Security

ZAK sits between intent and execution. That’s powerful—and it means security must be explicit: trust boundaries, invariants, and failure modes.

Trust boundaries

• Executor: model / workflow / human system that produces an output (untrusted by default).
• Governance engine: evaluates laws and enforces outcomes (must be deterministic and minimal).
• Receipt layer: produces tamper-evident artifacts for audit (hash, chaining, signatures).
• Storage: append-only semantics determine long-horizon audit strength.

Invariants (no bypass)

The governance envelope encodes invariants that are intended to be mechanically enforced: consent required, audit logging enabled, and signature verification required.

Failure modes (fail closed)

• Transform failures: if safe transform fails, output is withheld (silence) instead of leaking raw output.
• Denials: denials are first-class and always receipt-producing.
• Ambiguity: uncertain or missing constraint information should default to stricter handling.

Attack surface considerations

• Policy bypass attempts: prompt injection / authority override / workflow shortcutting.
• Receipt tampering: mitigated by hash verification and (in production) signature + append-only storage.
• Replay/double-submit: mitigated by request IDs and idempotency keys on action endpoints.
• Key custody: signing keys must be isolated and audited (HSM/KMS patterns).

Where to validate claims

• Proof — generate a receipt and verify locally.
• Receipt schema — inspect the audit surface.
• Verification guide — offline verification steps.