A practical, risk-tiered checklist framework for evaluating AI release readiness, with a packaged CLI validator for local use and CI pipelines.
Use this repository when you need a working validator for YAML-based release-readiness configurations.
This repo is intentionally narrower than:
release-governance, which explains the broader release lifecycle and gate modelgovernance-playbook, which covers the wider AI operating modelregulated-ai, which is a starter template repo
- a packaged
release-checklistCLI for validating YAML-based release gate configurations - starter templates generated with
release-checklist init - example configurations for medium-risk and high-risk AI systems
- typed validation for known metadata fields, boolean gates, bounded numeric values, and expected mapping shapes
- text, JSON, and Markdown reporting for local use and CI pipelines
- GitHub Actions CI covering supported Python versions and packaged CLI behavior
Three risk tiers are supported, chosen based on safety impact, regulatory exposure, and reversibility:
| Tier | Use when |
|---|---|
| Low risk | Internal tools, no safety impact, easily reversible |
| Medium risk | Customer-facing, some regulatory context, limited fallback |
| High risk | Safety-critical, regulated environment, hard to reverse |
Higher tiers inherit the required gates from lower tiers and add stricter requirements.
The validator expects a nested YAML structure with these top-level sections:
metadatamodel_validationgovernanceinfrastructure- optional but supported:
incident_readiness
Known nested sections such as model_validation.performance, governance.approvals, and infrastructure.testing are expected to be mappings rather than free-form lists or strings.
git clone https://github.com/simaba/release-checklist.git
cd release-checklist
python -m pip install -e .Validate a working example configuration:
release-checklist validate configs/medium-risk-example.yamlGenerate a report:
release-checklist report configs/medium-risk-example.yaml --format markdownCreate a starter template:
release-checklist init --industry healthcareLegacy direct execution is still supported for local source checkouts:
python src/check_release.py validate configs/medium-risk-example.yamlInstall development dependencies:
python -m pip install -e ".[dev]"metadata:
project: "IVI assistant"
version: "1.0.0"
environment: "staging"
regulated_industry: "general"
risk_classification: "medium"
model_validation:
performance:
accuracy_threshold: 0.90
bias_evaluation_complete: true
governance:
documentation:
risk_assessment_complete: true
approvals:
technical_review: true
infrastructure:
testing:
unit_tests_passing: true
rollback:
rollback_plan_documented: trueThe validator currently enforces:
- required top-level sections
- required metadata fields
- allow-listed values for environment, industry, and risk tier
- semver-like version formatting such as
1.0.0 - mapping/object shape checks for known structural sections
- boolean typing for known gates
- bounded numeric validation for known fields such as
accuracy_threshold - positive numeric validation for known monitoring fields such as
latency_ms
This repository is meant to be useful in real workflows, but it is still a lightweight validator rather than a full policy engine.
configs/
medium-risk-example.yaml
high-risk-example.yaml
src/
airc/
cli.py
validator.py
report.py
templates.py
check_release.py
tests/
test_validator.py
requirements.txt
pyproject.toml
.github/workflows/ci.yml
| Repository | What it adds |
|---|---|
| release-governance | Broader framework this checklist operationalizes |
| governance-playbook | End-to-end operating model |
| regulated-ai | Starter template repo with governance artifacts |
Shared in a personal capacity. Open to collaborations and feedback via LinkedIn or Medium.