Back to Details

enterprise-brand-governor

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Enterprise Brand Governor

企业品牌管控器

Policy-as-code for AI-generated imagery. Every prompt is pre-validated against 
brand.md
, every output is post-checked, violations escalate to a human approver, and every decision is logged. Built for regulated industries and any enterprise where an off-brand asset in production is a material risk.
针对AI生成图像的策略即代码方案。每一条提示词都会预先与
brand.md
进行合规校验,每一份输出结果都会进行事后检查,违规内容会提交给人工审批,且每一项决策都会被记录。专为受监管行业以及任何将不合规品牌资产投入生产视为重大风险的企业打造。

When to Use

适用场景

  • Multiple teams (marketing, product, sales, agency partners) generating on the same brand system
  • Regulated industries (pharma, finance, alcohol, kids) where imagery has legal constraints
  • Brand-safety SLA — zero tolerance for competitor logos, restricted props, or off-palette output reaching production
  • Agency handoff — external vendor generating on your brand, you need a gate you control
  • Pre-production review cycle needs automation; humans only review escalations
Do not use for: quick exploration / mood-board work (gating slows ideation), or accounts without a written brand system yet (build 
brand.md
first).
  • 多个团队(营销、产品、销售、代理合作伙伴)基于同一品牌体系生成内容
  • 受监管行业(制药、金融、酒类、儿童相关),其图像内容存在法律约束
  • 品牌安全服务水平协议——绝不允许竞品标识、受限道具或不符合品牌调色板的输出内容进入生产环节
  • 代理交接——外部供应商基于你的品牌生成内容,你需要可控的管控机制
  • 预生产审核流程需要自动化;仅在出现违规时才需要人工审核
请勿用于:快速探索/情绪板制作(管控会减缓创意构思),或尚未建立书面品牌体系的账户(请先创建
brand.md
)。

Prerequisites

前置条件

Before rolling the governor across teams:
  1. Brand system location — path / repo / URL for 
    brand.md
    . Who owns it? What's the change-control process?
  2. Policy strictness — reject (halt), flag (log + allow), or tier by asset destination (production = reject, internal = flag)?
  3. Approval chain — who reviews flagged items? What's the SLA for escalation turnaround (1h, 24h, 3 business days)?
  4. Logging destination — local 
    ~/.gen-ai/audit/
    , S3 bucket, or ship to SIEM (Splunk, Datadog)?
  5. Compliance constraints — GDPR / HIPAA / COPPA / financial-services rules that must be encoded in 
    brand.md
    ?
  6. Rollback plan — if the governor blocks a legitimate launch, who has override authority and how is that logged?
在向各团队推广该管控器之前:
  1. 品牌体系位置——
    brand.md
    的路径/代码库/URL。谁拥有它?变更控制流程是什么?
  2. 策略严格程度——拒绝(终止)、标记(记录+允许),还是根据资产用途分层管控(生产环境=拒绝,内部环境=标记)?
  3. 审批链——谁审核标记的内容?违规上报的服务水平协议(SLA)是多久(1小时、24小时、3个工作日)?
  4. 日志存储位置——本地
    ~/.gen-ai/audit/
    、S3存储桶,还是发送到SIEM(Splunk、Datadog)?
  5. 合规约束——是否必须在
    brand.md
    中编码GDPR/HIPAA/COPPA/金融服务规则?
  6. 回滚计划——如果管控器阻止了合法的发布,谁拥有override权限,且该操作如何记录?

How to Run

运行流程

The governor runs at three checkpoints: prompt, generation, output.
  1. Author 
    brand.md
     — palette, typography, allowed/denied props, imagery style, voice, regulated-category rules. Versioned in git. Commit SHA is the policy ID.
  2. Pre-flight (prompt lint)
    gen-ai validate
    against the prompt before spending credits. Catches banned terms, disallowed concepts, missing required elements (e.g., disclaimer placement).
  3. Brand-context generation — every 
    gen-ai generate
    and 
    gen-ai batch run
    prompt includes the relevant 
    brand.md
    constraints. Review violations during QA.
  4. Post-flight (output check) — for critical assets, a second-pass model (
    gemini-3-pro-image
    or vision check) verifies the output matches policy. Palette sampling, logo presence detection, prop allow-list.
  5. Escalation — any 
    violation
    status routes to the approver queue. Humans review, approve or reject, decision is logged against the audit ID.
  6. Audit export — daily / weekly export of all decisions to the configured SIEM or compliance archive.
管控器在三个检查点运行:提示词、生成、输出。
  1. 编写
    brand.md
    ——包含调色板、排版、允许/禁用道具、图像风格、语气、监管类别规则。在Git中进行版本控制。提交SHA即为策略ID。
  2. 预校验(提示词检查)——在消耗信用点数前,使用
    gen-ai validate
    对提示词进行校验。捕获禁用术语、不允许的概念、缺失的必填元素(例如免责声明位置)。
  3. 品牌上下文生成——每一次
    gen-ai generate
    gen-ai batch run
    的提示词都会包含相关的
    brand.md
    约束。在QA环节检查违规情况。
  4. 后校验(输出检查)——对于关键资产,使用二次校验模型(
    gemini-3-pro-image
    或视觉检查)验证输出是否符合策略。包括调色板采样、标识存在检测、道具白名单校验。
  5. 违规上报——任何状态为
    violation
    的内容都会进入审批队列。人工审核,批准或拒绝,决策会关联审计ID进行记录。
  6. 审计导出——每日/每周将所有决策导出到配置的SIEM或合规存档。

Quick Reference

快速参考

The governor adds policy metadata to every job record.
json
{
  "defaults": {
    "model": "flux-2-pro"
  },
  "metadata": {
    "policy_id": "brand.md@sha:a4f1c9",
    "policy_version": "2.3.0",
    "policy_mode": "reject",
    "approver": "brand-governance@company.com",
    "escalation_channel": "#brand-review",
    "audit_id": "GOV-2026-04-CAMPAIGN-LAUNCH",
    "compliance_tags": ["GDPR", "US-FTC-native-ad"],
    "data_residency": "eu-west-1"
  },
  "jobs": [
    {
      "id": "launch-hero-001",
      "prompt": "Production launch hero. Editorial hero, team of four diverse professionals collaborating, modern office, natural light, brand palette. Apply brand.md constraints and require legal review before publishing."
    }
  ]
}
Record policy decisions in the downstream audit ledger: 
approved
, 
flagged
, or 
rejected
with the reason.
管控器会为每个任务记录添加策略元数据。
json
{
  "defaults": {
    "model": "flux-2-pro"
  },
  "metadata": {
    "policy_id": "brand.md@sha:a4f1c9",
    "policy_version": "2.3.0",
    "policy_mode": "reject",
    "approver": "brand-governance@company.com",
    "escalation_channel": "#brand-review",
    "audit_id": "GOV-2026-04-CAMPAIGN-LAUNCH",
    "compliance_tags": ["GDPR", "US-FTC-native-ad"],
    "data_residency": "eu-west-1"
  },
  "jobs": [
    {
      "id": "launch-hero-001",
      "prompt": "Production launch hero. Editorial hero, team of four diverse professionals collaborating, modern office, natural light, brand palette. Apply brand.md constraints and require legal review before publishing."
    }
  ]
}
在下游审计ledger中记录策略决策:
approved
flagged
rejected
并附带原因。

Quick Reference

快速参考

Sub-taskModelNotes
Prompt compliance check
gpt-image-1.5
/ text reasoner		Cheap pre-flight before image spend
Primary generation (brand-safe)
flux-2-pro
Strong prompt adherence, commercial-safe
Primary generation (product accuracy)
flux-kontext-pro
Edit-mode when subject must be preserved
Post-generation vision audit
gemini-3-pro-image
Strong scene understanding for policy checks
Upscale approved outputs only
topaz-upscale-image
Never upscale before approval — wastes credits
Confirm commercial-use status per provider with 
gen-ai models info <id>
. Pharma and financial services should maintain a short allow-list of pre-cleared models.
子任务模型说明
提示词合规检查
gpt-image-1.5
/ 文本推理器		在生成图像前进行低成本预校验
主生成(品牌合规)
flux-2-pro
严格遵循提示词,符合商业合规要求
主生成(产品准确性)
flux-kontext-pro
当必须保留主体内容时使用编辑模式
生成后视觉审计
gemini-3-pro-image
具备强大的场景理解能力,用于策略检查
仅upscale已批准的输出
topaz-upscale-image
绝不在批准前进行upscale——会浪费信用点数
通过
gen-ai models info <id>
确认供应商的商业使用许可状态。制药和金融服务行业应维护一份预先审核通过的模型白名单。

Procedure

操作流程

  • Treat 
    brand.md
    as code.     Versioned, reviewed, signed. The file's commit SHA is the policy ID in every audit record.
  • Always pin the model version. Policy interpretation changes when models change. Pair with 
    enterprise-pinned-registry
    .
  • Pre-flight before spend. 
    gen-ai validate
    catches 80% of violations for $0.
  • Human-in-the-loop on rejects. A reject is a business decision, not a tool decision. Route to the approver.
  • Default to reject, not flag. Flag mode is for drafts only; production must reject.
  • Log everything. Every prompt, every decision, every override. No silent approvals.
  • Rotate the audit log. Daily JSONL, shipped off the dev machine. Local logs disappear; SIEM doesn't.
  • Test the governor with adversarial prompts. Red-team your own policy quarterly — does it actually catch competitor logos, prohibited claims?
  • Document the override path. There will be legitimate exceptions. Make the override visible, logged, and time-boxed.
  • brand.md
    视为代码    。进行版本控制、审核、签名。文件的提交SHA即为每条审计记录中的策略ID。
  • 始终固定模型版本。模型更新会导致策略解读发生变化。搭配
    enterprise-pinned-registry
    使用。
  • 生成前进行预校验
    gen-ai validate
    可免费捕获80%的违规情况。
  • 拒绝内容需人工介入。拒绝是业务决策,而非工具决策。提交给审批人处理。
  • 默认设置为拒绝,而非标记。标记模式仅适用于草稿;生产环境必须设置为拒绝。
  • 记录所有操作。每一条提示词、每一项决策、每一次override操作。禁止静默批准。
  • 轮换审计日志。每日生成JSONL文件,从开发机器导出。本地日志会丢失;SIEM不会。
  • 使用对抗性提示词测试管控器。每季度对自身策略进行红队测试——它是否真的能捕获竞品标识、禁止性声明?
  • 记录override路径。必然会存在合法例外情况。让override操作可见、可记录且有时间限制。

Pitfalls

常见陷阱

  • brand.md
    too vague     — "use the brand palette" is not enforceable. Hex codes, prop allow-lists, explicit denies.
  • No override path — legitimate exceptions get bypassed outside the system, breaking the audit. Build the override in.
  • Logs only local — dev machines die. Ship to SIEM or a durable archive from day one.
  • Flag-mode in production — "we'll review later" never happens. Default reject.
  • Unaudited model swaps — someone swaps 
    flux-2-pro
    for a new model mid-campaign and policy interpretation changes. Pin.
  • Missing post-check on hero assets — prompt passed, output didn't. For production heroes, always run the vision audit.
  • brand.md
    过于模糊    ——“使用品牌调色板”无法强制执行。需明确十六进制代码、道具白名单、明确的禁用项。
  • 无override路径——合法例外会绕过系统,破坏审计记录。需内置override机制。
  • 仅本地存储日志——开发机器可能损坏。从第一天起就将日志发送到SIEM或持久化存档。
  • 生产环境使用标记模式——“稍后审核”永远不会实现。默认设置为拒绝。
  • 未审计的模型替换——有人在活动中途将
    flux-2-pro
    替换为新模型,导致策略解读发生变化。请固定模型版本。
  • 核心资产缺失后校验——提示词通过校验,但输出不符合要求。对于生产核心资产,始终运行视觉审计。

Verification

验证

Run 
gen-ai whoami
to confirm authentication, then re-run the failed command with 
--debug
.
运行
gen-ai whoami
确认身份验证,然后添加
--debug
参数重新运行失败的命令。

Commands

命令

bash
undefined
bash
undefined

Pre-flight validate a prompt before spending credits

消耗信用点数前预校验提示词

gen-ai validate --model flux-2-pro --file prompt.json
gen-ai validate --model flux-2-pro --file prompt.json

Gated single generation

受管控的单次生成

gen-ai generate --model flux-2-pro --prompt "$PROMPT"
--save-to-drive --drive-folder "Gated-Output"
gen-ai generate --model flux-2-pro --prompt "$PROMPT"
--save-to-drive --drive-folder "Gated-Output"

Gated batch with retry on transient failures only (not violations)

受管控的批量生成,仅在临时故障时重试(不针对违规情况)

gen-ai batch run campaign.json
--concurrency 4 --output ./runs/campaign-2026-04
gen-ai batch run campaign.json
--concurrency 4 --output ./runs/campaign-2026-04

Flag mode — for internal / draft contexts

标记模式——适用于内部/草稿场景

gen-ai batch run drafts.json
--output ./runs/drafts-2026-04

---
gen-ai batch run drafts.json
--output ./runs/drafts-2026-04

---

Cost & time

成本与时间

Governance overhead is tiny relative to generation. Pre-flight + post-check adds ~10–15% to credit cost on critical assets, ~0% on non-critical.
ScenarioGovernance overhead
Single gated generate+0 credits (policy passed in-call)
Single gen + vision audit+1–2 credits
Batch of 100, pre-flight only+~5 credits (text reasoner)
Batch of 1,000, full pipeline+~50 credits + 1 approver hour
Quarterly red-team audit~1 engineer-day + ~200 credits
Violations rejected = credits saved. A single blocked off-brand production asset typically saves multiples of the governor's overhead.
相对于生成任务,管控的额外开销极小。预校验+后校验会使核心资产的信用点数成本增加约10–15%,非核心资产则约为0%。
场景管控额外开销
单次受管控生成+0信用点数(策略在调用中通过)
单次生成+视觉审计+1–2信用点数
100份批量生成,仅预校验+~5信用点数(文本推理器)
1000份批量生成,全流程+~50信用点数 + 1小时审批时间
季度红队审计~1个工程师工作日 + ~200信用点数
拒绝违规内容=节省信用点数。阻止一份不合规的生产核心资产通常能节省数倍于管控器的额外开销。

See also

相关链接

  • enterprise-pinned-registry — pin model versions so policy interpretation stays stable
  • product-photo-studio — brand-gated catalog pipeline (reshoot mode)
  • enterprise-press-batch — brand-gated PR pipeline with embargo handling
  • gen-ai-use — CLI reference
  • enterprise-pinned-registry —— 固定模型版本,确保策略解读保持稳定
  • product-photo-studio —— 受品牌管控的目录流水线(重拍模式)
  • enterprise-press-batch —— 受品牌管控的PR流水线,包含embargo处理
  • gen-ai-use —— CLI参考