Policy Configuration
Review policy behavior, inspect scope boundaries, and simulate authorization outcomes before deployment.
Policy Editor
Editing quill-ledger-guard-v4 assigned to quill-agent-07.
Identity + scope preview
Ordered identity generated from bound characteristics.
Role=OperationalAgent | MissionScope=InternalLedgerMaintenance | AuthorityTier=Standard | Jurisdiction=US-PA | ActionScope=ReadLedger,ProposePatch | OperationalState=Active
Allowed actions
ReadLedger, ProposePatch
2 allowed
Forbidden actions
DeleteLedgerEntry, PublishRelease, CredentialHarvest, LateralMove
4 denied
Assigned agents
quill-agent-07
Live binding
Conditions
risk_classification = high OR modification spans more than 25 ledger entries
Thresholds active
Scenario Mapping
Failure classes translated into SHOGI-native controls.
Unauthorized transaction / destructive write
- Policy: Remove destructive verbs from ordered identity action scope
- Preventive construct: forbidden_actions + denied target patterns
- Enforcement: request fails at identity scope validation before execution
Data exfiltration to external destination
- Policy: explicit destination allowlist, external targets denied by default
- Preventive construct: context rule on destination class + byte threshold
- Enforcement: gateway blocks non-allowlisted export before transfer starts
Role escalation / tool misuse
- Policy: operational agent may not invoke release_packager or admin_console
- Preventive construct: tool denylist + supervisory escalation on risk upgrade
- Enforcement: tool claim mismatch blocks action formation immediately
Unsafe public release publication
- Policy: PublishRelease requires artifact manifest validation and 2-of-3 quorum
- Preventive construct: forbidden artifact patterns (*.map, secrets.*, .env)
- Enforcement: PENDING_QUORUM until evidence passes, else DENY before publish
Configured Policies
Fully populated current state across active controls. Select a policy to inspect or edit.
| Policy | Assigned agents | Allowed | Denied | Condition |
|---|
Trust & Escalation Graph
Explicit authority relationships native to SHOGI.
quill-agent-07Operational agent
Escalates
atlas-supervisor-02Supervisory authority
Approves
forge-agent-11Release pipeline agent
Quorum path
cedar-qa-01Quality checkpoint
Votes
iron-quorum-bSecondary quorum node
Votes
echo-audit-01Audit append-only observer
No execution
Simulation / Preview Mode
Run an action against draft or active policy and see the exact enforcement path before deployment.
DENY Choose an agent and action to evaluate the current policy state.
Why allowed / denied
The current request has not been evaluated yet.
Triggered rule
No rule evaluated.
Decision path
- Loaded identity version v4 for quill-agent-07.
- Computed ordered identity scope: ReadLedger, ProposePatch.
- Compared requested action DeleteLedgerEntry against allowed action scope.
- Matched explicit forbidden action rule: DeleteLedgerEntry.
- Blocked execution authorization and appended audit event audit-88217.
{ "decision": "DENIED", "stage": "identity_scope_validation", "reason_code": "ACTION_OUT_OF_SCOPE", "execution_authorization": "BLOCKED" }
Decision trace
DENY