Initial Syndicate Code launch

Status: shipped | Area: policy | Published: 2026-03-19

Control impact: Establishes core governance model: policy decisions, approval lifecycle, action normalization, and replayable event attribution.

This release establishes the Syndicate Code control plane as the authoritative system for governed AI-initiated code execution.

Core capabilities shipped

• Policy enforcement gate: All tool execution routes through control plane policy evaluation before side effects occur
• Approval binding: Approvals bind to exact normalized action arguments via SHA-256 digest; execution rejected when digest, scope, or expiry does not match
• Event attribution: Every significant state transition records actor identity, session context, approval ID, and policy version with hash chain for replay reconstruction
• Action normalization: Control plane normalizes tool call payloads for consistent comparison against approval records

Claim substantiation model

The product ships with explicit bounded claims:

• Each claim defines scope, exclusions, and failure conditions
• Claims link to proof records with verification procedures
• Source code references link to enforcing code in the control plane repository
• Claims marked as "planned" indicate structurally defined but unverified assertions

Boundary model

The control plane governs direct execution paths routed through the control plane API. The model does not claim:

• Enforcement of indirect execution paths (subprocesses outside tool boundaries)
• Policy evaluation in offline or degraded mode
• Universal secret detection (regex-based detection has known gaps)
• Kernel-level isolation (seccomp/cgroup)

Verified claims

Three Tier 1 claims have published proof records:

1. Policy enforcement: Demonstrated via policy gate trace showing deny before execution
2. Approval binding: Demonstrated via event envelope showing hash match
3. Event attribution: Demonstrated via event envelope structure with actor, approval ID, and hash chain