Enhancement Title*
Persona-driven GitHub Pages self-assessment for CoSAI-RM adoption
Enhancement Category*
Framework Architecture
Overview*
This enhancement proposes a GitHub Pages experience that helps practitioners identify which CoSAI-RM personas apply to them and then presents the relevant risks and controls in a browsable UI.
The goal is to create a low-friction adoption entrypoint for CoSAI-RM: a guided, persona-driven experience that helps new users move from “what role do I play?” to “which risks and controls matter to me?”
Rationale*
Current state: the repository already contains rich persona, risk, and control data, plus a legacy self-assessment definition in risk-map/yaml/self-assessment.yaml. However, the current assessment model is still tied to the older two-persona split and does not align with the current multi-persona framework. That makes CoSAI-RM harder for new adopters to approach: there is no guided path from "what role do I play?" to "which risks and controls matter to me?"
Proposed improvement: add a static GitHub Pages experience that uses persona identification questions as the front door and renders both risks and controls from the existing framework data.
Benefits:
- Improves framework adoption by giving new users an approachable guided entrypoint
- Reuses existing framework content instead of creating a disconnected website data model
- Keeps the experience private and easy to host by staying fully client-side
- Creates a foundation for future personalization without requiring full risk-scoring logic in the MVP
Scope*
Large (multi-component, significant changes)
Breaking Changes*
No - Fully backward compatible
Details
Product direction
- Build a CoSAI-branded GitHub Pages experience
- Keep the UX original in structure, copy, and presentation
- Frame the experience around CoSAI-RM personas, risks, and controls
- Use CoSAI-specific language and guidance rather than score-based or maturity-style results
- Structure the flow as: introduction, persona questions, matched persona summary, and browsable risks/controls results
MVP behavior
- Build a static GitHub Pages experience with no backend and no server-side storage of user answers
- Use
identificationQuestions from risk-map/yaml/personas.yaml as the primary source for persona-determination questions
- Allow the user to match multiple personas in one session
- After persona determination, render a results UI that shows:
- relevant risks
- relevant controls
- Merge and deduplicate risks and controls across all matched personas
Data/model expectations
- Treat the existing persona, risk, and control YAML model as the source of truth for results
- Do not require a separate hand-maintained website-only mapping for persona-to-risk or persona-to-control relationships
- The current legacy self-assessment definition may coexist with this new experience initially rather than being replaced immediately
Persona coverage gap
- Some personas do not yet have complete
identificationQuestions
- For personas without question coverage, especially
AI Model Serving, provide a manual fallback selector in the UI so they can still be included in results
- Current persona-question follow-up issues should feed this work:
Suggested implementation slices
Acceptance criteria
- A user can complete a persona questionnaire and match one or more personas
- A user can still include
AI Model Serving through a fallback selector even without identification questions
- The results page shows both relevant risks and relevant controls for all matched personas
- Shared risks and controls are deduplicated in the results
- The experience is deployable as a static GitHub Pages site
- The MVP does not require backend services, server-side persistence, or full answer-weighted risk scoring
Enhancement Title*
Persona-driven GitHub Pages self-assessment for CoSAI-RM adoption
Enhancement Category*
Framework Architecture
Overview*
This enhancement proposes a GitHub Pages experience that helps practitioners identify which CoSAI-RM personas apply to them and then presents the relevant risks and controls in a browsable UI.
The goal is to create a low-friction adoption entrypoint for CoSAI-RM: a guided, persona-driven experience that helps new users move from “what role do I play?” to “which risks and controls matter to me?”
Rationale*
Current state: the repository already contains rich persona, risk, and control data, plus a legacy self-assessment definition in
risk-map/yaml/self-assessment.yaml. However, the current assessment model is still tied to the older two-persona split and does not align with the current multi-persona framework. That makes CoSAI-RM harder for new adopters to approach: there is no guided path from "what role do I play?" to "which risks and controls matter to me?"Proposed improvement: add a static GitHub Pages experience that uses persona identification questions as the front door and renders both risks and controls from the existing framework data.
Benefits:
Scope*
Large (multi-component, significant changes)
Breaking Changes*
No - Fully backward compatible
Details
Product direction
MVP behavior
identificationQuestionsfromrisk-map/yaml/personas.yamlas the primary source for persona-determination questionsData/model expectations
Persona coverage gap
identificationQuestionsAI Model Serving, provide a manual fallback selector in the UI so they can still be included in resultsData Provideradd identification questions #213Application Developeradd identification questions #214AI System Governanceadd identification questions #215Suggested implementation slices
Acceptance criteria
AI Model Servingthrough a fallback selector even without identification questions