TealTiger Governance Best Practices Checklist (v1.2.x)
This checklist defines the minimum bar for correct runtime governance using TealTiger v1.2.x. Use it as:- An implementation guide
- A readiness review
- An audit preparation checklist
Policy & Determinism
- CEL used only for authoring
- Policies compiled to canonical JSON rules
-
policy_hashcomputed over canonical rules - Golden corpora gate policy compiler behavior
Runtime Enforcement
- Enforcement occurs at model/tool boundaries
- Same inputs yield same decisions
- Policy modes used intentionally (
REPORT_ONLY,MONITOR,ENFORCE)
Evidence & Audit
- AuditEvents emitted for every decision
- EvidenceBundle generated per run
- LineageGraph generated deterministically
- Redaction‑safe defaults enforced
Reason Codes & Semantics
- All reason codes registered in canonical registry
- Meanings are stable and versioned
- CI validates registry completeness
Approvals & Exceptions
-
REQUIRE_APPROVALused for high‑risk actions - Approval outcomes are auditable
- No ad‑hoc overrides
Cost Governance
- Cost metadata captured
- Budgets enforced or gated
- Degrade used instead of fail‑open where appropriate
Release Discipline
- Golden corpora pass in TS and Python
- Requirements/design frozen per version
- Breaking changes require new version