Consequential machine action needs a boarding gate.
Intelligence may change. Consequence still needs authority. Intelligence is not authority. Capability is not authority. Credentials are not authority. Logs after the fact are not enough.
Human accountability needs a place to stand before effect. Human institutions define authority. ZLAR makes authority machine-checkable at the point of action.
For defined routed action surfaces, ZLAR makes consequential AI action pass through recognized authorization before it becomes effect.
Machine action tries to become real. ZLAR asks: where is the authority? If the route, rule, receipt, or human yes is missing, the governed door does not open.
Current boundary: ZLAR governs routed/intercepted action surfaces only. Current core source access is private. It does not claim all AI, unrouted shell/filesystem/browser/app/network/model-reasoning/ final-text coverage, production authority, public external attestation, or sovereign recognition.
Movement before authority.
The action reaches the checkpoint lane.
Allow, refuse, or wait for a real yes.
Recognized authorization for this boarding.
Accepts recognized boarding or refuses it.
Paths not routed through ZLAR are not claimed as governed.
Intelligence may move. Consequence asks for authority.
AI can think, plan, draft, simulate, argue, self-organize, and improve. Fine. Let intelligence move.
But when machine action tries to enter the world, the question changes. The question is no longer whether the system can act. The question is whether the action has authority to become real.
Org charts were visible. Machine action is not.
Pre-AI governance could lean on visible maps: org charts, roles, signatures, approvals, policies, and minutes. Imperfect, but drawable.
Agentic AI breaks that calm picture. Output becomes action. Tools chain together. Agents choose steps. Third-party systems act inside workflows. The hand on the wheel becomes ambiguous.
So governance has to move from the org chart to the action gate.
ORG CHART GOVERNANCE -> ACTION GATE GOVERNANCE
role -> policy -> committee -> approval -> unclear machine action
machine action -> gate -> authority check -> receipt -> effect/refusal
ZLAR forces ambiguity into evidence before consequence.
Authority must become digitally legible because action has become digitally executable. Human institutions define authority. ZLAR makes authority machine-checkable at the point of action.
At the point where automated output becomes operational effect, the institution should be able to show what happened before the governed door opened or refused to open.
What action tried to happen.
What policy applied to the route.
What allowed or refused it.
Whether a named human actually said yes when required.
Whether the formal artifact still verifies.
What paths stayed outside the governed route.
Receipts protect humans by proving authorization or non-authorization.
A person should not be blamed for machine action unless the system can show a valid authority object tying that person, that route, that action, and that moment together.
Accountability should include a way to prove non-authorization. The receipt is the formal artifact. It records what counted as authorized effect; it does not prove the action was wise, harmless, lawful, or globally authorized.
Ask for the receipt
If AI changed a record, blocked a workflow, accessed a file, triggered a decision, or caused harm, ask what authority allowed the action to become real and whether the receipt still verifies.
Every page uses the same boarding language.
The airport model is not a metaphor bolted onto the product. It is the public grammar for the category.
AI action
The thing trying to board into consequence.
Reasoning and drafting
Agents can move, plan, ask, argue, and prepare. None of that is authorization.
Governed route
The defined path where ZLAR can actually inspect the action before effect.
Policy and authority
Signed rules decide allow, refuse, or ask an accountable human.
Formal artifact
The boarding-ticket metaphor points to the receipt: the verifiable record that this action crossed this checkpoint under this policy and authority.
Verifier
The independent check that the receipt is valid for the route.
Evidence bundle
The record of governed passage, boundaries, and what the proof path can verify.
Ungoverned path
A route not governed by this proof path and not claimed as covered.
The airport makes mass flight possible.
ZLAR is not built to slow intelligence down to human speed. The expectation is more agents, more useful work, and more action attempts. The goal is trusted boarding.
Routine routed actions can pass when policy permits. Higher-consequence routed actions can wait for a real human yes. Missing, stale, invalid, or unrecognized receipts can be refused before effect when the deployment makes the route authoritative.
Agents may fly at machine speed. Consequential action still boards through the gate.
Bring one action that should not board without authority.
The useful first conversation is concrete. Which AI action should be allowed only when it crosses a governed checkpoint and produces a verifiable receipt?
One action. One route. One policy. One receipt. One refusal rule. One honest map of the side doors.
Useful first terminals
- A protected record write.
- A deployment step.
- A sensitive file edit.
- A routed MCP tool call.
- A workflow trigger.
- A payment or transaction simulator before any real rail.
Different institutions. Same boarding question.
The sectors differ. The governance moment is the same: which routed action may board, who can say yes, what receipt proves it, and what refuses unrecognized boarding?
Put a gate before routed action
For files, tools, systems, and workflows where action needs a checkpoint.
Ask for the boarding record
For public actions where rule, authority, receipt, and boundary must be visible.
Identity is not a receipt
For authenticated AI actions that still need action-level authorization.
Keep care workflows boarded
For administrative and records surfaces where the receipt matters.
Delegation without surrender
For controlled routed surfaces where command authority must stay visible.
Proof stays available. It stops dominating the front door.
The proof path is the receipt desk and scanner lane. It should be easy to inspect, impossible to hide, and boringly credible.
The public sample uses fake/scratch evidence. It is deliberately bounded. It is there so a visitor can inspect the shape of a boarding credential after understanding the authority problem.
The map is trustworthy because it names what is outside the gate.
ZLAR governs boarding for defined routed action surfaces. It does not claim broad control over all AI, all tools, all model reasoning, all final text, or any path not routed through the governed gate.
Current public boundary
- ZLAR governs routed/intercepted action surfaces only.
- Safe Codex wording: "ZLAR can govern Codex CLI-invoked MCP tool calls when those MCP servers are routed through ZLAR."
- Unrouted shell/filesystem/browser/app/network/model-reasoning/final-text surfaces are not claimed as governed by this proof path.
- /contest is not implemented.
- A private-by-default non-Vincent verifier request has been sent; no public external attestation is claimed in this repo, and any private reply or later result remains bounded by verifier relationship, disclosure permission, and exact evidence returned.
Bring one action that should not board without authority.
The useful first conversation is concrete: which action, which route, which policy, which human authority, which receipt, which scanner, and which aircraft door refuses missing credentials.