codokey /README.mdSOVEREIGN REFERENCE MODEL
+6 layers defined−0 undefined authority
AI Code Access Governance
The boundary
between code,
keys & authority
Software used to be governed by who wrote the code.
Now it must be governed by what the code can access.
Codokey is the sovereign reference model for defining the access boundary between AI agents, codebases, secrets, and production authority.
$ codokey reference-audit --example
Loading Codokey Protocol v1.0...
Scanning sample codebase — 847 files
✗ CRITICAL .env exposed to agent session scope
✗ CRITICAL No audit log for AI-generated PRs
⚠ REVIEW MCP server allow-list undefined
⚠ REVIEW Agent token scope: organization-wide
✓ PASS Secret scanning: enabled
✓ PASS Branch protection: configured
Governance Score: B — Partially Governed
Primary gap: Key Exposure layer (2 critical unresolved)
Next: Review secrets-boundary.diff →
$ ▌
The Governance Gap
Most AI coding workflows define what an agent can do after the agent is already inside the codebase.
That is the governance gap.
The boundary between what an agent can see, what it can modify, what secrets it may encounter, and what authority path it can move toward production — the agent authority surface — is often undefined.
Codokey exists to define that boundary before autonomy scales. See the full analysis in cost-of-inaction.
That is the governance gap.
The boundary between what an agent can see, what it can modify, what secrets it may encounter, and what authority path it can move toward production — the agent authority surface — is often undefined.
Codokey exists to define that boundary before autonomy scales. See the full analysis in cost-of-inaction.
codokey / docs /governance-model.diff
+3 definitions−3 assumptions
@@
@@ The governance question has changed — codokey/docs/governance-model.diff @@
1
−
const riskModel = "who wrote the code?"
1
+
const riskModel = "what can the code access, expose, change, and deploy?"
2
−
humanReview("code logic only") // post-facto governance
2
+
codokey.define({ origin: "AI", secrets: "bounded", agents: "scoped", deploy: "gated" })
3
+
// Governance is not the brake. It is the permission structure that lets agents move faster safely.
4
+
// You cannot govern what you cannot define. — The Codokey Charter
The Cost of Ungoverned AI Code
Every unscoped agent session creates governance debt.
@@
@@ ungoverned vs governed — preview · full analysis → @@
1
−
AI agent reads repository // scope: undefined — entire org accessible
2
−
.env file visible during agent session // production credentials in read context
1
+
Codokey defines access scope before agent execution // minimum-privilege by default
2
+
Secrets boundary excludes .env from agent read context // pre-session governance