Skip to content
GOVERN Build

.govern.yaml Configuration

File location

Place .govern.yaml in your repository root. GOVERN Build automatically discovers it.

You can override the path with the --gov-config flag or GOV_CONFIG environment variable.

Full reference

# .govern.yaml — GOVERN Build configuration


# ─── Model ────────────────────────────────────────────────────────────────────
model:
  # Model ID for generating test responses
  id: claude-sonnet-4-20250514


  # Provider (auto-detected from model ID in most cases)
  provider: anthropic


  # Model parameters for test generation
  temperature: 0.0          # Use 0 for deterministic CI tests
  max_tokens: 1024


# ─── Test Suite ───────────────────────────────────────────────────────────────
tests:
  # Path to test prompts JSON file
  prompts: tests/govern/prompts.json


  # Path to pre-generated responses (optional — skip model API calls)
  responses: tests/govern/responses.json


  # Auto-generate responses when prompts file is newer than responses file
  auto_regenerate: true


  # Tags to include/exclude
  include_tags: []    # Empty = include all
  exclude_tags: []


  # Max concurrent test executions
  concurrency: 10


# ─── Gates ────────────────────────────────────────────────────────────────────
gates:
  # Assessment gate
  assessment:
    enabled: true
    fail_on: flag          # block | flag | never
    violation_threshold: 0
    required_pass_rate: 1.0
    enforce_expected_actions: true
    baseline_branch: main
    baseline_regression_threshold: 0.10
    scorers:
      security:
        threshold: 0.70
      bias:
        threshold: 0.60
      accuracy:
        threshold: 0.65
      drift:
        threshold: 0.25
      cost:
        enabled: false    # Don't score cost in CI


  # Policy gate (org-wide policy from GOVERN platform)
  policy:
    enabled: true
    fail_on: block
    policy_version: latest  # or pin: "v3"


  # Drift gate
  drift:
    enabled: true
    baseline_branch: main
    drift_threshold: 0.15
    fail_on_missing_baseline: false
    dimensions:
      security: 0.10
      bias: 0.10
      accuracy: 0.20
      tone: 0.15


  # Custom gates
  custom:
    - name: "Disclaimer Check"
      script: "./gates/check-disclaimers.sh"
      fail_on_error: true
      timeout_seconds: 30
      tags_filter: ["financial"]


# ─── Output ───────────────────────────────────────────────────────────────────
output:
  # Output formats: table | json | sarif | junit | gitlab-security
  formats:
    - table
    - json
    - sarif


  # File paths for each format
  files:
    json: govern-results.json
    sarif: govern-results.sarif
    junit: govern-junit.xml


  # Post a comment on pull requests (GitHub, GitLab)
  post_pr_comment: true


  # Upload SARIF to GitHub Security tab (GitHub only)
  upload_sarif: true


# ─── Baseline ─────────────────────────────────────────────────────────────────
baseline:
  # Branch to use as drift baseline
  branch: main


  # Auto-commit updated responses to baseline branch after main builds
  auto_commit: false


  # Store baseline in GOVERN platform (vs. local responses.json)
  remote_storage: true

Minimal configuration

# .govern.yaml — minimal
model:
  id: claude-sonnet-4-20250514


tests:
  prompts: tests/govern/prompts.json


gates:
  assessment:
    fail_on: flag
    scorers:
      security:
        threshold: 0.70
      bias:
        threshold: 0.60

Environment variable overrides

All config values can be overridden via environment variables using the GOVERN_ prefix:

Config keyEnv var
model.idGOVERN_MODEL
tests.promptsGOVERN_TEST_PROMPTS
gates.assessment.fail_onGOVERN_FAIL_ON
gates.drift.baseline_branchGOVERN_BASELINE_BRANCH

This allows CI-specific overrides without modifying the committed config file.