vds/laravel-enterprise-governance

Enterprise deployment governance, audit logging, AI review pipelines, and operational controls for Laravel.

Maintainers

Package info

github.com/VDS-International/laravel-enterprise-governance

Homepage

pkg:composer/vds/laravel-enterprise-governance

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-05-20 19:47 UTC

Requires

Requires (Dev)

MIT 5b9c0f2748b818a06033295b1096cfe3d849826c

  • VDS International

AuditlaraveldeploymentPolicyprivacyaigovernanceoperationscompliance

This package is not auto-updated.

Last update: 2026-05-21 03:16:10 UTC

README

Enterprise deployment governance, audit logging, AI review pipelines, and operational controls for Laravel.

This is one Laravel package for teams that need lightweight governance around production operations without adopting a heavy platform. It gives you deterministic policy checks, explainable denials, audit events, and Artisan tooling that can run in CI, release workflows, admin panels, or internal automations.

Laravel Enterprise Governance is developed and maintained by VDS International, a premier software agency specializing in AI-augmented software development, codebase stabilization, and enterprise software architecture.

Modules

  • Deployment governance: review deployment manifests before production changes ship.
  • Audit logging: write structured governance events to logs or a database table.
  • AI review pipelines: review AI requests before prompts leave your application.
  • Operational tooling: install, doctor, and deployment-check Artisan commands.

Requirements

  • PHP 8.2 or higher.
  • Laravel 11, 12, or 13.

Installation

composer require vds/laravel-enterprise-governance

Publish the config and optional audit migration:

php artisan enterprise-governance:install
php artisan migrate

By default, audit entries are written to your Laravel log. To use the database audit table, set:

ENTERPRISE_GOVERNANCE_AUDIT_DRIVER=database

Deployment Governance

Review a deployment manifest before a release proceeds:

use Vds\LaravelEnterpriseGovernance\Facades\EnterpriseGovernance;

$decision = EnterpriseGovernance::reviewDeployment([
    'environment' => 'production',
    'version' => 'v1.8.0',
    'actor_id' => $user->id,
    'changes' => [
        'app/Services/BillingService.php',
        'database/migrations/2026_05_20_000000_add_invoice_status.php',
    ],
    'approvals' => ['cto'],
    'scheduled_at' => now()->toIso8601String(),
    'metadata' => [
        'migration_reviewed' => true,
        'change_ticket' => 'OPS-1842',
    ],
]);

if ($decision->denied()) {
    return response()->json([
        'message' => 'Deployment blocked by enterprise governance policy.',
        'reasons' => $decision->reasons,
    ], 422);
}

Run the same policy from CI or a release script:

php artisan enterprise-governance:deployment-check \
  --environment=production \
  --version="$GITHUB_SHA" \
  --actor="$GITHUB_ACTOR" \
  --changed=database/migrations/2026_05_20_000000_add_invoice_status.php \
  --approval=cto \
  --migration-reviewed

Built-in deployment policies include:

  • blocked paths
  • required approvals for protected environments
  • change windows
  • migration review metadata

Audit Logging

Write a generic operational audit event:

EnterpriseGovernance::audit('ops.runbook.generated', [
    'runbook' => 'production-deploy',
    'change_ticket' => 'OPS-1842',
]);

AI and deployment reviews are audited automatically when audit logging is enabled.

The database migration creates an enterprise_governance_audits table with:

  • event type
  • subject
  • actor
  • environment
  • allow/deny outcome
  • reasons
  • redactions
  • metadata
  • content hash and optional redacted excerpt

Set this if you only want hashes and metadata:

ENTERPRISE_GOVERNANCE_AUDIT_STORE_CONTENT=none

AI Review Pipelines

Review AI requests before prompts leave your Laravel app:

$decision = EnterpriseGovernance::reviewAi([
    'use_case' => 'support.reply',
    'provider' => 'openai',
    'model' => 'gpt-5.2',
    'prompt' => 'Write a concise customer support reply.',
    'metadata' => [
        'tenant_id' => $tenant->id,
    ],
    'user_id' => $user->id,
]);

Use assertAiAllowed() when a denied request should throw:

EnterpriseGovernance::assertAiAllowed([
    'provider' => 'openai',
    'model' => 'gpt-5.2',
    'prompt' => $prompt,
]);

Built-in AI policies include:

  • provider allow lists
  • model allow lists
  • blocked prompt patterns
  • prompt length limits
  • audit redaction for common personal data

Middleware

Attach the middleware to routes that accept prompts:

use Vds\LaravelEnterpriseGovernance\Http\Middleware\EnsureAiRequestAllowed;

Route::post('/ai/reply', ReplyController::class)
    ->middleware(EnsureAiRequestAllowed::class);

When the request is allowed, the decision is available as:

$decision = request()->attributes->get('enterprise_governance_decision');

Configuration

Publish config/enterprise-governance.php and tune policy:

'deployment' => [
    'protected_environments' => ['production'],
    'required_approvals' => 2,
    'blocked_paths' => ['.env', 'storage/*.key'],
    'change_windows' => [
        'production' => [
            [
                'days' => ['Mon', 'Tue', 'Wed', 'Thu'],
                'start' => '09:00',
                'end' => '17:00',
                'timezone' => 'UTC',
            ],
        ],
    ],
],

'ai' => [
    'allowed_providers' => ['openai'],
    'allowed_models' => [
        'openai' => ['gpt-5.2'],
    ],
    'limits' => [
        'max_prompt_characters' => 12000,
    ],
],

Custom AI policies implement:

use Vds\LaravelEnterpriseGovernance\AIRequest;
use Vds\LaravelEnterpriseGovernance\Contracts\AIReviewPolicy;
use Vds\LaravelEnterpriseGovernance\PolicyResult;

final class TenantAIPolicy implements AIReviewPolicy
{
    public function evaluate(AIRequest $request): PolicyResult
    {
        return $request->metadata['tenant_ai_enabled'] ?? false
            ? PolicyResult::allow('tenant.enabled')
            : PolicyResult::deny('tenant.disabled', 'AI is disabled for this tenant.');
    }
}

Custom deployment policies implement:

use Vds\LaravelEnterpriseGovernance\Contracts\DeploymentPolicy;
use Vds\LaravelEnterpriseGovernance\Deployment\DeploymentManifest;
use Vds\LaravelEnterpriseGovernance\PolicyResult;

final class IncidentFreezePolicy implements DeploymentPolicy
{
    public function evaluate(DeploymentManifest $manifest): PolicyResult
    {
        return app(IncidentState::class)->active()
            ? PolicyResult::deny('deployment.incident_freeze', 'Production is under incident freeze.')
            : PolicyResult::allow('deployment.incident_freeze.clear');
    }
}

Register custom policies in the relevant config array.

Operations

Inspect package configuration:

php artisan enterprise-governance:doctor

Run local quality checks:

composer install
composer lint
composer test

Security

Please see SECURITY.md.

Contributing

Please see CONTRIBUTING.md.

License

The MIT License. Please see LICENSE.md.

About VDS International

This package is sponsored and maintained by VDS International. As a specialized software agency, we help organizations take over, stabilize, and scale complex codebase architectures while introducing robust AI and operational governance.

If your enterprise needs custom AI review pipelines, deployment security, or dedicated development support, check out our services at vdsintl.com.