Tutorial: Implementing SEA™ Forge Governance

This tutorial provides a step-by-step guide to applying spec-first governance in SEA™ Forge. It walks through creating a governed AI initiative from business understanding to deployment.

1. Quickstart Overview

Before diving into details, here’s the high-level workflow:

Define governance structure: Establish roles and SEA™ DSL policies
Create specifications: ADR → PRD → SDS pipeline
Author SEA™ DSL model: Express business rules as executable policies
Validate and generate: just spec-guard → just pipeline
Deploy with governance: Policy Gateway filtering, Evidence Service logging
Monitor and evolve: Continuous compliance and improvement

2. Step-by-Step Implementation

2.1 Environment Setup

Prerequisites:

# Clone repository
git clone https://github.com/GodSpeedAI/SEA™.git
cd SEA™

# Copy environment template
cp .env.example .env

# Verify environment
just doctor
# Expected: All checks passing

Start Services:

docker-compose up -d

# Verify all containers healthy
docker-compose ps

2.2 Create ADR (Architecture Decision Record)

Purpose: Document the architectural decision and governance requirements for your AI initiative.

Steps:

Generate ADR template:
```
1
just /spec adr
```
Fill in required sections:
- Context: Business problem and why AI is needed
- Decision: Proposed solution architecture
- Consequences: Impact, risks, and governance requirements
- Compliance: Applicable regulations (EU AI Act, HIPAA, etc.)

Example ADR structure:

# ADR-XXX: Customer Service AI Assistant

## Status
Proposed

## Context
Customer service receives 10,000+ inquiries daily.
AI assistant can handle routine queries, reducing response time.

## Decision
Implement LLM-based assistant with Policy Gateway filtering
for PII protection and content safety.

## Governance Requirements
- Policy Gateway: Enable PII and jailbreak filters
- Evidence Service: Log all interactions
- Human escalation: Complex queries require agent review

## Compliance
- GDPR: Data minimization, right to explanation
- EU AI Act: Limited-risk classification (chatbot transparency)

Validate:
```
1
just spec-guard
```

2.3 Create PRD (Product Requirements Document)

Purpose: Define functional requirements linked to governing ADR.

Steps:

Generate PRD template:
```
1
just /spec prd
```
Link to ADR: ```yaml — references:
- type: adr id: ADR-XXX — ```
Define acceptance criteria:
- Functional requirements
- Non-functional requirements
- Governance constraints
Validate:
```
1
just spec-guard
```

2.4 Create SDS (Service Design Specification)

Purpose: Define service architecture with governance built-in.

Steps:

Generate SDS template:
```
1
just /spec sds
```

Include governance sections:

governance:
  policy_gateway:
    enabled: true
    filters:
      - pii_detection
      - jailbreak_prevention
      - content_safety
  evidence_service:
    enabled: true
    retention: 7_years
  invariants:
    - ref: SDS-035
      controls: [1, 2, 5, 8]

Define API contracts:
- Input validation rules
- Output filtering requirements
- Error handling with governance context

Validate:

just sds-validate docs/specs/<context>/sds/XXX-<name>.md

2.5 Author SEA™ DSL Model

Purpose: Express business rules as executable governance policies.

Steps:

Review SEA™ DSL references:
- docs/reference/sea_dsl_language_reference.yml — Grammar and syntax
- docs/reference/sea_dsl_language_idioms.yml — Patterns and conventions

Create policy file:

// Customer Service Assistant Policies
   
context CustomerServiceAssistant:
     
  // PII Protection
  policy PIIFiltering:
    it is obligatory that each CustomerQuery
      has pii_scan = completed
      has pii_detected = false OR pii_redacted = true
      before llm_processing
     
  // Response Safety
  policy ContentSafety:
    it is prohibited that any AssistantResponse
      contains harmful_content = true
      OR contains jailbreak_attempt = true
     
  // Human Escalation
  policy ComplexQueryEscalation:
    it is obligatory that each CustomerQuery
      with complexity_score > 0.7
      has human_agent_assigned = true
      within 5_minutes

Validate SEA™ DSL:

just sea-validate docs/specs/<context>/domain.sea

Parse to AST:

just sea-parse docs/specs/<context>/domain.sea

2.6 Generate Code

Purpose: Transform specifications into governed implementation.

Steps:

Run full pipeline:

just pipeline <context>

Verify determinism:

# Regenerate should match committed code
git diff --exit-code

Review generated code:
- Check governance hooks are present
- Verify policy references in code comments
- Confirm audit trail integration

2.7 Deploy with Governance

Purpose: Ensure runtime governance is active.

Steps:

Run full CI:

just ci
# Includes: spec-guard, drift detection, tests

Verify Policy Gateway:
- Test with sample inputs
- Confirm filtering is active
- Review blocked requests
Verify Evidence Service:
- Generate test events
- Confirm logging
- Test retrieval

Deploy:

# After CI passes
git push origin main

2.8 Monitor and Evolve

Purpose: Maintain continuous governance.

Daily:

Review Policy Gateway violations
Check Evidence Service logs
Address drift alerts

Weekly:

Review governance metrics
Update policies as needed
Team sync on learnings

Quarterly:

Comprehensive policy review
Regulatory alignment check
AGC governance audit

3. Example Project: Financial Advisor Assistant

Scenario

A financial services firm wants to deploy an AI assistant to help customers with investment queries while maintaining GLBA compliance.

Implementation

3.1 ADR:

# ADR-042: Investment Query Assistant

## Governance
- High-risk classification (financial advice)
- GLBA compliance required
- Full audit trail for regulatory review
- Human-in-the-loop for recommendations

3.2 SEA™ DSL Policies:

context InvestmentAdvisor:
  
  policy FinancialAdviceDisclosure:
    it is obligatory that each InvestmentRecommendation
      has disclaimer_shown = true
      has risk_disclosure = acknowledged
      before display_to_customer
  
  policy HumanReviewRequired:
    it is obligatory that each InvestmentRecommendation
      with risk_level = high
      has advisor_review = approved
      before display_to_customer
  
  policy AuditTrailRequired:
    it is obligatory that each CustomerInteraction
      has evidence_logged = true
      has timestamp = captured
      has customer_id = recorded

3.3 Validation:

just sea-validate docs/specs/investment-advisor/policies.sea
just spec-guard
just ci

3.4 Monitoring:

Policy Gateway: Blocks unauthorized financial advice
Evidence Service: 7-year retention for GLBA
Metrics: < 1% human escalation rate

4. Troubleshooting

SEA™ DSL Validation Fails

Problem: just sea-validate returns errors

Solution:

Check syntax against sea_dsl_language_reference.yml
Verify all referenced entities exist
Ensure policy structure follows idioms

Drift Detection Blocks Deployment

Problem: CI fails with drift detection error

Solution:

Regenerate code: just pipeline <context>
Commit regenerated files
Verify: git diff --exit-code

Policy Gateway Not Filtering

Problem: Requests bypass Policy Gateway

Solution:

Check SDS governance configuration
Verify service deployment includes sidecar
Test with known-bad input

5. Next Steps

After completing this tutorial:

Apply to real project: Use TDD cycle workflow

just cycle-start <phase> <cycle> <agent> <slug>

Expand policies: Add domain-specific governance rules
Train team: Share learnings via Enablement curriculum
Contribute: Improve shared policy patterns

Last Updated: January 2026

Version: 1.0.0