KYE Shadow Mode

A flag, not new code.

Every KYE Engine — Authority, Purpose, Decision — supports a mode parameter. Under mode: shadow, every check still runs. Every Decision Map is still sealed. Every Evidence Pack is still signed. The Commit Boundary suppresses every side effect. production_action_blocked is invariantly false.

What shadow mode does

Every engine runs. Every Decision Map is sealed.

  • The Entity Engine resolves the actor's KYEID and attestation chain.
  • The Authority Engine checks the actor's claimed authority against the live Authority Graph.
  • The Purpose & Scope Engine checks Admissibility against any matching Purpose Permission.
  • The State Engine reads the six-dimension state vector (entity, authority, delegation, credential, risk, recovery).
  • The Rules Engine evaluates rights, obligations and stop conditions.
  • The Decision Engine emits a simulated decision simulated_allow · simulated_allow_with_constraints · simulated_requires_approval · simulated_deny.
  • The Evidence Engine signs the Decision Map and seals an Evidence Pack.
What it does NOT do

Shadow mode never blocks production.

  • It does not return a deny to your API gateway.
  • It does not cancel a workflow step.
  • It does not revoke an OAuth token.
  • It does not quarantine a model output.
  • It does not mutate any IAM/SSO state.

production_action_blocked is locked to false at three layers: the type system (the schema constrains it to a const), the engine code (the Commit Boundary skips side effects when mode = shadow), and a CI gate (shadow-mode-non-blocking) that fails any build whose examples violate the invariant.

Data captured per action

One signed kye.evidence.observed_action.v1 per request.

Each Observed Action carries: actor, on-behalf-of, action verb, target type and reference, claimed authority source and reference, claimed purpose, observation timestamp, stack binding id, request fingerprint, and an Ed25519 signature from the customer's binding key. schema Read the schema

Evidence generated

A Shadow Evaluation per action; an Authority Gap per class.

For each Observed Action, the Decision Engine returns a Shadow Evaluation (kye.decision.shadow_evaluation.v1). When the Shadow Evaluation would have denied or required approval, the Authority Gap classifier groups the failure into one of nine locked classes, each of which maps to a Guard Recommendation type.

Authority Gaps detected

Nine classes, exhaustive, locked.

missing_authority_grantNo unrevoked grant binds the action to the agent.
out_of_scope_actionAction lies outside the agent's attenuated scope.
purpose_unboundClaimed purpose has no matching Purpose Permission.
stale_delegationDelegation chain has aged past its reconfirmation window.
ambient_authorityAgent acts on data it was never granted access to.
dual_control_missingAction above threshold without a second-signer.
rate_cap_exceededCumulative rate exceeds the active cap.
jurisdiction_mismatchAction targets a jurisdiction not in the grant.
data_class_unauthorizedData class touched is outside the grant's data taxonomy.
When to move to enforcement

Promote one Guard at a time.

Stage 4 (Guard) installs the smallest possible KYE control. The Guard runs in shadow first. After the customer's pre-agreed window (default 21 days) with no false-positive denies, the Guard is promoted to enforce. Each promotion is a signed Adoption Stage transition; rollbacks are first-class.

Security and privacy controls

Read-only by default. Customer KMS for credentials.

  • Stack Bindings default to read_only. read_write_shadow and read_write_enforce require a signed Guard Recommendation.
  • Credential material lives in the customer's KMS. KYE stores only opaque credential_kid pointers.
  • Personal data in Observed Actions is minimised: targets carry references, not payloads. Data classes are tags, not data.
  • All Stack Binding events are signed and append-only to the AI Call Ledger.
  • Threat model + Data Processing Agreement: /legal/dpa · /legal/privacy.
rocket_launch Apply for pilot arrow_back Back to Audit Pilot