np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
961ee7234344912ecd585c1366fe99ea4a3ce35a
lcbp3/specs/06-Decision-Records/ADR-018-ai-boundary.md
T
admin c95e0f537e
CI / CD Pipeline / build (push) Successful in 4m34s
Details
CI / CD Pipeline / deploy (push) Successful in 7m33s
Details
690404:1139 Modify ADR
2026-04-04 11:39:56 +07:00

558 lines
27 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ADR-018: AI Boundary Policy (AI Isolation)
**Status:** Accepted
**Date:** 2026-03-27
**Version:** 1.8.2 (Aligned with ADR-020)
**Review Cycle:** Core ADR (Review every 6 months or Major Version upgrade)
**Decision Makers:** Security Team, System Architect, AI Integration Lead
**Gap Resolution:** Addresses AI security risks (data exposure, unauthorized modification, privilege escalation) and compliance requirements (ISO 27001, PDPA) from Security Requirements (Section 3.1) and Risk Assessment (Section 4.2)
**Version Dependency:**
- **Effective From:** v1.8.2
- **Applies To:** v1.8.2+ (All AI implementations)
- **Backward Compatible:** v1.8.0+ (Security policy enforcement)
- **Required For:** v1.9.0+ (Mandatory for all AI features)
**Related Documents:**
- [ADR-020: AI Intelligence Integration Architecture](./ADR-020-ai-intelligence-integration.md) — Overall AI Architecture & RFA-First Strategy
- [ADR-017: Ollama Data Migration Architecture](./ADR-017-ollama-data-migration.md)
- [ADR-017B: AI Document Classification](./ADR-017B-ai-document-classification.md)
- [ADR-016: Security & Authentication](./ADR-016-security-authentication.md)
- [ADR-019: Hybrid Identifier Strategy](./ADR-019-hybrid-identifier-strategy.md)
- [n8n Migration Setup Guide](../03-Data-and-Storage/03-05-n8n-migration-setup-guide.md)
- [RAG Architecture](../03-Data-and-Storage/03-07-OpenRAG.md)
> **หมายเหตุ:** ADR-018 เป็น Security Policy หลักที่ควบคุมการทำงานของ AI Components ทั้งหมดในระบบ LCBP3-DMS ทุก Use Case ที่ใช้ AI (Migration, RAG, Smart Categorization) ต้องปฏิบัติตาม Policy นี้ และเป็นส่วนหนึ่งของ ADR-020 (Unified AI Architecture).
---
## Context and Problem Statement
### ปัญหาที่ต้องการแก้ไข
การนำ AI (Ollama, OpenRAG, หรือ LLM อื่นๆ) เข้ามาใช้งานในระบบ DMS ที่มีเอกสารสำคัญและข้อมูล Confidential ของโครงการท่าเรือ Laem Chabang Phase 3 มีความเสี่ยงด้าน Security หลัก 4 ประการ:
1. **Data Exposure Risk:** หาก AI มีสิทธิ์เข้าถึง Database โดยตรง อาจมีการรั่วไหลของข้อมูลทางการค้า / การก่อสร้าง
2. **Unauthorized Data Modification:** AI อาจทำการแก้ไขข้อมูลโดยไม่มีการตรวจสอบจาก Human
3. **Privilege Escalation:** หาก AI ถูก compromise อาจใช้สิทธิ์ Database Access เพื่อโจมตีระบบอื่น
4. **Compliance Violation:** ไม่สอดคล้องกับมาตรฐาน ISO 27001 และ PDPA สำหรับข้อมูลส่วนบุคคล
### ข้อจำกัดด้าน Infrastructure
- **QNAP NAS:** เป็น Production Server ที่ไม่ควรรัน AI Workload (Resource contention + Security boundary)
- **Admin Desktop (Desk-5439):** เครื่องสำหรับ Admin มี GPU (RTX 2060 Super 8GB) เหมาะสำหรับ AI Inference
- **Network Segmentation:** ต้องแยก Zone ระหว่าง AI Processing (Untrusted) กับ Database (Trusted)
---
## Decision Drivers
- **Zero Trust Architecture:** AI ถือเป็น Untrusted Component เสมอ ไม่ว่าเป็น On-Premise หรือไม่
- **Defense in Depth:** หลายชั้นของการควบคุม (Physical → Network → API → Data)
- **Auditability:** ทุกการสื่อสารกับ AI ต้อง Log ได้
- **Human-in-the-Loop:** ข้อมูลจาก AI ต้องผ่าน Human Validation ก่อน Commit ลง Database
- **Minimal Privilege:** AI ได้รับสิทธิ์น้อยที่สุด (Principle of Least Privilege)
---
## Considered Options
### Option 1: AI รันบน QNAP NAS (Same Host กับ Database)
**Pros:**
- ✅ ติดตั้งง่าย ไม่ต้องดูแลหลายเครื่อง
- ✅ Network Latency ต่ำ (localhost)
**Cons:**
-**Security Risk สูง:** AI มี Direct Access ถึง Database หากถูก compromise
-**Resource Contention:** AI Inference กิน RAM/CPU สูง กระทบ Production Services
-**No Isolation:** ไม่มี Security Boundary ระหว่าง AI กับ Core Application
### Option 2: AI บน Cloud AI Provider (OpenAI, Google, Azure)
**Pros:**
- ✅ AI ฉลาดสูง แม่นยำมาก
- ✅ ไม่ต้องดูแล Hardware
**Cons:**
-**ผิดนโยบาย Data Privacy:** เอกสารก่อสร้างท่าเรือเป็นความลับ ห้ามส่งข้อมูลขึ้น Cloud
-**Cost สูง:** Pay-per-use ไม่เหมาะกับงานประมวลผลจำนวนมาก
-**No Control:** ไม่สามารถควบคุม Data Retention หรือ Audit ได้
### Option 3: Physical Isolation + API-only Communication ⭐ (Selected)
**Pros:**
-**Security Boundary ชัดเจน:** AI รันบน Desktop แยกต่างหาก ไม่เข้าถึง DB โดยตรง
-**Zero Trust:** AI ถือเป็น Untrusted Component สื่อสารผ่าน API เท่านั้น
-**Audit Trail:** ทุก Request/Response ผ่าน Backend ซึ่งมี Audit Log ครบถ้วน
-**Human-in-the-Loop:** Backend ตรวจสอบข้อมูลก่อน Write ลง Database
-**Resource Isolation:** AI Workload ไม่กระทบ Production Services บน QNAP
-**Compliance:** สอดคล้องกับ ISO 27001 และ PDPA
**Cons:**
- ❌ ต้องดูแลเครื่อง Desktop เพิ่ม (GPU Temperature, Uptime)
- ❌ Network Latency เพิ่มขึ้นเล็กน้อย (LAN traffic)
- ❌ ต้องออกแบบ API Contract ให้รัดกุม
---
## Decision Outcome
**Chosen Option:** Option 3 — Physical Isolation + API-only Communication
**Rationale:**
การแยก AI ไปรันบน Admin Desktop (Desk-5439) และบังคับให้สื่อสารผ่าน DMS Backend API เท่านั้น เป็นแนวทางที่ Balance ระหว่าง Security, Privacy, และ Operational Feasibility ดีที่สุด ทำให้ AI ถูกมองว่าเป็น **Untrusted External Component** เสมอ แม้จะรันในเครือข่ายเดียวกัน
---
## Impact Analysis
### Affected Components
| Component | Impact Level | Description |
|-----------|--------------|-------------|
| **AI Infrastructure** | **High** | Physical isolation on Admin Desktop, network segmentation |
| **Security Architecture** | **High** | New AI authentication, audit logging, validation layers |
| **API Design** | **Medium** | AI-specific endpoints, authentication scopes, rate limiting |
| **Network Configuration** | **Medium** | IP whitelisting, firewall rules, zone segmentation |
| **Monitoring & Logging** | **Medium** | AI service health checks, audit trail expansion |
| **Development Workflow** | **Low** | AI development guidelines, compliance checks |
| **Documentation** | **Low** | Security policies, AI integration guides |
### Required Changes
| Change Category | Specific Changes | Priority |
|----------------|------------------|----------|
| **Infrastructure** | <ul><li>Setup AI Zone on Admin Desktop (Desk-5439)</li><li>Configure network segmentation and IP whitelisting</li><li>Install Ollama and AI services on isolated host</li><li>Setup firewall rules for AI communication</li></ul> | **Critical** |
| **Security** | <ul><li>Create AI service authentication tokens</li><li>Implement AI-specific API scopes and permissions</li><li>Setup comprehensive audit logging for AI interactions</li><li>Configure rate limiting for AI endpoints</li></ul> | **Critical** |
| **API Layer** | <ul><li>Create AI validation service with confidence thresholds</li><li>Add AI-specific authentication middleware</li><li>Implement AI request/response logging</li><li>Create AI health check endpoints</li></ul> | **Critical** |
| **Network** | <ul><li>Configure LAN-only access for AI services</li><li>Setup IP whitelist for AI host communication</li><li>Implement network monitoring for AI traffic</li><li>Create firewall rules for AI zone isolation</li></ul> | **High** |
| **Monitoring** | <ul><li>Setup AI service health monitoring</li><li>Create audit log analysis for AI interactions</li><li>Implement GPU temperature and resource monitoring</li><li>Create alerting for AI service failures</li></ul> | **High** |
| **Documentation** | <ul><li>Create AI integration security guidelines</li><li>Update development workflows with AI security requirements</li><li>Create AI compliance documentation</li><li>Update API documentation with AI security requirements</li></ul> | **Medium** |
| **Testing** | <ul><li>Create AI security penetration tests</li><li>Implement AI boundary validation tests</li><li>Create AI authentication and authorization tests</li><li>Setup AI compliance verification tests</li></ul> | **Medium** |
### Cross-Component Dependencies
| Dependency | Source | Target | Impact |
|------------|--------|--------|--------|
| **AI Services → Backend API** | Ollama/OpenRAG requests | DMS Backend validation layer | Security enforcement |
| **Authentication → AI Services** | JWT token validation | AI service access control | Access management |
| **Network → AI Infrastructure** | Firewall rules | Admin Desktop isolation | Network security |
| **Audit → AI Interactions** | Logging service | AI request/response tracking | Compliance monitoring |
| **Monitoring → AI Health** | Health checks | AI service availability | Operational stability |
| **Documentation → Development** | Security guidelines | AI integration patterns | Developer compliance |
---
## AI Isolation Architecture
### Infrastructure Layout
| Component | Host | Zone | Network Access | Database Access |
|-----------|------|------|----------------|-----------------|
| **Ollama / OpenRAG** | Admin Desktop (Desk-5439) | Untrusted (AI Zone) | LAN only (QNAP NAS mount) | ❌ **ไม่มี** |
| **DMS Backend** | QNAP NAS (Docker) | Trusted (App Zone) | LAN + Frontend | ✅ Full Access |
| **MariaDB** | QNAP NAS | Trusted (DB Zone) | Localhost only | — |
| **n8n** | QNAP NAS (Docker) | Trusted (Orchestrator) | LAN + DB | ✅ Via API only |
### Communication Flow
```
┌─────────────────────────────────────────────────────────────────┐
│ Untrusted Zone (AI Zone) │
│ Admin Desktop (Desk-5439) — RTX 2060 Super 8GB │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Ollama (LLM) │ │ OpenRAG │ │
│ │ Port: 11434 │ │ (Docling) │ │
│ └────────┬────────┘ └────────┬────────┘ │
└───────────┼─────────────────────┼───────────────────────────────┘
│ │
│ HTTP API │ Write JSON
│ │
┌───────────┼─────────────────────┼───────────────────────────────┐
│ ▼ ▼ │
│ Trusted Zone (App Zone) │
│ QNAP NAS (Docker) │
│ ┌─────────────────┐ ┌─────────────────┐ ┌────────────┐ │
│ │ DMS Backend │◀───│ n8n │ │ MariaDB │ │
│ │ (NestJS) │ │ (Poll JSON) │ │ (Auth DB) │ │
│ │ Port: 3001 │ └─────────────────┘ └────────────┘ │
│ └────────┬────────┘ │
│ │ │
│ │ Validation + Audit Log │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Database │ │
│ │ (MariaDB) │ │
│ └─────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
> ⚠️ **ข้อห้าม:** Ollama/OpenRAG **ห้าม** อยู่บน QNAP NAS และ **ห้าม** มี Database Connection String
---
## Security Rules (Non-Negotiable)
### Rule 1: Physical Isolation
| ข้อกำหนด | รายละเอียด |
|----------|------------|
| **AI Host** | Admin Desktop (Desk-5439) เท่านั้น |
| **Forbidden Hosts** | QNAP NAS, Production Servers, Cloud VM |
| **Hardware** | i7-9700K / 32GB RAM / RTX 2060 Super 8GB |
| **Network** | LAN (192.168.x.x) — No Public IP |
### Rule 2: No Direct Database Access
```typescript
// ❌ FORBIDDEN — AI ห้ามเชื่อมต่อ Database โดยตรง
const connection = await mysql.createConnection({
host: '192.168.1.100',
user: 'ai_service', // NEVER!
password: '***',
database: 'lcbp3_dms'
});
// ✅ CORRECT — AI สื่อสารผ่าน DMS Backend API เท่านั้น
const response = await fetch('http://192.168.1.100:3001/api/ai/analyze', {
method: 'POST',
headers: { 'Authorization': 'Bearer ' + ai_token },
body: JSON.stringify({ text: extractedText })
});
```
### Rule 3: No Direct Storage Access
```bash
# ❌ FORBIDDEN — AI ห้ามเข้าถึง File System โดยตรง
mv /data/dms/uploads/TCC-COR-0001.pdf /final/path/
cp /staging_ai/*.pdf /processed/
# ✅ CORRECT — ใช้ StorageService ผ่าน API เท่านั้น
POST /api/storage/upload
POST /api/migration/commit_batch
```
### Rule 4: Validation Layer
```typescript
// Backend ตรวจสอบ AI Output ทุกครั้งก่อน Write
@Injectable()
export class AiValidationService {
validateAiOutput(output: AiOutputDto): ValidationResult {
// 1. Schema Validation (Zod/class-validator)
const schemaCheck = this.validateSchema(output);
// 2. Confidence Threshold (≥ 0.85 auto-approve, 0.600.84 review, < 0.60 reject)
const confidenceCheck = this.checkConfidence(output.confidence);
// 3. Enum Enforcement (Category must be from System Enum)
const enumCheck = this.validateCategoryEnum(output.suggested_category);
// 4. Audit Log Recording
this.auditLog.record({
action: 'AI_VALIDATION',
source: 'AI_SERVICE',
confidence: output.confidence,
result: schemaCheck && confidenceCheck && enumCheck
});
return { isValid: schemaCheck && confidenceCheck && enumCheck };
}
}
```
### Rule 5: Audit Logging
| Event | Log Level | Fields |
|-------|-----------|--------|
| AI Request | INFO | `timestamp`, `source_ip`, `model`, `prompt_hash` |
| AI Response | INFO | `timestamp`, `confidence`, `processing_time`, `response_hash` |
| Validation Pass | INFO | `record_id`, `confidence`, `validator` |
| Validation Fail | WARN | `record_id`, `reason`, `raw_response` |
| Unauthorized Access | ERROR | `source_ip`, `attempted_action`, `blocked_by` |
---
## AI Communication Contract
### API Endpoint Design
```typescript
// AI เรียก Backend (ผ่าน n8n หรือตรง)
POST /api/ai/analyze-document
Headers:
- Authorization: Bearer {ai_service_token}
- Idempotency-Key: {document_hash}
- X-AI-Source: ollama | openrag
Body:
{
"extracted_text": "ข้อความจาก OCR...",
"document_type_hint": "pdf",
"source_file": "TCC-COR-2024-001.pdf"
}
Response:
{
"is_valid": true,
"confidence": 0.92,
"suggested_category": "Correspondence",
"extracted_metadata": { ... },
"audit_log_id": "0195..."
}
```
### Authentication for AI Services
| Service | Auth Method | Token Lifetime | Scope |
|---------|-------------|----------------|-------|
| **Ollama** | mTLS / IP Whitelist | Session-based | `ai:invoke` |
| **n8n → Backend** | JWT (Service Account) | 1 hour | `migration:write`, `ai:read` |
| **OpenRAG** | File-based (Shared NAS) | N/A | Write to `rag-output/` only |
---
## Data Flow Compliance
### Flow 1: Migration (ADR-017)
```
[Scanned PDF] → [OCR on Desktop] → [Ollama AI] → [JSON Output]
[DMS Backend API] → [Validation Layer] → [Audit Log]
[Staging Table: migration_review_queue]
[Human Review] → [Commit via Frontend] → [Permanent DB + Storage]
```
### Flow 2: RAG (OpenRAG)
```
[PDF Folder] → [OpenRAG on Desktop] → [JSON to rag-output/]
[n8n Poll JSON] → [DMS Backend API] → [Validation + Audit]
[Elasticsearch Index + MariaDB Metadata]
```
### Flow 3: Smart Categorization (ADR-017B)
```
[User Upload PDF] → [Temporary Storage]
[Queue Job] → [Ollama AI via API]
[Validation Layer] → [Suggestion to User]
[User Confirm] → [Final Category Assignment]
```
---
## Compliance Matrix
| Requirement | Implementation | Evidence |
|-------------|----------------|----------|
| **ISO 27001 A.9.4.1** | JWT + mTLS for AI Auth | Token logs in `audit_logs` |
| **ISO 27001 A.12.3.1** | IP Whitelist for AI Host | `192.168.x.x` only |
| **PDPA Data Minimization** | AI ไม่เก็บข้อมูลระยะยาว | Temporary processing only |
| **PDPA Security** | Physical Isolation + Encryption | TLS 1.3 for all API calls |
| **OWASP BOLA** | UUID for all identifiers | ADR-019 Compliance |
| **Zero Trust** | API-only communication | No direct DB/Storage access |
---
## Consequences
### Positive Consequences
1.**Security Hardened:** AI treated as untrusted component — all outputs validated
2.**Audit Trail Complete:** Every AI interaction logged with hash + timestamp
3.**Compliance Ready:** ISO 27001 + PDPA requirements met
4.**Operational Safety:** AI failures don't compromise Production Database
5.**Scalability:** Can add more AI services without security redesign
### Negative Consequences
1.**Complexity:** Need to maintain separate AI host + API contracts
2.**Latency:** Network round-trip between AI and Backend (LAN only, acceptable)
3.**Monitoring Overhead:** Need to monitor both QNAP and Desktop systems
4.**Token Management:** Service accounts for AI need rotation policy
### Mitigation Strategies
- **Health Check:** Ollama `/api/tags` + Backend `/health` monitoring every 60 seconds
- **Auto-Failover:** Switch to fallback model (mistral:7b) if primary model fails
- **Token Rotation:** Service account JWT rotated every 7 days
- **Network Redundancy:** อุปกรณ์สำรองสำหรับ Admin Desktop (เตรียมสำรอง)
---
## Security Checklist (Pre-Deployment)
### 🔴 Critical (Must Pass)
| Check | Command/Method | Expected Result |
|-------|---------------|-----------------|
| AI Host Isolation | `ping 192.168.1.100` from AI Host | Success (LAN only) |
| No DB Access from AI | `mysql -h qnap_ip -u root` from Desktop | **Connection Refused** |
| API Auth Required | `curl http://qnap:3001/api/ai/analyze` | 401 Unauthorized |
| Valid Token Works | `curl -H "Authorization: Bearer {valid}" ...` | 200 OK |
| Audit Log Written | `SELECT * FROM audit_logs WHERE source='AI_SERVICE'` | Records found |
### 🟡 Important (Should Pass)
| Check | Method | Expected Result |
|-------|--------|-----------------|
| TLS Enabled | `curl -v https://...` | TLS 1.3 handshake |
| IP Whitelist Active | Try from unauthorized IP | Blocked by Firewall |
| Token Expiration | Use expired JWT | 401 Token Expired |
| Idempotency Key | Replay same request | 200 OK (no duplicate write) |
---
## Related Documents
- [ADR-017: Ollama Data Migration Architecture](./ADR-017-ollama-data-migration.md) — Migration implementation following ADR-018
- [ADR-017B: AI Document Classification](./ADR-017B-ai-document-classification.md) — AI document classification use case
- [ADR-016: Security & Authentication](./ADR-016-security-authentication.md) — General security strategy
- [ADR-019: Hybrid Identifier Strategy](./ADR-019-hybrid-identifier-strategy.md) — UUID strategy for API security
- [03-07-OpenRAG.md](../03-Data-and-Storage/03-07-OpenRAG.md) — RAG architecture under ADR-018
- [03-05-n8n-migration-setup-guide.md](../03-Data-and-Storage/03-05-n8n-migration-setup-guide.md) — n8n setup with AI isolation
---
## ADR Review Cycle
### Review Classification
**Core ADR Status:** This ADR is classified as a **Core Security Policy** due to its fundamental impact on system security, compliance, and AI governance.
### Review Schedule
| Review Type | Frequency | Trigger | Scope |
|-------------|-----------|---------|-------|
| **Regular Review** | Every 6 months | Calendar-based | Security effectiveness, compliance status |
| **Major Version Review** | Every major version (v2.0.0, v3.0.0) | Version planning | Architecture relevance, new AI technologies |
| **Security Review** | Quarterly | Security audit | Threat model updates, vulnerability assessment |
| **Compliance Review** | Annually | Compliance audit | ISO 27001, PDPA requirements verification |
### Review Process
#### Phase 1: Preparation (1 week before review)
1. **Security Metrics Collection**
- AI service access logs and anomaly detection
- Authentication and authorization audit results
- Network segmentation and firewall rule effectiveness
- Audit log completeness and integrity verification
- Compliance framework updates (ISO 27001, PDPA)
2. **Stakeholder Notification**
- Security Team
- System Architect
- AI Integration Lead
- Compliance Officer
- DevOps Team
#### Phase 2: Review Meeting (2-hour session)
1. **Security Assessment**
- Review AI isolation effectiveness and any breach attempts
- Assess authentication and authorization mechanisms
- Evaluate audit logging completeness and accuracy
- Review network segmentation and firewall configurations
2. **Compliance Evaluation**
- Verify ISO 27001 and PDPA compliance status
- Review regulatory changes and impact requirements
- Assess audit trail completeness for compliance reporting
- Evaluate data privacy and retention policies
3. **Technology Assessment**
- Review AI technology stack currency and security patches
- Assess new AI security threats and mitigation strategies
- Evaluate monitoring and alerting effectiveness
- Review incident response procedures for AI security events
#### Phase 3: Decision & Documentation (1 week after review)
1. **Review Outcomes**
- **No Change:** Security policy remains effective and compliant
- **Update Required:** Adjust security controls or procedures
- **Enhancement:** Add new security measures for emerging threats
- **Urgent:** Immediate security updates required
2. **Documentation Updates**
- Update security controls and procedures
- Revise compliance documentation
- Update incident response playbooks
- Modify security guidelines and training materials
### Review Criteria
| Criterion | Question | Pass/Fail Threshold |
|-----------|----------|---------------------|
| **Security Effectiveness** | Are AI isolation controls preventing unauthorized access? | Pass: 0 incidents, Fail: Any breach |
| **Compliance Status** | Are all ISO 27001 and PDPA requirements met? | Pass: 100% compliant, Fail: Any gaps |
| **Audit Trail Completeness** | Are all AI interactions logged and traceable? | Pass: 100% coverage, Fail: <100% |
| **Authentication Integrity** | Are AI service authentication mechanisms robust? | Pass: No unauthorized access, Fail: Any incidents |
| **Network Isolation** | Are AI services properly segmented from production? | Pass: No lateral movement, Fail: Any cross-zone access |
| **Monitoring Effectiveness** | Are AI security events detected and alerted promptly? | Pass: <5min detection, Fail: >5min |
### Review History Template
```
## Review Cycle [YYYY-MM-DD]
**Review Type:** [Regular/Major Version/Security/Compliance]
**Reviewers:** [Names and roles]
**Duration:** [Meeting date]
### Findings
- [Key findings from security and compliance assessment]
### Issues Identified
- [Security gaps, compliance issues, or vulnerabilities discovered]
### Recommendations
- [Security enhancements, compliance improvements, or procedural changes]
### Outcome
- [No Change/Update Required/Enhancement/Urgent]
### Next Review Date
- [YYYY-MM-DD]
```
---
## Document History
| Version | Date | Author | Changes |
| ------- | ---------- | ------------ | -------------------------------------------------------- |
| 1.8.1 | 2026-03-27 | Security Lead| Initial ADR — AI Boundary Policy (Physical Isolation) |
| 1.8.2 | 2026-04-03 | Tech Lead | Updated — Aligned AI Model spec with ADR-017/017B |
| 1.8.3 | 2026-04-04 | System Architect | Enhanced — Added Impact Analysis template, ADR Review Cycle process, Gap Linking to requirements, and Version Dependency tracking |
---
**Last Updated:** 2026-04-04
**Status:** Accepted
**Next Review:** 2026-06-01 (Quarterly security review)
**Next 6-Month Review:** 2026-10-04 (regular review cycle)
Reference in New Issue View Git Blame Copy Permalink