Seven governance dimensions shown with status indicators, evidence of implementation, identified gaps, and specific recommendations for each.
Agent Autonomy Classification
KoraSafe four-tier framework: Observe, Advise, Supervised Action, Full Autonomy. Shows risk rating, use cases, required governance controls per level.
Governance Maturity Score
Radar chart across seven pillars: AI Strategy, Risk Management, Data Governance, Model Lifecycle, Ethics and Fairness, AI Operations, Regulatory Compliance. Five maturity levels from Initial to Optimized.
Six Pillars Checklist
Six expandable pillar cards with 24 total compliance checks across Accountability, AI Policies, Risk Management, Data Readiness, AI Development, and Deployment Monitoring.
Regulatory Triggers
EU AI Act article triggers and high-risk categories. GDPR applicability with risk level. US state law triggers per jurisdiction. Full list of applicable regulations.
Remediation Roadmap
Phase-based implementation recommendations with priority, estimated duration, and effort level per phase.
Knowledge Base Intelligence
AI-powered curated regulatory insights. Follow-up chat interface with suggested questions. Document library with cited sources.
Report Export
Download as PDF or Markdown. Full Assessment Report, Technical Documentation, and Governance Roadmap templates.
Dashboard
Fleet-wide overview of AI governance status across your organization.
Feature
Description
Fleet Metrics Cards
Four metric cards: Total registered assets, Average compliance readiness score, High-risk asset count, Governance gap count.
Top Assets Table
Sortable table showing asset name, type, risk class, and compliance score. Click any row to navigate to the asset detail view.
Quick Action Buttons
Shortcuts: New Risk Assessment, Register AI Asset, View Enforcement, Governance Center.
Activity Log
Timestamped feed of recent actions across all modules. Color-coded by type: assessment, governance, enforcement, and registry events.
Regulatory Intelligence Panel
AI-powered intelligence feed showing relevant regulatory updates and enforcement actions from the knowledge base.
AI Registry
Central catalog and lifecycle management for every AI system in your organization.
Feature
Description
Asset Registration Form
Register with: Name, Type, Domain, Description, Model name, Owner, Autonomy Level (Tier 1-4), Status (Development/Production/Retired).
List View
Searchable, filterable table. Filter by status and risk class. Columns: Asset Name, Type, Domain, Risk, Autonomy, Status, Owner.
Detail: Overview Tab
Description, model, owner, domain, last assessed date. Visual autonomy level indicator. Risk score display. Data types and jurisdictions.
Detail: Governance Tab
Seven governance dimensions as interactive cards. Shows status (Implemented / In Progress / Not Started). Admin can cycle state; analysts see read-only.
Detail: Enforcement Tab
Guardrail toggles: Input Filter, Output Filter, Evaluation Judge, Circuit Breaker. Each individually toggleable by admin. Violation count display.
Full governance management across six tabs: Overview, Autonomy, Maturity, Accountability, Compliance, and Agent Evals.
Tab / Feature
Description
Overview: Metric Cards
Governance Score (%), Assets with Gaps, Compliance Ready count, and Eval Coverage (%).
Overview: Governance Heatmap
Table with rows = assets, columns = seven governance dimensions. Each cell is a clickable status indicator. Admin can cycle states inline.
Autonomy Tab
KoraSafe four-tier autonomy framework: Observe (green), Advise (yellow), Supervised Action (orange), Full Autonomy (red). Descriptions, examples, and oversight requirements per level.
Maturity Tab: Radar Chart
Interactive seven-pillar radar chart: AI Strategy, Risk Management, Data Governance, Model Lifecycle, Ethics and Fairness, AI Operations, Regulatory Compliance. Scored 1-5.
Maturity Tab: Level Display
Current maturity level (L1-L5): Initial, Developing, Defined, Managed, Optimized. Per-pillar breakdown bars. Top three weakest pillars highlighted.
Accountability Tab: RACI Matrix
Seven governance activities mapped to four roles: Responsible, Accountable, Consulted, Informed. Editable by admin with specific role assignments.
Compliance Tab: Six Pillars
Six expandable pillar cards with 24 total checks. Per-pillar progress bar. Overall completion percentage. Admin toggles checkboxes.
Monitors conversational and advisory agents. Cross-references outputs against the knowledge base for accuracy.
Guardian: Compliance Auditor
Monitors all registered agents. Performs continuous conformity checks against regulatory requirements.
Guardian Controls
Each guardian: Active/Paused toggle (admin-only), trigger count, last active timestamp. Status indicator.
Checklist / RACI
Compliance tracking and accountability management with exportable deliverables.
Feature
Description
Compliance Checklist
Full checklist organized by governance pillars. Track completion status per item with visual progress indicators. Supports multiple compliance frameworks.
CSV Export
Export the full compliance checklist as CSV for use in spreadsheets, external reporting tools, or audit evidence packages.
PDF Export
Generate a formatted PDF of the compliance checklist for sharing with leadership, auditors, or regulatory bodies.
Editable RACI Matrix
Define who is Responsible, Accountable, Consulted, and Informed for each governance activity. Fully editable by admin users. Customizable roles and activities.
Progress Tracking
Per-pillar progress bars and overall completion percentage. Visual indicators highlight areas needing attention.
Admin Config
Organization, user, and security management for platform administrators.
Feature
Description
Organization Management
Admin Manage organization profile, display name, and branding. Configure feature flags to enable or disable platform capabilities. Danger zone for critical org-level actions.
Department Management
Admin Create and manage departments within your organization. Organize users and assets by business unit for clearer governance oversight.
User Onboarding
Admin Invite new team members with token-based invitations. Assign role (Owner, Admin, Analyst, Viewer) at invite time. Invitations expire automatically for security.
User Offboarding
Admin Remove users from the organization. Revoke access immediately with audit trail of the offboarding action.
Role Management
Admin Change user roles at any time. Four roles: Owner (full control including billing), Admin (full edit), Analyst (read-only with assessment access), Viewer (read-only).
SSO Configuration
Admin Configure Single Sign-On with your identity provider via SAML or OIDC. Map external groups to KoraSafe roles.
MFA Enforcement
Admin Require multi-factor authentication for all users in the organization. Time-based one-time passwords supported.
API Key Management
Admin Create, view, rotate, and revoke API keys for programmatic access. Each key action is logged in the audit trail.
Session Security
Admin Configure session timeout and idle timeout policies. Manage active sessions across the organization.
Logging Levels
Admin Configure structured logging levels for your organization. Tiered logging ensures appropriate detail for debugging and compliance without excessive noise.
Integrations
Connect KoraSafe with your existing tools and data sources.
Feature
Description
Document Ingestion
Admin Import regulatory documents with title, text, source URL, category (regulation text, enforcement action, guidance, case study, best practice, news), jurisdiction, and applicable regulations.
Knowledge Base Health
Health indicator, document count, category breakdown. Refresh controls to verify the intelligence layer is current and healthy.
MCP API
MCP Model Context Protocol endpoint for agent-to-agent governance. Methods: initialize, list tools, call tools. Tools include knowledge base query with filters and document catalog listing.
Semantic Search Infrastructure
Regulatory document indexing and intelligent retrieval powering assessments, chat, and regulatory intelligence across the platform.
Google Drive
Import documents from shared drives for direct ingestion into the knowledge base.
Slack
Alerts and notifications for governance events delivered to your Slack channels.
Jira / Linear
Track remediation tasks and governance tickets directly in your project management tool.
Monitoring Dashboards
Connect agent performance monitoring and alerting services for unified observability.
Cloud Registries
Connect cloud provider model registries and logging services for centralized oversight.
Observability Tools
Connect AI observability and experiment tracking platforms for deeper agent analysis.
Security
Enterprise security controls protecting every layer of the platform.
Feature
Description
Multi-tenant Isolation
Organization-scoped data isolation ensures each tenant's data is completely separate. Row-level security policies enforce this at the database level.
Organization Members
Users belong to a single organization with a defined role. Cross-organization data access is prevented by architecture.
Rate Limiting
API endpoints are rate-limited to prevent abuse and ensure fair resource allocation across tenants.
Input Validation
All user input is validated and sanitized before processing. Prevents injection attacks and malformed data from reaching the system.
Security Headers
Standard security headers applied to all responses: frame protection, content type enforcement, strict referrer policy, and cross-origin resource sharing controls.
Structured Error Handling
Errors are handled consistently across the platform. No sensitive information (stack traces, configuration details) is ever exposed to clients.
Audit Logging
Append-only, organization-scoped audit logs capture every significant action. Immutable records for compliance evidence and forensic review.
Invite System
Token-based invitations with automatic expiry. Role is assigned at invite time. Expired or used tokens cannot be reused.
CAPTCHA Protection
Server-side CAPTCHA verification on user signup to prevent automated account creation.
Code audit
Automated governance scanning across CI/CD, IDE, browser, and web surfaces.
Feature
Description
Audit findings dashboard
Admin Filter, sort, and triage governance findings across all surfaces. Severity badges, category filters, source tracking (CI/CD, IDE, browser, manual).
Code upload audit
Auth Drag-drop source files or paste a GitHub URL. The Code Auditor agent scans for governance violations, maps findings to regulatory controls, and generates remediation guidance.
Bulk findings status
Admin Select multiple findings and update their status (acknowledged, resolved, false positive) in a single action.
Code Auditor agent
Auth KoraSafe agent bar command: /code-audit. Routes to the Code Auditor agent which scans source code and returns structured finding cards with Apply fix, Reject, and Escalate actions.
Dependency Auditor agent
Auth KoraSafe agent bar command: /deps. Scans package dependencies for CVEs, license issues, and governance compliance.
Remediation agent
Auth KoraSafe agent bar command: /fix. Generates code patches and fixes for governance findings with regulatory context.
GitHub Action
CI/CDkorasafe/kora-action runs governance checks on pull requests. Posts findings as PR comments, creates Check Runs, and blocks merges on critical findings.
GitLab CI template
CI/CD Reusable .korasafe-ci.yml template that runs governance audits on merge requests.
VS Code extension
IDE Real-time diagnostics on file save, sidebar compliance score ring, quick fix code actions, hover tooltips with regulation mapping.
Chrome extension
Browser Manifest V3. Detects shadow AI usage, intercepts LLM API calls, scans for PII in chat inputs, side panel with findings and timeline.
Policy packs
Versioned, distributable governance policy bundles tied to regulatory frameworks.
Feature
Description
Pack catalog
Admin Browse available policy packs organized by regulation (EU AI Act, GDPR, HIPAA, state laws). Each pack shows version, last updated, and subscriber count.
Semantic versioning
Policy packs follow semver. Regulation amendments bump the minor or major version. Organizations can pin to a specific version or enable auto-update.
Subscribe and pin
Auth Subscribe to a pack to enforce its policies across all surfaces. Pin to a version for stability or enable auto-update for latest rules.
Human review gate
Admin When a pack version is bumped due to a regulatory change, the update is held for human review before enforcement begins. Prevents untested rules from reaching production.
Surface distribution
Admin Toggle which surfaces (web, CI/CD, IDE, browser) enforce each policy. Policies can be enabled on one surface while disabled on others.
FinOps and LLM cost governance
Monitor, allocate, and optimize AI spend across the organization.
Feature
Description
Cost center management
Admin Create cost centers by team, project, or use case. Allocate budgets and track spend against each center.
Budget alerts
Admin Set threshold-based alerts (percentage of budget consumed). Alerts route through the severity-based notification system.
Cost-per-action tracking
Auth Break down LLM spend by action type: KoraSafe queries, assessments, guardian scans, audits, and ingestion.
Usage forecasting
Auth Project future spend based on current usage trends. Helps teams plan capacity and negotiate enterprise agreements.
Chargeback reporting
Admin Generate reports allocating AI costs to business units for internal billing and accountability.
Value and ROI report
Admin Quantify the governance value delivered: compliance gaps closed, findings remediated, audit hours saved.
System health
Real-time platform monitoring, error tracking, and service status.
Feature
Description
Service health probes
Public Every 5 minutes, health probes check all dependent services (database, auth, LLM providers, integrations) and record results.
Error log
Admin Searchable error log with structured error codes, request IDs, and timestamps. No stack traces or internal paths exposed to clients.
Endpoint health
Admin Per-endpoint latency and error rate monitoring. Identifies degraded routes before they impact users.
Database health
Admin Connection pool utilization, query performance, and table size monitoring.
SLA report
Admin Track SLA compliance across service availability, response times, and governance finding resolution windows.
Alerts and notifications
Severity-based routing, SLA tracking, and multi-channel delivery.
Feature
Description
Severity-based routing
Critical findings trigger Slack DM + email (1h SLA). High findings go to Slack channel + email digest (24h SLA). Medium: platform + weekly digest. Low: platform only.
Critical alert banner
Auth Persistent banner at the top of the platform showing unresolved critical and high alerts. Polls every 60 seconds, dismissible per session.
SLA compliance tracking
Admin Tracks first_detected_at, acknowledged_at, and resolved_at for every alert. Dashboard widget shows SLA breach rate per severity tier.
Notification preferences
Auth Per-category toggles for in-app, email, and Slack delivery. Six categories: governance, agents, security, usage, system, team.
Slack integration
Admin Incoming webhook delivery with Block Kit formatted alerts. Severity-colored attachments and deep links back to the platform.
Email alerts
Admin Branded HTML email alerts via SMTP, SendGrid, or Supabase edge function. Weekly governance digest with stats and action items.
Alert rules engine
Admin Define custom alert rules with metric, operator, threshold, cooldown, and channel routing. Evaluated every 5 minutes by the cron engine.
Cross-Cutting Concerns
Platform-wide capabilities that span multiple modules.
Feature
Description
Role-Based Access Control
Four roles: Owner (full control), Admin (full edit access), Analyst (read-only with assessment access), Viewer (read-only). Enforced across all modules.
Activity Logging
All governance state changes, assessment runs, enforcement actions, registry operations, and policy changes are logged with timestamps and descriptions.
Notifications System
Real-time notification panel for asset registrations, assessments, governance changes, enforcement actions, and guardian triggers. Read/unread tracking.
Profile Management
Profile settings with display name, avatar, role display, and security options (password change for email users). Sign out.
Regulatory Intelligence Panel
AI-powered intelligence feed shown contextually in Dashboard, Registry, Governance, and Enforcement modules. Surfaces relevant regulatory content from the knowledge base.
Agent Discovery Card
Published agent card for automatic discovery by other AI systems. Lists governance skills, input/output modes, and authentication requirements.
Structured Logging
Tiered logging levels across the platform ensure appropriate detail for debugging, monitoring, and compliance without excessive noise. Logs are forwarded to centralized observability.