Governance
Define policies, track solution compliance, create attestations, and share reusable templates.
Overview
Four sub-resources live under client.governance:
- Policies (
client.governance.policies) -- Define rules that govern how resources are used, then enforce them through policy instances that track approval workflows. - Solutions (
client.governance.solutions) -- Group models and policies into auditable solution packages with compliance scoring and snapshots. - Attestations (
client.governance.attestations) -- Formal sign-off records attached to solutions and snapshots, with optional expiration and revocation. - Templates (
client.governance.templates) -- Reusable policy definitions that can be published, reviewed, and applied across the organization.
Policies
Basic Usage
from strongly import Strongly
client = Strongly()
# List all active policies
for policy in client.governance.policies.list(is_active=True):
print(f"{policy.name} ({policy.category}) — {policy.severity}")
# Get a specific policy
policy = client.governance.policies.retrieve("pol-abc123")
print(f"{policy.name}: {len(policy.rules)} rules")
Creating a Policy
from strongly import Strongly
client = Strongly()
policy = client.governance.policies.create({
"name": "model-bias-check",
"description": "Ensure all production models pass bias evaluation before deployment",
"category": "fairness",
"severity": "high",
"is_active": True,
"rules": [
{
"name": "demographic-parity",
"condition": "bias_score < 0.05",
"action": "block",
},
{
"name": "equal-opportunity",
"condition": "eod_score < 0.1",
"action": "warn",
},
],
})
print(f"Policy ID: {policy.id}")
print(f"Status: {policy.status}")
Importing from YAML
from strongly import Strongly
client = Strongly()
yaml_content = """
name: data-retention-policy
description: Enforce 90-day data retention for PII datasets
category: privacy
severity: critical
is_active: true
rules:
- name: max-retention
condition: retention_days <= 90
action: block
- name: encryption-required
condition: encryption_enabled == true
action: block
"""
policy = client.governance.policies.import_yaml(yaml_content)
print(f"Imported: {policy.name} (ID: {policy.id})")
Enforcement Checks
Run a real-time enforcement check against a specific resource:
from strongly import Strongly
client = Strongly()
result = client.governance.policies.enforcement_check(
resource_id="model-xyz789",
resource_type="model",
environment="production",
)
print(f"Allowed: {result.get('allowed')}")
for violation in result.get("violations", []):
print(f" Policy: {violation['policy_name']} — {violation['message']}")
Policy Metrics
from strongly import Strongly
client = Strongly()
metrics = client.governance.policies.metrics()
print(f"Total policies: {metrics.get('total')}")
print(f"Active: {metrics.get('active')}")
print(f"Violations this month: {metrics.get('violations_this_month')}")
Resource Types
List all resource types that policies can target:
from strongly import Strongly
client = Strongly()
types = client.governance.policies.resource_types()
for t in types:
print(t)
# "model", "dataset", "workspace", "app", ...
Filtering and Searching
from strongly import Strongly
client = Strongly()
# Search by name
for p in client.governance.policies.list(search="bias"):
print(p.name)
# Filter by category
for p in client.governance.policies.list(category="fairness"):
print(f"{p.name} — {p.severity}")
# Filter by status
for p in client.governance.policies.list(status="active"):
print(p.name)
# Only active policies
for p in client.governance.policies.list(is_active=True):
print(p.name)
Policy Model
| Field | Type | Description |
|---|---|---|
id | str | Unique policy identifier |
name | str | Policy name |
description | str | Human-readable description |
status | str | Current status |
category | str | Policy category (e.g., fairness, privacy, security) |
severity | str | Severity level (e.g., low, medium, high, critical) |
rules | list | List of rule definitions |
organization_id | str | Owning organization |
is_active | bool | Whether the policy is active |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Policy Instances
Policy instances track individual enforcement events -- a resource being checked against a policy, then approved or denied through a review workflow.
Creating and Submitting
from strongly import Strongly
client = Strongly()
# Create an instance
instance = client.governance.policies.create_instance({
"policy_id": "pol-abc123",
"resource_id": "model-xyz789",
"resource_type": "model",
})
print(f"Instance ID: {instance.id}")
print(f"Status: {instance.status}")
# Submit for review
submitted = client.governance.policies.submit_instance(instance.id)
print(f"Submitted: {submitted.status}")
Reviewing Instances
from strongly import Strongly
client = Strongly()
instance_id = "inst-abc123"
# Approve
client.governance.policies.approve_instance(instance_id, {
"comment": "Model passed all fairness checks",
})
# Or deny
client.governance.policies.deny_instance(instance_id, {
"comment": "Bias score exceeds threshold",
})
# Add a comment without changing status
client.governance.policies.comment_instance(
instance_id,
"Reviewing the updated bias report",
)
Listing Instances
from strongly import Strongly
client = Strongly()
# All instances for a policy
for inst in client.governance.policies.list_instances(policy_id="pol-abc123"):
print(f"{inst.id} — {inst.status} — resource: {inst.resource_id}")
# Filter by status
for inst in client.governance.policies.list_instances(status="pending"):
print(f"{inst.id} needs review")
# Filter by resource
for inst in client.governance.policies.list_instances(
resource_type="model",
resource_id="model-xyz789",
):
print(f"{inst.id} — {inst.status}")
PolicyInstance Model
| Field | Type | Description |
|---|---|---|
id | str | Unique instance identifier |
policy_id | str | Parent policy ID |
resource_id | str | Target resource ID |
resource_type | str | Target resource type |
status | str | Review status (e.g., pending, submitted, approved, denied) |
result | dict | Evaluation result details |
submitted_at | str | When the instance was submitted for review |
reviewed_at | str | When the review was completed |
reviewed_by | str | Reviewer user ID |
comments | list | Review comments |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Policies Method Reference
| Method | Description | Returns |
|---|---|---|
list(*, search=None, status=None, category=None, is_active=None, limit=50) | List policies with optional filters | SyncPaginator[Policy] |
create(body) | Create a new policy | Policy |
retrieve(policy_id) | Get a policy by ID | Policy |
update(policy_id, body) | Update policy fields | Policy |
delete(policy_id) | Delete a policy | dict |
import_yaml(yaml_content) | Import a policy from YAML | Policy |
list_instances(*, policy_id=None, status=None, resource_type=None, resource_id=None, limit=50) | List policy instances | SyncPaginator[PolicyInstance] |
create_instance(body) | Create a policy instance | PolicyInstance |
submit_instance(instance_id) | Submit an instance for review | PolicyInstance |
approve_instance(instance_id, body=None) | Approve an instance | PolicyInstance |
deny_instance(instance_id, body=None) | Deny an instance | PolicyInstance |
comment_instance(instance_id, comment) | Add a comment to an instance | PolicyInstance |
enforcement_check(*, resource_id, resource_type, environment=None) | Run a real-time enforcement check | dict |
metrics() | Get policy metrics | dict |
resource_types() | List available resource types | list |
Solutions
Solutions package models and policies into an auditable unit with compliance scoring. Snapshots capture the compliance state at a point in time and can be frozen for regulatory purposes.
Basic Usage
from strongly import Strongly
client = Strongly()
# List all solutions
for sol in client.governance.solutions.list():
print(f"{sol.name} — compliance: {sol.compliance_score:.0%}")
# Get a specific solution
sol = client.governance.solutions.retrieve("sol-abc123")
print(f"{sol.name}: {len(sol.models)} models, {len(sol.policies)} policies")
Creating a Solution
from strongly import Strongly
client = Strongly()
sol = client.governance.solutions.create({
"name": "credit-scoring-v2",
"description": "Production credit scoring system with fairness guarantees",
"ownership": {
"team": "risk-engineering",
"contact": "risk-lead@company.com",
},
"models": ["model-abc123", "model-def456"],
"policies": ["pol-abc123", "pol-def456"],
})
print(f"Solution ID: {sol.id}")
print(f"Compliance score: {sol.compliance_score:.0%}")
Exporting a Solution
Export solution documentation for external auditors or regulatory bodies:
from strongly import Strongly
client = Strongly()
export = client.governance.solutions.export("sol-abc123", {
"format": "pdf",
"include_evidence": True,
})
print(f"Export URL: {export.get('url')}")
Compliance Dashboard
from strongly import Strongly
client = Strongly()
dashboard = client.governance.solutions.compliance_dashboard()
print(f"Overall score: {dashboard.get('overall_score'):.0%}")
print(f"Solutions tracked: {dashboard.get('total_solutions')}")
print(f"Non-compliant: {dashboard.get('non_compliant_count')}")
Compliance History
from strongly import Strongly
client = Strongly()
history = client.governance.solutions.compliance_history(
solution_id="sol-abc123",
days=90,
)
for entry in history.get("entries", []):
print(f"{entry['date']} — score: {entry['score']:.0%}")
Snapshots
Snapshots freeze the compliance state of a solution at a specific moment.
from strongly import Strongly
client = Strongly()
# Create a snapshot
snapshot = client.governance.solutions.create_snapshot({
"solution_id": "sol-abc123",
"snapshot_type": "quarterly-review",
})
print(f"Snapshot ID: {snapshot.id}")
print(f"Score: {snapshot.score:.0%}")
print(f"Compliant: {snapshot.compliant_policies}/{snapshot.total_policies}")
# Freeze the snapshot (makes it immutable)
frozen = client.governance.solutions.freeze_snapshot(snapshot.id)
print(f"Frozen: {frozen.frozen}")
# Approve a frozen snapshot
approved = client.governance.solutions.approve_snapshot(snapshot.id, {
"comment": "Approved for Q4 regulatory filing",
})
print(f"Approved by: {approved.approved_by}")
Listing Snapshots
from strongly import Strongly
client = Strongly()
# All snapshots for a solution
for snap in client.governance.solutions.list_snapshots(solution_id="sol-abc123"):
status = "frozen" if snap.frozen else "mutable"
print(f"{snap.id} — {snap.score:.0%} ({status})")
# Only frozen snapshots
for snap in client.governance.solutions.list_snapshots(frozen=True):
print(f"{snap.id} — {snap.snapshot_type}")
ComplianceSnapshot Model
| Field | Type | Description |
|---|---|---|
id | str | Unique snapshot identifier |
solution_id | str | Parent solution ID |
snapshot_type | str | Type of snapshot (e.g., quarterly-review, audit) |
frozen | bool | Whether the snapshot is immutable |
score | float | Compliance score (0.0 to 1.0) |
total_policies | int | Total policies evaluated |
compliant_policies | int | Number of compliant policies |
non_compliant_policies | int | Number of non-compliant policies |
approved_at | str | When the snapshot was approved |
approved_by | str | Who approved the snapshot |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Solution Model
| Field | Type | Description |
|---|---|---|
id | str | Unique solution identifier |
name | str | Solution name |
description | str | Human-readable description |
status | str | Current status |
organization_id | str | Owning organization |
ownership | dict | Ownership details (team, contact) |
policies | list | Associated policy IDs |
models | list | Associated model IDs |
compliance_score | float | Current compliance score (0.0 to 1.0) |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Solutions Method Reference
| Method | Description | Returns |
|---|---|---|
list(*, search=None, team=None, limit=50) | List solutions with optional filters | SyncPaginator[Solution] |
create(body) | Create a new solution | Solution |
retrieve(solution_id) | Get a solution by ID | Solution |
update(solution_id, body) | Update solution fields | Solution |
delete(solution_id) | Delete a solution | dict |
export(solution_id, body=None) | Export solution documentation | dict |
list_snapshots(*, solution_id=None, snapshot_type=None, frozen=None, limit=50) | List compliance snapshots | SyncPaginator[ComplianceSnapshot] |
create_snapshot(body) | Create a compliance snapshot | ComplianceSnapshot |
retrieve_snapshot(snapshot_id) | Get a snapshot by ID | ComplianceSnapshot |
freeze_snapshot(snapshot_id) | Freeze a snapshot (make immutable) | ComplianceSnapshot |
approve_snapshot(snapshot_id, body=None) | Approve a frozen snapshot | ComplianceSnapshot |
compliance_dashboard() | Get the compliance dashboard | dict |
compliance_history(*, solution_id=None, days=None) | Get compliance score history | dict |
Attestations
Attestations are formal sign-off records. They tie a person to a statement about a solution or snapshot, optionally including evidence and an expiration date.
Basic Usage
from strongly import Strongly
client = Strongly()
# List all attestations
for att in client.governance.attestations.list():
print(f"{att.type} by {att.attested_by} — {att.status}")
# Filter by solution
for att in client.governance.attestations.list(solution_id="sol-abc123"):
print(f"{att.id} — {att.type} ({att.status})")
Creating an Attestation
from strongly import Strongly
client = Strongly()
att = client.governance.attestations.create({
"solution_id": "sol-abc123",
"snapshot_id": "snap-def456",
"type": "fairness-review",
"evidence": {
"report_url": "https://internal.company.com/reports/fairness-q4.pdf",
"methodology": "Demographic parity analysis across 5 protected groups",
},
"expiration": "2026-06-30T00:00:00Z",
})
print(f"Attestation ID: {att.id}")
print(f"Attested by: {att.attested_by}")
print(f"Expires: {att.expiration}")
Revoking an Attestation
from strongly import Strongly
client = Strongly()
revoked = client.governance.attestations.revoke("att-abc123", {
"reason": "Model was retrained and previous attestation no longer applies",
})
print(f"Revoked at: {revoked.revoked_at}")
print(f"Revoked by: {revoked.revoked_by}")
Attestation Summary
from strongly import Strongly
client = Strongly()
summary = client.governance.attestations.summary()
print(f"Total attestations: {summary.get('total')}")
print(f"Active: {summary.get('active')}")
print(f"Revoked: {summary.get('revoked')}")
print(f"Expired: {summary.get('expired')}")
Filtering
from strongly import Strongly
client = Strongly()
# Filter by type
for att in client.governance.attestations.list(type="fairness-review"):
print(f"{att.id} — {att.attested_by}")
# Filter by snapshot
for att in client.governance.attestations.list(snapshot_id="snap-def456"):
print(f"{att.id} — {att.type}")
# Exclude revoked
for att in client.governance.attestations.list(revoked=False):
print(f"{att.id} — active")
Attestation Model
| Field | Type | Description |
|---|---|---|
id | str | Unique attestation identifier |
solution_id | str | Associated solution ID |
snapshot_id | str | Associated snapshot ID |
type | str | Attestation type (e.g., fairness-review, security-audit) |
status | str | Current status |
attested_by | str | User who created the attestation |
attested_at | str | When the attestation was created |
evidence | dict | Supporting evidence |
expiration | str | Expiration timestamp |
revoked_at | str | When the attestation was revoked (if applicable) |
revoked_by | str | Who revoked the attestation |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Attestations Method Reference
| Method | Description | Returns |
|---|---|---|
list(*, solution_id=None, snapshot_id=None, type=None, revoked=None, limit=50) | List attestations with optional filters | SyncPaginator[Attestation] |
create(body) | Create a new attestation | Attestation |
revoke(attestation_id, body=None) | Revoke an attestation | Attestation |
summary() | Get attestation summary statistics | dict |
Templates
Policy templates are reusable policy definitions that can be shared, published, and reviewed. They let teams standardize governance across the organization.
Basic Usage
from strongly import Strongly
client = Strongly()
# Browse all templates
for tmpl in client.governance.templates.list():
verified = " [verified]" if tmpl.is_verified else ""
print(f"{tmpl.name}{verified} — {tmpl.category}")
# Get a specific template
tmpl = client.governance.templates.retrieve("tmpl-abc123")
print(f"{tmpl.name}: targets {tmpl.target_resource_types}")
Creating a Template
from strongly import Strongly
client = Strongly()
tmpl = client.governance.templates.create({
"name": "GDPR Data Processing",
"description": "Standard checks for GDPR compliance on data processing pipelines",
"category": "privacy",
"policy_definition": {
"rules": [
{"name": "consent-check", "condition": "has_consent == true", "action": "block"},
{"name": "data-minimization", "condition": "fields_count <= max_fields", "action": "warn"},
{"name": "retention-limit", "condition": "retention_days <= 90", "action": "block"},
],
},
"target_resource_types": ["dataset", "workflow"],
"compliance_frameworks": ["GDPR", "ePrivacy"],
"tags": ["privacy", "gdpr", "europe"],
})
print(f"Template ID: {tmpl.id}")
Publishing and Reviewing
from strongly import Strongly
client = Strongly()
# Publish a template for others to use
published = client.governance.templates.publish("tmpl-abc123")
print(f"Published: {published.published}")
# Leave a review
client.governance.templates.review(
"tmpl-abc123",
rating=5,
comment="Comprehensive GDPR checklist, saved us weeks of work",
)
# Check the template's rating
tmpl = client.governance.templates.retrieve("tmpl-abc123")
print(f"Average rating: {tmpl.average_rating:.1f}")
print(f"Reviews: {len(tmpl.reviews)}")
Using a Template
Apply a template to create a concrete policy for your organization:
from strongly import Strongly
client = Strongly()
result = client.governance.templates.use_template("tmpl-abc123", {
"name": "Our GDPR Policy",
"description": "GDPR compliance for our data pipelines",
"overrides": {
"retention_days": 60,
},
})
print(f"Created policy: {result.get('policy_id')}")
Filtering and Searching
from strongly import Strongly
client = Strongly()
# Search by name
for tmpl in client.governance.templates.list(search="GDPR"):
print(tmpl.name)
# Filter by category
for tmpl in client.governance.templates.list(category="privacy"):
print(f"{tmpl.name} — {tmpl.compliance_frameworks}")
# Filter by resource type
for tmpl in client.governance.templates.list(resource_type="model"):
print(tmpl.name)
# Only verified templates
for tmpl in client.governance.templates.list(verified=True):
print(f"{tmpl.name} [verified]")
# Filter by compliance framework
for tmpl in client.governance.templates.list(framework="SOC2"):
print(tmpl.name)
PolicyTemplate Model
| Field | Type | Description |
|---|---|---|
id | str | Unique template identifier |
name | str | Template name |
description | str | Human-readable description |
category | str | Template category |
policy_definition | dict | The reusable policy definition (rules, conditions, actions) |
target_resource_types | list | Resource types this template applies to |
compliance_frameworks | list | Associated compliance frameworks (e.g., GDPR, SOC2, HIPAA) |
tags | list | Tags for filtering |
is_public | bool | Whether the template is publicly visible |
is_verified | bool | Whether the template has been verified by Strongly |
published | bool | Whether the template is published |
organization_id | str | Owning organization |
reviews | list | User reviews |
average_rating | float | Average review rating |
created_at | str | Creation timestamp |
updated_at | str | Last update timestamp |
Templates Method Reference
| Method | Description | Returns |
|---|---|---|
list(*, search=None, category=None, resource_type=None, verified=None, framework=None, limit=50) | List templates with optional filters | SyncPaginator[PolicyTemplate] |
create(body) | Create a new template | PolicyTemplate |
retrieve(template_id) | Get a template by ID | PolicyTemplate |
update(template_id, body) | Update template fields | PolicyTemplate |
delete(template_id) | Delete a template | dict |
use_template(template_id, body=None) | Apply a template to create a policy | dict |
publish(template_id) | Publish a template | PolicyTemplate |
review(template_id, *, rating, comment=None) | Leave a review | dict |
Complete Example
from strongly import Strongly
def main():
client = Strongly()
# --- Create a fairness policy ---
print("Creating policy...")
policy = client.governance.policies.create({
"name": "model-fairness-check",
"description": "Bias evaluation before production deployment",
"category": "fairness",
"severity": "high",
"is_active": True,
"rules": [
{"name": "demographic-parity", "condition": "dp_score < 0.05", "action": "block"},
{"name": "equalized-odds", "condition": "eod_score < 0.1", "action": "warn"},
],
})
print(f"Policy: {policy.name} (ID: {policy.id})")
# --- Create a solution ---
print("\nCreating solution...")
sol = client.governance.solutions.create({
"name": "loan-approval-system",
"description": "Automated loan approval with fairness guarantees",
"ownership": {"team": "lending-ml", "contact": "ml-lead@company.com"},
"models": ["model-loan-v3"],
"policies": [policy.id],
})
print(f"Solution: {sol.name} — compliance: {sol.compliance_score:.0%}")
# --- Create a policy instance ---
print("\nEnforcing policy on model...")
instance = client.governance.policies.create_instance({
"policy_id": policy.id,
"resource_id": "model-loan-v3",
"resource_type": "model",
})
submitted = client.governance.policies.submit_instance(instance.id)
print(f"Instance {submitted.id}: {submitted.status}")
# Approve it
approved = client.governance.policies.approve_instance(instance.id, {
"comment": "All fairness metrics within acceptable range",
})
print(f"Approved: {approved.status}")
# --- Take a compliance snapshot ---
print("\nCreating snapshot...")
snapshot = client.governance.solutions.create_snapshot({
"solution_id": sol.id,
"snapshot_type": "pre-release",
})
print(f"Score: {snapshot.score:.0%} ({snapshot.compliant_policies}/{snapshot.total_policies})")
# Freeze the snapshot
frozen = client.governance.solutions.freeze_snapshot(snapshot.id)
print(f"Frozen: {frozen.frozen}")
# --- Attest ---
print("\nCreating attestation...")
att = client.governance.attestations.create({
"solution_id": sol.id,
"snapshot_id": snapshot.id,
"type": "fairness-review",
"evidence": {
"report": "Bias evaluation passed all thresholds",
},
"expiration": "2026-12-31T00:00:00Z",
})
print(f"Attestation: {att.id} by {att.attested_by}")
# --- Check overall compliance ---
print("\nCompliance dashboard:")
dashboard = client.governance.solutions.compliance_dashboard()
print(f" Overall score: {dashboard.get('overall_score'):.0%}")
print(f" Solutions: {dashboard.get('total_solutions')}")
# --- Attestation summary ---
summary = client.governance.attestations.summary()
print(f"\nAttestations: {summary.get('total')} total, {summary.get('active')} active")
# --- Policy metrics ---
metrics = client.governance.policies.metrics()
print(f"\nPolicy metrics: {metrics.get('total')} policies, {metrics.get('active')} active")
if __name__ == "__main__":
main()