Skip to content
BaselineOS

Govern — Rules & Compliance

Purpose

Section titled “Purpose”

The compliance engine. Enforces your organization’s rules on every AI operation. Like the security framework and system policies of an OS, Govern is the rules everything else follows. Policies are enforced at execution time, violations block execution, and the audit trail is persistent and append-only. Every governed execution produces a GovernEvidenceBundle that an external auditor can inspect without additional context. The most mature layer package (v1.0.0, 104+ tests).

Key interfaces

Section titled “Key interfaces”
interface Policy {
  id: string;
  name: string;
  status: 'draft' | 'approved' | 'enforced' | 'deprecated';
  severity: 'low' | 'medium' | 'high' | 'critical';
  enforcement: 'advisory' | 'warn' | 'block';
  rules: PolicyRule[];
}


interface PolicyEvaluation {
  policyId: string;
  passed: boolean;
  score: number;                    // 0-100
  violations: PolicyViolation[];
  enforcementAction: 'allow' | 'warn' | 'block' | 'approval_required';
}


interface GovernEvidenceBundle {
  policy?: Policy;
  latestEvaluation?: PolicyEvaluation;
  approvals: ApprovalRequest[];
  auditTrail: GovernanceAuditEvent[];
}

Usage

Section titled “Usage”
import { BaselineGovernSystem } from '@baselineos/govern';


const govern = new BaselineGovernSystem({
  persistPath: '.baseline/govern/audit-trail.json',
});


// Create, approve, and enforce a policy
const { policy } = await govern.policies.create(
  'Data Residency',
  'Block cross-border transfers',
);
await govern.policies.approve(policy.id, 'compliance-officer');
const result = await govern.policies.enforce(policy.id, { region: 'GH' });
// { success: true, evaluation: { enforcementAction: 'allow' } }

LayerSweep checks

Section titled “LayerSweep checks”

The layer sweep runs four checks against Govern:

CheckWhat it validates
Audit trailAppend-only audit trail is active and backed by persistent storage
Compliance regimeA compliance standard is enforced (e.g. NDPC, ISO 27001, AfCFTA)
Policy enforcementStrict enforcement mode is active — violations block execution
Evidence productionAn evidence bundle will be produced for the current task context

References

Section titled “References”