# Publication DSL Block Gallery
Official Block
Section Opener
This opens a major section with visual weight.
info
Callout
Use callouts for short, important interpretive notes.
Metrics
Stat Grid
Risks reviewed
12
Findings validated
7
Evidence gaps
5
Blockers
3
Quote
“The best reports are not longer. They are more structured.”
Checklist
✓Trust boundary map exists
✓Permission matrix exists
✓Risk register has owners
✓Evidence pack has buyer answers
Decision · conditional
Decision Box
Proceed after high-risk retrieval and tool-action controls are validated.
Finding · high
Finding Card
Evidence: sample-evidence
This block represents a single structured finding.
Findings
Finding Grid
Finding · medium
Nested Finding One
Evidence: sample-evidence-one
Nested finding body.
Finding · high
Nested Finding Two
Evidence: sample-evidence-two
Nested finding body.
Risk register
Risk Register
content/deliverables/data/ai-risk-register.sample.json
Synthetic sample AI risk register for a customer-facing AI copilot using retrieval, model routing, tool access, approval workflows, and AI trace logging.
Risks
8
Open
7
Critical
2
Decisions
3
Roadmap
5
Controls
0
| Risk | Domain | Severity | Decision | Owner | Status |
|---|---|---|---|---|---|
Retrieval can expose content the user cannot access directly The retrieval layer uses tenant and source filters, but the evidence does not yet prove authorization survives indexing, chunking, semantic retrieval, reranking, and prompt assembly. | RAG and data access | critical | mitigate | Search Platform | open |
Agent tool authority can exceed the intended user action Tool access is not yet consistently separated into read, suggest, draft, queue, approve, and execute action classes. | Agentic workflow controls | critical | mitigate | AI Platform Engineering | open |
Human approval lacks enough context to be meaningful Approval screens do not always show evidence, target object, before/after diff, model rationale, blast radius, and rollback path. | Oversight | high | mitigate | Product Operations | open |
AI traces may store sensitive customer and operational data Prompts, retrieved snippets, model outputs, tool calls, and approval records may contain sensitive information but do not yet have AI-specific classification, retention, and access rules. | Logging and evidence | high | mitigate | Security Engineering | open |
Model provider boundary is not expressed clearly enough for buyers The provider contract may be acceptable, but the current buyer-facing language is too scattered to answer procurement questions quickly. | Third-party risk | high | mitigate | Vendor Management | open |
Prompt injection and retrieval abuse tests are not release gates AI abuse tests exist as a draft plan but are not enforced as release gates for prompt, retrieval, and tool changes. | Security testing | high | mitigate | Product Security | open |
AI incident response is not yet operationalized The incident response process does not yet define AI-specific triggers, evidence preservation, user notification triggers, or trace reconstruction steps. | Operations | medium | mitigate | Security Operations | planned |
Sales answers may drift from engineering reality AI security questionnaire answers are not yet controlled through a single evidence pack, creating risk of inconsistent customer-facing claims. | Enterprise review | medium | mitigate | Trust and Security | open |
Prove retrieval authorization
P1
Search Platform · 2026-06-15
Enforce agent action classes
P2
AI Platform Engineering · 2026-06-20
Upgrade approval context
P3
Product Operations · 2026-06-25
Classify AI traces
P4
Security Engineering · 2026-06-30
Evidence pack
Evidence Pack
content/deliverables/data/evidence-pack-controls.sample.json
Synthetic sample evidence pack for answering enterprise AI security review, procurement, legal, and trust-center questions.
implemented
12
partial
8
missing
4
planned
5
retrieval authorization evidenceagent permission matrix completionAI trace retention and access policybuyer-ready model provider boundary statement
AI system inventory
implemented
Model provider boundary statement
partial
Gateway-only model access
implemented
Authorization-preserving retrieval
partial
Prompt injection and retrieval abuse testing
partial
Agent tool permission policy
partial
Human approval for sensitive actions
partial
AI trace logging
implemented
Buyer question
Is customer data used to train foundation models?
draft · Vendor Management
Buyer question
Can a user receive information through AI that they cannot access directly?
partial · Search Platform
Buyer question
Can the AI system take actions in customer environments?
partial · AI Platform Engineering
Buyer question
Can AI interactions be audited?
implemented · Security Engineering
Evidence
AI System Inventory Record
available · Product Security
Evidence
Model Routing Architecture
available · AI Platform Engineering
Evidence
RAG Authorization Test Plan
needs-validation · Search Platform
Evidence
Agent Tool Permission Matrix
draft · AI Platform Engineering
Evidence
AI Trace Schema
available · Security Engineering
Control map
Control Map
content/deliverables/data/evidence-pack-controls.sample.json
Synthetic sample evidence pack for answering enterprise AI security review, procurement, legal, and trust-center questions.
AI system inventory
implemented
Model provider boundary statement
partial
Gateway-only model access
implemented
Authorization-preserving retrieval
partial
Prompt injection and retrieval abuse testing
partial
Agent tool permission policy
partial
Human approval for sensitive actions
partial
AI trace logging
implemented
Agent permission matrix
Permission Matrix
content/deliverables/data/agent-tool-permission-matrix.sample.json
Synthetic sample permission matrix for an AI copilot with retrieval, case-management, customer messaging, CRM, billing, and notification tool access.
Principle
Separate reading, suggesting, drafting, queuing, approving, and executing. Do not treat all tool access as one permission.
Default posture
deny-by-default
Approval model
Human approval required for customer-visible, billing-impacting, destructive, privileged, or cross-tenant actions.
ReadSuggestDraftQueueApproveExecute
| Agent | Tool | Action | Scope | Approval | Risk | Owner |
|---|---|---|---|---|---|---|
| Support Copilot | Case Management API | read | tenant-scoped support cases visible to the authenticated user | no | medium | Support Platform |
| Support Copilot | Customer Messaging | draft | draft response text for the active case only | yes, before send | high | Product Operations |
| Support Copilot | Customer Messaging | execute | send customer-visible response | yes, human-only approval | critical | Product Operations |
| Support Copilot | Case Management API | queue | priority, category, routing tags, summary fields | yes for priority and routing changes | high | Support Platform |
| Support Copilot | CRM | read | account profile and entitlement fields needed for support context | no | medium | Revenue Operations |
| Support Copilot | CRM | execute | update account fields | yes, restricted to human operators | critical | Revenue Operations |
| Support Copilot | Billing System | read | plan, invoice status, entitlement flags | no for entitlement lookups | high | Finance Systems |
| Support Copilot | Billing System | execute | issue credits, refunds, plan changes | human-only approval and finance policy gate | critical | Finance Systems |
| Support Copilot | Notification Service | queue | internal team notification for escalation only | no for internal escalation templates | medium | Product Operations |
| Support Copilot | External Webhook | execute | third-party workflow triggers | yes, security-reviewed allowlist only | critical | Integration Platform |
Approval requirement
Approval
Approval requirement
Approval
Trust boundary map
Trust Boundary Map
content/deliverables/data/ai-trust-boundary-map.sample.json
Synthetic sample trust boundary data for a customer-facing AI copilot using retrieval, model-provider routing, workflow tools, approval screens, and AI trace logging.
Nodes
8
Boundaries
5
Flows
7
Controls
5
actor
Authenticated User
medium
application
SaaS Web Application
medium
control-point
AI Gateway
critical
data-store
Retrieval Index
critical
third-party-service
Model Provider
high
tool-surface
Workflow Tools
critical
human-review
Approval Console
high
observability-store
AI Trace Store
high
Prompt submitted
Session auth, tenant scope, request validation
medium
Prompt envelope created
Gateway-only model access, request classification, tenant binding
high
Retrieval query
Authorization-preserving retrieval filters, source ACL tests
critical
Model call
Data minimization, provider boundary, training exclusion statement
high
Tool plan prepared
Permission matrix, action class policy, tool allowlist
critical
Approval request
Human approval with evidence bundle and reviewer identity
high
Boundary
Tenant Boundary
Separates one customer tenant's data, retrieval results, logs, and tool actions from another tenant.
Boundary
Retrieval Authorization Boundary
Ensures source-system authorization survives indexing, chunking, retrieval, reranking, and prompt assembly.
Boundary
Model Provider Boundary
Controls what data leaves the product boundary and how model provider commitments are represented to buyers.
Boundary
Tool Authority Boundary
Separates text generation from state-changing tool authority.
Chart
Chart
content/report/charts/example.json
Illustrative chart payload for validating chart rendering in publication blocks.
publication-dsl
Example publication chart
export.v_chart_example
Source: export.v_chart_example
Illustrative chart data for DSL examples only.
Source data
| label | value |
|---|---|
| Planning | 12 |
| Partial | 27 |
| Implemented | 41 |
| Validated | 19 |
Table
| Control | Status | Owner |
|---|---|---|
| Retrieval authorization | Partial | AI Platform |
| Tool permissions | Missing | AI Platform |
| AI traces | Partial | Security Engineering |
Artifact
Artifact
A linked artifact reference.
/deliverables/ai-trust-boundary-map
Page break