AI CONTROL PLANE LAUNCH CHECKLIST (FIRST 30 DAYS)

Goal: Ship one enforcement point that can sit in the request path for model calls (and optionally tool calls), with identity, policy decisions, and audit events.

1) Define the enforcement boundary (Day 1–2)
- Pick your “choke point”: API gateway endpoint, SDK wrapper, or reverse proxy.
- Decide what you will control in v1: model requests only, or model + tool calls.
- Write a one-page policy scope: what you can block, what you only log.

2) Identity + tenancy (Day 3–7)
- Support SSO via SAML or OIDC.
- Map groups/roles from the IdP (Okta / Microsoft Entra ID / Google Workspace).
- Implement per-tenant isolation and per-project scoping (project = cost center boundary).
- Create an admin-only kill switch: disable model access per project instantly.

3) Policy engine + decision logs (Day 8–14)
- Choose a policy format (OPA/Rego is a proven pattern) or equivalent rules engine.
- Implement allow/deny + “require approval” outcomes.
- Log every decision with inputs: user, group, project, model, request type, tool (if any).
- Make decisions explainable: store the matched rule ID and reason string.

4) Audit event store + retention (Day 15–20)
- Create an append-only event stream: request received, decision made, model called, response returned.
- Add retention configuration (at least: short vs long retention; per tenant).
- Provide export (JSON/CSV) and a simple audit viewer.
- Decide what you store by default (full prompt vs hashed/summarized) and make it configurable.

5) Data boundary basics (Day 21–24)
- Implement redaction hooks (regex-based is acceptable for v1) before storage/logging.
- Add classification tags on requests (manual tags are acceptable in v1).
- If you do retrieval (RAG), document clearly whether you honor source ACLs; don’t imply you do if you don’t.

6) Cost controls that finance understands (Day 25–28)
- Track usage by project and user.
- Add quotas/budgets per project with hard stops.
- Add routing rules (example: cheaper model for routine summarization; stricter model approvals for sensitive tasks).
- Provide a billing export grouped by project/cost center.

7) Integration deliverables (Day 29–30)
- Publish docs for: gateway endpoint, SDK usage, and policy configuration.
- Provide at least one SIEM/log export integration path (Splunk/Elastic/Datadog via webhook or standard logs).
- Add incident-ready artifacts: status page link (if you have one), on-call contact process, and change log.

Acceptance test (run this before any pilot)
- A user without the right group cannot access a restricted model.
- A request tagged as sensitive is denied or routed to an approved model.
- A destructive tool call (if supported) triggers an approval requirement.
- An auditor can search: who ran what, when, using which model, and what policy decision was applied.
- Finance can see spend grouped by project and can cap it.

If you can’t enforce, don’t claim governance. If you can enforce, you have a wedge.