-
Notifications
You must be signed in to change notification settings - Fork 168
GovOps: MVP
This MVP outlines the smallest set of features that still provides compelling, differentiated value to customers by delivering real-time governance, provable policy correctness, and essential compliance visibility.
graph TB
subgraph App["Agama Lab Frontend Application"]
subgraph Sections["Main Sections"]
PolicySection[Policy Designer Section]
SchemaSection[Schema Registry Section]
ComplianceSection[Compliance Section]
DashboardSection[Dashboard Section]
end
end
PolicySection --> PolicyListPage[Policy List Page]
PolicySection --> PolicyEditorPage[Policy Editor Page]
PolicySection --> CedarSchemaEditor[Cedar Schema Editor]
PolicySection --> TrustEditor[Trusted Issuer Editor]
PolicySection --> CedarAnalysis[Cedar Analysis Tools]
SchemaSection --> SchemaListPage[Schema List Page]
SchemaSection --> SchemaEditorPage[Schema Editor Page]
SchemaSection --> SchemaVersionPage[Version Management Page]
ComplianceSection --> ComplianceMappingPage[Control Mapping Page]
ComplianceSection --> EvidencePage[Evidence Export Page]
DashboardSection --> DashboardPage[Dashboard Page]
DashboardPage --> DecisionView[Decision Stream View]
DashboardPage --> KPIView[KPI View]
style PolicySection fill:#e1f5ff
style SchemaSection fill:#e3f2fd
style ComplianceSection fill:#e8f5e9
style DashboardSection fill:#fff4e1
These three features form the smallest coherent governance/compliance solution that still demonstrates Agama’s strength without overbuilding.
- Policy stores published via GitHub Releases
- Cedarling evaluates policies locally on AI agents
- Batched decision logs sent from Cedarling to Hub System
Value: Customers gain immediate control over AI agent behavior.
- Web UI for Cedar policy and schema authoring
- Real-time syntax validation
- Cedar Analysis tools to detect unsafe or conflicting policies
Value: Prevents dangerous policies from ever reaching production.
- Minimal OSCAL component-definition builder
- Simple mapping of controls → policies
Value: Gives organizations demonstrable governance evidence.
As an AI or MCP Developer, I want to author Cedar policies in a web UI and validate them, so that I can deploy correct policies with confidence.
Acceptance Criteria
- Policy authoring interface
- Real-time syntax checking
- Formal validation detecting conflicts, unsafe allow/deny patterns
As an AI Developer, I want to push policy updates via GitHub so that agents receive and enforce the latest version automatically.
Acceptance Criteria
- GitHub-based versioning
- GitHub Releases trigger distribution
- Agents update without downtime
As a Governance Officer, I want policies enforced in real-time so I can ensure agents operate within governance boundaries.
Acceptance Criteria
- Cedarling evaluates each action
- Logs decisions (permit/deny/error)
- Supports cached enforcement when offline
As a Governance Officer, I want to view recent policy decisions so I can understand the effects of my governance rules.
Acceptance Criteria
- Stream or table of recent decisions
- Filter by agent, action, resource
- Highlight errors
As a Compliance Manager, I want to map policies to compliance controls so that I can show which rules satisfy which requirements.
Acceptance Criteria
- UI for mapping policies → OSCAL controls
- Export basic evidence (CSV/JSON)
Definition:
The percentage of agent actions that receive a valid permit or deny decision without an error.
Why it matters:
- Direct indicator of governance health
- Reveals policy defects, agent misconfigurations, or distribution issues
- Simple and powerful for both technical and executive audiences
-
Live Decision Stream List of permit/deny/error events in chronological order
-
Error Heatmap Highlights agents generating decision errors
-
Top Policies Triggered Shows which policies govern the most activity
-
Agent Filter View decisions filtered by individual AI agent
-
Status Indicators
- Policy Store Version: current vs. latest
- Enforcement Status: healthy / degraded
Included in MVP
- Policy authoring + validation
- GitHub-based policy distribution
- Protobuf Schema Registry
- Cedarling real-time enforcement
- Minimal compliance mapping
- One KPI and one dashboard