What is AI enforcement infrastructure?

AI enforcement infrastructure is the layer that intercepts and enforces policy on AI actions before they execute, ensuring agents cannot take unauthorized actions even when instructed to do so.

What is fail-closed execution in AI systems?

Fail-closed execution means that if an AI agent cannot verify it has authorization to take an action, it refuses to proceed. No action is taken without a valid, verified approval.

How does AI Syndicate differ from logging tools?

Logging tools record what happened after the fact. AI Syndicate enforces policy before execution occurs and records who approved what, with what parameters, under which policy version.

← Back to Docs

Request Evidence Correlation

This page defines the event correlation, operator evidence views, and request-level evidence required for request-centric investigations.

INV-5

Spec Drift Warning

Changes to implementation that violate invariant mappings invalidate compliance with v1.0. Implementations MUST preserve invariant-to-component, invariant-to-artifact, and invariant-to-verification-step mapping.

Compliance Assertion

• Satisfies INV-5 by requiring attributable request-level events, operator evidence views, and correlation across gateway and control-plane evidence.

Non-Compliance Results In

• Event records without request-level correlation are non-compliant evidence.
• An operator evidence view that cannot reconstruct request history from gateway to checkpoint is insufficient for incident review.

Request Correlation Contract

Invariant Mapping: INV-5

A compliant implementation MUST expose a stable requestID across gateway events, checkpoint projections, and operator query surfaces. The request ID is the primary join key for incident review.

• Gateway events MUST include request ID, event type, timestamp, deployment variant, and execution outcome fields.
• Checkpoint projections MUST preserve request ID so policy review and execution review can be correlated.
• Operator query surfaces MUST support request-ID lookups without requiring direct database access.

Operator Evidence View Requirements

Invariant Mapping: INV-5

Request evidence correlation is not complete until the events are visible through operator-facing product surfaces, not only through internal logs or ad hoc scripts.

• Hosted deployments MUST expose request lookup in the customer evidence view.
• Hosted request detail MUST show evidence timeline, routing information, policy gate evaluations, and cost attribution when available.
• Enterprise deployments MUST expose request lookup in the admin console at /console/#trace.
• Enterprise request detail MUST include gateway event history and ledger-backed request context sufficient for operator incident review.

Implementation note

Hosted customer evidence views and enterprise admin consoles serve different audiences, but they MUST preserve the same request-centric investigative model so evidence does not fragment by deployment type.

Operator Access Paths

Invariant Mapping: INV-5

• Implementations MUST provide a machine-readable query path for gateway events by request ID.
• Implementations MUST provide a checkpoint query path that returns request-correlated governance state.
• Implementations SHOULD provide CLI wrappers so operators can run request-level investigations without hand-authoring GraphQL queries.

Compliance Evidence

• GraphQL response for request-correlated checkpoint data.
• GraphQL or HTTP response for gateway events by request ID.
• CLI output demonstrating request lookup for a known request ID.
• Hosted evidence view screenshot or capture showing customer-facing request correlation.
• Enterprise admin console screenshot or capture showing Request Trace view.

Scope Boundaries

Invariant Mapping: INV-5

Request evidence correlation improves investigation, support, and auditability. It does not replace enforcement. A system that only emits rich events but permits unauthorized execution remains non-compliant with fail-closed execution enforcement.

Evidence correlation pages SHOULD cross-link to enforcement documentation so readers do not confuse post-hoc evidence with pre-execution control.

Reference concept page: Request evidence correlation in AI Syndicate.

Verification Linkage

INV-5

Artifact: gateway-events-by-request-id.json

Check: Gateway events are queryable by request ID

Verification step: operator verification: event lookup

INV-5

Artifact: checkpoint-pending-response.json

Check: Checkpoint response preserves request ID and correlated gateway events

Verification step: operator verification: checkpoint correlation

INV-5

Artifact: evidence-view-hosted.png

Check: Hosted customer evidence view exposes request-centric correlation

Verification step: ui verification: hosted evidence view

INV-5

Artifact: admin-console-request-trace.png

Check: Enterprise admin console exposes Request Trace view

Verification step: ui verification: enterprise admin console