# AI Action Policy Gate (K4 Lattice Governance for AI-Proposed Actions)

## Module
AdvisoryAI

## Status
VERIFIED

## Description
Connects AI-proposed actions to the Policy Engine's K4 lattice for governance-aware automation. Moves beyond simple role checks to VEX-aware policy gates with approval workflows, idempotency tracking, and action audit ledger. Enables "AI that acts" with governance guardrails.

## Implementation Details
- **Modules**: `src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/`
- **Key Classes**:
  - `ActionPolicyGate` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs`) - evaluates AI-proposed actions against K4 lattice policy rules
  - `ActionRegistry` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs`) - registry of available AI actions with metadata and policy requirements
  - `ActionExecutor` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs`) - executes approved actions with policy gate checks
  - `ActionAuditLedger` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs`) - immutable audit trail of all action decisions and executions
  - `ApprovalWorkflowAdapter` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs`) - integrates with approval workflows for gated actions
  - `IdempotencyHandler` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs`) - ensures actions are not duplicated
  - `ActionDefinition` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs`) - defines an action's capabilities, constraints, and policy metadata
- **Interfaces**: `IActionPolicyGate`, `IActionRegistry`, `IActionExecutor`, `IActionAuditLedger`, `IApprovalWorkflowAdapter`, `IIdempotencyHandler`, `IGuidGenerator`
- **Source**: SPRINT_20260109_011_004_BE_policy_action_integration.md

## E2E Test Plan
- [ ] Register an action in `ActionRegistry` and verify `ActionPolicyGate` evaluates it against K4 lattice policy rules
- [ ] Submit an action requiring approval and verify `ApprovalWorkflowAdapter` creates an approval request
- [ ] Execute a gated action after approval and verify `ActionAuditLedger` records the decision, approval, and execution
- [ ] Submit a duplicate action and verify `IdempotencyHandler` prevents re-execution
- [ ] Submit an action that violates policy and verify `ActionPolicyGate` rejects it with a policy violation reason
- [ ] Verify `ActionDefinition` metadata (risk level, required approvals, allowed scopes) is enforced during gate evaluation
## Verification
- Verified on 2026-02-11 via `run-002`.
- Tier 0: `docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier0-source-check.json`
- Tier 1: `docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier1-build-check.json`
- Tier 2: `docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-002/tier2-integration-check.json`