// Enforces AI governance for Black Trigram — transparent and accountable AI-assisted development aligned with Hack23 AI Governance Policy, EU AI Act, NIST AI RMF, and Information Security Policy
Enforces systematic threat modeling for Black Trigram using STRIDE, MITRE ATT&CK, and attack trees — maintains THREAT_MODEL.md and FUTURE_THREAT_MODEL.md aligned with Hack23 Threat Modeling Policy and Secure Development Policy §3.2
Enforces C4 Architecture Model documentation standards for Black Trigram. Ensures ARCHITECTURE.md, DATA_MODEL.md, FLOWCHART.md, STATEDIAGRAM.md, MINDMAP.md, SWOT.md and their FUTURE_* variants are maintained with strategic, rule-based principles.
Enforces WCAG 2.1 Level AA accessibility for Black Trigram — semantic HTML, ARIA, keyboard navigation, 4.5:1/3:1 contrast, screen reader support, and prefers-reduced-motion for inclusive Korean martial arts gameplay
Enforces code quality standards for Black Trigram — maintainable, type-safe TypeScript with low complexity, organized imports, explicit error handling, and search-before-create discipline
Enforces data protection at every stage of its lifecycle for Black Trigram — classification, HTTPS/TLS 1.2+, CSP, SRI, minimal retention, aligned with Hack23 Data Classification Policy and GDPR Articles 5, 25, 32
Enforces consistent documentation standards for Black Trigram — JSDoc/TSDoc completeness, architecture currency, bilingual Korean-English content, and security documentation updates
| name | ai-governance |
| description | Enforces AI governance for Black Trigram — transparent and accountable AI-assisted development aligned with Hack23 AI Governance Policy, EU AI Act, NIST AI RMF, and Information Security Policy |
| license | MIT |
Strategic Principle: AI-powered development must be transparent, accountable, and aligned with organizational policies.
Enforce AI governance standards for Black Trigram, ensuring AI-assisted development (GitHub Copilot, coding agents) follows Hack23 ISMS policies for transparency, security, and compliance.
Reference: Hack23 ISMS Information Security Policy | EU AI Act
IF (code generated or assisted by AI: Copilot, coding agents)
THEN (review for security vulnerabilities, license compliance, and correctness)
ELSE (AI-generated code may contain vulnerabilities or license issues)
IF (using GitHub Copilot coding agents)
THEN (define clear instructions via agents/*.md, enforce skills, limit permissions)
ELSE (ungoverned AI agents may produce non-compliant code)
IF (AI tool processes code or data)
THEN (verify no sensitive data (secrets, PII) is sent to AI services)
ELSE (data leakage through AI service APIs)
IF (AI generates security-critical code: auth, crypto, input validation)
THEN (mandatory human review AND automated security scanning)
ELSE (AI may generate insecure patterns)
IF (AI significantly contributes to implementation)
THEN (document AI involvement in PR description or commit message)
ELSE (lack of transparency in development process)
.github/agents/ → Agent definitions with frontmatter
.github/skills/ → Skill enforcement rules
.github/copilot-instructions.md → Global AI instructions
.github/copilot-mcp.json → MCP server configuration
IF (agent .md file)
THEN (must be < 30,000 characters)
ELSE (agent will not load properly)
□ No hardcoded secrets or credentials
□ Input validation present for all user inputs
□ Error handling follows project patterns
□ Types are strict (no 'any')
□ Tests are comprehensive and meaningful
□ Korean theming applied correctly
□ Performance considerations addressed
□ License-compatible with project
| Requirement | Implementation |
|---|---|
| Transparency | AI contributions documented in PRs |
| Human oversight | Human review required for all AI PRs |
| Risk management | Security scanning of AI-generated code |
| Data governance | No PII/secrets sent to AI services |
| Technical documentation | Agent and skill documentation maintained |
흑괘의 AI 거버넌스 - AI Governance of the Black Trigram