GOVERN Build

Governance gates on every commit. Catch AI policy violations before they ship.

What is GOVERN Build?

GOVERN Build integrates AI governance into your CI/CD pipeline. Every time code is committed or a pull request is opened, GOVERN runs your test prompt suite against your AI models and checks the results against your governance policy. Violations appear as PR comments, CI failures, and SARIF alerts in your security dashboard.

Shift-left governance

Traditional AI governance is a post-deployment audit. GOVERN Build shifts this left:

Without GOVERN Build:
Commit → Test → Deploy → Monitor → Discover violation → Fix → Deploy again

With GOVERN Build:
Commit → Test → GOVERN gate → ← fix here, fast ─────────────────────────▶ Deploy

Finding violations at the commit stage is 10x cheaper than finding them in production.

How it works

1. Your test suite contains governance test cases (prompts.json)
2. On every commit, GOVERN Build calls your AI model with each test prompt
3. Each response is scored: security, bias, accuracy, drift, cost
4. Results are compared against your policy thresholds
5. Pass → green CI check → merge allowed
6. Fail → red CI check with violation details → merge blocked

Pipeline integrations

Platform	Integration	Setup time
GitHub Actions	Official action	5 minutes
GitLab CI	Official template	5 minutes
Jenkins	Shared library	10 minutes
Azure DevOps	Official task	5 minutes
Any platform	CLI (`govern assess`)	2 minutes

Quick example

- name: GOVERN Build Gate
  uses: archetypal-ai/govern-action@v1
  with:
    api-key: ${{ secrets.GOVERN_API_KEY }}
    model: claude-sonnet-4-20250514
    test-prompts: tests/govern/prompts.json
    fail-on: flag

That’s it. Add one step. Get AI governance on every PR.