{ "version": "2026.03.20", "schema_version": "2.3", "file": "00_core_sdk_and_governance.json", "description": "Cross-cutting agentic AI OTel SDK enumeration library and GRC governance vocabulary. This file is the required foundation — all industry vertical files extend it. Contains the gen_ai.* namespace attributes, agent governance and safety enums, cross-cutting data governance, OTel metrics catalog, and OPA Rego policy patterns.", "how_to_use": { "for_developers": "Use the otel_attribute key as the OpenTelemetry span attribute name in your SDK instrumentation. Example: span.setAttribute('gen_ai.agent.autonomy_level', 'supervised_autonomous'). All attributes in this file apply regardless of industry vertical.", "for_compliance_officers": "Reference enum_name and permitted_values when authoring OPA Rego policy rules. The opa_policy_path field provides the recommended Rego data path. Each category's regulatory_mappings links to the specific regulatory article or clause the enum supports.", "file_loading_order": "Load 00_core_sdk_and_governance.json first, then the relevant industry vertical file(s). The agent_registry_schema, audit_log_schema, hitl_task_schema, and policy_rule_schema in this file are the shared contracts consumed by the GRC portal regardless of vertical.", "rego_input_key_convention": "OTel span attributes arrive in OPA policy input as flat keys with all dots replaced by underscores. For example, otel_attribute 'banking.payment.agent_action' becomes 'input.banking_payment_agent_action' in Rego rules. Each enum category has a pre-computed 'rego_input_key' field with this value. The 'opa_policy_path' (data.* prefix) is the OPA data-store path for catalog reference lookups of permitted_values and regulatory metadata — it is NOT the input attribute path.", "stability_key": { "stable": "Directly maps to a published, finalized standard. Value strings match the standard exactly or are its defined semantic labels.", "experimental": "Aligns to a proposed or draft standard actively in progress (e.g. OTel GenAI SIG open PRs).", "proposed": "Derived from authoritative guidance or industry patterns but not yet formally standardized. Treat as community convention pending standardization." } }, "core_agentic_sdk_library": { "namespace": "gen_ai", "description": "Cross-framework telemetry for cognitive state, task lifecycle, persistent memory governance, agent identity, safety controls, and multi-agent orchestration. Aligned to OpenTelemetry GenAI Semantic Conventions v1.37+.", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-agent-spans/", "categories": [ { "enum_name": "OperationName", "label": "Agent Operation Name", "otel_attribute": "gen_ai.operation.name", "opa_policy_path": "data.gen_ai.operation_name", "rego_input_key": "gen_ai_operation_name", "stability": "stable", "description": "Defines the OpenTelemetry GenAI operation name recorded on a span so telemetry, dashboards, and policy rules can distinguish chat, retrieval, tool execution, and related agent actions. Terminology aligns to the OpenTelemetry GenAI semantic conventions.", "permitted_values": [ "chat", "create_agent", "embeddings", "execute_tool", "generate_content", "invoke_agent", "retrieval", "text_completion", "fine_tune", "evaluate", "rerank" ], "value_labels": { "chat": "Chat", "create_agent": "Create Agent", "embeddings": "Embeddings", "execute_tool": "Execute Tool", "generate_content": "Generate Content", "invoke_agent": "Invoke Agent", "retrieval": "Retrieval", "text_completion": "Text Completion", "fine_tune": "Fine Tune", "evaluate": "Evaluate", "rerank": "Rerank" }, "source": "OpenTelemetry GenAI Semantic Conventions", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-spans/" }, { "enum_name": "TaskLifecycleState", "label": "Task Lifecycle State", "otel_attribute": "gen_ai.task.state", "opa_policy_path": "data.gen_ai.task_lifecycle_state", "rego_input_key": "gen_ai_task_state", "stability": "experimental", "description": "Defines the allowed values for Task Lifecycle State in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry Task Semantic Conventions.", "permitted_values": [ "created", "submitted", "planned", "started", "in_progress", "paused", "suspended", "awaiting_hitl", "hitl_approved", "hitl_rejected", "resuming", "ended", "aborted", "rolled_back" ], "value_labels": { "created": "Created", "submitted": "Submitted", "planned": "Planned", "started": "Started", "in_progress": "In Progress", "paused": "Paused", "suspended": "Suspended", "awaiting_hitl": "Awaiting HITL", "hitl_approved": "HITL Approved", "hitl_rejected": "HITL Rejected", "resuming": "Resuming", "ended": "Ended", "aborted": "Aborted", "rolled_back": "Rolled Back" }, "source": "OpenTelemetry Task Semantic Conventions", "source_url": "https://github.com/open-telemetry/semantic-conventions/issues/2665", "notes": "awaiting_hitl, hitl_approved, hitl_rejected, and rolled_back are governance extensions for EU AI Act Article 14 and NIST AI RMF MANAGE." }, { "enum_name": "TaskOutcomeStatus", "label": "Task Outcome Status", "otel_attribute": "gen_ai.task.status", "opa_policy_path": "data.gen_ai.task_outcome_status", "rego_input_key": "gen_ai_task_status", "stability": "experimental", "description": "Defines the allowed values for Task Outcome Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI SIG.", "permitted_values": [ "success", "failure", "timeout", "cancelled", "unknown", "partial_success", "policy_denied", "guardrail_blocked", "escalated", "fallback_invoked" ], "value_labels": { "success": "Success", "failure": "Failure", "timeout": "Timeout", "cancelled": "Cancelled", "unknown": "Unknown", "partial_success": "Partial Success", "policy_denied": "Policy Denied", "guardrail_blocked": "Guardrail Blocked", "escalated": "Escalated", "fallback_invoked": "Fallback Invoked" }, "source": "OpenTelemetry GenAI SIG", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/" }, { "enum_name": "TaskIntentKind", "label": "Task Intent Kind", "otel_attribute": "gen_ai.task.kind", "opa_policy_path": "data.gen_ai.task_intent_kind", "rego_input_key": "gen_ai_task_kind", "stability": "experimental", "description": "Defines the allowed values for Task Intent Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry Task Attributes Proposal.", "permitted_values": [ "planning", "retrieval", "reasoning", "execution", "evaluation", "delegation", "synthesis", "coordination", "clarification", "update_memory", "monitoring", "self_reflection", "tool_selection", "sub_agent_spawn", "report_generation", "other" ], "value_labels": { "planning": "Planning", "retrieval": "Retrieval", "reasoning": "Reasoning", "execution": "Execution", "evaluation": "Evaluation", "delegation": "Delegation", "synthesis": "Synthesis", "coordination": "Coordination", "clarification": "Clarification", "update_memory": "Update Memory", "monitoring": "Monitoring", "self_reflection": "Self Reflection", "tool_selection": "Tool Selection", "sub_agent_spawn": "Sub Agent Spawn", "report_generation": "Report Generation", "other": "Other" }, "source": "OpenTelemetry Task Attributes Proposal", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-agent-spans/" }, { "enum_name": "AgentAutonomyLevel", "label": "Agent Autonomy Level", "otel_attribute": "gen_ai.agent.autonomy_level", "opa_policy_path": "data.gen_ai.agent_autonomy_level", "rego_input_key": "gen_ai_agent_autonomy_level", "stability": "proposed", "description": "Defines the allowed values for Agent Autonomy Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI RMF autonomy spectrum; EU AI Act Article 14.", "permitted_values": [ "fully_manual", "assisted", "semi_autonomous", "supervised_autonomous", "fully_autonomous" ], "value_labels": { "fully_manual": "Fully Manual", "assisted": "Assisted", "semi_autonomous": "Semi Autonomous", "supervised_autonomous": "Supervised Autonomous", "fully_autonomous": "Fully Autonomous" }, "ordered": true, "value_ordinals": { "fully_manual": 1, "assisted": 2, "semi_autonomous": 3, "supervised_autonomous": 4, "fully_autonomous": 5 }, "regulatory_mappings": { "eu_ai_act": "Article 14 — Human oversight measures", "nist_ai_rmf": "GOVERN 1.3, MANAGE 2.2", "iso_42001": "Clause 8.4 — AI system operation" }, "use_case": "Drive OPA rules requiring HITL approval for supervised_autonomous and fully_autonomous agents on tier_3 or tier_4 risk tasks.", "source": "NIST AI RMF autonomy spectrum; EU AI Act Article 14", "source_url": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/" }, { "enum_name": "AgentRoleKind", "label": "Agent Role Kind", "otel_attribute": "gen_ai.agent.role", "opa_policy_path": "data.gen_ai.agent_role_kind", "rego_input_key": "gen_ai_agent_role", "stability": "proposed", "description": "Defines the allowed values for Agent Role Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to CrewAI, AutoGen, LangGraph agent role patterns; CSA MAESTRO framework.", "permitted_values": [ "orchestrator", "subagent", "tool_agent", "retrieval_agent", "validator_agent", "monitor_agent", "human_proxy", "critic_agent", "memory_manager", "planner" ], "value_labels": { "orchestrator": "Orchestrator", "subagent": "Subagent", "tool_agent": "Tool Agent", "retrieval_agent": "Retrieval Agent", "validator_agent": "Validator Agent", "monitor_agent": "Monitor Agent", "human_proxy": "Human Proxy", "critic_agent": "Critic Agent", "memory_manager": "Memory Manager", "planner": "Planner" }, "use_case": "Multi-agent topology mapping; scope least-privilege tool grants per role; inter-agent trust policy scoping.", "source": "CrewAI, AutoGen, LangGraph agent role patterns; CSA MAESTRO framework", "source_url": "https://cloudsecurityalliance.org/blog/2025/04/30/threat-modeling-googles-a2a-protocol-maestro-framework" }, { "enum_name": "AgentMemoryOperation", "label": "Agent Memory Operation", "otel_attribute": "gen_ai.memory.operation", "opa_policy_path": "data.gen_ai.agent_memory_operation", "rego_input_key": "gen_ai_memory_operation", "stability": "proposed", "description": "Defines the allowed values for Agent Memory Operation in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Richmond Alake / Agentic Memory Framework; GDPR Article 17.", "permitted_values": [ "generation", "storage", "retrieval", "integration", "updating", "deletion", "extraction", "consolidation", "purge", "ttl_expiry", "access_log" ], "value_labels": { "generation": "Generation", "storage": "Storage", "retrieval": "Retrieval", "integration": "Integration", "updating": "Updating", "deletion": "Deletion", "extraction": "Extraction", "consolidation": "Consolidation", "purge": "Purge", "ttl_expiry": "Ttl Expiry", "access_log": "Access Log" }, "regulatory_mappings": { "gdpr": "Article 17 — Right to erasure", "ccpa": "Section 1798.105 — Right to delete", "eu_ai_act": "Article 12 — Record-keeping obligations", "nist_ai_rmf": "MANAGE 2.4" }, "source": "Richmond Alake / Agentic Memory Framework; GDPR Article 17", "source_url": "https://www.ibm.com/think/topics/ai-agent-memory" }, { "enum_name": "MemoryType", "label": "Memory Type", "otel_attribute": "gen_ai.memory.type", "opa_policy_path": "data.gen_ai.memory_type", "rego_input_key": "gen_ai_memory_type", "stability": "proposed", "description": "Defines the allowed values for Memory Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to IBM Agentic Memory Paradigm; OpenSearch agentic memory patterns.", "permitted_values": [ "working", "episodic", "semantic", "procedural", "long_term", "history", "external_store", "vector_index", "structured_db" ], "value_labels": { "working": "Working", "episodic": "Episodic", "semantic": "Semantic", "procedural": "Procedural", "long_term": "Long Term", "history": "History", "external_store": "External Store", "vector_index": "Vector Index", "structured_db": "Structured Db" }, "source": "IBM Agentic Memory Paradigm; OpenSearch agentic memory patterns", "source_url": "https://www.ibm.com/think/topics/ai-agent-memory" }, { "enum_name": "ToolType", "label": "Tool Type", "otel_attribute": "gen_ai.tool.type", "opa_policy_path": "data.gen_ai.tool_type", "rego_input_key": "gen_ai_tool_type", "stability": "experimental", "description": "Defines the allowed values for Tool Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI Spans spec; Anthropic MCP specification.", "permitted_values": [ "function", "extension", "data_store", "code_interpreter", "web_search", "file_system", "database", "api_connector", "computer_use", "email", "calendar", "payment", "identity_verification", "mcp_server" ], "value_labels": { "function": "Function", "extension": "Extension", "data_store": "Data Store", "code_interpreter": "Code Interpreter", "web_search": "Web Search", "file_system": "File System", "database": "Database", "api_connector": "Api Connector", "computer_use": "Computer Use", "email": "Email", "calendar": "Calendar", "payment": "Payment", "identity_verification": "Identity Verification", "mcp_server": "Mcp Server" }, "regulatory_mappings": { "eu_ai_act": "Article 13 — Transparency obligations", "nist_ai_rmf": "MAP 1.6 — AI system purpose" }, "use_case": "Require HITL for payment, computer_use, and identity_verification when risk_tier >= tier_3.", "source": "OpenTelemetry GenAI Spans spec; Anthropic MCP specification", "source_url": "https://github.com/open-telemetry/semantic-conventions/blob/main/docs/gen-ai/gen-ai-spans.md" }, { "enum_name": "ToolCallOutcome", "label": "Tool Call Outcome", "otel_attribute": "gen_ai.tool.call.outcome", "opa_policy_path": "data.gen_ai.tool_call_outcome", "rego_input_key": "gen_ai_tool_call_outcome", "stability": "proposed", "description": "Defines the allowed values for Tool Call Outcome in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI SIG; OPA agentic guardrail patterns.", "permitted_values": [ "success", "failure", "timeout", "rate_limited", "permission_denied", "guardrail_blocked", "not_found", "invalid_input", "partial_result" ], "value_labels": { "success": "Success", "failure": "Failure", "timeout": "Timeout", "rate_limited": "Rate Limited", "permission_denied": "Permission Denied", "guardrail_blocked": "Guardrail Blocked", "not_found": "Not Found", "invalid_input": "Invalid Input", "partial_result": "Partial Result" }, "source": "OpenTelemetry GenAI SIG; OPA agentic guardrail patterns" }, { "enum_name": "ModelOutputType", "label": "Model Output Type", "otel_attribute": "gen_ai.output.type", "opa_policy_path": "data.gen_ai.model_output_type", "rego_input_key": "gen_ai_output_type", "stability": "experimental", "description": "Defines the allowed values for Model Output Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI Semantic Conventions.", "permitted_values": [ "text", "image", "audio", "video", "embedding", "classification", "structured_json", "code", "tool_call", "multi_modal" ], "value_labels": { "text": "Text", "image": "Image", "audio": "Audio", "video": "Video", "embedding": "Embedding", "classification": "Classification", "structured_json": "Structured Json", "code": "Code", "tool_call": "Tool Call", "multi_modal": "Multi Modal" }, "source": "OpenTelemetry GenAI Semantic Conventions", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-events/" }, { "enum_name": "ReasoningEffortLevel", "label": "Reasoning Effort Level", "otel_attribute": "gen_ai.request.reasoning_effort", "opa_policy_path": "data.gen_ai.reasoning_effort", "rego_input_key": "gen_ai_request_reasoning_effort", "stability": "experimental", "description": "Defines the allowed values for Reasoning Effort Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenLLMetry / OpenTelemetry GenAI SIG.", "permitted_values": [ "minimal", "low", "medium", "high", "extended" ], "value_labels": { "minimal": "Minimal", "low": "Low", "medium": "Medium", "high": "High", "extended": "Extended" }, "ordered": true, "value_ordinals": { "minimal": 1, "low": 2, "medium": 3, "high": 4, "extended": 5 }, "source": "OpenLLMetry / OpenTelemetry GenAI SIG", "source_url": "https://www.traceloop.com/docs/openllmetry/contributing/semantic-conventions", "notes": "Maps to model reasoning_effort request parameter. Use in cost governance and latency budget OPA policies." }, { "enum_name": "EvaluationMetricKind", "label": "Evaluation Metric Kind", "otel_attribute": "gen_ai.evaluation.metric", "opa_policy_path": "data.gen_ai.evaluation_metric", "rego_input_key": "gen_ai_evaluation_metric", "stability": "experimental", "description": "Defines the allowed values for Evaluation Metric Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI Events spec; NIST AI RMF MEASURE function.", "permitted_values": [ "relevance", "groundedness", "faithfulness", "coherence", "fluency", "toxicity", "bias", "hallucination_rate", "task_completion", "latency_p99", "cost_per_token", "human_preference" ], "value_labels": { "relevance": "Relevance", "groundedness": "Groundedness", "faithfulness": "Faithfulness", "coherence": "Coherence", "fluency": "Fluency", "toxicity": "Toxicity", "bias": "Bias", "hallucination_rate": "Hallucination Rate", "task_completion": "Task Completion", "latency_p99": "Latency P99", "cost_per_token": "Cost Per Token", "human_preference": "Human Preference" }, "regulatory_mappings": { "nist_ai_rmf": "MEASURE 2.1, MEASURE 2.5", "eu_ai_act": "Article 9 — Risk management system", "iso_42001": "Clause 9.1 — Performance evaluation" }, "source": "OpenTelemetry GenAI Events spec; NIST AI RMF MEASURE function", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-events/" }, { "enum_name": "OutputConfidenceTier", "label": "Output Confidence Tier", "otel_attribute": "gen_ai.output.confidence_tier", "opa_policy_path": "data.gen_ai.output_confidence_tier", "rego_input_key": "gen_ai_output_confidence_tier", "stability": "proposed", "description": "Defines the allowed values for Output Confidence Tier in the core governance catalog so OpenTelemetry spans, portal triage views, and OPA policy inputs can distinguish low-confidence outputs from high-confidence outputs in a standardized way.", "permitted_values": [ "very_low", "low", "medium", "high", "very_high" ], "value_labels": { "very_low": "Very Low", "low": "Low", "medium": "Medium", "high": "High", "very_high": "Very High" }, "ordered": true, "value_ordinals": { "very_low": 1, "low": 2, "medium": 3, "high": 4, "very_high": 5 }, "regulatory_mappings": { "nist_ai_600_1": "MEASURE 2, MANAGE 2 - uncertainty and output quality management", "eu_ai_act": "Article 13 - transparency and provision of information", "iso_42001": "Clause 9.1 - performance evaluation" }, "use_case": "Require HITL review when confidence_tier is very_low or low on high-value, high-impact, or irreversible actions.", "source": "NIST AI 600-1 Generative AI Profile; EU AI Act Article 13", "source_url": "https://doi.org/10.6028/NIST.AI.600-1" }, { "enum_name": "OutputGroundingStatus", "label": "Output Grounding Status", "otel_attribute": "gen_ai.output.grounding_status", "opa_policy_path": "data.gen_ai.output_grounding_status", "rego_input_key": "gen_ai_output_grounding_status", "stability": "proposed", "description": "Defines whether a model output is demonstrably grounded in retrieved or otherwise validated source material so policy controls can distinguish grounded responses from hallucination-prone responses.", "permitted_values": [ "grounded", "partially_grounded", "ungrounded", "not_assessed" ], "value_labels": { "grounded": "Grounded", "partially_grounded": "Partially Grounded", "ungrounded": "Ungrounded", "not_assessed": "Not Assessed" }, "regulatory_mappings": { "nist_ai_600_1": "MAP 2, MEASURE 2 - content provenance and factual reliability", "eu_ai_act": "Article 13 - transparency and information to deployers" }, "use_case": "Block or downgrade advisory outputs for regulated domains when grounding_status is ungrounded or not_assessed.", "source": "NIST AI 600-1 Generative AI Profile", "source_url": "https://doi.org/10.6028/NIST.AI.600-1" }, { "enum_name": "InputDataQualityTier", "label": "Input Data Quality Tier", "otel_attribute": "gen_ai.input.data_quality_tier", "opa_policy_path": "data.gen_ai.input_data_quality_tier", "rego_input_key": "gen_ai_input_data_quality_tier", "stability": "proposed", "description": "Defines the governance quality tier of data presented to an agent so policies can distinguish verified or validated inputs from stale, unverified, or incomplete inputs.", "permitted_values": [ "verified", "validated", "unverified", "stale", "incomplete" ], "value_labels": { "verified": "Verified", "validated": "Validated", "unverified": "Unverified", "stale": "Stale", "incomplete": "Incomplete" }, "regulatory_mappings": { "nist_ai_rmf": "MEASURE 2.1, MANAGE 2.3", "eu_ai_act": "Article 10 - data governance" }, "use_case": "Require stronger oversight or prohibit autonomous execution when high-risk decisions rely on unverified, stale, or incomplete inputs.", "source": "NIST AI RMF; EU AI Act Article 10", "source_url": "https://www.nist.gov/itl/ai-risk-management-framework" }, { "enum_name": "InputDataFreshnessTier", "label": "Input Data Freshness Tier", "otel_attribute": "gen_ai.input.data_freshness", "opa_policy_path": "data.gen_ai.input_data_freshness_tier", "rego_input_key": "gen_ai_input_data_freshness", "stability": "proposed", "description": "Defines the recency tier of the data an agent relied upon so time-sensitive workflows can distinguish real-time context from prior-day or stale context.", "permitted_values": [ "real_time", "near_real_time", "same_day", "prior_day", "stale" ], "value_labels": { "real_time": "Real Time", "near_real_time": "Near Real Time", "same_day": "Same Day", "prior_day": "Prior Day", "stale": "Stale" }, "ordered": true, "value_ordinals": { "real_time": 1, "near_real_time": 2, "same_day": 3, "prior_day": 4, "stale": 5 }, "use_case": "Apply tighter policy constraints to fraud, pricing, or healthcare workflows when decisioning used prior_day or stale inputs.", "source": "Derived from real-time decisioning governance patterns; CMS interoperability operational timing requirements" }, { "enum_name": "ReasoningChainLengthTier", "label": "Reasoning Chain Length Tier", "otel_attribute": "gen_ai.reasoning.chain_length_tier", "opa_policy_path": "data.gen_ai.reasoning_chain_length_tier", "rego_input_key": "gen_ai_reasoning_chain_length_tier", "stability": "proposed", "description": "Defines the approximate depth of the reasoning chain used by an agent so governance controls can identify unusually deep or complex chains that warrant more scrutiny.", "permitted_values": [ "single_step", "short", "medium", "long", "very_long" ], "value_labels": { "single_step": "Single Step", "short": "Short", "medium": "Medium", "long": "Long", "very_long": "Very Long" }, "ordered": true, "value_ordinals": { "single_step": 1, "short": 2, "medium": 3, "long": 4, "very_long": 5 }, "use_case": "Escalate long and very_long reasoning chains for high-stakes actions because complexity raises traceability and hallucination risk.", "source": "NIST AI 600-1 Generative AI Profile", "source_url": "https://doi.org/10.6028/NIST.AI.600-1" }, { "enum_name": "ChannelOriginationType", "label": "Channel Origination Type", "otel_attribute": "gen_ai.channel.origination_type", "opa_policy_path": "data.gen_ai.channel_origination_type", "rego_input_key": "gen_ai_channel_origination_type", "stability": "proposed", "description": "Defines the inbound or initiating channel for an agentic interaction so policy, fraud, and portal analytics can distinguish user-initiated web or mobile sessions from API, batch, branch, or agent-to-agent flows.", "permitted_values": [ "web", "mobile_app", "voice", "api", "batch", "in_branch", "agent_to_agent", "embedded", "iot" ], "value_labels": { "web": "Web", "mobile_app": "Mobile App", "voice": "Voice", "api": "API", "batch": "Batch", "in_branch": "In Branch", "agent_to_agent": "Agent to Agent", "embedded": "Embedded", "iot": "IoT" }, "use_case": "Route channel-specific controls such as stronger authentication, additional disclosures, or elevated fraud review for voice, API, and agent_to_agent interactions.", "source": "Derived from enterprise omnichannel governance patterns; CFPB Part 1033 open banking access models; CMS API interoperability workflows", "source_url": "https://www.consumerfinance.gov/rules-policy/final-rules/required-rulemaking-on-personal-financial-data-rights/" }, { "enum_name": "InteractionSessionType", "label": "Interaction Session Type", "otel_attribute": "gen_ai.interaction.session_type", "opa_policy_path": "data.gen_ai.interaction_session_type", "rego_input_key": "gen_ai_interaction_session_type", "stability": "proposed", "description": "Defines the execution session style for an interaction so portal dashboards and policies can distinguish synchronous user sessions from background, long-running, or scheduled workloads.", "permitted_values": [ "synchronous", "asynchronous", "long_running", "background", "scheduled" ], "value_labels": { "synchronous": "Synchronous", "asynchronous": "Asynchronous", "long_running": "Long Running", "background": "Background", "scheduled": "Scheduled" }, "use_case": "Apply different SLA, retry, and human oversight policies to long_running and background tasks than to synchronous end-user sessions.", "source": "Derived from distributed workflow governance patterns; OTel task lifecycle semantics" }, { "enum_name": "UserAuthenticationMethod", "label": "User Authentication Method", "otel_attribute": "gen_ai.user.authentication_method", "opa_policy_path": "data.gen_ai.user_authentication_method", "rego_input_key": "gen_ai_user_authentication_method", "stability": "proposed", "description": "Defines the principal authentication method in force for the action so policies can distinguish low-assurance sessions from strong-authentication sessions.", "permitted_values": [ "none", "password", "mfa", "biometric", "sso", "certificate", "api_key", "token" ], "value_labels": { "none": "None", "password": "Password", "mfa": "MFA", "biometric": "Biometric", "sso": "SSO", "certificate": "Certificate", "api_key": "API Key", "token": "Token" }, "use_case": "Require MFA, certificate, or equivalent stronger controls before allowing high-value or irreversible execution actions.", "source": "NIST Digital Identity Guidelines; enterprise access-control governance patterns" }, { "enum_name": "TransactionValueTier", "label": "Transaction Value Tier", "otel_attribute": "gen_ai.transaction.value_tier", "opa_policy_path": "data.gen_ai.transaction_value_tier", "rego_input_key": "gen_ai_transaction_value_tier", "stability": "proposed", "description": "Defines a cross-vertical semantic value-at-risk tier so platform policies can evaluate high-value actions consistently even when a vertical-specific amount tier is not available.", "permitted_values": [ "negligible", "low", "medium", "high", "very_high", "critical" ], "value_labels": { "negligible": "Negligible", "low": "Low", "medium": "Medium", "high": "High", "very_high": "Very High", "critical": "Critical" }, "ordered": true, "value_ordinals": { "negligible": 1, "low": 2, "medium": 3, "high": 4, "very_high": 5, "critical": 6 }, "use_case": "Implement universal guardrails that require approval or blocking for high, very_high, and critical actions across industries.", "source": "Derived from enterprise value-at-risk and approval-matrix governance patterns" }, { "enum_name": "DecisionCustomerImpactScope", "label": "Decision Customer Impact Scope", "otel_attribute": "gen_ai.decision.customer_impact_scope", "opa_policy_path": "data.gen_ai.decision_customer_impact_scope", "rego_input_key": "gen_ai_decision_customer_impact_scope", "stability": "proposed", "description": "Defines the breadth of customer impact for a decision or action so policies can distinguish single-customer decisions from group-wide or systemic actions.", "permitted_values": [ "single_customer", "household", "small_group", "large_group", "system_wide" ], "value_labels": { "single_customer": "Single Customer", "household": "Household", "small_group": "Small Group", "large_group": "Large Group", "system_wide": "System Wide" }, "regulatory_mappings": { "nist_ai_rmf": "MAP 5.1 - magnitude of impact" }, "use_case": "Escalate system_wide or large_group actions because blast radius is materially higher than single-customer actions.", "source": "NIST AI RMF impact mapping concepts", "source_url": "https://www.nist.gov/itl/ai-risk-management-framework" }, { "enum_name": "RegulatoryPrimaryRegime", "label": "Regulatory Primary Regime", "otel_attribute": "gen_ai.regulatory.primary_regime", "opa_policy_path": "data.gen_ai.regulatory_primary_regime", "rego_input_key": "gen_ai_regulatory_primary_regime", "stability": "proposed", "description": "Defines the primary regulatory regime governing the action so policies and portal dashboards can dispatch obligations, evidence, and exception handling by regime.", "permitted_values": [ "gdpr", "ccpa_cpra", "hipaa", "eu_ai_act", "dora", "sox", "bsa_aml", "pci_dss", "fcra", "ecoa", "hmda", "sec_reg", "finra", "mifid2", "psd2", "basel3", "cra", "fair_housing", "tcpa", "state_specific", "none" ], "value_labels": { "gdpr": "GDPR", "ccpa_cpra": "CCPA CPRA", "hipaa": "HIPAA", "eu_ai_act": "EU AI Act", "dora": "DORA", "sox": "SOX", "bsa_aml": "BSA AML", "pci_dss": "PCI DSS", "fcra": "FCRA", "ecoa": "ECOA", "hmda": "HMDA", "sec_reg": "SEC Regulation", "finra": "FINRA", "mifid2": "MiFID II", "psd2": "PSD2", "basel3": "Basel III", "cra": "CRA", "fair_housing": "Fair Housing", "tcpa": "TCPA", "state_specific": "State Specific", "none": "None" }, "use_case": "Drive regime-specific policy bundles, exception dashboards, and evidence requirements from a first-class telemetry attribute.", "source": "Derived from cross-regulatory policy dispatch patterns; CFPB Part 1033; CMS-0057-F; EU AI Act; DORA" }, { "enum_name": "RegulatoryJurisdictionScope", "label": "Regulatory Jurisdiction Scope", "otel_attribute": "gen_ai.regulatory.jurisdiction_scope", "opa_policy_path": "data.gen_ai.regulatory_jurisdiction_scope", "rego_input_key": "gen_ai_regulatory_jurisdiction_scope", "stability": "proposed", "description": "Defines the geographic or cross-border jurisdictional perimeter that governs the action so regional compliance, data transfer, and reporting obligations can be evaluated consistently.", "permitted_values": [ "domestic_us", "eu_eea", "uk", "apac", "latam", "cross_border", "global" ], "value_labels": { "domestic_us": "Domestic US", "eu_eea": "EU EEA", "uk": "UK", "apac": "APAC", "latam": "LATAM", "cross_border": "Cross Border", "global": "Global" }, "use_case": "Route actions into jurisdiction-specific reporting, data residency, and regulatory evidence workflows.", "source": "Derived from GDPR, DORA, and cross-border compliance operating models" }, { "enum_name": "CustomerSegment", "label": "Customer Segment", "otel_attribute": "gen_ai.customer.segment", "opa_policy_path": "data.gen_ai.customer_segment", "rego_input_key": "gen_ai_customer_segment", "stability": "proposed", "description": "Defines the business or customer segment in scope for the action so consumer-protection, commercial, enterprise, and public-sector obligations can be distinguished at evaluation time.", "permitted_values": [ "consumer", "micro_business", "small_business", "mid_market", "commercial", "enterprise", "government", "non_profit", "financial_institution" ], "value_labels": { "consumer": "Consumer", "micro_business": "Micro Business", "small_business": "Small Business", "mid_market": "Mid Market", "commercial": "Commercial", "enterprise": "Enterprise", "government": "Government", "non_profit": "Non Profit", "financial_institution": "Financial Institution" }, "use_case": "Apply distinct policy bundles to consumer and small-business activities compared with commercial, enterprise, or government activities.", "source": "Derived from financial-services and enterprise go-to-market segmentation patterns" }, { "enum_name": "CustomerRelationshipTier", "label": "Customer Relationship Tier", "otel_attribute": "gen_ai.customer.relationship_tier", "opa_policy_path": "data.gen_ai.customer_relationship_tier", "rego_input_key": "gen_ai_customer_relationship_tier", "stability": "proposed", "description": "Defines the maturity or importance of the customer relationship so retention, exception handling, and service escalation policies can be contextualized.", "permitted_values": [ "prospect", "new", "established", "premium", "high_net_worth", "institutional", "churning" ], "value_labels": { "prospect": "Prospect", "new": "New", "established": "Established", "premium": "Premium", "high_net_worth": "High Net Worth", "institutional": "Institutional", "churning": "Churning" }, "use_case": "Give portal users and policies a consistent way to compare high-risk adverse actions across prospects, new customers, and strategic relationships.", "source": "Derived from customer-lifecycle governance and retention operations patterns" }, { "enum_name": "CounterpartyType", "label": "Counterparty Type", "otel_attribute": "gen_ai.counterparty.type", "opa_policy_path": "data.gen_ai.counterparty_type", "rego_input_key": "gen_ai_counterparty_type", "stability": "proposed", "description": "Defines the legal or screening-relevant type of the counterparty so KYC, KYB, sanctions, AML, and due-diligence policies can differentiate entity obligations.", "permitted_values": [ "individual", "sole_proprietor", "llc", "corporation", "partnership", "trust", "government_entity", "financial_institution", "foreign_entity", "pep_linked" ], "value_labels": { "individual": "Individual", "sole_proprietor": "Sole Proprietor", "llc": "LLC", "corporation": "Corporation", "partnership": "Partnership", "trust": "Trust", "government_entity": "Government Entity", "financial_institution": "Financial Institution", "foreign_entity": "Foreign Entity", "pep_linked": "PEP Linked" }, "use_case": "Require enhanced diligence and slower execution paths for foreign_entity and pep_linked counterparties.", "source": "Derived from KYC, KYB, and FATF-aligned counterparty classification patterns" }, { "enum_name": "ProcessingPriorityTier", "label": "Processing Priority Tier", "otel_attribute": "gen_ai.processing.priority_tier", "opa_policy_path": "data.gen_ai.processing_priority_tier", "rego_input_key": "gen_ai_processing_priority_tier", "stability": "proposed", "description": "Defines the operational priority tier for the action so scheduling, human review, and SLA policies can distinguish batch work from critical real-time work.", "permitted_values": [ "batch", "standard", "elevated", "high_priority", "real_time", "critical" ], "value_labels": { "batch": "Batch", "standard": "Standard", "elevated": "Elevated", "high_priority": "High Priority", "real_time": "Real Time", "critical": "Critical" }, "use_case": "Sort portal queues, assign review SLAs, and restrict validation shortcuts on critical and real_time workflows.", "source": "Derived from workflow orchestration and enterprise SLA governance patterns" }, { "enum_name": "SLABreachStatus", "label": "SLA Breach Status", "otel_attribute": "gen_ai.sla.breach_status", "opa_policy_path": "data.gen_ai.sla_breach_status", "rego_input_key": "gen_ai_sla_breach_status", "stability": "proposed", "description": "Defines whether the action remains within required timing obligations so operational and regulatory breach workflows can be triggered consistently.", "permitted_values": [ "within_sla", "warning", "breached", "critical_breach" ], "value_labels": { "within_sla": "Within SLA", "warning": "Warning", "breached": "Breached", "critical_breach": "Critical Breach" }, "ordered": true, "value_ordinals": { "within_sla": 1, "warning": 2, "breached": 3, "critical_breach": 4 }, "use_case": "Trigger escalation when rule-driven deadlines such as prior authorization response windows or regulatory response clocks are near breach or breached.", "source": "CMS-0057-F operational timing requirements; enterprise SLA governance", "source_url": "https://www.cms.gov/newsroom/fact-sheets/cms-interoperability-prior-authorization-final-rule-cms-0057-f" }, { "enum_name": "ComputeCostTier", "label": "Compute Cost Tier", "otel_attribute": "gen_ai.cost.compute_tier", "opa_policy_path": "data.gen_ai.compute_cost_tier", "rego_input_key": "gen_ai_cost_compute_tier", "stability": "proposed", "description": "Defines a semantic compute-cost tier for a single interaction or action so FinOps policies can govern expensive activity without relying on raw currency amounts in the span.", "permitted_values": [ "micro_cent", "low", "moderate", "high", "prohibitive" ], "value_labels": { "micro_cent": "Micro Cent", "low": "Low", "moderate": "Moderate", "high": "High", "prohibitive": "Prohibitive" }, "ordered": true, "value_ordinals": { "micro_cent": 1, "low": 2, "moderate": 3, "high": 4, "prohibitive": 5 }, "use_case": "Cut off prohibitively expensive low-value interactions and highlight model right-sizing opportunities in the portal.", "source": "Cloud FinOps Foundation cost allocation patterns; enterprise AI cost governance" }, { "enum_name": "ModelCapabilityTier", "label": "Model Capability Tier", "otel_attribute": "gen_ai.resource.model_capability_tier", "opa_policy_path": "data.gen_ai.model_capability_tier", "rego_input_key": "gen_ai_resource_model_capability_tier", "stability": "proposed", "description": "Defines the relative capability class of the intelligence stack invoked so governance controls can compare simple edge models against heavyweight reasoning or multi-agent systems.", "permitted_values": [ "edge_slm", "standard_llm", "reasoning_heavy", "multi_agent_swarm" ], "value_labels": { "edge_slm": "Edge SLM", "standard_llm": "Standard LLM", "reasoning_heavy": "Reasoning Heavy", "multi_agent_swarm": "Multi Agent Swarm" }, "ordered": true, "value_ordinals": { "edge_slm": 1, "standard_llm": 2, "reasoning_heavy": 3, "multi_agent_swarm": 4 }, "use_case": "Prevent overpowered model classes from being used on low-value workflows where a smaller or cheaper model is sufficient.", "source": "Derived from enterprise AI architecture and FinOps right-sizing patterns" }, { "enum_name": "AdversarialSuspicionLevel", "label": "Adversarial Suspicion Level", "otel_attribute": "gen_ai.security.adversarial_suspicion", "opa_policy_path": "data.gen_ai.adversarial_suspicion_level", "rego_input_key": "gen_ai_security_adversarial_suspicion", "stability": "proposed", "description": "Defines the observed adversarial suspicion state for the interaction so platform controls can react to prompt injection, jailbreak, or data poisoning indicators.", "permitted_values": [ "clean", "low_suspicion", "prompt_injection_detected", "jailbreak_attempt", "data_poisoning_suspected" ], "value_labels": { "clean": "Clean", "low_suspicion": "Low Suspicion", "prompt_injection_detected": "Prompt Injection Detected", "jailbreak_attempt": "Jailbreak Attempt", "data_poisoning_suspected": "Data Poisoning Suspected" }, "ordered": true, "value_ordinals": { "clean": 1, "low_suspicion": 2, "prompt_injection_detected": 3, "jailbreak_attempt": 4, "data_poisoning_suspected": 5 }, "regulatory_mappings": { "mitre_atlas": "Adversarial tactics and techniques against AI-enabled systems", "nist_ai_600_1": "MANAGE 1 - security and misuse monitoring" }, "use_case": "Immediately suspend autonomous execution and create SOC-facing events when suspicion rises to prompt_injection_detected, jailbreak_attempt, or data_poisoning_suspected.", "source": "MITRE ATLAS; NIST AI 600-1 Generative AI Profile", "source_url": "https://atlas.mitre.org/" }, { "enum_name": "SecurityDataPrivacyTier", "label": "Security Data Privacy Tier", "otel_attribute": "gen_ai.security.data_privacy_tier", "opa_policy_path": "data.gen_ai.security_data_privacy_tier", "rego_input_key": "gen_ai_security_data_privacy_tier", "stability": "proposed", "description": "Defines the sensitivity tier of data crossing a trust boundary during the interaction. This is distinct from the broader gen_ai.data.sensitivity catalog and is optimized for boundary-crossing, egress, and external processing controls.", "permitted_values": [ "public", "internal", "confidential", "restricted_pii", "restricted_phi", "restricted_mnpi" ], "value_labels": { "public": "Public", "internal": "Internal", "confidential": "Confidential", "restricted_pii": "Restricted PII", "restricted_phi": "Restricted PHI", "restricted_mnpi": "Restricted MNPI" }, "regulatory_mappings": { "gdpr": "Chapter V - transfers of personal data", "hipaa": "45 CFR Part 164 - use and disclosure controls", "eu_ai_act": "Article 10 - data governance" }, "use_case": "Block restricted_phi and restricted_mnpi data from crossing into unapproved hosting boundaries or residency zones.", "source": "GDPR; HIPAA; enterprise privacy boundary governance" }, { "enum_name": "HITLEscalationReason", "label": "HITL Escalation Reason", "otel_attribute": "gen_ai.hitl.escalation_reason", "opa_policy_path": "data.gen_ai.governance.hitl_escalation_reason", "rego_input_key": "gen_ai_hitl_escalation_reason", "stability": "proposed", "description": "Defines the reason an action or output was escalated to a human reviewer so portal workflows can route, summarize, and trend escalation causes consistently.", "permitted_values": [ "confidence_below_threshold", "value_limit_exceeded", "policy_violation", "ethical_ambiguity", "hallucination_suspected", "user_requested" ], "value_labels": { "confidence_below_threshold": "Confidence Below Threshold", "value_limit_exceeded": "Value Limit Exceeded", "policy_violation": "Policy Violation", "ethical_ambiguity": "Ethical Ambiguity", "hallucination_suspected": "Hallucination Suspected", "user_requested": "User Requested" }, "regulatory_mappings": { "eu_ai_act": "Article 14 - human oversight", "nist_ai_rmf": "MANAGE 2.2 - escalation and intervention" }, "use_case": "Drive reviewer routing, portal queue analytics, and escalation reason trend reporting by workflow and team.", "source": "EU AI Act Article 14; NIST AI RMF", "source_url": "https://www.nist.gov/itl/ai-risk-management-framework" }, { "enum_name": "HITLMakerCheckerStatus", "label": "HITL Maker Checker Status", "otel_attribute": "gen_ai.hitl.maker_checker_status", "opa_policy_path": "data.gen_ai.governance.hitl_maker_checker_status", "rego_input_key": "gen_ai_hitl_maker_checker_status", "stability": "proposed", "description": "Defines the maker-checker segregation pattern for an action so dual-authorization and control-separation requirements can be enforced and audited.", "permitted_values": [ "agent_maker_human_checker", "human_maker_agent_checker", "agent_autonomous", "human_autonomous" ], "value_labels": { "agent_maker_human_checker": "Agent Maker Human Checker", "human_maker_agent_checker": "Human Maker Agent Checker", "agent_autonomous": "Agent Autonomous", "human_autonomous": "Human Autonomous" }, "use_case": "Enforce maker-checker requirements for sensitive workflows and provide auditors a consistent trail of which separation-of-duties pattern was used.", "source": "Derived from maker-checker control patterns; SOX and internal control governance" }, { "enum_name": "ActorDelegationMode", "label": "Actor Delegation Mode", "otel_attribute": "gen_ai.actor.delegation_mode", "opa_policy_path": "data.gen_ai.actor_delegation_mode", "rego_input_key": "gen_ai_actor_delegation_mode", "stability": "proposed", "description": "Defines how authority reached the acting principal so systems can distinguish direct human initiation from delegated, system-initiated, or multi-agent activity.", "permitted_values": [ "direct_human", "assistant_on_behalf_of_user", "system_initiated", "supervisor_delegated", "multi_agent_delegated" ], "value_labels": { "direct_human": "Direct Human", "assistant_on_behalf_of_user": "Assistant on Behalf of User", "system_initiated": "System Initiated", "supervisor_delegated": "Supervisor Delegated", "multi_agent_delegated": "Multi Agent Delegated" }, "use_case": "Reconstruct accountability and determine whether a workflow is permissible for delegated or system-initiated execution.", "source": "Derived from delegated authority, agency, and multi-agent governance patterns" }, { "enum_name": "AuthorizationScopeTier", "label": "Authorization Scope Tier", "otel_attribute": "gen_ai.authorization.scope_tier", "opa_policy_path": "data.gen_ai.authorization_scope_tier", "rego_input_key": "gen_ai_authorization_scope_tier", "stability": "proposed", "description": "Defines the maximum authority granted to the user or agent at the moment of action so entitlements, delegation, and maker-checker controls can be enforced consistently.", "permitted_values": [ "read_only", "suggest_only", "draft_and_queue", "execute_limited", "execute_full", "break_glass" ], "value_labels": { "read_only": "Read Only", "suggest_only": "Suggest Only", "draft_and_queue": "Draft and Queue", "execute_limited": "Execute Limited", "execute_full": "Execute Full", "break_glass": "Break Glass" }, "ordered": true, "value_ordinals": { "read_only": 1, "suggest_only": 2, "draft_and_queue": 3, "execute_limited": 4, "execute_full": 5, "break_glass": 6 }, "regulatory_mappings": { "eu_ai_act": "Article 14 - human oversight and intervention", "nist_ai_rmf": "GOVERN 1.3, GOVERN 6.1" }, "use_case": "Require additional approval or deny execution when the requested action exceeds the current authorization_scope_tier.", "source": "NIST AI RMF; enterprise least-privilege and break-glass control patterns", "source_url": "https://www.nist.gov/itl/ai-risk-management-framework" }, { "enum_name": "ModelHostingBoundary", "label": "Model Hosting Boundary", "otel_attribute": "gen_ai.model.hosting_boundary", "opa_policy_path": "data.gen_ai.model_hosting_boundary", "rego_input_key": "gen_ai_model_hosting_boundary", "stability": "proposed", "description": "Defines the hosting and control boundary in which inference occurred so policies can distinguish first-party, isolated, and third-party SaaS processing arrangements.", "permitted_values": [ "first_party_single_tenant", "first_party_multi_tenant", "customer_dedicated_isolated", "third_party_saas_no_training", "third_party_saas_training_permitted", "edge_local" ], "value_labels": { "first_party_single_tenant": "First Party Single Tenant", "first_party_multi_tenant": "First Party Multi Tenant", "customer_dedicated_isolated": "Customer Dedicated Isolated", "third_party_saas_no_training": "Third Party SaaS No Training", "third_party_saas_training_permitted": "Third Party SaaS Training Permitted", "edge_local": "Edge Local" }, "regulatory_mappings": { "dora": "Chapter V - ICT third-party risk management", "gdpr": "Article 28 and Chapter V - processor and transfer controls", "hipaa": "45 CFR Part 164 - business associate and safeguard requirements" }, "use_case": "Block sensitive workloads from third_party_saas_training_permitted boundaries and surface third-party boundary usage in portal analytics.", "source": "DORA; GDPR; HIPAA; third-party model risk governance" }, { "enum_name": "DataResidencyZone", "label": "Data Residency Zone", "otel_attribute": "gen_ai.data.residency_zone", "opa_policy_path": "data.gen_ai.data_residency_zone", "rego_input_key": "gen_ai_data_residency_zone", "stability": "proposed", "description": "Defines the permitted residency perimeter for the data in scope so policies can enforce localization, regional restrictions, and approved cross-border transfers.", "permitted_values": [ "customer_region_only", "us_only", "eu_eea_only", "uk_only", "approved_cross_border", "global_unrestricted" ], "value_labels": { "customer_region_only": "Customer Region Only", "us_only": "US Only", "eu_eea_only": "EU EEA Only", "uk_only": "UK Only", "approved_cross_border": "Approved Cross Border", "global_unrestricted": "Global Unrestricted" }, "regulatory_mappings": { "gdpr": "Chapter V - transfers of personal data to third countries", "dora": "ICT risk management and resilience controls" }, "use_case": "Prevent data from leaving approved regions and give privacy officers a first-class filter for residency exceptions.", "source": "GDPR Chapter V; DORA operational resilience and third-party control patterns" }, { "enum_name": "TraceLineageStatus", "label": "Trace Lineage Status", "otel_attribute": "gen_ai.trace.lineage_status", "opa_policy_path": "data.gen_ai.trace_lineage_status", "rego_input_key": "gen_ai_trace_lineage_status", "stability": "proposed", "description": "Defines whether the full decision lineage can be reconstructed across prompts, retrieved sources, tool calls, and external dependencies.", "permitted_values": [ "fully_traceable", "partially_traceable", "missing_tool_trace", "missing_source_trace", "opaque_external_dependency" ], "value_labels": { "fully_traceable": "Fully Traceable", "partially_traceable": "Partially Traceable", "missing_tool_trace": "Missing Tool Trace", "missing_source_trace": "Missing Source Trace", "opaque_external_dependency": "Opaque External Dependency" }, "regulatory_mappings": { "nist_ai_rmf": "GOVERN 1.6, GOVERN 1.7", "eu_ai_act": "Article 12 - record keeping", "iso_42001": "Clause 8.4 and Clause 9" }, "use_case": "Block or escalate high-impact actions when the supporting lineage is only partially traceable or includes opaque external dependencies.", "source": "NIST AI RMF; EU AI Act Article 12; ISO/IEC 42001", "source_url": "https://www.nist.gov/itl/ai-risk-management-framework" }, { "enum_name": "PolicyEnforcementOutcome", "label": "Policy Enforcement Outcome", "otel_attribute": "gen_ai.policy.enforcement_outcome", "opa_policy_path": "data.gen_ai.governance.policy_enforcement_outcome", "rego_input_key": "gen_ai_policy_enforcement_outcome", "stability": "proposed", "description": "Defines the normalized, user-facing governance outcome after all policies and controls were evaluated. This is intentionally distinct from gen_ai.policy.decision, which represents an individual policy engine decision rather than the final operational outcome.", "permitted_values": [ "allowed", "allowed_with_logging", "allowed_with_hitl", "blocked", "blocked_break_glass_available", "blocked_must_escalate" ], "value_labels": { "allowed": "Allowed", "allowed_with_logging": "Allowed with Logging", "allowed_with_hitl": "Allowed with HITL", "blocked": "Blocked", "blocked_break_glass_available": "Blocked Break Glass Available", "blocked_must_escalate": "Blocked Must Escalate" }, "use_case": "Power portal decision replay, exception analytics, and executive reporting on what was truly permitted, constrained, or blocked.", "source": "Derived from OPA decision normalization and GRC portal workflow outcome patterns" }, { "enum_name": "AgentWorkflowStepKind", "label": "Agent Workflow Step Kind", "otel_attribute": "gen_ai.step.kind", "opa_policy_path": "data.gen_ai.step_kind", "rego_input_key": "gen_ai_step_kind", "stability": "experimental", "description": "Classifies the functional role of a single step in an agentic session trace. Used by the DVR replay UI, TimeMachine step timeline, and OPA policies that apply per-step controls.", "permitted_values": [ "llm_call", "tool_call", "retrieval", "decision", "user_interaction", "validation", "output", "error", "agent_delegation", "human", "handoff", "memory_read", "memory_write", "planning", "reflection", "mcp_tool_call", "unknown" ], "value_labels": { "llm_call": "LLM Call", "tool_call": "Tool Call", "retrieval": "Retrieval", "decision": "Decision", "user_interaction": "User Interaction", "validation": "Validation", "output": "Output", "error": "Error", "agent_delegation": "Agent Delegation", "human": "Human", "handoff": "Handoff", "memory_read": "Memory Read", "memory_write": "Memory Write", "planning": "Planning", "reflection": "Reflection", "mcp_tool_call": "MCP Tool Call", "unknown": "Unknown" }, "use_case": "TimeMachine step timeline chip labels, DVR step-level policy analysis, and per-step anomaly classification in the customer portal.", "source": "VeriProof session schema v2 step_type enumeration" } ] }, "cross_cutting_payment_governance": { "namespace": "agentic_payments", "description": "Cross-cutting payment-governance telemetry attributes shared across AP2 mandate chains, x402 payment observation, stablecoin compliance, provider classification, instant rails, and regulatory regime tagging. Load ahead of the payment vertical so first-party SDKs, ingest, and policy layers share one canonical attribute contract.", "categories": [ { "enum_name": "AP2MandateType", "label": "AP2 Mandate Type", "otel_attribute": "agentic_payments.mandate.type", "opa_policy_path": "data.agentic_payments.mandate.type", "rego_input_key": "agentic_payments_mandate_type", "stability": "experimental", "description": "Classification of the AP2 mandate record captured in the current payment chain. Open mandates establish constraints, closed mandates record committed transactions, and receipt types confirm settlement.", "permitted_values": [ "open_payment", "open_checkout", "payment", "checkout", "payment_receipt", "checkout_receipt" ], "value_labels": { "open_payment": "Open Payment Mandate", "open_checkout": "Open Checkout Mandate", "payment": "Payment Mandate (closed)", "checkout": "Checkout Mandate (closed)", "payment_receipt": "Payment Receipt", "checkout_receipt": "Checkout Receipt" }, "source": "Google AP2 SDK v0.2 mandate type definitions", "source_url": "https://goo.gle/ap2" }, { "enum_name": "AP2MandateStatus", "label": "AP2 Mandate Status", "otel_attribute": "agentic_payments.mandate.status", "opa_policy_path": "data.agentic_payments.mandate.status", "rego_input_key": "agentic_payments_mandate_status", "stability": "experimental", "description": "Lifecycle status of an AP2 mandate as tracked by VeriProof. constraint_violated is the normalized state used by policy engines and SDK validation paths when a closed mandate falls outside the open-mandate guardrails.", "permitted_values": [ "pending", "active", "completed", "constraint_violated", "disputed", "expired" ], "value_labels": { "pending": "Pending", "active": "Active", "completed": "Completed", "constraint_violated": "Constraint Violated", "disputed": "Disputed", "expired": "Expired" }, "source": "Google AP2 SDK v0.2 constraint model; VeriProof session directive contract", "source_url": "https://goo.gle/ap2" }, { "enum_name": "AP2ChainDepth", "label": "AP2 Chain Depth", "attribute_type": "integer", "otel_attribute": "agentic_payments.mandate.chain_depth", "opa_policy_path": "data.agentic_payments.mandate.chain_depth", "rego_input_key": "agentic_payments_mandate_chain_depth", "stability": "experimental", "description": "Count of SD-JWT disclosure hops in the AP2 mandate chain. Record the raw integer on the span and use the listed threshold buckets for policy review and monitoring.", "permitted_values": [ "1", "2", "3", "4", "5", "6+" ], "value_labels": { "1": "Depth 1 - Intent mandate only", "2": "Depth 2 - Intent plus closed mandate", "3": "Depth 3 - One delegation hop", "4": "Depth 4 - Two delegation hops", "5": "Depth 5 - Three delegation hops", "6+": "Depth 6+ - Heightened review" }, "notes": "This is an integer OTel attribute. The permitted_values list represents review thresholds rather than a hard enum ceiling.", "source": "AP2 SD-JWT wire-format chain structure", "source_url": "https://goo.gle/ap2" }, { "enum_name": "AP2TransactionModality", "label": "AP2 Transaction Modality", "otel_attribute": "agentic_payments.mandate.modality", "opa_policy_path": "data.agentic_payments.mandate.modality", "rego_input_key": "agentic_payments_mandate_modality", "stability": "experimental", "description": "Classification of the agent-payment interaction mode. Used to distinguish low-risk human-present flows from autonomous or treasury-grade payment activity that needs stricter policy review.", "permitted_values": [ "human_present", "human_not_present", "delegated_task", "subscription", "browser_agent_checkout", "treasury_transfer" ], "value_labels": { "human_present": "Human Present", "human_not_present": "Human Not Present", "delegated_task": "Delegated Task", "subscription": "Subscription", "browser_agent_checkout": "Browser-Agent Checkout", "treasury_transfer": "Treasury Transfer" }, "source": "AP2 scenario taxonomy; VeriProof payment governance policy pack", "source_url": "https://goo.gle/ap2" }, { "enum_name": "StablecoinAsset", "label": "Stablecoin Asset", "otel_attribute": "agentic_payments.stablecoin.asset", "opa_policy_path": "data.agentic_payments.stablecoin.asset", "rego_input_key": "agentic_payments_stablecoin_asset", "stability": "stable", "description": "Stablecoin asset used in an agentic payment. Governance and licensing checks depend on both the asset and its issuer compliance state.", "permitted_values": [ "usdc", "usdb", "usdp", "usdg", "eurc", "pyusd", "usdt" ], "value_labels": { "usdc": "USDC (Circle)", "usdb": "USDB (Bridge / Stripe)", "usdp": "USDP (Paxos)", "usdg": "USDG (Gemini)", "eurc": "EURC (Circle)", "pyusd": "PYUSD (PayPal)", "usdt": "USDT (Tether)" }, "source": "GENIUS Act issuer classification; MiCA issuer mapping", "source_url": "https://en.wikipedia.org/wiki/GENIUS_Act" }, { "enum_name": "StablecoinNetwork", "label": "Stablecoin Network", "otel_attribute": "agentic_payments.stablecoin.network", "opa_policy_path": "data.agentic_payments.stablecoin.network", "rego_input_key": "agentic_payments_stablecoin_network", "stability": "stable", "description": "Settlement network carrying the stablecoin transfer. Network choice affects finality, cost, and the regulatory context recorded alongside the payment event.", "permitted_values": [ "ethereum", "base", "solana", "polygon", "arbitrum", "optimism", "avalanche_c_chain", "stellar", "tempo", "world_chain", "tron" ], "value_labels": { "ethereum": "Ethereum Mainnet", "base": "Base", "solana": "Solana", "polygon": "Polygon", "arbitrum": "Arbitrum", "optimism": "Optimism", "avalanche_c_chain": "Avalanche C-Chain", "stellar": "Stellar", "tempo": "Tempo", "world_chain": "World Chain", "tron": "Tron" }, "source": "Stablecoin issuer network support across GENIUS Act and MiCA monitoring scenarios", "source_url": "https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica" }, { "enum_name": "StablecoinIssuerComplianceStatus", "label": "Stablecoin Issuer Compliance Status", "otel_attribute": "agentic_payments.stablecoin.issuer_compliance_status", "opa_policy_path": "data.agentic_payments.stablecoin.issuer_compliance_status", "rego_input_key": "agentic_payments_stablecoin_issuer_compliance_status", "stability": "stable", "description": "Normalized licensing or registration state of the issuer behind the stablecoin asset. This is the primary policy input for GENIUS Act and MiCA pass-or-block decisions.", "permitted_values": [ "genius_act_federally_licensed", "genius_act_state_licensed", "mica_art_registered", "mica_emt_registered", "pending_registration", "unregulated" ], "value_labels": { "genius_act_federally_licensed": "GENIUS Act Federally Licensed", "genius_act_state_licensed": "GENIUS Act State Licensed", "mica_art_registered": "MiCA ART Registered", "mica_emt_registered": "MiCA EMT Registered", "pending_registration": "Pending Registration", "unregulated": "Unregulated" }, "source": "GENIUS Act licensing tiers; EU MiCA issuer registration categories", "source_url": "https://en.wikipedia.org/wiki/GENIUS_Act" }, { "enum_name": "FiatInstantRail", "label": "Fiat Instant Rail", "otel_attribute": "agentic_payments.rail.type", "opa_policy_path": "data.agentic_payments.rail.type", "rego_input_key": "agentic_payments_rail_type", "stability": "stable", "description": "Instant or near-instant fiat payment rail used by the transaction. Captured so policy packs can demand ISO 20022 references or additional evidence when AI initiates real-money movement.", "permitted_values": [ "fednow", "rtp", "sepa_instant", "pix_brazil", "uk_fps", "swift_gpi", "achats_instantanes_fr", "ach_same_day" ], "value_labels": { "fednow": "FedNow", "rtp": "RTP", "sepa_instant": "SEPA Instant", "pix_brazil": "PIX Brazil", "uk_fps": "UK Faster Payments", "swift_gpi": "SWIFT gpi", "achats_instantanes_fr": "Achats Instantanes FR", "ach_same_day": "ACH Same Day" }, "source": "FedNow ISO 20022 profile; real-time payment rail governance mapping", "source_url": "https://explore.fednow.org/resources/readiness-guide-iso-20022.pdf" }, { "enum_name": "X402PaymentEventType", "label": "x402 Payment Event Type", "otel_attribute": "agentic_payments.x402.payment_event_type", "opa_policy_path": "data.agentic_payments.x402.payment_event_type", "rego_input_key": "agentic_payments_x402_payment_event_type", "stability": "experimental", "description": "HTTP-native x402 payment event observed by VeriProof as the flow progresses from a 402 challenge through submitted signature and final settlement outcome.", "permitted_values": [ "payment_required", "payment_signature_submitted", "facilitator_verified", "settlement_initiated", "settlement_confirmed", "payment_failed", "payment_rejected_402" ], "value_labels": { "payment_required": "402 Payment Required", "payment_signature_submitted": "Payment Signature Submitted", "facilitator_verified": "Facilitator Verified", "settlement_initiated": "Settlement Initiated", "settlement_confirmed": "Settlement Confirmed", "payment_failed": "Payment Failed", "payment_rejected_402": "Payment Rejected (402)" }, "source": "Coinbase x402 protocol flow", "source_url": "https://docs.cdp.coinbase.com/x402/core-concepts/how-it-works" }, { "enum_name": "AgenticCommerceProvider", "label": "Agentic Commerce Provider", "otel_attribute": "agentic_payments.provider.id", "opa_policy_path": "data.agentic_payments.provider.id", "rego_input_key": "agentic_payments_provider_id", "stability": "proposed", "description": "Normalized provider or commerce-agent identifier associated with the payment flow. Used for provider allowlists, browser-agent detection, and reporting across AP2, x402, and autonomous checkout sessions.", "permitted_values": [ "google_ap2", "mastercard_agent_pay", "paypal_agent", "stripe", "bridge", "visa_vtap", "coinbase_x402", "openai_chatgpt_agent", "anthropic_claude_agent", "google_adk", "microsoft_copilot_agent", "amazon_alexa_shopping" ], "value_labels": { "google_ap2": "Google AP2", "mastercard_agent_pay": "Mastercard Agent Pay", "paypal_agent": "PayPal Agent", "stripe": "Stripe", "bridge": "Bridge", "visa_vtap": "Visa VTAP", "coinbase_x402": "Coinbase x402", "openai_chatgpt_agent": "OpenAI ChatGPT Agent", "anthropic_claude_agent": "Anthropic Claude Agent", "google_adk": "Google ADK", "microsoft_copilot_agent": "Microsoft Copilot Agent", "amazon_alexa_shopping": "Amazon Alexa Shopping" }, "source": "Agentic commerce provider normalization used by the payment governance vertical", "source_url": "https://goo.gle/ap2" }, { "enum_name": "PaymentRegulatoryRegime", "label": "Payment Regulatory Regime", "otel_attribute": "agentic_payments.regulatory.regime", "opa_policy_path": "data.agentic_payments.regulatory.regime", "rego_input_key": "agentic_payments_regulatory_regime", "stability": "stable", "description": "Regulatory regime tag applied to the session or payment step. Sessions may carry multiple regime tags, and policy engines use this attribute to decide which payment-control bundles to evaluate.", "permitted_values": [ "genius_act", "eu_mica", "eu_ai_act", "eu_dora", "pci_dss_v4", "fatf_recommendations", "nyc_ll144", "bsa_fincen", "uk_fca_ps_reg" ], "value_labels": { "genius_act": "GENIUS Act", "eu_mica": "EU MiCA", "eu_ai_act": "EU AI Act", "eu_dora": "EU DORA", "pci_dss_v4": "PCI DSS v4", "fatf_recommendations": "FATF Recommendations", "nyc_ll144": "NYC LL144", "bsa_fincen": "BSA / FinCEN", "uk_fca_ps_reg": "UK FCA Payment Services Regulations" }, "notes": "A single session may be governed by multiple regimes simultaneously. Record each applicable regime in the session evidence model even when the OTel span stores only the primary or currently evaluated regime.", "source": "GENIUS Act, EU MiCA, EU AI Act, DORA, PCI DSS, FATF, and related payment governance frameworks", "source_url": "https://en.wikipedia.org/wiki/GENIUS_Act" } ] }, "agent_governance_and_safety": { "namespace": "gen_ai.governance", "description": "Cross-cutting enumerations for safety controls, HITL workflows, policy enforcement, incident management, and regulatory compliance classification. Consumed by OPA Rego policy engines at the platform/GRC layer.", "categories": [ { "enum_name": "HumanOversightMode", "label": "Human Oversight Mode", "otel_attribute": "gen_ai.hitl.mode", "opa_policy_path": "data.gen_ai.governance.hitl_mode", "rego_input_key": "gen_ai_hitl_mode", "stability": "proposed", "description": "Defines the allowed values for Human Oversight Mode in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Article 14; NIST AI RMF.", "permitted_values": [ "none", "notify_only", "approve_before_action", "approve_before_irreversible_action", "continuous_supervision", "post_hoc_audit" ], "value_labels": { "none": "None", "notify_only": "Notify Only", "approve_before_action": "Approve Before Action", "approve_before_irreversible_action": "Approve Before Irreversible Action", "continuous_supervision": "Continuous Supervision", "post_hoc_audit": "Post Hoc Audit" }, "regulatory_mappings": { "eu_ai_act": "Article 14 — Human oversight measures", "nist_ai_rmf": "GOVERN 6.1, MANAGE 2.2", "iso_42001": "Clause 8.4 — AI system operation" }, "source": "EU AI Act Article 14; NIST AI RMF", "source_url": "https://artificialintelligenceact.eu/high-level-summary/" }, { "enum_name": "HumanOversightDecision", "label": "Human Oversight Decision", "otel_attribute": "gen_ai.hitl.decision", "opa_policy_path": "data.gen_ai.governance.hitl_decision", "rego_input_key": "gen_ai_hitl_decision", "stability": "proposed", "description": "Defines the allowed values for Human Oversight Decision in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Real-time guardrails for agentic systems patterns.", "permitted_values": [ "approved", "rejected", "modified_and_approved", "deferred", "escalated", "timeout_auto_rejected", "timeout_auto_approved" ], "value_labels": { "approved": "Approved", "rejected": "Rejected", "modified_and_approved": "Modified and Approved", "deferred": "Deferred", "escalated": "Escalated", "timeout_auto_rejected": "Timeout Auto Rejected", "timeout_auto_approved": "Timeout Auto Approved" }, "source": "Real-time guardrails for agentic systems patterns", "source_url": "https://www.akira.ai/blog/real-time-guardrails-agentic-systems" }, { "enum_name": "HITLTaskPriority", "label": "HITL Task Priority", "otel_attribute": "gen_ai.hitl.task_priority", "opa_policy_path": "data.gen_ai.governance.hitl_task_priority", "rego_input_key": "gen_ai_hitl_task_priority", "stability": "proposed", "description": "Priority assigned to a human-in-the-loop review item. The scale is used by the GRC portal queue, SLA logic, and escalation rules for actions that cannot proceed without human approval.", "permitted_values": [ "critical", "high", "normal", "low" ], "value_labels": { "critical": "Critical", "high": "High", "normal": "Normal", "low": "Low" }, "ordered": true, "value_ordinals": { "critical": 1, "high": 2, "normal": 3, "low": 4 }, "use_case": "Used by the GRC portal HITL queue to surface the most urgent pending approvals. Drive priority from AgentTaskRiskTier and ActionIrreversibilityLevel.", "source": "Derived from ITIL 4 incident priority matrix; NIST AI RMF MANAGE 3.1" }, { "enum_name": "HITLTaskType", "label": "HITL Task Type", "otel_attribute": "gen_ai.hitl.task_type", "opa_policy_path": "data.gen_ai.governance.hitl_task_type", "rego_input_key": "gen_ai_hitl_task_type", "stability": "proposed", "description": "Human review workflow category used to route a queued HITL task to the right approval path, reviewer role, and evidence requirements.", "permitted_values": [ "action_approval", "output_review", "incident_triage", "exception_grant_request", "policy_override_request", "data_subject_rights_review", "model_change_approval", "onboarding_risk_review" ], "value_labels": { "action_approval": "Action Approval", "output_review": "Output Review", "incident_triage": "Incident Triage", "exception_grant_request": "Exception Grant Request", "policy_override_request": "Policy Override Request", "data_subject_rights_review": "Data Subject Rights Review", "model_change_approval": "Model Change Approval", "onboarding_risk_review": "Onboarding Risk Review" }, "use_case": "Drives routing logic in the GRC portal HITL workflow module — each type routes to a different reviewer role and SLA clock.", "source": "Derived from enterprise GRC workflow patterns; EU AI Act Article 14" }, { "enum_name": "HITLReviewerRole", "label": "HITL Reviewer Role", "otel_attribute": "gen_ai.hitl.reviewer_role", "opa_policy_path": "data.gen_ai.governance.hitl_reviewer_role", "rego_input_key": "gen_ai_hitl_reviewer_role", "stability": "proposed", "description": "Reviewer persona authorised to approve, reject, or modify an action that has been escalated into the HITL control workflow.", "permitted_values": [ "domain_expert", "compliance_officer", "legal_counsel", "security_analyst", "data_protection_officer", "executive_approver", "ai_ethics_reviewer", "risk_manager" ], "value_labels": { "domain_expert": "Domain Expert", "compliance_officer": "Compliance Officer", "legal_counsel": "Legal Counsel", "security_analyst": "Security Analyst", "data_protection_officer": "Data Protection Officer", "executive_approver": "Executive Approver", "ai_ethics_reviewer": "AI Ethics Reviewer", "risk_manager": "Risk Manager" }, "regulatory_mappings": { "eu_ai_act": "Article 14 — Human oversight role definition", "gdpr": "Article 37 — Data Protection Officer designation" }, "source": "EU AI Act Article 14; GDPR Article 37; ISO/IEC 42001 Clause 5.3" }, { "enum_name": "PolicyEnforcementDecision", "label": "Policy Enforcement Decision", "otel_attribute": "gen_ai.policy.decision", "opa_policy_path": "data.gen_ai.governance.policy_decision", "rego_input_key": "gen_ai_policy_decision", "stability": "proposed", "description": "Defines the allowed values for Policy Enforcement Decision in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OPA/Rego policy engine allow/deny idiom.", "permitted_values": [ "allow", "deny", "allow_with_audit", "needs_approval", "rate_limited", "quarantined", "redacted_and_allowed" ], "value_labels": { "allow": "Allow", "deny": "Deny", "allow_with_audit": "Allow with Audit", "needs_approval": "Needs Approval", "rate_limited": "Rate Limited", "quarantined": "Quarantined", "redacted_and_allowed": "Redacted and Allowed" }, "use_case": "Standard return values for OPA Rego policy gates at the pre-tool-execution checkpoint.", "source": "OPA/Rego policy engine allow/deny idiom", "source_url": "https://www.openpolicyagent.org/docs/latest/" }, { "enum_name": "PolicyStatus", "label": "Policy Status", "otel_attribute": "gen_ai.policy.status", "opa_policy_path": "data.gen_ai.governance.policy_status", "rego_input_key": "gen_ai_policy_status", "stability": "proposed", "description": "Defines the allowed values for Policy Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Derived from enterprise GRC policy lifecycle patterns; ISO 31000.", "permitted_values": [ "draft", "active", "disabled", "deprecated", "superseded", "under_review" ], "value_labels": { "draft": "Draft", "active": "Active", "disabled": "Disabled", "deprecated": "Deprecated", "superseded": "Superseded", "under_review": "Under Review" }, "use_case": "GRC portal policy lifecycle management. OPA should only evaluate policies with status == active.", "source": "Derived from enterprise GRC policy lifecycle patterns; ISO 31000" }, { "enum_name": "PolicyEnforcementMode", "label": "Policy Enforcement Mode", "otel_attribute": "gen_ai.policy.enforcement_mode", "opa_policy_path": "data.gen_ai.governance.policy_enforcement_mode", "rego_input_key": "gen_ai_policy_enforcement_mode", "stability": "proposed", "description": "Defines the allowed values for Policy Enforcement Mode in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Derived from OPA bundle deployment patterns; enterprise GRC rollout practices.", "permitted_values": [ "blocking", "advisory", "audit_only", "shadow_mode" ], "value_labels": { "blocking": "Blocking", "advisory": "Advisory", "audit_only": "Audit Only", "shadow_mode": "Shadow Mode" }, "use_case": "shadow_mode evaluates the policy and logs the decision without acting on it — essential for testing new policies in production before enforcement. advisory shows a warning but does not block.", "source": "Derived from OPA bundle deployment patterns; enterprise GRC rollout practices" }, { "enum_name": "PolicyScope", "label": "Policy Scope", "otel_attribute": "gen_ai.policy.scope", "opa_policy_path": "data.gen_ai.governance.policy_scope", "rego_input_key": "gen_ai_policy_scope", "stability": "proposed", "description": "Defines the allowed values for Policy Scope in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Derived from OPA policy scoping patterns; multi-tenant SaaS GRC architecture.", "permitted_values": [ "global", "per_tenant", "per_agent_role", "per_industry_vertical", "per_risk_tier", "per_tool_type", "per_data_sensitivity" ], "value_labels": { "global": "Global", "per_tenant": "Per Tenant", "per_agent_role": "Per Agent Role", "per_industry_vertical": "Per Industry Vertical", "per_risk_tier": "Per Risk Tier", "per_tool_type": "Per Tool Type", "per_data_sensitivity": "Per Data Sensitivity" }, "use_case": "Used by the GRC portal to determine which agent spans a given policy rule applies to at evaluation time.", "source": "Derived from OPA policy scoping patterns; multi-tenant SaaS GRC architecture" }, { "enum_name": "PolicyTriggerEvent", "label": "Policy Trigger Event", "otel_attribute": "gen_ai.policy.trigger_event", "opa_policy_path": "data.gen_ai.governance.policy_trigger_event", "rego_input_key": "gen_ai_policy_trigger_event", "stability": "proposed", "description": "Defines the allowed values for Policy Trigger Event in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Derived from OPA webhook integration patterns; OpenTelemetry SDK hook architecture.", "permitted_values": [ "pre_tool_call", "post_tool_call", "on_memory_write", "on_memory_read", "on_agent_spawn", "on_hitl_request", "on_incident_detected", "on_model_output", "on_inter_agent_message", "on_deployment", "on_scheduled_audit" ], "value_labels": { "pre_tool_call": "Pre Tool Call", "post_tool_call": "Post Tool Call", "on_memory_write": "On Memory Write", "on_memory_read": "On Memory Read", "on_agent_spawn": "On Agent Spawn", "on_hitl_request": "On HITL Request", "on_incident_detected": "On Incident Detected", "on_model_output": "On Model Output", "on_inter_agent_message": "On Inter Agent Message", "on_deployment": "On Deployment", "on_scheduled_audit": "On Scheduled Audit" }, "use_case": "Maps each policy rule to the SDK event hook it fires on. Enables the GRC portal to show compliance officers exactly when each rule evaluates.", "source": "Derived from OPA webhook integration patterns; OpenTelemetry SDK hook architecture" }, { "enum_name": "GuardrailTriggerKind", "label": "Guardrail Trigger Kind", "otel_attribute": "gen_ai.guardrail.trigger", "opa_policy_path": "data.gen_ai.governance.guardrail_trigger", "rego_input_key": "gen_ai_guardrail_trigger", "stability": "proposed", "description": "Defines the allowed values for Guardrail Trigger Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OWASP Top 10 for Agentic Applications 2026; OWASP Top 10 for LLMs 2025.", "permitted_values": [ "pii_detected", "toxicity_threshold_exceeded", "prompt_injection_suspected", "jailbreak_attempt", "scope_violation", "privilege_escalation_attempt", "data_exfiltration_risk", "cost_budget_exceeded", "rate_limit_exceeded", "hallucination_score_exceeded", "tool_not_whitelisted", "memory_poisoning_suspected", "inter_agent_message_tampered", "output_schema_violation", "bias_threshold_exceeded", "irreversible_action_pending" ], "value_labels": { "pii_detected": "PII Detected", "toxicity_threshold_exceeded": "Toxicity Threshold Exceeded", "prompt_injection_suspected": "Prompt Injection Suspected", "jailbreak_attempt": "Jailbreak Attempt", "scope_violation": "Scope Violation", "privilege_escalation_attempt": "Privilege Escalation Attempt", "data_exfiltration_risk": "Data Exfiltration Risk", "cost_budget_exceeded": "Cost Budget Exceeded", "rate_limit_exceeded": "Rate Limit Exceeded", "hallucination_score_exceeded": "Hallucination Score Exceeded", "tool_not_whitelisted": "Tool not Whitelisted", "memory_poisoning_suspected": "Memory Poisoning Suspected", "inter_agent_message_tampered": "Inter Agent Message Tampered", "output_schema_violation": "Output Schema Violation", "bias_threshold_exceeded": "Bias Threshold Exceeded", "irreversible_action_pending": "Irreversible Action Pending" }, "regulatory_mappings": { "owasp_agentic_top10": "ASI01–ASI10", "eu_ai_act": "Article 9 — Risk management system", "nist_ai_rmf": "MANAGE 1.3" }, "source": "OWASP Top 10 for Agentic Applications 2026; OWASP Top 10 for LLMs 2025", "source_url": "https://genai.owasp.org/llm-top-10/" }, { "enum_name": "AgentSecurityThreatKind", "label": "Agent Security Threat Kind", "otel_attribute": "gen_ai.security.threat_kind", "opa_policy_path": "data.gen_ai.governance.security_threat_kind", "rego_input_key": "gen_ai_security_threat_kind", "stability": "stable", "description": "Defines the allowed values for Agent Security Threat Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OWASP Top 10 for Agentic Applications 2026 (ASI); OWASP Top 10 for LLMs 2025 (LLM).", "permitted_values": [ "ASI01_prompt_injection", "ASI02_excessive_agency", "ASI03_data_and_model_poisoning", "ASI04_sensitive_information_disclosure", "ASI05_supply_chain_compromise", "ASI06_memory_context_poisoning", "ASI07_insecure_inter_agent_communication", "ASI08_cascading_failure", "ASI09_human_agent_trust_exploitation", "ASI10_rogue_agent", "LLM01_prompt_injection", "LLM02_sensitive_info_disclosure", "LLM03_supply_chain", "LLM04_data_model_poisoning", "LLM05_improper_output_handling", "LLM06_excessive_agency", "LLM07_system_prompt_leakage", "LLM08_vector_embedding_weakness", "LLM09_misinformation", "LLM10_unbounded_consumption" ], "value_labels": { "ASI01_prompt_injection": "ASI01 Prompt Injection", "ASI02_excessive_agency": "ASI02 Excessive Agency", "ASI03_data_and_model_poisoning": "ASI03 Data and Model Poisoning", "ASI04_sensitive_information_disclosure": "ASI04 Sensitive Information Disclosure", "ASI05_supply_chain_compromise": "ASI05 Supply Chain Compromise", "ASI06_memory_context_poisoning": "ASI06 Memory Context Poisoning", "ASI07_insecure_inter_agent_communication": "ASI07 Insecure Inter Agent Communication", "ASI08_cascading_failure": "ASI08 Cascading Failure", "ASI09_human_agent_trust_exploitation": "ASI09 Human Agent Trust Exploitation", "ASI10_rogue_agent": "ASI10 Rogue Agent", "LLM01_prompt_injection": "LLM01 Prompt Injection", "LLM02_sensitive_info_disclosure": "LLM02 Sensitive Info Disclosure", "LLM03_supply_chain": "LLM03 Supply Chain", "LLM04_data_model_poisoning": "LLM04 Data Model Poisoning", "LLM05_improper_output_handling": "LLM05 Improper Output Handling", "LLM06_excessive_agency": "LLM06 Excessive Agency", "LLM07_system_prompt_leakage": "LLM07 System Prompt Leakage", "LLM08_vector_embedding_weakness": "LLM08 Vector Embedding Weakness", "LLM09_misinformation": "LLM09 Misinformation", "LLM10_unbounded_consumption": "LLM10 Unbounded Consumption" }, "source": "OWASP Top 10 for Agentic Applications 2026 (ASI); OWASP Top 10 for LLMs 2025 (LLM)", "source_url": "https://genai.owasp.org/llm-top-10/" }, { "enum_name": "ActionIrreversibilityLevel", "label": "Action Irreversibility Level", "otel_attribute": "gen_ai.action.reversibility", "opa_policy_path": "data.gen_ai.governance.action_reversibility", "rego_input_key": "gen_ai_action_reversibility", "stability": "proposed", "description": "Defines the allowed values for Action Irreversibility Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Anthropic agentic AI safety principles; EU AI Act Article 14; NIST AI RMF MANAGE 2.2.", "permitted_values": [ "fully_reversible", "reversible_with_cost", "partially_reversible", "irreversible_low_impact", "irreversible_high_impact", "irreversible_critical" ], "value_labels": { "fully_reversible": "Fully Reversible", "reversible_with_cost": "Reversible with Cost", "partially_reversible": "Partially Reversible", "irreversible_low_impact": "Irreversible Low Impact", "irreversible_high_impact": "Irreversible High Impact", "irreversible_critical": "Irreversible Critical" }, "source": "Anthropic agentic AI safety principles; EU AI Act Article 14; NIST AI RMF MANAGE 2.2" }, { "enum_name": "AgentTaskRiskTier", "label": "Agent Task Risk Tier", "otel_attribute": "gen_ai.task.risk_tier", "opa_policy_path": "data.gen_ai.governance.task_risk_tier", "rego_input_key": "gen_ai_task_risk_tier", "stability": "proposed", "description": "Defines the allowed values for Agent Task Risk Tier in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST SP 800-30 risk rating tiers; EU AI Act risk classification.", "permitted_values": [ "tier_0_informational", "tier_1_low", "tier_2_moderate", "tier_3_high", "tier_4_critical" ], "value_labels": { "tier_0_informational": "Tier 0 — Informational", "tier_1_low": "Tier 1 — Low", "tier_2_moderate": "Tier 2 — Moderate", "tier_3_high": "Tier 3 — High", "tier_4_critical": "Tier 4 — Critical" }, "ordered": true, "value_ordinals": { "tier_0_informational": 1, "tier_1_low": 2, "tier_2_moderate": 3, "tier_3_high": 4, "tier_4_critical": 5 }, "regulatory_mappings": { "eu_ai_act": "Annex III — High-Risk AI System classification", "nist_ai_rmf": "MAP 5.1 — Likelihood and magnitude of impact", "nist_sp_800_30": "Risk ratings: low / moderate / high / critical", "iso_42001": "Clause 6.1.2 — AI risk assessment" }, "source": "NIST SP 800-30 risk rating tiers; EU AI Act risk classification" }, { "enum_name": "EUAIActRiskLevel", "label": "EU AI Act Risk Level", "otel_attribute": "gen_ai.regulatory.eu_ai_act_risk_level", "opa_policy_path": "data.gen_ai.governance.eu_ai_act_risk_level", "rego_input_key": "gen_ai_regulatory_eu_ai_act_risk_level", "stability": "stable", "description": "EU AI Act classification used to determine which obligations apply to an AI system, including prohibited uses, Annex I or Annex III high-risk systems, GPAI obligations, and transparency-only cases.", "permitted_values": [ "prohibited", "high_risk_annex1", "high_risk_annex3", "gpai_general_purpose", "gpai_systemic_risk", "limited_risk_transparency_obligation", "minimal_risk" ], "value_labels": { "prohibited": "Prohibited", "high_risk_annex1": "High-Risk Annex I", "high_risk_annex3": "High-Risk Annex III", "gpai_general_purpose": "GPAI General-Purpose", "gpai_systemic_risk": "GPAI Systemic Risk", "limited_risk_transparency_obligation": "Limited Risk Transparency Obligation", "minimal_risk": "Minimal Risk" }, "regulatory_mappings": { "eu_ai_act": "Article 5 (prohibited), Article 6 + Annex I/III (high-risk), Article 51 (GPAI systemic risk), Article 50 (limited risk)" }, "source": "EU AI Act (Regulation EU 2024/1689)", "source_url": "https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng", "notes": "Enforcement: prohibited Feb 2025; GPAI Aug 2025; Annex III high-risk Aug 2026." }, { "enum_name": "EUAIActHighRiskUseCase", "otel_attribute": "gen_ai.regulatory.eu_ai_act_use_case", "opa_policy_path": "data.gen_ai.governance.eu_ai_act_use_case", "rego_input_key": "gen_ai_regulatory_eu_ai_act_use_case", "stability": "stable", "description": "Defines the allowed values for EU AI Act High Risk Use Case in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Annex III.", "permitted_values": [ "biometric_identification", "critical_infrastructure_management", "education_and_vocational_training", "employment_and_worker_management", "access_to_essential_services", "law_enforcement", "migration_and_border_control", "justice_and_democratic_processes", "not_high_risk" ], "value_labels": { "biometric_identification": "Biometric Identification", "critical_infrastructure_management": "Critical Infrastructure Management", "education_and_vocational_training": "Education and Vocational Training", "employment_and_worker_management": "Employment and Worker Management", "access_to_essential_services": "Access to Essential Services", "law_enforcement": "Law Enforcement", "migration_and_border_control": "Migration and Border Control", "justice_and_democratic_processes": "Justice and Democratic Processes", "not_high_risk": "Not High Risk" }, "source": "EU AI Act Annex III", "source_url": "https://artificialintelligenceact.eu/annex/3/" }, { "enum_name": "NISTAIRMFFunction", "label": "NIST AI RMF Function", "otel_attribute": "gen_ai.regulatory.nist_rmf_function", "opa_policy_path": "data.gen_ai.governance.nist_rmf_function", "rego_input_key": "gen_ai_regulatory_nist_rmf_function", "stability": "stable", "description": "Defines the allowed values for NIST AI RMF Function in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI Risk Management Framework 1.0.", "permitted_values": [ "GOVERN", "MAP", "MEASURE", "MANAGE" ], "value_labels": { "GOVERN": "Govern", "MAP": "Map", "MEASURE": "Measure", "MANAGE": "Manage" }, "source": "NIST AI Risk Management Framework 1.0", "source_url": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/" }, { "enum_name": "NISTAITrustworthinessCharacteristic", "label": "NIST AI Trustworthiness Characteristic", "otel_attribute": "gen_ai.regulatory.nist_trustworthiness", "opa_policy_path": "data.gen_ai.governance.nist_trustworthiness", "rego_input_key": "gen_ai_regulatory_nist_trustworthiness", "stability": "stable", "description": "The NIST AI RMF trustworthiness characteristic being evaluated for a model, system, or control. Aligns to the seven characteristics of trustworthy AI in NIST AI RMF 1.0.", "permitted_values": [ "valid_and_reliable", "safe", "secure_and_resilient", "accountable_and_transparent", "explainable_and_interpretable", "privacy_enhanced", "fair_bias_managed" ], "value_labels": { "valid_and_reliable": "Valid and Reliable", "safe": "Safe", "secure_and_resilient": "Secure and Resilient", "accountable_and_transparent": "Accountable and Transparent", "explainable_and_interpretable": "Explainable and Interpretable", "privacy_enhanced": "Privacy Enhanced", "fair_bias_managed": "Fair Bias Managed" }, "source": "NIST AI RMF 1.0 — Seven Characteristics of Trustworthy AI", "source_url": "https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf" }, { "enum_name": "NISTImplementationTier", "label": "NIST Implementation Tier", "otel_attribute": "gen_ai.regulatory.nist_implementation_tier", "opa_policy_path": "data.gen_ai.governance.nist_implementation_tier", "rego_input_key": "gen_ai_regulatory_nist_implementation_tier", "stability": "stable", "description": "Defines the allowed values for NIST Implementation Tier in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI RMF Maturity Model.", "permitted_values": [ "tier_1_partial", "tier_2_risk_informed", "tier_3_repeatable", "tier_4_adaptive" ], "value_labels": { "tier_1_partial": "Tier 1 — Partial", "tier_2_risk_informed": "Tier 2 — Risk Informed", "tier_3_repeatable": "Tier 3 — Repeatable", "tier_4_adaptive": "Tier 4 — Adaptive" }, "source": "NIST AI RMF Maturity Model", "source_url": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/" }, { "enum_name": "ISO42001LifecycleStage", "label": "ISO 42001 Lifecycle Stage", "otel_attribute": "gen_ai.regulatory.iso42001_lifecycle_stage", "opa_policy_path": "data.gen_ai.governance.iso42001_lifecycle_stage", "rego_input_key": "gen_ai_regulatory_iso42001_lifecycle_stage", "stability": "stable", "description": "Defines the allowed values for ISO 42001 Lifecycle Stage in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to ISO/IEC 42001:2023 — AI Management Systems.", "permitted_values": [ "context_and_planning", "design", "data_collection", "training_and_development", "verification_and_validation", "deployment", "operation_and_monitoring", "decommission" ], "value_labels": { "context_and_planning": "Context and Planning", "design": "Design", "data_collection": "Data Collection", "training_and_development": "Training and Development", "verification_and_validation": "Verification and Validation", "deployment": "Deployment", "operation_and_monitoring": "Operation and Monitoring", "decommission": "Decommission" }, "source": "ISO/IEC 42001:2023 — AI Management Systems", "source_url": "https://www.iso.org/standard/42001" }, { "enum_name": "AIIncidentSeverity", "label": "AI Incident Severity", "otel_attribute": "gen_ai.incident.severity", "opa_policy_path": "data.gen_ai.governance.incident_severity", "rego_input_key": "gen_ai_incident_severity", "stability": "proposed", "description": "Defines the allowed values for AI Incident Severity in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Article 73; NIST AI RMF.", "permitted_values": [ "sev_1_critical", "sev_2_major", "sev_3_moderate", "sev_4_minor", "sev_5_informational" ], "value_labels": { "sev_1_critical": "SEV 1 — Critical", "sev_2_major": "SEV 2 — Major", "sev_3_moderate": "SEV 3 — Moderate", "sev_4_minor": "SEV 4 — Minor", "sev_5_informational": "SEV 5 — Informational" }, "ordered": true, "value_ordinals": { "sev_1_critical": 1, "sev_2_major": 2, "sev_3_moderate": 3, "sev_4_minor": 4, "sev_5_informational": 5 }, "regulatory_mappings": { "eu_ai_act": "Article 73 — Serious incident reporting", "nist_ai_rmf": "MANAGE 3.1 — Incident response" }, "source": "EU AI Act Article 73; NIST AI RMF" }, { "enum_name": "AIIncidentCategory", "label": "AI Incident Category", "otel_attribute": "gen_ai.incident.category", "opa_policy_path": "data.gen_ai.governance.incident_category", "rego_input_key": "gen_ai_incident_category", "stability": "proposed", "description": "Defines the allowed values for AI Incident Category in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI 600-1; EU AI Act Article 73; OWASP GenAI Top 10 2025.", "permitted_values": [ "safety_harm_to_person", "safety_harm_to_infrastructure", "privacy_data_breach", "bias_discrimination", "hallucination_factual_error", "unauthorized_action", "security_intrusion", "prompt_injection_exploit", "excessive_resource_consumption", "model_denial_of_service", "intellectual_property_violation", "regulatory_non_compliance", "performance_degradation" ], "value_labels": { "safety_harm_to_person": "Safety Harm to Person", "safety_harm_to_infrastructure": "Safety Harm to Infrastructure", "privacy_data_breach": "Privacy Data Breach", "bias_discrimination": "Bias Discrimination", "hallucination_factual_error": "Hallucination Factual Error", "unauthorized_action": "Unauthorized Action", "security_intrusion": "Security Intrusion", "prompt_injection_exploit": "Prompt Injection Exploit", "excessive_resource_consumption": "Excessive Resource Consumption", "model_denial_of_service": "Model Denial of Service", "intellectual_property_violation": "Intellectual Property Violation", "regulatory_non_compliance": "Regulatory Non Compliance", "performance_degradation": "Performance Degradation" }, "regulatory_mappings": { "eu_ai_act": "Article 73 — Serious incident categories", "nist_ai_600_1": "NIST AI 600-1 GenAI risk taxonomy" }, "source": "NIST AI 600-1; EU AI Act Article 73; OWASP GenAI Top 10 2025" }, { "enum_name": "DataSensitivityClassification", "label": "Data Sensitivity Classification", "otel_attribute": "gen_ai.data.sensitivity", "opa_policy_path": "data.gen_ai.governance.data_sensitivity", "rego_input_key": "gen_ai_data_sensitivity", "stability": "proposed", "description": "Defines the allowed values for Data Sensitivity Classification in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to GDPR; HIPAA 45 CFR 164; PCI-DSS v4.0; EU AI Act Article 10.", "permitted_values": [ "public", "internal", "confidential", "restricted", "pii", "phi_hipaa", "pci_cardholder", "regulated_financial", "national_security", "special_category_gdpr", "sensitive" ], "value_labels": { "public": "Public", "internal": "Internal", "confidential": "Confidential", "restricted": "Restricted", "pii": "PII", "phi_hipaa": "PHI / HIPAA", "pci_cardholder": "PCI Cardholder", "regulated_financial": "Regulated Financial", "national_security": "National Security", "special_category_gdpr": "Special Category (GDPR)", "sensitive": "Sensitive" }, "regulatory_mappings": { "gdpr": "Article 9 — Special categories of personal data", "hipaa": "45 CFR Part 164 — PHI definition", "pci_dss_v4": "PCI DSS v4.0 — Cardholder data environment", "eu_ai_act": "Article 10 — Training data governance" }, "source": "GDPR; HIPAA 45 CFR 164; PCI-DSS v4.0; EU AI Act Article 10" }, { "enum_name": "AgentIdentityVerificationStatus", "label": "Agent Identity Verification Status", "otel_attribute": "gen_ai.agent.identity_verified", "opa_policy_path": "data.gen_ai.governance.agent_identity_verification", "rego_input_key": "gen_ai_agent_identity_verified", "stability": "proposed", "description": "Defines the allowed values for Agent Identity Verification Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to CSA AAGATE architecture; OWASP Agentic Identity guidance.", "permitted_values": [ "unverified", "self_asserted", "signed_credential", "did_verified", "spiffe_verified", "revoked", "expired" ], "value_labels": { "unverified": "Unverified", "self_asserted": "Self Asserted", "signed_credential": "Signed Credential", "did_verified": "Did Verified", "spiffe_verified": "Spiffe Verified", "revoked": "Revoked", "expired": "Expired" }, "source": "CSA AAGATE architecture; OWASP Agentic Identity guidance", "source_url": "https://cloudsecurityalliance.org/blog/2025/12/22/aagate-a-nist-ai-rmf-aligned-governance-platform-for-agentic-ai" }, { "enum_name": "InterAgentTrustLevel", "label": "Inter Agent Trust Level", "otel_attribute": "gen_ai.agent.trust_level", "opa_policy_path": "data.gen_ai.governance.inter_agent_trust_level", "rego_input_key": "gen_ai_agent_trust_level", "stability": "proposed", "description": "Defines the allowed values for Inter Agent Trust Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to CSA MAESTRO framework; OWASP ASI07.", "permitted_values": [ "untrusted", "low_trust", "same_tenant", "verified_partner", "fully_trusted", "system_internal" ], "value_labels": { "untrusted": "Untrusted", "low_trust": "Low Trust", "same_tenant": "Same Tenant", "verified_partner": "Verified Partner", "fully_trusted": "Fully Trusted", "system_internal": "System Internal" }, "source": "CSA MAESTRO framework; OWASP ASI07", "source_url": "https://genai.owasp.org/llm-top-10/" }, { "enum_name": "AgentDriftIndicator", "label": "Agent Drift Indicator", "otel_attribute": "gen_ai.agent.drift_status", "opa_policy_path": "data.gen_ai.governance.agent_drift_indicator", "rego_input_key": "gen_ai_agent_drift_status", "stability": "proposed", "description": "Defines the allowed values for Agent Drift Indicator in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Real-time guardrails for agentic systems; NIST AI RMF MEASURE 2.6.", "permitted_values": [ "none_detected", "minor_variance", "behavioral_drift", "goal_misalignment", "loop_detected", "latency_spike", "cost_spike", "output_distribution_shift", "quarantined" ], "value_labels": { "none_detected": "None Detected", "minor_variance": "Minor Variance", "behavioral_drift": "Behavioral Drift", "goal_misalignment": "Goal Misalignment", "loop_detected": "Loop Detected", "latency_spike": "Latency Spike", "cost_spike": "Cost Spike", "output_distribution_shift": "Output Distribution Shift", "quarantined": "Quarantined" }, "source": "Real-time guardrails for agentic systems; NIST AI RMF MEASURE 2.6", "source_url": "https://www.akira.ai/blog/real-time-guardrails-agentic-systems" }, { "enum_name": "ConformityAssessmentStatus", "label": "Conformity Assessment Status", "otel_attribute": "gen_ai.regulatory.conformity_status", "opa_policy_path": "data.gen_ai.governance.conformity_status", "rego_input_key": "gen_ai_regulatory_conformity_status", "stability": "proposed", "description": "Defines the allowed values for Conformity Assessment Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Article 43; ISO/IEC 42001 Clause 9.", "permitted_values": [ "not_assessed", "self_assessment_complete", "third_party_audit_pending", "third_party_certified", "non_conformant", "corrective_action_required", "suspended", "withdrawn" ], "value_labels": { "not_assessed": "Not Assessed", "self_assessment_complete": "Self Assessment Complete", "third_party_audit_pending": "Third Party Audit Pending", "third_party_certified": "Third Party Certified", "non_conformant": "Non Conformant", "corrective_action_required": "Corrective Action Required", "suspended": "Suspended", "withdrawn": "Withdrawn" }, "regulatory_mappings": { "eu_ai_act": "Article 43 — Conformity assessment", "iso_42001": "Clause 9.2 — Internal audit; Clause 9.3 — Management review" }, "source": "EU AI Act Article 43; ISO/IEC 42001 Clause 9" }, { "enum_name": "ModelChangeType", "label": "Model Change Type", "otel_attribute": "gen_ai.model.change_type", "opa_policy_path": "data.gen_ai.governance.model_change_type", "rego_input_key": "gen_ai_model_change_type", "stability": "proposed", "description": "Defines the allowed values for Model Change Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Federal Reserve SR 11-7; EU AI Act Article 15; ISO/IEC 42001.", "permitted_values": [ "fine_tune", "prompt_update", "rag_index_refresh", "tool_addition", "tool_removal", "autonomy_level_change", "risk_tier_reclassification", "model_provider_swap", "model_version_upgrade" ], "value_labels": { "fine_tune": "Fine Tune", "prompt_update": "Prompt Update", "rag_index_refresh": "RAG Index Refresh", "tool_addition": "Tool Addition", "tool_removal": "Tool Removal", "autonomy_level_change": "Autonomy Level Change", "risk_tier_reclassification": "Risk Tier Reclassification", "model_provider_swap": "Model Provider Swap", "model_version_upgrade": "Model Version Upgrade" }, "regulatory_mappings": { "fed_sr_11_7": "SR 11-7 — Model change management", "eu_ai_act": "Article 15 — Accuracy, robustness, and cybersecurity", "iso_42001": "Clause 8.5 — AI system lifecycle changes" }, "use_case": "Gate model changes that affect risk classification or autonomy level behind a full re-validation workflow.", "source": "Federal Reserve SR 11-7; EU AI Act Article 15; ISO/IEC 42001" }, { "enum_name": "ChangeControlStatus", "label": "Change Control Status", "otel_attribute": "gen_ai.model.change_control_status", "opa_policy_path": "data.gen_ai.governance.change_control_status", "rego_input_key": "gen_ai_model_change_control_status", "stability": "proposed", "description": "Defines the allowed values for Change Control Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Federal Reserve SR 11-7 model change governance; ITIL 4 Change Enablement.", "permitted_values": [ "proposed", "impact_assessed", "approved", "deployed", "monitoring_post_deploy", "rolled_back", "rejected" ], "value_labels": { "proposed": "Proposed", "impact_assessed": "Impact Assessed", "approved": "Approved", "deployed": "Deployed", "monitoring_post_deploy": "Monitoring Post Deploy", "rolled_back": "Rolled Back", "rejected": "Rejected" }, "source": "Federal Reserve SR 11-7 model change governance; ITIL 4 Change Enablement" }, { "enum_name": "ExplainabilityMethod", "label": "Explainability Method", "otel_attribute": "gen_ai.explainability.method", "opa_policy_path": "data.gen_ai.governance.explainability_method", "rego_input_key": "gen_ai_explainability_method", "stability": "proposed", "description": "Defines the allowed values for Explainability Method in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI RMF; EU AI Act Article 13; DARPA XAI program taxonomy.", "permitted_values": [ "lime", "shap", "attention_visualization", "chain_of_thought", "counterfactual", "feature_importance", "natural_language_explanation", "decision_tree_surrogate" ], "value_labels": { "lime": "Lime", "shap": "Shap", "attention_visualization": "Attention Visualization", "chain_of_thought": "Chain of Thought", "counterfactual": "Counterfactual", "feature_importance": "Feature Importance", "natural_language_explanation": "Natural Language Explanation", "decision_tree_surrogate": "Decision Tree Surrogate" }, "regulatory_mappings": { "eu_ai_act": "Article 13 — Transparency and provision of information", "nist_ai_rmf": "GOVERN 1.7 — Explainability and interpretability" }, "source": "NIST AI RMF; EU AI Act Article 13; DARPA XAI program taxonomy" }, { "enum_name": "TransparencyDisclosureType", "label": "Transparency Disclosure Type", "otel_attribute": "gen_ai.transparency.disclosure_type", "opa_policy_path": "data.gen_ai.governance.transparency_disclosure_type", "rego_input_key": "gen_ai_transparency_disclosure_type", "stability": "proposed", "description": "Defines the allowed values for Transparency Disclosure Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Article 50; GDPR Article 22.", "permitted_values": [ "ai_generated_content_label", "automated_decision_notice", "training_data_summary", "capability_limitation_notice", "human_oversight_availability_notice", "data_usage_notice" ], "value_labels": { "ai_generated_content_label": "AI Generated Content Label", "automated_decision_notice": "Automated Decision Notice", "training_data_summary": "Training Data Summary", "capability_limitation_notice": "Capability Limitation Notice", "human_oversight_availability_notice": "Human Oversight Availability Notice", "data_usage_notice": "Data Usage Notice" }, "regulatory_mappings": { "eu_ai_act": "Article 50 — Transparency obligations for certain AI systems", "gdpr": "Article 22 — Automated individual decision-making" }, "source": "EU AI Act Article 50; GDPR Article 22" }, { "enum_name": "DeploymentEnvironment", "label": "Deployment Environment", "otel_attribute": "gen_ai.deployment.environment", "opa_policy_path": "data.gen_ai.governance.deployment_environment", "rego_input_key": "gen_ai_deployment_environment", "stability": "proposed", "description": "Defines the allowed values for Deployment Environment in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST SP 800-53 Rev 5 CM-2; DevSecOps pipeline governance patterns.", "permitted_values": [ "development", "staging", "production", "sandbox", "disaster_recovery", "air_gapped" ], "value_labels": { "development": "Development", "staging": "Staging", "production": "Production", "sandbox": "Sandbox", "disaster_recovery": "Disaster Recovery", "air_gapped": "Air Gapped" }, "use_case": "OPA rule: block fully_autonomous agents from production until ConformityAssessmentStatus is third_party_certified. Block irreversible_critical tools in development and staging.", "source": "NIST SP 800-53 Rev 5 CM-2; DevSecOps pipeline governance patterns" }, { "enum_name": "TenantIsolationModel", "label": "Tenant Isolation Model", "otel_attribute": "gen_ai.deployment.tenant_isolation", "opa_policy_path": "data.gen_ai.governance.tenant_isolation", "rego_input_key": "gen_ai_deployment_tenant_isolation", "stability": "proposed", "description": "Defines the allowed values for Tenant Isolation Model in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to FedRAMP cloud service provider isolation models; HIPAA Security Rule.", "permitted_values": [ "shared", "dedicated_compute", "dedicated_vpc", "air_gapped", "on_premise" ], "value_labels": { "shared": "Shared", "dedicated_compute": "Dedicated Compute", "dedicated_vpc": "Dedicated Vpc", "air_gapped": "Air Gapped", "on_premise": "On Premise" }, "regulatory_mappings": { "eu_ai_act": "Article 10 — Data governance and management", "hipaa": "45 CFR 164.312 — Technical safeguards", "fedramp": "FedRAMP Moderate/High boundary requirements" }, "source": "FedRAMP cloud service provider isolation models; HIPAA Security Rule" }, { "enum_name": "ModelProviderName", "label": "Model Provider Name", "otel_attribute": "gen_ai.provider.name", "opa_policy_path": "data.gen_ai.governance.model_provider_name", "rego_input_key": "gen_ai_provider_name", "stability": "experimental", "description": "Defines the allowed values for Model Provider Name in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI provider attribute conventions.", "permitted_values": [ "openai", "anthropic", "google", "meta", "mistral", "cohere", "amazon_bedrock", "azure_openai", "nvidia", "self_hosted", "other" ], "value_labels": { "openai": "Openai", "anthropic": "Anthropic", "google": "Google", "meta": "Meta", "mistral": "Mistral", "cohere": "Cohere", "amazon_bedrock": "Amazon Bedrock", "azure_openai": "Azure Openai", "nvidia": "Nvidia", "self_hosted": "Self Hosted", "other": "Other" }, "use_case": "Enforce third-party AI risk policy at the provider level. Block providers without a valid DPA or BAA for regulated data processing.", "source": "OpenTelemetry GenAI provider attribute conventions", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-spans/" }, { "enum_name": "ModelProviderComplianceCertification", "label": "Model Provider Compliance Certification", "otel_attribute": "gen_ai.provider.compliance_certification", "opa_policy_path": "data.gen_ai.governance.provider_compliance", "rego_input_key": "gen_ai_provider_compliance_certification", "stability": "proposed", "description": "Defines the allowed values for Model Provider Compliance Certification in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI RMF GOVERN function; EU AI Act Article 25.", "permitted_values": [ "gdpr_dpa_signed", "hipaa_baa_available", "fedramp_authorized", "soc2_type2", "iso_27001", "pci_dss_compliant", "csf_aligned" ], "value_labels": { "gdpr_dpa_signed": "Gdpr Dpa Signed", "hipaa_baa_available": "HIPAA Baa Available", "fedramp_authorized": "Fedramp Authorized", "soc2_type2": "Soc2 Type2", "iso_27001": "ISO 27001", "pci_dss_compliant": "PCI Dss Compliant", "csf_aligned": "CSF Aligned" }, "regulatory_mappings": { "eu_ai_act": "Article 25 — Obligations of importers and distributors", "nist_ai_rmf": "GOVERN 6.1 — Third-party risk management", "fed_sr_11_7": "Vendor model risk management" }, "source": "NIST AI RMF GOVERN function; EU AI Act Article 25" }, { "enum_name": "CostBudgetScope", "label": "Cost Budget Scope", "otel_attribute": "gen_ai.cost.budget_scope", "opa_policy_path": "data.gen_ai.governance.cost_budget_scope", "rego_input_key": "gen_ai_cost_budget_scope", "stability": "proposed", "description": "Defines the allowed values for Cost Budget Scope in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Cloud FinOps Foundation cost allocation patterns; enterprise AI cost governance.", "permitted_values": [ "per_task", "per_session", "per_agent", "per_user", "per_tenant", "daily", "monthly" ], "value_labels": { "per_task": "Per Task", "per_session": "Per Session", "per_agent": "Per Agent", "per_user": "Per User", "per_tenant": "Per Tenant", "daily": "Daily", "monthly": "Monthly" }, "use_case": "Define the granularity at which token/cost budgets are enforced. Pair with ResourceQuotaStatus for OPA enforcement.", "source": "Cloud FinOps Foundation cost allocation patterns; enterprise AI cost governance" }, { "enum_name": "ResourceQuotaStatus", "label": "Resource Quota Status", "otel_attribute": "gen_ai.cost.quota_status", "opa_policy_path": "data.gen_ai.governance.resource_quota_status", "rego_input_key": "gen_ai_cost_quota_status", "stability": "proposed", "description": "Defines the allowed values for Resource Quota Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OWASP LLM10 Unbounded Consumption; Cloud FinOps cost governance.", "permitted_values": [ "within_budget", "approaching_limit", "limit_reached", "limit_exceeded", "suspended" ], "value_labels": { "within_budget": "Within Budget", "approaching_limit": "Approaching Limit", "limit_reached": "Limit Reached", "limit_exceeded": "Limit Exceeded", "suspended": "Suspended" }, "use_case": "OPA rule: deny new tool calls when quota_status == limit_exceeded; degrade to advisory mode when approaching_limit.", "source": "OWASP LLM10 Unbounded Consumption; Cloud FinOps cost governance" }, { "enum_name": "RiskTreatmentStrategy", "label": "Risk Treatment Strategy", "otel_attribute": "gen_ai.risk.treatment", "opa_policy_path": "data.gen_ai.governance.risk_treatment", "rego_input_key": "gen_ai_risk_treatment", "stability": "stable", "description": "Defines the allowed values for Risk Treatment Strategy in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to ISO 31000:2018 — Risk Management.", "permitted_values": [ "avoid", "reduce", "share", "accept", "transfer", "monitor" ], "value_labels": { "avoid": "Avoid", "reduce": "Reduce", "share": "Share", "accept": "Accept", "transfer": "Transfer", "monitor": "Monitor" }, "source": "ISO 31000:2018 — Risk Management", "source_url": "https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en" }, { "enum_name": "ComplianceActionStatus", "label": "Compliance Action Status", "otel_attribute": "gen_ai.compliance.action_status", "opa_policy_path": "data.gen_ai.governance.compliance_action_status", "rego_input_key": "gen_ai_compliance_action_status", "stability": "stable", "description": "Defines the allowed values for Compliance Action Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to ISO 31000; CoreStream GRC platform patterns.", "permitted_values": [ "in_flight", "overdue", "pending_verification", "remediated", "exception_granted", "waived", "escalated_to_regulator" ], "value_labels": { "in_flight": "In Flight", "overdue": "Overdue", "pending_verification": "Pending Verification", "remediated": "Remediated", "exception_granted": "Exception Granted", "waived": "Waived", "escalated_to_regulator": "Escalated to Regulator" }, "source": "ISO 31000; CoreStream GRC platform patterns", "source_url": "https://corestreamgrc.com/resources/blog/iso-31000-risk-guide/" } ] }, "cross_cutting_data_governance": { "namespace": "gen_ai.data", "description": "Enumerations for data provenance, privacy compliance, content moderation, data subject rights, and output quality governance. Applicable across all industry verticals.", "categories": [ { "enum_name": "DataProvenanceType", "label": "Data Provenance Type", "otel_attribute": "gen_ai.data.provenance_type", "opa_policy_path": "data.gen_ai.data.provenance_type", "rego_input_key": "gen_ai_data_provenance_type", "stability": "proposed", "description": "Defines the allowed values for Data Provenance Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to EU AI Act Articles 10 & 53; ISO/IEC 42001 Clause 8.4.2.", "permitted_values": [ "original_human_authored", "ai_generated", "ai_assisted_human_reviewed", "synthetic", "derived_from_model", "web_crawled", "licensed_dataset", "proprietary_enterprise", "real_time_streamed", "unknown" ], "value_labels": { "original_human_authored": "Original Human Authored", "ai_generated": "AI Generated", "ai_assisted_human_reviewed": "AI Assisted Human Reviewed", "synthetic": "Synthetic", "derived_from_model": "Derived From Model", "web_crawled": "Web Crawled", "licensed_dataset": "Licensed Dataset", "proprietary_enterprise": "Proprietary Enterprise", "real_time_streamed": "Real-Time Streamed", "unknown": "Unknown" }, "regulatory_mappings": { "eu_ai_act": "Article 10 — Training data governance; Article 53 — GPAI training data transparency", "iso_42001": "Clause 8.4.2 — Data for AI systems" }, "source": "EU AI Act Articles 10 & 53; ISO/IEC 42001 Clause 8.4.2" }, { "enum_name": "ContentModerationOutcome", "label": "Content Moderation Outcome", "otel_attribute": "gen_ai.content.moderation_outcome", "opa_policy_path": "data.gen_ai.content.moderation_outcome", "rego_input_key": "gen_ai_content_moderation_outcome", "stability": "proposed", "description": "Defines the allowed values for Content Moderation Outcome in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Azure AI Content Safety harm categories; NIST AI 600-1 GenAI risk taxonomy.", "permitted_values": [ "approved", "filtered_toxicity", "filtered_pii", "filtered_sexual_content", "filtered_violence", "filtered_hate_speech", "filtered_illegal_content", "filtered_misinformation", "filtered_copyright", "filtered_prompt_injection", "redacted_and_approved", "escalated_for_human_review" ], "value_labels": { "approved": "Approved", "filtered_toxicity": "Filtered Toxicity", "filtered_pii": "Filtered PII", "filtered_sexual_content": "Filtered Sexual Content", "filtered_violence": "Filtered Violence", "filtered_hate_speech": "Filtered Hate Speech", "filtered_illegal_content": "Filtered Illegal Content", "filtered_misinformation": "Filtered Misinformation", "filtered_copyright": "Filtered Copyright", "filtered_prompt_injection": "Filtered Prompt Injection", "redacted_and_approved": "Redacted and Approved", "escalated_for_human_review": "Escalated for Human Review" }, "source": "Azure AI Content Safety harm categories; NIST AI 600-1 GenAI risk taxonomy" }, { "enum_name": "PIIEntityType", "label": "PII Entity Type", "otel_attribute": "gen_ai.pii.entity_type", "opa_policy_path": "data.gen_ai.pii.entity_type", "rego_input_key": "gen_ai_pii_entity_type", "stability": "stable", "description": "Defines the allowed values for PII Entity Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to GDPR Articles 4 & 9; CCPA 1798.140; NIST Privacy Framework.", "permitted_values": [ "name", "email", "phone_number", "address", "date_of_birth", "national_id", "passport_number", "ssn_tin", "financial_account", "ip_address", "device_id", "biometric_data", "health_record_id", "precise_geolocation", "race_ethnicity", "religion", "sexual_orientation", "political_opinion", "trade_union_membership" ], "value_labels": { "name": "Name", "email": "Email", "phone_number": "Phone Number", "address": "Address", "date_of_birth": "Date of Birth", "national_id": "National Id", "passport_number": "Passport Number", "ssn_tin": "Ssn Tin", "financial_account": "Financial Account", "ip_address": "IP Address", "device_id": "Device Id", "biometric_data": "Biometric Data", "health_record_id": "Health Record Id", "precise_geolocation": "Precise Geolocation", "race_ethnicity": "Race Ethnicity", "religion": "Religion", "sexual_orientation": "Sexual Orientation", "political_opinion": "Political Opinion", "trade_union_membership": "Trade Union Membership" }, "regulatory_mappings": { "gdpr": "Article 4(1) personal data; Article 9 special category data", "ccpa": "Section 1798.140 — Personal information categories" }, "source": "GDPR Articles 4 & 9; CCPA 1798.140; NIST Privacy Framework" }, { "enum_name": "DataSubjectRequestType", "label": "Data Subject Request Type", "otel_attribute": "gen_ai.data.subject_request_type", "opa_policy_path": "data.gen_ai.data.subject_request_type", "rego_input_key": "gen_ai_data_subject_request_type", "stability": "stable", "description": "Defines the allowed values for Data Subject Request Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to GDPR Articles 15-22; CCPA 1798.100-1798.125.", "permitted_values": [ "access", "rectification", "erasure", "portability", "restriction_of_processing", "objection", "opt_out_of_sale", "opt_out_of_profiling" ], "value_labels": { "access": "Access", "rectification": "Rectification", "erasure": "Erasure", "portability": "Portability", "restriction_of_processing": "Restriction of Processing", "objection": "Objection", "opt_out_of_sale": "Opt Out of Sale", "opt_out_of_profiling": "Opt Out of Profiling" }, "regulatory_mappings": { "gdpr": "Articles 15-22 — Data subject rights", "ccpa": "Sections 1798.100-1798.125 — Consumer rights", "lgpd": "Articles 17-22 — Data subject rights (Brazil)" }, "use_case": "Track data subject rights requests that require purging or exporting agent memory stores. Drives AgentMemoryOperation purge workflows.", "source": "GDPR Articles 15-22; CCPA 1798.100-1798.125" }, { "enum_name": "DataSubjectRequestStatus", "label": "Data Subject Request Status", "otel_attribute": "gen_ai.data.subject_request_status", "opa_policy_path": "data.gen_ai.data.subject_request_status", "rego_input_key": "gen_ai_data_subject_request_status", "stability": "stable", "description": "Defines the allowed values for Data Subject Request Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to GDPR Article 12; CCPA 1798.130.", "permitted_values": [ "received", "identity_verified", "processing", "fulfilled", "denied", "partially_fulfilled", "escalated", "overdue" ], "value_labels": { "received": "Received", "identity_verified": "Identity Verified", "processing": "Processing", "fulfilled": "Fulfilled", "denied": "Denied", "partially_fulfilled": "Partially Fulfilled", "escalated": "Escalated", "overdue": "Overdue" }, "regulatory_mappings": { "gdpr": "Article 12 — 30-day response obligation", "ccpa": "Section 1798.130 — 45-day response obligation" }, "source": "GDPR Article 12; CCPA 1798.130" }, { "enum_name": "DataSubjectRequestDenialReason", "label": "Data Subject Request Denial Reason", "otel_attribute": "gen_ai.data.subject_request_denial_reason", "opa_policy_path": "data.gen_ai.data.subject_request_denial_reason", "rego_input_key": "gen_ai_data_subject_request_denial_reason", "stability": "proposed", "description": "Defines the allowed values for Data Subject Request Denial Reason in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to GDPR Article 17(3) — Exceptions to right of erasure; GDPR Article 12(5).", "permitted_values": [ "identity_not_verified", "legal_obligation_to_retain", "freedom_of_expression_exemption", "public_interest_exemption", "legitimate_interests_override", "request_manifestly_unfounded", "data_not_held" ], "value_labels": { "identity_not_verified": "Identity not Verified", "legal_obligation_to_retain": "Legal Obligation to Retain", "freedom_of_expression_exemption": "Freedom of Expression Exemption", "public_interest_exemption": "Public Interest Exemption", "legitimate_interests_override": "Legitimate Interests Override", "request_manifestly_unfounded": "Request Manifestly Unfounded", "data_not_held": "Data not Held" }, "source": "GDPR Article 17(3) — Exceptions to right of erasure; GDPR Article 12(5)" }, { "enum_name": "ModelCardSection", "label": "Model Card Section", "otel_attribute": "gen_ai.model_card.section", "opa_policy_path": "data.gen_ai.model_card.section", "rego_input_key": "gen_ai_model_card_section", "stability": "proposed", "description": "Defines the allowed values for Model Card Section in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Google Model Cards (2019); Hugging Face Model Card spec; EU AI Act Article 11.", "permitted_values": [ "model_details", "intended_uses", "out_of_scope_uses", "training_data", "evaluation_data", "performance_metrics", "ethical_considerations", "caveats_and_recommendations", "bias_analysis", "red_team_results", "known_limitations", "update_history" ], "value_labels": { "model_details": "Model Details", "intended_uses": "Intended Uses", "out_of_scope_uses": "Out of Scope Uses", "training_data": "Training Data", "evaluation_data": "Evaluation Data", "performance_metrics": "Performance Metrics", "ethical_considerations": "Ethical Considerations", "caveats_and_recommendations": "Caveats and Recommendations", "bias_analysis": "Bias Analysis", "red_team_results": "Red Team Results", "known_limitations": "Known Limitations", "update_history": "Update History" }, "regulatory_mappings": { "eu_ai_act": "Article 11 — Technical documentation", "iso_42001": "Clause 8.4 — AI system documentation", "nist_ai_rmf": "GOVERN 1.7 — AI risk documentation" }, "source": "Google Model Cards (2019); Hugging Face Model Card spec; EU AI Act Article 11" }, { "enum_name": "RAGRetrievalQualityFlag", "label": "RAG Retrieval Quality Flag", "otel_attribute": "gen_ai.rag.retrieval_quality", "opa_policy_path": "data.gen_ai.rag.retrieval_quality", "rego_input_key": "gen_ai_rag_retrieval_quality", "stability": "proposed", "description": "Retrieval quality assessment for a RAG call, used to decide whether downstream generation may proceed, needs stronger grounding checks, or should be blocked.", "permitted_values": [ "high_relevance", "medium_relevance", "low_relevance", "no_relevant_documents", "source_not_trusted", "stale_context", "retrieval_error" ], "value_labels": { "high_relevance": "High Relevance", "medium_relevance": "Medium Relevance", "low_relevance": "Low Relevance", "no_relevant_documents": "No Relevant Documents", "source_not_trusted": "Source Not Trusted", "stale_context": "Stale Context", "retrieval_error": "Retrieval Error" }, "use_case": "OPA rule: require hallucination_check guardrail when retrieval_quality is low_relevance or no_relevant_documents.", "source": "RAGAS evaluation framework; LlamaIndex retrieval evaluation metrics" } ] }, "grc_portal_schemas": { "description": "Structured field schemas for the GRC portal's core data records. These define the shared contracts for agent registration, audit logs, HITL task queue items, and policy rule records. They are the load-bearing structures that prevent vocabulary fragmentation across teams building on this platform.", "agent_registry_schema": { "description": "The authoritative registration record for a deployed agent instance in the GRC portal. Every agent that emits OTel spans must have a corresponding registry entry. Span attributes are validated against this record at evaluation time.", "fields": { "agent_id": { "type": "string", "format": "uuid", "required": true, "description": "Globally unique identifier for this agent instance." }, "agent_name": { "type": "string", "required": true }, "agent_version": { "type": "string", "required": true, "description": "Semantic version of the agent definition (not the model version)." }, "agent_role": { "type": "enum", "enum_ref": "AgentRoleKind", "required": true }, "autonomy_level": { "type": "enum", "enum_ref": "AgentAutonomyLevel", "required": true }, "assigned_risk_tier": { "type": "enum", "enum_ref": "AgentTaskRiskTier", "required": true }, "eu_ai_act_classification": { "type": "enum", "enum_ref": "EUAIActRiskLevel", "required": false }, "eu_ai_act_use_case": { "type": "enum", "enum_ref": "EUAIActHighRiskUseCase", "required": false }, "conformity_assessment_status": { "type": "enum", "enum_ref": "ConformityAssessmentStatus", "required": false }, "conformity_assessment_id": { "type": "string", "required": false }, "model_provider": { "type": "enum", "enum_ref": "ModelProviderName", "required": true }, "model_name": { "type": "string", "required": true }, "model_version": { "type": "string", "required": true }, "model_risk_validation_status": { "type": "enum", "enum_ref": "ModelRiskValidationStatus", "required": false, "note": "ModelRiskValidationStatus is defined in 01_banking_financial_services.json but applies to any regulated industry." }, "allowed_tool_types": { "type": "array", "items": { "enum_ref": "ToolType" }, "required": true }, "allowed_memory_types": { "type": "array", "items": { "enum_ref": "MemoryType" }, "required": false }, "max_authorization_scope": { "type": "enum", "enum_ref": "AuthorizationScopeTier", "required": false, "description": "Maximum execution authority granted to the registered agent under normal operation." }, "model_hosting_boundary": { "type": "enum", "enum_ref": "ModelHostingBoundary", "required": false }, "data_residency_zone": { "type": "enum", "enum_ref": "DataResidencyZone", "required": false }, "model_capability_tier": { "type": "enum", "enum_ref": "ModelCapabilityTier", "required": false }, "hitl_mode": { "type": "enum", "enum_ref": "HumanOversightMode", "required": true }, "deployment_environment": { "type": "enum", "enum_ref": "DeploymentEnvironment", "required": true }, "tenant_isolation_model": { "type": "enum", "enum_ref": "TenantIsolationModel", "required": true }, "data_residency_region": { "type": "string", "required": false, "description": "ISO 3166-1 alpha-2 country code or region identifier for data residency enforcement." }, "owning_team": { "type": "string", "required": true }, "owning_tenant_id": { "type": "string", "required": true }, "iso42001_lifecycle_stage": { "type": "enum", "enum_ref": "ISO42001LifecycleStage", "required": true }, "nist_implementation_tier": { "type": "enum", "enum_ref": "NISTImplementationTier", "required": false }, "registered_at": { "type": "string", "format": "iso8601_datetime", "required": true }, "last_updated_at": { "type": "string", "format": "iso8601_datetime", "required": true } } }, "audit_log_event_schema": { "description": "The immutable audit event envelope emitted by the GRC platform for every policy evaluation, guardrail activation, HITL decision, and incident. This is the artifact exported for EU AI Act Article 12 record-keeping, SR 11-7 model risk audits, and DORA incident reports.", "fields": { "event_id": { "type": "string", "format": "uuid", "required": true }, "event_type": { "type": "enum", "permitted_values": [ "policy_evaluation", "guardrail_trigger", "hitl_decision", "incident_created", "incident_updated", "data_subject_request", "model_change", "agent_registration", "agent_deregistration" ], "required": true }, "trace_id": { "type": "string", "required": true, "description": "OTel trace_id linking this event to the originating agent span tree." }, "span_id": { "type": "string", "required": true, "description": "OTel span_id of the specific span that triggered this event." }, "agent_id": { "type": "string", "format": "uuid", "required": true }, "agent_version": { "type": "string", "required": true }, "policy_id": { "type": "string", "required": false, "description": "Present when event_type is policy_evaluation." }, "policy_version": { "type": "string", "required": false }, "policy_decision": { "type": "enum", "enum_ref": "PolicyEnforcementDecision", "required": false }, "policy_enforcement_outcome": { "type": "enum", "enum_ref": "PolicyEnforcementOutcome", "required": false }, "guardrail_trigger": { "type": "enum", "enum_ref": "GuardrailTriggerKind", "required": false }, "task_risk_tier": { "type": "enum", "enum_ref": "AgentTaskRiskTier", "required": false }, "data_sensitivity": { "type": "enum", "enum_ref": "DataSensitivityClassification", "required": false }, "hitl_decision": { "type": "enum", "enum_ref": "HumanOversightDecision", "required": false }, "hitl_escalation_reason": { "type": "enum", "enum_ref": "HITLEscalationReason", "required": false }, "hitl_reviewer_id": { "type": "string", "required": false, "description": "Identity of the human reviewer; present when event_type is hitl_decision." }, "hitl_reviewer_role": { "type": "enum", "enum_ref": "HITLReviewerRole", "required": false }, "incident_severity": { "type": "enum", "enum_ref": "AIIncidentSeverity", "required": false }, "incident_category": { "type": "enum", "enum_ref": "AIIncidentCategory", "required": false }, "delegation_mode": { "type": "enum", "enum_ref": "ActorDelegationMode", "required": false }, "authorization_scope_tier": { "type": "enum", "enum_ref": "AuthorizationScopeTier", "required": false }, "trace_lineage_status": { "type": "enum", "enum_ref": "TraceLineageStatus", "required": false }, "output_confidence_tier": { "type": "enum", "enum_ref": "OutputConfidenceTier", "required": false }, "output_grounding_status": { "type": "enum", "enum_ref": "OutputGroundingStatus", "required": false }, "transaction_value_tier": { "type": "enum", "enum_ref": "TransactionValueTier", "required": false }, "channel_origination_type": { "type": "enum", "enum_ref": "ChannelOriginationType", "required": false }, "customer_segment": { "type": "enum", "enum_ref": "CustomerSegment", "required": false }, "adversarial_suspicion": { "type": "enum", "enum_ref": "AdversarialSuspicionLevel", "required": false }, "model_hosting_boundary": { "type": "enum", "enum_ref": "ModelHostingBoundary", "required": false }, "data_residency_zone": { "type": "enum", "enum_ref": "DataResidencyZone", "required": false }, "actor_identity": { "type": "string", "required": true, "description": "Identity of the principal (agent_id, user_id, or system) that triggered the event." }, "decision_rationale": { "type": "string", "required": false, "description": "Human-readable or Rego-generated rationale for the policy decision." }, "input_snapshot_ref": { "type": "string", "required": false, "description": "Reference to stored input payload for audit replay; must not contain raw PII." }, "output_snapshot_ref": { "type": "string", "required": false }, "tenant_id": { "type": "string", "required": true }, "deployment_environment": { "type": "enum", "enum_ref": "DeploymentEnvironment", "required": true }, "timestamp": { "type": "string", "format": "iso8601_datetime", "required": true }, "immutable": { "type": "boolean", "value": true, "description": "All audit log events are append-only. No field may be modified after creation." } } }, "hitl_task_schema": { "description": "A task record placed in the GRC portal HITL review queue when an agent action requires human approval. Consumed by the reviewer UI and by OPA to evaluate whether an action may proceed.", "fields": { "task_id": { "type": "string", "format": "uuid", "required": true }, "task_type": { "type": "enum", "enum_ref": "HITLTaskType", "required": true }, "task_priority": { "type": "enum", "enum_ref": "HITLTaskPriority", "required": true }, "status": { "type": "enum", "permitted_values": [ "pending", "assigned", "in_review", "decided", "expired", "cancelled" ], "required": true }, "agent_id": { "type": "string", "format": "uuid", "required": true }, "trace_id": { "type": "string", "required": true }, "span_id": { "type": "string", "required": true }, "task_intent_kind": { "type": "enum", "enum_ref": "TaskIntentKind", "required": false }, "tool_type": { "type": "enum", "enum_ref": "ToolType", "required": false }, "action_reversibility": { "type": "enum", "enum_ref": "ActionIrreversibilityLevel", "required": true }, "task_risk_tier": { "type": "enum", "enum_ref": "AgentTaskRiskTier", "required": true }, "transaction_value_tier": { "type": "enum", "enum_ref": "TransactionValueTier", "required": false }, "output_confidence_tier": { "type": "enum", "enum_ref": "OutputConfidenceTier", "required": false }, "escalation_reason": { "type": "enum", "enum_ref": "HITLEscalationReason", "required": true }, "authorization_scope_tier": { "type": "enum", "enum_ref": "AuthorizationScopeTier", "required": false }, "trace_lineage_status": { "type": "enum", "enum_ref": "TraceLineageStatus", "required": false }, "data_sensitivity": { "type": "enum", "enum_ref": "DataSensitivityClassification", "required": false }, "requested_by_agent_id": { "type": "string", "required": true }, "assigned_reviewer_id": { "type": "string", "required": false }, "required_reviewer_role": { "type": "enum", "enum_ref": "HITLReviewerRole", "required": true }, "decision": { "type": "enum", "enum_ref": "HumanOversightDecision", "required": false }, "decision_notes": { "type": "string", "required": false }, "sla_deadline": { "type": "string", "format": "iso8601_datetime", "required": true, "description": "Calculated from task_priority. Critical: 15min, High: 2hr, Normal: 24hr, Low: 72hr." }, "created_at": { "type": "string", "format": "iso8601_datetime", "required": true }, "decided_at": { "type": "string", "format": "iso8601_datetime", "required": false }, "tenant_id": { "type": "string", "required": true } } }, "policy_rule_schema": { "description": "A policy rule record in the GRC portal. Defines the metadata for a Rego policy, its scope, enforcement mode, lifecycle status, and the enum categories it evaluates. The rego_package_path links to the actual .rego file in the policy bundle.", "fields": { "policy_id": { "type": "string", "format": "uuid", "required": true }, "policy_name": { "type": "string", "required": true }, "policy_version": { "type": "string", "format": "semver", "required": true }, "description": { "type": "string", "required": true }, "status": { "type": "enum", "enum_ref": "PolicyStatus", "required": true }, "enforcement_mode": { "type": "enum", "enum_ref": "PolicyEnforcementMode", "required": true }, "scope": { "type": "enum", "enum_ref": "PolicyScope", "required": true }, "trigger_events": { "type": "array", "items": { "enum_ref": "PolicyTriggerEvent" }, "required": true }, "applicable_risk_tiers": { "type": "array", "items": { "enum_ref": "AgentTaskRiskTier" }, "required": false }, "applicable_agent_roles": { "type": "array", "items": { "enum_ref": "AgentRoleKind" }, "required": false }, "applicable_authorization_scopes": { "type": "array", "items": { "enum_ref": "AuthorizationScopeTier" }, "required": false }, "applicable_regimes": { "type": "array", "items": { "enum_ref": "RegulatoryPrimaryRegime" }, "required": false }, "applicable_hosting_boundaries": { "type": "array", "items": { "enum_ref": "ModelHostingBoundary" }, "required": false }, "applicable_industries": { "type": "array", "items": { "type": "string" }, "required": false, "description": "Industry vertical keys matching the file names, e.g. banking_financial_services, healthcare." }, "rego_package_path": { "type": "string", "required": true, "description": "The Rego package declaration, e.g. data.gen_ai.governance. Links to the .rego file in the OPA bundle." }, "regulatory_basis": { "type": "array", "items": { "type": "string" }, "required": false, "description": "Array of regulatory article references this policy implements." }, "evaluated_enum_categories": { "type": "array", "items": { "type": "string" }, "required": false, "description": "List of enum_name values from this library that this policy evaluates." }, "owner_team": { "type": "string", "required": true }, "tenant_id": { "type": "string", "required": false, "description": "Null for global policies; set for tenant-scoped policies." }, "created_at": { "type": "string", "format": "iso8601_datetime", "required": true }, "last_updated_at": { "type": "string", "format": "iso8601_datetime", "required": true }, "superseded_by_policy_id": { "type": "string", "required": false } } } }, "otel_metrics_catalog": { "namespace": "gen_ai.metrics", "description": "Canonical OTel metric names, instrument types, units, and attribute cardinality for agentic AI observability. Aligned to OTel GenAI Semantic Conventions metrics specification.", "source_url": "https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-metrics/", "metrics": [ { "metric_name": "gen_ai.client.token.usage", "type": "histogram", "unit": "{token}", "attributes": [ "gen_ai.token.type", "gen_ai.provider.name", "gen_ai.request.model" ], "description": "Token consumption per request, split by prompt vs completion.", "source": "OTel GenAI Metrics Spec (stable)" }, { "metric_name": "gen_ai.client.operation.duration", "type": "histogram", "unit": "s", "attributes": [ "gen_ai.operation.name", "gen_ai.provider.name", "gen_ai.request.model" ], "description": "End-to-end latency of GenAI client operations.", "source": "OTel GenAI Metrics Spec (stable)" }, { "metric_name": "gen_ai.agent.task.count", "type": "counter", "unit": "{task}", "attributes": [ "gen_ai.task.state", "gen_ai.task.status", "gen_ai.agent.name", "gen_ai.task.kind" ], "description": "Total tasks per agent by lifecycle state and outcome.", "source": "Proposed OTel GenAI Agent Metrics" }, { "metric_name": "gen_ai.guardrail.trigger.count", "type": "counter", "unit": "{trigger}", "attributes": [ "gen_ai.guardrail.trigger", "gen_ai.policy.decision", "gen_ai.agent.name" ], "description": "Guardrail activations by trigger type and policy decision.", "source": "Proposed GRC observability metric" }, { "metric_name": "gen_ai.hitl.review.duration", "type": "histogram", "unit": "s", "attributes": [ "gen_ai.hitl.decision", "gen_ai.task.risk_tier", "gen_ai.hitl.mode" ], "description": "Time in HITL review queue per decision outcome and risk tier. Use for SLA compliance monitoring.", "source": "Proposed GRC observability metric" }, { "metric_name": "gen_ai.memory.store.size", "type": "gauge", "unit": "{record}", "attributes": [ "gen_ai.memory.type", "gen_ai.agent.name" ], "description": "Current record count per memory store per agent. Supports GDPR TTL enforcement.", "source": "Proposed GRC observability metric" }, { "metric_name": "gen_ai.evaluation.score", "type": "gauge", "unit": "{score}", "attributes": [ "gen_ai.evaluation.metric", "gen_ai.agent.name", "gen_ai.request.model" ], "description": "Quality and safety evaluation scores per metric dimension.", "source": "OTel GenAI Events Spec" }, { "metric_name": "gen_ai.cost.budget_utilization", "type": "gauge", "unit": "{percent}", "attributes": [ "gen_ai.cost.budget_scope", "gen_ai.agent.name", "gen_ai.provider.name" ], "description": "Percentage of cost budget consumed within the defined scope. Drives ResourceQuotaStatus transitions.", "source": "Proposed GRC FinOps metric" }, { "metric_name": "gen_ai.policy.enforcement.outcome.count", "type": "counter", "unit": "{decision}", "attributes": [ "gen_ai.policy.enforcement_outcome", "gen_ai.authorization.scope_tier", "gen_ai.regulatory.primary_regime" ], "description": "Count of final governance outcomes after policy normalization. Use to trend allowed, constrained, and blocked actions by regime and authority tier.", "source": "Proposed GRC portal analytics metric" }, { "metric_name": "gen_ai.hitl.escalation.count", "type": "counter", "unit": "{escalation}", "attributes": [ "gen_ai.hitl.escalation_reason", "gen_ai.task.risk_tier", "gen_ai.transaction.value_tier" ], "description": "Count of human escalations by reason, risk, and value tier. Use for queue design, staffing, and automation tuning.", "source": "Proposed GRC workflow metric" }, { "metric_name": "gen_ai.trace.lineage.exception.count", "type": "counter", "unit": "{trace_exception}", "attributes": [ "gen_ai.trace.lineage_status", "gen_ai.operation.name", "gen_ai.provider.name" ], "description": "Count of non-fully-traceable interactions so audit and model risk teams can monitor lineage gaps by operation and provider.", "source": "Proposed auditability metric" } ] }, "opa_rego_policy_patterns": { "description": "Reference OPA Rego policy patterns. These are illustrative patterns, not production policies. Input attribute names replace '.' with '_' from the OTel span attribute names.", "patterns": [ { "pattern_id": "gen_ai.hitl_required_for_critical_irreversible_actions", "pattern_name": "hitl_required_for_critical_irreversible_actions", "enforcement_effect": "require_hitl_approval", "description": "Require prior HITL approval before a fully autonomous agent executes an irreversible critical action on a tier_4 risk task.", "applicable_enums": [ "AgentAutonomyLevel", "AgentTaskRiskTier", "ActionIrreversibilityLevel", "HumanOversightDecision" ], "regulatory_basis": "EU AI Act Article 14; NIST AI RMF MANAGE 2.2", "rego_sketch": "package gen_ai.governance\n\ndefault allow = false\n\nallow { input.gen_ai_agent_autonomy_level != \"fully_autonomous\" }\n\nallow {\n input.gen_ai_task_risk_tier != \"tier_4_critical\"\n input.gen_ai_action_reversibility != \"irreversible_critical\"\n}\n\nallow { input.gen_ai_hitl_decision == \"approved\" }\nallow { input.gen_ai_hitl_decision == \"modified_and_approved\" }" }, { "pattern_id": "gen_ai.eu_ai_act_high_risk_conformity_gate", "pattern_name": "eu_ai_act_high_risk_conformity_gate", "enforcement_effect": "deny", "description": "Block deployment of EU AI Act Annex III high-risk agentic systems without a conformity assessment on record.", "applicable_enums": [ "EUAIActRiskLevel", "ConformityAssessmentStatus", "DeploymentEnvironment" ], "regulatory_basis": "EU AI Act Article 43", "rego_sketch": "package gen_ai.regulatory\n\nconformity_complete := {\"self_assessment_complete\", \"third_party_certified\"}\n\ndeny[msg] {\n input.gen_ai_regulatory_eu_ai_act_risk_level in {\"high_risk_annex1\", \"high_risk_annex3\"}\n input.gen_ai_deployment_environment == \"production\"\n not input.gen_ai_regulatory_conformity_status in conformity_complete\n msg := sprintf(\"EU AI Act high-risk deployment blocked: conformity status '%v' does not satisfy Article 43\", [input.gen_ai_regulatory_conformity_status])\n}" }, { "pattern_id": "gen_ai.owasp_agentic_threat_quarantine", "pattern_name": "owasp_agentic_threat_quarantine", "enforcement_effect": "deny", "description": "Quarantine agent execution when a high-severity OWASP Agentic Top 10 threat is detected.", "applicable_enums": [ "AgentSecurityThreatKind", "AgentDriftIndicator", "PolicyEnforcementDecision" ], "regulatory_basis": "OWASP Top 10 for Agentic Applications 2026; NIST AI RMF MANAGE 1.3", "rego_sketch": "package gen_ai.security\n\nhigh_severity_threats := {\n \"ASI01_prompt_injection\", \"ASI02_excessive_agency\",\n \"ASI06_memory_context_poisoning\",\n \"ASI07_insecure_inter_agent_communication\", \"ASI10_rogue_agent\"\n}\n\ndecision = \"quarantined\" { input.gen_ai_security_threat_kind in high_severity_threats }\n\ndecision = \"allow_with_audit\" {\n not input.gen_ai_security_threat_kind in high_severity_threats\n input.gen_ai_security_threat_kind != null\n}" }, { "pattern_id": "gen_ai.cost_budget_enforcement", "pattern_name": "cost_budget_enforcement", "enforcement_effect": "deny", "description": "Deny new tool calls when the agent's cost budget has been exceeded; degrade to advisory mode when approaching limit.", "applicable_enums": [ "ResourceQuotaStatus", "PolicyEnforcementDecision", "ToolType" ], "regulatory_basis": "OWASP LLM10 Unbounded Consumption", "rego_sketch": "package gen_ai.cost\n\ndeny[msg] {\n input.gen_ai_cost_quota_status == \"limit_exceeded\"\n msg := sprintf(\"Agent '%v' has exceeded its cost budget. Tool call denied.\", [input.gen_ai_agent_name])\n}\n\nwarn[msg] {\n input.gen_ai_cost_quota_status == \"approaching_limit\"\n msg := sprintf(\"Agent '%v' is approaching its cost budget limit.\", [input.gen_ai_agent_name])\n}" }, { "pattern_id": "gen_ai.low_confidence_high_value_requires_hitl", "pattern_name": "low_confidence_high_value_requires_hitl", "enforcement_effect": "require_hitl_approval", "description": "Require HITL approval when a low-confidence output is being used for a high-value or critical action.", "applicable_enums": [ "OutputConfidenceTier", "TransactionValueTier", "HumanOversightDecision", "PolicyEnforcementOutcome" ], "regulatory_basis": "NIST AI 600-1; EU AI Act Article 14", "rego_sketch": "package gen_ai.quality\n\nrequires_hitl {\n input.gen_ai_output_confidence_tier in {\"very_low\", \"low\"}\n input.gen_ai_transaction_value_tier in {\"high\", \"very_high\", \"critical\"}\n}\n\nallow { not requires_hitl }\nallow { requires_hitl; input.gen_ai_hitl_decision == \"approved\" }\nallow { requires_hitl; input.gen_ai_hitl_decision == \"modified_and_approved\" }" }, { "pattern_id": "gen_ai.delegated_authority_requires_checker", "pattern_name": "delegated_authority_requires_checker", "enforcement_effect": "require_hitl_approval", "description": "Require a human checker when delegated execution exceeds draft-and-queue authority or uses break-glass privileges.", "applicable_enums": [ "ActorDelegationMode", "AuthorizationScopeTier", "HITLMakerCheckerStatus", "HumanOversightDecision" ], "regulatory_basis": "NIST AI RMF GOVERN 1.3; maker-checker internal control patterns", "rego_sketch": "package gen_ai.authorization\n\nrequires_checker {\n input.gen_ai_actor_delegation_mode != \"direct_human\"\n input.gen_ai_authorization_scope_tier in {\"execute_limited\", \"execute_full\", \"break_glass\"}\n}\n\ndeny[msg] {\n requires_checker\n input.gen_ai_hitl_maker_checker_status != \"agent_maker_human_checker\"\n msg := \"Delegated execution above draft-and-queue requires an agent-maker/human-checker control pattern\"\n}" }, { "pattern_id": "gen_ai.block_sensitive_data_cross_border_to_unapproved_hosting", "pattern_name": "block_sensitive_data_cross_border_to_unapproved_hosting", "enforcement_effect": "deny", "description": "Block restricted data from leaving approved residency zones or reaching third-party hosting boundaries that permit provider training.", "applicable_enums": [ "SecurityDataPrivacyTier", "ModelHostingBoundary", "DataResidencyZone", "PolicyEnforcementOutcome" ], "regulatory_basis": "GDPR Chapter V; DORA third-party ICT risk controls", "rego_sketch": "package gen_ai.privacy\n\nrestricted := {\"restricted_pii\", \"restricted_phi\", \"restricted_mnpi\"}\n\ndeny[msg] {\n input.gen_ai_security_data_privacy_tier in restricted\n input.gen_ai_model_hosting_boundary == \"third_party_saas_training_permitted\"\n msg := \"Restricted data cannot be sent to third-party SaaS boundaries that permit provider training\"\n}\n\ndeny[msg] {\n input.gen_ai_security_data_privacy_tier in restricted\n input.gen_ai_data_residency_zone == \"global_unrestricted\"\n msg := \"Restricted data requires a constrained residency zone before processing may continue\"\n}" } ] } }