AI Governance

The Rules That Keep AI Safe in Leja

The Non-Negotiable Boundary

AI handles: triage, pattern surfacing, pre-filling, drafting, ranking, routing. Humans handle: consequential decisions — fraud flags, dispute resolutions, payment confirmations, attestations. This boundary cannot drift. Speed and cost do not override it. The moment AI makes consequential decisions autonomously because it is faster or cheaper, the witnessing model’s integrity begins to degrade. This is a product governance requirement, not an engineering preference.

What AI Can Decide Autonomously

ROUTING:
  - Route a document to the correct state compliance template
  - Categorize a maintenance request to the correct service category
  - Route a submission to the human review queue when flagged

RANKING AND SURFACING:
  - Rank applicants by Trust Graph compatibility for an agent's review
  - Surface compatible service providers for a requester's consideration
  - Suggest the most likely charge match for an extracted payment
  - Prioritize anomaly feed by severity

PRE-FILLING AND DRAFTING:
  - Pre-populate tenancy agreement fields from extracted data
  - Draft narrative reminders and summaries for human review
  - Pre-fill document packs from verified identity data
  - Generate receipt context notes for human approval

FLAGGING (ADVISORY ONLY):
  - Flag a submission as LOW_CONFIDENCE for extra human review
  - Flag a payment as potentially anomalous
  - Flag a network pattern for fraud review
  - Flag a maintenance pattern as systemic

What AI Cannot Decide Autonomously

FINANCIAL:
  - Confirm a payment (always human)
  - Waive a charge (always human)
  - Process a deposit return (always human)
  - Release a payment from dispute hold (always human)

IDENTITY AND TRUST:
  - Set a fraud flag (human review required)
  - Clear a fraud flag (human review required)
  - Set or clear a dispute flag (human review required)
  - Reject a document upload (AI flags; human confirms rejection)
  - Upgrade or downgrade a verification tier (system confirms with human oversight)

CONSEQUENTIAL COMMUNICATIONS:
  - Send a formal eviction notice (always human)
  - Send a legal notice (always human)
  - Communicate a fraud finding to any party (always human)

ACCESS AND PERMISSIONS:
  - Grant or revoke institutional API access (always admin)
  - Suspend or reactivate an organisation (always admin)
  - Assign or remove staff roles (always managing director)

The aiConfidence Field Contract

Every AI-touched record carries aiConfidence (0.0–1.0). This field is permanent. It cannot be removed after the record is created. It documents that AI was involved and how confident it was. Threshold rules:

aiConfidence >= 0.85: Full AI assistance — standard flow
0.60 <= aiConfidence < 0.85: AI assistance with flag — show warning to human
aiConfidence < 0.60: Low confidence — mandatory human review before action

Bias Audit Framework

Why It Is Required

Early Leja data will skew toward:

Lagos (first market)
Higher income brackets (first users)
Residential properties (vs. commercial)
Agents and agencies (vs. solo landlords)

A model trained on this skewed data will produce biased signals. If unchecked, bias compounds over time as the biased model’s outputs become the inputs for future training.

Cadence: Quarterly (Every 3 Months)

Scope of Each Quarterly Audit

1. Trust Graph Scoring Bias
   Question: Are certain demographic groups, geographic areas, or
             property types systematically scored lower?
   Method: Compare score distributions across states, property types,
           and (anonymized) demographic indicators
   Threshold: Score tier distribution should not vary by more than 15%
             between comparable groups

2. Service Participation Matching Bias
   Question: Are lower-tier users getting fair access to the service participation loop?
   Method: Track job acceptance rates by Trust Graph tier
   Threshold: Bronze-tier providers should receive offers at > 40% of
             the rate that Gold-tier providers receive them

3. Applicant Shortlisting Bias
   Question: Is the AI shortlisting systematically excluding certain applicants?
   Method: Compare shortlisting rates by Trust Graph tier
   Threshold: No tier should have shortlisting rate < 50% of the top tier rate

4. Fraud Detection Bias
   Question: Are certain groups flagged at disproportionate rates?
   Method: Compare fraud flag rates across groups
   Threshold: No group should have a fraud flag rate > 2x the platform average

5. Anomaly Detection Bias
   Question: Are anomalies being detected equitably across the portfolio?
   Method: Compare anomaly detection rates by property location and rent band
   Threshold: Detection rates should not vary by more than 25% across bands

Audit Process

1. Compliance team pulls anonymized data for the audit period
2. Analysis run using audit scripts (stored in /audit/scripts/)
3. Results reviewed by SUPER_ADMIN and compliance team
4. Findings classified: PASS / MONITOR / ACTION_REQUIRED
5. For ACTION_REQUIRED findings:
   a. Root cause analysis (which training data or prompt is causing this?)
   b. Correction applied (prompt adjustment, weight adjustment, or data addition)
   c. Re-run affected subset to verify correction
   d. Document the correction with the finding
6. Audit report stored permanently in audit archive
7. Summary published to stakeholders

What Happens When Bias Is Found

MONITOR: The bias is within acceptable range but trending toward the threshold. Flag for next quarter’s audit. No immediate action. ACTION_REQUIRED: The bias exceeds the threshold. Immediate action:

The affected intelligence behavior is paused for the specific use case showing bias
Root cause is identified
Correction is implemented and validated
Feature is re-enabled after validation
The finding and correction are documented permanently

Bias findings are never suppressed. They are corrected and documented.

Prompt Version Control

All AI prompts are version-controlled code in packages/ai/prompts/. Prompts are reviewed like any other code before merging. Prompt changes require:

A description of what changed and why
Test results on at least 10 relevant inputs
Review by at least one other team member
No breaking changes to the Zod output schema without a data migration plan

Cost Controls

AI cost is tracked per organisation. Rate limits apply:

Free tier (solo agents):
  AI extraction: 10 per month
  Agreement generation: 5 per month
  Narrative generation: Unlimited (low cost)
  Anomaly detection: Not included

Pro tier:
  AI extraction: Unlimited
  Agreement generation: Unlimited
  Anomaly detection: Daily (included in subscription)
  NL queries: 100 per month

Business and above:
  All unlimited
  Priority processing (lower queue wait times)

If an organisation exceeds their tier limits, additional AI operations are billed as transaction fees rather than blocked.

​AI Governance

​The Rules That Keep AI Safe in Leja

​The Non-Negotiable Boundary

​What AI Can Decide Autonomously

​What AI Cannot Decide Autonomously

​The aiConfidence Field Contract

​Bias Audit Framework

​Why It Is Required

​Cadence: Quarterly (Every 3 Months)

​Scope of Each Quarterly Audit

​Audit Process

​What Happens When Bias Is Found

​Prompt Version Control

​Cost Controls