| LIVE | Severity-banded approval gates sg-severity-gates | Every typed action carries a severity: auto (autonomous, bounded reversible), review (human supervisor in the loop), or critical (owner-of-record signs). The runtime refuses to mutate state unless the gate has been satisfied. | src/lib/runtime/engine.ts → executeAction · ontology ActionDef.severity |
| LIVE | Hash-chained audit ledger with end-to-end lineage sg-lineage-chain | Every state change emits an audit row with prevHash + chained hash (FNV-1a in browser, SHA-256 server). The /lineage page walks any decision back through Signal → Model → Prompt → Agent → Action → Approver → Audit row. | src/lib/runtime/engine.ts → audit() · src/lib/runtime/hash.ts · /lineage |
| LIVE | Decision reproducibility contract sg-reproducibility | Each decision carries deterministic seed, model version, prompt template hash, ontology version, code commit. Re-running with the recorded inputs returns the same proposal — non-reproducible decisions trigger automatic incident escalation. | /lineage → ReproducibilityPanel |
| LIVE | Property-level RBAC with PHI/PII default-deny sg-rbac-rls | AccessRule declarations on the ontology gate property reads. PHI defaults to owner+supervisor only; sensitive defaults to owner-only. Enforced at the data plane, not the UI. | src/lib/ontology/types.ts → AccessRule · /ontology-studio Access Policy tab |
| LIVE | Self-Evolving Kernel — bounded reversible promotion sg-evolving-kernel-bound | Every patch the kernel proposes runs through a frozen-eval gate (>= baseline + 1σ). Auto-rollback inside a 60-minute reversibility window. Max 5% traffic on unverified patches. No ungated change reaches production. | /self-evolving-kernel · runtime executeAction reversibilityWindowMs |
| LIVE | Counterfactual outcome attribution sg-counterfactual | Every outcome is computed against an explicit baseline (threshold-bypass, predictive, optimisation), and discounted for the probability the operator would have caught it without us. CFO-defensible — no double-counting. | /outcomes Counterfactual panel · runtime attributeOutcome |
| LIVE | Reasoning chain captured per proposal sg-explainability-chain | Every action proposal carries the reasoning chain: source signal, evidence cited, alternatives considered, counterfactual. Reviewers see why, not just what. Surfaces in the live action queue and the case file. | ActionProposal.rationale · /investigations evidence + recommendations |
| IN-FLIGHT | Bias / differential-outcome audit sg-bias-audit | Periodic differential-outcome scan across demographic / role / shift / facility axes; flags categories where the action mix or outcome distribution diverges from baseline. Surface lives in /lineage. | Planned: src/lib/runtime/bias-audit.ts · /research-security |
| POLICY ONLY | Export-controls posture (CGP / CCL) sg-export-controls | Module-level export classification: any feature that could be dual-used (ISR-style activity recognition, target prioritisation) is flagged at build time and gated behind a tenant-deployment-class feature flag. | Planned: build-time export-class manifest |
| IN-FLIGHT | Per-action ethics classification sg-ethics-class | Action types carry an ethics class (low / standard / restricted / prohibited). Restricted actions require dual-key approval; prohibited actions cannot be added to the runtime without an explicit policy review. | Planned: ActionDef.ethicsClass · runtime guard |
| LIVE | Trust UX — confidence + reasoning at every touchpoint sg-trust-ux | Operators see confidence score, severity band, alternative proposals, and the source signal at the moment of approval. No black-box recommendations. | /action-studio RuntimeQueue · /investigations hypothesis tree |
| IN-FLIGHT | Cognitive-load offload meter sg-cognitive-offload-meter | Per-operator metric showing decisions absorbed by autonomous tier vs. surfaced for human review, with hours of attention conserved. Lets a CO-equivalent see how much cognitive burden the platform actually removed. | Planned: src/lib/runtime/cognitive-load.ts · /outcomes |