System Capabilities and Limitations (v1)

Cryptographic evidence sealing

Policy decisions are sealed with Ed25519 signatures and HMAC-SHA256. Bundles are verifiable offline using the CLI verifier.

Pre-execution policy evaluation

Every agent action is evaluated against the active policy before execution. Block and require_approval outcomes halt execution.

Boundary proximity escalation

Decisions within a configurable window of a policy threshold are flagged and routed to a reviewer.

Approval workflow with sealing

Human review outcomes are sealed into the evidence chain. The reviewer identity and outcome are included in the sealed record.

Deterministic replay

The system cannot guarantee that re-running the same mission from sealed inputs will produce an identical outcome. Outcome depends on model state, external data, and policy version at run time. Deterministic replay is deferred to v2.

Complete delegation snapshot (pre-IAM)

Prior to IAM integration, alternates who held active authority but did not act are not recorded in the evidence bundle. After IAM integration ships in v1, alternates are recorded in DelegationChainEvidence.

Enterprise identity provider (pre-IAM)

Prior to IAM integration, reviewer authority is validated against a configured email list, not an enterprise identity provider. Okta integration is in scope for v1 post-IAM.

Adverse-action notice letter generation

The system records the adverse-action reason code bound to the rule that fired. It does not generate a formatted notice letter under Regulation B or FCRA Section 615(a). Notice letter generation is not in scope for v1.