Metrics

Admina Score vs OISG Adequacy

Admina's dashboard surfaces two 0–100 governance scores. They look similar at a glance but answer fundamentally different questions — live runtime vs static capability — and you should read them together, not in isolation.

The one-line difference

Live runtime

Admina Score

What is actually happening right now on this instance?

Static capability

OISG Adequacy

Is this instance designed correctly to govern what it will see?

Side-by-side reference

Admina Score OISG Adequacy

Type Live runtime composite Static capability assessment

Range 0–100 0–100 (4 pillars × 5 criteria × 5 pts)

Question answered Is governance working right now? Is this instance designed correctly?

Data source Proxy live state — forensic events, block counts, latest compliance run Your admina.yaml and which plugins are wired up

How it changes In real time, as traffic flows and events land Only when you reconfigure and restart

Components 5 weighted signals (residency, audit, EU AI Act, attacks, chain) 20 criteria across 4 pillars (Open, Intelligent, Secure, Governed)

API endpoint GET /api/dashboard/score GET /api/dashboard/oisg

Dashboard location Top row, alongside the live event feed "Instance Configuration" panel — 2×2 quadrant map

External reference — oisg.ai

Source proxy/api/dashboard.py domains/compliance/oisg.py

How to read them together

The two scores are independent axes. Any combination is possible and each combination tells you something different about where to focus.

Admina Score (live runtime)

OISG high · Admina high

Well-governed production

The instance is designed correctly AND the live traffic is being governed by all wired-up defences. This is the target state for any Admina deployment.

Next step: Nothing to fix. Monitor for regressions; expand coverage to new domains (multi-tenancy, compliance templates) as adoption grows.

OISG low · Admina high

Configured, but idle

The capabilities are wired up but the live runtime signals are weak. Typically: the proxy is up but no traffic is flowing through it yet, or the forensic chain is still at GENESIS.

Next step: Route real agent traffic through the proxy, seed the forensic chain, run an EU AI Act classification — the Admina Score will climb as the runtime fills in.

OISG high · Admina low

Clean today, under-defended

Real traffic is flowing and nothing bad is happening right now, but several OISG capabilities are not configured — the instance is missing defences it would benefit from.

Next step: Walk through the OISG criteria that are failing (e.g. cryptographic agent identities, bidirectional injection defence, explainability endpoint) and enable the corresponding admina.yaml sections.

OISG low · Admina low

Not production-ready

Neither the configuration nor the live runtime is reaching adequate governance levels. This is expected during a fresh install before <code>admina init</code> / <code>admina dev</code> have been run end-to-end.

Next step: Finish the quickstart, bootstrap secrets, enable all four governance domains in admina.yaml, and route at least one governed request through the proxy.

OISG Adequacy (static capability)

When to look at which score

Incident review

You are investigating a production incident or suspicious activity. Start with the Admina Score — it reflects whether governance was actually engaged at the time of the event. Drill into the live feed and forensic log from there.

Design / architecture review

You are assessing whether an Admina instance is fit for purpose before ramping traffic through it. Start with the OISG Adequacy — it tells you which defences are in place without requiring traffic.

Compliance audit

Auditors want both. OISG shows the instance is designed to a recognised public framework; the Admina Score — together with the forensic black box — shows governance actually executed on every real interaction.

Capacity planning

You are about to expose Admina to a new workload or tenant. Check OISG first (does the current configuration cover the new threat surface?), then watch the Admina Score as you ramp traffic to confirm the runtime keeps up.