AI DECISION INFRASTRUCTURE (ONE-PAGE TEMPLATE)

Purpose
Use this sheet for any AI-assisted workflow that affects customers, production systems, or sensitive data. Keep it short. Store it next to the code/config.

1) Workflow
- Name:
- What it does (one sentence):
- User impact (internal / customer-facing):

2) Owner + Decision Rights
- Single accountable owner (name/role):
- Approvers (max 2):
- What the owner can change without approval (prompt text, model choice, retrieval sources, tool permissions):

3) Allowed Inputs (be explicit)
- Allowed sources (e.g., specific internal wiki spaces, ticket tags, public docs):
- Forbidden sources (e.g., PII, secrets, credentials, customer confidential docs outside tenant boundary):
- Data access enforcement (ACLs/SSO groups):

4) Outputs + Guardrails
- Output format requirements (citations required? structured JSON?):
- Refusal rules (what must be refused):
- Human-in-the-loop checkpoints (what requires explicit approval):

5) Versioning + Change Control
- Where prompts/system instructions live (repo path):
- Where retrieval configuration lives (repo path):
- Change process (PR required? reviewer roles?):
- Rollback method (prompt rollback, model pinning, feature flag):

6) Minimal Eval Suite (start small)
List 10 test cases:
- Must-answer correctly (facts/policies)
- Must-refuse (secrets, disallowed content)
- Must-cite (knowledge base answers)
For each case define: input, expected properties (must_include, must_refuse, must_cite), and failure severity.

7) Incident Taxonomy (pick what applies)
- Hallucinated critical fact
- Unsafe/disallowed content
- Data exposure via retrieval
- Tool-use/agent action error
- Silent regression after update

8) Incident Response (make it runnable)
- Detection channel (support queue, monitoring, user report):
- Severity definitions (what is stop-the-line):
- Escalation owner (who gets paged):
- Containment steps (disable retrieval source, revoke tool permissions, feature flag off):
- Postmortem requirement (Y/N) and owner:

9) Auditability
- Where logs live (what is recorded: prompt version, retrieval sources, tool actions):
- Retention policy (link to company policy):
- Access to logs (who can view):

10) Exit Plan
- If we switch models/vendors, what must remain stable? (interfaces, logging, evals)
- Decommission checklist (remove keys, disable endpoints, archive prompts/evals)

Operating rule: “AI said so” is not an acceptable justification in reviews. Every decision must be explainable in constraints, trade-offs, and evidence.