P215 — AIEP — Safety Constraint and Governance Enforcement Engine

Applicant: Neil Grassby Classification: Patent Application — Confidential Priority: Claims priority from GB2519711.2 filed 20 November 2025 Architecture Layer: AIEP AGI Cognition Layer — Phase 2

Framework Context

[0001] This specification operates within an AIEP environment as defined in GB2519711.2 and GB2519798.9. The present specification defines the central safety and governance enforcement mechanism of the Phase-2 AIEP cognition architecture, extending Phase-1 governance primitives (P35, P36) to a general-purpose policy evaluation and enforcement engine serving all Phase-2 subsystems.

Field of the Invention

[0002] The present invention relates to governance enforcement systems and safety constraint architectures for evidence-bound artificial intelligence.

[0003] More particularly, the invention relates to a central policy engine that evaluates proposed system actions — tool invocations, external interventions, goal activations, resource allocations, model updates — against a structured governance policy document, enforces constraints, and produces cryptographically bound enforcement records.

Background

[0004] Phase-2 AIEP subsystems require a shared governance enforcement service to avoid redundant policy implementations with inconsistent semantics. Without a central enforcement engine, individual subsystems implement governance check independently, leading to divergent policy interpretations and governance gaps.

[0005] Governance enforcement in safety-critical AI architectures must be: universal (all actions evaluated, no exception paths); auditable (all decisions recorded); and deterministic (the same policy and the same inputs always produce the same enforcement decision).

Summary of the Invention

[0006] The invention provides a Safety Constraint and Governance Enforcement Engine (SCGEE) that serves as the single evaluation gate through which all Phase-2 system action proposals must pass. The engine accepts a proposed action record, evaluates it against the active governance policy specification, and returns one of three decisions: APPROVE, REJECT, or ESCALATE.

[0007] The governance policy is a structured document following the Governance Policy Language (P228) schema. Policy changes are version-controlled and hash-locked; the active policy version hash is embedded in every enforcement record.

[0008] Enforcement records are immutable evidence artefacts admitted to the AIEP evidence ledger. This ensures that every governance decision can be audited, replayed deterministically from the policy version in force at the time of the decision, and used as provenance for subsequent reasoning.

ASCII Architecture

Action Proposal (any Phase-2 subsystem)
          |
          v
+-----------------------------------------------+
| Safety Constraint & Governance Engine (SCGEE) |
|                                               |
|  1. Retrieve active policy (versioned)       |
|  2. Evaluate against policy rules            |
|  3. Apply constraint checks                  |
|  4. Produce enforcement decision             |
+-------------------+---------------------------+
          |               |             |
          v               v             v
       APPROVE          REJECT       ESCALATE
          |               |             |
          v               v             v
   Action proceeds   Rejection     Senior governance
   with approval     artefact      review / break-glass
   artefact          admitted      (P259)
   attached          to ledger
          |               |
          +-------+-------+
                  |
                  v
     Enforcement Record
     (immutable, policy version hash,
      deterministically replayable)

Definitions

[0009] Safety Constraint and Governance Enforcement Engine (SCGEE): The single evaluation gate through which all Phase-2 action proposals must pass before execution, applying the active versioned governance policy to produce an enforcement decision.

[0010] Governance Policy: A structured, version-controlled document defining permitted action classes, prohibited action classes, constraint rules, and escalation thresholds, expressed in the Governance Policy Language (P228) schema.

[0011] Enforcement Decision: One of three deterministic outcomes returned by the SCGEE for each evaluated action proposal: APPROVE, REJECT, or ESCALATE.

[0012] Enforcement Record: An immutable evidence artefact recording every enforcement decision, comprising: the action proposal hash, the evaluation outcome, the active governance policy version hash, the timestamp, and sufficient evaluation detail to enable deterministic replay.

[0013] Policy Version Hash: A cryptographic hash of the serialised governance policy document at a specific version, embedded in enforcement records to enable deterministic re-evaluation by referencing the exact policy in force at decision time.

Detailed Description

Universal Action Gating. [0014] The SCGEE is the single point of governance for all outgoing actions from Phase-2 subsystems. No action proposed by the Goal Formation Engine (P210), Tool Synthesis Engine (P211), Action Execution Engine (P206), or any other Phase-2 component may be executed without receiving an APPROVE decision from the SCGEE. This universality is structurally enforced: the Action Execution Engine (P206) will not dispatch any action to an external interface unless it presents a valid APPROVE enforcement record from the current policy version.

Policy Retrieval and Version Locking. [0015] On receipt of an action proposal, the SCGEE retrieves the currently active governance policy from the policy store. The policy version hash is recorded at the start of evaluation and is not permitted to change during evaluation (version lock). If the policy is updated while an evaluation is in progress, the in-progress evaluation continues under the prior version and the updated policy applies only from the next evaluation. This version-locking behaviour ensures that enforcement records are deterministically replayable.

Policy Evaluation. [0016] Policy evaluation proceeds in three sequential stages. First, the action class is identified by matching the proposal’s action type against the policy’s permitted and prohibited action class tables. Second, contextual constraint rules are applied: these are predicate expressions over the current world state (CWSG, P200), resource state (P213), and goal priority (P210). Third, if the action is a compound workflow (P211), the SCGEE evaluates each workflow step individually and also evaluates the full sequence as a unit, detecting unsafe compositions that only manifest across step boundaries.

Enforcement Decision and Record Admission. [0017] The outcome of policy evaluation is one of three decisions. APPROVE: the proposal fully complies with the active policy; an approval artefact is attached to the action for presentation to the Action Execution Engine. REJECT: the proposal violates one or more policy rules; a rejection artefact recording each violated rule is admitted to the evidence ledger and returned to the proposing subsystem. ESCALATE: the proposal requires authorisation beyond the policy’s automated scope (for example, novel action class or high-impact irreversible action); the proposal is forwarded to the governance escalation path (P259). All three outcomes generate an immutable enforcement record admitted to the evidence ledger.

Deterministic Replayability. [0018] Enforcement records are designed to be deterministically replayable. Given the same action proposal hash and the governance policy at the recorded version hash, evaluating the proposal against the same policy must produce the same enforcement decision. This property is verified in post-hoc audits by re-running evaluation against the policy version stored in the policy archive.

Technical Effect

[0019] The invention provides a universal, auditable, and deterministically replayable governance gate for multi-agent AI action execution. By requiring all Phase-2 actions to pass through a single, version-locked policy evaluation point, the system prevents action execution outside defined governance boundaries. By evaluating compound workflows as complete sequences as well as individual steps, the engine detects unsafe compositions that per-step evaluation cannot reveal. By ensuring that enforcement records are deterministically replayable, the system supports post-hoc governance audit and regulatory compliance.

Claims

1. A computer-implemented method for safety constraint and governance enforcement, the method comprising: (a) receiving an action proposal from any Phase-2 reasoning subsystem and retrieving the currently active versioned governance policy with policy version locking for the duration of evaluation; (b) evaluating the proposal in three sequential stages: action class identification against permitted and prohibited class tables, contextual constraint rule evaluation against current world state and resource state, and compound workflow evaluation as both individual steps and the full sequence; (c) producing a three-outcome enforcement decision: APPROVE, REJECT, or ESCALATE based on policy evaluation; (d) admitting an immutable enforcement record to the AIEP evidence ledger for every decision outcome, embedding the action proposal hash, evaluation outcome, and active policy version hash; and (e) forwarding ESCALATE decisions to the governance escalation path with the full evaluation detail attached.

2. The method of claim 1, wherein the Action Execution Engine will not dispatch any action to external interfaces without presenting a valid APPROVE enforcement record from the current policy version.

3. The method of claim 1, wherein policy version changes occurring during an in-progress evaluation do not alter the version applied to that evaluation, with the updated policy applying only from the next evaluation.

4. The method of claim 1, wherein enforcement records are deterministically replayable: given the same action proposal hash and the same policy version, re-evaluating the proposal produces the same enforcement decision.

5. The method of claim 1, wherein compound workflow proposals are evaluated both per-step and as a complete sequence to detect unsafe tool compositions that are only hazardous in combination.

6. A Safety Constraint and Governance Enforcement Engine comprising: one or more processors; memory storing a versioned policy store, enforcement record buffer, and escalation interface; wherein the processors are configured to execute the method of claim 1.

7. A non-transitory computer-readable medium storing instructions that, when executed by a processor, implement the method of claim 1.

Abstract

A safety constraint and governance enforcement engine for evidence-bound artificial intelligence serves as the universal evaluation gate through which all Phase-2 action proposals must pass before execution. The engine retrieves the current versioned governance policy, applies three-stage policy evaluation including compound workflow analysis, and produces APPROVE, REJECT, or ESCALATE decisions, each captured as an immutable enforcement record in the AIEP evidence ledger. Enforcement records embed the policy version hash enabling deterministic post-hoc audit replay. | 5. Admit enforcement record to ledger | +-------------------+---------------------------+ | APPROVE / REJECT / ESCALATE

---

## Detailed Description

[0008] **Policy Structure.** The governance policy follows the P228 schema with sections for: permitted action types and their parameter bounds; restricted action types requiring escalated authorisation; prohibited action categories; resource governance constraints; and safety constraint expressions evaluated against world state predicates.

[0009] **Evaluation Protocol.** For each action proposal, the SCGEE: (a) retrieves the active policy version; (b) matches the action type against the policy action categories; (c) evaluates any parameter bound constraints; (d) evaluates safety predicates against the current CWSG state; and (e) produces a decision with a structured justification.

[0010] **ESCALATE Decision.** Actions that match an ESCALATE condition — typically irreversible actions or actions with high novelty risk — are suspended and routed to an external authorisation mechanism. Escalated actions do not execute until authorisation is received.

[0011] **Policy Version Control.** Each enforcement record includes the policy version hash active at decision time. Policy changes may not retroactively alter the decision for any previously evaluated action. This ensures that audit records faithfully reconstruct the governance state at the time of each decision.

[0012] **Policy Update Protocol.** Policy updates are proposed as change records evaluated against a policy change governance rule set. Approved changes are admitted to the evidence ledger and the policy version incremented. All Phase-2 subsystems retrieve the active policy version on each evaluation cycle.

[0013] **Emergency Override Path (P259).** The governance break-glass override mechanism (P259) may suspend the SCGEE normal evaluation path under declared emergency conditions, routing control to a constrained emergency policy set. All break-glass activations are admitted as evidence artefacts.

---

## Claims

1. A safety constraint and governance enforcement engine for an evidence-bound reasoning architecture that evaluates all action proposals against a versioned governance policy.
2. The system of claim 1 wherein enforcement records are admitted as immutable evidence artefacts to the AIEP ledger.
3. The system of claim 1 wherein policy version hashes are embedded in every enforcement record.
4. The system of claim 1 wherein irreversible actions trigger an ESCALATE decision routing to external authorisation.
5. The system of claim 1 wherein policy updates are themselves governed through an evidence-bound change control mechanism.
6. The system of claim 1 wherein the engine serves as a shared evaluation service for all Phase-2 subsystems.