{"overall_completion_pct":96.3,"implemented_count":39,"partial_count":1,"pending_count":1,"total_items":41,"categories":{"access_control":{"items":[{"id":"gov-api-auth","name":"Governance API authentication","category":"access_control","status":"implemented","completion_pct":100,"recommendation":"Enable PORTAL_AUTH_ENABLED or API_KEY / OIDC / SAML"},{"id":"production-auth-failclosed","name":"Production fail-closed without auth","category":"access_control","status":"implemented","completion_pct":100,"recommendation":"Configure authentication before ENVIRONMENT=production"},{"id":"enterprise-sso","name":"Enterprise SSO / portal authentication","category":"access_control","status":"implemented","completion_pct":100,"recommendation":""},{"id":"multi-tenant-ready","name":"Multi-tenant or single-tenant sovereign mode","category":"access_control","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"application_security":{"items":[{"id":"llm-prompt-guard","name":"Prompt guard on all LLM ingress paths","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set PROMPT_GUARD_ENABLED=true"},{"id":"llm-output-sanitize","name":"Output sanitization including streams","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set OUTPUT_SANITIZE_ENABLED=true"},{"id":"file-input-guard","name":"Upload malware, fileless attack & file behavior guard","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set FILE_INPUT_GUARD_ENABLED=true (default on)"},{"id":"content-moderation","name":"Toxic content moderation","category":"application_security","status":"implemented","completion_pct":100,"recommendation":""},{"id":"ai-security-stack","name":"Layered input/output AI security stack","category":"application_security","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"data_protection":{"items":[{"id":"pii-upload-block","name":"PII block on knowledge-base upload","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Set PII_SCAN_BLOCK_UPLOAD=true for regulated deployments"},{"id":"pii-prompt-block","name":"PII block on LLM prompt ingress","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Set PII_SCAN_BLOCK_PROMPT=true for regulated deployments"},{"id":"pii-audit-redaction","name":"PII redaction in audit log entries","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Keep PII_SCAN_ENABLED=true"},{"id":"tenant-encryption","name":"Tenant encryption at rest","category":"data_protection","status":"partial","completion_pct":50,"recommendation":"Set TENANT_ENCRYPTION_ENABLED=true with TENANT_ENCRYPTION_MASTER_KEY"},{"id":"pii-tokenization","name":"PII tokenization vault","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":""},{"id":"ml-pii-hybrid","name":"Hybrid PII detection (regex + tokenization vault)","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":91.7},"audit_integrity":{"items":[{"id":"audit-hash-chain","name":"Tamper-evident audit hash chain","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":"Investigate audit chain errors via GET /governance/audit-chain/verify"},{"id":"audit-entry-chaining","name":"Per-entry audit log hash in chain","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":""},{"id":"worm-audit-archive","name":"WORM audit archive seals","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":"POST /governance/audit-archive/seal or enable SLHP scheduler"}],"completion_pct":100.0},"operations":{"items":[{"id":"slhp-scheduler","name":"SLHP production scheduler","category":"operations","status":"implemented","completion_pct":100,"recommendation":"Set SLHP_SCHEDULER_ENABLED=true"},{"id":"production-governance-automation","name":"Production governance profile automation script","category":"operations","status":"implemented","completion_pct":100,"recommendation":"Run python scripts/ensure_production_governance.py"},{"id":"governance-completion-bootstrap","name":"Governance 100% completion bootstrap","category":"operations","status":"implemented","completion_pct":100,"recommendation":""},{"id":"maturity-tracker","name":"Governance maturity all dimensions 100%","category":"operations","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"grc_integration":{"items":[{"id":"grc-webhook","name":"GRC webhook push integration","category":"grc_integration","status":"implemented","completion_pct":100,"recommendation":"Configure GRC_WEBHOOK_URL or use local export profile in air-gap"},{"id":"grc-local-export","name":"Local GRC export snapshots","category":"grc_integration","status":"implemented","completion_pct":100,"recommendation":"Use scheduler job grc_local_export_weekly or POST /governance/grc/export/local"}],"completion_pct":100.0},"compliance":{"items":[{"id":"owasp-runtime","name":"OWASP LLM runtime control evaluation","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"eu-ai-act-sync","name":"EU AI Act workflow runtime evidence sync","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"dpia-template","name":"DPIA template available","category":"compliance","status":"pending","completion_pct":0,"recommendation":""},{"id":"explainability","name":"Financial explainability & model cards","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"insurance-pack","name":"Insurance governance framework pack","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"dora-incidents","name":"DORA ICT incident taxonomy","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"sr11-validation","name":"SR 11-7 validation workflow","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":85.7},"quality":{"items":[{"id":"rag-faithfulness-ci","name":"RAG faithfulness benchmark corpus","category":"quality","status":"implemented","completion_pct":100,"recommendation":"Run scripts/rag_faithfulness_benchmark.py in CI"},{"id":"optional-ocr-vision","name":"Optional OCR & vision modality modules","category":"quality","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"cockpit":{"items":[{"id":"cockpit-blueprint","name":"AI Governance Cockpit blueprint layers","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""},{"id":"shadow-ai-discovery","name":"Shadow AI discovery module","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""},{"id":"infra-scanner","name":"Infrastructure AI asset scanner","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"observability":{"items":[{"id":"behavior-drift","name":"LLM behavior & drift pipeline","category":"observability","status":"implemented","completion_pct":100,"recommendation":""},{"id":"quality-dashboard","name":"Hallucination & bias observability","category":"observability","status":"implemented","completion_pct":100,"recommendation":""},{"id":"output-self-check","name":"Hallucination output self-check","category":"observability","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"workflow":{"items":[{"id":"approval-workflow","name":"Multi-role approval chains","category":"workflow","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0},"lifecycle":{"items":[{"id":"model-retirement","name":"Model decommission workflow","category":"lifecycle","status":"implemented","completion_pct":100,"recommendation":""}],"completion_pct":100.0}},"items":[{"id":"gov-api-auth","name":"Governance API authentication","category":"access_control","status":"implemented","completion_pct":100,"recommendation":"Enable PORTAL_AUTH_ENABLED or API_KEY / OIDC / SAML"},{"id":"llm-prompt-guard","name":"Prompt guard on all LLM ingress paths","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set PROMPT_GUARD_ENABLED=true"},{"id":"llm-output-sanitize","name":"Output sanitization including streams","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set OUTPUT_SANITIZE_ENABLED=true"},{"id":"file-input-guard","name":"Upload malware, fileless attack & file behavior guard","category":"application_security","status":"implemented","completion_pct":100,"recommendation":"Set FILE_INPUT_GUARD_ENABLED=true (default on)"},{"id":"pii-upload-block","name":"PII block on knowledge-base upload","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Set PII_SCAN_BLOCK_UPLOAD=true for regulated deployments"},{"id":"pii-prompt-block","name":"PII block on LLM prompt ingress","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Set PII_SCAN_BLOCK_PROMPT=true for regulated deployments"},{"id":"pii-audit-redaction","name":"PII redaction in audit log entries","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":"Keep PII_SCAN_ENABLED=true"},{"id":"audit-hash-chain","name":"Tamper-evident audit hash chain","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":"Investigate audit chain errors via GET /governance/audit-chain/verify"},{"id":"audit-entry-chaining","name":"Per-entry audit log hash in chain","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":""},{"id":"worm-audit-archive","name":"WORM audit archive seals","category":"audit_integrity","status":"implemented","completion_pct":100,"recommendation":"POST /governance/audit-archive/seal or enable SLHP scheduler"},{"id":"tenant-encryption","name":"Tenant encryption at rest","category":"data_protection","status":"partial","completion_pct":50,"recommendation":"Set TENANT_ENCRYPTION_ENABLED=true with TENANT_ENCRYPTION_MASTER_KEY"},{"id":"slhp-scheduler","name":"SLHP production scheduler","category":"operations","status":"implemented","completion_pct":100,"recommendation":"Set SLHP_SCHEDULER_ENABLED=true"},{"id":"grc-webhook","name":"GRC webhook push integration","category":"grc_integration","status":"implemented","completion_pct":100,"recommendation":"Configure GRC_WEBHOOK_URL or use local export profile in air-gap"},{"id":"grc-local-export","name":"Local GRC export snapshots","category":"grc_integration","status":"implemented","completion_pct":100,"recommendation":"Use scheduler job grc_local_export_weekly or POST /governance/grc/export/local"},{"id":"owasp-runtime","name":"OWASP LLM runtime control evaluation","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"eu-ai-act-sync","name":"EU AI Act workflow runtime evidence sync","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"production-auth-failclosed","name":"Production fail-closed without auth","category":"access_control","status":"implemented","completion_pct":100,"recommendation":"Configure authentication before ENVIRONMENT=production"},{"id":"production-governance-automation","name":"Production governance profile automation script","category":"operations","status":"implemented","completion_pct":100,"recommendation":"Run python scripts/ensure_production_governance.py"},{"id":"rag-faithfulness-ci","name":"RAG faithfulness benchmark corpus","category":"quality","status":"implemented","completion_pct":100,"recommendation":"Run scripts/rag_faithfulness_benchmark.py in CI"},{"id":"dpia-template","name":"DPIA template available","category":"compliance","status":"pending","completion_pct":0,"recommendation":""},{"id":"cockpit-blueprint","name":"AI Governance Cockpit blueprint layers","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""},{"id":"shadow-ai-discovery","name":"Shadow AI discovery module","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""},{"id":"behavior-drift","name":"LLM behavior & drift pipeline","category":"observability","status":"implemented","completion_pct":100,"recommendation":""},{"id":"quality-dashboard","name":"Hallucination & bias observability","category":"observability","status":"implemented","completion_pct":100,"recommendation":""},{"id":"pii-tokenization","name":"PII tokenization vault","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":""},{"id":"content-moderation","name":"Toxic content moderation","category":"application_security","status":"implemented","completion_pct":100,"recommendation":""},{"id":"ai-security-stack","name":"Layered input/output AI security stack","category":"application_security","status":"implemented","completion_pct":100,"recommendation":""},{"id":"output-self-check","name":"Hallucination output self-check","category":"observability","status":"implemented","completion_pct":100,"recommendation":""},{"id":"explainability","name":"Financial explainability & model cards","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"approval-workflow","name":"Multi-role approval chains","category":"workflow","status":"implemented","completion_pct":100,"recommendation":""},{"id":"infra-scanner","name":"Infrastructure AI asset scanner","category":"cockpit","status":"implemented","completion_pct":100,"recommendation":""},{"id":"insurance-pack","name":"Insurance governance framework pack","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"dora-incidents","name":"DORA ICT incident taxonomy","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"sr11-validation","name":"SR 11-7 validation workflow","category":"compliance","status":"implemented","completion_pct":100,"recommendation":""},{"id":"model-retirement","name":"Model decommission workflow","category":"lifecycle","status":"implemented","completion_pct":100,"recommendation":""},{"id":"ml-pii-hybrid","name":"Hybrid PII detection (regex + tokenization vault)","category":"data_protection","status":"implemented","completion_pct":100,"recommendation":""},{"id":"governance-completion-bootstrap","name":"Governance 100% completion bootstrap","category":"operations","status":"implemented","completion_pct":100,"recommendation":""},{"id":"enterprise-sso","name":"Enterprise SSO / portal authentication","category":"access_control","status":"implemented","completion_pct":100,"recommendation":""},{"id":"multi-tenant-ready","name":"Multi-tenant or single-tenant sovereign mode","category":"access_control","status":"implemented","completion_pct":100,"recommendation":""},{"id":"optional-ocr-vision","name":"Optional OCR & vision modality modules","category":"quality","status":"implemented","completion_pct":100,"recommendation":""},{"id":"maturity-tracker","name":"Governance maturity all dimensions 100%","category":"operations","status":"implemented","completion_pct":100,"recommendation":""}],"environment":"production","is_production":true}