# Enterprise Knowledge Governance — Global Fix Map

🏥 Quick Return to Emergency Room

> You are in a specialist desk. > For full triage and doctors on duty, return here: > > - [**WFGY Global Fix Map** — main Emergency Room, 300+ structured fixes](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/README.md) > - [**WFGY Problem Map 1.0** — 16 reproducible failure modes](https://github.com/onestardao/WFGY/blob/main/ProblemMap/README.md) > > Think of this page as a sub-room. > If you want full consultation and prescriptions, go back to the Emergency Room lobby.

A compact hub to keep enterprise knowledge **safe, auditable, and policy-true** across RAG, agents, and long-running workflows. Use this folder to define the policy layer and route symptoms to the exact repair page. No infra change required. --- ## What this folder is - A minimal but complete **policy layer** for RAG and agent stacks. - Guardrails that prevent leakage and region violations. - Copy-paste contracts for tagging, retrieval fences, and audits. - Acceptance targets you can actually measure on live traffic. --- ## When to use this folder - You have mixed-sensitivity corpora and must stop accidental leakage. - Regional data residency is a contract requirement. - Stale SOPs or outdated policies keep showing up in answers. - Legal retention vs developer convenience keeps drifting. - You need verifiable access trails and regulator-ready exports. --- ## Orientation: pages and what they solve | Page | What it solves | Typical symptom | |------|----------------|-----------------| | [access_control.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/access_control.md) | Role, tenant, region, sensitivity intersections at retrieval time | Answer cites a snippet the user cannot see | | [audit_and_traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/audit_and_traceability.md) | Immutable trails for who asked, what was cited, why it was allowed | Regulator asks for proof and you cannot produce it | | [compliance.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/compliance.md) | End-to-end policy surface and controls | Policy defined in docs but not enforced in code | | [compliance_audit.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/compliance_audit.md) | Audit checklists and export packs | You cannot prove who accessed PII last quarter | | [data_residency.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/data_residency.md) | Region pinning for shards, embeddings, logs | Cross-region egress appears in billing or logs | | [data_sensitivity.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/data_sensitivity.md) | Sensitivity model and redaction gates | PII or secrets slip through after parsing | | [knowledge_expiry.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/knowledge_expiry.md) | Freshness and deprecation workflow | Bot answers with outdated SOP or revoked policy | | [retention_policy.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/retention_policy.md) | TTL queues, deletion attestations, proof of purge | Items that should be gone still show up in runs | --- ## Acceptance targets - Zero unauthorized citation of PII or restricted snippets in production evals - Policy tags present on ≥ 0.95 of onboarded documents - Residency violations equal 0 across seven days of traffic - Retention SLA respected for 100 percent of expired items inside 24 hours - Every answer carries a trace with `citations`, `ΔS`, `λ_state`, `policy_eval` --- ## Map symptoms → structural fixes | Symptom | Open this | |--------|-----------| | Wrong snippet shows up from a restricted area | [retrieval-traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/retrieval-traceability.md) · [data-contracts.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/data-contracts.md) | | Prompt or tool bypasses policy and leaks PII | [prompt-injection.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/prompt-injection.md) · lock tool args in [data-contracts.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/data-contracts.md) | | Sensitive text survives parsing and chunking | [chunking-checklist.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/chunking-checklist.md) · [ocr-parsing-checklist.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/ocr-parsing-checklist.md) | | Live runs drift from policy or regions | [ops/live_monitoring_rag.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/ops/live_monitoring_rag.md) · [ops/debug_playbook.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/ops/debug_playbook.md) | --- ## 60-second setup checklist 1) **Tag the corpus** Attach `sensitivity`, `region`, `owner`, `retention_tier` to every doc. Enforce schema with [data-contracts.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/data-contracts.md). 2) **Fence retrieval** Require the intersection of `{tenant_id, role, region, sensitivity}` at retrieve time and drop non-matching snippets. Verify with [retrieval-traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/retrieval-traceability.md). 3) **Pin residency** Keep embeddings and shards in the source region. Block cross-region egress unless policy allows. See [data_residency.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/data_residency.md). 4) **Retention jobs** Create TTL queues per `retention_tier`. Write a deletion log with `doc_id`, `hash`, `time`, `actor`. See [retention_policy.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/retention_policy.md). 5) **Audit everything** Emit `actor`, `question`, `citations`, `ΔS`, `λ_state`, `policy_eval`, `region` for each answer. Route to an immutable sink. See [audit_and_traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/audit_and_traceability.md). --- ## Copy-paste policy probe for your LLM step ```txt You have TXT OS and WFGY pages loaded. Question: "{user_question}" Context carries fields {sensitivity, region, retention_tier, owner} for each snippet. Do: 1) Enforce cite-then-explain. Refuse if a cited snippet breaks role or region. 2) Return {"citations":[...], "policy_eval":{"allow":true|false,"reason":"..."}, "ΔS":0.xx, "λ_state":"→|←|<>|×"}. 3) If blocked, output the smallest change to comply and the exact WFGY page to open. ```` --- ## FAQ **Q: We tag sensitivity at ingest but leaks still happen. What now?** A: Enforce the tag at **retrieve time** too. Use access intersections `{tenant_id, role, region, sensitivity}` and verify with [retrieval-traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/retrieval-traceability.md). **Q: Our vendor requires EU residency. How do we prove compliance?** A: Pin vectors, shards, and logs to EU regions and export an egress report weekly. Steps in [data\_residency.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/data_residency.md). **Q: Outdated SOPs keep showing up. Where is the crack?** A: You need a freshness control. Mark deprecated docs and enforce a deny-list at retrieval. See [knowledge\_expiry.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/knowledge_expiry.md). **Q: Legal wants proof of deletion after TTL.** A: Implement TTL queues and write deletion attestations to an immutable sink. Details in [retention\_policy.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/retention_policy.md). **Q: We cannot reconstruct who saw which PII last quarter.** A: Add the audit contract from [audit\_and\_traceability.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/audit_and_traceability.md). Every answer should log `actor`, `citations`, `ΔS`, `λ_state`, `policy_eval`, `region`. **Q: Prompt injection bypassed our fences.** A: Tighten tool schemas and add role-ordered templates. See [prompt\_injection.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/prompt-injection.md) and the contracts in [data-contracts.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/data-contracts.md). **Q: Coverage is high but restricted snippets sometimes get ranked.** A: Coverage is not policy. Add **policy\_eval** to the trace and drop candidates before rerank. Use [access\_control.md](https://github.com/onestardao/WFGY/blob/main/ProblemMap/GlobalFixMap/Enterprise_Knowledge_Gov/access_control.md). **Q: How do we set pass or fail before release?** A: Use a governance gate: zero restricted citations, zero residency violations, coverage ≥ 0.70, ΔS ≤ 0.45, and audit completeness 100 percent for a 7-day canary. --- ### Explore More | Layer | Page | What it’s for | | --- | --- | --- | | ⭐ Proof | [WFGY Recognition Map](/recognition/README.md) | External citations, integrations, and ecosystem proof | | ⚙️ Engine | [WFGY 1.0](/legacy/README.md) | Original PDF tension engine and early logic sketch (legacy reference) | | ⚙️ Engine | [WFGY 2.0](/core/README.md) | Production tension kernel for RAG and agent systems | | ⚙️ Engine | [WFGY 3.0](/TensionUniverse/EventHorizon/README.md) | TXT based Singularity tension engine (131 S class set) | | 🗺️ Map | [Problem Map 1.0](/ProblemMap/README.md) | Flagship 16 problem RAG failure taxonomy and fix map | | 🗺️ Map | [Problem Map 2.0](/ProblemMap/wfgy-rag-16-problem-map-global-debug-card.md) | Global Debug Card for RAG and agent pipeline diagnosis | | 🗺️ Map | [Problem Map 3.0](/ProblemMap/wfgy-ai-problem-map-troubleshooting-atlas.md) | Global AI troubleshooting atlas and failure pattern map | | 🧰 App | [TXT OS](/OS/README.md) | .txt semantic OS with fast bootstrap | | 🧰 App | [Blah Blah Blah](/OS/BlahBlahBlah/README.md) | Abstract and paradox Q&A built on TXT OS | | 🧰 App | [Blur Blur Blur](/OS/BlurBlurBlur/README.md) | Text to image generation with semantic control | | 🏡 Onboarding | [Starter Village](/StarterVillage/README.md) | Guided entry point for new users | If this repository helped, starring it improves discovery so more builders can find the docs and tools. [](https://github.com/onestardao/WFGY)