Universities are drowning in AI-built tools. Faculty spin up chatbots; students ship dashboards with FERPA data; departments deploy scripts that talk to third-party APIs with no DPA. Nobody knows what's running, what data it touches, or who's responsible when it breaks.

Traditional IT governance doesn't fit: a faculty member's internal grading helper shouldn't require the same review as a student-facing AI that handles HIPAA data. But ignoring it isn't an option either.

AIF is proportional governance. Low-risk tools register and go. High-risk tools get formal review. Everything in between gets exactly the scrutiny its risk profile demands — scored automatically, analyzed by five independent AI models, and documented for compliance.

How it works

Submit a tool → score 7 dimensions → route to a track → run 5-model pipeline → review.

  1. Intake — 21-question form: what the tool does, who uses it, what data it touches, how it authenticates, whether users know it's AI.
  2. Scoring — 7 weighted dimensions (security, accessibility, data sensitivity, blast radius, autonomy, comprehension, maintenance). Each scored 0–3, weighted by artifact type (public site, internal app, AI agent, data pipeline, etc.), producing a risk percentage.
  3. Track routing<22% auto-registers; 22–42% self-certifies; 42–65% gets IT review; ≥65% becomes a formal project. Seven escalation conditions (HIPAA, FERPA exposure, non-SSO auth, etc.) force the top track regardless of score.
  4. Agent pipeline — five independent AI models (GPT-5.4, MiniMax M2.5, MiMo-V2-Flash, Kimi K2, GLM-5) analyze the codebase using the same prompt. Deterministic tools (Semgrep, ESLint, npm audit, Snyk) run in parallel. Anthropic Opus synthesizes with filesystem access for dispute resolution.
  5. Review — Track 1 auto-activates. Track 2 lets builders self-certify. Tracks 3–4 require reviewer approval. All decisions are audit-logged.
  • AIF demo for the entire pipeline
  • intake — 21 questions, live-scored on the right
  • tool registry — tracks, status, assigned agents
  • review in progress — four agents running
  • code review — findings, severity, file tree
  • how your code gets reviewed — the pipeline, drawn

Confidence tiers in output

TierSourceMeaning
Tool-verifiedSemgrep, ESLint, npm auditDeterministic scanner with a known rule match
Confirmed3+ models agreeIndependent convergence — high confidence
Potential1–2 models flaggedNeeds human review

Four agents

  • Code & Security — 10-section security rubric, SAST scanning, stack-specific deep dive.
  • Accessibility — WCAG 2.2 Level AA audit of every component.
  • QA / Bug Detection — logic bugs, error handling, async/concurrency, edge cases.
  • Documentation + HECVAT — auto-generated user guide, admin guide, compliance summary, HECVAT 4.15 (87-question EDUCAUSE template pre-filled from code analysis).

Portability

AIF was built for the University of Montana but designed to port. INSTITUTION_NAME, INSTITUTION_DOMAIN, AUTH_PROVIDER — three env vars and another institution's in. CAS, header-based (Shibboleth), OIDC/SAML stubs. The 21 intake questions, 7 dimensions, and escalation conditions encode general higher-ed AI governance principles, not UM-specific policy.

Stack

  • React 19
  • Vite
  • Node / Express
  • PostgreSQL 16
  • Docker Compose
  • Pluggable SSO (CAS / Shibboleth / OIDC / SAML)
  • Codex CLI
  • OpenRouter
  • Claude Code CLI
  • Semgrep
  • ESLint
  • Snyk
  • Pandoc
  • xlsx

Standards

NIST AI RMF · NIST CSF 2.0 · WCAG 2.2 · OWASP Top 10 · EDUCAUSE HECVAT 4.15 · ITIL 4.