Docs
Customer CI quickstart
Customer and CI quickstart#
This page is the canonical integration overview for the hosted audit API and the aigov CLI. For a step-by-step hosted console walkthrough (~10 minutes), use customer-onboarding-10min.md (also mirrored under Help → Getting started on govbase.dev). For a local developer loop with Docker/Rust/Postgres on loopback, use quickstart-5min.md.
The legacy govai command remains available as a deprecated alias for existing integrations.
Public documentation for readers is rendered on govbase.dev from this docs/ tree (for example /docs/quickstart, /docs/api-reference). The canonical prose remains in GitHub so CI link checks and contributors edit one source.
What is AIGov#
AIGov is an audit-backed decision service: you append structured evidence for a run_id, and the hosted API returns a single authoritative verdict (VALID / INVALID / BLOCKED) from GET /compliance-summary. Semantics are defined in trust-model.md.
CI often calls aigov check against the same run_id so merges or deploys fail unless the server verdict is VALID. Production-style release gates should use aigov submit-evidence-pack followed by aigov verify-evidence-pack (digest + optional export cross-check) as documented in github-action.md—check alone does not prove artefact continuity.
Use one value for GOVAI_RUN_ID end to end: evidence submission → decision readout (check and/or workflow) → aigov export-run.
Preview runtime: POST /v1/runtime/evaluate exists as a preview namespace (see api-reference.md and OpenAPI). It does not replace GET /compliance-summary as the authoritative gate for promotion verdicts.
Billing: if your operator enables Stripe on the hosted endpoint, see billing.md for checkout, status, usage reporting, and enforcement.
Evidence lifecycle
How an evidence event moves from emission to an auditable ledger record.
Record evidence
Emit a lifecycle event to the audit ledger (read-only preview — no live call).
PreviewPOST /evidence
View expected output
Prerequisites#
- Python 3.10+
- GOVAI_AUDIT_BASE_URL — base URL of your AIGov audit service
- Optional: GOVAI_API_KEY if your endpoint requires a Bearer token
Install pin must match version in python/pyproject.toml for the release you use.
Ledger tenant: which ledger you read/write is determined only by your API key (GOVAI_API_KEYS_JSON on the server). The optional X-GovAI-Project header (and aigov --project) is metadata for usage labels and does not isolate ledger data.
Hosted billing (Stripe)#
If you use a hosted AIGov audit endpoint with Stripe, see billing.md for:
- Checkout (POST /billing/checkout-session)
- Billing status (GET /billing/status)
- Usage reporting (POST /billing/report-usage)
- Billing portal (POST /billing/portal-session)
- Invoices (GET /billing/invoices)
- Reconciliation (GET /billing/reconciliation)
- Webhooks and enforcement behavior
Billing identity is always the ledger tenant derived from your API key, not X-GovAI-Project.
Step by step integration#
Hosted CI integration
- 1Install CLI
Pin must match python/pyproject.toml for your release tag.
- 2Configure endpoint
Omit GOVAI_API_KEY only for legacy unauthenticated dev endpoints.
- 3Create run_id
- 4POST evidence
See full payload example in repository customer-quickstart history or quickstart-5min.md.
- 5Gate on verdict
Expected output
After only the minimal event, aigov check usually returns BLOCKED until the full promotion sequence is recorded. Export when ready:
Expected results#
- CLI runs without error
- Evidence endpoint returns 200
- aigov check returns a verdict
- export-run produces JSON
Troubleshooting#
aigov command not found
Reinstall CLI and ensure PATH is correct (legacy govai alias uses the same package)
401 or 403
Check GOVAI_API_KEY
BLOCKED
Missing evidence or approval
VALID locally but fails in CI
Ensure same GOVAI_RUN_ID, API base URL, and API key