diff --git a/governance/FLOWS.md b/governance/FLOWS.md
new file mode 100644
index 0000000..edd39f4
--- /dev/null
+++ b/governance/FLOWS.md
@@ -0,0 +1,12 @@
+Canonical flow (both apps):
+
+1. Data enters system
+2. Findings are generated
+3. Findings are normalized
+4. Analyst reviews findings
+5. Analyst takes action or escalates
+
+Rules:
+- No app may bypass normalization
+- No alert without a finding
+- All actions trace back to a finding