No Release Without Authenticated Approval

error

no_release_without_authenticated_approval

agentic-governance workflow pure_temporal agentic-aigovernancefix-ai-wgreleaserag-redtier-2-4

External-facing release or dispatch may occur only after an authenticated approval event whose scope covers the intended action (Szpruch capability C4: Gated Release & Dispatch).

Formula

G(Release ∨ Deploy → P(UserApproval ∧ authenticated ∧ approval_scope_covers))

Why it matters

FIX Approval & Release Gating + Szpruch C4. Release with conversational or implicit approval, or approval whose scope does not cover the action, is a Red halt.

Examples

passes UserApproval(authenticated, scope covers) → Release

fails Release whose approval scope does not cover the dispatched action

Use it

ponens policies add no_release_without_authenticated_approval --into ./trace.json
ponens trace check ./trace.json