Governance defines who may change what
A technically strong breeding system can still be unsafe if authority is ambiguous. Separate proposal, evaluation, approval, release, and audit roles. Small teams can combine people, but the logical permissions should remain distinct.
Roles
| Role | Authority | Must not do alone |
|---|---|---|
| Model owner | Defines capability and accepts task quality | Approve safety or security exceptions |
| Evaluation owner | Maintains suites and evidence quality | Create candidates with hidden-test access |
| Security owner | Approves permissions and threat controls | Override task-quality evidence |
| Data owner | Approves datasets, retention, and jurisdiction | Approve unrelated runtime privileges |
| Release owner | Changes traffic and aliases | Alter evaluation results |
| Auditor | Reviews evidence and policy compliance | Modify artifacts or approvals |
Risk tiers
Low-risk changes may include quantization or adapter updates for non-sensitive offline tasks. High-risk changes include new tools, network access, personal data, code execution, policy semantics, autonomous planning, or cross-jurisdiction data movement.
Policy-as-code
Represent approval requirements, thresholds, mutation allowlists, population ceilings, and prohibited permissions in versioned policy. Candidates can read relevant policy but cannot write it.
FUNCTION required_approvals(change)
approvals <- [MODEL_OWNER]
IF change.modifies_data_lineage
ADD approvals, DATA_OWNER
END IF
IF change.expands_permissions OR change.risk_tier >= HIGH
ADD approvals, SECURITY_OWNER
END IF
IF change.modifies_code OR evaluator
ADD approvals, SOFTWARE_OWNER
END IF
IF change.affects_production_traffic
ADD approvals, RELEASE_OWNER
END IF
RETURN UNIQUE(approvals)
END FUNCTIONException handling
Emergency exceptions have a short expiry, narrow scope, named owner, compensating controls, and mandatory post-incident review. They do not permanently alter hard policy.
Governance metrics
Track approval latency, rejected changes, expired evidence, exception use, missing owners, policy violations, and percentage of releases with complete lineage. Fast approvals are not automatically good; predictable evidence requirements are more important.
Human override
Humans need a tested mechanism to stop candidate generation, freeze aliases, disable a capability, or revoke a signer. Override actions are logged but do not require the system's consent.
Source reports used for this guide
These reports are preserved verbatim in the site archive. The guide above is an editorial synthesis and may narrow, qualify, or reorganize claims from the source material.