stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4e5300660d55be9cbce0021a645936a5f8143a2e
git.stella-ops.org/docs/features/checked/advisoryai/ai-action-policy-gate.md

2.8 KiB
Raw Blame History

AI Action Policy Gate (K4 Lattice Governance for AI-Proposed Actions)

Module

AdvisoryAI

Status

VERIFIED

Description

Connects AI-proposed actions to the Policy Engine's K4 lattice for governance-aware automation. Moves beyond simple role checks to VEX-aware policy gates with approval workflows, idempotency tracking, and action audit ledger. Enables "AI that acts" with governance guardrails.

Implementation Details

  • Modules: src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/
  • Key Classes:
    • ActionPolicyGate (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionPolicyGate.cs) - evaluates AI-proposed actions against K4 lattice policy rules
    • ActionRegistry (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionRegistry.cs) - registry of available AI actions with metadata and policy requirements
    • ActionExecutor (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionExecutor.cs) - executes approved actions with policy gate checks
    • ActionAuditLedger (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionAuditLedger.cs) - immutable audit trail of all action decisions and executions
    • ApprovalWorkflowAdapter (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ApprovalWorkflowAdapter.cs) - integrates with approval workflows for gated actions
    • IdempotencyHandler (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/IdempotencyHandler.cs) - ensures actions are not duplicated
    • ActionDefinition (src/AdvisoryAi/StellaOps.AdvisoryAI/Actions/ActionDefinition.cs) - defines an action's capabilities, constraints, and policy metadata
  • Interfaces: IActionPolicyGate, IActionRegistry, IActionExecutor, IActionAuditLedger, IApprovalWorkflowAdapter, IIdempotencyHandler, IGuidGenerator
  • Source: SPRINT_20260109_011_004_BE_policy_action_integration.md

E2E Test Plan

  • Register an action in ActionRegistry and verify ActionPolicyGate evaluates it against K4 lattice policy rules
  • Submit an action requiring approval and verify ApprovalWorkflowAdapter creates an approval request
  • Execute a gated action after approval and verify ActionAuditLedger records the decision, approval, and execution
  • Submit a duplicate action and verify IdempotencyHandler prevents re-execution
  • Submit an action that violates policy and verify ActionPolicyGate rejects it with a policy violation reason
  • Verify ActionDefinition metadata (risk level, required approvals, allowed scopes) is enforced during gate evaluation

Verification

  • Verified on 2026-02-11 via run-001.
  • Tier 0: docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier0-source-check.json
  • Tier 1: docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier1-build-check.json
  • Tier 2: docs/qa/feature-checks/runs/advisoryai/ai-action-policy-gate/run-001/tier2-integration-check.json