Skip to main content
Jira progress: loading…

TG-POLICY-RESOLUTION

TrustGate Policy Resolution Engine

0. Identity

Loading identity…

Depends on module:

Decision-grade verification and assurance domain that orchestrates verifier workflows, evidence handling, trust scoring, audit trails, and assurance packaging across CSRD/ESRS and other frameworks. Enables third-party sign-off, dispute handling, and assurance-ready disclosure outputs with replayable provenance.
Domain:
assurance-verification
Category:
trust-assurance
Classification:
module
Lifecycle status:
active
Semver:
1.0.0
Introduced in:
v0.3
Governance
AI risk level:
high
Trust threshold:
0.97
Human review required:
true
Verifier involved:
true
Audit required:
true
Ownership
Primary owner:
Platform
Architecture board:
true
White-label allowed:
true
Entrypoints
Docs:
/verification-assurance
UI:
/app/assurance
API:
/api/assurance
Dependencies
Modules
  • sis
  • input-hub
  • reports-insights-hub
  • zara
  • zaam
Unresolved tokens
  • ALTD
  • DAL
  • EvidenceVault
  • StripeConnect
  • TruliooKYB
  • TrustGate
  • VTE
  • VerifierWorkflowEngine
Engines (declared)
  • VerifierWorkflowEngine
  • DaVE
  • VTE
  • DICE
  • EvidenceVault
  • ALTD
  • DAL
  • TrustGate
  • StripeConnect
  • TruliooKYB
  • AISIM
Micro-engines (from registry)
None
Micro-engines (declared)
None
Signals
USO
  • ASSURANCE.VERIFICATION
  • ASSURANCE.EVIDENCE
  • ASSURANCE.SIGNOFF
  • AUDIT.LINEAGE
  • GOVERNANCE.TRUST
  • IDENTITY.VERIFIER
  • PAYMENT.ESCROW
CSI
  • CSI_VERIFICATION_ASSURANCE
SSSR tags
  • assurance
  • verification
  • verifiers
  • evidence
  • signoff
  • trust-score
  • audit
  • tamper-detection
  • blockchain
  • rfp
  • disputes
  • escrow
  • stripe-connect
Workflows & Outputs
Workflows
  • VerifierOnboardingAndQualification
  • AssuranceRFPAndProposalFlow
  • EvidenceRequestAndCollection
  • EvidenceValidationAndScoring
  • TrustScoreComputationAndPropagation
  • VerifierReviewAndCommenting
  • IssueFlaggingAndDisputeResolution
  • VerifierSignOffAndStamping
  • AssurancePackagingForReports
  • PaymentEscrowAndPayoutOrchestration
Outputs
  • verifier_profiles
  • assurance_requests
  • evidence_packages
  • validation_findings
  • trust_score_updates
  • signoff_stamps
  • assurance_ready_disclosure_packages
  • payment_events
Audit
Ledger:
ALTD
Replay supported:
true
PII policy:
controlled_pii_outside_omr
Tags

1. Purpose

The TrustGate Policy Resolution Engine resolves the active policy context that governs a TrustGate assessment.

It determines which governance policies, tenant rules, assurance thresholds, replay obligations, federation constraints, and routing rules apply to a specific enriched and structurally validated TrustGate signal.

This engine does not calculate the final trust score and does not make the final accept/review/quarantine decision. Instead, it produces the authoritative policy context consumed by downstream engines, especially:

  • Trust Scoring Engine
  • Threshold Evaluation Engine
  • Quarantine Manager
  • Decision Engine
  • Replay Engine
  • DAL Anchor Engine
  • Federation Export Engine
  • AII Contribution Engine

The purpose of this separation is to ensure that policy resolution remains deterministic, auditable, replayable, and independently governable through FAGF and ZAR.


2. Position within TrustGate Runtime

Signal Parser


Structure Validation


Signal Normalizer


Context Enrichment


Rule Evaluation


──────────────────────────────────────────
Policy Resolution Engine
──────────────────────────────────────────


Trust Scoring


Threshold Evaluation


Decision Engine

The Policy Resolution Engine executes after the signal has been parsed, structurally validated, normalized, context-enriched, and evaluated against initial validation rules.

This placement ensures that policy selection has access to ECO Number, DID, tenant profile, jurisdiction, assurance tier, federation context, signal type, rule output, lineage context, replay context, DAL context, and applicable reporting framework.


3. Canonical Identity

PropertyValue
Engine NameTrustGate Policy Resolution Engine
MEIDMEID_GOVERNANCE_POLICY_RESOLVER
CMIvera.TG-POLICY.ENGINE.RESOLVER.1_0_0
ZAR CodeTGPOL
KINDENGINE
Owner ModuleVerification & Assurance
Runtime TierTier-0 Assurance Runtime
Replay SupportNative
DAL AnchoringYes
Federation AwareYes
AI AssistedAdvisory only

3.1. MEID to CMI Binding

MEID_GOVERNANCE_POLICY_RESOLVER

└── vera.TG-POLICY.ENGINE.RESOLVER.1_0_0

The MEID identifies the logical policy resolver. The CMI identifies this versioned implementation of that resolver.


4. Core Responsibilities

ResponsibilityDescription
Governance Policy ResolutionResolve active FAGF policy bundles applicable to the signal.
Tenant Policy ResolutionResolve tenant-specific thresholds and overrides.
Jurisdiction ResolutionApply region, country, and regulatory jurisdiction requirements.
Assurance Profile ResolutionAttach assurance-tier requirements and verifier obligations.
Replay Policy ResolutionDetermine whether replay is mandatory, optional, or suppressed.
Federation Policy ResolutionApply AFLE/EGFS federation exchange constraints.
Routing Policy ResolutionProduce policy hints for ZSSR and Decision Engine routing.
Conflict DetectionDetect incompatible policy bundles or stale versions.
Version BindingAttach exact policy versions for replay and audit.
Evidence PreparationEmit policy-resolution evidence for DAL and OARM.

5. Non-Responsibilities

The Policy Resolution Engine SHALL NOT:

  • calculate the trust score;
  • execute the final decision;
  • mutate incoming signal facts;
  • overwrite governance policies;
  • approve policy changes;
  • resolve human disputes;
  • execute replay;
  • produce external attestations.

Those responsibilities belong to downstream engines, FAGF workflows, OARM, or AFLE.


6. Runtime Architecture

                Enriched Signal


Policy Resolution Engine

┌───────────────┼────────────────┐
▼ ▼ ▼
FAGF Policy Tenant Policy Federation Policy
Resolver Resolver Resolver
│ │ │
└───────────────┼────────────────┘

Conflict Detector


Policy Context Merger


Resolved Policy Context

The engine is stateless. All policy state is retrieved from governed registries and versioned policy bundles.


7. Runtime Lifecycle

PhaseDescription
ReceiveAccept enriched and validated TrustGate signal.
Identify ScopeResolve ECO, tenant, jurisdiction, signal type, and assurance tier.
Load Governance PoliciesRetrieve active FAGF policy bundle.
Load Tenant PoliciesRetrieve tenant-specific overrides.
Load Federation PoliciesRetrieve applicable EGFS/AFLE policies.
Load Replay PoliciesRetrieve OARM replay requirements.
Merge PoliciesMerge policies using deterministic precedence rules.
Detect ConflictsDetect incompatible policies or stale versions.
Emit ContextPublish resolved policy context.
Record EvidenceEmit policy-resolution event for DAL/OARM.

8. Policy Source Hierarchy

Policy resolution follows a strict source hierarchy.

PrioritySourceDescription
1Regulatory ConstraintMandatory legal or reporting requirement.
2FAGF Global PolicyFederation-wide assurance governance.
3Regional PolicyJurisdiction or region-level requirements.
4Assurance Tier PolicyRequirements based on assurance maturity or certification level.
5Tenant PolicyTenant-specific thresholds and routing behavior.
6Signal-Type PolicyRules specific to invoices, sensors, passports, attestations, etc.
7AI RecommendationAdvisory-only policy hint from DSAIL.

Lower-priority policies may narrow or strengthen requirements, but they SHALL NOT weaken mandatory higher-priority requirements.


9. Deterministic Merge Rules

The engine merges policy objects using deterministic precedence.

Regulatory

FAGF

Regional

Assurance Tier

Tenant

Signal Type

AI Advisory Hints

Conflict rule:

More restrictive policy wins unless explicitly overridden by an approved FAGF exception.

Examples:

ConflictResolution
Tenant threshold = 0.75, FAGF threshold = 0.85Use 0.85
Tenant replay optional, OARM replay mandatoryReplay mandatory
Regional export blocked, tenant export allowedExport blocked
AI suggests auto-accept, policy requires reviewReview required

10. Policy Resolution Algorithm

function resolvePolicy(enriched_signal):

scope = resolveScope(enriched_signal)

regulatory_policy = loadRegulatoryPolicy(scope)
fagf_policy = loadFAGFPolicy(scope)
regional_policy = loadRegionalPolicy(scope)
assurance_policy = loadAssuranceTierPolicy(scope)
tenant_policy = loadTenantPolicy(scope)
signal_policy = loadSignalTypePolicy(scope)
ai_hints = loadAIAdvisoryHints(scope)

merged_policy = mergePolicies(
regulatory_policy,
fagf_policy,
regional_policy,
assurance_policy,
tenant_policy,
signal_policy,
ai_hints
)

conflicts = detectPolicyConflicts(merged_policy)

if conflicts.blocking:
emitPolicyConflict(conflicts)
return policy_resolution_failed(conflicts)

return resolved_policy_context(merged_policy)

The algorithm is deterministic and replayable. Identical input signal and identical policy versions SHALL produce identical resolved policy context.


11. Policy Scope Resolution

The engine determines scope before loading policies.

Scope DimensionExample
ECO NumberECO-A123
DIDdid:zayaz:ECO-A123
Tenanttenant-ecoworld-demo
RegionEU
JurisdictionDK
Reporting FrameworkESRS
Signal Typeinvoice.emissions.estimated
Assurance TierFAC-Gold
Federation Rolesupplier
Data Classificationrestricted

Example scope object:

{
"eco_number": "ECO-A123",
"did": "did:zayaz:ECO-A123",
"tenant_id": "tenant-ecoworld-demo",
"region": "EU",
"jurisdiction": "DK",
"framework": "ESRS",
"signal_type": "invoice.emissions.estimated",
"assurance_tier": "FAC-Gold",
"federation_role": "supplier",
"classification": "restricted"
}

12. Policy Categories Resolved

CategoryDescription
Trust ThresholdsMinimum trust levels for accept, review, quarantine.
Replay RequirementsWhether deterministic replay must be prepared or executed.
DAL RequirementsWhether anchoring is mandatory and at what stage.
Federation RequirementsWhether cross-ECO exchange is permitted.
Export RequirementsWhether EIF export is permitted.
AI ConstraintsWhether AI hints may influence scoring or routing.
Manual Review RulesWhether human review is required.
Data Residency RulesWhether processing must remain within a region.
Retention RulesRequired retention period for evidence and replay artifacts.
Disclosure RulesWhether the signal is eligible for disclosure contribution.

13. Canonical Input

The engine consumes the enriched signal and rule evaluation output.

{
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"signal_type": "invoice.emissions.estimated",
"region": "EU",
"jurisdiction": "DK",
"assurance_tier": "FAC-Gold",
"classification": "restricted",
"rule_evaluation": {
"status": "passed",
"rules_checked": 42,
"rules_failed": 0
},
"lineage": {
"uso_id": "01JBF0X0ABCDEF1234567890AB",
"dal_anchor": "DAL-2026-001245"
}
}

14. Canonical Output

The engine produces a resolved policy context.

{
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"status": "resolved",
"policy_bundle": {
"fagf_policy": "FAGF.Policy.Assurance.Core.2_0_0",
"regional_policy": "FAGF.Policy.Region.EU.1_2_0",
"tenant_policy": "Tenant.Policy.EcoWorld.1_0_0",
"replay_policy": "OARM.Policy.Replay.Mandatory.1_0_0",
"federation_policy": "AFLE.Policy.Supplier.Exchange.1_0_0"
},
"effective_thresholds": {
"auto_accept": 0.90,
"auto_validate": 0.75,
"manual_review": 0.60,
"quarantine": 0.00
},
"requirements": {
"replay_required": true,
"dal_anchor_required": true,
"manual_review_required": false,
"federation_export_allowed": true,
"eif_export_allowed": false
},
"resolved_at": "2026-06-25T14:08:32Z"
}

15. CSI Contracts

15.1. Input CSIs

CSIPurpose
comp.TG.INPUT.ENRICHED-SIGNAL.v1_0Enriched TrustGate signal.
comp.TG.EVENT.RULE-EVALUATION.v1_0Rule evaluation result.
comp.FAGF.INPUT.POLICY-BUNDLE.v1_0Governance policy bundle.
comp.OARM.INPUT.REPLAY-POLICY.v1_0Replay policy profile.
comp.AFLE.INPUT.FEDERATION-POLICY.v1_0Federation exchange policy.

15.2. Output CSIs

CSIPurpose
comp.TG.OUTPUT.RESOLVED-POLICY.v1_0Resolved effective policy context.
comp.TG.EVENT.POLICY-RESOLVED.v1_0Policy resolution event.
comp.TG.EVENT.POLICY-CONFLICT.v1_0Policy conflict event.
comp.TG.EVENT.POLICY-STALENESS.v1_0Stale or deprecated policy detected.

16. Runtime Events

16.1. Policy Resolved Event

{
"event_type": "trustgate.policy.resolved",
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"policy_versions": [
"FAGF.Policy.Assurance.Core.2_0_0",
"FAGF.Policy.Region.EU.1_2_0",
"OARM.Policy.Replay.Mandatory.1_0_0"
],
"timestamp": "2026-06-25T14:08:32Z"
}

16.2. Policy Conflict Event

{
"event_type": "trustgate.policy.conflict",
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"severity": "blocking",
"conflict": {
"field": "federation_export_allowed",
"policy_a": "Regional.Policy.EU.RestrictedExport.1_0_0",
"policy_b": "Tenant.Policy.ExportAllowed.1_0_0",
"resolution": "regional_policy_wins"
},
"timestamp": "2026-06-25T14:08:32Z"
}

17. DAL Integration

The Policy Resolution Engine emits ledger candidates for finalized policy-resolution events.

Policy resolution evidence SHOULD be anchored when:

  • the signal contributes to disclosure;
  • replay is mandatory;
  • federation exchange is enabled;
  • manual review is required;
  • policy conflict occurred;
  • the decision later becomes part of an assurance report.

DAL candidate example:

{
"artifact_type": "TrustGatePolicyResolution",
"artifact_id": "TG-POL-2026-00001472",
"artifact_hash": "sha256:7c91...",
"engine_cmi": "vera.TG-POLICY.ENGINE.RESOLVER.1_0_0",
"meid": "MEID_GOVERNANCE_POLICY_RESOLVER",
"policy_versions": [
"FAGF.Policy.Assurance.Core.2_0_0",
"OARM.Policy.Replay.Mandatory.1_0_0"
]
}

18. Replay Behaviour

The engine is replay-native.

Replay requires:

  • original enriched signal hash;
  • exact policy bundle versions;
  • exact tenant policy version;
  • exact regional policy version;
  • FAGF exception registry state;
  • engine CMI;
  • merge algorithm version.

Replay pass condition:

resolved_policy_context_hash == replay_resolved_policy_context_hash

Replay artifact example:

{
"replay_component": "TrustGatePolicyResolver",
"policy_resolution_id": "TG-POL-2026-00001472",
"input_hash": "sha256:a17b...",
"output_hash": "sha256:7c91...",
"engine_cmi": "vera.TG-POLICY.ENGINE.RESOLVER.1_0_0",
"replayable": true
}

19. Federation Behaviour

For federation-aware signals, the engine resolves the effective federation exchange policy.

Federation policy determines:

  • whether trust attestations may be exported;
  • whether AFLE exchange is permitted;
  • whether DAL proof is required;
  • whether ECO Number verification is mandatory;
  • whether regional data residency constraints apply;
  • whether buyer/supplier role policies apply.

Federation policy example:

{
"federation": {
"exchange_allowed": true,
"require_dal_proof": true,
"require_did_signature": true,
"data_residency": "EU",
"role": "supplier",
"policy_cmi": "AFLE.Policy.Supplier.Exchange.1_0_0"
}
}

20. AI Integration

DSAIL may provide advisory policy hints.

AI policy hints SHALL NOT override FAGF, regional, legal, replay, DAL, or federation requirements.

AI advisory example:

{
"ai_policy_hint": {
"source_model": "vera.DSAIL.MODEL.POLICY-HINT.1_0_0",
"recommendation": "increase_manual_review_sampling",
"confidence": 0.91,
"reason": "trust drift detected for supplier cohort"
}
}

Permitted AI influence:

AreaAI Influence
Sampling FrequencyAdvisory
Manual Review PriorityAdvisory
Replay FrequencyAdvisory
Trust Score ModifierAdvisory only
Legal/Regulatory ThresholdNot permitted
Federation Export PermissionNot permitted

21. Error Handling

Error CodeDescriptionAction
TG-POL-0001Missing FAGF policy bundleAbort
TG-POL-0002Missing tenant policyUse default policy
TG-POL-0003Stale policy versionWarn + continue if allowed
TG-POL-0004Policy conflictResolve or block
TG-POL-0005Regional policy unavailableAbort for regulated signal
TG-POL-0006Federation policy unavailableDisable federation export
TG-POL-0007Replay policy unavailableRequire replay by default

Default behavior is conservative.

When policy state is uncertain, TrustGate SHALL prefer manual review, replay, or quarantine over automatic acceptance.


22. Security Model

The engine handles governance-sensitive data and therefore requires critical security controls.

ControlRequirement
AuthenticationmTLS + service identity
AuthorizationPolicy-read scope required
Policy IntegrityPolicy bundles signed and ZAR registered
Replay IntegrityPolicy versions immutable during replay
DAL IntegrityPolicy-resolution events hashable
Tenant IsolationTenant policies isolated by tenant ID
Federation SecurityDID and certificate validation required

Policy bundle integrity MUST be verified before use.


23. Observability

Metrics emitted:

MetricDescription
trustgate_policy_resolutions_totalTotal policy resolutions.
trustgate_policy_conflicts_totalTotal policy conflicts detected.
trustgate_policy_stale_totalStale policy versions detected.
trustgate_policy_resolution_latency_msResolution latency.
trustgate_policy_cache_hit_ratioPolicy cache efficiency.
trustgate_policy_abort_totalAborted policy resolutions.

24. Performance Targets

MetricTarget
Average latency< 30 ms
P95 latency< 100 ms
P99 latency< 250 ms
Cache hit ratio> 95%
Policy conflict detection100%
Replay determinism100%

25. Compliance Alignment

FrameworkPolicy Resolution Role
CSRDEnsures assurance policies are applied before disclosure.
ESRSApplies data quality, review, and disclosure thresholds.
ISSB / IFRS S1-S2Supports governed financial sustainability disclosure controls.
ISO 14064-1Ensures verification requirements are attached to GHG data.
ISO 27001Enforces secure policy handling and runtime access controls.
EU AI ActEnsures AI recommendations remain advisory and explainable.

26. Developer Notes

Implementation guidance:

  • Policy bundles MUST be immutable once approved.
  • Effective policy context MUST include exact CMI references.
  • Conflicts MUST never be silently ignored.
  • Replay MUST load the historical policy versions used at original execution time.
  • AI policy hints MUST be kept separate from mandatory policy requirements.
  • Federation export must default to disabled when federation policy cannot be resolved.
  • Tenant overrides may strengthen but never weaken regulatory or FAGF requirements.

27. Summary

The TrustGate Policy Resolution Engine converts the enriched TrustGate runtime object into a governance-aware assurance context by resolving all applicable policies, thresholds, replay obligations, federation rules, data residency constraints, AI restrictions, and decision prerequisites.

It ensures that every downstream TrustGate score and decision is evaluated under the correct governance state and can later be replayed, audited, verified, and defended.




GitHub RepoRequest for Change (RFC)