Governance & Safety

Bounded autonomy

Governance and safety in Atlas

Autonomy boundaries, human approvals, shared responsibility, audit trails, and controlled incident handling.

Autonomy boundaries

Atlas operates with bounded autonomy. Material actions are predefined with thresholds that cannot be exceeded without explicit approval. Autonomy cannot silently expand; kill controls and rollback paths are always available.

Human-in-the-loop approvals

Sensitive or irreversible changes require human approval before execution. Approvers see simulations, impact assessments, and rollback options. Approvals are tied to roles and domains to maintain accountable decision rights.

Shared responsibility with customers

Atlas enforces group governance and domain statutes; customers define their product charters, roles, and thresholds. Imisi supplies guardrails, kill controls, and evidence; customers set policy choices and approval pathways appropriate to their risk posture.

Action receipts and audit trails

Every material action generates an evidence-grade receipt: who approved, what was executed, why, when, expected/actual outcomes, and rollback state. Logs are immutable, exportable, and structured for regulatory and internal audit.

Incident handling philosophy

Atlas is designed for controlled failure modes. If triggers or thresholds are breached, Atlas can halt or rollback within its bounded autonomy. Operators retain authority to invoke kill or rollback at any time. Post-incident, Atlas provides full traces and explanations to support remediation, review, and regulatory inquiries.