Governance

March 6, 2026 · View on GitHub

🏥 Quick Return to Emergency Room

You are in a specialist desk.
For full triage and doctors on duty, return here:

Think of this page as a sub-room.
If you want full consultation and prescriptions, go back to the Emergency Room lobby.

A hub for governance controls around AI pipelines.
Use this folder when failures are not infra or retrieval bugs, but breakdowns in policy, approvals, lineage, or compliance.
Every page links to a structural WFGY fix and carries measurable acceptance targets so you can verify governance gates quickly.

When to use this folder

  • Policies exist but are unclear, obsolete, or unenforced
  • Prompts or models change without sign-off and audit trail
  • Data provenance is lost between documents, chunks, embeddings, and answers
  • PII handling, minimization, or redaction cannot be proven
  • License or usage rights are ambiguous for datasets or generated outputs
  • Incident response or postmortems are missing or not actionable

Acceptance targets

  • Policy coverage ≥ 0.95 across datasets, prompts, models, eval
  • ΔS(question, retrieved) ≤ 0.45 for governed outputs
  • Coverage of the target section ≥ 0.70 with cite-then-explain
  • λ remains convergent across 3 paraphrases and 2 seeds
  • Every waiver has owner, expiry, and review link
  • Immutable audit logs are joinable to lineage and approvals

Quick index — per governance page

AreaPage
Policy baselinepolicy_baseline.md
Roles and access (RBAC and ABAC)roles_and_access_rbac_abac.md
Data lineage and provenancedata_lineage_and_provenance.md
PII handling and minimizationpii_handling_and_minimization.md
License and dataset rightslicense_and_dataset_rights.md
Prompt policy and change controlprompt_policy_and_change_control.md
Model governance, model cards, releasesmodel_governance_model_cards_and_releases.md
Eval governance, gates and sign-offeval_governance_gates_and_signoff.md
Audit and loggingaudit_and_logging.md
Audit logs and traceabilityaudit_logs_and_traceability.md
Escalation and governanceescalation_and_governance.md
Ethics and bias mitigationethics_and_bias_mitigation.md
Regulatory alignmentregulatory_alignment.md
Transparency and explainabilitytransparency_and_explainability.md
Incident response and postmortemsincident_response_and_postmortems.md
Risk register and waiversrisk_register_and_waivers.md

Map symptoms to structural fixes

SymptomLikely causeOpen this
Prompts or models change silentlyNo change control, missing approvalsprompt_policy_and_change_control.md · eval_governance_gates_and_signoff.md
PII appears in answers or logsWeak minimization, missing redaction gatespii_handling_and_minimization.md · audit_and_logging.md
Cannot show why a citation was selectedMissing trace schema or lineage joinsaudit_logs_and_traceability.md · data_lineage_and_provenance.md
Disputes about dataset or output rightsMissing license registry or usage constraintslicense_and_dataset_rights.md
Bias complaints or ethical riskNo bias probes, weak mitigation playbooksethics_and_bias_mitigation.md
Regulatory questions block a releaseNo mapping from policy to artifactsregulatory_alignment.md · policy_baseline.md
Incidents repeat with no learningPostmortems not tied to gatesincident_response_and_postmortems.md · eval_governance_gates_and_signoff.md
Access is too broad or untrackedRBAC or ABAC not enforced or loggedroles_and_access_rbac_abac.md
Waivers never expireRisk register lacks owner or timerrisk_register_and_waivers.md
Users say answers are opaqueNo public card, weak rationale trailmodel_governance_model_cards_and_releases.md · transparency_and_explainability.md

Governance in 60 seconds

  1. Gate before ship
    Require cite-then-explain, ΔS ≤ 0.45, coverage ≥ 0.70 on 3 paraphrases and 2 seeds.
  2. Lock the policy surface
    For each change, capture who, what, why, and link to risk entry. Block if approvals missing.
  3. Prove lineage
    Emit a joinable record for question, snippets, ΔS, λ state, policy checks, model rev.
  4. Escalate with a plan
    If any gate fails, open the page from the table above and attach a time-boxed fix.

Copy-paste governance gate

governance_gate:
  approvals: required
  citations: cite_then_explain
  eval_window:
    seeds: 2
    paraphrases: 3
  targets:
    deltaS: <=0.45
    coverage: >=0.70
    lambda: convergent
  artifacts:
    lineage_log: required
    change_request: required
    model_card: required
  waivers:
    owner: required
    expiry_days: 30
    reason: required
block_on_failure: true

FAQ

Q1. We already have security reviews. Why add governance here as well Security reviews focus on systems and data access. Governance closes the policy loop for prompts, models, eval, and end user impact. It gives repeatable gates for ΔS, coverage, and approvals so releases are auditable.

Q2. What is the fastest path to “good enough” governance for a small team Start with three items. Change control for prompts and models. Eval gate with cite-then-explain and ΔS and coverage targets. A minimal lineage log that joins questions, snippets, and approvals.

Q3. How do I prove PII minimization without slowing teams down Tag sensitivity at ingest, redact at export, and enforce a schema that carries policy flags with each snippet. Keep a joinable audit log. See PII handling and the audit pages.

Q4. Our legal team asks who owns the generated outputs. What should we track Record the base model license, any fine-tune datasets with rights, and the allowed uses. Store the link to the release note and model card for each production rev.

Q5. We passed eval but a week later users saw regressions Your gate is not attached to change control. Hook the same eval and targets to the approval workflow and block deploys if the gate fails.

Q6. What is a practical rule for waivers Every waiver must have an owner, an expiry, a review link, and a rollback. Put it in a risk register and report open waivers weekly.

Q7. People ask for explainability but do not read long reports Provide a short model card and keep the citation trail visible. For complex cases include one visual lineage join to show where an answer came from.

Q8. Which metrics should appear on an executive dashboard Policy coverage, count of approved changes, open waivers by age, ΔS and coverage medians, incident count and mean time to resolution, and percentage of runs with cite-then-explain.

Q9. How do we align with new regulations without rewriting everything Keep your policy baseline and evidence mapping separate from code. Store proofs in an immutable sink and link them to releases. Update the mappings as new rules arrive.

Q10. What triggers an escalation Any failed gate, waiver beyond expiry, missing lineage, or production PII event. Follow the escalation page and attach a dated recovery plan.

🔗 Quick-Start Downloads (60 sec)

ToolLink3-Step Setup
WFGY 1.0 PDFEngine Paper1️⃣ Download · 2️⃣ Upload to your LLM · 3️⃣ Ask “Answer using WFGY +
TXT OS (plain-text OS)TXTOS.txt1️⃣ Download · 2️⃣ Paste into any LLM chat · 3️⃣ Type “hello world” — OS boots instantly

Explore More

LayerPageWhat it’s for
⭐ ProofWFGY Recognition MapExternal citations, integrations, and ecosystem proof
⚙️ EngineWFGY 1.0Original PDF tension engine and early logic sketch (legacy reference)
⚙️ EngineWFGY 2.0Production tension kernel for RAG and agent systems
⚙️ EngineWFGY 3.0TXT based Singularity tension engine (131 S class set)
🗺️ MapProblem Map 1.0Flagship 16 problem RAG failure taxonomy and fix map
🗺️ MapProblem Map 2.0Global Debug Card for RAG and agent pipeline diagnosis
🗺️ MapProblem Map 3.0Global AI troubleshooting atlas and failure pattern map
🧰 AppTXT OS.txt semantic OS with fast bootstrap
🧰 AppBlah Blah BlahAbstract and paradox Q&A built on TXT OS
🧰 AppBlur Blur BlurText to image generation with semantic control
🏡 OnboardingStarter VillageGuided entry point for new users

If this repository helped, starring it improves discovery so more builders can find the docs and tools.
GitHub Repo stars