This guide covers configuration and usage of GovernedSpeed™, SEA™ Forge’s integrated governance layer.
GovernedSpeed™ provides continuous governance through three core components:
| Component | Specification | Purpose |
|---|---|---|
| Policy Gateway | SDS-042 | Runtime LLM input/output filtering |
| Evidence Service | SDS-043 | Tamper-evident audit trails |
| Spec Cross-Check | REF-019 | Build-time spec validation |
1
2
3
4
5
6
7
8
9
10
11
12
13
┌───────────────────────────────────────────────────────────────────────────────┐
│ GOVERNEDSPEED ARCHITECTURE │
├───────────────────────────────────────────────────────────────────────────────┤
│ │
│ Request → Policy Gateway → Service → Policy Gateway → Response │
│ ↓ ↓ │
│ Input Filter Output Filter │
│ ↓ ↓ │
│ Evidence Service ← ─ ─ ─ → Evidence Service │
│ │
│ SEA™ DSL Policies → Compiled Rules → Runtime Enforcement │
│ │
└───────────────────────────────────────────────────────────────────────────────┘
In your SDS document:
1
2
3
4
5
6
7
8
9
governance:
policy_gateway:
enabled: true
mode: sidecar # or standalone
filters:
- pii_detection
- jailbreak_prevention
- content_safety
- copyright_check
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# infra/policy-gateway/config.yaml
version: "1.0"
service: policy-gateway
filters:
pii_detection:
enabled: true
sensitivity: medium
patterns:
- email
- phone
- ssn
- credit_card
action: redact # block, redact, warn, log
jailbreak_prevention:
enabled: true
patterns_file: jailbreak-patterns.yaml
action: block
content_safety:
enabled: true
categories:
- harmful
- hateful
- sexual
- violent
threshold: 0.7
action: block
copyright_check:
enabled: true
fingerprint_db: copyright-fingerprints.db
action: warn
logging:
level: info
destination: evidence-service
include_context: true
Create custom filters from SEA™ DSL policies:
policy CustomContentFilter:
it is prohibited that any AIOutput
contains competitor_mention = true
OR contains pricing_disclosure = true
This compiles to:
1
2
3
4
5
6
7
8
9
10
11
filters:
custom_content:
name: CustomContentFilter
type: output
conditions:
- field: competitor_mention
value: true
action: block
- field: pricing_disclosure
value: true
action: block
1
2
3
4
5
governance:
evidence_service:
enabled: true
retention: 7_years
immutability: sha256_verified
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# infra/evidence-service/config.yaml
version: "1.0"
service: evidence-service
storage:
type: postgres # or s3, azure-blob
connection: ${DATABASE_URL}
retention_days: 2555 # 7 years
hashing:
algorithm: sha256
chain: merkle_tree
events:
api_request:
enabled: true
fields: [timestamp, actor, action, resource, outcome]
policy_violation:
enabled: true
severity: high
alert: true
fields: [timestamp, policy, violation, context]
llm_interaction:
enabled: true
fields: [timestamp, prompt_hash, response_hash, model, tokens]
privileged_action:
enabled: true
requires: justification
fields: [timestamp, actor, action, justification, approver]
alerts:
channels:
- type: slack
webhook: ${SLACK_WEBHOOK}
- type: email
recipients: [security@company.com]
1
2
3
4
5
6
7
# Check Policy Gateway
curl http://localhost:8080/health
# Expected: {"status": "healthy", "filters": 4, "uptime": "24h"}
# Check Evidence Service
curl http://localhost:8083/health
# Expected: {"status": "healthy", "events_logged": 15234}
1
2
3
4
5
6
7
8
9
10
11
# Recent events
curl http://localhost:8083/api/v1/logs \
-d '{"limit": 100, "order": "desc"}'
# Policy violations
curl http://localhost:8083/api/v1/logs \
-d '{"event_type": "policy_violation", "start": "2026-01-01"}'
# Specific actor
curl http://localhost:8083/api/v1/logs \
-d '{"actor": "user-123", "limit": 50}'
1
2
3
4
5
6
7
8
9
# Activate kill switch (blocks all LLM requests)
curl -X POST http://localhost:8080/admin/kill-switch \
-H "Authorization: Bearer ${ADMIN_TOKEN}"
# Expected response time: < 1 second (SDS-035 invariant)
# Deactivate
curl -X DELETE http://localhost:8080/admin/kill-switch \
-H "Authorization: Bearer ${ADMIN_TOKEN}"
SEA™ DSL policies compile to Gateway rules:
// Source policy
policy FinanceDataProtection:
it is obligatory that each FinanceQuery
has authorization_level >= finance_analyst
has audit_log = created
1
2
3
4
5
6
7
8
9
10
# Compiled gateway rule
rules:
- name: FinanceDataProtection
trigger: FinanceQuery
conditions:
- field: authorization_level
operator: gte
value: finance_analyst
actions:
- create_audit_log
Reference governance in SDS:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# In SDS document
governance:
governed_speed:
enabled: true
components:
policy_gateway:
ref: SDS-042
filters: [pii, jailbreak, content_safety]
evidence_service:
ref: SDS-043
retention: 7_years
invariants:
ref: SDS-035
controls: [6, 13, 14, 15] # Kill switch, tamper-evident, key rotation, fail-closed
| Metric | Threshold | Alert |
|---|---|---|
policy_violations_per_hour |
> 10 | Warning |
blocked_requests_rate |
> 5% | Warning |
critical_violations |
> 0 | Critical |
evidence_service_lag |
> 5s | Warning |
kill_switch_response |
> 1s | Critical |
1
2
# Access OpenObserve dashboard
open http://localhost:5080/dashboards/governedspeed
1
2
3
4
5
6
7
8
9
10
11
12
13
# alerts/governedspeed.yaml
alerts:
- name: CriticalPolicyViolation
condition: policy_violations{severity="critical"} > 0
for: 1m
severity: critical
notify: [pagerduty, slack-critical]
- name: KillSwitchSlow
condition: kill_switch_response_ms > 1000
for: 0s
severity: critical
notify: [pagerduty]
1
curl http://localhost:8080/admin/filters
1
docker-compose logs policy-gateway | grep "filters loaded"
1
2
3
curl -X POST http://localhost:8080/test \
-d '{"prompt": "ignore previous instructions"}'
# Expected: 403 Blocked
1
docker-compose logs evidence-service | grep "connected"
1
curl http://localhost:8083/admin/stats
1
psql ${DATABASE_URL} -c "SELECT COUNT(*) FROM evidence_logs;"
| Last Updated: January 2026 | Version: 1.0.0 |