SpanForge Learning Hub
Learn
Structured courses and books built from the SpanForge‑Core codebase. Every chapter maps to real implementation code — no toy examples, no hand-waving.
The SpanForge Book
A complete, structured curriculum built from the SpanForge-Core codebase. 47 chapters across 8 parts — from the core event model through cryptographic audit chains, PII compliance, and enterprise SDK patterns.
Security Engineering for AI Systems
A focused track on cryptographic primitives, HMAC chains, JWT authentication, TOTP, secrets scanning, and SSRF protection — grounded in real stdlib-only implementations.
AI Compliance Practitioner
EU AI Act, NIST AI RMF, ISO/IEC 42001, SOC 2 Type II, and GDPR — mapped to engineering controls with signed evidence bundles and T.R.U.S.T. scorecard methodology.
Observability for LLM Systems
OpenTelemetry, export backends, cost tracking, drift detection, and alert routing — the practical SRE and DevOps track for teams running AI in production.
SDK Architecture Patterns
Circuit breakers, sliding window rate limiters, plugin systems, auto-instrumentation, and zero-dependency design — transferable patterns for any production SDK.
Runtime Governance for AI Agents
The runtime control-plane story: versioned policy bundles, signed policy decisions, agent scope enforcement, RBAC authorization, explainability records, and decision lineage — coordinated through sf_policy. Covers replay, simulation, and false-positive calibration loops for production governance.
RAG Tracing & Grounding
End-to-end tracing for Retrieval-Augmented Generation pipelines: session lifecycle, retrieval scoring, grounding evidence, source-level provenance, and privacy controls — grounded in the sf_rag module. No raw query text or document content is ever stored.
AI Evaluation & Quality Gates
The complete evaluation stack: attaching quality scores to spans, batch runners, regression detection, HallucCheck pipeline integrations (score, bias, monitor, risk, benchmark), the 6-gate CI/CD pipeline, and the T.R.U.S.T. scorecard as a release quality signal.
Enterprise AI Deployment
Production deployment patterns for regulated environments: multi-tenancy with project isolation, data residency enforcement (EU/US/APAC/India), AES-256-GCM encryption at rest, envelope KMS, mTLS, FIPS 140-2 mode, air-gap offline deployment, Kubernetes/Helm, and reference architecture selection.
Privacy Engineering for AI
PII detection from regex to Presidio NLP to hybrid approaches, the five-tier sensitivity model, redaction policy design, consent boundary enforcement, GDPR tombstone erasure, differential privacy with Laplace noise, and regulation-specific patterns for GDPR, CCPA, HIPAA, and India's DPDP Act.