Posted on

How to Deploy an AI Governance Layer for Your Organization’s Chatbots

If your organization is rolling out AI chatbots (for customer support, internal helpdesk, or employee-facing tools), there’s a question that will come up sooner or later: how do you make sure the AI actually follows your policies?

Most LLMs are trained to be helpful. That’s great until “helpful” means the bot gives a customer medical advice, estimates someone’s home value, or leaks internal process details it was never supposed to share. The AI isn’t being malicious. It’s just doing what it was trained to do: answer the question.

The fix isn’t more prompt engineering. It’s adding a governance layer between the user and the AI that enforces your policies at runtime.

What a Governance Layer Does

Think of it the same way you think about a firewall or a web application proxy. Traffic goes through it. Rules get enforced. Everything gets logged.

A governance layer for AI does the same thing:

  1. The user sends a message
  2. The AI generates a proposed response
  3. The governance layer evaluates the response against your policies
  4. If it passes, the user sees it. If it violates policy, it gets blocked
  5. Every interaction is logged with full audit details

This means your compliance team has a paper trail. Your CISO has proof the AI is staying inside the guardrails. And if something goes wrong, you can trace exactly what happened.

SAFi: An Open-Source Option

SAFi is a free, open-source governance engine that does exactly this. I built it to solve the gap between having a policy document and actually enforcing that policy at runtime.

It evaluates every AI response against your defined rules, blocks violations, audits everything, and even tracks whether the AI’s behavior is drifting over time.

Quick Deployment with Docker

You can have it running in minutes:

docker pull amayanelson/safi:v1.2

docker run -d -p 5000:5000 \
  -e DB_HOST=your_db_host \
  -e DB_USER=your_db_user \
  -e DB_PASSWORD=your_db_password \
  -e DB_NAME=safi \
  -e OPENAI_API_KEY=your_openai_key \
  --name safi amayanelson/safi:v1.2

It requires a MySQL 8.0+ database and at least one LLM API key (OpenAI, Anthropic, Google, Groq, Mistral, or DeepSeek are all supported).

Using It with Your Existing Bots

The part that matters most for helpdesk and support teams: SAFi can run as a headless API. That means you don’t have to use its built-in chat interface. You can plug it into whatever bot you already have (Microsoft Teams, Telegram, WhatsApp, or a custom application).

Your bot sends the user’s message to SAFi’s API, SAFi runs it through the governance pipeline, and returns the governed response:

POST /api/bot/process_prompt
Headers:
  Content-Type: application/json
  X-API-KEY: sk_policy_12345...

Body:
{
  "user_id": "teams_user_123",
  "user_name": "John Doe",
  "message": "Can I approve this expense?",
  "conversation_id": "chat_456"
}

SAFi processes the message, enforces the policy attached to that API key, and returns the response. Users are automatically registered in the system so you can audit their interactions later.

What You Get Out of the Box

  • Policy enforcement. You define the rules. SAFi enforces them on every response.
  • Full audit trail. Every AI decision is logged: what was proposed, whether it was approved or blocked, and why.
  • Drift detection. SAFi tracks whether the AI’s behavior is shifting over time. Most guardrail tools only check each request individually. SAFi checks the trend.
  • Model flexibility. You can swap the underlying AI model (GPT, Claude, Llama, etc.) without losing your governance layer.

Who This Is For

If you’re in IT and your organization is deploying AI in any user-facing capacity, this is worth looking at. Especially if:

  • You need to prove to compliance or legal that your AI is following policy
  • You’ve had incidents where the AI said something it shouldn’t have
  • You’re managing multiple chatbots and want centralized governance
  • You want audit logs that go beyond “the user asked X and got Y”

The project is open source and free. Check out the GitHub repo for the full code, or visit selfalignmentframework.com for the documentation. 

Thanks,

Nelson


Posted on

How to setup Kiosk using Raspberry Pi 4

There are many open-source and paid versions out there to set up kiosks.  I have set this up on Raspberry Pi version 1, 2, 3, and now 4.  It’s a very simple setup, I am going to set the website URL default to loading when Raspberry Pi 4 boots up, but you can change it to whatever you like, it could be a slide show, video, etc.….  You can even use it as Signage, there are some others out there that are better for Signage so it gives you preconfigured.

What you will need:

  • Raspberry Pi 4 (you can use an older version too, your settings may be different)
  • SD memory card 8GB or larger
  • Network connection LAN or WiFi
  • Terminal to SSH to Raspberry or run the command on the Raspberry
  • Unzip program and image burner software

Sections:

Update Raspberry Pi 4

Create a script file

Adding script file to auto-start when Raspberry Pi boots up

Enable SSH

common issues and solutions:

Download the “Raspbian Buster with desktop” or if you want the one with an application you can do so as well it’s Raspbian Buster with desktop and recommended software image, then you will need to unzip the download file.  If your computer doesn’t have the unzip program you can download the 7zip from https://www.7-zip.org/download.html

Next, you will need the image burner software, if you have one use it or download this one https://www.balena.io/etcher/, it supports many operating systems including Windows, Linux, macOS, and Portable.  Or https://sourceforge.net/projects/win32diskimager/ it’s a little outdated, but still works.

Download Raspbian Buster with desktop: https://www.raspberrypi.org/downloads/raspbian/

Once you have downloaded and used one of the image burner software to burn into SD card, then put in the Raspberry Pi 4 and start it up and if everything goes well you should see, click Next to go through basic settings

Welcome to Raspberry Pi

Set your local Country, Language and Timezone, then click Next

Set Country, Language and Timezone

Change Default Password, enter new password and click Next

Change Default password

Setup up screen settings, You may need this to enable or disabled, click Next

Set Up Screen

Select WiFi Network or click skip

Select WiFi Network

Update Software, you can skip or let it search and install

Update Software

Running very good even while searching for updates, see Task Manger

Task Manager

Once it’s finished searching, installing new updates or if you skipped you will see option to restart, click restart so all settings takes effects

Setup Complete

Once the Raspberry Pi 4 restarts, open the Chromium once so it creates the Default/Preferences automatic, then just close it

Update the Raspberry Pi 4:

sudo apt update && sudo apt upgrade

Create a script file:

Now setting up the script file, you can name it whatever you like: example StartApp.sh, inside copy and paste this code and change the URL to whatever you like

!/bin/bash
# If Chromium crashes (usually due to rebooting), clear the crash flag so we don't have the annoying warning bar
# waits for 10 seconds before opening URL
# To disable screen saver timeout
xset s 0
# To disabled Monitor going to sleep
xset -dpms
# clean up if the power or ssh in and poweroff or if hostname changes
rm -rf ~/.config/chromium/Singleton*
# Waits for 10 seconds before starting up
sleep 10
# Make sure to change the user name if it's not default pi
sed -i 's/"exited_cleanly":false/"exited_cleanly":true/'  /home/pi/ .config/chromium/Default/Preferences
sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/'  /home/pi/.config/chromium/Default/Preferences
chromium-browser --kiosk --disable-restore-session-state --disable-session-crashed-bubble --noerrordialogs --disable-infobars http://YourURL.com

You can add other options –no-default-browser-check –no-first-run that you like to prevent from pop up

Now make the .sh file executable:

chmod +x name_of_file.sh

Adding script file to auto-start when Raspberry Pi boots up

sudo nano /etc/xdg/lxsession/LXDE-pi/autostart

@lxpanel –profile LXDE-pi
@pcmanfm –desktop –profile LXDE-pi
@xscreensaver -no-splash
# add the following, if your script file located other location then the root of the user, then you will need to put the path

sh StartAuto.sh

autostart

Other setting you may need to change so it runs smooth, without any issue:

If you want to enable SSH, so you can make changes via Remote:

sudo systemctl enable ssh
sudo systemctl start ssh

That’s it

common issues and solutions:

To remove the Mouse pointer:
sudo apt-get install unclutter

Preventing Sleep of Monitor:
it’s already included in the script file, but just in case you need to change it
sudo nano /etc/lightdm/lightdm.conf
In that file, look for:
[SeatDefault] or [Seat:*]
#uncomment and insert -s 0 dpms:
xserver-command=X -s 0 dpms

If you need to fill your screen, you will need to disable the Overscan:
raspi-config
once it loads, choose Advanced Options> Next, choose Overscan:

To Disable chromium update message:
sudo touch /etc/chromium-browser/customizations/01-disable-update-check;echo CHROMIUM_FLAGS=\”\${CHROMIUM_FLAGS} –check-for-update-interval=31536000\” | sudo tee /etc/chromium-browser/customizations/01-disable-update-check

To check the monitor resolution settings currently set to:

/opt/vc/bin/tvservice -s
Should display something like this:
state 0xa [HDMI CUSTOM RGB lim 16:9], 1920×1080 @ 60.00Hz, progressive

To check what’s available settings for your monitor:

/opt/vc/bin/tvservice -m DMT
You should see something like this:
Group DMT has 12 modes:
mode 4: 640×480 @ 60Hz 4:3, clock:25MHz progressive
mode 5: 640×480 @ 72Hz 4:3, clock:31MHz progressive
mode 6: 640×480 @ 75Hz 4:3, clock:31MHz progressive
mode 8: 800×600 @ 56Hz 4:3, clock:36MHz progressive
mode 9: 800×600 @ 60Hz 4:3, clock:40MHz progressive
mode 10: 800×600 @ 72Hz 4:3, clock:50MHz progressive
mode 11: 800×600 @ 75Hz 4:3, clock:49MHz progressive
mode 16: 1024×768 @ 60Hz 4:3, clock:65MHz progressive
mode 17: 1024×768 @ 70Hz 4:3, clock:75MHz progressive
mode 18: 1024×768 @ 75Hz 4:3, clock:78MHz progressive
mode 35: 1280×1024 @ 60Hz 5:4, clock:108MHz progressive
mode 39: 1360×768 @ 60Hz 16:9, clock:85MHz progressive

Or
/opt/vc/bin/tvservice -m CEA
You should see something like this:
Group CEA has 10 modes:
mode 1: 640×480 @ 60Hz 4:3, clock:25MHz progressive
mode 2: 720×480 @ 60Hz 4:3, clock:27MHz progressive
mode 3: 720×480 @ 60Hz 16:9, clock:27MHz progressive
mode 4: 1280×720 @ 60Hz 16:9, clock:74MHz progressive
mode 5: 1920×1080 @ 60Hz 16:9, clock:74MHz interlaced
mode 6: 720×480 @ 60Hz 4:3, clock:27MHz x2 interlaced
mode 7: 720×480 @ 60Hz 16:9, clock:27MHz x2 interlaced
(prefer) mode 16: 1920×1080 @ 60Hz 16:9, clock:148MHz progressive
mode 32: 1920×1080 @ 24Hz 16:9, clock:74MHz progressive
mode 34: 1920×1080 @ 30Hz 16:9, clock:74MHz progressive


Posted on

How to install Ubuntu 18.04 Desktop

How to install Ubuntu 18.04 Desktop fresh using Hyper-V manager on Windows 10 Pro to Quick Create. There are many ways to install it, this process is very simple, you could do manual, which requires you to download the Ubuntu 18.04 image, then go through the process of installation. This will give you options to use your Ubuntu virtual desktop and get a feel of Linux system, when not in use, turn it off, so it goes not take resources of your system.

Open your Hyper-V Manger

Right click on Hyper-V host and choose Quick Create …

Then you will get option to select the Operating system, choose Ubuntu 18.04 LTS, and click Craete Virtual Machine. If you want to rename your VM, you could click on More options or you can rename later.

Then it will go through downloading the Ubuntu 18.04 LTS image, depending on your internet speed it may take awhile.

Then it will go through the automatic process of creating VM:

  • Verifying image
  • Extracting disk from an image archive
  • Creating a Hard drive
  • Virtual machine create successfully

Then you should see option to connect to your new Ubuntu 18.04 Desktop, click Connect

Click on Power button or Start to turn on your Ubuntu 18.04 server

You should see starting and then Welcome screen. Select your Language then click Continue

Select Keyboard layout, then click Continue

Select your Timezone, then click Continue

Fill in the login info, this would be admin account to login to your server, then click Continue

Then it will go through the System configuration automatically

Then you should see login screen enter your user/password created earlier

You should see your New Ubuntu 18.04 Desktop, it gives you few tips on What’s new in Ubuntu, go though and start using your Ubuntu Virtual desktop.

You can start using your Ubuntu 18.04 virtual desktop, see tips and tricks of common things you may find helpful, if this is your first time use of Ubuntu system.

Tips and Tricks:

Remove icon from favorites

Just right click icon you want to remove and choose Remove from Favorites

Opened applications

You will see little dot next to the application, you tell you that application is open.

More than one Application open

You will see more than one little dots, if you click on it, it will give you thumb nail view of and you will be able to switch it or close the application.

To see all opened Applications

Click on the Activities and it will give you thumbnail view of all opened applications, you can switch to it, or close it by click on X.

To see Applications

You can click on 9 dotted icon bottom left hand side, you will see all application or Frequent used

  • Software – where you can install new applications
  • Software & Updates – Where you can install updates and third-part software options
  • Startup Application – gives you list of application at start of your Ubuntu system
  • Settings – list of all settings like control panel
  • Files – your documents or personal files
  • Rhythmbox – is default music player

Shutdown Ubuntu Virtual Machine

Click on the Arrow on top left, you will see Power icon, if you want to just lock it, click on Lock icon.

When you click on Power icon it will give you option to Restart/Power off or cancel

Change User info

If you need to change user name or any setting, click on the Arrow next to your user name it will give you option to make changes

Change default applications

Click on Settings>Default Applications>Then change it to what you like


Posted on

How to setup OpenSupports Ticket System

OpenSupports is an open source ticket system, very simple to setup and use. Here I will go through setting up step by step. I am assuming you have your server is set up with correct permission. You will need to able to create database and upload installation files to your server. The installation has 7 steps it will go through and check requirements, and settings as it goes to the next step. This one is a very very simple Ticket system.

Server Requirements

PHP 5.6+
MySQL 4.1+
PDO Extension
Apache 2.4+

Installation of OpenSupports

You can start by downloading the OpenSupports ticket system from https://www.opensupports.com/download/

Once you have download the OpenSupports ticket system, then upload to your server and go to URL of your OpenSupports, you should see Step 1 of 7 Select the language and click Next

Then it will check for the Server requirements, if you see any error or missing requirement, install it then click Refresh, once all good, then click Next

You can fill in MySQL server info, at this point create a database if you have not yet, then fill in info below and click Next

  • MySQL database name: this can be left blank and it will generate automatic
  • MySQL server port (this can be left blank (default port is 3306)
  • MySQL user:
  • MySQL password:

Then select the option if you want your user to access and be able to register it, it’s toggle on/off, make selection, then click Next

Fill in the name of your ticket system, Check box if you want your user to attach a file to ticket and email server info (option to confirm SMTP connection test, to make sure your email server can communicate), then click Next

Admin account name, email and password, fill in info, make sure it’s strong and keep it safe, you will use this account to make changes to your system. Once you have filled in info, click Next
Then it will go through installation and redirect to login page

This is login page where you will enter your admin login info you choose in your last step.
User URL will be yourdomain
Admin URL will be yourdomain/admin

Once you are logged in you will see Dashboard of your new Ticket System, where you can make changes, add user/agents, etc…

That’s it, very simple ready to use your OpenSupports open source ticket system. If you are looking for more feature you can use another open source ticket system called osTickets, I have written a post on how to install osTicket on Ubuntu, enjoy it


Posted on

Install open source flat-file CMS Grav on Ubuntu

Grav is open source flat-file CMS which means without any needs of the database.  It only has two requirements web server like Apache, Nginx, IIS, etc … and PHP 5.6.3 or higher.  It uses Markdown for formatting syntax and it automatically converts to HTML.  It also has a Normal or Expert mode for editing content.  I am installing this on Ubuntu 16.04, but it should work just fine with other versions of Ubuntu as long as you meet the server/PHP requirement.  Also, Grav have two options when you download Grav core or Grav Core + admin plugin, I am using installing with Admin plugin to get more options.

Installation is very easy, once you have the web server of your choice and PHP version meets the requirement.

Download the Grav from https://getgrav.org/downloads and extract it then upload it to your web server

Then just go to your Domain URL and you should see the following screen, where you fill in your admin information and click Create User

If everything goes well it should bring you to Dashboard screen, this is your admin screen, where you will be able to add, delete, and make changes to your Grav CMS.  Also before you do anything click Backup and it will automatically back up for you.

This is default home page of Grav after fresh installation

If you want to edit your page to your Grav CMS login to admin (YourDomain/admin)
To edit Home Page, click on Pages>click Home

Now you should be to edit Content and click on the other tabs to see more options, Advance and Mode type Normal/Expert.

After the installing you may need to upgrade, just click on the Update on your dashboard and click continue

Back to your dashboard you should see fully updated, otherwise click check for updates

That’s it, enjoy it