<340 ns Per decision
<600 ps Logical op
2.9M/sec Throughput
On-premise native No cloud runtime

Technical Architecture Note — Version 1.0

Status Controlled Public Artifact
Version 1.0
Release date 2026-02-17
Jurisdiction Switzerland
Scope Demonstration boundary

Problem Statement

Conventional authorization systems rely on probabilistic inference, score-based thresholds, or heuristic classification to produce decisions. These approaches introduce ambiguity at the point of decision, making it structurally impossible to guarantee deterministic outcomes under adversarial or incomplete conditions. The architecture described in this document takes an indeterminacy-first approach: the system is designed to produce a formally bounded decision — including an explicit indeterminate state — for every input. This eliminates the class of errors arising from forced binary resolution and ensures that every decision is traceable, replayable, and evidence-bound. The architecture does not infer intent, predict outcomes, or interpolate missing evidence. It evaluates only what is presented, within formally declared boundaries.

Formal Invariants

The following five invariants are architectural constraints enforced at every layer of the system. They are not configurable, not optional, and not subject to runtime override.

1. No probabilistic inference

  • Definition: The system does not employ machine learning, statistical scoring, Bayesian inference, or any form of probabilistic reasoning in its decision path.
  • Guarantee: Every decision is produced by deterministic evaluation of explicitly declared policy rules against presented evidence.
  • Boundary: External systems feeding data into the platform may use probabilistic methods; this invariant applies strictly to the decision evaluation path.

2. Evidence-bound extraction

  • Definition: No decision can be produced without a complete evidence record. The system does not fabricate, assume, or default missing evidence fields.
  • Guarantee: Every decision output is accompanied by a cryptographically linked evidence set that was present at the time of evaluation.
  • Boundary: Evidence completeness is defined by the policy schema. The system does not validate the truthfulness of evidence — only its structural presence and format conformity.

3. Deterministic replayability

  • Definition: Given the same policy version and the same evidence set, the system must produce the identical decision output on every execution.
  • Guarantee: Decision replay is a first-class audit capability. Any historical decision can be re-evaluated with its original inputs to verify consistency.
  • Boundary: Replayability assumes immutable policy versioning. If a policy version is mutated in place (a violation of operational protocol), replay guarantees do not hold.

4. Non-self-executing architecture

  • Definition: The system produces decisions but does not enforce them. It has no capability to execute actions, modify external systems, or trigger downstream effects autonomously.
  • Guarantee: The decision output is an advisory artifact. Enforcement is always delegated to the calling system, which retains full control over action execution.
  • Boundary: Integration patterns may automate action based on decision output. Such automation is external to the architecture and outside the scope of this invariant.

5. Human override boundary

  • Definition: Every decision produced by the system is subject to human review and override. The architecture does not include any path that bypasses human authority.
  • Guarantee: Override events are recorded in the same append-only ledger as original decisions, preserving the full audit chain including the identity and justification of the override.
  • Boundary: The platform provides the mechanism for override recording. Organizational policies governing when overrides are permitted are outside the system's scope.

Deterministic Guarantee Definition

A decision is considered deterministic if and only if all of the following conditions hold:

  • The policy version used for evaluation is immutable and version-locked at the time of request.
  • The evidence set is complete as defined by the policy schema, with no fields inferred or defaulted.
  • The evaluation function contains no side effects, no external calls, and no random inputs.
  • The output is one of exactly three states: ALLOW, DENY, or INDETERMINATE.
  • The complete input-output pair is recorded in an append-only ledger and is available for independent replay verification.

Demonstration Boundary Clause

This artifact describes architecture as implemented in a controlled demonstration environment. It does not represent a production deployment, a certified system, or a commercially operated service. The demonstration environment operates under synthetic data, constrained load conditions, and limited tenant scope. No claims are made regarding scalability, availability, or regulatory certification of the described architecture. Organizations evaluating this system for operational deployment must conduct their own independent assessment of fitness for purpose.

Integrity Fingerprint

The SHA-256 integrity fingerprint will be published alongside the signed PDF artifact. Contact the engineering team to obtain the signed version under NDA.

Contact the Team

Request Full Artifact

Obtain the complete technical architecture note as a portable document under NDA.

Request PDF