Version: 1.0 Last Updated: 2025-01-15 Compliance: TrustByDesign v1.0
- System ID:
example-assistant-001 - Name: Example AI Assistant
- Type: Interactive Dialogue Agent
- Version: 1.0.0
- Safety Level: Level 2 (Interactive with Memory)
Description: A conversational AI assistant that helps users with code analysis, documentation, and general queries. Maintains user preferences and conversation context within sessions.
- Natural language conversation and assistance
- Code analysis and explanation
- Documentation search and summarization
- Remember user preferences (with consent)
- Provide reasoning for recommendations
- Answer general knowledge questions
- Access the network or external APIs
- Execute system commands
- Provide financial or medical advice
- Modify files without explicit user instruction
- Make autonomous decisions with real-world consequences
- Persist data across sessions without explicit consent
- Storing conversation history beyond current session
- Learning and adapting to user behavior patterns
- Sharing anonymized usage data for improvement
- Memory: Maximum 50 MB per user
- Session Duration: 60 minutes maximum
- API Calls: 500 per hour per user
- Concurrent Users: 100 maximum system-wide
- Temporal: Session-only by default; persistent with consent
- Data Access: User-provided input only (no filesystem or network)
- Geographic: No geographic restrictions
- Enabled: Yes
- Real-time Self-Checking: Active before every response
- Confidence Threshold: 0.5 (acknowledges uncertainty below this)
- Resource Monitoring: Automatic with warnings at 80% capacity
- Pre-Deployment: All safety checks must pass
- CI/CD Integration:
validate_safety.pyruns on every commit - Continuous Monitoring: Performance and error metrics tracked
- Required: No (Level 2 system)
- Frequency: Annual review recommended
- Last Audit: N/A (initial deployment)
- Next Audit: 2026-01-15 (recommended)
- Format: JSON (Glyphtrail-compatible)
- Retention: 90 days
- User Access: Users can request their complete audit logs
- Integrity: SHA-256 hash chain for tamper detection
- Storage: Local encrypted storage
memory_store- When user data is persistedmemory_retrieve- When stored data is recalledmemory_delete- When user deletes dataconsent_granted- When user grants memory consentconsent_revoked- When user revokes consentcapability_boundary_violation- When out-of-scope action attemptedanomaly_detected- When unusual pattern detectederror_occurred- When system encounters error
- Storing conversation history beyond current session
- Remembering user preferences and patterns
- Adapting behavior based on user interactions
- Timing: First interaction after user indicates desire for memory
- Explanation: Clear description of what will be stored and why
- Granular Controls: Users can choose what types of data to store
- Default: No consent (ephemeral session-only operation)
- User-Initiated: Users can revoke consent at any time
- Commands:
/forget_all,/revoke_consent, or through settings - Effect: Immediate deletion of all stored user data
- Verification: Deletion confirmed and logged
- Always Included: Every output includes confidence level (0.0-1.0)
- Uncertainty Threshold: 0.5 - below this, explicitly acknowledges uncertainty
- Display: Shown as "High confidence", "Moderate", or "Low confidence - please verify"
- Availability: On request (user can ask "why?" or "explain")
- Detail Level: Standard - enough for non-expert to understand
- Format: Natural language explanation of decision process
- Recalled Information: Always cited with timestamp
- External Knowledge: Acknowledged as "general knowledge" vs "your preference"
- Uncertainty: Explicitly stated when system isn't sure
- ✅ Users can view all stored data (
/show_memorycommand) - ✅ Users can delete specific memories (
/forget <key>) - ✅ Users can delete all data (
/forget_all) - ✅ Deletion is complete and verifiable
- ✅ All memory operations logged
- ✅ Capability manifest defined and enforced
- ✅ Out-of-scope requests clearly refused
- ✅ Refusal messages explain why and suggest alternatives
- ✅ No undeclared capabilities
- Graceful Degradation: Acknowledges limitations clearly
- Partial Assistance: Offers what it can do within bounds
- No Fabrication: Never makes up information to appear capable
- Logged Failures: All failures logged for improvement
- Method: Automated monitoring with manual review
- Triggers: Unusual resource usage, repeated boundary violations, performance degradation
- Auto-Halt: Yes, if safety threshold exceeded
- Alert Generated: Within 5 minutes of detection
- Owner Notified: Within 15 minutes
- Investigation Started: Within 2 hours
- Users Notified: Within 24 hours (if affected)
- User Commands: "stop", "cancel", "halt"
- Effect: Immediate cessation of current operation
- State: Preserved for user review
- Recovery: User decides how to proceed
- Automated Detection → Alert to system owner
- Owner Review → Assess severity and scope
- Immediate Action → Halt affected operations if needed
- Investigation → Root cause analysis
- Remediation → Fix and re-validate
- Communication → Transparent disclosure to affected users
- Improvement → Update protocols and governance
# Run full compliance validation
pytest tests/test_safety_protocols.py -v
# Validate configuration
python scripts/validate_safety.py --level 2 --config agent-config.yaml
# Generate trust assessment
python scripts/assess_trust.py --system example-assistant-001- Frequency: Quarterly
- Reviewer: System owner and designated safety officer
- Checklist: docs/governance-model.md audit checklist
- Documentation: Results logged in
governance/review-YYYY-MM.md
- User trust ratings (opt-in survey after sessions)
- Error and failure logs
- Boundary violation attempts
- Performance metrics
- Minor Updates (bug fixes, performance): As needed
- Feature Additions: Quarterly with governance review
- Breaking Changes: Requires re-consent from all users
- Initial deployment
- Level 2 safety protocols implemented
- All TrustByDesign requirements met
- Validated and approved for production
- Name: [Your Name]
- Email: [your.email@example.com]
- Organization: [Your Organization]
- Email: [incidents@example.com]
- Response Time: Within 15 minutes during business hours
- Privacy Officer: [Name] (if applicable)
- Data Deletion Requests: [email@example.com]
- User Rights: View, modify, delete all personal data
- Integration: Not currently integrated
- Future: May integrate for identity verification
- Integration: Audit logs compatible with Glyphtrail format
- Lineage: Enabled for conversation continuity tracking
- Integration: Not applicable (not a persistent agent)
- Integration: May integrate for enhanced reflective dialogue
Self-Certified: Yes Certification Date: 2025-01-15 Validator: TrustByDesign validate_safety.py v1.0 Compliance Level: Level 2 - Fully Compliant Valid Until: 2026-01-15 (recommended annual re-validation)
I, as the system owner, declare that this system has been designed, implemented, and tested in accordance with TrustByDesign principles and safety protocols. All statements in this governance declaration are accurate to the best of my knowledge.
Signed: [Your Name] Role: System Owner Date: 2025-01-15
Note: This is a living document. All changes are versioned and logged in the change log section. Material changes require user re-consent.