P124 — AIEP — Source Provenance Classification and Confidence Ceiling
Publication Date: 2026-03-01 Status: Open Source Prior Art Disclosure Licence: Apache License 2.0 Author/Organisation: Phatfella Ltd Schema: AIEP_OS_SPEC_TEMPLATE v1.0.1 — https://aiep.dev/schemas/aiep-os-spec-template/v1.0.1
Framework Context
[0001] This disclosure operates within an Architected Instruction and Evidence Protocol (AIEP) environment as defined in United Kingdom patent application number GB2519711.2, filed 20 November 2025, and GB2519798.9, filed 20 November 2025, the entire contents of which are incorporated herein by reference.
[0002] The present disclosure defines a source provenance classification system for EvidenceRef artefacts — a mechanism that assigns each source a provenance class based on its accessibility and integrity signals, and enforces a confidence ceiling that prevents any response from being classified at a higher tier than the provenance of its highest-risk source permits.
Field of the Disclosure
[0003] This disclosure relates to governed artificial intelligence evidence substrates that classify the trustworthiness of retrieved sources based on their network accessibility, transport security posture, and data-sharing characteristics.
[0004] More particularly, the disclosure concerns a source integrity inspection protocol that: evaluates each retrieved source URL against a set of network signal detectors; assigns the source a provenance_class from a defined taxonomy; applies a confidence_ceiling to any response that includes sources with integrity warnings; and surfaces integrity flags visually in the Evidence Rail.
Background
[0005] AI systems that retrieve evidence from the open web encounter sources served from: VPN exit nodes; anonymising relay networks; endpoints without TLS; geographically restricted endpoints; endpoints with stale TLS certificates; and endpoints known to serve privacy-restricted or proprietary content. Using such sources as evidence for confident AI responses — without flagging their integrity status — misleads users about the reliability of the responses.
[0006] Existing AI evidence systems do not: (a) detect network-level signals that indicate source integrity risk; (b) apply confidence ceilings based on integrity risk; (c) surface per-source integrity flags in an auditable, structured form; or (d) provide per-class confidence ceiling enforcement that can be configured at the tenant level.
Summary of the Disclosure
[0007] Source Integrity Inspection is applied to every URL before retrieval. The inspection evaluates:
| Signal | Detection Method |
|---|---|
| VPN exit node | IP range lookup against known VPN provider CIDR blocks |
| Anonymising relay | Detection of Tor exit nodes and common relay ASNs |
| No TLS | HTTPS handshake failure or HTTP-only response |
| Stale certificate | TLS certificate expiry within 30 days or already expired |
| Geo-restricted | HTTP 451 (Unavailable For Legal Reasons) or geo-block detection headers |
| Proprietary/paywalled | HTTP 402, 403 with paywall indicators, or subscription headers |
| GDPR-restricted | Content-type header patterns and country-of-origin signals for EU-resident callers |
[0008] The provenance_class taxonomy defines five classes in descending order of trustworthiness: authoritative (AODSR tier-1 member, full TLS, no integrity flags); verified (open-web, full TLS, no integrity flags); qualified (open-web, full TLS, one non-critical flag); unverified (integrity flags present that cannot be resolved); restricted (paywall, GDPR, or proprietary barriers).
[0009] The confidence ceiling is the upper bound on the confidence_tier field of any response whose evidence set includes sources above a given provenance_class threshold. Ceiling rules:
| Highest-risk source provenance_class | Maximum response confidence_tier |
|---|---|
authoritative or verified | verified |
qualified | qualified |
unverified | unverified |
restricted | unverified — with mandatory Dissent Signal |
[0010] Source integrity flags are individual boolean fields on the EvidenceRef record: vpn_detected, relay_detected, no_tls, stale_cert, geo_restricted, proprietary, gdpr_restricted. The Evidence Rail UI surfaces each flag as a distinct badge on the source card, enabling users to identify the specific integrity concern for each flagged source.
[0011] Tenants may configure a max_provenance_class threshold in their tenant settings. Sources above this threshold are excluded from the evidence set before the unburdening pipeline defined in P117. This enables enterprises operating in regulated environments (e.g. prohibiting use of proprietary or geo-restricted sources) to enforce compliance at the platform level.
[0012] The source_integrity_hash field on an EvidenceRef is a SHA-256 commitment over the inspection result fields in canonical JSON form. This hash is included in the Evidence Rail export (P120) and enables independent verification that the integrity flags were computed at retrieval time rather than assigned retrospectively.