Logos LexiconPolicy Evaluation

Policy Evaluation

When a CSIV token is received, the policy evaluator checks the token's execution policy against the current execution context before allowing the action to proceed. All evaluation is performed locally — no network call is made.

Evaluation Flow

Token received

The token ID is extracted from the State-Frame. The evaluator looks up the matching entry in the local logic library.

Hardware constraint check

If requires_vinac is true, the evaluator verifies that the token arrived via a VINAC-FM certified acoustic channel.

Risk tier enforcement

The risk_tier determines the minimum required verification layer. Critical tokens require Layer 4 (VINAC-FM) by default.

Execution policy evaluation

The execution_policy fields are checked against the provided context: rate limits, approval windows, dual approval, value limits.

Decision emitted

The evaluator returns a PolicyDecision — allowed: true with the resolved action, or allowed: false with the denial reason.

Execution Rules

RuleTypeDescription

max_usesnumberMaximum number of times this token can be resolved. Default: 1 (single-use).

rate_limit_per_hournumberMaximum resolutions permitted per hour from the same project.

approval_window_secondsnumberTime window after human approval in which the token can be resolved.

dual_approvalbooleanRequires two independent human approvals before the token is valid.

quorum_requirednumberMinimum number of approvers required. Used for key ceremony operations.

value_limit_usdnumberMaximum transaction value in USD. Context must provide the value for evaluation.

change_window_requiredbooleanRequires that the current time falls within a pre-configured change window.

require_same_devicebooleanEmitting and capturing device must be identical (same-device binding).

Safety Constraints

Safety constraints are enforced by the evaluator regardless of context values. They cannot be overridden at call time.

Single-use enforcement

All CSIV v1.0 tokens have max_uses: 1. Once resolved, the certificate is marked consumed. Replayed tokens are rejected.

Layer enforcement

If required_layer is 4, the token will not resolve without a valid VINAC-FM certificate — regardless of any other context values.

Expiry enforcement

Tokens have a bounded expiry window. Expired tokens are rejected before reaching the logic library.

Revocation check

If a certificate has been revoked (e.g., key compromise), the token is rejected even if it would otherwise pass all policy checks.

Code Examples

Allowed resolution

const result = evaluatePolicy({
  token_id: 'CSIV_EXEC_001',
  context:  {
    vinac_certified:  true,
    session_id:       'sess_abc123',
    timestamp:        Date.now(),
  },
});

// {
//   allowed:        true,
//   action:         'authorize_agent_action',
//   required_layer: 4,
//   risk_tier:      'high',
//   execution_policy: { max_uses: 1, rate_limit_per_hour: 20, approval_window_seconds: 300 }
// }

Denied — dual approval missing

const result = evaluatePolicy({
  token_id: 'CSIV_TXN_002',
  context:  {
    vinac_certified:  true,
    value_usd:        50000,
    dual_approved:    false,   // missing second approval
  },
});

// {
//   allowed:        false,
//   reason:         'dual_approval_required',
//   required_layer: 4,
//   risk_tier:      'critical',
// }

Denied — VINAC-FM certificate required

const result = evaluatePolicy({
  token_id: 'CSIV_KEY_001',
  context:  { vinac_certified: false },
});

// {
//   allowed:        false,
//   reason:         'vinacfm_certificate_required',
//   required_layer: 4,
//   risk_tier:      'critical',
// }

SDK Reference

Full API surface including evaluatePolicy()

Vocabulary Reference

All execution policies for v1.0 tokens