Given this organization's rules, its risk tolerance, the agent's trust profile, the current operating environment, and the specific action requested — should this action proceed? Axiom answers with one of four dispositions: ALLOW, BLOCK, ESCALATE, or DEFER.
An agent holds valid authority and has passed the identity interlock. But authority is not permission. The question Axiom answers is: given this organization's rules, its risk tolerance, the agent's trust profile, the current operating environment, and the specific action requested — should this action proceed?
The answer is not yes or no. It is one of four dispositions — each carrying a specific consequence and a verifiable governance trace.
Axiom is the governance engine of the Ardyn platform — the Ardyn Axiom product, delivering Decision Trust. It evaluates organizational policy rules against structured inputs and renders a binding, auditable decision. Every decision produces a governance trace: an immutable, replayable record of which rules were evaluated, which matched, and why.
Axiom's policy evaluation engine uses a three-layer architecture. Rules are evaluated in order within each layer. The first matching rule determines the disposition.
read_ledger for all agents; block delete_production_data."transfer_funds actions." Action Request
│
▼
┌──────────────────────────────────────────────────┐
│ Axiom Policy Engine │
│ │
│ Inputs: │
│ ├─ Action: tool, parameters, resource, amount │
│ ├─ Principal: identity, role, ATP │
│ ├─ Authority: Forge grants, delegation chain │
│ ├─ Environment: time, risk level, threat flags │
│ └─ Policy: versioned, hash-pinned rule set │
│ │
│ Evaluation: │
│ 1. Business rules ──► match? ──► disposition │
│ 2. Operational rules ──► match? ──► disposition │
│ 3. Technical rules ──► match? ──► disposition │
│ 4. No match ──► default_disposition │
│ │
│ Output: │
│ ├─ Disposition: ALLOW / BLOCK / ESCALATE / DEFER│
│ ├─ MatchedRule: policy_hash, rule_id, layer │
│ └─ Governance Trace: full evaluation record │
└──────────────────────────────────────────────────┘
Axiom's foundational principle is policy sovereignty: each organization controls its own rules. Ardyn does not impose a default policy. Different tenants, departments, and workflows within the same organization can have different policies. A policy is a JSON document with a cryptographic hash — versioned, signed, and immutable once activated.
When no rule matches an action, the policy's default_disposition field determines the outcome:
A healthcare organization operates autonomous agents that process patient records, schedule appointments, and authorize insurance claims.
{
"policy_id": "healthcare-v3",
"policy_hash": "sha256:9a8b7c...",
"default_disposition": "Deny",
"rules": {
"business": [
{
"rule_id": "claim-limit",
"condition": "action == 'authorize_claim' AND amount > 100000",
"disposition": "ESCALATE",
"reason": "Claims above $100k require medical director review"
}
],
"operational": [
{
"rule_id": "phi-access",
"condition": "action == 'read_patient_record' AND agent.role == 'scheduling'",
"disposition": "ALLOW"
},
{
"rule_id": "phi-admin",
"condition": "action == 'modify_patient_record'",
"disposition": "BLOCK",
"reason": "Only human clinicians may modify patient records"
}
],
"technical": [
{
"rule_id": "hardware-requirement",
"condition": "action == 'authorize_claim' AND agent.atp.hardware_tiers.hardware_attested < 95",
"disposition": "ESCALATE",
"reason": "Agent attestation rate below threshold"
}
]
}
}
read_patient_record for patient #89012.phi-access matches — agent.role == 'scheduling'. Disposition: ALLOW.healthcare-v3, rule phi-access, inputs snapshot, decision ALLOW.claim-limit matches — amount exceeds $100,000. Disposition: ESCALATE.Axiom is a governance engine, not an authority manager or execution platform.
Axiom checks whether policy permits an action. It does not determine whether the agent holds the authority to perform it. That is Forge's domain.
Axiom decides; AAECP executes. The decision and the execution are separate events, each producing its own AEA.
Axiom produces governance decision AEAs. Execution evidence (tool execution AEAs, DDCs) is produced by the attestation pipeline.
Axiom consumes ATPs as input. It does not produce them.
Axiom is a technical governance engine. It does not replace a board of directors, a compliance committee, or a regulatory framework. It operationalizes their rules.
Fail-closed behavior is enforced: an agent with a policy that cannot be loaded returns 500 POLICY_NOT_FOUND.
Forge provides authority state. ATP provides trust profiles. AEA provides the evidence substrate for trust evaluation.
AAECP receives Axiom's decision and proceeds with governed execution or halts. ACTA records Axiom decisions as organizational cognition.
Any party can replay Axiom decisions: given the policy version hash, input snapshot, and decision output, a verifier re-runs the policy engine and confirms correctness.
Axiom decisions are independently verifiable — the governance trace is itself an AEA, making it self-contained, signed, and chain-linkable.
The policy version used to render a decision is recorded by its cryptographic hash. A verifier can confirm that the policy has not been modified since the decision was rendered.
Given the policy, the input snapshot (principal identity, ATP, authority state, action parameters, environment), and the decision output, a verifier can re-run the policy evaluation and confirm that the same rules matched in the same order and produced the same disposition.
Every decision carries a governance trace: the full list of rules evaluated, which matched, which did not, and why. A verifier can walk the trace and confirm that no rule was skipped and no disposition was changed.
The policy engine is implemented in crates/policy-engine and runs in-process within the Ardyn Core gateway. The 3-layer evaluation architecture (business/operational/technical, first-match-wins) is production-deployed.
Per-agent policy enforcement is wired through PUT /v1/agents/:id/policy — each agent is assigned a policy_id, and the handler path loads and evaluates the correct policy for each request. The default_disposition field (Allow/Deny/Escalate) is implemented and tested, making the no-match case explicit rather than an implicit fall-through. Fail-closed behavior is enforced.
The standalone Axiom gateway (axiom-gateway, a separate binary on ardyn-axiom:3101) provides governance services including simulation, confidence scoring, reconciliation, and the full 7-layer governance trace. The cross-service integration between Core's in-process policy engine and the standalone Axiom gateway is a planned future enhancement.