GovAI
Documentation
Audit-backed governance for AI systems
GovAI records lifecycle evidence, evaluates policy, and returns VALID, INVALID, or BLOCKED per run. Start with What is GovAI? or the 5-minute quickstart.
Start here
Run the audit service locally and submit your first evidence in minutes.
Rust ledger, policy enforcement, Postgres, and how components connect.
VALID, INVALID, BLOCKED verdicts and trust boundaries.
Pack schema, digests, and exportable audit artefacts.
OpenAPI surfaces: evidence ingest, compliance summary, enterprise routes.
Hosted backend, Postgres, readiness checks, and operator configuration.
Tenant isolation, secrets, incident response, and secure deployment.
Buyer due diligence hub: architecture, security, deployment, and FAQ.
Evidence lifecycle
How an evidence event moves from emission to an auditable ledger record.
Implementation flow
- 1Emit evidencePOST /evidence
- 2Policy + ledgerHash-chained append
- 3Compliance summaryVALID / INVALID / BLOCKED
- 4CI gate or exportBlock deploy · bundle
Capability matrix
GovAI Core (self-host) vs proprietary hosted platform and enterprise layers. Full comparison →
| Capability | GovAI Core | Hosted | Enterprise |
|---|---|---|---|
| Hash-chained audit ledger | ✓ | ✓ | ✓ |
| POST /evidence + policy enforcement | ✓ | ✓ | ✓ |
| CI compliance summary gate | ✓ | ✓ | ✓ |
| API key → tenant isolation | ✓ | ✓ | ✓ |
| JWT /api/* workflow & assessments | — | ✓ | ✓ |
| Operator dashboard (govbase.dev) | — | ✓ | ✓ |
| Stripe billing (operator-configured) | — | ✓ | ✓ |
Compliance verdict
Summarize prerequisites for VALID — same contract as CI gates.
PreviewGET /compliance-summary
View expected output
Try it
Check compliance for a run
Fetch the authoritative compliance-summary verdict for a run_id after evidence is recorded.
View expected output
Next step5-minute quickstart
Product
What GovAI is and why it matters
- What is GovAI?Product overview and value proposition
- How GovAI worksEvidence, policy, and compliance decisions
- GovAI Core vs hosted platform vs enterpriseCapability matrix and license boundaries
- Why auditability matters
- Use cases
- Roadmap
Developers
Quickstarts, integrations, and contributing
- Integration patterns
- QuickstartLocal 5-minute audit service demo
- Customer CI quickstartHosted and CI integration
- GitHub Action
- ContributingLocal development and CI gates
Architecture
System design and onboarding flow
Compliance & trust
Governance, regulatory mapping, trust center
- Governance modelTrust model and verdict definitions
- Evidence packsGovernance evidence pack standard
- Regulatory evidence (EU AI Act)
- Trust center
Enterprise
Buyers, pilots, and platform packaging
- PricingCommercial tiers: GovAI Core, Hosted Professional €499/month, enterprise, advisory
- Enterprise platform
- Buyer due diligenceArchitecture, security, deployment, FAQ
- ROI and business case
- Hosted service contractManaged cloud boundaries and data ownership
Reference
API, CLI, and Functions 2.0
- API reference
- CLI reference
- GovAI Functions 2.0Decision intelligence and read APIs
Operations
Deployment and security operations
- DeploymentHosted backend deployment
- Hosted user roles and permissionsTenant RBAC and API key scopes on govbase.dev
- govbase.dev production deploymentProduction architecture and deployment checklist
- Security overview
Canonical Markdown sources live in the repository under docs/. Full index: docs/index.md.