A practical, risk-tiered checklist framework for evaluating AI release readiness, with a packaged CLI validator for local use and CI pipelines.
Use this repository when you need a working validator for YAML-based release-readiness configurations.
This repo is intentionally narrower than:
release-governance, which explains the broader release lifecycle and gate modelgovernance-playbook, which covers the wider AI operating modelregulated-ai, which is a starter template repo
This is an alpha working tool. It is useful for demos, internal experiments, governance prototyping, and CI-style validation of example release-readiness files. It is not a full policy engine, compliance product, or safety certification tool.
- a packaged
release-checklistCLI for validating YAML-based release gate configurations - starter templates generated with
release-checklist init - example configurations for medium-risk and high-risk AI systems
- typed validation for known metadata fields, boolean gates, bounded numeric values, and expected mapping shapes
- text, JSON, and Markdown reporting for local use and CI pipelines
- GitHub Actions CI covering supported Python versions and packaged CLI behavior
The command-line tool is installed as release-checklist. The Python package namespace is currently airc, short for AI Release Checklist. This keeps the CLI name readable while keeping the internal package namespace concise.
Three risk tiers are supported, chosen based on safety impact, regulatory exposure, and reversibility:
| Tier | Use when |
|---|---|
| Low risk | Internal tools, no safety impact, easily reversible |
| Medium risk | Customer-facing, some regulatory context, limited fallback |
| High risk | Safety-critical, regulated environment, hard to reverse |
Higher tiers inherit the required gates from lower tiers and add stricter requirements.
The validator expects a nested YAML structure with these top-level sections:
metadatamodel_validationgovernanceinfrastructure- optional but supported:
incident_readiness
Known nested sections such as model_validation.performance, governance.approvals, and infrastructure.testing are expected to be mappings rather than free-form lists or strings.
git clone https://github.com/simaba/release-checklist.git
cd release-checklist
python -m pip install -e .Validate a working example configuration:
release-checklist validate configs/medium-risk-example.yamlGenerate a report:
release-checklist report configs/medium-risk-example.yaml --format markdownCreate a starter template:
release-checklist init --industry healthcareLegacy direct execution is still supported for local source checkouts:
python src/check_release.py validate configs/medium-risk-example.yamlInstall development dependencies:
python -m pip install -e ".[dev]"metadata:
project: "IVI assistant"
version: "1.0.0"
environment: "staging"
regulated_industry: "general"
risk_classification: "medium"
model_validation:
performance:
accuracy_threshold: 0.90
bias_evaluation_complete: true
governance:
documentation:
risk_assessment_complete: true
approvals:
technical_review: true
infrastructure:
testing:
unit_tests_passing: true
rollback:
rollback_plan_documented: trueThe validator currently enforces:
- required top-level sections
- required metadata fields
- allow-listed values for environment, industry, and risk tier
- semver-like version formatting such as
1.0.0 - mapping/object shape checks for known structural sections
- boolean typing for known gates
- bounded numeric validation for known fields such as
accuracy_threshold - positive numeric validation for known monitoring fields such as
latency_ms
This repository is meant to be useful in real workflows, but it is still a lightweight validator rather than a full policy engine.
This repository is shared in a personal capacity. It is not legal advice, compliance certification, regulatory approval, safety certification, or official guidance from NIST, the EU, ISO, or any employer.
References to risk tiers, release gates, NIST AI RMF, EU AI Act, or industry obligations are practitioner mappings and examples. Always verify against official sources before using this tool for compliance, safety, or release decisions.
configs/
medium-risk-example.yaml
high-risk-example.yaml
src/
airc/
cli.py
validator.py
report.py
templates.py
check_release.py
tests/
test_validator.py
requirements.txt
pyproject.toml
.github/workflows/ci.yml
| Repository | What it adds |
|---|---|
| release-governance | Broader framework this checklist operationalizes |
| governance-playbook | End-to-end operating model |
| regulated-ai | Starter template repo with governance artifacts |
Shared in a personal capacity. Open to collaborations and feedback via LinkedIn or Medium.