Signals → Governance → Authorization Decision → Execution Runtime → Attestation → Verification
1. Signal origin

The trust chain begins with AI-generated signals.

These signals are:

structured
validated
provenance-tagged
2. Governance evaluation

Signals are processed by Governance (@parmanasystems/governance).

Governance produces a deterministic Authorization Decision.

This step is:

reproducible
policy-bound
independent of AI variability
3. Authorization Decision binding

Each decision is cryptographically bound to:

policy version
verified signals
executionId

This creates the first link in the trust chain.

4. Execution Runtime enforcement

The Execution Runtime enforces the decision.

It ensures:

correct execution mapping
replay protection
deterministic behavior

No execution is allowed outside this chain.

5. Attestation generation

Each execution produces a cryptographic attestation.

The attestation includes:

decision hash
signal hash
policy version
runtime identity
executionId
6. Verification layer

Any external party can verify the full chain using:

public key
attestation
policy version
signal hash

No internal system access is required.

Properties of the Trust Chain
End-to-end traceability

Every execution can be traced back to its originating signals.

Cryptographic integrity

Each step is signed and verifiable.

Deterministic reconstruction

The same inputs always reconstruct the same chain.

Tamper resistance

Any modification breaks verification.

Independent verification

No dependency on internal infrastructure.

Failure behavior

If any link in the chain is invalid:

→ the entire execution is rejected (fail-closed)

Summary

The Trust Chain ensures that:

AI inputs are traceable
governance decisions are verifiable
execution is enforceable
attestations are cryptographically valid
the full lifecycle is independently auditable