Governance is the layer that turns “we can see what the agent does” into “we know it’s allowed to do that”. Use it to enforce policies before runs reach users, score risk per app, gather evidence with a review workflow, and run repeatable assessments.Documentation Index
Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
Use this file to discover all available pages before exploring further.
What’s inside
Policies
Define and assign governance rules, evaluate them against runs, score compliance.
Evidence
Collect, review, and approve evidence — automated or manual.
Assessments
Dynamic questionnaires with weighted scoring.
Risk Dashboard
Six-dimensional risk score per app, rolled up to the org.
AI Registry
Catalogue of models, deployments, and ownership.
How governance fits together
The AI Registry is the inventory layer — what exists in your portfolio. Policies and Assessments produce the inputs to risk scoring. Evidence is the artefact layer that proves controls are met. Risk rolls up the four into a single per-app score, and Compliance translates the score into framework-specific status.When to start where
| Maturity | Start with |
|---|---|
| You just got Observatory running | AI Registry — catalogue what you have before governing it. |
| You have telemetry but no controls | Policies — the highest-leverage place to add guardrails. |
| You have policies but no audit trail | Evidence — turn enforcement into proof. |
| You report to a risk committee | Risk Dashboard — give them one number per app. |
| You need formal sign-off | Assessments — structured, repeatable, scoreable. |
Related resources
Compliance
Map controls to EU AI Act, NIST AI RMF, and ISO 42001.
Observability
The telemetry that policies and risk scoring read from.