Assurance Profiles: Choosing (or Customizing) Your Validation Grammar

Platform 9 min read

New here? ValidKeep governs regulated software with linked atomic files in Git and deterministic npx validkeep verify (no LLM in the audit path). Optional ysbuild helps author specs; verify is the impartial gate either way.

Start with the ecosystem map for the platform stack (assurance profile, landscape profile, CLI, ValidKeep Hub). Then read the atomic model ($D_x$, $R_x$, $C_x$, $L_x$) if notation like $C_x$ is unfamiliar. Operational Qualification (OQ) and Performance Qualification (PQ) are explained in their own articles.

One engine, many rigor packs. validkeep.yaml points at an assurance profile that defines allowed node types, trace edges, join semantics, and risk metadata. High Assurance is Yttrigen's atomic model ($D_x$ / $R_x$ / $C_x$ / $L_x$ with separated OQ and PQ loops); other profiles target different industries without forking ValidKeep core.

What a profile controls

Your repository's validkeep.yaml references a profile URL or path. The assurance YAML defines structural rules validkeep verify enforces:

# illustrative excerpt: High Assurance assurance profile
traceability_rules:
  orphan_policy: zero_orphan
  scopes:
    peer: [rx, cx, lx, oqts, pqts]
    children: [dx, bx]
    tree: [oqtest, pqtest, code]

Role codes such as rx and cx map to atomic files types; see ysbuild for the full inventory.

  • nodes: file types, parsers, required headings, risk tag fields
  • traceability_rules: allowed edges, orphan policy, scope keys (peer, children, tree)
  • active_ast_parsers and enforce flags: which structural checks run at verify time
  • rendered joins: how RS, FS, DS compile from atoms when auditors want CSV-shaped documents

High Assurance (featured)

Yttrigen's recommended profile for governed SaaS and internal tools:

Deep dive: Module architecture hub and technical reference.

Other profiles (comparison)

ProfileIndustry focusDistinctive rulesStatus
GAMP5 Life sciences CSV RS/FS boundaries, fs_risk on functional nodes Available
IEC 62304 SaMD Medical device software Hierarchical decomposition, hazard tracing Planned
SOC2 security Enterprise SaaS CR traceability, PII/RBAC obligation tags Planned
DO-178C Avionics Strictest orphan policy, MC/DC coverage hooks Planned
ISO 26262 Automotive HW/SW boundaries, sidecar ASIL metadata Planned

Landscape + assurance orthogonality

Landscape profiles (branches, ValidKeep Hub gates) and assurance profiles (atomic grammar) compose independently. An organization can run the High Assurance landscape with a GAMP5 assurance pack for a life-sciences subsidiary, or swap assurance profiles per repository while sharing one SDLC ladder.

Rendered views are compiler output

RS, FS, and DS are not authoring targets in High Assurance. They are joins over atomic files, identical in spirit to GAMP5-oriented profiles when those joins are defined. Edit atoms in Git; export binders when QA asks.


Where to go next