Model Registry Governance

Create a trustworthy system of record for model artifacts, prompts, adapters, and evaluation evidence.

Core Principles

• Traceability: every production model maps to source code, data snapshot, and evaluation results.

• Reproducibility: builds are deterministic with pinned dependencies.

• Policy-driven promotion: no manual bypass for critical safety checks.

• Lifecycle hygiene: stale, vulnerable, or unowned models are retired automatically.

Required Metadata Schema

Track at minimum:

• Model name, semantic version, checksum, and storage URI

• Base model lineage and fine-tune method

• Training/eval datasets and time windows

• License, allowed use cases, prohibited use cases

• Security risk rating and mitigation controls

• Owner, backup owner, and escalation contact

Approval Workflow

• Registration request created from CI.

• Security checks (artifact scan, dependency scan, provenance).

• Evaluation package uploaded (quality, toxicity, jailbreak, bias, latency, cost).

• Required approvals: platform + product + security (as policy dictates).

• Promotion to stage/prod based on signed decision record.

Lifecycle States

• draft : internal experimentation.

• candidate : passed baseline tests.

• approved : authorized for production rollout.

• deprecated : replacement announced, new usage blocked.

• retired : no serving allowed, archived for audit.

Governance Policies

• Reject artifacts without SBOM/provenance.

• Block promotion if known critical CVEs remain unresolved.

• Require refreshed evals after prompt/template changes.

• Expire approvals after a configurable period (for example 90 days).

Audit Readiness

Maintain immutable records of:

• Who approved and when

• Which policy checks executed

• Which exceptions were granted

• What model/version served each customer request window

Related Skills

• sbom-supply-chain - Provenance and signing

• policy-as-code - Enforce governance with policy engines

• llm-fine-tuning - Version adapters and training outputs