Decision Model Reference

The POST /v1/decide engine runs a deterministic pipeline. No learned weights, no randomness — the same inputs always produce the same output. This page documents the lookup tables that drive every decision.

This is the current V1 evaluator model. Thresholds may calibrate over time without changing the API contract.

Action severity ladder

All actions sit on a five-point severity scale. Interaction shift and confidence clamps move the final action up this ladder. It never moves down.

1proceed

→

2proceed_with_caution

→

3sandbox

→

4escalate_to_human

→

5deny

A routing table result of sandbox with a high-tier interaction shift of +1 produces escalate_to_human. Actions are capped at deny (severity 5).

Target state classifier

Evaluated in priority order A → E → D → C → B → F. First match wins. Score bands: low ≤39, medium 40–69, high ≥70. Confidence bands: low <0.55, medium 0.55–0.79, high ≥0.80.

State AClear Threat

Threat high, confidence strong.

State BHigh Anomaly

Deviation high, trust weak.

State CHigh Uncertainty

Sparse or low-confidence signals.

State DConflicting Signals

Strong trust and strong negative signals coexist.

State ESafe Known

Strong trust, low threat, low deviation.

State FMixed / Reviewable

No dominant safe or threat state.

Policy routing table

Base action before interaction shift. Rows = target state, columns = policy profile. Click any cell to trace the full evaluation path for that combination.

open

Tolerates novelty. Favors proceed_with_caution when risk is not material.

balanced

Default enterprise-safe posture with no directional bias.

strict

Sandboxes or escalates faster under ambiguity.

critical

Treats unknowns conservatively. Hardest on sensitive interactions.

State	Name	open	balanced	strict	critical
A	Clear Threat
B	High Anomaly
C	High Uncertainty
D	Conflicting Signals
E	Safe Known
F	Mixed / Reviewable

shift — moves the base action one or more steps stricter based on interaction tierclamp — prevents a harsher action when evidence confidence or uncertainty is insufficient

Click any cell to trace the full evaluation path for that state × policy combination.

Interaction tier

Sum kind score + mode score + sensitivity score. Total maps to tier: 1–2 = low, 3–4 = medium, 5–6 = high, 7+ = critical.

Interaction kind

navigate	+1
fetch	+1
enrich	+2
download_file	+3
submit_credentials	+4
initiate_payment	+5

Mode

read_only	+0
transactional	+1
privileged	+2

Sensitivity

low	+0
medium	+1
high	+2
critical	+3

Total score	Tier
1 – 2	low
3 – 4	medium
5 – 6	high
7+	critical

Interaction shift

The base action from the routing table is shifted up the severity ladder based on interaction tier.

Tier	Shift	Notes
low	+0	Base action unchanged.
medium	+0	Base action unchanged.
high	+1	One step up the severity ladder.
critical	+1 (State A: +2)	One step up; two steps for State A to force deny.

Confidence clamps

Terminal overrides applied after routing and shift. Evaluated in order; first matching clamp applies.

Clamp 1 — Low-confidence negatives cannot produce deny

If action is deny but max confidence across threat and deviation is below 0.70, downgrade to escalate_to_human.

deny is reserved for structurally strong negative evidence. Without that confidence, hard blocking is replaced by human escalation.

Clamp 2 — High uncertainty on high-risk interactions floors to escalate

If uncertainty = high AND tier is high or critical, floor the action at escalate_to_human.

High-stakes interactions under high evidence uncertainty always surface to a human, regardless of what the routing table returned.

End-to-end example

A credential-submission interaction against a structurally anomalous domain under balanced policy.

Target scores

trust28 / 100conf 0.71

threat62 / 100conf 0.68

deviation74 / 100conf 0.82

Interaction

kindsubmit_credentials

modeprivileged

sensitivitycritical

policybalanced

Pipeline trace

Target state — Deviation band = high (74), trust band = low (28), avg confidence = 0.74 (medium). Matches State B (High Anomaly).

Policy routing — State B × balanced = sandbox

Interaction tier — submit_credentials (4) + privileged (2) + critical (3) = 9 → critical tier

Interaction shift — Critical tier, State B (not A) → +1. sandbox→escalate_to_human

Confidence clamps — Action is not deny so Clamp 1 does not apply. Clamp 2: uncertainty is medium (not high) so floor does not trigger. No change.

Final decision

escalate_to_humanCredential submission against a high-deviation domain under critical interaction tier — automation should pause and surface to a human reviewer.

← Back to API Reference