WH WHPS TransformationAI SDLC Control Plane
AI SDLC implementation plan

Operate AI-assisted delivery with release-grade controls.

WHPS treats models, prompts, data sources, tools, agents, and releases as controlled assets. The delivery model can swap tools behind governance without changing release controls.

Inspect factory deep dive Review release evidence Security gates
AI SDLC operating model Policy to proof

Inventory

Every AI use case, model, prompt, dataset, tool, vendor, and owner is tracked.

Evaluate

Regression, red-team, privacy, grounding, prompt injection, and business outcome tests run before release.

Authorize

Agents use identity, scoped permissions, time-bound credentials, and logged tool calls.

Monitor

Runtime output, drift, cost, latency, data access, user overrides, and incidents feed change control.

AI-native organization model

Agile, agentic, and governed is the operating model, not a tool choice.

This WHPS page carries the AI SDLC framework inside the transformation site so the walkthrough stays cohesive, production-facing, and focused on the operating model.

Framework posture

Models and tools can change. The method stays enforced.

WHPS uses agentic capabilities to accelerate analysis, engineering, testing, documentation, operations, and evidence creation. The governance layer keeps authority bounded through risk tiers, scoped workspaces, model and tool gateways, architecture review, secure coding, AI evaluations, human approval, telemetry, rollback, and incident response.

Inspect factory deep dive Review release evidence
01 Define and strategize

Business value, feasibility, risk tier, data readiness, ROI, and initial accountability.

02 Decompose and plan

PRDs, functional specs, data lineage, Definition of Done, backlog, and compliance review.

03 Architect and design

Secure design, model path, RAG/data schema, human-in-the-loop, threat model, and UX flow.

04 Build and integrate

Agentic low-code/pro-code delivery, APIs, tests, integration stubs, and controlled workspaces.

05 Validate and secure

Security scans, red-team tests, hallucination checks, privacy review, bias checks, and pen-test evidence.

06 Deploy and release

Human approval, release packet, change record, smoke tests, rollback path, and production evidence.

07 Monitor and evolve

Telemetry, drift, cost, latency, incidents, feedback, model refresh, and continuous improvement.

WHPS AI SDLC Factory deep dive

An executive-ready operating model for secure AI-assisted delivery.

This is the documented method WHPS can reuse across portals, contact center expansion, reconciliation, prior authorization, and modernization work. The method is model-agnostic: tools can evolve while policy, evidence, security gates, and human authority stay consistent.

Model agnostic Evidence first Human governed Agent ready

Not just faster delivery. Controlled acceleration with a reusable evidence trail.

The factory turns a strategic idea into scoped work, architecture decisions, bounded agent runs, security checks, release evidence, and operating metrics. Agent-to-agent handoffs happen through controlled work orders, artifacts, gates, and handoff records.

7 Lifecycle gates
6 Agent handoff roles
1 Release packet contract
Controlled run Idea to release evidence
Gate enforced
Use case Regulated healthcare application change

Owner, data class, risk tier, architecture path, and release authority are declared before agent work begins.

01Define
02Decompose
03Architect
04Build
05Validate
06Deploy
07Monitor
Evidence generated

Risk decision, data-flow note, threat model, run manifest, diffs, tests, scans, AI evaluations, approvals, release ID, rollback path.

Human authority People keep decision rights.

Business, architecture, security, QA, compliance, and release owners approve the meaningful gates.

Agent composition Agents are scoped by role and handoff.

Product, architecture, build, security/test, evidence, and release roles exchange artifacts, not unmanaged authority.

Security by design Controls run before production movement.

SAST, dependency checks, secret scanning, vulnerability scanning, pen-test evidence, and AI evals sit inside the method.

Reusable platform The process extends to other teams.

The same delivery rails can support GroupLink, BrokerLink Portal, Contact Center AI, ReconLink, prior authorization, and modernization waves.

Demand Strategic idea enters as a governed request.

Value target, owner, data class, risk tier, users, success measure, and operational impact.

Policy orchestration Gate logic scopes the work before agents act.

Model gateway, tool gateway, identity boundary, workspace rules, architecture review, and approval depth.

WHPS AI SDLC Factory Define / Decompose / Architect / Build / Validate / Deploy / Monitor

Every handoff carries a clear output: decision, design, code, test, security result, evidence, or operating signal.

Agentic workspace Agents execute bounded work with traceability.

Run manifest, file scope, tool calls, tests, generated docs, security findings, and diff-based review.

Evidence and release Production movement requires proof.

Release packet, named approvals, rollback path, deployment ID, smoke test, telemetry, and revoke loop.

Agent composition

Agent-agent communication is structured through role contracts and evidence handoffs.

01 product Frames outcome and acceptance.

Input: strategy, constraints. Output: PRD, success criteria, risk prompt.

02 architecture Sets the service and control design.

Input: PRD. Output: data flow, API path, threat model, review record.

03 build Creates bounded implementation artifacts.

Input: work orders. Output: code, docs, tests, migration notes, run log.

04 security + test Runs deterministic and AI-specific checks.

Input: build. Output: static analysis, dependency review, secret scan, vulnerability scan, AI evaluation, and pen-test evidence.

05 evidence Assembles the audit-ready packet.

Input: approvals and results. Output: AI BOM, gate record, rollback, release manifest.

06 release authority Approves movement or sends it back.

Input: complete packet. Output: release decision, exception, remediation, or revoke action.

Security assurance

Security is a release condition, not a late-stage advisory step.

Gate Control focus Evidence produced
Intake

Risk tier, PHI/PII exposure, autonomy level, reversibility, and production impact.

Use-case record, data classification, owner, approval depth, and decision log.

Architecture

Architecture review board path, data flow, threat model, service boundaries, and human oversight.

Architecture note, threat model, control mapping, exception record, and review outcome.

Build

SAST, dependency review, secret scanning, secure coding, schema validation, and tool permissions.

Scan results, resolved findings, pull request review, test evidence, and workspace run manifest.

Validate

Vulnerability scanning, AI evaluations, prompt-injection checks, privacy tests, and pen-test evidence.

Evaluation report, vulnerability report, internal or external penetration-test findings, and remediation proof.

Release

CISO/security review path when required, QA acceptance, product approval, CAB/change record, and rollback readiness.

Named approvals, release packet, deployment ID, smoke test, rollback plan, and support handoff.

Operate

Runtime telemetry, drift, incident response, tool/model revocation, credential rotation, and re-evaluation triggers.

SLO dashboard, override rate, incident record, revoke log, corrective actions, and refreshed evidence packet.

Security AI SDLC review overlay

Thirteen security and compliance gates sit on top of AI-assisted delivery.

Agentic delivery can accelerate build, validation, and evidence collection, but movement stays governed by application classification, architecture and threat review, secure build controls, runtime testing, external validation, identity, privacy, monitoring, incident readiness, and final risk acceptance.

01-04 Intake and design assurance

Classify application risk, review data flows, identify threats, and validate secure design before build momentum.

05-08 Build and runtime security

Run static, dependency, infrastructure, dynamic, API, and penetration testing before production movement.

09-12 Access, data, and operations

Validate IAM, encryption, privacy, logging, monitoring, and incident readiness as operating controls.

13 Final risk acceptance

Document residual risk, exceptions, owners, severity, and the release or remediation decision.

01 Initiation

Intake and classification for PII/PHI, business criticality, owner, and approval depth.

Deliverable: intake form and risk classification.
02 Architecture review

Architecture, data flows, trust boundaries, integration paths, and external exposure points.

Deliverable: architecture risk assessment.
03 Threat modeling

Threat identification using STRIDE and MITRE ATT&CK mapping for the application surface.

Deliverable: threat model document.
04 Secure design validation

Control alignment against OWASP ASVS, NIST, HIPAA, and application-specific design standards.

Deliverable: design compliance checklist.
05 Code and build security

Static scans, dependency review, secret detection, and secure build evidence before release packaging.

Deliverable: SAST, SCA, and vulnerability reports.
06 Infrastructure security

Cloud and platform configuration, CIS benchmark posture, firewall rules, and hardening evidence.

Deliverable: configuration audit report.
07 Dynamic testing

Runtime scans, API fuzzing, authentication validation, and route behavior verification.

Deliverable: DAST and API test results.
08 Penetration testing

Independent validation of business logic, attack paths, escalation attempts, and advanced scenarios.

Deliverable: penetration test report.
09 Identity and access review

SSO, MFA, role-based access, token handling, credential boundaries, and access evidence.

Deliverable: IAM compliance report.
10 Data protection review

Encryption in transit and at rest, tokenization, masking, privacy controls, and data handling posture.

Deliverable: data protection checklist.
11 Logging and monitoring

Audit logs, SIEM readiness, alert use cases, detection signals, and operational telemetry.

Deliverable: logging validation report.
12 Incident response readiness

Application-specific playbooks, escalation path, containment plan, and recovery responsibilities.

Deliverable: incident response readiness checklist.
13 Final risk assessment

Open risks, severity, exceptions, accountable owners, remediation path, and release decision.

Deliverable: risk register.
Artifacts and documentation

Reviewers can follow the strategy claim into the proof record.

These artifacts demonstrate that the AI SDLC is documented, governed, security-aware, and tied to release evidence. The external reference links are supporting context; the controlled WHPS method record is this site.

AI SDLC Release packet checklist

Typed evidence required for low-code, pro-code, RAG, model, tool, agent, and migration changes.

 Governance Tool and model registry

Approved, restricted, deprecated, and revoked tool/model posture with usage boundaries.

 Governance Policy crosswalk

Controls, procedures, required evidence, review cadence, and accountable owners.

 BrokerLink Portal Security architecture overview

Downloadable security architecture artifact for the regulated portal proof lane.

 BrokerLink Portal Controls and evidence matrix

Control areas, proof artifacts, ownership, cadence, and testing evidence expectations.

 BrokerLink Portal Testing and release checklist

Scan, test, remediation, release, and audit-readiness evidence checklist.

 Reference AISDLC visual reference

Supporting historical visual reference. The current WHPS method record remains this page.

 Archive WHPS-SDLC source archive

Earlier reference implementation retained as source context, not the current production methodology.
NIST AI RMF Govern, map, measure, manage.

AI risk management posture for trustworthy AI design, deployment, and monitoring.

NIST SSDF Secure software practices inside the SDLC.

Secure development controls integrated into each delivery path and release packet.

OWASP GenAI LLM and agentic threat awareness.

Prompt injection, insecure output handling, excessive agency, tool misuse, and agent governance risks.

WHPS AI SDLC Factory

A documented methodology for low-code, pro-code, and multi-agent delivery.

The framework does not depend on a single vendor model or named coding tool. It standardizes how WHPS accepts work, decomposes it, selects a model path, scopes agent authority, validates output, and produces evidence for release.

01 intake Use case and product lane

ServiceLink, BrokerLink, GroupLink, Contact Center AI, migration wave, or platform foundation.

02 classify Risk tier and data boundary

Autonomy, PHI/PII exposure, EDE impact, reversibility, customer impact, and approval depth.

03 select Model and agent roster

Route through the WHPS model gateway using quality, security, latency, cost, context, and data policy.

04 build Low-code plus pro-code execution

Generate workflow shells, APIs, tests, documentation, diagrams, and integration stubs in scoped workspaces.

05 prove CI, security, and AI eval gates

Run unit, integration, accessibility, SAST, dependency, grounding, privacy, prompt-injection, and parity tests.

06 operate Release, monitor, revoke

Deploy only with approvals, AI BOM, rollback plan, telemetry, drift checks, and kill-switch path.

Release packet procedure

Every AI-assisted change ships with a typed evidence packet, not an informal tool transcript.

The delivery framework is intentionally tool-agnostic. WHPS controls the artifact, authority boundary, evidence, approval, rollback, and monitoring requirements. The model, automation runner, or development workspace can change without changing the release procedure.

Change / release type Required packet contents Blocked until Runtime evidence
Low-code workflow or automation Use-case ID, owner, data classes, workflow diagram, permission map, test scenarios, exception path, runbook. Business owner, security, QA, and operations approve trigger, data scope, and rollback. Execution log, user/action trace, error queue, control totals, incident path.
Pro-code app, API, or portal feature Requirement trace, architecture note, API/schema contract, tests, SAST/dependency scan, accessibility check, deployment plan. Code review, security scan, test suite, product acceptance, and rollback proof pass. Deployment ID, smoke test, logs, SLO dashboard, support handoff.
RAG or knowledge-source change Source owner, data classification, freshness date, citation policy, retrieval thresholds, redaction rules, golden Q/A set. Grounding eval, prompt-injection test, stale-source check, PHI redaction, and citation sampling pass. Retrieval trace, source IDs, citation score, unresolved knowledge gaps, QA review.
Model, prompt, tool, or agent-policy change Registry ID, reason for change, baseline eval, substitution test, allowed actions, tool schemas, revocation plan, AI BOM update. Risk tier, eval deltas, privacy/security review, human approval, and rollback plan are complete. Model/tool gateway trace, drift monitor, override rate, cost/latency, incident trigger.
Mainframe migration wave automation Wave ID, source artifacts, dependency graph, data map, batch calendar, replay plan, parity thresholds, decommission condition. Source completeness, contract tests, data checksums, EDI/file replay, operations runbook, and rollback owner are approved. Parallel-run result, variance report, cutover log, consumer-zero evidence, retired jobs/feeds/licenses.
Authority boundary AI-assisted teams may do Human authority retains Evidence required
Drafting and analysis Draft requirements, diagrams, test cases, code, runbooks, risk summaries, and comparison matrices. Approve business intent, scope, priorities, risk acceptance, and final narrative. Source links, assumptions, diff, review notes, and owner signoff.
Execution Run allowed tasks in scoped workspaces with logged commands, generated artifacts, tests, and traceable outputs. Authorize production access, privileged changes, destructive actions, customer-facing releases, and regulatory submissions. Run manifest, permission scope, logs, scans, tests, and release packet.
Operations Monitor telemetry, detect anomalies, open remediation tasks, draft incident summaries, and recommend rollback. Declare incidents, approve rollback/cutover, notify regulators or partners, and close POA&M items. Correlation IDs, incident record, decision log, corrective actions, and closure evidence.
Selected AI SDLC diagram set

Use three presentation-ready views: operating flow, control plane, and release evidence sequence.

The visible diagram set is intentionally curated. It gives leadership a clean progression while still giving architects and engineers enough detail to inspect policy, agents, tools, evals, evidence, release gates, and runtime revoke loops.

View 01

AI SDLC Operating Flow

Explains the delivery lifecycle: define, decompose, architect, build, validate, deploy, monitor, and revoke.

  • Best for orientation, operating model, and delivery governance.
  • Shows agent roster, controlled workspace, registry, eval gate, and runtime control.
View operating flow
View 02

Agentic Control Plane

Shows the technical boundary between human demand, policy orchestration, agent workspace, CI/evals, evidence, and release operations.

  • Best for architecture, security, engineering, and platform review.
  • Names the gates engineers need to build and auditors need to inspect.
Inspect control plane
View 03

Release Evidence Sequence

Tracks model, prompt, agent, or tool change from scoped task through policy, CI/evals, evidence, approval, remediation, and release.

  • Best for showing how the method prevents unmanaged AI change.
  • Retains an explicit fail path back to remediation and re-test.
Review release sequence
Supplemental archive Notation-heavy L0/L1/L2/L3 views are kept as engineering references, not presentation diagrams.
L0 context

Program strategy entering the AI control plane and producing evidence packets for operating review.

L1 system

Human decisions, policy controls, agent workspace, delivery systems, runtime operations, and incident loop.

L2 workflow

Request-to-release sequence with policy classification, sandbox execution, CI/evals, evidence, release, and remediation.

L3 gate logic

State-machine logic for risk tiering, design approval, build, eval, release review, deploy, monitor, change, and retirement.

AISDLC agentic workflow

Define, decompose, architect, build, validate, deploy, and monitor with evidence at every handoff.

This turns the AISDLC lifecycle into an implementable operating flow. Agent work is useful only when each run has scope, identity, a controlled workspace, approved tools, evals, human gates, runtime telemetry, and a revocation path.

AISDLC agentic workflow and control architecture Lifecycle stages, specialized agents, registries, evals, evidence, and runtime revoke loop in one engineering view. 1. Define Outcome, users, data, owner, risk tier. 2. Decompose Epics, tasks, tests, agent work orders. 3. Architect Data flow, threat model, tool permissions. 4. Build Repo work, tests, docs, agent trace. 5. Validate CI, evals, red team, policy score. 6. Deploy Approvals, release, rollback plan. 7. Monitor Drift, incidents, cost, feedback loop. Agent roster PM/BA requirements sim Dev scaffold, debug QA test generation PMO impact forecast Controlled workspace Scoped run manifest Files, tools, data, egress, secrets. Workspace snapshot Commands, diffs, prompts, outputs. Registry and eval gate Models approved Prompts versioned Tools allowlisted AI BOM provenance Runtime control Telemetry quality, drift, cost Revoke tool, model, token Evidence chain: AI inventory, risk tier, data-flow diagram, agent run log, test output, eval report, AI BOM, approval record, deployment ID, incident record. runtime incident or drift freezes the agent/tool/model, preserves evidence, updates evals and policy, then restarts at risk tiering
Level 3 agentic delivery
  • Agents plan and execute bounded work instead of only pairing with a developer.
  • Human ownership remains attached to product, architecture, security, QA, and release decisions.
Registry triad
  • Model, prompt, tool, MCP, dataset, vector index, and agent definitions are versioned.
  • Statuses include approved, restricted, deprecated, and revoked.
Eval harness
  • Golden datasets, trace replay, adversarial prompts, tool misuse checks, and regression thresholds.
  • Failed gates block release and create remediation work.
Incident and revoke loop
  • Freeze agent, revoke credentials, isolate workspace, preserve evidence, and roll back release.
  • Update risk tier, policy, eval suite, and AI BOM before re-entry.
Deep architecture diagram

AI SDLC control plane with agents, tools, evals, evidence, and runtime feedback.

This is the actual engineering model: human requests enter through portfolio intake, policy controls scope agent execution, tool access runs through a gateway, and production movement requires evidence and named approvals.

Agentic SDLC control plane A production path where agents can assist delivery, but policy, evidence, and human gates control release. Human demand Portfolio intake Sponsor, value target, users, acceptance criteria Product request Risk appetite, workflow, data sensitivity, owner Engineer task Repo scope, constraints, tests, review path Risk tier Autonomy, data exposure, external action impact Policy and orchestration Agent orchestrator Plans tasks, assigns agents, collects evidence, stops on policy fail. Policy Risk rules, allowed tools Identity Agent IAM, delegation log Tool gateway Schema validation, allowlists, secrets boundary, tool-call recording. Engineering workspace Repo Change record, commit diff Sandbox Files, tests, local tools CI/CD Build, unit, SAST, deps AI evals Grounding, red-team, drift Evidence store Prompt, model, tool calls, reviews, tests, approvals, deployment, rollback record. Release and operations Release gate Architecture, security, QA, compliance, CAB Deployment Signed artifact, config, rollback and smoke tests Runtime telemetry SLOs, incidents, drift, cost, override, access Change trigger Re-eval or revoke runtime incidents, model drift, new risk tier, or tool change loop back into intake and architecture review
AI release sequence flow A model, prompt, agent, or tool change moves only when every evidence lane resolves. 01 scope Delivery task Use case, owner, repo boundary, data, acceptance criteria. 02 classify Policy decision Autonomy, PHI/PII, tool scope, impact, approval depth. 03 execute Agent workspace Branch, manifest, tool calls, tests, diff and trace. 04 prove CI and AI evals Build, SAST, deps, grounding, privacy, red-team checks. 05 package Evidence packet AI BOM, evals, approval trace, rollback plan. 06 release Named gate Architecture, security, QA, compliance. Evidence spine Task scope, policy result, workspace snapshot, test/eval output, AI BOM, approvals, release ID, rollback path. The evidence packet is the release contract. Missing evidence stops movement until the failed control is remediated and re-run. Fail path Remediate control failure, update residual risk, rerun CI/evals, regenerate evidence, and resubmit to the named release gate.
Lifecycle

Eight stages from AI intake to retirement.

The lifecycle turns governance into artifacts that engineering teams can produce and auditors can inspect.

Stage WHPS message Required evidence
Intake and risk tiering Classify use case, data sensitivity, autonomy, external impact, and oversight model. AI inventory record, owner, intended use, prohibited use, human oversight.
Architecture and threat modeling Design model, data, RAG, tools, permissions, fail-safe paths, and abuse cases. Threat model, data-flow diagram, agent/tool permission map, kill-switch design.
Data and model supply chain Govern datasets, embeddings, model vendors, prompts, skills, and third-party components. Dataset lineage, model card, vendor review, AI BOM, provenance checks.
Build and agentic delivery Agents operate in scoped workspaces with tests, trace logs, and human review points. Agent task log, code review, tests, tool-call traces, branch and change record.
Evaluation and red teaming Test correctness, abuse, privacy leakage, prompt injection, tool misuse, drift, and business impact. Eval suite, adversarial results, residual risk decision, mitigation plan.
Secure release gate Ship only when model, prompt, agent, data, and application controls pass policy. Release checklist, approval record, rollback plan, monitoring plan.
Runtime governance Monitor outputs, tool actions, access, cost, latency, drift, incidents, and user feedback. Telemetry, audit logs, drift report, access review, incident records.
Change and retirement Reassess when models, prompts, tools, data, or context change. Decommission safely. Change ticket, re-eval result, updated risk tier, decommission plan.
Secure AI release gate

Every model, prompt, tool, and agent change passes through evidence checks.

Release is treated like a controlled software supply-chain event, not a slide approval or informal review.

Change Model, prompt, agent, or tool

Versioned request tied to owner, use case, environment, and risk tier.

Registry Artifact and AI BOM

Store model, prompt, dataset, tool, dependency, vendor, and configuration metadata.

Evaluate Regression and adversarial tests

Run factuality, grounding, injection, jailbreak, privacy, and business rule checks.

Secure Access and tool validation

Validate least privilege, schema constraints, secrets, dependencies, and unsafe output handling.

Approve Named human gate

Record architecture, security, product, compliance, QA, and business signoff.

Operate Monitor and revoke

Deploy with telemetry, alerts, rollback, kill switch, incident path, and re-evaluation trigger.

Control coverage

Engineer-readable AI governance controls.

These controls are intentionally concrete so delivery teams know what to implement, test, and produce as evidence.

Agent identity and tools
  • Distinct agent identities
  • Scoped authorization
  • Tool allowlists
  • Tool-call logging
Prompt and RAG security
  • Prompt injection tests
  • Source trust scoring
  • Context isolation
  • Secrets filtering
Evaluation harness
  • Regression suites
  • Adversarial prompts
  • Privacy leakage tests
  • Business KPI checks
Incident response
  • Kill switch
  • Prompt/model revocation
  • Credential rotation
  • Post-incident re-eval
Sources

Governance and delivery references.

Grounded in tool-agnostic AI risk management, secure software development, secure AI system guidance, LLM application security, AI BOM practices, and software delivery measures.

NIST AI RMF NIST Generative AI Profile NIST SSDF SP 800-218 OWASP LLM Top 10 OWASP agentic AI threats CycloneDX ML-BOM DORA software delivery metrics