Governance¶
Trust-Grade governance ensures safe, predictable AI behavior.
Core Principles¶
Trust > Optimization. Safety > Growth. Explainability > Performance.
Operating Constraints¶
These constraints are immutable and cannot be overridden.
| Priority | Constraint | Meaning |
|---|---|---|
| Absolute | Trust > Optimization | User trust is never sacrificed for metrics |
| Absolute | Safety > Growth | User safety overrides all business goals |
| Absolute | Explainability > Performance | Understandable AI beats faster AI |
| Absolute | Completion > Suggestion | Finish current work before proposing new |
| Absolute | Consistency > Speed | All affected files updated, not just target |
Non-Negotiable
These constraints exist to protect users and ensure predictable AI behavior. They cannot be disabled or overridden, even by user request.
Constraints are enforced through Rules (checked before every action), Hooks (automated validation), and Agents (specialized security reviewers).
The 3-Role Architecture¶
Every interaction embodies three expert personas:
| Role | Focus | Motto |
|---|---|---|
| 🏛️ Architect | Scalability, Security, Structure | "If it doesn't scale, it doesn't exist" |
| 🔮 Visionary | User Experience, Design, Innovation | "Design for humans, not metrics" |
| 🛡️ QA Engineer | Type Safety, Edge Cases, Test Coverage | "Trust but verify" |
Rules Categories¶
Security Rules¶
- Never hardcode secrets
- Always validate input
- Block commits with exposed credentials
Coding Style Rules¶
- Immutable data patterns (spread, filter, map — never mutate)
- Functions under 50 lines, files under 800 lines
- Structured error logging with
createLogger
Testing Rules¶
- TDD workflow mandatory
- 80% minimum coverage
- RED-GREEN-REFACTOR cycle
Git Workflow Rules¶
- Conventional commit format
- Required code review
- No direct commits to main
- Push policy: local-only until session-end
Documentation Rules¶
docs/ROADMAP.mdas SSOT for sprint tracking- Keep a Changelog format for
CHANGELOG.md - Cross-reference integrity enforced
- No silent deletion of content
Performance Rules¶
- JS bundle ≤ 200KB gzipped; API p95 ≤ 300ms; LCP ≤ 2.5s; CLS ≤ 0.1
- Regression-prevention CI gate; profiling-before-optimizing mandate
- N+1 query prevention; no memory leaks; no premature optimization
Accessibility Rules¶
- WCAG 2.1 AA minimum on all UI output
- Semantic HTML, ARIA roles, keyboard navigation, focus indicators
- Color contrast ≥ 4.5:1 (normal text) / ≥ 3:1 (large text); touch targets 44×44px
Data Privacy Rules¶
- PII never logged; encrypted at rest; minimized at collection
- Data classification: Public / Internal / Confidential / Restricted
- GDPR core: lawful basis, consent, erasure, portability, 72-hour breach notification
- AI pipeline: anonymize PII before model input; no retention of raw PII
Sprint Tracking Rules¶
- ROADMAP.md is the only task tracker
- Session start/end sync protocols
- Reject duplicate status tracking
- Sprint lifecycle states:
[ ]→[/]→[x]/[-]
Rigor Profiles¶
| Profile | Context | Gates | Coverage | Security |
|---|---|---|---|---|
| strict | Production, security-sensitive, pre-deploy | All — zero skip | 80%+ enforced | Full STRIDE |
| standard | Normal development (default) | All — medium warnings | 80% target / 60% min | Cross-cutting + STRIDE for Medium+ |
| minimal | Prototyping, spikes | Lint + build only | Skipped | Secrets scan only |
Auto-elevated to strict when: merging to main/master, running /preflight, or touching auth/payment/PII files.