4 Governance Domains
Admina organises its governance capabilities into 4 domains. Each domain groups related controls under a single engine with clear boundaries, so you always know what runs, where, and at what latency cost.
Data Sovereignty
Rust + spaCy NEREnsures that sensitive data never leaves the boundaries you define. PII is automatically detected and redacted, data residency rules are enforced, and every data type is classified for compliance tracking.
PII Redaction
Detects and redacts email addresses, phone numbers, credit cards, SSNs, IBANs, IP addresses, and person names (via spaCy NER + regex). The Rust engine processes each scan in 0.71µs.
Data Residency Enforcement
Restricts data to allowed geographic or logical zones โ EU, local, or custom-defined regions. Prevents governed data from being routed to disallowed destinations.
Data Classification
Categorizes data types automatically so downstream compliance checks (Domain 4) can match each payload against the correct regulatory requirements.
Patterns detected
EMAILuser@example.com → [EMAIL]PHONE+39 055 123456 → [PHONE]CREDIT_CARD4111 1111 1111 1111 → [CREDIT_CARD]SSN123-45-6789 → [SSN]IBANIT60X0542811101000000123456 → [IBAN]IP_ADDRESS192.168.1.1 → [IP_ADDRESS]PERSONJohn Smith → [PERSON] (NER)ORGAcme Corp → [ORG] (NER)GPE / LOCPisa, Italy → [GPE] (NER)
NER (Named Entity Recognition) uses spaCy en_core_web_sm.
Regex-based patterns work for all languages. Multilingual NER is on the roadmap.
Graceful fallback (v0.9.2+). spaCy is imported lazily, so the
proxy boots without the [nlp] extra. In that case PII redaction
runs in regex-only mode (email, phone, credit card, SSN, IBAN,
IP address, EU national IDs). Install admina-framework[nlp] and run
python -m spacy download en_core_web_sm to enable the NER entities
above (PERSON, ORG, GPE/LOC).
AI Infrastructure
Python (opt-in)
An opt-in domain that provides a fully governed AI stack โ
LLM serving, RAG pipelines, and a Web UI โ all enabled via
admina.yaml configuration.
LLM Engine
Abstracts Ollama and vLLM backends with automatic GPU detection (NVIDIA and AMD). Supports hot model switching without downtime โ swap models while live traffic continues to be served.
RAG Pipeline
ChromaDB vector store with recursive character and semantic chunking. Ingests multiple formats: PDF, DOCX, HTML, CSV, XML.
Web UI
Open WebUI container with built-in OIDC and LDAP authentication. Provides a chat interface for end-users while all traffic flows through the Admina governance proxy.
admina.yaml under the infrastructure section.
Agent Security
Rust RegexSetProtects the full agent lifecycle โ from prompt injection attacks to runaway loops โ with microsecond-latency checks that apply to every agent-to-agent call transiting the proxy.
Anti-Injection Firewall
15 compiled regex categories plus heuristic scoring, all executed in a single RegexSet pass at 2.08µs median latency.
The 15 v0.9.0 categories (see MODEL_CARD.md for definitions and known limitations):
instruction_override role_hijacking developer_mode dan_mode prompt_extraction delimiter_injection data_exfiltration system_prompt_leak jailbreak obfuscation new_instructions ignore_safety multilang_evasion roleplay_escape tool_abuse
Patterns target English with an explicit multilang_evasion subset
for French, Italian, Spanish, German. Contributions for additional locales
are welcome.
Custom domain-specific patterns
Add deployment-specific patterns under agent_security.firewall.custom_patterns
in admina.yaml โ no fork required:
agent_security:
firewall:
custom_patterns:
- regex: "delete\\s+user\\s+\\d+"
category: "destructive_user_op"
risk_level: high
- regex: "(production|prod)\\s+(database|db)\\s+drop"
category: "prod_db_destructive"
risk_level: critical Governance reaction mode
Switch how the firewall reacts to flagged traffic, useful for the first 1โ2 weeks of a new deployment:
enforceDefault โ block flagged requests at HIGH/CRITICAL severityobserveNever block; log "would have blocked" for review and FP tuningdry-runLike observe + tag the response so downstream tools know the request was analysedLoop Breaker
TF-IDF + cosine similarity on a sliding window of recent requests
(configurable threshold 0.85).
Latency: 2.38µs.
Automatically circuit-breaks sessions before runaway costs or deadlocks occur.
Proxy governance
The full security pipeline applies to all agent-to-agent calls transiting the proxy โ not just user-facing requests. Every hop is inspected.
Risk levels and actions
LOWLogged, allowed throughMEDIUMWarned, allowed throughHIGHBlocked (in enforce mode)CRITICALBlocked + session flagged + forensic record writtenCompliance
Python + Rust (sha2)Multi-regulation compliance tooling โ EU AI Act classification & gap analysis, NIS2 Art. 21(2) self-assessment, GDPR Art. 30 RoPA registry & Art. 35 DPIA scaffold, plus a hand-curated cross-regulation matrix. Backed by a SHA-256 hash-chained forensic black box and native OpenTelemetry spans.
gap_analysis() does
not constitute legal compliance and cannot replace conformity assessment
under EU AI Act Art. 43, designated NIS2 authority audit, or GDPR DPO review.
See the
MODEL_CARD
for scope, limitations, and known failure modes of every component.
EU AI Act
Automated risk classification under Article 6 and gap analysis against Articles 9โ15. Risk categories: unacceptable, high, limited, minimal.
UNACCEPTABLEBanned systems (social scoring, real-time biometrics in public, non-consensual deepfakes / synthetic CSAM โ added by Omnibus VII, effective 2 Dec 2026)HIGHCritical infrastructure, employment, education, law enforcementLIMITEDChatbots, emotion recognition โ transparency obligations applyMINIMALSpam filters, games โ no additional requirementsTimeline โ Omnibus VII (Council & Parliament agreement, 7 May 2026)
The Omnibus VII agreement postponed several high-risk deadlines, reduced the Art. 50
transparency grace period, and added a new Art. 5 prohibition. Admina's
EU_AI_ACT_DEADLINES table mirrors the agreed timeline.
Source: Council press release, 7 May 2026. Formal adoption expected before 2 August 2026.
NIS2 โ Article 21(2) self-assessment
Deterministic checklist of 10 measure areas ร 4 controls = 40 checks mirroring the technical and organisational measures required by NIS2 Art. 21(2): risk management, incident handling, business continuity, supply chain security, vulnerability handling, basic cyber hygiene & training, MFA, cryptography policies, asset management, network security. Gap analysis surfaces unmet controls.
Endpoints: GET /api/compliance/nis2/areas ยท
POST /api/compliance/nis2/assess.
GDPR โ RoPA & DPIA
Two GDPR components ship in v0.9.0:
- Article 30 RoPA registry โ typed CRUD over Records of
Processing Activities. In-memory by default; set
gdpr.ropa_pathinadmina.yamlto persist to a JSON file on disk. - Article 35 DPIA template โ generates a Markdown scaffold from operator-supplied facts, ready for legal review.
Endpoints: GET / POST / PUT / DELETE /api/compliance/gdpr/records[โฆ] ยท
POST /api/compliance/gdpr/dpia/template.
Cross-regulation matrix
Hand-curated mapping of 12 operational controls across EU AI Act,
NIS2, and GDPR โ single source of truth for controls that satisfy multiple
frameworks at once. Useful to avoid duplicate audit work; constant, no
configuration. Surfaced at GET /api/compliance/matrix.
Forensic Black Box
SHA-256 hash chain with WORM semantics. Each record links to the previous hash, making any modification immediately detectable. Three backends are available โ see Configuration โ Forensic backends for the comparison and the production recommendation.
Record structure
{ "seq": 1024, "timestamp": "2026-05-21T14:23:01.442Z", "session_id": "sess_abc123", "agent_id": "openclaw-agent", "method": "tools/call", "action": "ALLOW", "risk_level": "LOW", "pillar": "firewall", "hash": "sha256:a3f8...", "prev_hash": "sha256:9c12..." }
Chain verification
Chain integrity is checked programmatically via
ForensicBlackBox.verify_chain(records) (in
domains/compliance/forensic.py) and contributes to the
forensic_chain_valid component of the Admina Score.
OpenTelemetry Integration
Native OTEL spans for all governance decisions.
Exports to OTLP gRPC on port 4317.
Every domain action is recorded as a span attribute โ no code changes required in your agent.
OISG Adequacy Score
Admina ships OISG adequate by default. The adequacy score (Open ยท Intelligent ยท Secure ยท Governed, 0โ100) is computed automatically from the live runtime state โ no manual checkboxes โ and is surfaced on the dashboard alongside the Admina Score.
curl http://localhost:8080/api/dashboard/oisg \ -H "X-API-Key: $ADMINA_API_KEY" # {"total": 85, "level": "OISG adequate", "pillars": {...}}
โ Full paradigm, pillars, and Admina โ OISG mapping: OISG Adequacy.