Roadmap
This roadmap tracks the build-out of the Corevexa Governance Control Plane and its documentation. It is structured by governance milestones: evaluation → authority → ledger → enforcement → visibility.
Docs version
v1.0 — Governance Control Plane
Status
Active build — milestones must ship as demoable proofs
North Star (What “Done” Looks Like)
Corevexa is complete at the category level when any system can submit an action and receive a governance outcome that: blocks execution without approval and proves that outcome via an immutable audit record.
Deterministic Governance
Same signals → same tier/routing, with documented exceptions and policy versioning.
Authority Enforcement
High/Critical actions cannot execute without valid approvals (optionally hardware-backed).
Decision Ledger
Every decision is reconstructable: who proposed, who approved, what executed, when, and why.
Visibility
Executives can see what AI is doing now, what’s pending, and what was blocked.
Phased Roadmap
These phases are ordered to strengthen governance credibility from “working demo” to “enterprise enforcement.”
Phase 1 — First Proof
MVP governance loop: Evaluate → Approve → Ledger
- Ingress evaluation returns: risk_score, risk_tier, authority_required, execution_gate
- Executive approval updates decision + writes a signature event
- Ledger query shows approved + executed (simulated) end-to-end
- Docs proof path: Getting Started completes without ambiguity
Phase 2 — Authority Hardening
DOA tiers, role separation, escalation
- Formal Delegation of Authority tiers: who can approve what
- Role separation: service principals vs human approvers
- Escalation: High → Exec, Critical → multi-signature (policy-driven)
- Approval assurance: session/token rules; optional hardware signature path
Phase 3 — Ledger Integrity
Immutability, trace, exports
- Expand ledger fields: policy_version, request_hash, actor_id, approval_chain
- Audit reconstruction view: “tell me what happened” for any decision_id
- Exports (JSON/CSV) for compliance teams (where applicable)
- Evidence grade: execution status matches reality (or simulation) without manual edits
Phase 4 — Enforcement Surfaces
Executive + Ops panels, queues, notifications
- Executive Panel: pending queue, approve/reject, decision detail view
- Ops Panel: governed submission flows (campaigns, changes, releases)
- Notification hooks for High/Critical pending approvals
- Operator UX: “blocked_until_approved” + reason clarity
Phase 5 — Deployment Models
SaaS / On-Prem / Hybrid, multi-site boundaries
- Document deployment patterns: centralized vs site-local enforcement
- Identity integration guidance (conceptual): IdP mapping to DOA roles
- Network segmentation + policy boundaries: who can evaluate vs approve
- Operational playbook: backup/restore, rotation, incident handling (docs-level)
Phase 6 — Hardware Integration
Assurance + edge enforcement + visibility
- EGA-1: boardroom-grade local governance appliance (approval + ledger control)
- IGN-1: enforcement node across production systems
- EGD-1: edge governance validation for field/remote execution points
- EAT-1: hardware-backed executive authority token for High/Critical approvals
- GCW-1: command wall visibility system for “what AI is doing right now”
Next Actions (Docs + Product)
Use this list to keep execution tight and avoid roadmap theater.
Execution list
- 1) Keep “Getting Started” proof path passing on every release.
- 2) Lock Authority Model tiers + escalation rules in docs.
- 3) Expand Ledger fields for audit reconstruction (policy_version, hashes, chain).
- 4) Strengthen Executive queue + approvals UX.
- 5) Publish deployment patterns (SaaS / On-Prem / Hybrid) with clear boundaries.
- 6) Document how hardware increases assurance (EAT-1) and visibility (GCW-1).