MODEL OWNERSHIP SPEC — 1 PAGE

Feature name:
Owner (single name):
Backup owner:
Slack/Teams channel:
On-call / escalation path:

1) PURPOSE AND BOUNDARIES
- User job-to-be-done (one sentence):
- Out of scope (explicitly list 3–5 things it must not do):
- Authority level:
 [ ] Draft-only (user must review)
 [ ] Suggest + user confirms action
 [ ] Can take actions autonomously (requires extra controls)

2) MODEL AND DEPENDENCIES
- Provider(s): (e.g., OpenAI / Anthropic / Google / self-hosted Llama)
- Model(s) + version/pinning approach:
- Routing rules (if multiple models):
- Tool access (APIs it can call):
- Retrieval sources (databases/docs) and access scope:

3) DATA HANDLING
- Input data types: (customer text, tickets, code, docs, PII, credentials risk)
- Prompt construction: where untrusted user input enters the context:
- Logging:
 - What is logged (metadata, prompt hashes, tool traces):
 - What is NOT logged (sensitive fields):
- Retention period and deletion path:
- Third-party processing notes (what leaves your boundary):

4) SAFETY / SECURITY CONTROLS
- Prompt injection defenses (list concrete controls):
 - e.g., tool permissioning, allowlists, strict schemas, context isolation
- Output controls:
 - e.g., refusal policy, content filters, citations required, disclaimers
- Rate limits / abuse protections:

5) EVALUATION AND RELEASE GATES
- Required eval set location (repo/path):
- Minimum gate before shipping any change (choose one you will actually enforce):
 [ ] No regressions on a fixed task suite
 [ ] Pass a fixed jailbreak suite
 [ ] Manual review for high-risk intents
- Rollout plan:
 - feature flags, staged rollout, canary users
- Rollback plan (exact steps):

6) MONITORING AND INCIDENT RESPONSE
- Dashboards/alerts:
 - latency, error rate, vendor outages
 - safety events (refusals, policy triggers)
 - tool-call failures
- Incident severity definitions (S1/S2/S3 in your terms):
- Evidence to capture during incidents:
 - request ID, model, version, prompt hash, retrieved docs IDs, tool traces
- Customer communication owner + approved language location:

7) COMPLIANCE / PROCUREMENT CHECK
- Contracts/SKUs used (if applicable):
- Security review status:
- EU AI Act / regulated-use note (if relevant):

SIGN-OFF
- Product:
- Engineering:
- Security:
- Legal/Privacy (if needed):

Rule: If you can’t fill sections 3, 5, and 6, you’re not ready to ship this feature with authority. Downgrade it to draft-only or remove tool access until you can.