DOCS

Runtime path from request to receipt.

Probe → gate → enforcement → receipt — the mechanics in one linear mental model.

If ZAK doesn't make decisions, what does it do?

ZAK makes decisions defensible.

Every AI interaction goes through a constitutional layer that enforces boundaries, records evidence, and produces cryptographic proof—so institutions can explain themselves later.

Read the full explanation →

What ZAK Does (and Doesn't Do)

ZAK Does

• Record reality immutably
• Evaluate decisions mechanically
• Produce cryptographic receipts
• Create institutional memory

ZAK Does Not

• Choose what you should do
• Optimize behavior
• Recommend policies
• Auto-correct mistakes
• Replace human judgment

"Think of ZAK as a flight recorder, not a pilot."

The Flow

Request Arrives

An AI request enters ZAK (via API, SDK, or proxy). Context is captured, intent is parsed.

POST /v1/chat/completions
Authorization: Bearer zak_key_...
{
  "messages": [...],
  "model": "claude-3-5-sonnet"
}

Constitutional Evaluation

Active constitution is applied. Rules are evaluated mechanically (not heuristically).

ALLOW

Request passes all rules

TRANSFORM

Request modified to comply

ROUTE

Sent to different executor

DENY

Request blocked

Context Optimization

Context is compressed losslessly (96.7% compression, 0.00% quality loss via CD-001).

COMPRESSION EXAMPLE

Turn 1: 2,500 tokens → Turn 5: 2,600 tokens (not 12,500)

O(1) growth after convergence

Execution

Approved request sent to executor (AI model, API, workflow, human). Execution monitored.

Response Validation

Response validated against egress rules. Ensure output meets constitutional requirements.

Receipt Generation

Cryptographic receipt generated with full provenance. Immutable, tamper-evident.

{
  "request_hash": "sha256:abc...",
  "constitution_id": "uuid",
  "decision": "ALLOW",
  "timestamp": "2026-02-09T12:34:56Z",
  "model": "claude-3-5-sonnet",
  "tokens": { "input": 2500, "output": 450 },
  "signature": "ed25519:..."
}

Authority Sources

ZAK receives governance signals from external platforms. These signals trigger constitutional evaluation.

GitHub (Code Authority)

Signals: repo created, branch pushed, PR opened, workflow disabled, release published

Example: Production branch pushed → ZAK recommends tightening constraints → Human approves → Constitution updated

Okta (Identity Authority)

Signals: role granted, privilege changed, policy updated, group membership changed

Example: Admin role granted → ZAK recommends snapshot → Human approves → Governance state archived

Jira (Change Authority)

Signals: critical issue created, sprint started, project deleted, status changed

Example: SEV-1 issue created → ZAK recommends human approval → Human reviews → AI suggestions gated

AWS (Runtime Authority)

Signals: resource created, IAM role assumed, database deleted, instance launched

Example: Production database deleted → ZAK recommends freeze → Human approves → AI behavior frozen

Critical Boundaries

Never Auto-Apply

External signals never automatically change AI behavior. Human approval is always required.

Never Interpret

Authority sources emit signals. They never judge, recommend, or decide. Constitutional evaluation is centralized.

Always Immutable

All events, decisions, and receipts are append-only. Nothing is ever modified or deleted.

Always Replayable

Every decision can be deterministically replayed from immutable evidence. Audits become queries, not storytelling.

For Developers

Quick Start

1. Install SDK

npm install @zak-platform/governor

2. Initialize with API Key

import { Governor } from '@zak-platform/governor';

const governor = new Governor({
  apiKey: process.env.ZAK_API_KEY,
  constitution: 'production-safety-v1'
});

3. Make Governed Requests

const response = await governor.chat({
  messages: [{ role: 'user', content: 'Analyze this data...' }],
  model: 'claude-3-5-sonnet'
});

// Response includes receipt
console.log(response.receipt.decision); // "ALLOW"
console.log(response.receipt.hash);     // "sha256:..."

For Platform Engineers

Connect Authority Sources

Link GitHub, Okta, Jira, or AWS to receive governance signals.

1. Go to /dashboard/integrations
2. Click "Connect [Platform]"
3. Enter credentials/config
4. Copy webhook URL
5. Configure webhook in platform

Review Governance Signals

When authority sources emit signals, they appear in /dashboard/approvals

Each signal shows: event details, recommended action, expiration time. You approve or reject.

For Enterprise

Constitution Mirroring

Every constitution change is mirrored to GitHub as a PR with:

• Structural diff (what changed)
• CD coverage deltas (which tests now pass)
• Backward compatibility flag
• Signer + effective date
• Governance metadata (replay link, model ID)

CD Tests as GitHub Checks

Constitution PRs automatically run CD tests. Results appear as GitHub Check Runs.

PRs cannot merge if CD coverage regresses.

Audit + Replay

Full immutable audit trail. Every decision is replayable from evidence.

Export artifacts for regulators: receipts, audit logs, replay traces, constitution history.

FAQ

What happens if ZAK is down?

Requests fail closed (by default). No AI execution without governance. You can configure fail-open for non-critical workloads.

Can I use my own models?

Yes. ZAK is executor-agnostic. Bring your own models, APIs, or workflows.

How do I prove compliance to auditors?

Export receipts, audit logs, and replay traces. Reference constitution hashes and CD test results. Everything is cryptographically signed and tamper-evident.

What if a governance signal is wrong?

Reject it. Signals are recommendations, not commands. Human approval is always required.

Can I integrate my own platform?

Yes. Implement the Authority Source Adapter Contract. Deploy without negotiation.