Skip to content

Governance and Compliance

How to use the FCC governance layer for quality assurance, compliance checking, audit trails, and regulatory alignment.

Governance Architecture

FCC governance operates at three levels:

+---------------------------------------------------+
| Level 1: Constitution Registry (Per-Persona Rules) |
|   Hard-stop | Mandatory | Preferred                |
+---------------------------------------------------+
          |
+---------------------------------------------------+
| Level 2: Quality Gates (30+ Gates)                 |
|   Schema validation | Coverage checks | Scoring    |
+---------------------------------------------------+
          |
+---------------------------------------------------+
| Level 3: Tag Registry (35+ Tags)                   |
|   Capability | Category | Supercategory tagging     |
+---------------------------------------------------+

Constitution System

3-Tier Constitution

Every persona can have a constitution defining behavioral rules:

Tier Description Override Policy
Hard-stop Rules that cannot be overridden Never overridable
Mandatory Rules that must be followed Waivable with justification
Preferred Best practices Optional but recommended

Querying Constitutions

from fcc.governance.constitution_registry import ConstitutionRegistry

registry = ConstitutionRegistry.from_package_data()

# Get constitution for a persona
constitution = registry.get("data_governance_steward")

print(f"Hard-stop rules ({len(constitution.hard_stop)}):")
for rule in constitution.hard_stop:
    print(f"  [HARD-STOP] {rule}")

print(f"\nMandatory rules ({len(constitution.mandatory)}):")
for rule in constitution.mandatory:
    print(f"  [MANDATORY] {rule}")

print(f"\nPreferred rules ({len(constitution.preferred)}):")
for rule in constitution.preferred:
    print(f"  [PREFERRED] {rule}")

Constitution Enforcement

Integrate constitution checks into your workflow:

def check_constitution(persona_id, deliverable, const_registry):
    """Check a deliverable against persona constitution rules."""
    constitution = const_registry.get(persona_id)
    if not constitution:
        return {"status": "no_constitution", "violations": []}

    violations = []

    # Hard-stop rules must never be violated
    for rule in constitution.hard_stop:
        if not evaluate_rule(rule, deliverable):
            violations.append({"tier": "hard-stop", "rule": rule})

    # Mandatory rules should be followed
    for rule in constitution.mandatory:
        if not evaluate_rule(rule, deliverable):
            violations.append({"tier": "mandatory", "rule": rule})

    status = "failed" if any(v["tier"] == "hard-stop" for v in violations) else "passed"
    return {"status": status, "violations": violations}

Quality Gates

Available Gates (30+)

Quality gates validate deliverables at key workflow checkpoints:

Gate Category Examples
Schema validation Persona YAML valid, workflow JSON valid
Coverage checks All R.I.S.C.E.A.R. fields populated
Scoring gates Minimum quality score threshold
Governance gates Constitution compliance, tag requirements
Documentation All required docs generated, sitemap valid

Running Quality Gate Checks

from fcc.governance.quality_gates import QualityGateRegistry

gate_registry = QualityGateRegistry.from_package_data()

# Check a specific gate
gate = gate_registry.get("persona_completeness")
result = gate.check(persona_data)
print(f"Gate: {gate.name}")
print(f"Passed: {result.passed}")
print(f"Score: {result.score}")
if not result.passed:
    print(f"Reason: {result.reason}")

# Check all gates
for gate in gate_registry.all():
    result = gate.check(deliverable)
    status = "PASS" if result.passed else "FAIL"
    print(f"  [{status}] {gate.name}: {result.score:.2f}")

Audit Trails

Event-Based Audit Trail

Use the event bus to create a complete audit trail:

from fcc.messaging.bus import EventBus
from fcc.messaging.events import Event, EventType
from fcc.messaging.serialization import EventSerializer

bus = EventBus()
serializer = EventSerializer()

# Audit log collector
audit_log = []

def audit_handler(event: Event):
    entry = {
        "timestamp": event.timestamp,
        "type": event.event_type.value,
        "data": event.data,
    }
    audit_log.append(entry)

# Subscribe to governance events
bus.subscribe(EventType.GATE_CHECKED, audit_handler)
bus.subscribe(EventType.CONSTITUTION_APPLIED, audit_handler)

# ... run workflow ...

# Export audit log
import json
with open("audit_log.json", "w") as f:
    json.dump(audit_log, f, indent=2)

Session-Based Audit Trail

Collaboration sessions provide built-in audit trails:

from fcc.collaboration.recording import SessionRecorder

recorder = SessionRecorder()

# Save a session with full history
recorder.save(session, "audit/session_001.json")

# Load and inspect later
loaded = recorder.load("audit/session_001.json")
for turn in loaded.turns:
    print(f"  {turn.timestamp} | {turn.persona_id} | {turn.content[:60]}...")

Compliance Reporting

Generating Compliance Reports

def generate_compliance_report(registry, const_registry, gate_registry):
    """Generate a compliance report for all personas."""
    report = {"personas": [], "summary": {}}

    for persona in registry.all():
        entry = {
            "id": persona.id,
            "name": persona.name,
            "category": persona.category,
            "constitution": None,
            "gates": [],
        }

        # Check constitution
        constitution = const_registry.get(persona.id)
        if constitution:
            entry["constitution"] = {
                "hard_stop_count": len(constitution.hard_stop),
                "mandatory_count": len(constitution.mandatory),
                "preferred_count": len(constitution.preferred),
            }

        # Check quality gates
        for gate in gate_registry.for_persona(persona.id):
            result = gate.check(persona)
            entry["gates"].append({
                "name": gate.name,
                "passed": result.passed,
                "score": result.score,
            })

        report["personas"].append(entry)

    # Summary
    total = len(report["personas"])
    compliant = sum(1 for p in report["personas"]
                    if all(g["passed"] for g in p["gates"]))
    report["summary"] = {
        "total_personas": total,
        "compliant": compliant,
        "compliance_rate": compliant / total if total > 0 else 0,
    }

    return report

Regulatory Mapping

Map FCC governance features to common regulatory frameworks:

Regulation FCC Feature Implementation
SOC 2 Audit trails, access controls Event bus + session recording
GDPR Data handling, privacy Constitution hard-stops
ISO 27001 Information security management Quality gates + governance
HIPAA Health data protection Constitution + privacy personas
  • Enterprise Deployment -- Deployment patterns
  • Integration Guide -- CI/CD integration
  • Guidebook Ch. 9: Governance
  • Book 1 Ch. 4: Quality and Governance
  • Notebook 08_governance_constitutions.ipynb