HAARF — Healthcare AI Agents Regulatory Framework · v1.0
HAARF — Healthcare AI Agents Regulatory Framework
HAARF — Healthcare AI Agents Regulatory Framework — 97% covered.
279 requirements · 262 enforced · 15 designed · 0 advisory · 2 deferred.
Source: medrxiv 10.64898/2026.04.09.26350519v1 · License: CC-BY-SA-4.0
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| C1 Unified Risk & Lifecycle Assessment | 30 | 29 | 1 | 0 | 0 | 98% |
| C2 Model Passport & Provenance | 34 | 34 | 0 | 0 | 0 | 100% |
| C3 Cybersecurity for AI Agents | 35 | 33 | 2 | 0 | 0 | 97% |
| C4 Human Oversight & Accountability | 38 | 33 | 4 | 0 | 1 | 92% |
| C5 Agent Registration & Identity | 30 | 26 | 4 | 0 | 0 | 93% |
| C6 Autonomy Governance | 35 | 35 | 0 | 0 | 0 | 100% |
| C7 Bias, Equity & Fairness | 35 | 32 | 2 | 0 | 1 | 94% |
| C8 Tool Use & Integration Security | 42 | 40 | 2 | 0 | 0 | 98% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
haarf.C1.1.1 |
Three-factor risk assessment (autonomy × consequence × population) | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.evidence.decision_map.v1engines: internal, internalagents: internalworkers: kye-risk-agentconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.2 |
Autonomy-level classification (advisory → fully autonomous) | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.authority.grant.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.3 |
Consequence-tier classification (reversible → irreversible / safety-critical) | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.decision.commit_boundary.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.4 |
Population-impact classification (single patient → cohort → population) | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.5 |
Pre-deployment risk register entry | enforced | audit_events: kye.assurance.risk_register.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.6 |
Lifecycle stage gating (design → train → validate → deploy → monitor → retire) | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.assurance.review_cycle.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.7 |
Pre-deployment threat model | enforced | audit_events: kye.assurance.threat_model.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.8 |
Independent risk review | enforced | audit_events: kye.assurance.internal_audit.v1, kye.assurance.audit_pilot.v1agents: internalworkers: kye-audit-pilot-agentconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C1.1.9 |
Periodic risk re-assessment (≤90 days) | enforced | schemas: kye.compliance.attestation.v1audit_events: kye.compliance.attestation.v1, kye.assurance.risk_assessment.v1engines: internalworkers: kye-compliance-card-refreshconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.10 |
Risk re-assessment on material change | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.resilience.drift.detected.v1engines: internal, internalworkers: kye-drift-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.11 |
Risk-tiered approval modes (auto / single / two-person / two-person+legal) | enforced | audit_events: kye.decision.record.v1engines: internal, internalgovernedui_modules: kye.governedui.module.action_approval.v1, kye.governedui.module.approval_queue.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C1.1.12 |
Risk-tiered authority scope minimisation | enforced | audit_events: kye.authority.grant.v1, kye.purpose.scope.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C1.1.13 |
Risk register WORM persistence | enforced | schemas: kye.audit.event.v1audit_events: kye.assurance.risk_register.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C1.1.14 |
Pre-clinical-deployment red-team | enforced | audit_events: kye.assurance.threat_model.v1engines: internal, internalagents: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.15 |
Sub-population fairness pre-check | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C1.1.16 |
Risk classification for AI-as-medical-device class | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internal, internaldictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.17 |
Lifecycle stage transition evidence pack | enforced | audit_events: kye.evidence.pack.v1, kye.assurance.adoption_stage.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.18 |
Decommissioning plan attached to every agent | designed | audit_events: kye.assurance.risk_register.v1constitution_refs: constitution/14-AGENTS-AND-ENGINES.mdregistries: internal |
haarf.C1.1.19 |
Retirement triggers (drift / failure / breach / regulatory) | enforced | audit_events: kye.resilience.drift.detected.v1, kye.resilience.intent_drift.v1engines: internal, internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.20 |
Risk register publication to regulators on demand | enforced | audit_events: kye.evidence.pack.v1, kye.report.quarterly_drift.v1engines: internal, internalworkers: kye-oscal-exporterconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C1.1.21 |
Risk-acceptance sign-off by accountable executive | enforced | audit_events: kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C1.1.22 |
Risk-budget envelope per agent | enforced | audit_events: kye.authority.grant.v1, kye.assurance.risk_assessment.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C1.1.23 |
Lifecycle audit trail end-to-end | enforced | schemas: kye.audit.event.v1audit_events: kye.audit.event.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C1.1.24 |
Risk-class governance differential (low vs high) | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalworkers: kye-rules-gateway-workerdictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.25 |
Risk-disclosure to clinical end-user | enforced | audit_events: kye.consent.receipt.v1, kye.consent.acceptance.v1engines: internalcomms_templates: expert-review.brief.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C1.1.26 |
Population-level risk reporting cadence | enforced | audit_events: kye.report.quarterly_drift.v1, kye.report.monthly_decision_summary.v1engines: internalworkers: kye-reporting-workerconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C1.1.27 |
Risk-assessment replay-proof | enforced | audit_events: kye.evidence.replay_proof.v1, kye.replay.context_seal.v1engines: internalworkers: kye-replay-proof-generatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.28 |
Sector-specific risk extensions (healthcare) | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C1.1.29 |
Risk re-classification on safety-critical update | enforced | audit_events: kye.resilience.drift.detected.v1, kye.assurance.risk_assessment.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C1.1.30 |
Cross-tenant risk-class isolation | enforced | audit_events: kye.authority.grant.v1engines: internal, internalworkers: kye-gatewayconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C2.2.1 |
Unique model identifier (kye:model:<...>) | enforced | audit_events: kye.assurance.model_validation.v1engines: internal, internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C2.2.2 |
Model passport — declared capabilities, scope, intended use | enforced | audit_events: kye.assurance.model_validation.v1, kye.assurance.adoption_stage.v1engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C2.2.3 |
Training-data provenance disclosure | enforced | audit_events: kye.assurance.model_validation.v1engines: internalagents: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C2.2.4 |
Training-data licence audit | enforced | audit_events: kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C2.2.5 |
Training-data deduplication & contamination check | enforced | audit_events: kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C2.2.6 |
Model version pinning | enforced | audit_events: kye.assurance.model_validation.v1, kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C2.2.7 |
Model artefact integrity hash | enforced | audit_events: kye.evidence.signature.v1, kye.assurance.model_validation.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.8 |
Model card published | enforced | audit_events: kye.assurance.model_validation.v1engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C2.2.9 |
Capability declaration (read / write / autonomous-action) | enforced | audit_events: kye.authority.grant.v1, kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C2.2.10 |
Limitations disclosure | enforced | audit_events: kye.assurance.model_validation.v1engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C2.2.11 |
Intended-population declaration | enforced | audit_events: kye.assurance.model_validation.v1engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C2.2.12 |
Off-label / out-of-scope detection | enforced | audit_events: kye.resilience.drift.detected.v1, kye.resilience.intent_drift.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.13 |
Model provenance chain (training → fine-tune → deploy) | enforced | audit_events: kye.assurance.model_validation.v1, kye.audit.event.appended.v1engines: internal, internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.14 |
Model passport WORM persistence | enforced | schemas: kye.audit.event.v1audit_events: kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.15 |
Model validation reports linked | enforced | audit_events: kye.assurance.model_validation.v1, kye.assurance.audit_replay_report.v1engines: internalworkers: kye-conformance-runnerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C2.2.16 |
Pre-deployment validation evidence pack | enforced | audit_events: kye.evidence.pack.v1, kye.assurance.model_validation.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.17 |
External audit hook (Approved Body, CE, third-party) | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.assurance.audit_replay_report.v1agents: internalworkers: kye-audit-pilot-agentconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C2.2.18 |
Model passport machine-readable export (OSCAL / SCAP / OpenC2) | enforced | audit_events: kye.assurance.model_validation.v1engines: internalworkers: kye-oscal-exporterconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C2.2.19 |
Pre-training risk classification | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.20 |
Training pipeline reproducibility | enforced | audit_events: kye.assurance.model_validation.v1engines: internalworkers: kye-replay-proof-generatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.21 |
Model dataset card published | enforced | audit_events: kye.assurance.model_validation.v1engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C2.2.22 |
Model deprecation lifecycle | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.23 |
Model recall mechanism | enforced | audit_events: kye.authority.grant.v1, kye.resilience.drift.detected.v1engines: internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.24 |
Patch / re-training change-control | enforced | audit_events: kye.assurance.model_validation.v1, kye.assurance.management_review.v1engines: internal, internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C2.2.25 |
Fine-tuning provenance disclosure | enforced | audit_events: kye.assurance.model_validation.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.26 |
Foundation-model parent declaration | enforced | audit_events: kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C2.2.27 |
Model passport signing | enforced | audit_events: kye.evidence.signature.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.28 |
Model passport public verifier | enforced | audit_events: kye.evidence.replay_proof.v1engines: internalworkers: kye-replay-proof-generatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.29 |
Cross-model lineage graph | enforced | audit_events: kye.assurance.model_validation.v1engines: internal, internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C2.2.30 |
Sector-specific model passport extensions | enforced | engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C2.2.31 |
Approved-Body assessment evidence linkage | enforced | audit_events: kye.assurance.audit_pilot.v1, kye.evidence.pack.v1agents: internalworkers: kye-audit-pilot-agentconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C2.2.32 |
Substantial-change re-assessment trigger | enforced | audit_events: kye.resilience.drift.detected.v1, kye.assurance.model_validation.v1engines: internalworkers: kye-drift-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C2.2.33 |
Model passport history (append-only) | enforced | audit_events: kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C2.2.34 |
Inference-time model passport reference | enforced | audit_events: kye.evidence.decision_map.v1, kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.1 |
TLS-everywhere on agent traffic | enforced | engines: internalworkers: kye-gatewayprobes: tls-validconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C3.3.2 |
Authentication on every privileged action | enforced | audit_events: kye.authority.grant.v1, kye.authority.decision.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C3.3.3 |
Step-up authentication for high-risk actions | enforced | engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C3.3.4 |
Secret rotation cadence | enforced | audit_events: kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.5 |
Least-privilege scope per agent | enforced | audit_events: kye.authority.grant.v1, kye.purpose.scope.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C3.3.6 |
Prompt-injection defence | enforced | audit_events: kye.resilience.intent_drift.v1, kye.agency_drift.event.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.7 |
Output sanitisation / filtering | enforced | audit_events: kye.evidence.synthetic_content_label.v1, kye.decision.record.v1engines: internal, internalconstitution_refs: constitution/37-EVENT-ENGINE.md |
haarf.C3.3.8 |
Adversarial-prompt logging | enforced | audit_events: kye.audit.event.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.9 |
Rate-limiting per actor | enforced | engines: internalworkers: kye-rate-limiterconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C3.3.10 |
Anomaly detection on agent behaviour | enforced | audit_events: kye.agency_drift.event.v1, kye.resilience.drift.detected.v1engines: internal, internalworkers: kye-incident-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.11 |
Incident response runbook | enforced | audit_events: kye.audit.event.v1engines: internalworkers: kye-incident-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.12 |
Audit logs encrypted at rest | enforced | audit_events: kye.audit.event.appended.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.13 |
Audit logs tamper-evident | enforced | schemas: kye.audit.event.v1audit_events: kye.audit.event.appended.v1, kye.audit.integrity_check.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.14 |
Tool-call sandboxing | enforced | audit_events: kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C3.3.15 |
Network egress controls | enforced | engines: internal, internalworkers: kye-edge-arbiterconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C3.3.16 |
Supply-chain verification (SBOM, signature) | enforced | audit_events: kye.evidence.signature.v1engines: internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.17 |
Vulnerability scanning | enforced | audit_events: kye.audit.event.v1engines: internalworkers: kye-self-audit-daemonconstitution_refs: constitution/44-LIVENESS-ENGINE.md |
haarf.C3.3.18 |
Penetration test cadence | enforced | audit_events: kye.assurance.threat_model.v1engines: internalagents: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.19 |
Break-glass procedure | enforced | audit_events: kye.break_glass.event.v1, kye.authority.grant.v1engines: internal, internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C3.3.20 |
Kill-switch per agent | enforced | audit_events: kye.agent.killed.v1, kye.authority.grant.v1engines: internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C3.3.21 |
DDoS protection | enforced | engines: internalworkers: kye-gatewayconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C3.3.22 |
Logging streamed to SIEM | enforced | audit_events: kye.audit.event.appended.v1engines: internalworkers: kye-siem-exportconstitution_refs: constitution/35-STREAMING-LOGS.md |
haarf.C3.3.23 |
Crypto-agility (algorithm rotation) | designed | engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.24 |
BYOK / HYOK support | enforced | engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.25 |
Sensitive-data classification | enforced | audit_events: kye.evidence.audit_event.v1engines: internalagents: internaldictionaries: internal, internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C3.3.26 |
Personal-data minimisation | enforced | audit_events: kye.purpose.scope.v1, kye.purpose.restrictions.v1engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C3.3.27 |
Data-residency controls | enforced | engines: internalconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C3.3.28 |
Offline-evidence handling | enforced | audit_events: kye.evidence.audit_event.v1engines: internalworkers: kye-offline-evidence-logconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C3.3.29 |
Tenant isolation | enforced | engines: internal, internalworkers: kye-gatewayconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C3.3.30 |
Continuous control monitoring | enforced | audit_events: kye.compliance.attestation.v1, kye.signal.compliance_card.refreshed.v1workers: kye-compliance-card-refreshreconcilers: pages-bindings-alive, worker-deploy-aliveconstitution_refs: constitution/34-RECONCILIATION-ENGINE.md |
haarf.C3.3.31 |
Backup + restore drill | enforced | audit_events: kye.audit.event.v1engines: internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C3.3.32 |
Disaster-recovery RTO/RPO targets | designed | audit_events: kye.audit.event.v1constitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C3.3.33 |
Subprocessor inventory | enforced | schemas: kye.subprocessor.v1engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C3.3.34 |
Security-headers verification | enforced | engines: internalworkers: kye-gatewayprobes: security-headersconstitution_refs: constitution/44-LIVENESS-ENGINE.md |
haarf.C3.3.35 |
Insider-threat detection (silent compromise) | enforced | audit_events: kye.agency_drift.event.v1, kye.resilience.drift.detected.v1engines: internalagents: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C4.4.1 |
Human-in-the-loop for high-risk decisions | enforced | audit_events: kye.decision.record.v1, kye.decision.commit_boundary.v1engines: internal, internalgovernedui_modules: kye.governedui.module.action_approval.v1, kye.governedui.module.approval_queue.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.2 |
Two-person sign-off on irreversible action | enforced | audit_events: kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.3 |
Clinician override mechanism | enforced | audit_events: kye.decision.record.v1, kye.break_glass.event.v1engines: internalgovernedui_modules: kye.governedui.module.critical_point_review.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.4 |
Override audit + reason capture | enforced | audit_events: kye.decision.record.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C4.4.5 |
Accountability chain (who-approved-what) | enforced | audit_events: kye.audit.event.appended.v1, kye.assurance.management_review.v1, kye.authority.delegation.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C4.4.6 |
Role-based access control | enforced | audit_events: kye.authority.grant.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C4.4.7 |
Purpose-bounded data processing | enforced | audit_events: kye.purpose.grant.v1, kye.purpose.admission.v1, kye.purpose.request.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C4.4.8 |
Decision Map™ visible to authorised reviewer | enforced | audit_events: kye.evidence.decision_map.v1engines: internal, internalgovernedui_modules: kye.governedui.module.evidence_timeline.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.9 |
Evidence Pack™ downloadable on demand | enforced | audit_events: kye.evidence.pack.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.10 |
Replay-Proof verification (public-key only) | enforced | audit_events: kye.evidence.replay_proof.v1, kye.replay.context_seal.v1engines: internalworkers: kye-replay-proof-generatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C4.4.11 |
User-facing AI disclosure | enforced | audit_events: kye.consent.receipt.v1engines: internalcomms_templates: expert-review.brief.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C4.4.12 |
Patient consent capture | designed | audit_events: kye.consent.acceptance.v1, kye.consent.receipt.v1sector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C4.4.13 |
Clinician training attestation | enforced | audit_events: kye.compliance.attestation.v1agents: internalworkers: kye-training-agentconstitution_refs: constitution/10-PARTNER.md |
haarf.C4.4.14 |
Continuous-clinician feedback loop | enforced | audit_events: kye.resilience.improvement_record.v1, kye.resilience.loop_iteration.v1engines: internalgovernedui_modules: kye.governedui.module.evidence_timeline.v1constitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C4.4.15 |
Escalation path for disputed decisions | enforced | audit_events: kye.decision.record.v1, kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.critical_point_review.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.16 |
Patient-rights notice | designed | audit_events: kye.consent.receipt.v1comms_templates: audit-pilot.applicant-confirmation.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C4.4.17 |
DSAR (data-subject-access) handling | enforced | agents: internal, internalworkers: kye-dsar-agent, kye-dsar-evidence-agentconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C4.4.18 |
Right to human review | enforced | audit_events: kye.decision.record.v1, kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.critical_point_review.v1, kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.19 |
Right to explanation | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.pack.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C4.4.20 |
Right to redress | designed | audit_events: kye.resilience.improvement_record.v1governedui_modules: kye.governedui.module.critical_point_review.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.21 |
Approval queue dashboard | enforced | engines: internalgovernedui_modules: kye.governedui.module.approval_queue.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.22 |
Action-approval modes per risk-tier | enforced | audit_events: kye.decision.record.v1engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.23 |
Delegated authority chain | enforced | audit_events: kye.authority.delegation.v1, kye.authority.grant.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C4.4.24 |
Authority Gap detection | enforced | audit_events: kye.authority.gap.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.25 |
Authority Proof Bundle™ | enforced | engines: internalworkers: kye-authority-proof-bundle-workerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.26 |
Authority Revocation Cascade | enforced | audit_events: kye.authority.grant.v1engines: internal, internalworkers: kye-revocation-cascade, kye-authority-revocation-orchestratorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C4.4.27 |
Audit-pilot delegated review | enforced | audit_events: kye.assurance.audit_pilot.v1agents: internalworkers: kye-audit-pilot-agentconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.28 |
Per-decision liability assignment | enforced | audit_events: kye.decision.record.v1, kye.authority.delegation.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C4.4.29 |
Conflict-of-interest disclosure | designed | audit_events: kye.assurance.management_review.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.30 |
Continuous accountability monitoring | enforced | audit_events: kye.compliance.attestation.v1, kye.signal.compliance_card.refreshed.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/34-RECONCILIATION-ENGINE.md |
haarf.C4.4.31 |
Documented chain-of-command | enforced | audit_events: kye.authority.delegation.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C4.4.32 |
Liability insurance evidence | deferred | engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C4.4.33 |
Patient-safety officer sign-off | enforced | audit_events: kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.34 |
Regulator notification on serious incident | enforced | audit_events: kye.audit.event.v1engines: internalworkers: kye-webhook-dispatchercomms_templates: audit-pilot.admin-alert.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C4.4.35 |
Investigator support evidence pack | enforced | audit_events: kye.evidence.pack.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.36 |
Healthcare-org accountable executive register | enforced | audit_events: kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C4.4.37 |
Third-party verifier read-access | enforced | agents: internalworkers: kye-audit-pilot-agentconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C4.4.38 |
Public attestation page | enforced | audit_events: kye.compliance.attestation.v1, kye.report.annual_conformance_attestation.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.1 |
Agent unique identity (kye:agent:<...>) | enforced | engines: internal, internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.mdregistries: internal |
haarf.C5.5.2 |
Agent passport published | enforced | engines: internalgovernedui_modules: kye.governedui.module.entity_passport.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C5.5.3 |
Agent class declaration (advisory / autonomous) | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.authority.grant.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.4 |
Agent scope binding to authority | enforced | audit_events: kye.authority.grant.v1, kye.purpose.scope.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C5.5.5 |
Agent registration in central directory | enforced | engines: internalreconcilers: agent-manifest-aliveconstitution_refs: constitution/14-AGENTS-AND-ENGINES.mdregistries: internal |
haarf.C5.5.6 |
Agent passport WORM persistence | enforced | schemas: kye.audit.event.v1audit_events: kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C5.5.7 |
Agent metadata: capability + risk + autonomy | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.assurance.risk_assessment.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.8 |
Agent owner / responsible party declared | enforced | audit_events: kye.assurance.management_review.v1, kye.authority.delegation.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C5.5.9 |
Agent lifecycle stage tracking | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.10 |
Agent retirement marker | enforced | audit_events: kye.agent.killed.v1, kye.authority.grant.v1engines: internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.11 |
Agent re-registration on substantial change | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.resilience.drift.detected.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.12 |
Agent inventory machine-readable | enforced | engines: internalreconcilers: agent-manifest-aliveconstitution_refs: constitution/14-AGENTS-AND-ENGINES.mdregistries: internal |
haarf.C5.5.13 |
Agent inventory regulator export | designed | engines: internalworkers: kye-oscal-exporterconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C5.5.14 |
Authority Grant per agent | enforced | audit_events: kye.authority.grant.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C5.5.15 |
Authority Grant revocation cascade | enforced | audit_events: kye.authority.grant.v1engines: internal, internalworkers: kye-revocation-cascade, kye-authority-revocation-orchestratorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.16 |
Agent purpose binding | enforced | audit_events: kye.purpose.grant.v1, kye.purpose.binding.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C5.5.17 |
Tenant-scoped agent registration | enforced | engines: internal, internalworkers: kye-gatewayconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C5.5.18 |
Agent runtime attestation | enforced | audit_events: kye.compliance.attestation.v1, kye.agent.run.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C5.5.19 |
Agent identity signing | enforced | audit_events: kye.evidence.signature.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C5.5.20 |
Agent capability manifest | enforced | audit_events: kye.authority.grant.v1engines: internaldictionaries: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C5.5.21 |
Cross-agent dependency graph | designed | engines: internal, internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C5.5.22 |
Agent versioning | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C5.5.23 |
Agent deployment audit | enforced | audit_events: kye.audit.event.appended.v1, kye.assurance.adoption_stage.v1engines: internalworkers: kye-audit-chain-workerreconcilers: worker-deploy-aliveconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C5.5.24 |
Agent retirement audit | enforced | audit_events: kye.agent.killed.v1, kye.audit.event.appended.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C5.5.25 |
Agent reputation score | enforced | audit_events: kye.compliance.attestation.v1engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C5.5.26 |
Agent compliance card per agent | enforced | audit_events: kye.assurance.compliance_card.v1, kye.signal.compliance_card.refreshed.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/34-RECONCILIATION-ENGINE.md |
haarf.C5.5.27 |
Public discoverability (where required) | designed | engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C5.5.28 |
Cross-jurisdiction registration support | designed | engines: internal, internalconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C5.5.29 |
Agent passport API | enforced | engines: internalworkers: kye-gatewayconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C5.5.30 |
Onboarding agent | enforced | agents: internalworkers: kye-onboarding-agentcomms_templates: onboarding-agent.pilot-approved.v1, onboarding-agent.commercial-menu.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C6.6.1 |
Autonomy ladder (advisory / supervised / autonomous / fully autonomous) | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.2 |
Commit-boundary control | enforced | audit_events: kye.decision.commit_boundary.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.3 |
Shadow Mode (observe-without-effect) | enforced | audit_events: kye.decision.shadow_evaluation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.4 |
Graduated autonomy progression | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.5 |
Autonomy rollback mechanism | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.authority.grant.v1engines: internal, internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.6 |
Automated drift detection | enforced | audit_events: kye.resilience.drift.detected.v1, kye.resilience.intent_drift.v1engines: internalworkers: kye-drift-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.7 |
Agency-drift event | enforced | schemas: kye.agency_drift.event.v1audit_events: kye.agency_drift.event.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.8 |
Authority gap detection | enforced | audit_events: kye.authority.gap.v1engines: internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C6.6.9 |
Guard recommendation engine | enforced | audit_events: kye.operating_model.guard_recommendation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.10 |
Resilience Loop (detect → revoke → re-grant → replay → improve) | enforced | audit_events: kye.resilience.loop.v1, kye.resilience.loop_iteration.v1, kye.resilience.improvement_record.v1engines: internal, internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.11 |
Authority scope minimisation | enforced | audit_events: kye.authority.grant.v1, kye.purpose.scope.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.12 |
Time-bounded authority | enforced | audit_events: kye.authority.grant.v1, kye.compliance.attestation.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.13 |
Action-budget envelope | enforced | audit_events: kye.authority.grant.v1, kye.meter.decision.v1engines: internalworkers: kye-rate-limiterconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.14 |
Cost-budget envelope | enforced | audit_events: kye.meter.decision.v1engines: internalworkers: kye-stripe-meterconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C6.6.15 |
Decision-budget envelope | enforced | audit_events: kye.meter.decision.v1engines: internal, internalconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C6.6.16 |
Anomaly-triggered authority freeze | enforced | audit_events: kye.agency_drift.event.v1, kye.authority.grant.v1engines: internal, internalworkers: kye-revocation-cascadeconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.17 |
Periodic authority re-confirmation | enforced | audit_events: kye.purpose.reconfirmation.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.18 |
Multi-agent coordination governance | enforced | audit_events: kye.agent.workflow.v1engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C6.6.19 |
Autonomy-aware authority decision | enforced | audit_events: kye.authority.decision.v1, kye.assurance.adoption_stage.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.20 |
Resilience loop iteration metrics | enforced | audit_events: kye.resilience.loop_iteration.v1, kye.resilience.measurement_record.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.21 |
Improvement record per loop | enforced | audit_events: kye.resilience.improvement.v1, kye.resilience.improvement_record.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.22 |
Suppression-reason capture | enforced | audit_events: kye.resilience.suppression_reason.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.23 |
Adoption-stage gating | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.24 |
Goal-coherence verification | enforced | audit_events: kye.resilience.intent_drift.v1engines: internalworkers: kye-meaning-continuity-evaluatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.25 |
Out-of-scope action blocking | enforced | audit_events: kye.authority.gate.v1, kye.signal.decision.denied.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.26 |
Decision-map for every autonomous action | enforced | audit_events: kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.27 |
Autonomy-class compliance attestation | enforced | audit_events: kye.compliance.attestation.v1, kye.assurance.adoption_stage.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.28 |
Reality-coupling check | enforced | audit_events: kye.resilience.intent_drift.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.29 |
Authority delegation transparency | enforced | audit_events: kye.authority.delegation.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C6.6.30 |
Self-governance attestation (governance-of-governance) | enforced | audit_events: kye.compliance.attestation.v1, kye.constitution.compliance.v1engines: internalconstitution_refs: constitution/45-SELF-DESCRIPTION-GATE.md |
haarf.C6.6.31 |
Authority audit replay | enforced | audit_events: kye.assurance.audit_replay_report.v1, kye.replay.proof.v1engines: internal, internalworkers: kye-audit-replay-orchestratorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.32 |
Authority compliance attestation seat (per-seat) | enforced | audit_events: kye.compliance.attestation.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/23-BILLING-METERING.md |
haarf.C6.6.33 |
Per-decision risk score | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.decision.record.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.34 |
Off-ladder action blocking | enforced | audit_events: kye.authority.gate.v1, kye.assurance.adoption_stage.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C6.6.35 |
Sector-specific autonomy policy | enforced | engines: internalworkers: kye-rules-gateway-workersector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C7.7.1 |
Pre-deployment bias audit | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.assurance.model_validation.v1engines: internal, internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.2 |
Sub-population performance metrics | enforced | audit_events: kye.assurance.model_validation.v1engines: internal, internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.3 |
Demographic-disparity monitoring | enforced | audit_events: kye.resilience.drift.detected.v1, kye.resilience.measurement_record.v1engines: internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.4 |
Fairness threshold per use-case | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.5 |
Fairness re-assessment cadence | enforced | audit_events: kye.compliance.attestation.v1, kye.assurance.risk_assessment.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.6 |
Bias-incident reporting | enforced | audit_events: kye.audit.event.v1, kye.resilience.drift.detected.v1engines: internalworkers: kye-incident-detectorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.7 |
Equitable access (no demographic gating) | enforced | audit_events: kye.purpose.admissibility.v1, kye.authority.decision.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C7.7.8 |
Protected-class detection | enforced | audit_events: kye.evidence.audit_event.v1engines: internalagents: internaldictionaries: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C7.7.9 |
Counterfactual analysis | enforced | audit_events: kye.replay.proof.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.10 |
Bias-mitigation strategy declared | designed | audit_events: kye.assurance.model_validation.v1constitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.11 |
Demographic-representative test set | enforced | audit_events: kye.assurance.model_validation.v1engines: internalworkers: kye-conformance-runnerconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.12 |
Outcome-equity dashboard | enforced | audit_events: kye.report.quarterly_drift.v1, kye.report.monthly_decision_summary.v1engines: internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.13 |
Bias-incident response runbook | enforced | audit_events: kye.audit.event.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.14 |
Public bias-transparency report | enforced | audit_events: kye.report.annual_conformance_attestation.v1engines: internalworkers: kye-reporting-workerconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.15 |
Patient-cohort impact assessment | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.16 |
Reason-code accountability | enforced | audit_events: kye.decision.record.v1, kye.signal.decision.denied.v1engines: internaldictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.17 |
Equitable language in outputs | enforced | audit_events: kye.evidence.synthetic_content_label.v1engines: internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.18 |
Translation / multilingual support attested | designed | audit_events: kye.assurance.model_validation.v1constitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.19 |
Accessibility (WCAG) attestation | enforced | audit_events: kye.compliance.attestation.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/03-DESIGN-MIGRATION.md |
haarf.C7.7.20 |
Patient-language disclosure | enforced | audit_events: kye.consent.receipt.v1engines: internalcomms_templates: audit-pilot.applicant-confirmation.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C7.7.21 |
Healthcare equity sector overlay | enforced | engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C7.7.22 |
Fairness compliance attestation | enforced | audit_events: kye.compliance.attestation.v1workers: kye-compliance-card-refreshconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.23 |
Bias-mitigation evidence pack | enforced | audit_events: kye.evidence.pack.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.24 |
Demographic-data-residency | enforced | engines: internalconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C7.7.25 |
Demographic-data minimisation | enforced | audit_events: kye.purpose.scope.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C7.7.26 |
Bias-drift detection | enforced | audit_events: kye.resilience.drift.detected.v1, kye.resilience.measurement_record.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.27 |
Bias-incident root-cause analysis | enforced | audit_events: kye.assurance.audit_replay_report.v1, kye.resilience.improvement.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.28 |
Bias-mitigation update lifecycle | enforced | audit_events: kye.assurance.adoption_stage.v1, kye.assurance.model_validation.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.29 |
Equity-board oversight | enforced | audit_events: kye.assurance.management_review.v1engines: internalgovernedui_modules: kye.governedui.module.action_approval.v1constitution_refs: constitution/36-GOVERNEDUI.md |
haarf.C7.7.30 |
Patient-feedback bias channel | enforced | audit_events: kye.resilience.improvement_record.v1engines: internalcomms_templates: expert-review.brief.v1constitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C7.7.31 |
Fairness conformance run | enforced | audit_events: kye.assurance.audit_replay_report.v1, kye.assurance.model_validation.v1engines: internalworkers: kye-conformance-runnerconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C7.7.32 |
Bias-class dictionary | enforced | engines: internaldictionaries: internal, internalconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C7.7.33 |
Cross-jurisdiction equity comparison | deferred | engines: internalconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.34 |
Clinical-effectiveness equity check | enforced | audit_events: kye.evidence.healthcare.cdss.v1engines: internalsector_packs: kye:sector-pack:healthcareconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C7.7.35 |
Equity attestation to regulator | enforced | audit_events: kye.report.annual_conformance_attestation.v1, kye.compliance.attestation.v1workers: kye-compliance-card-refresh, kye-reporting-workerconstitution_refs: constitution/20-ANALYTICS-PLANE.md |
haarf.C8.8.1 |
Tool registry (declared catalogue) | enforced | engines: internaldictionaries: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C8.8.2 |
Tool authority binding | enforced | audit_events: kye.authority.grant.v1, kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C8.8.3 |
Tool-call evidence emission | enforced | audit_events: kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/37-EVENT-ENGINE.md |
haarf.C8.8.4 |
Tool-call decision-map inclusion | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.5 |
MCP tool registration | enforced | engines: internalworkers: kye-mcp-serverreconcilers: mcp-tool-bijectionconstitution_refs: constitution/15-MCP-AND-SDK.md |
haarf.C8.8.6 |
MCP gateway | enforced | engines: internalworkers: kye-mcp-serverconstitution_refs: constitution/15-MCP-AND-SDK.md |
haarf.C8.8.7 |
Tool-call authentication | enforced | audit_events: kye.authority.decision.v1, kye.evidence.tool_call.v1engines: internal, internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C8.8.8 |
Tool-call rate limiting | enforced | engines: internalworkers: kye-rate-limiterconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C8.8.9 |
Tool-call timeout / circuit-breaker | enforced | engines: internalworkers: kye-gatewayconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C8.8.10 |
Tool error-handling | enforced | audit_events: kye.evidence.tool_call.v1, kye.audit.event.v1engines: internalconstitution_refs: constitution/46-FLOW-CONTRACTS.md |
haarf.C8.8.11 |
Tool input validation | enforced | engines: internal, internalconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C8.8.12 |
Tool output validation / sanitisation | enforced | audit_events: kye.evidence.synthetic_content_label.v1, kye.evidence.audit_event.v1engines: internal, internalconstitution_refs: constitution/37-EVENT-ENGINE.md |
haarf.C8.8.13 |
Tool replay-proof | enforced | audit_events: kye.evidence.replay_proof.v1, kye.evidence.tool_call.v1engines: internalworkers: kye-replay-proof-generatorconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.14 |
External-API integration audit | enforced | audit_events: kye.evidence.tool_call.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C8.8.15 |
API-key rotation enforced | enforced | schemas: kye.admin.workflow.approved.v1audit_events: kye.admin.api_key.issued.v1, kye.admin.api_key.revoked.v1engines: internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C8.8.16 |
Webhook subscriber active | enforced | engines: internalworkers: kye-webhook-dispatcherreconcilers: webhook-subscriber-activeconstitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C8.8.17 |
OAuth scope enforcement | enforced | audit_events: kye.authority.grant.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C8.8.18 |
Tool-call sandboxing | enforced | audit_events: kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C8.8.19 |
Tool-result caching governance | designed | engines: internalworkers: kye-gatewayconstitution_refs: constitution/16-EDGE-RUNTIME.md |
haarf.C8.8.20 |
Tool secrets never logged | enforced | audit_events: kye.audit.event.appended.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C8.8.21 |
Tool-call audit chain | enforced | audit_events: kye.evidence.tool_call.v1, kye.audit.event.appended.v1engines: internalworkers: kye-audit-chain-workerconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C8.8.22 |
Tool integration risk-class | enforced | audit_events: kye.assurance.risk_assessment.v1engines: internaldictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.23 |
External-system access via gateway only | enforced | engines: internal, internalworkers: kye-gateway, kye-edge-arbiterconstitution_refs: constitution/25-EDGE-GOVERNANCE.md |
haarf.C8.8.24 |
Connector certification | enforced | engines: internalagents: internalworkers: kye-connector-certifier, kye-conformance-runnerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C8.8.25 |
Subprocessor inventory | enforced | schemas: kye.subprocessor.v1engines: internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
haarf.C8.8.26 |
Tool-call evidence pack | enforced | audit_events: kye.evidence.pack.v1, kye.evidence.tool_call.v1engines: internalworkers: kye-evidence-pack-assemblerconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md |
haarf.C8.8.27 |
Streaming logs (tool calls) | enforced | audit_events: kye.audit.event.appended.v1engines: internalworkers: kye-siem-exportconstitution_refs: constitution/35-STREAMING-LOGS.md |
haarf.C8.8.28 |
Tool-call deterministic replay | enforced | audit_events: kye.replay.proof.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.29 |
Tool catalogue publish to MCP server | enforced | engines: internalworkers: kye-mcp-serverreconcilers: mcp-tool-bijectionconstitution_refs: constitution/15-MCP-AND-SDK.md |
haarf.C8.8.30 |
Tool deprecation lifecycle | enforced | audit_events: kye.assurance.adoption_stage.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.31 |
Cross-tool dependency map | designed | engines: internalconstitution_refs: constitution/14-AGENTS-AND-ENGINES.md |
haarf.C8.8.32 |
Tool-error compensating action | enforced | schemas: kye.lifecycle.compensating.v1audit_events: kye.lifecycle.compensating.v1engines: internalconstitution_refs: constitution/46-FLOW-CONTRACTS.md |
haarf.C8.8.33 |
Synthetic-content labelling | enforced | audit_events: kye.evidence.synthetic_content_label.v1engines: internalconstitution_refs: constitution/37-EVENT-ENGINE.md |
haarf.C8.8.34 |
AI Call Ledger | enforced | audit_events: kye.audit.event.appended.v1, kye.evidence.tool_call.v1engines: internal, internalconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
haarf.C8.8.35 |
MCP-server liveness | enforced | engines: internalworkers: kye-mcp-serverprobes: worker-fleet-healthconstitution_refs: constitution/44-LIVENESS-ENGINE.md |
haarf.C8.8.36 |
Tool-API contract testing | enforced | engines: internalworkers: kye-conformance-runnerreconcilers: openapi-worker-routesconstitution_refs: constitution/34-RECONCILIATION-ENGINE.md |
haarf.C8.8.37 |
Tool-action commit-boundary check | enforced | audit_events: kye.decision.commit_boundary.v1, kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.38 |
Webhook delivery audit | enforced | engines: internalworkers: kye-webhook-dispatcherconstitution_refs: constitution/38-COMMS-RAIL.md |
haarf.C8.8.39 |
Tool-call denial reason | enforced | audit_events: kye.signal.decision.denied.v1engines: internaldictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
haarf.C8.8.40 |
Tool risk-class differential policy | enforced | engines: internalworkers: kye-rules-gateway-workerconstitution_refs: constitution/29-PROFILES-LITE.md |
haarf.C8.8.41 |
Cross-tool action authority check | enforced | audit_events: kye.authority.gate.v1, kye.evidence.tool_call.v1engines: internalworkers: kye-pdpconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
haarf.C8.8.42 |
Sector-specific tool catalogue | enforced | engines: internalsector_packs: kye:sector-pack:healthcaredictionaries: internalconstitution_refs: constitution/29-PROFILES-LITE.md |