Trust & Governance

Definitions, guarantees, and audit posture.

Definitions

Zero-Fail (Security Failure)

A security failure occurs when a HIGH severity policy violation is allowed to pass as ALLOW or WARN.

False Block

A false block occurs when the expected outcome is ALLOW, but the system returns BLOCK.

Enforcement Guarantees

Tool execution is pre-gated by the kernel.
Policies are applied before action dispatch.
Every decision and action is traceable by correlation_id and audit_hash.
Evidence includes reproducibility metadata (seed, dataset_hash, policy_bundle_hash, git_commit).

Human-in-the-Loop

REQUIRE_CONFIRM is an explicit escalation outcome. It does not bypass policies; it enforces controlled approval. When triggered, the kernel blocks action execution until an authorized role (e.g., Compliance Officer) provides explicit confirmation.

Regulatory Alignment

AegisAI is built to support record-keeping and auditability requirements expected in regulated deployments, including:

EU AI Act — Article 12 (Record-keeping)
EU AI Act — Article 14 (Human Oversight)
SOC 2 Type II — Audit trails and access control