What is Syndicate Code?

Definition

Syndicate Code is an approval-gated AI code execution control plane. It requires human approval before AI-initiated actions execute and records append-only audit events for every approval, denial, and execution. The control plane evaluates whether execution is permitted; it does not execute actions itself and does not guarantee that execution cannot occur outside its boundary.

Category

Syndicate Code belongs to the category of AI execution control planes—systems that sit at the trust boundary between AI-proposed actions and their execution, with human authorization and attributable audit trails.

How it works

1. AI proposes: The AI planner proposes an action with specific arguments.
2. Control plane receives: The control plane receives the proposed request and evaluates applicable policy.
3. Human reviews: A human reviews the exact arguments and approves or denies the request. The human may also modify arguments before approving.
4. Arguments bound: If approved, the request is bound to a SHA-256 digest of the normalized arguments.
5. Execution gated: Execution is permitted only if the submitted arguments normalize to the approved digest.
6. Event recorded: Every decision and state transition is recorded in an append-only event log.

Syndicate Code is not:

• Not an AI coding assistant—it does not generate code autonomously.
• Not a sandbox—it does not isolate runtime execution.
• Not a security product—it does not prevent all dangerous actions.
• Not a monitoring tool—it requires approval before execution, not just observation afterward.
• Not a guarantee of out-of-bound execution prevention—execution that occurs outside the control plane boundary is not governed by it.
• Not a consultancy—it is a software product, not a service engagement.

What Syndicate Code is:

• An approval-gated execution control plane—human approval is required before AI-initiated actions execute.
• An argument-bound approval system—approvals bind to the SHA-256 digest of exact arguments, not to prompts or intent.
• An append-only, cryptographically chained audit trail—every approval, denial, and execution is recorded. The event log uses SHA-256 hash chaining (previous_event_hash → event_hash) that creates a tamper-evident chain; modifications to recorded events are detectable via chain integrity verification. The append-only constraint is enforced at the application layer (no UPDATE/DELETE on the event table except by explicit retention archival) and the hash chain detects any such tampering.
• A policy evaluation layer—trust tiers determine which actions require approval (tier1) versus which are automatically denied (tier3). All tiers require human approval.

Failure modes

• Control plane unavailable: Execution requests cannot be routed. Execution is denied until the control plane is reachable.
• Execution outside control plane boundary: Actions executed without routing through the control plane are not governed. Syndicate Code does not guarantee that execution cannot occur outside its boundary.
• Policy misconfiguration: Incorrect policy rules may result in approvals or denials that do not reflect intended governance.
• Argument normalization divergence: If submitted arguments normalize differently than approved arguments, the digest will not match and execution will be denied. This may also indicate a tooling or replay attack vector.

See also

• Product claims — explicit guarantees with scope and exclusions
• How it works — technical explanation of approval binding