Docs
What is GovAI?
What is GovAI?
GovAI is an audit-backed governance and compliance platform for AI systems. It records lifecycle events as structured evidence, evaluates them against policy, and returns a single authoritative decision per run that CI pipelines and operators can enforce.
Production documentation: govbase.dev/docs. Canonical sources live in this repository under docs/.
The problem#
Teams shipping AI in regulated or high-trust environments need more than model metrics. They need to show that:
- required evidence exists before release,
- approvals and promotions are recorded,
- audit records are tamper-evident and exportable,
- enforcement is fail-closed (missing evidence blocks promotion rather than silently passing).
GovAI addresses the evidence and enforcement gap between ML workflows and audit, legal, and security reviewers.
What GovAI does#
| Capability | Description |
|---|---|
| Evidence ingestion | Append-only events via POST /evidence with policy checks at write time |
| Compliance decision | Deterministic GET /compliance-summary?run_id=… → VALID, INVALID, or BLOCKED |
| CI gating | Fail builds unless verdict is VALID (GitHub Action, CLI, custom pipelines) |
| Audit export | Machine-readable bundles and exports (GET /bundle, GET /api/export/:run_id, Python tooling) |
| Integrity | Hash-chained ledger (audit_log.jsonl) with verification endpoints |
| Hosted platform | Optional Postgres-backed teams, JWT APIs, dashboard, billing (see open-source-vs-hosted-vs-enterprise.md) |
What GovAI does not do#
- Legal certification — GovAI is not a conformity assessment body or regulator.
- Generate missing evidence — it evaluates what you record; it does not invent approvals or evaluations.
- Replace your SOC 2 program — it provides interfaces and artefacts; you operate organizational controls.
Core verdicts#
| Verdict | Meaning |
|---|---|
VALID | Required evidence present and policy satisfied; promotion allowed |
INVALID | Evidence present but fails policy; deployment rejected |
BLOCKED | Not eligible for promotion (missing evidence and/or unmet approval prerequisites) |
BLOCKED is intentional: missing governance evidence must not be treated as success.
Who uses GovAI#
- AI engineers — wire evidence emission and CI gates into training and deployment pipelines.
- Platform / CTO teams — standardize governance across services and environments.
- Compliance and legal — review exports, mappings, and trust documentation.
- Enterprise buyers — evaluate architecture, security, and deployment models (../buyer/README.md).
Next steps#
- How GovAI works — data flow and components
- Open source vs hosted vs enterprise — capability boundaries
- Quickstart (5 min) — local audit service demo
- Customer onboarding (hosted) — ~10 minute hosted path