Policy and CI Gates
Policy and CI Gates
Section titled “Policy and CI Gates”Use these policies to move from visibility to enforcement for current RAG architecture risk.
Strict Policy (Production RAG)
Section titled “Strict Policy (Production RAG)”metrics: - id: centrality - id: rag_architecture
policy: invariants: - metric: rag_architecture.retrieval_latency_risk op: "<=" value: 0.20 - metric: rag_architecture.retrieval_scope_filter_gap op: "<=" value: 0.10 - metric: rag_architecture.prompt_injection_guard_gap op: "<=" value: 0.10 - metric: rag_architecture.retrieved_content_sanitization_gap op: "<=" value: 0.10 - metric: rag_architecture.eval_harness_gap op: "<=" value: 0.10 - metric: rag_architecture.eval_metric_coverage_gap op: "<=" value: 0.20 - metric: rag_architecture.retrieval_readiness op: ">=" value: 0.80 - metric: rag_architecture.safety_readiness op: ">=" value: 0.85 - metric: rag_architecture.evaluation_readiness op: ">=" value: 0.80 - metric: rag_architecture.overall_health op: ">=" value: 0.80Pragmatic Policy
Section titled “Pragmatic Policy”metrics: - id: centrality - id: rag_architecture
policy: invariants: - metric: rag_architecture.retrieval_latency_risk op: "<=" value: 0.35 - metric: rag_architecture.retrieval_scope_filter_gap op: "<=" value: 0.35 - metric: rag_architecture.eval_harness_gap op: "<=" value: 0.50 - metric: rag_architecture.retrieval_readiness op: ">=" value: 0.60 - metric: rag_architecture.safety_readiness op: ">=" value: 0.60 - metric: rag_architecture.evaluation_readiness op: ">=" value: 0.55 - metric: rag_architecture.overall_health op: ">=" value: 0.60CI Command
Section titled “CI Command”arxo analyze --path . --preset rag --config arxo.yml --fail-fastRollout Guidance
Section titled “Rollout Guidance”- Start with pragmatic thresholds for 1-2 release cycles.
- Close critical safety gaps first (
scope,injection,sanitization,trust boundary). - Enforce strict evaluation gates after harness adoption.
- Keep no-regression checks on
overall_health.