Authority Boundaries
Separation of decision authority between humans, system, and LIMs
Last reviewed: 2025-01-25
Authority Boundaries
Authority boundaries define who decides what in ΔOS. This separation is enforced by system design, not policy.
No system component can exceed its authority boundary. LIMs cannot modify policies. The system cannot override human decisions.
The Three Authorities
Human Authority
Humans retain ultimate control. This is non-negotiable.
| Capability | Always Available |
|---|---|
| Define policies | Yes |
| Modify policies | Yes |
| Override any judgment | Yes |
| Handle escalations | Yes |
| Revoke agent permissions | Yes |
| Access kill switch | Yes |
| Audit all decisions | Yes |
Humans can always override. The kill switch is always available. Escalation paths are always open.
System Authority
The system (ΔOS core) has authority over operational mechanics:
| Capability | Description |
|---|---|
| Route Intents | Direct Intents to appropriate LIMs |
| Collect evidence | Gather context for LIM evaluation |
| Apply judgments | Enforce LIM decisions |
| Maintain audit | Record all decisions immutably |
| Enforce rate limits | Apply system-wide limits |
| Manage escalations | Route to humans and track SLAs |
The system cannot:
- Create or modify policies
- Override LIM judgments
- Make value judgments
- Ignore escalation requirements
LIM Authority
LIMs (Ledger-Integrated Modules) have authority over policy evaluation:
| Capability | Description |
|---|---|
| Evaluate Intents | Apply policy logic to Intents |
| Produce judgments | Return Allow/Block/Escalate |
| Request evidence | Ask system for additional context |
| Report confidence | Indicate certainty level |
LIMs cannot:
- Modify their own policies
- Execute actions directly
- Override other LIMs
- Bypass escalation requirements
- Access resources outside their scope
Authority Boundary Diagram
- →Define/modify policies
- →Handle escalations
- →Override any judgment
- →Kill switch access
- →Full audit access
- →Route Intents to LIMs
- →Collect evidence
- →Enforce judgments
- →Maintain audit trail
- →Manage escalation routing
- →Evaluate against policy
- →Produce judgments
- →Request evidence
- →Report confidence
Enforcement Mechanisms
Authority boundaries are enforced at multiple levels:
Architectural Enforcement
- LIMs cannot access policy modification APIs
- System cannot call action execution APIs
- Audit logs are append-only
Runtime Enforcement
// LIM attempting to modify policy → Error
lim.modifyPolicy(); // Throws: AuthorityViolation
// System attempting to skip escalation → Error
system.forceAllow(escalatedIntent); // Throws: EscalationRequired
// Human override → Always succeeds
human.override(intent, 'allow'); // Succeeds
Audit Enforcement
Every authority exercise is logged:
{
"type": "authority_exercise",
"authority": "human",
"action": "override",
"target": "int_abc123",
"from": "block",
"to": "allow",
"actor": "user_789",
"timestamp": "2025-01-25T10:30:00Z",
"reason": "Business exception approved"
}
Escalation Model
When LIMs cannot make a definitive judgment, authority escalates to humans:
Escalation Triggers
| Trigger | Example |
|---|---|
| Configured threshold | Amount > $50,000 |
| Low confidence | LIM confidence < 0.7 |
| Conflicting LIMs | Two LIMs disagree |
| Policy requirement | "Always escalate this action" |
Escalation Flow
LIM returns Escalate
↓
System routes to human queue
↓
Human receives notification
↓
Human makes decision
↓
Decision recorded and applied
Escalation SLAs
Escalations have configurable SLAs:
await deltaos.escalation.configure({
routes: [
{ pattern: 'payment.*', team: 'finance', sla: '15m' },
{ pattern: '*.delete', team: 'data-governance', sla: '1h' }
],
defaultSla: '30m',
onSlaBreached: 'escalate-to-manager'
});
Override Authority
Humans can override any judgment:
Override Types
| Override | Effect |
|---|---|
| Allow Override | Force blocked Intent to proceed |
| Block Override | Prevent allowed Intent from proceeding |
| Escalation Override | Handle escalation with decision |
Override Recording
All overrides are permanently recorded:
const override = await deltaos.override({
intentId: 'int_abc123',
newJudgment: 'allow',
reason: 'Business exception for Q4 close',
approval: 'CFO verbal approval, ticket FIN-1234'
});
// Creates immutable audit record
console.log(override.auditRecord);
// {
// overrideId: 'ovr_xyz789',
// originalJudgment: 'block',
// newJudgment: 'allow',
// reason: 'Business exception for Q4 close',
// evidence: 'CFO verbal approval, ticket FIN-1234',
// actor: 'user_456',
// timestamp: '2025-01-25T10:30:00Z',
// immutableHash: 'sha256:...'
// }
Kill Switch
The kill switch is always available and cannot be disabled:
The kill switch immediately blocks all agent actions. It cannot be disabled or overridden by the system or LIMs.
Activation
// Any authorized human can activate
await deltaos.killSwitch.activate({
reason: 'Suspected compromise',
scope: 'all' // or specific agents/actions
});
Effect
- All pending Intents → Block
- All new Intents → Block
- Notification to all configured channels
- Audit record created
Recovery
Only humans can deactivate:
await deltaos.killSwitch.deactivate({
reason: 'Incident resolved, root cause identified',
approvedBy: 'security-team'
});
Capability Matrix by Authority
| State | Create Policy | Modify Policy | Evaluate Intent | Override Judgment | Execute Action | Kill Switch |
|---|---|---|---|---|---|---|
| Human | ✓ | ✓ | – | ✓ | – | ✓ |
| System | – | – | – | – | – | – |
| LIM | – | – | ✓ | – | – | – |
| Agent | – | – | – | – | ✓ | – |
See Also
- Autonomy Governance — The governance paradigm
- LIMs — Policy evaluation modules
- Guarantees — System commitments
- Incident Posture — When things go wrong