Standards Coverage Matrix

See Start Here for the fastest download/apply path.

This matrix maps every AEEF production standard to its enforcement mechanism in each reference implementation tier. A checkmark indicates the standard is enforced at that tier; the Enforced By column identifies the specific files or configurations responsible.

Coverage Overview

Standard	Title	Quick Start	Transformation	Production
PRD-STD-001	Prompt Engineering	✓	✓	✓
PRD-STD-002	Code Review	✓	✓	✓
PRD-STD-003	Testing Requirements	✓	✓	✓
PRD-STD-004	Security Scanning	✓	✓	✓
PRD-STD-005	Documentation	--	✓	✓
PRD-STD-006	Technical Debt	--	✓	✓
PRD-STD-007	Quality Gates	--	✓	✓
PRD-STD-008	Dependency Compliance	✓	✓	✓
PRD-STD-009	Autonomous Agent Governance	--	✓	✓
PRD-STD-010	AI Product Safety & Trust	--	--	✓
PRD-STD-011	Model & Data Governance	--	--	✓
PRD-STD-012	Inference Reliability & Cost Controls	--	--	✓
PRD-STD-013	Multi-Tenant AI Governance	--	--	✓
PRD-STD-014	AI Product Privacy & Data Rights	--	--	✓
PRD-STD-015	Multilingual AI Quality & Safety	--	--	✓
PRD-STD-016	Channel AI Governance	--	--	✓

Detailed Enforcement Map

PRD-STD-001: Prompt Engineering

Tier	Enforced By
Quick Start	`.cursorrules`, `.github/copilot-instructions.md`, `.claude/settings.json`, role prompt templates
Transformation	All Quick Start configs + CI validation of prompt metadata in PR descriptions
Production	All Transformation configs + agent contract schema validation, prompt audit logging

PRD-STD-002: Code Review

Tier	Enforced By
Quick Start	`.github/PULL_REQUEST_TEMPLATE.md` with AI-disclosure checklist, branch protection rules
Transformation	Quick Start + automated PR labeling for AI-generated code, review assignment rules
Production	Transformation + provenance-tagged review workflows, audit trail generation

PRD-STD-003: Testing Requirements

Tier	Enforced By
Quick Start	`jest.config.ts` / `pytest.ini` / `go test` config with minimum coverage thresholds
Transformation	Quick Start + mutation testing (Stryker/mutmut/go-mutesting), coverage gate in CI
Production	Transformation + integration test suites, contract testing, load testing pipelines

PRD-STD-004: Security Scanning

Tier	Enforced By
Quick Start	Semgrep rules (`.semgrep/`), `npm audit` / `pip-audit` / `govulncheck` in CI
Transformation	Quick Start + SAST pipeline stage, SCA with license checking, secret scanning
Production	Transformation + DAST integration, runtime vulnerability monitoring, SBOM generation

PRD-STD-005: Documentation

Tier	Enforced By
Transformation	Automated API doc generation, ADR templates, changelog enforcement in CI
Production	Transformation + generated architecture diagrams, compliance documentation templates

PRD-STD-006: Technical Debt

Tier	Enforced By
Transformation	ESLint / Ruff / golangci-lint configs with complexity thresholds, tech debt tracking labels
Production	Transformation + drift detection pipeline, automated refactoring suggestions

PRD-STD-007: Quality Gates

Tier	Enforced By
Transformation	CI pipeline with required status checks: lint, typecheck, test, security, coverage
Production	Transformation + deployment gates, canary analysis, rollback triggers

PRD-STD-008: Dependency Compliance

Tier	Enforced By
Quick Start	`package.json` / `pyproject.toml` / `go.mod` with pinned versions, lockfile enforcement
Transformation	Quick Start + automated dependency update PRs, license allow/deny lists
Production	Transformation + SBOM generation and verification, supply chain attestation

PRD-STD-009: Autonomous Agent Governance

Tier	Enforced By
Transformation	Agent registry schema, agent contract templates, handoff protocol definitions
Production	Transformation + runtime agent monitoring, trust boundary enforcement, escalation automation

PRD-STD-010: AI Product Safety & Trust

Tier	Enforced By
Production	Trust metrics dashboard, safety test suites, bias detection pipeline, human override controls

PRD-STD-011: Model & Data Governance

Tier	Enforced By
Production	Model registry with versioning, training data lineage tracking, data quality validation

PRD-STD-012: Inference Reliability & Cost Controls

Tier	Enforced By
Production	Rate limiting configs, cost dashboards, fallback routing, latency SLO monitoring

PRD-STD-013: Multi-Tenant AI Governance

Tier	Enforced By
Production	Tenant isolation configs, per-tenant model routing, data segregation validation

PRD-STD-014: AI Product Privacy & Data Rights

Tier	Enforced By
Production	PII detection pipeline, data retention policies, consent management integration, sovereign data overlays

PRD-STD-015: Multilingual AI Quality & Safety

Tier	Enforced By
Production	Multilingual test suites, translation quality gates, locale-specific safety filters

PRD-STD-016: Channel AI Governance

Tier	Enforced By
Production	Channel-specific policy configs, cross-channel consistency checks, channel audit logging

Using This Matrix

Gap analysis -- Compare your current tooling against this matrix to identify which standards you are not yet enforcing.
Tier selection -- Choose the tier that covers the standards your organization requires. See Adoption Paths for guidance.
Incremental adoption -- Start with Tier 1 and add Tier 2/3 capabilities as your maturity increases. Each tier is additive.
Audit evidence -- Use this matrix as a reference when preparing compliance evidence. Each enforcement mechanism produces artifacts that serve as audit records.

Coverage Overview​

Detailed Enforcement Map​

PRD-STD-001: Prompt Engineering​

PRD-STD-002: Code Review​

PRD-STD-003: Testing Requirements​

PRD-STD-004: Security Scanning​

PRD-STD-005: Documentation​

PRD-STD-006: Technical Debt​

PRD-STD-007: Quality Gates​

PRD-STD-008: Dependency Compliance​

PRD-STD-009: Autonomous Agent Governance​

PRD-STD-010: AI Product Safety & Trust​

PRD-STD-011: Model & Data Governance​

PRD-STD-012: Inference Reliability & Cost Controls​

PRD-STD-013: Multi-Tenant AI Governance​

PRD-STD-014: AI Product Privacy & Data Rights​

PRD-STD-015: Multilingual AI Quality & Safety​

PRD-STD-016: Channel AI Governance​

Using This Matrix​