATCH /api/admin/v4/proposals/[id] - Update proposal
GET  /api/admin/v4/proposals/pending - Pending approvals
POST /api/admin/v4/proposals/batch-decide - Batch decisions

Integration Points

OpsChief - Health monitoring and alerts
Pack System - Pack enablement governance
AI Router - Model invocation governance
Tenant Context - Multi-tenant isolation

Tech Stack Proposal System