Skip to main content
Jira progress: loading…

AIIL-LG

Al Lifecycle & Governance

1. Orchestration with Airflow DAGs

1.1. Purpose & Role

Airflow DAGs orchestrate the entire AI lifecycle in ZAYAZ — from extracting behavioral traces to packaging datasets, training adapters, and validating with evaluation gates.

The role of Airflow in governance is to:

  • Provide transparent, auditable workflows for AI lifecycle events.
  • Ensure no unvalidated adapter/model enters production.
  • Maintain traceability between datasets, model versions, and evaluation results.

By encoding the lifecycle into Airflow, ZAYAZ ensures that AI governance is as structured as financial reporting workflows.

1.2. Pipeline Stages

The ZAYAZ AI lifecycle pipeline consists of four core stages, each represented as an Airflow task:

  • Behavioral Extract

    • Collect behavioral traces from production (inputs, retrieved context, outputs, refusal events).
    • Store as structured JSONL with trace IDs, adapter IDs, and framework IDs.

  • Packager

    • Bundle extracted traces into training/eval datasets.
    • Apply filtering (drop incomplete logs, anonymize sensitive data).
    • Version datasets with Git SHAs and checksums.

  • Train Fine-tune adapters or reinforcement models using packaged data. Store trained models in the Adapter Registry, pinned to version IDs.

  • Eval & Gate

    • Run Evaluation Harness (see Chapter 14).
    • Apply pass/fail thresholds for:
      • Citation accuracy.
      • Structure adherence (DR/AR/NMIG).
      • Refusal quality.
    • Block promotion if thresholds not met.

1.3. Governance Features

  • Dataset Hashing: Every dataset packaged logs a checksum.
  • Model Versioning: All trained models stored with commit SHA + dataset hash.
  • Traceability: Logs enable auditors to see which dataset produced which adapter.
  • Immutable Audit Trails: DAG runs logged in append-only storage.

1.4. Example Airflow DAG

airflow-dag.py
from airflow import DAG
from airflow.operators.python import PythonOperator
from datetime import datetime

def extract_behavioral_traces():
    # Pull traces from production logs
    # Store as JSONL with trace_id, adapter_id, framework_id
    pass

def package_datasets():
    # Clean, filter, anonymize
    # Save dataset with Git SHA + checksum
    pass

def train_adapters():
    # Run fine-tuning or reward model training
    # Store adapter in registry
    pass

def eval_and_gate():
    # Run evaluation harness
    # Block promotion if thresholds not met
    pass

with DAG(
    dag_id="zayaz_ai_lifecycle",
    start_date=datetime(2025, 1, 1),
    schedule_interval="@weekly",
    catchup=False,
    tags=["ai-governance"],
) as dag:

    extract = PythonOperator(
        task_id="behavioral_extract",
        python_callable=extract_behavioral_traces,
    )

    package = PythonOperator(
        task_id="packager",
        python_callable=package_datasets,
    )

    train = PythonOperator(
        task_id="train",
        python_callable=train_adapters,
    )

    eval_gate = PythonOperator(
        task_id="eval_and_gate",
        python_callable=eval_and_gate,
    )

    extract >> package >> train >> eval_gate

This DAG ensures that training and promotion are fully auditable, with no manual shortcuts into production.

1.5. Other Features

  • Multi-Framework Pipelines: Separate DAG branches for ESRS vs ISSB vs SEC adapters.
  • Automated Drift Detection: Trigger retraining when retrieval precision drops below threshold.
  • Verifier Feedback Loops: Ingest verifier audit notes directly into behavioral extract datasets.
  • Continuous Learning: Move from scheduled retraining to event-driven updates.

With Airflow DAG orchestration, ZAYAZ achieves governed, reproducible, and regulator-ready AI lifecycle management, ensuring no model or adapter bypasses evaluation gates.

2. Go/No-Go Engine

2.1. Purpose & Role

The Go/No-Go Engine is the decision-making system that determines whether AI features (RAG, calibration, jurisdiction packs) can be enabled for a given customer or dataset.

Its role is to:

  • Enforce regulatory alignment: only enable AI if customer falls under supported frameworks.
  • Guarantee data readiness: block AI if critical disclosures are missing.
  • Support conditional activation: allow partial enablement with explicit limitations.
  • Provide transparent, auditable rules for regulators and auditors.

This engine is the control valve of the AI lifecycle: even if an adapter passes training and evaluation, it will not activate unless the engine returns GO.

2.2. Decision Schema

Each decision follows a schema-based evaluation, producing GO, NO-GO, or CONDITIONAL-GO.

Inputs

  • Customer Profile: country of incorporation, exchange listing, entity size.
  • Framework Alignment: self-assessment (ESRS, ISSB, SEC, GRI).
  • Data Completeness: mandatory disclosures available (validated via Chapter 10).
  • Jurisdiction Routing: applicable standards packs available.
  • Feature Flags: rollout configuration (pilot customers, beta features).

Output

  • GO → AI features fully enabled.
  • NO-GO → AI features blocked; manual intervention required.
  • CONDITIONAL-GO → AI enabled only in restricted scope (e.g., ESRS only, draft mode).

2.3. Implementation

The Go/No-Go Engine is implemented as a FastAPI microservice with declarative rule logic:

  • Rule Expression: JSONLogic or CEL (Common Expression Language).
  • Execution: Rules evaluated synchronously via API call.
  • Deployment: Containerized, deployed with Helm in Kubernetes cluster.
  • Auditability: Each decision logged with:
    • Rule ID & version.
    • Input payload (customer, framework, data completeness).
    • Output (GO/NO-GO/CONDITIONAL).

2.4. Example Decision Rule (JSONLogic)

decision-rule.json
{
  "and": [
    { "==": [ { "var": "framework" }, "ESRS" ] },
    { "in": [ { "var": "jurisdiction" }, ["EU"] ] },
    { "==": [ { "var": "data_ready" }, true ] }
  ]
}

Interpretation:

  • AI features enabled only if:
  • Framework = ESRS
  • Jurisdiction = EU
  • Data completeness = true

2.5. Example Service Call (FastAPI)

service-call.py
from fastapi import FastAPI
from pydantic import BaseModel

app = FastAPI()

class DecisionRequest(BaseModel):
    customer_id: str
    framework: str
    jurisdiction: str
    data_ready: bool

class DecisionResponse(BaseModel):
    decision: str
    rule_id: str
    version: str

@app.post("/decide", response_model=DecisionResponse)
def decide(request: DecisionRequest):
    # Apply JSONLogic/CEL rules
    if request.framework == "ESRS" and request.jurisdiction == "EU" and request.data_ready:
        return {"decision": "GO", "rule_id": "esrs_eu_v1", "version": "1.0"}
    return {"decision": "NO-GO", "rule_id": "esrs_eu_v1", "version": "1.0"}

2.6. Governance & CI/CD

  • Rule Expression: Rules stored in Git; changes peer-reviewed.
  • Promotion Policy: New rules promoted via CI/CD, Helm-managed.
  • Audit Logs: Immutable records of all decisions.
  • Compliance Review: Rule sets aligned with CSRD, ISSB, SEC mandates.

2.7. Other Features

  • Multi-Framework Conditional Rules: Allow blended decisions (e.g., ESRS + ISSB dual-reporting).
  • Customer-Specific Overlays: Custom rule packs for large enterprises with voluntary frameworks.
  • Regulator Mode: Allow regulators to inspect decision logs directly.
  • Self-Service Transparency: Customers can preview why they received NO-GO.

With the Go/No-Go Engine, ZAYAZ guarantees that AI features are only enabled when compliance, data, and jurisdiction conditions are met, providing a machine-auditable safety gate before AI enters production use.

3. Promotion & Rollback System

3.1. Purpose & Role

The Promotion & Rollback system is the operational mechanism that controls how AI components — adapters, standards packs, or computation modules — are released into production.

Its role is to:

  • Provide safe, controlled rollout of new models and behavior adapters.
  • Enable feature gating for customers and jurisdictions.
  • Ensure instant rollback if compliance, performance, or SLOs are breached.
  • Maintain immutable audit trails for regulatory assurance.

3.2. Core Mechanisms

  • Feature Flags

    • Control exposure of features per customer, jurisdiction, or framework.
    • Allow canary rollouts (1% of customers first, then expand).
    • Enable “beta mode” for pilot customers.

  • Adapter Registry

    • Central registry for all RAG adapters, behavior calibrators, and computation modules.
    • Each entry versioned with:
      • Git SHA.
      • Dataset hash.
      • Evaluation Harness results.
    • Immutable — once registered, versions cannot be altered, only deprecated.

  • Promotion Workflow

    • Candidate passes Evaluation Harness (see next Chapter “N”).
    • Candidate registered in Adapter Registry.
    • Candidate promoted to production via feature flag activation.

  • Rollback Workflow

    • If monitoring detects SLO breach (e.g., citation accuracy < 99%), system auto-triggers rollback.
    • Rollback simply means disabling feature flag for current version and re-enabling last known good version.
    • All rollbacks logged with cause, timestamp, and operator ID.

3.3. Governance & Audit Trails

  • Promotion Records

    • Each promotion event logs:
      • Adapter ID & version.
      • Dataset ID & checksum.
      • Evaluation Harness results.
      • Approver ID.

  • Rollback Records

    • Each rollback event logs:
      • Trigger cause (manual, automated).
      • SLO violation details.
      • Restored version ID.

  • Audit Trail

    • Immutable logs stored in append-only ledger.
    • Regulators/auditors can reconstruct the full promotion lineage.

3.4. Example YAML for Feature Flags

feature-flag.yaml
features:
  esrs_rag_adapter:
    enabled: true
    version: "esrs_v1.3.2"
    customers:
      - "cust_eu_001"
      - "cust_eu_005"
  issb_behavior_calibrator:
    enabled: false
    version: "issb_v0.9.1"

This enables ESRS adapter for selected EU customers, while ISSB calibrator remains disabled.

3.5. Helm Integration for Deployment

Promotions and rollbacks are fully automated via Kubernetes Helm:

  • Promotion → helm upgrade with new adapter version + feature flag toggle.
  • Rollback → helm rollback to prior chart revision.
  • GitOps Workflow: Promotions triggered by PR merges into Git main branch.

3.6. Other Features

  • Progressive Delivery: Automated rollout using Argo Rollouts with SLO-based gating.
  • Multi-Tenant Customization: Different adapter versions for different customers (e.g., ESRS July 2025 vs older draft).
  • Verifier Approval Workflow: Require external verifier sign-off before promotion.
  • Regulator Sandbox Mode: Allow regulators to test new adapters in preview before release.

4. Evaluation Harness

4.1. Purpose & Role

The Evaluation Harness is ZAYAZ’s compliance-grade testing framework for AI models, adapters, and computation modules.

Its role is to:

  • Provide objective, repeatable tests for AI performance.
  • Enforce pass/fail thresholds that align with compliance and audit requirements.
  • Detect regressions before promotion.
  • Ensure traceability of evaluation results for regulators and auditors.

No adapter, standards pack, or computation module can be promoted without passing the Harness.

4.2. Evaluation Datasets

  • Gold Set

    • Canonical set of queries with expected answers.
    • Coverage across ESRS, ISSB, SEC, GRI.
    • Includes both structured queries (disclosure lookups) and open queries (stakeholder narratives).

  • Adversarial Set

    • Designed to probe weak points.
    • Examples:
      • Unsupported frameworks (e.g., SASB not yet integrated).
      • Attempts to bypass refusal rules (“give me Scope 3 in two words”).
      • Prompt injection attempts.

  • Regression Set

    • Subset of previous production queries where issues were detected.
    • Ensures fixes remain effective over time.

4.3. Pass Gates

The Evaluation Harness enforces strict pass thresholds:

CategoryMetricPass Threshold
Citation Accuracy% answers with correct citations≥ 99%
Structure Adherence% outputs following DR/AR/NMIG schema≥ 98%
Refusal Quality% unsupported queries correctly refused≥ 99%
Retrieval QualityPrecision@5 (relevant docs in top 5)≥ 95%
LatencyInference time P95≤ 2s
Security% ACL-enforced retrievals100 %

4.4. Regression Policy

  • Blocking Regressions If any critical metric falls below threshold, promotion blocked.
  • Tolerance Bands Minor fluctuations allowed (±0.5%) if overall trend stable.
  • Manual Override Requires compliance officer approval, logged in audit trail.

4.5. CI/CD Integration

The Harness runs as part of ZAYAZ CI/CD pipelines:

  • Trigger: On every PR that modifies adapters, standards packs, or Computation Hub modules.
  • Execution: Harness runs in Kubernetes test cluster.
  • Results: Stored in immutable logs, linked to model/dataset version IDs.
  • Promotion Gate: Helm deploy only executes if Harness returns pass.

4.6. Governance & Auditability

  • Evaluation Records Logs include dataset ID, adapter ID, test results, commit SHA.
  • Audit Dashboards Regulators/auditors can view evaluation history.
  • Reproducibility Any evaluation run can be re-executed with same dataset + adapter version.

4.7. Other Features

  • Continuous Benchmarking: Run Harness daily on live samples, not just CI/CD.
  • Verifier Involvement: Allow assurance providers to review Harness datasets.
  • Explainability Scoring: Evaluate transparency (e.g., SHAP explanations, heatmaps).
  • Stress Testing: Include multilingual queries, extreme inputs, and long-tail cases.


GitHub RepoRequest for Change (RFC)