Recognized authorization infrastructure for defined routed AI action

Consequential machine action needs a boarding gate.

Intelligence may change. Consequence still needs authority. Intelligence is not authority. Capability is not authority. Credentials are not authority. Logs after the fact are not enough.

Human accountability needs a place to stand before effect. Human institutions define authority. ZLAR makes authority machine-checkable at the point of action.

For defined routed action surfaces, ZLAR makes consequential AI action pass through recognized authorization before it becomes effect.

Machine action tries to become real. ZLAR asks: where is the authority? If the route, rule, receipt, or human yes is missing, the governed door does not open.

Current boundary: ZLAR governs routed/intercepted action surfaces only. Current core source access is private. It does not claim all AI, unrouted shell/filesystem/browser/app/network/model-reasoning/ final-text coverage, production authority, public external attestation, or sovereign recognition.

Public airport map
Terminal / intelligence Think, plan, draft

Movement before authority.

Gate / governed route Governed route

The action reaches the checkpoint lane.

Checkpoint / policy Policy + authority

Allow, refuse, or wait for a real yes.

Receipt / formal artifact ZLAR receipt

Recognized authorization for this boarding.

Effect / refusal Effect system

Accepts recognized boarding or refuses it.

Side doors are named.

Paths not routed through ZLAR are not claimed as governed.

Authority before effect

Intelligence may move. Consequence asks for authority.

AI can think, plan, draft, simulate, argue, self-organize, and improve. Fine. Let intelligence move.

But when machine action tries to enter the world, the question changes. The question is no longer whether the system can act. The question is whether the action has authority to become real.

01Where is your authority?
02Who signed this route?
03Does this action have permission to become real?
04If a human is accountable, did that human actually say yes?
The governance map moved

Org charts were visible. Machine action is not.

Pre-AI governance could lean on visible maps: org charts, roles, signatures, approvals, policies, and minutes. Imperfect, but drawable.

Agentic AI breaks that calm picture. Output becomes action. Tools chain together. Agents choose steps. Third-party systems act inside workflows. The hand on the wheel becomes ambiguous.

So governance has to move from the org chart to the action gate.

ORG CHART GOVERNANCE -> ACTION GATE GOVERNANCE

Before

role -> policy -> committee -> approval -> unclear machine action

After

machine action -> gate -> authority check -> receipt -> effect/refusal

Show the authority at the point of action.
Evidence before consequence

ZLAR forces ambiguity into evidence before consequence.

Authority must become digitally legible because action has become digitally executable. Human institutions define authority. ZLAR makes authority machine-checkable at the point of action.

At the point where automated output becomes operational effect, the institution should be able to show what happened before the governed door opened or refused to open.

Action

What action tried to happen.

Rule

What policy applied to the route.

Authority

What allowed or refused it.

Human yes

Whether a named human actually said yes when required.

Receipt

Whether the formal artifact still verifies.

Side doors

What paths stayed outside the governed route.

Human accountability

Receipts protect humans by proving authorization or non-authorization.

A person should not be blamed for machine action unless the system can show a valid authority object tying that person, that route, that action, and that moment together.

Accountability should include a way to prove non-authorization. The receipt is the formal artifact. It records what counted as authorized effect; it does not prove the action was wise, harmless, lawful, or globally authorized.

Ask for the receipt

If AI changed a record, blocked a workflow, accessed a file, triggered a decision, or caused harm, ask what authority allowed the action to become real and whether the receipt still verifies.

The map legend

Every page uses the same boarding language.

The airport model is not a metaphor bolted onto the product. It is the public grammar for the category.

Passenger

AI action

The thing trying to board into consequence.

Terminal

Reasoning and drafting

Agents can move, plan, ask, argue, and prepare. None of that is authorization.

Gate

Governed route

The defined path where ZLAR can actually inspect the action before effect.

Checkpoint

Policy and authority

Signed rules decide allow, refuse, or ask an accountable human.

Receipt

Formal artifact

The boarding-ticket metaphor points to the receipt: the verifiable record that this action crossed this checkpoint under this policy and authority.

Scanner

Verifier

The independent check that the receipt is valid for the route.

Manifest

Evidence bundle

The record of governed passage, boundaries, and what the proof path can verify.

Side door

Ungoverned path

A route not governed by this proof path and not claimed as covered.

Throughput

The airport makes mass flight possible.

ZLAR is not built to slow intelligence down to human speed. The expectation is more agents, more useful work, and more action attempts. The goal is trusted boarding.

Routine routed actions can pass when policy permits. Higher-consequence routed actions can wait for a real human yes. Missing, stale, invalid, or unrecognized receipts can be refused before effect when the deployment makes the route authoritative.

Agents may fly at machine speed. Consequential action still boards through the gate.

Bring one action surface

Bring one action that should not board without authority.

The useful first conversation is concrete. Which AI action should be allowed only when it crosses a governed checkpoint and produces a verifiable receipt?

One action. One route. One policy. One receipt. One refusal rule. One honest map of the side doors.

Useful first terminals

  • A protected record write.
  • A deployment step.
  • A sensitive file edit.
  • A routed MCP tool call.
  • A workflow trigger.
  • A payment or transaction simulator before any real rail.
Receipt, scanner, manifest

Proof stays available. It stops dominating the front door.

The proof path is the receipt desk and scanner lane. It should be easy to inspect, impossible to hide, and boringly credible.

The public sample uses fake/scratch evidence. It is deliberately bounded. It is there so a visitor can inspect the shape of a boarding credential after understanding the authority problem.

boarding credential sample
passengerone routed AI action
checkpointsigned policy and human authority where required
scannerverifier checks the credential
manifestevidence bundle plus boundary map
Side-door warning

The map is trustworthy because it names what is outside the gate.

ZLAR governs boarding for defined routed action surfaces. It does not claim broad control over all AI, all tools, all model reasoning, all final text, or any path not routed through the governed gate.

Current public boundary

  • ZLAR governs routed/intercepted action surfaces only.
  • Safe Codex wording: "ZLAR can govern Codex CLI-invoked MCP tool calls when those MCP servers are routed through ZLAR."
  • Unrouted shell/filesystem/browser/app/network/model-reasoning/final-text surfaces are not claimed as governed by this proof path.
  • /contest is not implemented.
  • A private-by-default non-Vincent verifier request has been sent; no public external attestation is claimed in this repo, and any private reply or later result remains bounded by verifier relationship, disclosure permission, and exact evidence returned.
Conversation

Bring one action that should not board without authority.

The useful first conversation is concrete: which action, which route, which policy, which human authority, which receipt, which scanner, and which aircraft door refuses missing credentials.