VERIFICATION & GOVERNANCE POSTURE
Verification & Governance Posture
AegisAI does not ask operators to trust model output. It converts proposals into deterministic policy adjudication and verifiable execution records. In adapter mode, the demo now exercises the real aegisai.core.Kernel with Ed25519 Class A attestation on every trace.
DEFINITIONS
The core execution record produced by every Kernel adjudication. Contains session_id, trace_id (UUID), custody_hash (SHA-256), decision_outcome, audit_log, and timestamp. Always present — not an optional artifact.
An Ed25519-signed wrapper around a finalized DecisionTrace. Produced only when the Kernel is initialised with a signing key. This is the externally verifiable governance artifact. Absence of attestation is not governance proof.
A scenario where a HIGH-severity policy should have produced BLOCK, but the kernel allowed the action to proceed. Primary safety metric. Benchmark gate exits 1 if security_failures > 0.
A scenario where the expected outcome was ALLOW, but policy produced BLOCK. Not a safety failure — a policy strictness trade-off. Tunable via the policy bundle.
An aggregate result over a defined canonical scenario set. Shows scenario-set consistency under the current fixture set. Not a universal safety certification.
ENFORCEMENT GUARANTEES
DEMO ASSURANCE POSTURE (PHASE E2)
demo-replay- →Bounded scenario registry — 7 adversarial scenarios
- →artifact_class: demo-replay — honest separation from core traces
- →demo_trace_ref is a display reference only, not a custody hash
- →Decision outcome (BLOCK/ALLOW) generated server-side by Cloudflare Worker
core-backed- →Routes to standalone Python backend (Render) running real aegisai.core.Kernel
- →GeminiLLMAdapter generates a structured ProposalSpec via Gemini API
- →Strict tool_id allowlist enforced — non-allowlist proposals rejected before Kernel
- →artifact_class: core-backed — real DecisionTrace, real custody_hash (SHA-256)
- →Ed25519 Class A attestation present on every response (aegis-demo-key-e1)
- →source: gemini on every ProposalInfo — identifies the real upstream generator
- →Gemini proposes. Kernel decides. No LLM execution authority.
EXPLICIT LIMITS
The benchmark artifact reflects consistency under the current canonical fixture set (7 scenarios). It does not constitute a universal safety proof or regulatory certification.
Absence of a Class A attestation means the DecisionTrace has not been externally signed. The trace exists, but external verifiability requires the signing key to be configured.
Replay lane: bounded scenario registry — no core Kernel call. Adapter lane: routes to real aegisai.core.Kernel on Render under controlled conditions. Neither lane executes unrestricted production actions or provides access to real customer data.
benchmark_latest.json is updated on every run. For stable evidence references, use the immutable benchmark_run_{id}.json artifact.
VERIFICATION POSTURE
The following machine-enforced checks run on every commit to main:
REGULATORY SUPPORT
AegisAI is designed to support record-keeping, oversight, and auditability requirements in regulated deployments. It is not certified against any standard.
WHAT AEGISAI SUPPORTS
- ✓EU AI Act — Article 12 (Record-keeping): per-decision immutable records
- ✓EU AI Act — Article 14 (Human Oversight): REQUIRE_CONFIRM enforces escalation
- ✓SOC 2 Type II alignment: audit trails, least-privilege action dispatch
WHAT AEGISAI DOES NOT PROVIDE
- ✕Certification against any regulatory standard
- ✕Compliance attestation or legal audit opinion
- ✕Guarantee of regulatory acceptance in any jurisdiction