Extension Roadmap¶
Target Architecture — Final-State Design
This page describes how the Governance, Security & Compliance Platform extends beyond its initial eleven services. Everything here is target/planned unless marked otherwise; the platform is designed so new governance domains, policy packs, and agents plug in without re-architecting the policy and trust layer.
Extension Principles¶
- Policy is data, not code — new controls are added as versioned
PolicyDefinitions/PolicyRules, not new deployments. The ten governance domains and the ABAC model are open for extension. - New domains are additive — a new governance domain becomes a new
domainvalue plus supplier attributes feeding the existing policy decision point; the PDP path is unchanged. - Suppliers, not forks — additional ABAC inputs (new classifiers, risk signals) are added as supplier services consulted during evaluation, keeping
PolicyEngineServicestable. - Events first — new capabilities emit canonical events so other platforms integrate without coupling.
- Reusable across tenants — every extension (policy pack, classifier, risk model) is a catalogued, versioned, multi-tenant asset.
- Backwards compatible — new fields/effects are additive; breaking changes follow the Event Envelope versioning rules.
Future Services¶
| Service (planned) | Purpose |
|---|---|
PolicyPackRegistryService |
Catalogue, version, and distribute reusable policy packs (frameworks, industry templates) to tenants. |
ContinuousComplianceService |
Continuous control monitoring (vs. point-in-time reports); drift detection against framework baselines. |
ThreatIntelligenceService |
Ingest external threat feeds to enrich findings and risk scoring. |
PrivacyRequestService |
Automate data-subject requests (access/erasure) driven by classification and isolation rules (GDPR-style). |
PolicySimulationService |
"What-if" simulation of a policy change against historical decisions before publishing. |
AttestationService |
Manage human/agent attestations and periodic recertification of access and controls. |
Future Workers¶
| Worker (planned) | Trigger | Purpose |
|---|---|---|
ContinuousControlMonitorWorker |
Schedule | Evaluate live controls against framework baselines; raise drift findings. |
PolicyPackSyncWorker |
Event: pack published/updated | Roll out new/updated policy-pack versions to subscribed tenants. |
ThreatFeedIngestionWorker |
Schedule / webhook | Normalise external threat intel into findings/risk inputs. |
AccessRecertificationWorker |
Schedule | Drive periodic recertification campaigns and expire stale grants. |
EvidenceArchivalWorker |
Schedule | Tier and seal evidence/audit exports to immutable long-term storage. |
Future APIs¶
| API (planned) | Purpose |
|---|---|
POST /policy-packs / GET /policy-packs |
Publish/list reusable policy packs. |
POST /policies/simulate |
Simulate a policy change against historical decisions. |
GET /compliance/continuous |
Stream continuous-compliance control status. |
POST /privacy-requests |
Submit and track data-subject requests. |
POST /attestations |
Record attestations and recertifications. |
Policy-Pack Marketplace¶
The platform's flagship extensibility surface is a policy-pack marketplace, integrated with the factory Marketplace. A policy pack bundles versioned PolicyDefinitions, PolicyRules, classification categories, control mappings, and report templates for a framework or industry.
flowchart LR
Author["Policy author / partner"] -->|publish| Registry["PolicyPackRegistryService"]
Registry -->|list| Marketplace["Factory Marketplace"]
Marketplace -->|subscribe| Tenant["Tenant"]
Tenant -->|sync| PackSync["PolicyPackSyncWorker"]
PackSync -->|install versioned definitions| PolicyDef["PolicyDefinitionService"]
PolicyDef -->|enforced by| Engine["PolicyEngineService"]
Hold "Alt" / "Option" to enable pan & zoom
| Policy Pack (illustrative) | Contents |
|---|---|
| GDPR-style | PII/PHI classification categories, residency isolation rules, data-subject request controls, retention/erasure policy, evidence templates. |
| SOC 2-style | Trust-services control mappings, change-approval gates, access recertification, audit evidence bundles. |
| HIPAA-style | PHI classification, minimum-necessary access policy, secret/encryption controls, breach-notification evidence. |
| AI-safety | Prompt-safety rules, model/tool permission policy, memory-access controls, artifact content policy. |
Packs are versioned, multi-tenant, and reusable; subscribing a tenant installs the pack's definitions, which the existing PDP enforces with no platform changes.
Agent Opportunities¶
The platform is built to be operated with agents from the Agent Mesh, not just to govern them:
| Agent opportunity | Role |
|---|---|
| Policy Author Agent | Drafts/versions policy definitions from natural-language intent and framework requirements; routes to human publish approval. |
| Triage Agent | Triages and deduplicates SecurityFindings, proposes severity and remediation, and opens remediation tasks. |
| Compliance Evidence Agent | Assembles and narrates compliance reports, mapping decisions/findings to control requirements. |
| Approval Assistant Agent | Summarises an ApprovalRequest's context, risk, and policy reason for the human approver (the human still decides). |
| Risk Analyst Agent | Proposes risk-model factor weights from observed outcomes and feedback. |
Every agent action is itself governed by the platform (agent-permissions and prompt-safety domains) and fully audited — the platform that governs the factory's agents is operated under the same controls it enforces.
Related¶
- Overview · Microservices · APIs · Workflows
- Marketplace · Agent Mesh
- Reference: Naming Conventions · Event Envelope