◆ VS Code Extension  ·  Governed AI Gateway

DAIMON AI

Two governed interaction surfaces — @da###hi Chat Participant and Governed Chat Console — running identical harness: Effective Policy, Phase Machine, and 28+ governed tools. AI that your organisation controls.

@da###hi Chat Participant Governed Chat Console Phase Machine Effective Policy 28+ Governed Tools DAIMON Castle (AFK)
Interaction

Two Governed Surfaces

@da###hi inside GitHub Copilot Chat, and the standalone Governed Chat Console — both share identical harness, policy enforcement, and tool registry.

Workflow Engine

Phase Machine

Deterministic workflow orchestrator executing YAML Workflow DAGs — /wf-fix, /wf-feature, /wf-release, /wf-security, and more.

Governance

Effective Policy

Intersection of Platform Control Plane and Extension Governance Plane. Cryptographically signed. Seven-Day Last Known Good fallback.

Detached Execution

DAIMON Castle (AFK)

Governed AFK execution in spoke CI runners via signed Castle Runner Image. Developer dispatches, Castle executes, outputs land as PRs.

Architecture

System Architecture

DEVELOPER VS Code @da###hi Console castleDispatch @da###hi Chat Participant participantHandler.ts Governed Chat Console Standalone WebView Panel Turn Context Bar · Tool Posture GOVERNED CONVERSATION HARNESS Chat Enforcement Interceptor Sensitive Data Scan Policy Effective Policy Platform ∩ Extension · Signed Governed Agentic Exec agenticLoop.ts Phase Machine Workflow DAGs Tool Registry 28+ tools · policy + audit Agent Router agentOrchestrator.ts Model Tier Resolver Per-agent from manifest Scope Classifier Inline / Minimal / Full Integration Connections GitHub Enterprise · Azure DevOps Platform Adapters Connection Resolution Cascade Knowledge Bundles .daimon-memory/knowledge/ Capture Consent · Retrieval Provider OKF-compatible markdown Layered Knowledge Source Policy Bundle Signature Seven-Day Last Known Good Baseline + Remote Sync DAIMON CASTLE Detached AFK Exec No human in the loop Castle Runner Image Signed, immutable spoke CI runner Signed Policy Version Specific version, not "latest" RSA-SHA256 verified Castle AFK Posture askQuestion denied PII flagged on PR ↓ PR + Attestation Policy version recorded in PR body Standards & Policies POLICY AUTHORS Central AI Team · Group Companies Standards · Policies · Governance Repo Publish via signed governance manifest
The Challenge

AI in the Enterprise — Without Governance

Raw AI assistance creates five compounding risks that grow as adoption scales across companies.

No Company Context

AI knows nothing about your auth conventions, null-guard patterns, or internal standards. Every suggestion must be manually validated against your codebase before use.

No Audit Trail

No record of what AI generated, what files it accessed, or which model was used. Impossible to audit, reproduce, or attribute decisions when things go wrong.

No Data Guardrails

Secrets, PII, and confidential code can be forwarded to external AI providers without interception. One developer mistake becomes a data exfiltration incident.

No Workflow Structure

One-shot replies only. No multi-step implementation, no checkpoints, no scope control. A complex architectural change gets the same shallow treatment as a one-liner.

No Consistent Governance Across Companies

Each team configures AI differently — different models, different tools, different trust levels. The Central AI Team has no visibility, no control plane, and no way to enforce consistent standards across the group.

Audience

Who Is DAIMON AI For?

Three roles — each with a distinct entry point and a clear value proposition.

👩‍💻
Developer

"I want AI that knows my codebase and company patterns — not just Stack Overflow."

✦ @da###hi inside Copilot Chat
✦ Governed Chat Console
✦ Knowledge Bundles with your conventions
✦ Tool cards showing every AI action
🏗️
Tech Lead / Engineering Manager

"I want structured, auditable AI workflows my team can trust — with guardrails that protect our codebase."

✦ Phase Machine workflow structure
✦ Chat Enforcement Interceptor
✦ Execution Scope Tiers
✦ Full audit trail per turn
🏢
Central AI Team

"I want to govern AI use consistently across all our group companies — one policy layer, deployed everywhere."

✦ Signed governance manifest
✦ Model routing + tool tier control
✦ DAIMON Castle for AFK pipelines
✦ Seven-Day Last Known Good
This Demo

Your Onboarding Journey

23 slides — from the problem statement to a production deployment. Navigate at your own pace with ← → arrow keys.

① Foundation  slides 1–9

The problem · Who it's for · System architecture · Live scenario walkthrough · Two governed surfaces

② Interactive Demo  slides 10–11

Click 1: @da###hi /wf-fix · Click 2: Governed Chat Console with Turn Context Bar and live tool cards

③ Feature Deep-Dives  slides 12–20

Effective Policy · Phase Machine · Scope Tiers · Tool Cards · Knowledge Bundles · Integrations · Castle · Workbench · Policy Controls

④ Governance & Get Started  slides 21–23

For the Central AI Team · FAQ · Deployment steps — from install to first governed workflow in ~30 minutes

Use ← → arrow keys or Prev / Next to navigate. Each slide has Key Points on the right.
Why DAIMON AI

Raw AI vs Governed AI

✗ Without DAIMON AI
Raw Copilot suggestions — no organisation policy applied
No audit trail — which AI touched which file, when?
No guardrails — PII and secrets can flow to the model
No workflow enforcement — every engineer improvises their own process
No integration authority — context from GitHub / Azure DevOps is manual
No knowledge continuity — every session starts cold
AFK execution is unvetted — no governance, no paper trail
✓ With DAIMON AI
Effective Policy — signed governance enforced on every turn
Full audit trail — tool calls, telemetry, policy decisions logged
Chat Enforcement Interceptor — sensitive data scanned before dispatch
Workflow DAGs — deterministic Phase Machine execution, not improvisation
Integration Connections — GitHub Enterprise and Azure DevOps platform adapters
Knowledge Bundles — consent-gated capture, turn-scoped retrieval
DAIMON Castle — AFK execution under Castle AFK Posture with signed policy
The Problem

Without DAIMON — Generic AI

VS Code — src/auth/sessionManager.ts
📁
🔎
🤖
⚙️
src / auth
sessionManager.ts
logout.ts
userRoute.ts
src / ui
header.ts
// logout handler export function logoutUser(session: Session | null) { audit.log(session.userId); tokenStore.revoke(session.token); redirect("/login"); }
GitHub Copilot Chat Generic
Fix the logout crash in sessionManager.ts
The issue is a potential null reference. You can fix it by adding a null check before accessing session properties:

if (session !== null) {
  audit.log(session.userId);
}
— No policy context applied
— No audit trail
— No workflow, no verification, no PR
— No knowledge of your company’s auth conventions
Ask Copilot...
✗ No Effective Policy enforced ✗ No audit trail ✗ No sensitive data guard ✗ No workflow — just a one-shot suggestion
Architecture

Two Governed Interaction Surfaces

Both surfaces share identical harness. Features, bug fixes, guardrails, and tool flows must be in parity across both.

Surface A

@da###hi Chat Participant

Registered in GitHub Copilot Chat. Slash commands: /wf-fix, /wf-feature, /wf-release, /wf-security, /wf-spike, and more. Agentic loop via agenticLoop.ts.

Copilot Chat participantHandler.ts
identical
harness
Surface B

Governed Chat Console

Standalone WebView panel. Runs without Copilot Chat. Turn Context Bar, Tool Result Cards, Console Tool Posture (explore / act).

WebView Panel governedChatConsole.ts
Shared Governed Harness — both surfaces run this
Phase Machine
Workflow DAGs
Tool Registry (28+)
Agent Router
Effective Policy
Chat Enforcement Interceptor
Model Tier Resolver
1
Click 1 — @da###hi Chat Participant
VS Code — src/auth/sessionManager.ts
📁
🔎
🤖
⚙️
src / auth
sessionManager.ts
logout.ts
userRoute.ts
profile.ts
src / ui
header.ts
// logout handler — called when token expires export function logoutUser(session: Session | null) { // BUG: session.userId accessed before null check audit.log(session.userId); // ← throws on expired session tokenStore.revoke(session.token); redirect("/login"); }
GitHub Copilot Chat @da###hi
@da###hi /wf-fix Logout button throws null reference when session has already expired
Workflow started: Bug Fix
Scope: Minimal  ·  Model: Tier-2  ·  Policy: Effective v2.4.1

▶ Phase 1 — Understand Analysing session lifecycle…
📄 readFile — sessionManager.ts:12–28 session.userId accessed before null guard at line 15 Optional chaining fix: session?.userId
▶ Phase 2 — Implement Applying null-guard patch…
✏️ editFile — sessionManager.ts
✅ written · +2 lines, -2 lines · policy: act-tier allowed · audit: logged
@da###hi ...
/wf-fix /wf-feature /wf-release /wf-security /wf-create-capability /tokens /savings
2
Click 2 — Governed Chat Console
VS Code — Governed Chat Console
📁
🔎

⚙️
DAIMON AI
Governed Console
Capability Workbench
Knowledge Bundles
Connection Health
Active Policy
Effective v2.4.1
// src/auth/sessionManager.ts (active file) export function logoutUser(session: Session | null) { // fixed: null guard applied by DAIMON if (!session) { redirect("/login"); return; } audit.log(session.userId); tokenStore.revoke(session.token); redirect("/login"); }
Governed Chat Console act
📄 sessionManager.ts 🔗 GitHub Enterprise ✦ workspace-markers
Verify the null-guard fix and check for any other callsites
Checking all callsites for session.userId across the project…
🔍 searchFiles — "session.userId"
✅ 3 matches · sessionManager.ts:18, userRoute.ts:89, profile.ts:34 · audit: logged
📄 readFile — userRoute.ts:85–94
✅ line 89: session.userId used safely behind guard · no issue

Fix verified. Only sessionManager.ts needed the guard.
Ask DAIMON...
Turn Context Bar — active file + connections injected automatically explore posture — read-only act posture — full mutation tools
Real Scenario

A Day in the Life — With DAIMON AI

Follow a developer through a real security bug fix — from cold start to merged PR.

🐛
Step 1 — The Problem Arrives

A security bug is filed: sessionManager.ts leaks a null pointer when token refresh fails. The developer has never touched this repo before. Deadline: today.

Step 2 — Context Injected Automatically

Developer types @da###hi /wf-fix. The Knowledge Bundle silently injects the company's auth token null-guard pattern. The agent already knows the convention — zero onboarding required.

🛡️
Step 3 — Guardrail Fires

Mid-workflow, the Chat Enforcement Interceptor detects an API key in the proposed diff. The turn is held. Developer clicks Redact — the key is replaced with [REDACTED] before anything leaves the network.

Step 4 — PR Created with Full Attestation

The workflow creates PR #142 on GitHub Enterprise. The PR body includes policy version applied, steps completed, files changed, and tool calls executed. The security reviewer gets a pre-populated summary — no copy-paste from AI chat.

3
Click 3 — Governance Flow

How Governance Works

Platform Control Plane
GitHub private repo — org policy
Extension Governance Plane
bundled-governance/policies/manifest.json
Effective Policy
Intersection — cryptographically signed — enforced on every turn
Chat Enforcement Interceptor
Sensitive Data Scan Policy
Tool Registry
28+ tools — policy + telemetry
Model Tier Resolver
Per-agent from manifest
Seven-Day Last Known Good
Fallback on sync outage
Policy Bundle Signature
RSA-SHA256 verification
Layered Knowledge Source
Baseline + remote sync
Policy Bundle Signature — never trust unsigned policy

Every governance manifest is verified with RSA-SHA256 before activation. A sync outage falls back to the Seven-Day Last Known Good (LKG), not to a permissive default. Policy degrades safely — it never silently expands.

4
Click 4 — Run a Workflow

Phase Machine + Workflow DAGs

Available Workflow DAGs
/wf-fix /wf-feature /wf-migrate /wf-release /wf-security /wf-spike /wf-create-understanding-map /wf-create-capability
Phase Machine Guarantees
  • Deterministic — no LLM in the phase sequencer
  • Steps declared in YAML, not source code
  • Signal-Forced Steps override any tier
  • Cross-step context flows via step.output
# bundled-governance/workflows-templates/workflow-bug-fix.yaml
name: Bug Fix
phases:
  - id: understand
    agent: analyst
    tools: [readFile, searchFiles, getSymbols, findReferences]
  - id: plan
    agent: planner
    tools: [readFile, searchFiles, askQuestion]
  - id: implement
    agent: implementer
    tools: [readFile, writeFile, editFile, runCommand]
  - id: verify
    agent: verifier
    tools: [runTests, getProblems, readFile]
  - id: commit
    agent: integrator
    tools: [gitCommit, createBranch, runCommand]
Execution Scope — determined by Scope Classifier

The Scope Classifier analyses the request and proposes an Execution Scope Tier (Inline / Minimal / Full). Safety signals can force Signal-Forced Steps even if scope would skip them.

Workflow Intelligence

Execution Scope Tiers

The Scope Classifier proposes the appropriate tier based on request complexity and safety signals. Signal-Forced Steps override any tier when auth or PII signals fire.

Inline

No DAG

Single-turn response. No Phase Machine invocation. Used for questions, explanations, and trivial edits that need no workflow.

Q&AExplain codeTrivial fix
Minimal

Core steps only

Phase Machine runs a reduced DAG — understand and implement, skipping optional verification and release phases.

Small bug fixSingle-file change
Full

All phases

Complete Workflow DAG execution — understand, plan, implement, verify, commit, release. Used for features, migrations, and security incidents.

New featureMigrationSecurity fix
Signal-Forced Steps

Certain steps are inserted regardless of the selected tier when safety signals fire — for example, a PII-detection step is forced when the Chat Enforcement Interceptor flags sensitive patterns, and an auth-gate step is forced when an integration requires elevated credentials.

5
Click 5 — Tool Result Cards + Guardrails
VS Code — @da###hi /wf-feature — running
📁
🔎
🤖
⚙️
src / payment
paymentService.ts
paymentController.ts
paymentSchema.ts
src / config
database.ts
@injectable() export class PaymentService { @inject(DB_TOKEN) private db: Database; async processPayment(req: PaymentRequest) { const result = await this.db.run(req); return result; } }
GitHub Copilot Chat @da###hi · Phase 3
▶ Phase 3 — Implement Writing paymentService.ts…
✏️ writeFile — src/payment/paymentService.ts
✅ written · +42 lines · policy: act-tier allowed · audit: logged · 0.3s
⚙️ runCommand — npm test
✅ exit 0 · 1130 tests passed · 0 failing · policy: tier-2 allowed · 2.4s
⚠ Chat Enforcement Interceptor
Possible connection string detected in prompt. Redact before sending?
Redact & continue Cancel turn
Sensitive data scan policy: blocked pattern "Server=.*;Password=.*" · turn held pending developer action
@da###hi ...
readFilesearchFilesgetSymbols writeFileeditFilerunCommandgitCommit webSearchsubAgentaskQuestion 28+ governed tools
6
Click 6 — Knowledge Bundles
VS Code — .daimon-memory/knowledge/auth-patterns.md
📁
🔎
🤖
⚙️
.daimon-memory
knowledge
auth-patterns.md
api-design.md
logging-standard.md
context
workspace-markers.md
--- title: Session Auth Pattern tags: [auth, null-guard, sessionManager] relevance: session, auth, login, logout --- Always use optional chaining on session.userId. Redirect to /login when session is null or expired. Guard pattern: if (!session) { redirect("/login"); return; }
Governed Chat Console explore
I noticed a reusable auth pattern from this fix. Proposing knowledge capture…
💡 Knowledge capture proposed
Session Auth Pattern — null-guard convention for auth/sessionManager.ts
Preview & accept Dismiss
proposeKnowledgeCapture · consent required before write · file: .daimon-memory/knowledge/auth-patterns.md
Knowledge saved. Retrieval provider will inject relevant excerpts at future turns — not the full bundle, only what's relevant.
Ask DAIMON...
OKF-compatible markdown · consent-gated capture & correction · turn-scoped retrieval keeps context budget lean
7
Click 7 — Integration Connections
VS Code — @da###hi /wf-fix — Phase 5 Commit
📁
🔎
🤖
⚙️
Integrations
✓ GitHub Enterprise
✓ Azure DevOps
○ Jira (pending)
Connection Health
GHE · healthy
ADO · healthy
// PR created via Connection Resolution Cascade // workspace-scoped → user-scoped → org-scoped // resolved: GitHub Enterprise adapter const pr = await createPullRequest({ title: "fix: null-guard on session.userId", branch: "bugfix/session-null-guard", body: "Fixes logout crash on expired session", });
GitHub Copilot Chat @da###hi · Phase 5
▶ Phase 5 — Commit & PR Creating branch and pull request…
🌿 createBranch — bugfix/session-null-guard
✅ branch created · adapter: GitHub Enterprise · audit: logged
📬 createPullRequest — PR #142
✅ PR opened · "fix: null-guard on session.userId" · Connection: GHE workspace-scoped
Connection Resolution Cascade: workspace-scoped match → github-enterprise adapter activated · health: OK
✓ Workflow complete. PR #142 open for review. All 1130 tests passed.
@da###hi ...
Cascade: workspace-scoped → user-scoped → org-scoped · Connection Health Tracker surfaces degraded adapters in Turn Context Bar
NEW — Detached Execution

DAIMON Castle — AFK Execution

Developer dispatches via castleDispatch in VS Code — a signed Castle Runner Image picks up the task in a spoke CI runner and outputs land as policy-attested PRs.

👨‍💻
Developer
VS Code

castleDispatch
🏰
DAIMON Castle
Detached execution

signed image
⚙️
Castle Runner
Spoke CI runner

outputs
📄
Pull Request
+ Policy Attestation
VS Code — Copilot Chat — castleDispatch
@da###hi castleDispatch
task: "run full /wf-security audit on payment module"
policyVersion: "v2.4.1-signed" # specific version, not "latest"
✓ Dispatched · Castle Runner provisioning · outputs will arrive as PR
Castle AFK Posture

askQuestion tools are denied (no one to answer). Sensitive content is flagged on the PR rather than silently proceeding.

Signed Immutable Policy Version

Castle Runner pulls a specific, signed Immutable Policy Version at job start — not "latest". The exact version is recorded in the PR attestation.

8
Click 8 — Capability Workbench
VS Code — .daimon/local-capabilities/payment-reviewer/agent.yaml
📁
🔎
🤖
⚙️
.daimon / local
payment-reviewer
agent.yaml
skills/review.md
standards/pci.md
api-designer
agent.yaml
name: payment-reviewer description: Reviews payment code against PCI-DSS standards scope: local # workspace-only until promoted tools: - readFile - searchFiles - getSymbols skills: - ./skills/review.md standards: - ./standards/pci.md
GitHub Copilot Chat @da###hi
/create-daimon-agent I want a payment code reviewer that knows PCI-DSS
Starting conversational agent builder…

What tools should the payment reviewer have access to?
Suggest: readFile, searchFiles, getSymbols (explore-only for a reviewer)
Yes, explore-only. Add the PCI-DSS standard from our governance repo.
Created: .daimon/local-capabilities/payment-reviewer/
Active under Author-Scoped Test Grant. Use @da###hi @payment-reviewer now.
Ready to promote via Joint Contribution PR when tested.
/create-daimon-agent ...
/create-daimon-agent /create-daimon-skill /create-daimon-standard /create-daimon-workflow Author-Scoped Test Grant — usable immediately Joint Contribution PR — promote to org governance
Governance Model

What Policy Controls, What Developers Do

Platform Control Plane — Policy Controls
  • Agent iteration budgets (agentIterationBudgets)
  • Tool tier assignments (agentToolTiers)
  • Model routing overrides (modelRouting.agentOverrides)
  • Sensitive data scan rules
  • Execution Scope Tier defaults
  • Castle AFK Posture rules
  • Knowledge capture consent thresholds
Developer Flow — What Teams Do
  • Author Local Agents with the Capability Workbench
  • Extend with Local Skills and Local Standards
  • Compose new Workflow DAGs in YAML
  • Accept or dismiss Knowledge Capture proposals
  • Dispatch Castle (AFK) tasks via castleDispatch
  • Configure Integration Connections per workspace
  • Promote Local Capabilities via Joint Contribution PR
Layered Knowledge Source

Governance content is layered: Baseline (shipped in extension) + remote sync from the organisation's private governance repository. Remote wins where it overlaps. The baseline ensures DAIMON is functional even before any org-specific policy is published.

Critical rule — never hardcode deployment-specific values

This extension is distributed to multiple group companies. All infrastructure coordinates (GitHub Enterprise URLs, org names, policy repository) must come from settings — never from source code literals.

Governance Authoring

For the Central AI Team

One governance manifest, published once, controlling AI behaviour across all group companies.

What You Control

Tool Tiers — which tools each agent can access
Model Routing — which model each agent uses
Iteration Budgets — max turns per agent and workflow
Safety Rules — what to block or flag per context
Knowledge Standards — conventions injected to agents
Capability Access — which agents are available to whom

How You Publish It

1.Write your policy as a JSON manifest in your private governance repository
2.Sign and tag a release — DAIMON verifies RSA-SHA256 before applying any change
3.All installed instances sync automatically — Seven-Day LKG protects against outages
4.Group companies can extend the baseline — never override it without signing
// governance/policies/manifest.json (excerpt)
"agentToolTiers": { "security-reviewer": "full", "code-helper": "restricted" },
"agentIterationBudgets": { "wf-fix": 12, "wf-feature": 24 },
"modelRouting": { "agentOverrides": { "wf-security": "gpt-4o" } }
Common Questions

Frequently Asked Questions

Does DAIMON AI replace GitHub Copilot?

No. DAIMON governs and extends Copilot Chat — it adds a governance layer on top of Copilot. The @da###hi Chat Participant runs inside Copilot Chat. Developers keep using Copilot exactly as before; DAIMON adds policy enforcement, Knowledge Bundles, and workflow orchestration alongside it.

What data leaves our network?

That depends on your model configuration. DAIMON supports your own Azure OpenAI endpoints, Ollama, LM Studio, and any OpenAI-compatible API — keeping all data within your tenant. The Chat Enforcement Interceptor also blocks sensitive data from reaching any model endpoint before it can leave.

How long does setup take?

Three steps: install the VSIX (~5 min), configure your governance repository settings (~10 min), deploy the Castle Pipeline Template to your CI environment (~15 min). After initial setup the extension self-manages governance sync and Last Known Good fallback.

Can we write our own agents and workflows?

Yes — the Capability Workbench lets developers author local agents, skills, standards, and workflow DAGs using a conversational builder. New capabilities are immediately usable under an Author-Scoped Test Grant, then promoted to org-wide governance via a signed Joint Contribution PR.

What happens if the governance repository is unreachable?

Seven-Day Last Known Good (LKG) retains the last successfully verified policy for up to 7 days. DAIMON continues at the last known permission level — no silent permission expansion, no degraded experience. Sync resumes automatically when the repo becomes reachable.

Get Started

DAIMON AI — Ready to Deploy

Governed AI gateway for VS Code. Two surfaces, one harness. Policy-enforced, audited, knowledge-grounded — from inline Q&A to full AFK execution via DAIMON Castle.

Install Extension

Install the VSIX into VS Code. Press F5 for Extension Development Host. Open @da###hi in Copilot Chat or launch the Governed Chat Console from the sidebar.

📚

Configure Governance

Point the extension at your organisation's governance repository. Effective Policy syncs automatically. Seven-Day LKG ensures continuity during outages.

🌤️

Deploy DAIMON Castle

Add the Castle Pipeline Template to your CI. Pull the signed Castle Runner Image. Dispatch AFK tasks from VS Code — outputs land as policy-attested PRs.

Feature Summary
@da###hi Chat Participant Governed Chat Console Phase Machine + DAGs Effective Policy 28+ Governed Tools Knowledge Bundles Integration Connections DAIMON Castle (AFK) Capability Workbench Execution Scope Tiers Tool Result Cards Chat Enforcement Interceptor
Phase 10 complete  ·  1130+ tests passing  ·  Zero hardcoded deployment values
Key Points
Loading…