What is AI enforcement infrastructure?

AI enforcement infrastructure is the layer that intercepts and enforces policy on AI actions before they execute, ensuring agents cannot take unauthorized actions even when instructed to do so.

What is fail-closed execution in AI systems?

Fail-closed execution means that if an AI agent cannot verify it has authorization to take an action, it refuses to proceed. No action is taken without a valid, verified approval.

How does AI Syndicate differ from logging tools?

Logging tools record what happened after the fact. AI Syndicate enforces policy before execution occurs and records who approved what, with what parameters, under which policy version.

← Back to Docs

Request Handling & Approval Flow

This page defines the request contract, identity verification, approval envelope creation, and fail-closed request handling requirements.

INV-1INV-3INV-4

Spec Drift Warning

Changes to implementation that violate invariant mappings invalidate compliance with v1.0. Implementations MUST preserve invariant-to-component, invariant-to-artifact, and invariant-to-verification-step mapping.

Compliance Assertion

• Satisfies INV-1 by requiring an approval envelope before execution.
• Satisfies INV-3 by requiring signature, timestamp, and nonce validation.
• Satisfies INV-4 by denying on invalid or unverifiable request state.

Non-Compliance Results In

• Unsigned requests are denied.
• Expired or replayed requests are denied.
• Requests lacking a valid approval envelope are denied.

Request Structure

Invariant Mapping: INV-1, INV-3

A request submitted for execution MUST contain `request_id`, `identity`, `action`, `parameters`, `timestamp`, `nonce`, and `signature`.

• Requests missing any required field MUST be denied before policy evaluation.
• The signature input MUST cover identity, action, bounded parameters, timestamp, and nonce.
• The request timestamp MUST be validated against the configured acceptance window.

Identity Verification

Invariant Mapping: INV-3, INV-4

• Gate MUST verify the request signature against a registered public key before invoking the Control Plane.
• Gate MUST deny requests signed by revoked, unknown, or malformed keys.
• Gate MUST deny requests with expired timestamps or invalid nonce format.

Compliance Evidence

• Identity key registry with active and revoked key states.
• Test result showing denial for invalid signature.
• Test result showing denial for expired timestamp.

Approval Envelope Creation

Invariant Mapping: INV-1, INV-3, INV-4

The Control Plane MUST issue an approval envelope only after successful policy evaluation.

• The approval envelope MUST include approval_id, identity, action, bounded parameters, issued timestamp, expiry timestamp, nonce, and signature.
• The approval envelope MUST be signed by a trusted Control Plane signing key.
• Gate MUST deny execution if the approval envelope is missing, invalid, expired, or detached from the request identity.

Fail-Closed Request Decisions

Invariant Mapping: INV-1, INV-4

• If policy evaluation cannot complete, Gate SHALL deny execution.
• If approval envelope validation cannot complete, Gate SHALL deny execution.
• If request normalization produces ambiguity, Gate SHALL deny execution.

Verification Linkage

INV-1

Artifact: approval-001.json

Check: Approval envelope exists and is bound to request identity

Verification step: verify.sh: INV-1

INV-3

Artifact: request-001.json

Check: Request signature, nonce, and timestamp validate

Verification step: verification walkthrough: Step 2

INV-4

Artifact: audit-chain-001.json

Check: Denial recorded when verification fails

Verification step: verification walkthrough: Adversarial scenarios 4 and 5