L15 - Governance, Safety & Schema¶
L15 covers validation, policy controls, safety filters, redaction, auditability, schema conformance, repair, approvals, provenance, and change management. It is where systems try to make AI behavior inspectable enough to use responsibly.
L15Governance, Safety & Schema
- Validation
- Redaction
- Safety checks
- Audit trails
What belongs here¶
L15 is not only moderation. It includes structured output validation, schema evolution, policy audit, privacy controls, guardrails, and evaluation loops that constrain or measure AI behavior.
Representative projects¶
| Project | Why it might fit | Adjacent layers |
|---|---|---|
| NVIDIA NeMo Guardrails | Guardrail framework for conversational AI applications. | L15 safety, L16 applications |
| Guardrails AI | Validation and guardrail framework for LLM outputs. | L15 schema, L8 prompting |
| Lakera Guard | Security and safety product for prompt injection and AI risk checks. | L15 safety, L10 tools |
| Llama Guard | Safety model family for classifying AI inputs and outputs. | L6 models, L15 safety |
| OpenAI Moderation | Moderation API and guidance for safety classification. | L15 safety, L16 products |
| Microsoft Presidio | PII detection and anonymization framework. | L15 redaction, L14 identity |
| JSON Schema | Schema vocabulary used for validating structured data. | L10 tool schemas, L15 validation |
| Great Expectations | Data validation framework relevant to pipeline governance and quality. | L9 knowledge, L15 governance |
| MCP-AQL generator and validator-style tooling | Public tooling surface for conformance checks, artifact validation, and schema shaping around protocol behavior. | L15 validation, L11 registry |
| DollhouseMCP approvals and danger-zone controls | Review gates and high-risk action controls that make governance visible to users and operators. | L15 governance, L16 product UX |
Boundary questions¶
- Does a safety model belong in L6 as a model, L15 as a control, or both?
- Should schema validation be attached to tools, outputs, stored memories, or all of them?
- How can governance be strong enough for trust without becoming a vague umbrella for every risk?
Signals to watch¶
- Guardrails moving from app-level patches into shared infrastructure.
- Structured output and schema enforcement becoming standard provider features.
- AI audit logs needing to connect prompts, tools, identities, model versions, and outputs.