AI governance

AI policy ownership sits with the founding team and is reviewed before any change to the model registry, prompt templates, vision routes, or banned-claims vocabulary. The internal AI policy document is signed by Jake Higgins (J&A Higgins Enterprises, LLC) and is reviewed alongside the Terms of Service and Privacy Policy on every material change to AI infrastructure. Decisions that lock in compliance posture are captured in DECISIONS_LOG.md (DEC-055 is the entry that established this page and the adversarial-testing protocol).

Risk is identified at three architectural seams. The source-map architecture (packages/engine/src/reporting/source-map.ts) traces every numeric value in every report back to a typed source so that AI narrative cannot fabricate a number. The banned-claims gates (packages/ai/src/safety/banned-claims.ts at generation time and packages/reporting/src/disclaimers.ts regex array at export time) enforce a shared phrase vocabulary across both layers. The deterministic engine boundary keeps all financial math (NPV, IRR, MIRR, cap rate, DSCR, debt yield, LTV, waterfall) out of AI scope — AI only narrates engine outputs and never recomputes them.

AI outputs are tested in three layers. The adversarial-testing protocol (docs/ops/ai-adversarial-testing.md) runs prompt-injection, numeric-extraction tampering, banned-claims bypass, broker-email memo injection, and bias-probe cases through the safety stack before any model swap. The engine-fixture suite (packages/engine/src/fixtures/) locks 5 canonical deals with full expected outputs at ±0.001 IRR and ±$1 cash-flow tolerance. Production sampling logs a redacted sample of memo runs to R2 (aiu-logs) for spot review. Fixture pass criteria for adversarial runs are 100% block on banned phrases, zero numeric injection, and bias-probe language drift below the per-run threshold defined in the protocol document.

Failures are handled by the model fallback chain in packages/ai/src/openrouter-client.ts: a three-strike rule per route with explicit VISION_FALLBACK and memo-route fallbacks, kill-switch environment variables that disable AI generation globally without a code deploy, and audit logs in the aiu-logs R2 bucket retained for 24 months. Cloudflare Workers Logs and Logpush carry the realtime observability surface (per DEC-042). When a banned-claim escapes both gates or a numeric injection breaches the token-substitution layer, the responsible PR is halted, the gate is patched first, and the AI run is only re-enabled after the fixture suite re-passes.