Governance¶
Target Architecture — Final-State Design
This page describes the final-state knowledge governance of the Knowledge Platform: how access to memory is authorized, how content is classified and redacted, and how knowledge quality is enforced. Owned by MemoryPolicyService, MemoryClassificationService, MemoryRedactionService, and KnowledgeQualityService.
Because the Knowledge Platform holds the factory's most sensitive memory — architectural decisions, code, runtime data, and cross-tenant patterns — governance is not optional. Every read path that assembles context passes through a deterministic, auditable governance layer. This is what lets the platform serve rich, reusable knowledge while guaranteeing multi-tenant isolation and compliance.
Governance Pillars¶
| Pillar | Service | Aggregates |
|---|---|---|
| Access control | MemoryPolicyService |
MemoryAccessPolicy, MemoryAccessDecision, MemoryAccessAudit |
| Classification | MemoryClassificationService |
MemoryClassification |
| Redaction | MemoryRedactionService |
(operates on classifications/records) |
| Quality | KnowledgeQualityService |
KnowledgeQualityAssessment, QualityRule |
How Context Assembly Is Authorized¶
sequenceDiagram
participant CB as ContextBuilderService
participant POL as MemoryPolicyService
participant RED as MemoryRedactionService
participant AUD as MemoryAccessAudit
CB->>POL: EvaluateMemoryAccess(subject, candidate sources, purpose)
POL->>POL: apply MemoryAccessPolicy (explicit deny wins)
POL->>AUD: append MemoryAccessAudit (immutable)
POL-->>CB: MemoryAccessDecision (Allow / RedactRequired / Deny)
opt RedactRequired
CB->>RED: RedactMemory(source, audience)
RED-->>CB: redacted projection
end
CB->>CB: include allowed/redacted sources onlyEvery Context Package is therefore traceable to a policyDecisionId and an immutable MemoryAccessAudit, so the factory can prove who accessed what knowledge, when, and why — see the Context Package Schema.
Access Control¶
MemoryAccessPolicy is a declarative, tenant-scoped rule set evaluated deterministically:
- Subjects — agents, services, or humans, identified by
agentId/identity and scopes (knowledge.read,knowledge.govern). - Resources — memory sources, identified by
refandclassification. - Effects —
Allow,Deny, orRedactRequired. Explicit deny always wins; the default effect is configurable per policy. - Purpose binding — decisions are bound to a
purpose(e.g.contextBuild) so access is least-privilege.
Each evaluation produces a MemoryAccessDecision (the outcome) and appends a MemoryAccessAudit (append-only, retained at compliance retention). POST /knowledge/access/evaluate exposes this for callers; the Context Builder calls it internally for every candidate set.
Classification¶
MemoryClassificationService assigns a sensitivity class to every MemoryRecord at ingestion (via the ClassificationWorker):
| Class | Meaning | Handling |
|---|---|---|
Public |
Shareable externally (e.g. marketplace) | No redaction |
Internal |
Internal factory/tenant use | Standard tenant isolation |
Confidential |
Sensitive business content | Access via MemoryAccessPolicy; redacted unless allowed |
Secret |
Credentials/keys | Never stored as body; Key Vault references only |
Classification carries labels (e.g. pii, architecture, no-pii) and a confidence. It is the single source of truth that access and redaction decisions depend on. See Artifact Metadata.
Redaction¶
MemoryRedactionService produces audience-specific redacted projections of content so that a Confidential source can still contribute its non-sensitive substance to a context:
- Redaction operates per
(memoryRecordId, audience)and is idempotent (RedactionWorker). - Redacted spans record a
reason(e.g.credentials,pii) for auditability. Secretcontent is never present to redact — it is excluded entirely, with only a reference retained.- Redacted projections are stored separately so the original remains intact for authorized audiences.
Knowledge Quality¶
KnowledgeQualityService scores every record against versioned QualityRules (via the QualityAssessmentWorker):
| Dimension | Checks |
|---|---|
| Completeness | Required metadata/lineage present |
| Freshness | Not superseded/stale; current version |
| Consistency | No contradiction with existing decisions/patterns |
| Lineage | Traceable to producing task/context |
| Accuracy | Correlated with healthy runtime outcomes |
A KnowledgeQualityAssessment records a score and violations. Quality scores feed retrieval ranking (low-quality knowledge is down-ranked in vector search and the Context Builder) and trigger QualityRuleViolated events for remediation. The StaleMemoryWorker and ConflictDetectionWorker complement this by flagging stale and contradictory knowledge.
Governance in the Pipeline¶
flowchart LR
Ingest["Ingestion"] --> Classify["Classification"]
Classify --> Quality["Quality assessment"]
Classify -->|Confidential/Secret| Redact["Redaction projections"]
Build["Context Building"] --> Policy["Access evaluation"]
Policy --> Audit["Immutable audit"]
Policy --> Redact
Quality --> Rank["Retrieval ranking"]Cross-Platform Governance¶
- The Knowledge Platform's access decisions and audits are published (
MemoryAccessEvaluated) to the factory's Governance, Security & Compliance platform for centralised oversight. - Classification taxonomy and policy templates are governed centrally and applied per tenant.
- All governance actions are traced (
traceId) and observable throughConnectSoft.Extensions.Observability.
Governance Guarantees¶
- No ungoverned read — context assembly never returns a source that was not access-checked.
- Deny wins — explicit denials override any allow.
- Append-only audit — access audits are immutable and retained for compliance.
- Tenant isolation — policies are tenant-scoped; cross-tenant access requires an explicit, audited policy (used for sanctioned pattern reuse).
- Least privilege — decisions are purpose-bound and time-bounded.