S / 04 · AI Governance · Gate 04 of the YNDR Framework

Governance that lives in the code,
not the deck.

The audit-trail layer of the YNDR Framework. Rules your agents and your people both follow, written down once, enforced at runtime, and exportable to the LP report your board already runs.

Position in the framework

Strategy decides what ships. Build delivers it. Security defends it. Governance makes the agent and the team auditable. Gate 04 is the layer that turns the first three into something a regulator, an insurer, or an LP can read.

The governance layer

Six controls.
Every one of them produces a file.

A control that doesn't produce an artifact a reviewer can open is not a control. Each row below ships with the named output on the right. Version-controlled, queryable, exportable.

G / 01

Agent SOPs

The rules each agent follows, written down once.

Scope, tool inventory, escalation criteria, tone, the things the agent must never do. Version-controlled in the repo, traceable on every run, amendable through pull request.

Artifact

Agent handbook in repo

G / 02

Model-use policy

Who is allowed to use which model for which task.

One page, written for operators. Approved models, approved use-cases, what requires review, what is banned. Enforced at the API gateway so the policy and the runtime cannot drift.

Artifact

Gateway allowlist + policy memo

G / 03

Data classification

What goes in a prompt, what never does, what gets redacted.

One standard applied to humans and agents the same way. Tiered by sensitivity, mapped to systems of record, enforced by retrieval scopes and pre-prompt scrubbers.

Artifact

Classification table + redaction rules

G / 04

Audit trails and logging

Every agent action, every escalation, every override.

Tool calls, prompts, retrievals, outputs, and human signoffs land in a queryable log. The LP report, the insurance questionnaire, and the board pack pull from the same source of truth.

Artifact

Append-only log + standard queries

G / 05

Kill switches and rollback

One command to stop the agent. A tested path back.

Every agent ships with a single revoke command that disables its tools and routes traffic to a human queue. Last-known-good version pinned, restore drill run monthly, named owner on call.

Artifact

Revoke command + rollback runbook

G / 06

Human-in-the-loop gates

The agent stops before it does anything irreversible.

Sending external messages, moving money, writing to systems of record, deleting data. HITL placement defined in the agent charter, enforced in the tool layer, reviewer signoff captured in the audit log.

Artifact

Charter + tool-layer enforcement

Compliance mapping

One control table.
Three frameworks.

We build the controls once and map them three ways. Auditors and procurement teams get the framework they care about; you don't run three parallel programs.

EU AI ACT

European Union AI Act

Risk classification, transparency obligations, post-market monitoring, and human oversight requirements. We map the high-risk control set to your agent SOPs, HITL gates, and audit log so the conformity work is already done when the deadline hits.

NIST AI RMF

NIST AI Risk Management Framework

Govern, Map, Measure, Manage. We translate the four functions into the artifacts you already produce: model-use policy (Govern), agent charter (Map), eval set and red-team runs (Measure), kill switch and rollback (Manage).

ISO 42001

ISO/IEC 42001 · AI Management Systems

The management-system standard. Policy, roles, controls, continuous improvement. We line up your governance program to the clause structure so an auditor can walk from clause to control to evidence in one pass, not three.

The ordering

Security precedes
governance. Always.

Governance documents the controls. Security implements them. If you write the policy before the lethal trifecta is split, the RAG is access-scoped, and the agent actions are sandboxed, the policy describes a system that doesn't exist. We sequence security first so governance has something real to audit.

Gate 03 · Security

Builds the runtime defense.

Lethal-trifecta split, RAG access controls, prompt-injection mitigation, tool sandboxing, API key hygiene. Real defenses, enforced in code, exercised under attack. The thing the policy is going to claim.

See the security service
Gate 04 · Governance

Documents and exports it.

Agent SOPs, model-use policies, data classification, audit logs, kill switches, HITL gates, each one anchored to the security control it describes. The receipt trail comes out of code that already enforces the rule.

See the full framework
Questions buyers actually ask

What you're probably
wondering.

Q01

Why does security come before governance in the YNDR Framework?

Governance documents controls. Security implements them. If you write the policy before the lethal trifecta is split, the RAG is access-scoped, and the agent actions are sandboxed, the policy describes a system that doesn't exist. We sequence security first so governance has something real to audit. The receipt trail comes out of code that already enforces the rule.

Q02

What does YNDR mean by 'governance that lives in the code'?

Most governance lives in a slide deck and a quarterly attestation. Ours lives in agent SOPs version-controlled in the repo, model-use policies enforced at the API gateway, kill switches wired to a single command, and audit logs your board's LP report can pull from directly. If a control isn't in code or in a runnable check, it isn't a control.

Q03

How do you map to EU AI Act, NIST AI RMF, and ISO 42001?

We translate each framework's required controls into the artifacts we already build: agent SOPs, data classification, audit trails, kill switches, and HITL gates. One control table, three columns, every line traceable to a file or a log query. Audit-ready without re-writing the program for each framework.

Q04

What is a HITL gate and where do you put them?

Human-in-the-loop gates are explicit checkpoints where the agent stops and waits for a human approval before taking an irreversible action: sending external messages, moving money, writing to a system of record, deleting data. We define HITL placement in the agent charter and enforce it in the tool layer, not in the prompt. The reviewer's signoff lands in the audit log.

Q05

What's in a kill switch and a rollback plan?

A kill switch is one command that disables every tool an agent can call and routes new requests to a human queue. A rollback plan defines the last-known-good agent version, the data state required to restore it, and the comms protocol for affected users. Both are written before the agent ships, tested monthly, and named in the operations manual your team owns.

Book the review

Bring the policy doc.
We'll show you what's actually enforced.

45 minutes. No deck. We map your current controls against the YNDR governance layer, mark what's in code versus what's in a slide, and hand you the gap list with the next two moves named. If governance is the right place to start, we scope it on the call.

YNDR · AI Operations Company · Gate 04 of the YNDR Framework · chris@yndr.com