| Step | Feature | Details |
|---|---|---|
| Agent Type | System Classification | Select from Chatbot, Decision Automation, Code Generation, Orchestration, Autonomous Execution, Video/Vision, Voice/Audio. Free-text for custom types. |
| Industry Domain | Sector Selection | Choose from Hiring and HR, Finance, Healthcare, Insurance, Education, Law Enforcement, Customer Service, Marketing, Legal, Government, and more. |
| Data Types | Data Categories | Identify data processed: Personal Data, Biometric, Health, Financial, Children's Data, Employee Data, Text/Documents, Images, Audio, Metadata. |
| Populations | Affected Groups | Identify who is affected: General Public, Employees, Consumers, Minors, Patients, Vulnerable Populations, and others. |
| Jurisdictions | Regulatory Scope | Select applicable jurisdictions grouped by region (EU, US states, UK, Canada, etc.). Set governance dimension status for each of seven dimensions. |
| Results | Full Report | Complete results dashboard with compliance score, governance gaps, regulatory triggers, and AI-powered intelligence. |
| Component | Description |
|---|---|
| Compliance Readiness Score | Animated progress indicator (0-100). Color-coded verdict: Prohibited (red), High-Risk (yellow), Limited-Risk (blue), Minimal-Risk (green). Verdict-specific guidance messages. |
| Governance Assessment Grid | Seven governance dimensions shown with status indicators, evidence of implementation, identified gaps, and specific recommendations for each. |
| Agent Autonomy Classification | KoraSafe four-tier framework: Observe, Advise, Supervised Action, Full Autonomy. Shows risk rating, use cases, required governance controls per level. |
| Governance Maturity Score | Radar chart across seven pillars: AI Strategy, Risk Management, Data Governance, Model Lifecycle, Ethics and Fairness, AI Operations, Regulatory Compliance. Five maturity levels from Initial to Optimized. |
| Six Pillars Checklist | Six expandable pillar cards with 24 total compliance checks across Accountability, AI Policies, Risk Management, Data Readiness, AI Development, and Deployment Monitoring. |
| Regulatory Triggers | EU AI Act article triggers and high-risk categories. GDPR applicability with risk level. US state law triggers per jurisdiction. Full list of applicable regulations. |
| Remediation Roadmap | Phase-based implementation recommendations with priority, estimated duration, and effort level per phase. |
| Knowledge Base Intelligence | AI-powered curated regulatory insights. Follow-up chat interface with suggested questions. Document library with cited sources. |
| Report Export | Download as PDF or Markdown. Full Assessment Report, Technical Documentation, and Governance Roadmap templates. |
| Feature | Description |
|---|---|
| Fleet Metrics Cards | Four metric cards: Total registered assets, Average compliance readiness score, High-risk asset count, Governance gap count. |
| Top Assets Table | Sortable table showing asset name, type, risk class, and compliance score. Click any row to navigate to the asset detail view. |
| Quick Action Buttons | Shortcuts: New Risk Assessment, Register AI Asset, View Enforcement, Governance Center. |
| Activity Log | Timestamped feed of recent actions across all modules. Color-coded by type: assessment, governance, enforcement, and registry events. |
| Regulatory Intelligence Panel | AI-powered intelligence feed showing relevant regulatory updates and enforcement actions from the knowledge base. |
| Feature | Description |
|---|---|
| Asset Registration Form | Register with: Name, Type, Domain, Description, Model name, Owner, Autonomy Level (Tier 1-4), Status (Development/Production/Retired). |
| List View | Searchable, filterable table. Filter by status and risk class. Columns: Asset Name, Type, Domain, Risk, Autonomy, Status, Owner. |
| Detail: Overview Tab | Description, model, owner, domain, last assessed date. Visual autonomy level indicator. Risk score display. Data types and jurisdictions. |
| Detail: Governance Tab | Seven governance dimensions as interactive cards. Shows status (Implemented / In Progress / Not Started). Admin can cycle state; analysts see read-only. |
| Detail: Enforcement Tab | Guardrail toggles: Input Filter, Output Filter, Evaluation Judge, Circuit Breaker. Each individually toggleable by admin. Violation count display. |
| Detail: History Tab | Per-asset activity log. Assessment history, governance state changes, enforcement actions. Timestamped entries. |
| Tab / Feature | Description |
|---|---|
| Overview: Metric Cards | Governance Score (%), Assets with Gaps, Compliance Ready count, and Eval Coverage (%). |
| Overview: Governance Heatmap | Table with rows = assets, columns = seven governance dimensions. Each cell is a clickable status indicator. Admin can cycle states inline. |
| Autonomy Tab | KoraSafe four-tier autonomy framework: Observe (green), Advise (yellow), Supervised Action (orange), Full Autonomy (red). Descriptions, examples, and oversight requirements per level. |
| Maturity Tab: Radar Chart | Interactive seven-pillar radar chart: AI Strategy, Risk Management, Data Governance, Model Lifecycle, Ethics and Fairness, AI Operations, Regulatory Compliance. Scored 1-5. |
| Maturity Tab: Level Display | Current maturity level (L1-L5): Initial, Developing, Defined, Managed, Optimized. Per-pillar breakdown bars. Top three weakest pillars highlighted. |
| Accountability Tab: RACI Matrix | Seven governance activities mapped to four roles: Responsible, Accountable, Consulted, Informed. Editable by admin with specific role assignments. |
| Compliance Tab: Six Pillars | Six expandable pillar cards with 24 total checks. Per-pillar progress bar. Overall completion percentage. Admin toggles checkboxes. |
| Agent Evals: EDD Pipeline | Eval-driven Development four-stage pipeline: Define (goals, metrics, thresholds), Develop (test suite), Gate (pass/fail decision), Monitor (production tracking). |
| Agent Evals: Evaluation | Six weighted dimensions: Accuracy and Relevance (20%), Behavioral Stability (20%), Safety and Guardrails (20%), Decision Auditability (15%), Coordination Fidelity (10%), Autonomy Safety Margin (15%). Radar chart visualization. |
| Tab / Feature | Description |
|---|---|
| Overview: Metrics | Four cards: Active Policies, Total Violations, Resolved count, Active Guardrails count across fleet. |
| Overview: Guardrail Coverage | Per-asset progress bars showing guardrail adoption. Color-coded: green (full coverage), yellow (partial), red (none). |
| Overview: Recent Violations | Latest violations with type, severity badge (high/medium/low), asset name, and timestamp. |
| Policies: Create Policy | Admin Create policies: Input Filter, Output Filter, Approval Workflow, Circuit Breaker, Evaluation Judge, Pre-deployment Gate, Rate Limiting. |
| Policies: Policy List | Policy cards with name, type, scope, and status toggle (Draft or Active). Admin edit, analyst read-only. |
| Violations: Filter and List | Filters: Severity (All/High/Medium/Low), Status (All/Open/Resolved). Resolve button for admin. Timestamped audit trail. |
| Guardian: PII Sentinel | Monitors AI input and output streams. Detects and redacts personally identifiable information in real time. |
| Guardian: Bias Watchdog | Monitors screening and ranking agents. Detects disparate impact and alerts when fairness thresholds are exceeded. |
| Guardian: Autonomy Guard | Monitors autonomous agents. Enforces action boundaries and blocks unauthorized capability escalation. |
| Guardian: Cost Controller | Monitors API-consuming agents. Provides rate limiting, budget enforcement, and spend alerts. |
| Guardian: Hallucination Detector | Monitors conversational and advisory agents. Cross-references outputs against the knowledge base for accuracy. |
| Guardian: Compliance Auditor | Monitors all registered agents. Performs continuous conformity checks against regulatory requirements. |
| Guardian Controls | Each guardian: Active/Paused toggle (admin-only), trigger count, last active timestamp. Status indicator. |
| Feature | Description |
|---|---|
| Compliance Checklist | Full checklist organized by governance pillars. Track completion status per item with visual progress indicators. Supports multiple compliance frameworks. |
| CSV Export | Export the full compliance checklist as CSV for use in spreadsheets, external reporting tools, or audit evidence packages. |
| PDF Export | Generate a formatted PDF of the compliance checklist for sharing with leadership, auditors, or regulatory bodies. |
| Editable RACI Matrix | Define who is Responsible, Accountable, Consulted, and Informed for each governance activity. Fully editable by admin users. Customizable roles and activities. |
| Progress Tracking | Per-pillar progress bars and overall completion percentage. Visual indicators highlight areas needing attention. |
| Feature | Description |
|---|---|
| Organization Management | Admin Manage organization profile, display name, and branding. Configure feature flags to enable or disable platform capabilities. Danger zone for critical org-level actions. |
| Department Management | Admin Create and manage departments within your organization. Organize users and assets by business unit for clearer governance oversight. |
| User Onboarding | Admin Invite new team members with token-based invitations. Assign role (Owner, Admin, Analyst, Viewer) at invite time. Invitations expire automatically for security. |
| User Offboarding | Admin Remove users from the organization. Revoke access immediately with audit trail of the offboarding action. |
| Role Management | Admin Change user roles at any time. Four roles: Owner (full control including billing), Admin (full edit), Analyst (read-only with assessment access), Viewer (read-only). |
| SSO Configuration | Admin Configure Single Sign-On with your identity provider via SAML or OIDC. Map external groups to KoraSafe roles. |
| MFA Enforcement | Admin Require multi-factor authentication for all users in the organization. Time-based one-time passwords supported. |
| API Key Management | Admin Create, view, rotate, and revoke API keys for programmatic access. Each key action is logged in the audit trail. |
| Session Security | Admin Configure session timeout and idle timeout policies. Manage active sessions across the organization. |
| Logging Levels | Admin Configure structured logging levels for your organization. Tiered logging ensures appropriate detail for debugging and compliance without excessive noise. |
| Feature | Description |
|---|---|
| Document Ingestion | Admin Import regulatory documents with title, text, source URL, category (regulation text, enforcement action, guidance, case study, best practice, news), jurisdiction, and applicable regulations. |
| Knowledge Base Health | Health indicator, document count, category breakdown. Refresh controls to verify the intelligence layer is current and healthy. |
| MCP API | MCP Model Context Protocol endpoint for agent-to-agent governance. Methods: initialize, list tools, call tools. Tools include knowledge base query with filters and document catalog listing. |
| Semantic Search Infrastructure | Regulatory document indexing and intelligent retrieval powering assessments, chat, and regulatory intelligence across the platform. |
| Google Drive | Import documents from shared drives for direct ingestion into the knowledge base. |
| Slack | Alerts and notifications for governance events delivered to your Slack channels. |
| Jira / Linear | Track remediation tasks and governance tickets directly in your project management tool. |
| Monitoring Dashboards | Connect agent performance monitoring and alerting services for unified observability. |
| Cloud Registries | Connect cloud provider model registries and logging services for centralized oversight. |
| Observability Tools | Connect AI observability and experiment tracking platforms for deeper agent analysis. |
| Feature | Description |
|---|---|
| Multi-tenant Isolation | Organization-scoped data isolation ensures each tenant's data is completely separate. Row-level security policies enforce this at the database level. |
| Organization Members | Users belong to a single organization with a defined role. Cross-organization data access is prevented by architecture. |
| Rate Limiting | API endpoints are rate-limited to prevent abuse and ensure fair resource allocation across tenants. |
| Input Validation | All user input is validated and sanitized before processing. Prevents injection attacks and malformed data from reaching the system. |
| Security Headers | Standard security headers applied to all responses: frame protection, content type enforcement, strict referrer policy, and cross-origin resource sharing controls. |
| Structured Error Handling | Errors are handled consistently across the platform. No sensitive information (stack traces, configuration details) is ever exposed to clients. |
| Audit Logging | Append-only, organization-scoped audit logs capture every significant action. Immutable records for compliance evidence and forensic review. |
| Invite System | Token-based invitations with automatic expiry. Role is assigned at invite time. Expired or used tokens cannot be reused. |
| CAPTCHA Protection | Server-side CAPTCHA verification on user signup to prevent automated account creation. |
| Feature | Description |
|---|---|
| Role-Based Access Control | Four roles: Owner (full control), Admin (full edit access), Analyst (read-only with assessment access), Viewer (read-only). Enforced across all modules. |
| Activity Logging | All governance state changes, assessment runs, enforcement actions, registry operations, and policy changes are logged with timestamps and descriptions. |
| Notifications System | Real-time notification panel for asset registrations, assessments, governance changes, enforcement actions, and guardian triggers. Read/unread tracking. |
| Profile Management | Profile settings with display name, avatar, role display, and security options (password change for email users). Sign out. |
| Regulatory Intelligence Panel | AI-powered intelligence feed shown contextually in Dashboard, Registry, Governance, and Enforcement modules. Surfaces relevant regulatory content from the knowledge base. |
| Agent Discovery Card | Published agent card for automatic discovery by other AI systems. Lists governance skills, input/output modes, and authentication requirements. |
| Structured Logging | Tiered logging levels across the platform ensure appropriate detail for debugging, monitoring, and compliance without excessive noise. Logs are forwarded to centralized observability. |