Skip to content

security

Intended Documentation

Enforcement Lineage

Prove enforcement lineage — every authorization decision can be traced from policy through evaluation to token and enforcement.

advanced4 min readimplemented

Enforcement Lineage#

Every authorization decision in Intended produces a cryptographically verifiable chain from policy definition through evaluation to token issuance and enforcement. This lineage guarantees that no decision exists without a traceable origin, and no enforcement occurs without a recorded evaluation.

Why Lineage Matters#

Enterprise AI execution demands more than access control. Regulators, auditors, and security teams need to answer a single question: why was this action permitted?

Enforcement lineage provides that answer by linking four stages into an unbroken chain:

  1. Policy — the rule that governs the decision
  2. Evaluation — the runtime assessment against that rule
  3. Decision token — the cryptographic artifact encoding the outcome
  4. Enforcement — the point where the decision was applied

Info

Enforcement lineage is immutable once recorded. The chain cannot be modified after the fact, which makes it suitable for regulatory audits and compliance reporting.

The Lineage Chain#

Stage 1: Policy Origin#

Every decision traces back to a specific policy version. Policies are versioned and immutable once activated, so the exact rule set that governed a decision is always recoverable.

json
{
  "policy_ref": "pol_abc123",
  "policy_version": 7,
  "policy_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
  "activated_at": "2026-03-01T12:00:00Z"
}

The policy_hash is a content-addressable hash of the policy definition at the version that was active during evaluation. This prevents retroactive policy modification from invalidating audit trails.

Stage 2: Evaluation Record#

When an intent is submitted, the policy engine evaluates it against all applicable policies and produces an evaluation record.

json
{
  "evaluation_id": "eval_8f3a9b2c",
  "intent_id": "int_def456",
  "policy_refs": ["pol_abc123"],
  "input_context": {
    "tenant": "tenant_acme",
    "actor": "svc_data-pipeline",
    "action": "execute",
    "resource": "model:gpt-4/inference"
  },
  "result": "allow",
  "evaluated_at": "2026-03-08T09:15:32Z",
  "evaluation_duration_ms": 12
}

The evaluation record captures the full input context so the decision can be replayed deterministically against the same policy version.

Stage 3: Decision Token#

The evaluation result is encoded into a signed decision token — a short-lived, cryptographically verifiable artifact that carries the authorization outcome.

json
{
  "token_id": "dtk_7c4e1a",
  "evaluation_id": "eval_8f3a9b2c",
  "result": "allow",
  "scopes": ["model:execute"],
  "issued_at": "2026-03-08T09:15:32Z",
  "expires_at": "2026-03-08T09:20:32Z",
  "signature": "ES256:..."
}

Warning

Decision tokens are intentionally short-lived (default: 5 minutes). A token that outlives its TTL is rejected at enforcement, even if the signature is valid. This limits the blast radius of token exfiltration.

Stage 4: Enforcement Point#

The enforcement point validates the decision token before permitting the action. It records:

  • Token signature verification result
  • TTL validity at enforcement time
  • The specific action that was gated
  • Whether enforcement succeeded or was denied
json
{
  "enforcement_id": "enf_2b9d4e",
  "token_id": "dtk_7c4e1a",
  "action": "model:execute",
  "enforced_at": "2026-03-08T09:15:33Z",
  "outcome": "permitted",
  "enforcement_point": "connector:openai-prod"
}

Querying Lineage#

You can traverse the lineage chain in either direction using the Audit API.

Forward trace (policy to enforcement)#

Start from a policy and find all enforcement actions it authorized:

bash
curl -H "Authorization: Bearer $API_KEY" \
  "https://api.intended.so/tenants/tenant_acme_prod/audit?eventType=TOKEN_ISSUED&limit=50"

Reverse trace (enforcement to policy)#

Start from an enforcement event and walk back to the originating policy:

bash
curl -H "Authorization: Bearer $API_KEY" \
  "https://api.intended.so/tenants/tenant_acme_prod/audit/chain-verification"

The response includes all four stages with their timestamps and identifiers.

Lineage Integrity Verification#

Intended provides a built-in verification command to validate that a lineage chain is intact:

bash
meritt audit verify-lineage --enforcement-id enf_2b9d4e

This command checks:

  • The policy hash matches the recorded version
  • The evaluation references the correct policy
  • The decision token was signed by the evaluation service
  • The enforcement point validated the token before the TTL expired

Danger

A broken lineage chain indicates either a system fault or a potential tampering attempt. Broken chains trigger an automatic alert to the tenant's security contact.

Retention and Export#

Lineage records follow the tenant's configured retention policy. By default, records are retained for 90 days. For compliance use cases, you can configure extended retention or continuous export to an external SIEM.

See Audit API for export endpoint details.