Skip to main content
ARCHITECTURE

Control plane reference architecture.

How policy evaluation, approval binding, permit issuance, and evidence recording compose into a governed execution boundary. Each layer has explicit failure behavior — not configurable availability tradeoffs.

Execution layers.

01

Policy evaluation layer

Evaluate the proposed action against versioned policy before any side effects occur.

Outputs: Permit or denial decision. Policy version reference. Decision timestamp.
Failure: Fails closed. No decision = no execution.
02

Approval binding layer

Bind approval decisions to the exact normalized parameters of the action. Detect substitution.

Outputs: Approval token with SHA-256 digest of action manifest. Bound to TTL.
Failure: Digest mismatch cancels execution. Not configurable.
03

Permit issuance layer

Issue execution permits with scope, TTL, and lineage reference. Permits are revocable.

Outputs: Permit record in control plane. Referenced in execution manifest.
Failure: Revoked permits are not honored. Expired permits are not honored.
04

Execution boundary layer

Enforce that every governed action presents a valid permit before side effects proceed.

Outputs: Execution event with permit reference and outcome.
Failure: No valid permit = no execution. Logs the rejection.
05

Evidence recording layer

Record attributable evidence for every governed event: identity, policy version, approval, parameters, outcome.

Outputs: Hash-chained audit record. Verifiable outside the runtime.
Failure: Evidence failure blocks new execution signatures until the chain is repaired.

System invariants.

These hold across the full execution path. If a deployment violates any of them, it is outside the governed boundary.

  • No action executes without a policy evaluation decision.
  • No execution proceeds with an expired or revoked permit.
  • Approval tokens bind to the normalized action manifest — parameter substitution is detectable.
  • Every governed event produces attributable evidence.
  • The system fails closed when control dependencies are unavailable.
  • Governance-suspended execution is an explicit mode — recorded in audit, not an implicit bypass.

Assess your current boundary.

The AI Execution Boundary Assessment maps your current deployment posture against these architecture requirements.

Start assessment