Docs
GovAI Core vs hosted platform vs enterprise
Open source vs hosted vs enterprise
GovAI ships in one repository. The boundary is semantic: what you can rely on as a portable core versus optional product integration. This matrix reflects ../../OPEN_SOURCE_SCOPE.md and ../../ARCHITECTURE.md.
Capability matrix#
| Capability | Open source core | Hosted platform | Enterprise |
|---|---|---|---|
| Append-only hash-chained ledger | Yes | Yes (durable GOVAI_LEDGER_DIR) | Yes |
POST /evidence + policy enforcement | Yes | Yes | Yes |
GET /compliance-summary, /bundle, /verify* | Yes | Yes | Yes |
GET /api/export/:run_id | Yes | Yes | Yes |
| API key → tenant ledger isolation | Configurable (GOVAI_API_KEYS_JSON) | Required for pilots | Required |
Postgres + JWT /api/* (teams, workflow) | Optional in tree | Typical | Yes |
| Next.js dashboard | Optional in tree | govbase.dev | Custom deploy |
| Stripe billing webhooks | Optional operator config | When enabled | Contracted |
| Multi-tenant RBAC hardening docs | Reference manifests | Roadmap / partial | Documented patterns |
| Legal / regulatory certification | No | No | No |
Legend: Open source core = portable contract and ledger APIs. Hosted = operator-run SaaS-style deployment on govbase.dev or your cloud. Enterprise = contracted packaging, support, and extended governance surfaces.
Open source core (portable)#
Guaranteed focus: regulation-agnostic identifiers and contracts.
Includes:
- Rust audit service (
rust/, crateaigov_audit) - Canonical contracts (
aigov.bundle.v1, compliance summary v2) - Python bundle/verify/export tooling (not tied to demo Iris model)
- Makefile orchestration (
make audit,make gate,make verify_cli, …)
Omit entirely if you only need file-based ledger + HTTP core.
Hosted platform#
Operator-managed deployment with:
- Durable ledger volume and Postgres
- Mapped API keys per tenant
- Readiness probes (
/readyvs/health) - Optional Stripe (../billing.md)
Guides: ../hosted/overview.md, ../hosted-backend-deployment.md, ../customer-onboarding-10min.md.
Enterprise layer (same repo, different guarantee)#
Includes team-scoped tables, JWT auth, compliance workflow queues, dashboard integration. Not part of the OSS core stability guarantee—may evolve for product wiring.
Detail: ../../ENTERPRISE_LAYER.md.
Demo vs production#
| Item | Demo / prototype | Production-oriented |
|---|---|---|
| Training path | sklearn Iris (pipeline_train) | Your model emitters |
| API keys | GOVAI_API_KEYS (local) | GOVAI_API_KEYS_JSON + tenant map |
| Human approval IDs | prototype_domain conventions | Your event schema |
| Security hardening | Minimal integration | ../security/secure-deployment-checklist.md |
Choosing a path#
| If you need… | Start with… |
|---|---|
| CI gate + audit export only | Core HTTP + Python CLI |
| Team dashboard + workflow | Hosted + enterprise APIs |
| Due diligence packet | ../buyer/README.md |