Developer Integration Overview
Integration philosophy
GOVERN is designed to integrate at the layer that makes sense for your stack. There is no single right approach — the options are additive, not exclusive.
Layer 1: Proxy (GOVERN Probe)
Zero-code integration. Deploy the Probe container and redirect one environment variable. Every inference is monitored without touching your application code.
See GOVERN Probe docs for details.
Layer 2: SDK
Library integration. Import the SDK and explicitly assess inferences you care about. Gives you fine-grained control: assess only specific use cases, add custom metadata, handle violations programmatically.
Layer 3: CLI
Command-line integration. Use the govern CLI in CI/CD pipelines to assess test sets, check policy compliance, and gate deployments on governance scores.
Layer 4: CI/CD Actions
Native pipeline integration. Use official GitHub Actions, GitLab CI templates, or Jenkins steps. No custom scripting required.
Choosing your approach
| Scenario | Recommended approach |
|---|---|
| Greenfield — no existing AI code | Probe (Layer 1) |
| Existing app, zero code changes | Probe (Layer 1) |
| Need custom metadata per inference | SDK (Layer 2) |
| Need to act on violations in code | SDK (Layer 2) |
| CI/CD governance gate | CLI or Actions (Layer 3/4) |
| Multiple teams, consistent enforcement | Probe + CI/CD (1 + 4) |
| Regulated environment | All four layers |
SDK design principles
All three SDKs (TypeScript, Python, Go) share the same design:
- Non-blocking by default — assessment is async, never holds up your inference
- Fail-open — if GOVERN is unreachable, assessment succeeds (no false blocks)
- Configurable enforcement —
log,flag, orblockper assessment - Structured violations — violations are typed objects, not error strings
- Full metadata — pass any context (user ID, session ID, app version) for filtering
API concepts
| Concept | Description |
|---|---|
| Assessment | The result of scoring one inference |
| Violation | A specific scorer that exceeded its threshold |
| Action | pass, flag, or block — what to do with the inference |
| Policy | Your org’s configured thresholds and modes |
| Event | An assessment stored in GOVERN for auditing |
Authentication
All SDK and CLI calls use a GOVERN API key. Get yours at govern.archetypal.ai → Settings → API Keys.
gvn_live_xxxxxxxxxxxxxxxxxxxx # Production keygvn_test_xxxxxxxxxxxxxxxxxxxx # Test key (assessments not stored)Test keys score inferences and return results, but do not persist events to the audit trail. Use them in CI to avoid polluting your production audit log.