Implementation Plan: GovernedSpeed™ Runtime (Consolidated)

Consolidation Notice: This plan unifies P007 (Governed Execution), P021 (CALM Governance), and P030 (Governance Invariants) per ADR-031, which adopts GovernedSpeed™ as the integrated governance substrate.

Supersession: SDS-042 (Policy Gateway) and SDS-043 (Risk & Evidence) are superseded by SDS-047 (GovernedSpeed™ Governance Runtime). See REF-012 §10 for the Active Invariant Catalog.

Purpose

Deliver the unified governance plane for SEA-Forge™: runtime policy enforcement (Policy Gateway), evidence collection (Risk & Evidence), architectural validation (CALM), and system-wide invariant enforcement — all operating as a single cohesive substrate per the GovernedSpeed™ integration strategy.

Pre-Flight Validation

ADR Validation

Check Requirement Pass
ADR-031 exists docs/specs/shared/adr/031-governedspeed-integration.md [x]
Has Context section Governance substrate requirements [x]
Has Decision section Adopts GovernedSpeed™ with unified SDS-047 [x]
Has Constraints section MUST use SDS-047, fail-closed enforcement [x]
Has Consequences section Documents trade-offs [x]
References prior ADRs ADR-028 (LLMOps), ADR-005 (CALM) [x]
Check Requirement Pass
ADR-028 exists docs/specs/shared/adr/028-governedspeed-llmops-architecture.md [x]
ADR-005 exists docs/specs/shared/adr/005-architectural-governance-calm.md [x]

PRD Validation

Check Requirement Pass
PRD-010 exists AI Governance Runtime [x]
PRD-021 exists GovernedSpeed™ Platform Integration [x]
PRD-004 exists Automated Architectural Compliance [x]
PRD-005 exists Architectural Transparency [x]

SDS Validation

Check Requirement Pass
SDS-047 exists docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml [x]
Has metadata.supersedes SDS-042, SDS-043 [x]
Has metadata.satisfies PRD-010, ADR-028, ADR-031 [x]
Schema valid YAML format [x]

REF-012 Validation

Check Requirement Pass
REF-012 exists docs/specs/.internal/012-invariant-regime.md [x]
Has §10 (Active Catalog) Invariant catalog schema defined [x]

Provenance & Traceability

Architectural Decisions (ADRs)

ADR ID Decision Title Impact on This Plan
ADR-031 GovernedSpeed™ Integration Strategy Primary: Adopts GovernedSpeed™ as unified runtime substrate; defines SDS-047 as canonical spec.
ADR-028 GovernedSpeed™ LLMOps Architecture Policy-as-Code, sidecar enforcement, evidence collection patterns.
ADR-005 Architectural Governance (CALM) CALM is architecture-as-code source of truth; integrates with governance runtime.
ADR-029 Observability Stack Architecture Governance decisions emit OTLP metrics/logs/traces with semantic context.
ADR-011 Internal Federated Ledger (IFL) High-stakes decisions attestable; break-glass actions auditable.
ADR-001 Core Principles Foundation for invariant regime (7 principles).
ADR-014 Ciphered Reasoning Loop Invariant-preserving transformations across representations.
ADR-016 Externalized Invariants Invariants live outside model tokens on governed substrate.

Product Requirements (PRDs)

PRD ID Requirement Title Satisfied By (SDS) Key Requirements
PRD-010 AI Governance Runtime SDS-047 REQ-GS-001..005 (fail-closed, evidence, metrics)
PRD-021 GovernedSpeed™ Platform Integration SDS-046, SDS-047 Integration workflows, YAML mapping
PRD-004 Automated Architectural Compliance SDS-039, SDS-047 CALM validation, CI gates
PRD-005 Architectural Transparency SDS-039 Interactive C4 visualization

Software Design Specifications (SDS)

SDS ID Service/Component Bounded Context Status Notes
SDS-047 GovernedSpeed™ Governance Runtime governance-runtime Proposed Primary spec: Unifies Policy Gateway + Risk & Evidence
SDS-039 CALM CLI Service architectural-governance MVP Validation + visualization
SDS-046 GovernedSpeed™ Integration shared Proposed SEA-DSL → YAML compilation mapping
SDS-031 Authority & Ownership Boundaries shared Draft Separation of duties, non-delegable approvals
SDS-042 Policy Gateway Service SUPERSEDED → Merged into SDS-047
SDS-043 Risk & Evidence Service SUPERSEDED → Merged into SDS-047
SDS-035 Governance Invariants SUPERSEDED → REF-012 §10 (Active Invariant Catalog)

Reference Documents

REF ID Document Relevance
REF-012 Invariant Regime Specification §10 defines Active Invariant Catalog (replaces SDS-035)
REF-020 IAGPM-GenAI Framework NIST AI RMF + ISO 42001 + EU AI Act synthesis

Provenance Chain

graph TD
  ADR31[ADR-031: GovernedSpeed™ Integration] --> PRD10[PRD-010: AI Governance Runtime]
  ADR31 --> PRD21[PRD-021: GovernedSpeed™ Platform]
  ADR28[ADR-028: LLMOps] --> PRD10
  ADR05[ADR-005: CALM] --> PRD04[PRD-004: Architectural Compliance]
  ADR05 --> PRD05[PRD-005: Transparency]

  PRD10 --> SDS47[SDS-047: GovernedSpeed™ Runtime]
  PRD21 --> SDS47
  PRD04 --> SDS39[SDS-039: CALM CLI]
  PRD05 --> SDS39

  SDS47 --> SDS42[SDS-042: SUPERSEDED]
  SDS47 --> SDS43[SDS-043: SUPERSEDED]

  ADR01[ADR-001: Core Principles] --> REF12[REF-012 §10: Invariant Catalog]
  ADR14[ADR-014: CRL] --> REF12
  REF12 --> SDS35[SDS-035: SUPERSEDED]

  subgraph "Target Specs (Active)"
    SDS47
    SDS39
    REF12
  end

  subgraph "Superseded (Do Not Reference)"
    SDS42
    SDS43
    SDS35
  end

  style SDS42 fill:#ffcccc
  style SDS43 fill:#ffcccc
  style SDS35 fill:#ffcccc

Architecture and Design

Component Overview

Component Role Source (GovernedSpeed™) Spec
Policy Gateway Sidecar enforcing Policy-as-Code rules apps/policy-gateway SDS-047 §entities.PolicyGateway
Risk & Evidence Service Tamper-evident audit ledger apps/risk-evidence-service SDS-047 §entities.RiskEvidenceService
CALM CLI Architecture-as-code validation FINOS @finos/calm-cli SDS-039
Invariant Regime Active invariant catalog SEA-DSL + REF-012 REF-012 §10

Design Principles Applied

Dependency Justification

GovernedSpeed™ Runtime Dependencies

Dependency Type Version Justification ADR/SDS Reference
fastapi Python 0.115+ Policy Gateway HTTP server SDS-047, ADR-028
pydantic Python 2.x Schema validation for policies/evidence SDS-047
opentelemetry-* Python 1.x Observability instrumentation ADR-029
litellm Python 1.x LLM provider abstraction (if inference interception) ADR-035

CALM Ecosystem Dependencies

Dependency Type Version Package Justification ADR/SDS Reference
CALM CLI Node.js CLI 0.x @finos/calm-cli Validate architectural definitions ADR-005, SDS-039
Structurizr CLI Java CLI 2024.x Docker/binary C4 diagram generation SDS-039
Structurizr DSL Node.js 2.x @structurizr/dsl Programmatic DSL parsing SDS-039

Compliance-as-Code Dependencies

Dependency Type Version Package Justification ADR/SDS Reference
Trestle Python CLI 3.x compliance-trestle OSCAL document management ADR-028, REF-020
Lula Go CLI 0.x releases binary CI compliance validation SDS-047
OSCAL-lib Python 1.x oscal-lib Programmatic schema gen/validation SDS-047
Giskard Python 2.x giskard ML bias/safety testing, evidence gen ADR-028, SDS-047
OPA CLI/WASM latest opa Runtime policy evaluation (Rego) SDS-047

Expected Filetree

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

/
├── docs/specs/shared/sds/
│   ├── 047-governedspeed-governance-runtime.sds.yaml  # PRIMARY SPEC
│   ├── 039-calm-cli-service.md
│   ├── 046-governedspeed-integration.md
│   ├── 031-authority-ownership-boundaries.md
│   ├── 042-policy-gateway-service.md       # SUPERSEDED marker only
│   └── 043-risk-evidence-service.md        # SUPERSEDED marker only
├── docs/specs/.internal/
│   └── 012-invariant-regime.md             # REF-012 with §10 Active Catalog
├── schemas/
│   ├── events/governance/
│   │   ├── governance-decision.schema.json
│   │   ├── evidence-artifact.schema.json
│   │   └── waiver-record.schema.json
│   └── compliance/
│       ├── oscal/
│       │   ├── eu-ai-act.profile.json
│       │   ├── nist-ai-rmf.profile.json
│       │   └── iso-42001.profile.json
│       └── opa/
│           ├── bias-threshold.rego
│           └── training-transparency.rego
├── infra/
│   └── compliance/
│       └── lula-validation.yaml
└── .github/workflows/
    └── governance-gate.yml

Proposed Cycles (Worktree-First)

Cycle Worktree Branch Wave Implements From Plan
C1A ../SEA-p7-c1A cycle/p7-c1A-sds047-contracts 1 SDS-047 entities + events schemas P007
C1B ../SEA-p7-c1B cycle/p7-c1B-calm-cli-contract 1 SDS-039 validation/viz contracts P021
C1C ../SEA-p7-c1C cycle/p7-c1C-invariant-regime 1 REF-012 §10 active catalog schema P030
C2A ../SEA-p7-c2A cycle/p7-c2A-oscal-profiles 2 OSCAL profiles (EU AI Act, NIST, ISO) P007/P021
C2B ../SEA-p7-c2B cycle/p7-c2B-opa-policies 2 OPA Rego rules (bias, transparency) P007
C3A ../SEA-p7-c3A cycle/p7-c3A-evidence-integration 3 Evidence hashing to IFL, Giskard artifacts P007/P021
C3B ../SEA-p7-c3B cycle/p7-c3B-authority-hooks 3 SDS-031 approval/SoD enforcement P007/P030
C4A ../SEA-p7-c4A cycle/p7-c4A-ci-governance-gate 4 GitHub Actions workflow + Lula P007/P021/P030

Task Breakdown

Wave 1: Contract Definitions (Parallel)

Wave 2: Compliance Infrastructure (Depends on Wave 1)

Wave 3: Integration (Depends on Wave 2)

Wave 4: CI Enforcement (Depends on Wave 3)

Validation & Verification

Spec Validation

Implementation Validation

Determinism Check

1
2
3

just pipeline governance-runtime
just regen-check docs/specs/governance-runtime/governance-runtime.manifest.json
git diff --exit-code  # Must be clean

Open Questions

  1. OSCAL Profile Sourcing: Should we use existing NIST OSCAL catalogs or create SEA-specific mappings? → Prefer existing + overlay
  2. Waiver Storage: Where should waiver records be stored? → SDS-047 Risk & Evidence Service + IFL anchor
  3. Invariant Enforcement Mode: Which invariants are warn-only in staging? → Performance + experimental, NEVER safety

Risks & Mitigation

Risk Likelihood Impact Mitigation Strategy
Overly strict invariants block delivery Medium High Phase-in enforcement; allow time-bound waivers
Waiver abuse or lack of audit Low High Enforce SDS-031 approval rules + immutable audit logs
OSCAL tooling complexity Medium Medium Start with Lula + single profile; add Trestle incrementally
Policy Gateway latency Low Medium Co-locate as sidecar; implement caching per ADR-028

Rollback Strategy

  1. Disable CI governance gate via feature flag (SEA_GOVERNANCE_GATE_ENABLED=false)
  2. Temporarily downgrade non-critical invariants to warnings
  3. Critical (safety) invariants remain fail-closed always

Active Specifications

Type ID Document
ADR ADR-031 docs/specs/shared/adr/031-governedspeed-integration.md
ADR ADR-028 docs/specs/shared/adr/028-governedspeed-llmops-architecture.md
ADR ADR-005 docs/specs/shared/adr/005-architectural-governance-calm.md
SDS SDS-047 docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml
SDS SDS-039 docs/specs/architectural-governance/sds/039-calm-cli-service.md
SDS SDS-046 docs/specs/shared/sds/046-governedspeed-integration.md
SDS SDS-031 docs/specs/shared/sds/031-authority-ownership-boundaries.md
REF REF-012 docs/specs/.internal/012-invariant-regime.md (§10 Active Catalog)
REF REF-020 docs/specs/shared/reference/020-iagpm-genai-framework.md

Superseded Specifications (Do Not Reference)

Type ID Document Superseded By
SDS SDS-042 Policy Gateway Service SDS-047
SDS SDS-043 Risk & Evidence Service SDS-047
SDS SDS-035 Governance Invariants REF-012 §10

Archived Plans

Plan ID Title Archived To
P007 (original) Governed Execution Runtime docs/plans/.archive/7_GovernedExecutionRuntime.plan.md
P021 CALM Architectural Governance docs/plans/.archive/21_CalmArchGovernance.plan.md
P030 Governance Invariants docs/plans/.archive/30_GovernanceInvariants.plan.md