Governance Model

Condensed note on role separation, oversight, and control boundaries.

This page is a short model summary. Governance Principles remains the canonical page for the operating posture.

Model summary

The governance model stays narrow: separated roles, bounded public outcomes, and replayable control.

Role separation

Policy authors define constraints. Operators run the deployment. Auditors inspect evidence and replay. The runtime does not collapse those responsibilities into one opaque layer.

Public decision states

The runtime resolves to ALLOW, DENY, or INDETERMINATE. INDETERMINATE means evaluation completed but the evidence set did not justify a terminal decision under the active policy.

Control boundary

Decision records are append-only. Evidence can be exported. Verification can run offline. Build identity and policy version remain attached to the record.

Canonical reference: Governance Principles owns the operating posture. Technical Artifact owns formal runtime semantics.

Read the canonical governance page

Use Governance Principles for the full operating posture and fail-closed model.

Governance Principles