- Action
- deploy.release
- Decision
- DENY
- Authority
- deploy-governance@v2
- Receipt
- verified
Illustrative sample - not live production activity.
PERMIT · DENY · SILENCE before irreversible execution
Every decision produces a signed receipt for audit and verification.
Financial services DENY High-Value Transfer £5M transfer prevented
Protected Actions
- Payments
- Credit decisions
- Fraud actions
- Model execution
Protected Assets
- Customer funds
- Transaction systems
- Credit infrastructure
- Fraud decision engines
Example Decision
DENY payment.transfer
surface: payments.wire
actor: treasury-agent
reason: authority threshold exceededOutcome prevented
£5M wire transfer prevented before settlement.
- Customer funds remained protected.
- Receipt signed and recorded.
Healthcare DENY Medical Record Export PHI export prevented
Protected Actions
- Diagnosis routing
- Patient data access
- Clinical automation
- Care pathway execution
Protected Assets
- Patient records
- PHI systems
- Clinical infrastructure
- Audit evidence stores
Example Decision
DENY patient.export
surface: clinical.data
actor: diagnostic-agent
reason: PHI boundary violationOutcome prevented
PHI export blocked before data leaves clinical boundary.
- Patient records remained inside authorized systems.
- Receipt signed and recorded.
Autonomous systems DENY Autonomous Control Command Unsafe actuation blocked
Protected Actions
- Robotics actuation
- Agent tool execution
- Industrial control
- Autonomous navigation
Protected Assets
- Production lines
- Safety interlocks
- OT controllers
- Human proximity zones
Example Decision
DENY actuator.commit
surface: robot.actuate
actor: factory-agent
reason: safety envelope breachedOutcome prevented
Unsafe actuation blocked before physical state change.
- Safety interlocks remained intact.
- Receipt signed and recorded.
Energy DENY Grid Control Override Grid modification prevented
Protected Actions
- Grid commands
- Control changes
- Infrastructure operations
- OT actuation
Protected Assets
- Substations
- Control networks
- Operational systems
- SCADA interfaces
Example Decision
DENY control.override
surface: grid.control
actor: grid-automation
reason: operator authority not satisfiedOutcome prevented
Unauthorized grid modification prevented before OT commit.
- Control networks remained in authorized state.
- Receipt signed and recorded.
Government DENY Cross-Boundary Data Transfer Cross-boundary transfer prevented
Protected Actions
- Classified data export
- Air-gapped deployment
- Defence programme operations
- Cross-domain transfer
Protected Assets
- Sovereign workloads
- National infrastructure
- Key material
- Air-gap boundaries
Example Decision
DENY data.exfiltrate
surface: sovereign.export
actor: ops-agent
reason: deployment zone policyOutcome prevented
Cross-boundary data transfer prevented before leaving sovereign enclave.
- National infrastructure boundaries enforced.
- Receipt signed and recorded.
Execution governance DENY Production Deployment Production deploy prevented
Protected Actions
- Policy resolution
- Runtime enforcement
- Receipt verification
- Fail-closed control
Protected Assets
- Receipt chain
- Investigation workspace
- Authority registry
- Audit trail integrity
Example Decision
DENY deploy.release
surface: deploy.release
actor: ci-agent
reason: production surface lockedOutcome prevented
Unauthorized production deploy prevented before release commit.
- Production surface remained locked.
- Cryptographic receipt recorded for audit.