Namespace JD.AI.Core.Governance
Classes
- ApprovalRequest
Represents a request for human or system approval before performing a sensitive operation.
- ApprovalResult
Result of an RequestApprovalAsync(ApprovalRequest, CancellationToken) call.
- AutoApproveService
IApprovalService that always approves requests without prompting. Suitable for fully automated pipelines or integration tests where human interaction is not available.
- AutoRejectService
IApprovalService that always rejects requests. Use in locked-down environments where no operation may proceed without replacing this service with a human-in-the-loop implementation.
- BudgetStatus
Snapshot of current spending versus configured limits.
- BudgetTracker
Persists daily and monthly spend data as JSON to
~/.jdai/budget.jsonand evaluates it against configured BudgetPolicy limits.
- CircuitBreakerPolicy
Configures tool loop detection and circuit breaker thresholds. When Hardened is true, circuit breakers cannot be reset by users.
- ClassificationMatch
Describes content detected by a DataClassification rule during redaction.
- ComplianceControl
Result of a single compliance control check.
- CompliancePresetLoader
Loads and resolves built-in compliance preset policies embedded in the assembly.
- DataClassification
A named data classification with matching patterns and an enforcement action.
- DataRedactor
Applies regex-based redaction patterns to content before sending to AI providers. Supports both flat
RedactPatternsand structured DataClassification rules with per-classification actions.
- FileRoleResolver
Loads user-to-role and user-to-group mappings from a YAML file.
- PolicyBasedApprovalService
IApprovalService that consults a PolicySpec to determine whether a kind of operation requires approval, and delegates to an inner service when it does.
- PolicyEvaluator
Evaluates tool, provider, and model requests against a resolved PolicySpec. Role-based grants are applied AFTER base policy evaluation: a role-specific allow can override a base-policy deny, while a role-specific deny always wins.
- PolicyLoader
Loads PolicyDocument instances from the filesystem hierarchy.
- PolicyParser
Parses YAML policy documents into PolicyDocument instances.
- PolicyResolver
Merges multiple PolicyDocument instances into a single resolved PolicySpec using conservative (most-restrictive) rules.
- PolicySignature
Signs and verifies policy documents using HMAC-SHA256. Signatures are stored as a
# jdai-signature: {hex}comment line at the end of the YAML file.
- PolicyVersionEntry
A single entry in the policy version history log.
- PolicyVersionHistory
Tracks policy version history as an append-only JSON log file. Each entry records the policy content hash, timestamp, and metadata to support auditing and rollback.
- PolicyWatcher
Watches policy directories for changes and triggers reload callbacks. Uses FileSystemWatcher with debouncing to avoid spurious reloads.
- RedactionResult
Result of running RedactWithClassifications(string) on a piece of content.
- RoleDefinition
Defines what a named role is allowed or denied beyond the base policy.
- RolePolicy
RBAC role definitions. Maps role names to the additional policies they grant.
- UserRoleEntry
Represents role and group membership for a single user.
- WorkflowPolicy
Controls who can publish, install, and manage shared workflows. Roles are compared against the current user identity (e.g. from Environment.UserName or an org identity provider).
Interfaces
- IApprovalService
Provides human-in-the-loop or automated approval decisions for sensitive operations.
- IBudgetTracker
Tracks AI provider spending against daily and monthly budget limits.
- IRoleResolver
Resolves the role and group memberships for the current user context.
Enums
- ApprovalDecision
Outcome of an approval request.
- ApprovalKind
Kind of operation that triggered an approval request.
- ClassificationAction
Action to take when a data classification pattern matches content.