Skip to content

Governance, Security & Compliance — Overview

The Governance, Security & Compliance Platform is the policy and trust layer of the ConnectSoft AI Software Factory. Where the Control Plane decides what should happen and the Agent Mesh executes it, this platform answers a different question for every sensitive action in the factory: "Is this allowed, by whom, under which policy, and can we prove it later?" It is the authoritative policy decision point, the immutable audit system of record, and the home of the controls that make an autonomous, multi-agent software factory safe to run at multi-tenant scale.

Target Architecture — Final-State Design

This page describes the final-state target architecture of the Governance, Security & Compliance Platform as a fleet of independently deployable microservices under the ConnectSoft.Factory.Governance.* namespace. It is an AI-native software factory platform, not a chatbot or assistant. The platform builds on the existing Security-First Architecture principle and the Governance & Compliance Center studio surface, hardening them into policy-as-code services.

Purpose

Autonomy without governance is a liability. Every artifact the factory generates, every agent action, every deployment, and every secret access is a decision that may need to be constrained, recorded, and — for sensitive transitions — approved by a human. This platform exists to make the factory trustworthy and provable:

  • Traceable — every policy decision, approval, and audit entry carries the canonical traceId/correlationId from the Event Envelope, so any decision can be tied back to the originating intent, agent task, and artifact.
  • Reusable — policies, rules, isolation rules, and compliance controls are versioned, catalogued assets reused across tenants, projects, and editions (policy packs).
  • Autonomous — most policy is evaluated and enforced without a human in the loop; humans are escalated to only at defined approval gates or on high risk.
  • Governed — nothing irreversible (a production deployment, a secret rotation, a cross-tenant data flow) happens without a recorded PolicyDecision and, where required, an ApprovalDecision.
  • Observable — every decision emits a canonical event consumed by Observability & Feedback and the Knowledge Platform.
  • Multi-tenant — tenant isolation is itself a governed, policy-driven concern enforced at every entry point.

Role in the Factory

flowchart LR
    Studio["Factory Studio<br/>(Security &amp; Governance Center)"] -->|defines policy / approves| Governance["Governance, Security &amp; Compliance<br/>(policy &amp; trust layer)"]
    ControlPlane["Control Plane"] -->|evaluate before transition| Governance
    AgentMesh["Agent Mesh"] -->|permission &amp; prompt-safety checks| Governance
    DevOps["DevOps &amp; GitOps"] -->|deployment gate checks| Governance
    Knowledge["Knowledge Platform"] -->|memory-access &amp; classification| Governance
    Governance -->|decisions, audit, findings| Observability["Observability &amp; Feedback"]
    Governance -->|secret references| KeyVault["Azure Key Vault"]
Hold "Alt" / "Option" to enable pan & zoom

The platform is consulted inline on sensitive transitions: the Control Plane calls POST /policies/evaluate before promoting a workflow; the Agent Mesh checks agent permissions and prompt safety; DevOps & GitOps calls the deployment gate before a production release; the Knowledge Platform checks memory-access and data-classification policy. Every consultation produces a recorded decision and an audit entry.

Core Responsibilities

Responsibility Description
Policy-as-code Author, version, and store policy definitions and rules; evaluate them deterministically (RBAC + ABAC) and record every PolicyDecision.
Human approval Manage approval gates, route requests to authorized approvers, enforce timeouts/escalation, and record granular ApprovalDecisions.
Audit Maintain an immutable, tamper-evident audit trail for every governance-relevant action, backed by ConnectSoft.Extensions.AuditNet.
Compliance evidence Generate point-in-time compliance reports and evidence bundles (control coverage, decisions, findings) via ConnectSoft.Extensions.Compliance.
Security findings Ingest, deduplicate, triage, and track security findings from scans across factory and generated assets.
Secret governance Govern references to secrets in Azure Key Vault (never secret values), scan for leaked secrets, and enforce rotation policy.
Tenant isolation Define and enforce tenant isolation rules as policy, backed by ConnectSoft.Extensions.Saas.* and ConnectSoft.Extensions.WebSecurity.
Data classification Classify data and artifacts (e.g. public/internal/confidential/restricted) and drive handling policy from the classification.
Risk scoring Compute composite risk scores for actions, artifacts, and tenants to drive adaptive gates and prioritisation.

Key Capabilities

  • Policy decision point (PDP) as a service — the PolicyEngineService is consulted before sensitive transitions; nothing is implicit. Every decision is recorded and replayable.
  • Policy packs — bundles of policies/rules (GDPR-style, SOC 2-style, HIPAA-style) versioned and reusable across tenants and editions (see Extension Roadmap).
  • Defence in depth — RBAC/ABAC authorization, tenant isolation, secret governance, classification-driven handling, and risk-adaptive gates compose rather than compete.
  • Immutable audit — append-only audit entries with hash chaining, exported to Blob for long-term, queryable evidence.
  • Human-in-the-loop where it matters — autonomous by default, with approval gates only on policy-flagged, high-risk, or irreversible transitions.
  • Tenant-isolated by construction — every aggregate, store, event, and API carries tenantId; isolation is itself a first-class, governed policy.

The Ten Governance Domains

The platform governs ten distinct domains across the factory. Each domain is expressed as policy definitions/rules and enforced through the policy decision point.

# Governance Domain What it governs Primary services
1 Agent permissions Which agents/roles may execute which skills, tools, and actions. PolicyEngineService, PolicyEvaluationService
2 Tenant isolation Cross-tenant access boundaries and data residency. TenantIsolationPolicyService
3 Prompt safety Prompt/response guardrails, injection and exfiltration defence. PolicyEvaluationService, RiskScoringService
4 Artifact policy What generated artifacts are permitted, licensing, and content rules. PolicyEngineService, DataClassificationService
5 Secrets Secret references, leakage detection, and rotation. SecretGovernanceService
6 Deployment gates Whether a build/release may promote to an environment. PolicyEngineService, ApprovalService
7 Cost budgets Token/compute/spend limits per tenant, project, and edition. PolicyEvaluationService, RiskScoringService
8 Compliance evidence Control coverage and audit evidence for frameworks. ComplianceReportService, AuditService
9 Human approval Where a human decision is mandatory before proceeding. ApprovalService
10 Memory access Who/what may read or write knowledge and runtime memory. TenantIsolationPolicyService, DataClassificationService

High-Level Component View

The platform is composed of seven bounded contexts, realised as eleven microservices with database-per-service stores. The container diagram below shows the contexts and the principal flows.

flowchart TB
    subgraph PolicyCtx["Policy"]
        PolicyEngineService
        PolicyDefinitionService
        PolicyEvaluationService
    end
    subgraph ApprovalCtx["Approval"]
        ApprovalService
    end
    subgraph AuditCtx["Audit"]
        AuditService
    end
    subgraph ComplianceCtx["Compliance"]
        ComplianceReportService
    end
    subgraph SecurityCtx["Security"]
        SecurityFindingService
        SecretGovernanceService
    end
    subgraph IsolationCtx["Isolation &amp; Classification"]
        TenantIsolationPolicyService
        DataClassificationService
    end
    subgraph RiskCtx["Risk"]
        RiskScoringService
    end

    PolicyCtx -->|gate requires approval| ApprovalCtx
    PolicyCtx -->|every decision| AuditCtx
    ApprovalCtx -->|decisions| AuditCtx
    SecurityCtx -->|findings| RiskCtx
    IsolationCtx -->|classification &amp; isolation rules| PolicyCtx
    RiskCtx -->|risk inputs| PolicyCtx
    ComplianceCtx -->|reads decisions &amp; findings| AuditCtx
    SecretGovernanceService -->|secret references only| KeyVault["Azure Key Vault"]
Hold "Alt" / "Option" to enable pan & zoom

A complete mapping of contexts to microservices and aggregate roots is on the Bounded Contexts page, and every service is detailed on Microservices.

Integration with Other Platforms

Platform Relationship
Control Plane The Control Plane embeds the policy decision point; it calls evaluate before sensitive workflow transitions and consumes approval/decision events.
Agent Mesh Agent permission, prompt-safety, and memory-access checks gate every agent task and skill invocation.
Knowledge Platform Shares data classification and memory-access policy; the Knowledge Platform enforces classification-driven redaction.
DevOps & GitOps Deployment gates evaluate policy and (when flagged) require human approval before promotion.
Observability & Feedback Subscribes to all governance events via the canonical envelope for tracing, metrics, dashboards, and feedback.
Factory Studio Human surface for authoring policy, reviewing approvals, and exporting compliance evidence.

Final-State Summary

In the final state, the Governance, Security & Compliance Platform is a fleet of independently deployable .NET 10 / ASP.NET Core microservices following Clean Architecture and DDD, communicating over MassTransit on Azure Service Bus, persisting to per-service Azure SQL / PostgreSQL databases via NHibernate, securing identity with OpenIddict (OAuth2/JWT), enforcing RBAC/ABAC policy-as-code, isolating tenants with ConnectSoft.Extensions.Saas.* and ConnectSoft.Extensions.WebSecurity, auditing with ConnectSoft.Extensions.AuditNet, generating evidence with ConnectSoft.Extensions.Compliance, and governing secret references through Azure Key Vault. It is the policy and trust layer that lets the ConnectSoft AI Software Factory operate autonomously and at scale while remaining auditable, compliant, and safe.