Decision Model Reference

The POST /v1/decide engine runs a deterministic pipeline. No learned weights, no randomness — the same inputs always produce the same output. This page documents the lookup tables that drive every decision.

This is the current V1 evaluator model. Thresholds may calibrate over time without changing the API contract.

Action severity ladder

All actions sit on a five-point severity scale. Interaction shift and confidence clamps move the final action up this ladder. It never moves down.

1proceed

→

2proceed_with_caution

→

3sandbox

→

4escalate_to_human

→

5deny

A routing table result of sandbox with a high-tier interaction shift of +1 produces escalate_to_human. Actions are capped at deny (severity 5).

Interaction tier

Sum kind score + mode score + sensitivity score. Total maps to tier: 1–2 = low, 3–4 = medium, 5–6 = high, 7+ = critical.

Interaction kind

navigate	+1
fetch	+1
enrich	+2
download_file	+3
submit_credentials	+4
initiate_payment	+5

Mode

read_only	+0
transactional	+1
privileged	+2

Sensitivity

low	+0
medium	+1
high	+2
critical	+3

Total score	Tier
1 – 2	low
3 – 4	medium
5 – 6	high
7+	critical

Target state classifier

Evaluated in priority order A → E → D → C → B → F. First match wins. Score bands: low ≤39, medium 40–69, high ≥70. Confidence bands: low <0.55, medium 0.55–0.79, high ≥0.80.

State AClear Threat

Threat high, confidence strong.

State BHigh Anomaly

Deviation high, trust weak.

State CHigh Uncertainty

Sparse or low-confidence signals.

State DConflicting Signals

Strong trust and strong negative signals coexist.

State ESafe Known

Strong trust, low threat, low deviation.

State FMixed / Reviewable

No dominant safe or threat state.

Policy routing table

Base action before interaction shift. Rows = target state, columns = policy profile. Click any cell to trace the full evaluation path for that combination.

open

Tolerates novelty. Favors proceed_with_caution when risk is not material.

balanced

Default enterprise-safe posture with no directional bias.

strict

Sandboxes or escalates faster under ambiguity.

critical

Treats unknowns conservatively. Hardest on sensitive interactions.

State	Name	open	balanced	strict	critical
A	Clear Threat
B	High Anomaly
C	High Uncertainty
D	Conflicting Signals
E	Safe Known
F	Mixed / Reviewable

shift — moves the base action one or more steps stricter based on interaction tierclamp — prevents a harsher action when evidence confidence or uncertainty is insufficient

Click any cell to trace the full evaluation path for that state × policy combination.

Interaction shift

The base action from the routing table is shifted up the severity ladder based on interaction tier.

Tier	Shift	Notes
low	+0	Base action unchanged.
medium	+0	Base action unchanged.
high	+1	One step up the severity ladder.
critical	+1 (State A: +2)	One step up; two steps for State A to force deny.

Confidence clamps

Terminal overrides applied after routing and shift. Evaluated in order; first matching clamp applies.

Clamp 1 — Low-confidence negatives cannot produce deny

If action is deny but max confidence across threat and deviation is below 0.70, downgrade to escalate_to_human.

deny is reserved for structurally strong negative evidence. Without that confidence, hard blocking is replaced by human escalation.

Clamp 2 — High uncertainty on high-risk interactions floors to escalate

If uncertainty = high AND tier is high or critical, floor the action at escalate_to_human.

High-stakes interactions under high evidence uncertainty always surface to a human, regardless of what the routing table returned.

Temporal state

Every /v1/decide response includes a temporal_state block built from longitudinal domain history. This is a passive layer — it does not change the recommended action, but it adjusts risk context and is available to agents and human reviewers.

plain_english_summary

string

One sentence describing the domain's behavioural history. Safe to display directly.

"This domain has been stable and trustworthy across 6 checks today."

cohort_match_percentile

number | null

Percentage of all 162k+ scanned domains sharing this exact state. null on first observation.

50 → half of all scanned domains are in this state

observation_count

number

Total number of times this domain has been evaluated. Agents can use this as a trust signal — a domain seen 50 times is structurally different from one seen once.

transition_prob

number | null

Observed probability that a domain in the previous state transitions to this one. Sourced from the 162k Tranco baseline when available, global prior otherwise.

0.9457 (observed)

risk_multiplier

number

Float in [0.5, 2.5]. Applied by agents to weight the effective risk. Elevated on rapid state changes, rare transitions, or consistent high-threat signals. Reduced on stable, long-observed clean domains.

0.95 (stable clean domain, slight reduction)

changed_quickly

boolean

True when the domain changed state within the last 7 days. A sudden shift from clean to high-threat is a strong phishing signal.

false

Demo playground scans are anonymous (no user ID). History is scoped per user on authenticated /v1/decide calls so cross-tenant history bleed is prevented.

End-to-end example

A credential-submission interaction against a structurally anomalous domain under balanced policy.

Target scores

trust28 / 100conf 0.71

threat62 / 100conf 0.68

deviation74 / 100conf 0.82

Interaction

kindsubmit_credentials

modeprivileged

sensitivitycritical

policybalanced

Pipeline trace

Target state — Deviation band = high (74), trust band = low (28), avg confidence = 0.74 (medium). Matches State B (High Anomaly).

Policy routing — State B × balanced = sandbox

Interaction tier — submit_credentials (4) + privileged (2) + critical (3) = 9 → critical tier

Interaction shift — Critical tier, State B (not A) → +1. sandbox→escalate_to_human

Confidence clamps — Action is not deny so Clamp 1 does not apply. Clamp 2: uncertainty is medium (not high) so floor does not trigger. No change.

Final decision

escalate_to_humanCredential submission against a high-deviation domain under critical interaction tier — automation should pause and surface to a human reviewer.

← Back to API Reference