Core Concepts
The Responsibility Layer
SOVR sits between your AI agent and the actions it wants to execute.
Default Deny
Unlike traditional systems that allow by default, SOVR operates on zero trust:
- Every action must pass through the gate
- Unknown actions are denied by default
- Explicit policies define what's allowed
Risk Assessment
Each action is scored based on:
| Factor | Weight | Description |
|---|---|---|
| Action Type | 30% | Category risk (financial, data, communication) |
| Context | 25% | Recipients, amounts, sensitivity |
| History | 20% | Past decisions for similar actions |
| Anomaly | 15% | Deviation from normal patterns |
| Time | 10% | Business hours, frequency |
Decision Types
Allow
Action is safe to execute immediately.
Require Approval
Action needs human sign-off before execution.
Deny
Action is blocked with explanation.
Audit Chain
Every decision creates a tamper-proof record:
json
{
"id": "aud_123",
"timestamp": "2026-02-05T05:00:00Z",
"action": "send_email",
"decision": "allow",
"riskScore": 15,
"previousHash": "sha256:abc...",
"hash": "sha256:def..."
}Trust Bundles
Export cryptographically signed evidence packages for:
- Compliance audits
- Legal discovery
- Insurance claims
- Customer assurance