AI Coding Governance Console

Govern AI Coding Agents

PR-level governance receipts, interprocedural taint analysis, session audit trail, and repo posture scoring, purpose-built for AI coding agents and long-context sessions.

receipt-verified taint-clean
Receipts Issued 47 this session
Taint Paths 0 critical: clean
Taint Warnings 3 medium severity
Repo Posture READY all checks passed
PRs Governed 12 with receipts
Latest Governance Receipt Phase 3A · deterministic · sha256 of session content
Session Receipt verified
receipt_hash: 7f3a2b9c4d1e6f0a8b…
session_id: sess_20260514_001
model_provider: anthropic
model_id: claude-sonnet-4-6
token_count: 42,817
tool_calls: 94
instruction_changes:0
semantic_drift: 0.04
boundary_violations:0
governance_verdict: PASS
is_advisory_only: true
authoritative_for_wiw:false
What a Receipt Covers
receipt_hashSHA-256 of full session content
semantic driftintent shift detection
instruction conflictcontradictory directive detection
tool-call chainaction sequence integrity
boundary violationsinformation scope enforcement
model identityprovider + model attribution
CLI Commands
vai session analyze
vai session receipt
vai receipt verify --hash <hash>
vai audit trail --session-id <id>
Interprocedural Taint Analysis Phase 7F · tracks data flow across function boundaries
medium src/auth/token_validator.py:142
Tainted value from user input flows into format_log_entry() without sanitization. Cross-function taint path: handle_request → parse_body → format_log_entry.
medium src/pipeline/executor.py:87
External config value propagates into SQL query builder through two intermediary functions. Taint path: load_config → apply_filters → build_query.
low src/reporting/formatter.py:214
User-supplied label string used in report title without escaping. Low severity; report is internal only.
clean src/governance/ (12 files)
All governance-layer functions are taint-clean. No external data flows reach hash or signing operations.
Taint Summary
Files analyzed38
Functions traced214
Taint sources6
Critical paths0
Medium paths2
Low paths1
Governance layerclean

Taint analysis is advisory only. It identifies potential data-flow risks; it does not block or enforce. Integrate with CI via vai taint analyze.

Repo Governance Posture Aggregate posture across all sessions and receipts in this repository
Receipt Coverage
PRs with receipts 12 / 14
Sessions audited 47 / 47
Receipts verified 100%
Semantic Health
Avg drift score0.06
Max drift0.18
Instruction conflicts0
Boundary violations0
PASS verdicts47 / 47
Taint Posture
Critical taint0
Medium taint2
Low taint1
Governance layerclean
Hash functionsclean
Developer Workflow Pre-commit hook, audit, receipt verify, session lineage: copy-paste ready
# .git/hooks/pre-commit — add governance gate
#!/bin/sh
vai ci gate HEAD --profile enterprise --fail-on high
# exits 1 and blocks commit if HIGH findings present
# On a clean commit:
PASS · 0 HIGH findings · receipt: vai-c3d4e5f6-78901234
authoritative_for_wiw=false
# On a blocked commit:
BLOCKED · 2 HIGH findings in auth.py
[HIGH] HARDCODED_SECRET line 10
[HIGH] SQL_INJECTION_RISK line 18
Commit aborted. Fix findings or use --profile developer to warn-only.
# Audit a specific file
vai audit src/auth.py --profile enterprise
status=red | findings=4 (3 HIGH, 1 MED)
receipt: vai-a1b2c3d4-e5f67890
# Verify a receipt
vai receipt verify vai-a1b2c3d4-e5f67890
VERIFIED ✓ hash matches — chain intact
# Session lineage — which sessions touched this file
vai session lineage src/auth.py
ses-8f2a1b3c 2026-05-16 14:22 WRITE 3 findings
ses-4d91e22a 2026-05-15 09:11 WRITE 0 findings
ses-7c3b9e01 2026-05-14 16:44 READ —
3 sessions · first write 2026-05-14
Enterprise Pilots · AI Coding Governance

Govern Every AI Coding Agent

Deploy receipt-based governance for your entire AI coding pipeline. Local-first, no SaaS, no telemetry.

Deep Audit Console → Enterprise Readiness