On this page
Prompt Governance
Prompt governance prevents production AI behavior from being hidden in page handlers or ad hoc strings.
Recommended Prompt Model
Each governed prompt should have:
- stable key
- purpose
- owner
- version
- template
- input schema
- allowed providers or models
- review status
- change notes
Rendering Pattern
$prompt = $promptRegistry->render('control-summary', [
'control_name' => 'Access Governance',
'evidence_notes' => $notes,
]);Operational Guidance
- Treat prompts as controlled application assets.
- Version prompts when behavior changes.
- Keep human-readable purpose and review notes.
- Do not mix secrets into prompt templates.
- Capture rendered prompt references in audit logs where appropriate.