TG-POLICY-RESOLUTION
TrustGate Policy Resolution Engine
0. Identity
Depends on module:
1. Purpose
The TrustGate Policy Resolution Engine resolves the active policy context that governs a TrustGate assessment.
It determines which governance policies, tenant rules, assurance thresholds, replay obligations, federation constraints, and routing rules apply to a specific enriched and structurally validated TrustGate signal.
This engine does not calculate the final trust score and does not make the final accept/review/quarantine decision. Instead, it produces the authoritative policy context consumed by downstream engines, especially:
- Trust Scoring Engine
- Threshold Evaluation Engine
- Quarantine Manager
- Decision Engine
- Replay Engine
- DAL Anchor Engine
- Federation Export Engine
- AII Contribution Engine
The purpose of this separation is to ensure that policy resolution remains deterministic, auditable, replayable, and independently governable through FAGF and ZAR.
2. Position within TrustGate Runtime
Signal Parser
│
▼
Structure Validation
│
▼
Signal Normalizer
│
▼
Context Enrichment
│
▼
Rule Evaluation
│
▼
──────────────────────────────────────────
Policy Resolution Engine
──────────────────────────────────────────
│
▼
Trust Scoring
│
▼
Threshold Evaluation
│
▼
Decision Engine
The Policy Resolution Engine executes after the signal has been parsed, structurally validated, normalized, context-enriched, and evaluated against initial validation rules.
This placement ensures that policy selection has access to ECO Number, DID, tenant profile, jurisdiction, assurance tier, federation context, signal type, rule output, lineage context, replay context, DAL context, and applicable reporting framework.
3. Canonical Identity
| Property | Value |
|---|---|
| Engine Name | TrustGate Policy Resolution Engine |
| MEID | MEID_GOVERNANCE_POLICY_RESOLVER |
| CMI | vera.TG-POLICY.ENGINE.RESOLVER.1_0_0 |
| ZAR Code | TGPOL |
| KIND | ENGINE |
| Owner Module | Verification & Assurance |
| Runtime Tier | Tier-0 Assurance Runtime |
| Replay Support | Native |
| DAL Anchoring | Yes |
| Federation Aware | Yes |
| AI Assisted | Advisory only |
3.1. MEID to CMI Binding
MEID_GOVERNANCE_POLICY_RESOLVER
│
└── vera.TG-POLICY.ENGINE.RESOLVER.1_0_0
The MEID identifies the logical policy resolver. The CMI identifies this versioned implementation of that resolver.
4. Core Responsibilities
| Responsibility | Description |
|---|---|
| Governance Policy Resolution | Resolve active FAGF policy bundles applicable to the signal. |
| Tenant Policy Resolution | Resolve tenant-specific thresholds and overrides. |
| Jurisdiction Resolution | Apply region, country, and regulatory jurisdiction requirements. |
| Assurance Profile Resolution | Attach assurance-tier requirements and verifier obligations. |
| Replay Policy Resolution | Determine whether replay is mandatory, optional, or suppressed. |
| Federation Policy Resolution | Apply AFLE/EGFS federation exchange constraints. |
| Routing Policy Resolution | Produce policy hints for ZSSR and Decision Engine routing. |
| Conflict Detection | Detect incompatible policy bundles or stale versions. |
| Version Binding | Attach exact policy versions for replay and audit. |
| Evidence Preparation | Emit policy-resolution evidence for DAL and OARM. |
5. Non-Responsibilities
The Policy Resolution Engine SHALL NOT:
- calculate the trust score;
- execute the final decision;
- mutate incoming signal facts;
- overwrite governance policies;
- approve policy changes;
- resolve human disputes;
- execute replay;
- produce external attestations.
Those responsibilities belong to downstream engines, FAGF workflows, OARM, or AFLE.
6. Runtime Architecture
Enriched Signal
│
▼
Policy Resolution Engine
│
┌───────────────┼────────────────┐
▼ ▼ ▼
FAGF Policy Tenant Policy Federation Policy
Resolver Resolver Resolver
│ │ │
└───────────────┼────────────────┘
▼
Conflict Detector
│
▼
Policy Context Merger
│
▼
Resolved Policy Context
The engine is stateless. All policy state is retrieved from governed registries and versioned policy bundles.
7. Runtime Lifecycle
| Phase | Description |
|---|---|
| Receive | Accept enriched and validated TrustGate signal. |
| Identify Scope | Resolve ECO, tenant, jurisdiction, signal type, and assurance tier. |
| Load Governance Policies | Retrieve active FAGF policy bundle. |
| Load Tenant Policies | Retrieve tenant-specific overrides. |
| Load Federation Policies | Retrieve applicable EGFS/AFLE policies. |
| Load Replay Policies | Retrieve OARM replay requirements. |
| Merge Policies | Merge policies using deterministic precedence rules. |
| Detect Conflicts | Detect incompatible policies or stale versions. |
| Emit Context | Publish resolved policy context. |
| Record Evidence | Emit policy-resolution event for DAL/OARM. |
8. Policy Source Hierarchy
Policy resolution follows a strict source hierarchy.
| Priority | Source | Description |
|---|---|---|
| 1 | Regulatory Constraint | Mandatory legal or reporting requirement. |
| 2 | FAGF Global Policy | Federation-wide assurance governance. |
| 3 | Regional Policy | Jurisdiction or region-level requirements. |
| 4 | Assurance Tier Policy | Requirements based on assurance maturity or certification level. |
| 5 | Tenant Policy | Tenant-specific thresholds and routing behavior. |
| 6 | Signal-Type Policy | Rules specific to invoices, sensors, passports, attestations, etc. |
| 7 | AI Recommendation | Advisory-only policy hint from DSAIL. |
Lower-priority policies may narrow or strengthen requirements, but they SHALL NOT weaken mandatory higher-priority requirements.
9. Deterministic Merge Rules
The engine merges policy objects using deterministic precedence.
Regulatory
↓
FAGF
↓
Regional
↓
Assurance Tier
↓
Tenant
↓
Signal Type
↓
AI Advisory Hints
Conflict rule:
More restrictive policy wins unless explicitly overridden by an approved FAGF exception.
Examples:
| Conflict | Resolution |
|---|---|
| Tenant threshold = 0.75, FAGF threshold = 0.85 | Use 0.85 |
| Tenant replay optional, OARM replay mandatory | Replay mandatory |
| Regional export blocked, tenant export allowed | Export blocked |
| AI suggests auto-accept, policy requires review | Review required |
10. Policy Resolution Algorithm
function resolvePolicy(enriched_signal):
scope = resolveScope(enriched_signal)
regulatory_policy = loadRegulatoryPolicy(scope)
fagf_policy = loadFAGFPolicy(scope)
regional_policy = loadRegionalPolicy(scope)
assurance_policy = loadAssuranceTierPolicy(scope)
tenant_policy = loadTenantPolicy(scope)
signal_policy = loadSignalTypePolicy(scope)
ai_hints = loadAIAdvisoryHints(scope)
merged_policy = mergePolicies(
regulatory_policy,
fagf_policy,
regional_policy,
assurance_policy,
tenant_policy,
signal_policy,
ai_hints
)
conflicts = detectPolicyConflicts(merged_policy)
if conflicts.blocking:
emitPolicyConflict(conflicts)
return policy_resolution_failed(conflicts)
return resolved_policy_context(merged_policy)
The algorithm is deterministic and replayable. Identical input signal and identical policy versions SHALL produce identical resolved policy context.
11. Policy Scope Resolution
The engine determines scope before loading policies.
| Scope Dimension | Example |
|---|---|
| ECO Number | ECO-A123 |
| DID | did:zayaz:ECO-A123 |
| Tenant | tenant-ecoworld-demo |
| Region | EU |
| Jurisdiction | DK |
| Reporting Framework | ESRS |
| Signal Type | invoice.emissions.estimated |
| Assurance Tier | FAC-Gold |
| Federation Role | supplier |
| Data Classification | restricted |
Example scope object:
{
"eco_number": "ECO-A123",
"did": "did:zayaz:ECO-A123",
"tenant_id": "tenant-ecoworld-demo",
"region": "EU",
"jurisdiction": "DK",
"framework": "ESRS",
"signal_type": "invoice.emissions.estimated",
"assurance_tier": "FAC-Gold",
"federation_role": "supplier",
"classification": "restricted"
}
12. Policy Categories Resolved
| Category | Description |
|---|---|
| Trust Thresholds | Minimum trust levels for accept, review, quarantine. |
| Replay Requirements | Whether deterministic replay must be prepared or executed. |
| DAL Requirements | Whether anchoring is mandatory and at what stage. |
| Federation Requirements | Whether cross-ECO exchange is permitted. |
| Export Requirements | Whether EIF export is permitted. |
| AI Constraints | Whether AI hints may influence scoring or routing. |
| Manual Review Rules | Whether human review is required. |
| Data Residency Rules | Whether processing must remain within a region. |
| Retention Rules | Required retention period for evidence and replay artifacts. |
| Disclosure Rules | Whether the signal is eligible for disclosure contribution. |
13. Canonical Input
The engine consumes the enriched signal and rule evaluation output.
{
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"signal_type": "invoice.emissions.estimated",
"region": "EU",
"jurisdiction": "DK",
"assurance_tier": "FAC-Gold",
"classification": "restricted",
"rule_evaluation": {
"status": "passed",
"rules_checked": 42,
"rules_failed": 0
},
"lineage": {
"uso_id": "01JBF0X0ABCDEF1234567890AB",
"dal_anchor": "DAL-2026-001245"
}
}
14. Canonical Output
The engine produces a resolved policy context.
{
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"status": "resolved",
"policy_bundle": {
"fagf_policy": "FAGF.Policy.Assurance.Core.2_0_0",
"regional_policy": "FAGF.Policy.Region.EU.1_2_0",
"tenant_policy": "Tenant.Policy.EcoWorld.1_0_0",
"replay_policy": "OARM.Policy.Replay.Mandatory.1_0_0",
"federation_policy": "AFLE.Policy.Supplier.Exchange.1_0_0"
},
"effective_thresholds": {
"auto_accept": 0.90,
"auto_validate": 0.75,
"manual_review": 0.60,
"quarantine": 0.00
},
"requirements": {
"replay_required": true,
"dal_anchor_required": true,
"manual_review_required": false,
"federation_export_allowed": true,
"eif_export_allowed": false
},
"resolved_at": "2026-06-25T14:08:32Z"
}
15. CSI Contracts
15.1. Input CSIs
| CSI | Purpose |
|---|---|
comp.TG.INPUT.ENRICHED-SIGNAL.v1_0 | Enriched TrustGate signal. |
comp.TG.EVENT.RULE-EVALUATION.v1_0 | Rule evaluation result. |
comp.FAGF.INPUT.POLICY-BUNDLE.v1_0 | Governance policy bundle. |
comp.OARM.INPUT.REPLAY-POLICY.v1_0 | Replay policy profile. |
comp.AFLE.INPUT.FEDERATION-POLICY.v1_0 | Federation exchange policy. |
15.2. Output CSIs
| CSI | Purpose |
|---|---|
comp.TG.OUTPUT.RESOLVED-POLICY.v1_0 | Resolved effective policy context. |
comp.TG.EVENT.POLICY-RESOLVED.v1_0 | Policy resolution event. |
comp.TG.EVENT.POLICY-CONFLICT.v1_0 | Policy conflict event. |
comp.TG.EVENT.POLICY-STALENESS.v1_0 | Stale or deprecated policy detected. |
16. Runtime Events
16.1. Policy Resolved Event
{
"event_type": "trustgate.policy.resolved",
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"policy_versions": [
"FAGF.Policy.Assurance.Core.2_0_0",
"FAGF.Policy.Region.EU.1_2_0",
"OARM.Policy.Replay.Mandatory.1_0_0"
],
"timestamp": "2026-06-25T14:08:32Z"
}
16.2. Policy Conflict Event
{
"event_type": "trustgate.policy.conflict",
"policy_resolution_id": "TG-POL-2026-00001472",
"signal_id": "SIG-2026-00001472",
"severity": "blocking",
"conflict": {
"field": "federation_export_allowed",
"policy_a": "Regional.Policy.EU.RestrictedExport.1_0_0",
"policy_b": "Tenant.Policy.ExportAllowed.1_0_0",
"resolution": "regional_policy_wins"
},
"timestamp": "2026-06-25T14:08:32Z"
}
17. DAL Integration
The Policy Resolution Engine emits ledger candidates for finalized policy-resolution events.
Policy resolution evidence SHOULD be anchored when:
- the signal contributes to disclosure;
- replay is mandatory;
- federation exchange is enabled;
- manual review is required;
- policy conflict occurred;
- the decision later becomes part of an assurance report.
DAL candidate example:
{
"artifact_type": "TrustGatePolicyResolution",
"artifact_id": "TG-POL-2026-00001472",
"artifact_hash": "sha256:7c91...",
"engine_cmi": "vera.TG-POLICY.ENGINE.RESOLVER.1_0_0",
"meid": "MEID_GOVERNANCE_POLICY_RESOLVER",
"policy_versions": [
"FAGF.Policy.Assurance.Core.2_0_0",
"OARM.Policy.Replay.Mandatory.1_0_0"
]
}
18. Replay Behaviour
The engine is replay-native.
Replay requires:
- original enriched signal hash;
- exact policy bundle versions;
- exact tenant policy version;
- exact regional policy version;
- FAGF exception registry state;
- engine CMI;
- merge algorithm version.
Replay pass condition:
resolved_policy_context_hash == replay_resolved_policy_context_hash
Replay artifact example:
{
"replay_component": "TrustGatePolicyResolver",
"policy_resolution_id": "TG-POL-2026-00001472",
"input_hash": "sha256:a17b...",
"output_hash": "sha256:7c91...",
"engine_cmi": "vera.TG-POLICY.ENGINE.RESOLVER.1_0_0",
"replayable": true
}
19. Federation Behaviour
For federation-aware signals, the engine resolves the effective federation exchange policy.
Federation policy determines:
- whether trust attestations may be exported;
- whether AFLE exchange is permitted;
- whether DAL proof is required;
- whether ECO Number verification is mandatory;
- whether regional data residency constraints apply;
- whether buyer/supplier role policies apply.
Federation policy example:
{
"federation": {
"exchange_allowed": true,
"require_dal_proof": true,
"require_did_signature": true,
"data_residency": "EU",
"role": "supplier",
"policy_cmi": "AFLE.Policy.Supplier.Exchange.1_0_0"
}
}
20. AI Integration
DSAIL may provide advisory policy hints.
AI policy hints SHALL NOT override FAGF, regional, legal, replay, DAL, or federation requirements.
AI advisory example:
{
"ai_policy_hint": {
"source_model": "vera.DSAIL.MODEL.POLICY-HINT.1_0_0",
"recommendation": "increase_manual_review_sampling",
"confidence": 0.91,
"reason": "trust drift detected for supplier cohort"
}
}
Permitted AI influence:
| Area | AI Influence |
|---|---|
| Sampling Frequency | Advisory |
| Manual Review Priority | Advisory |
| Replay Frequency | Advisory |
| Trust Score Modifier | Advisory only |
| Legal/Regulatory Threshold | Not permitted |
| Federation Export Permission | Not permitted |
21. Error Handling
| Error Code | Description | Action |
|---|---|---|
| TG-POL-0001 | Missing FAGF policy bundle | Abort |
| TG-POL-0002 | Missing tenant policy | Use default policy |
| TG-POL-0003 | Stale policy version | Warn + continue if allowed |
| TG-POL-0004 | Policy conflict | Resolve or block |
| TG-POL-0005 | Regional policy unavailable | Abort for regulated signal |
| TG-POL-0006 | Federation policy unavailable | Disable federation export |
| TG-POL-0007 | Replay policy unavailable | Require replay by default |
Default behavior is conservative.
When policy state is uncertain, TrustGate SHALL prefer manual review, replay, or quarantine over automatic acceptance.
22. Security Model
The engine handles governance-sensitive data and therefore requires critical security controls.
| Control | Requirement |
|---|---|
| Authentication | mTLS + service identity |
| Authorization | Policy-read scope required |
| Policy Integrity | Policy bundles signed and ZAR registered |
| Replay Integrity | Policy versions immutable during replay |
| DAL Integrity | Policy-resolution events hashable |
| Tenant Isolation | Tenant policies isolated by tenant ID |
| Federation Security | DID and certificate validation required |
Policy bundle integrity MUST be verified before use.
23. Observability
Metrics emitted:
| Metric | Description |
|---|---|
trustgate_policy_resolutions_total | Total policy resolutions. |
trustgate_policy_conflicts_total | Total policy conflicts detected. |
trustgate_policy_stale_total | Stale policy versions detected. |
trustgate_policy_resolution_latency_ms | Resolution latency. |
trustgate_policy_cache_hit_ratio | Policy cache efficiency. |
trustgate_policy_abort_total | Aborted policy resolutions. |
24. Performance Targets
| Metric | Target |
|---|---|
| Average latency | < 30 ms |
| P95 latency | < 100 ms |
| P99 latency | < 250 ms |
| Cache hit ratio | > 95% |
| Policy conflict detection | 100% |
| Replay determinism | 100% |
25. Compliance Alignment
| Framework | Policy Resolution Role |
|---|---|
| CSRD | Ensures assurance policies are applied before disclosure. |
| ESRS | Applies data quality, review, and disclosure thresholds. |
| ISSB / IFRS S1-S2 | Supports governed financial sustainability disclosure controls. |
| ISO 14064-1 | Ensures verification requirements are attached to GHG data. |
| ISO 27001 | Enforces secure policy handling and runtime access controls. |
| EU AI Act | Ensures AI recommendations remain advisory and explainable. |
26. Developer Notes
Implementation guidance:
- Policy bundles MUST be immutable once approved.
- Effective policy context MUST include exact CMI references.
- Conflicts MUST never be silently ignored.
- Replay MUST load the historical policy versions used at original execution time.
- AI policy hints MUST be kept separate from mandatory policy requirements.
- Federation export must default to disabled when federation policy cannot be resolved.
- Tenant overrides may strengthen but never weaken regulatory or FAGF requirements.
27. Summary
The TrustGate Policy Resolution Engine converts the enriched TrustGate runtime object into a governance-aware assurance context by resolving all applicable policies, thresholds, replay obligations, federation rules, data residency constraints, AI restrictions, and decision prerequisites.
It ensures that every downstream TrustGate score and decision is evaluated under the correct governance state and can later be replayed, audited, verified, and defended.