Guarantees
Properties enforced by system design
Last reviewed: 2025-01-25
Guarantees
These are properties of ΔOS that are enforced by system design, not merely goals or aspirations.
A guarantee is a property that holds under all circumstances within the system's operational parameters. When we say "guarantee," we mean the system is designed such that the property cannot be violated.
Core Guarantees
1. Pre-Execution Evaluation
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Every Intent is evaluated before the associated action executes | SDK blocks action pending judgment; no bypass path exists | Audit trail contains judgment timestamp before action timestamp |
Why it matters: This is the fundamental difference between governance and monitoring. Actions don't proceed and then get reviewed—they're reviewed first.
2. Deterministic Decisions
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| The same Intent with the same evidence always produces the same Judgment | LIMs are pure functions with no external state dependencies | Replay any historical Intent and compare outputs |
Why it matters: Predictability enables debugging, auditing, and trust. Non-deterministic decisions cannot be verified.
3. Complete Audit Trail
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Every Intent and its Judgment are recorded immutably | Append-only ledger with hash-chain verification | Hash chain validation; gap detection in sequence numbers |
Why it matters: Accountability requires proof. The audit trail provides cryptographically verifiable records.
4. Human Authority Preservation
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Humans can always override any automated judgment | Override API accepts any valid human credential | Override path tested in CI; no code path can disable |
Why it matters: Autonomous systems must remain under human control. This isn't optional.
5. Kill Switch Availability
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| The kill switch is always available and cannot be disabled | Kill switch operates at infrastructure level, outside application code | Kill switch has independent monitoring and alerting |
Why it matters: If something goes wrong, humans need immediate recourse.
Data Guarantees
6. Intent Immutability
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Created Intents cannot be modified or deleted | No UPDATE or DELETE operations exist in Intent storage layer | Schema validation; API contract testing |
7. Evidence Capture
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| All evidence used in judgment is recorded with the judgment | Evidence is captured before LIM evaluation; included in judgment record | Replay requires no external data sources |
8. No Silent Failures
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Every Intent receives either a Judgment or an explicit failure | Intent submission blocks until judgment or timeout | No Intent can have null judgment in production data |
Authority Guarantees
9. LIM Authority Boundaries
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| LIMs cannot modify policies or execute actions | LIMs have no access to policy modification or action execution APIs | Static analysis of LIM interfaces; runtime capability restrictions |
10. Escalation Integrity
| Guarantee | Enforcement Mechanism | Verification |
|---|---|---|
| Escalated Intents cannot proceed without human decision | Escalate judgment blocks action until human response recorded | No escalated Intent has action execution without human judgment |
Guarantee Boundaries
Guarantees apply within defined boundaries:
What's Guaranteed
- Properties of the ΔOS system itself
- Behavior when SDK is used correctly
- Audit trail integrity
- Authority boundaries
What's Not Guaranteed
- Agent behavior outside ΔOS
- Network availability
- Third-party system behavior
- User's own code correctness
Guarantees apply to the ΔOS system. If an agent bypasses the SDK and acts directly, that action is not governed. Integration correctness is the user's responsibility.
Verifying Guarantees
Each guarantee can be verified:
Audit Replay
// Replay a historical judgment
const replay = await deltaos.audit.replay(intentId);
if (replay.judgment !== originalJudgment) {
// Guarantee violation detected
throw new GuaranteeViolation('Determinism');
}
Hash Chain Validation
// Verify audit chain integrity
const validation = await deltaos.audit.validateChain({
from: startDate,
to: endDate
});
console.log(validation);
// { valid: true, intentsChecked: 50000, gapsFound: 0 }
Authority Testing
// Verify LIM cannot access policy API
try {
await lim.modifyPolicy(); // Should throw
} catch (e) {
assert(e instanceof AuthorityViolation);
}
Guarantee Violations
If a guarantee is violated, that's a critical incident:
- Detection — Continuous verification runs in production
- Alerting — Violations trigger immediate high-severity alerts
- Response — Kill switch activation if safety-critical
- Analysis — Root cause analysis required
- Disclosure — Affected customers notified
Guarantee violations are treated as P0 incidents. We have never shipped a known guarantee violation.
See Also
- Authority Boundaries — Decision authority model
- Incident Posture — What happens when things fail
- SLOs — Measurable commitments
- Audit Trail — How audit works