Public Release - 2026-06-26

An action system earns trust when it can stop without pretending the task is solved.

Artifact: action_system_refusal_layer_v1. This note defines the refusal and review fields required before an action request can move from blocked state back into inspection.

action_request refusal_trigger evidence_gap authority_gap boundary_gap review_route reopen_condition

Evidence Map Registries Boundaries Counterexamples

Action System Refusal Layer v1 public evidence visual.

Artifact

Refusal is a control surface, not a personality trait.

The refusal layer treats stopping as an inspectable state. A system should record why it refused, which gap blocked action, where review should happen, and what would be required before the request can be reopened.

Gap Types

Evidence gaps and authority gaps must not be merged.

A system can have enough evidence but no authority, or authority but insufficient evidence. It can also face a boundary gap where the request has moved outside the validated scope. Each failure mode requires a different repair route.

Review

The reopen condition keeps refusal from becoming either theater or deadlock.

A refusal state is useful only if it names the review route and the condition that would make re-entry legitimate. Without that field, refusal becomes either vague caution or an unreviewable block.

action_request

The requested action before the system decides whether it can proceed.

refusal_trigger

The condition that forces the system to stop instead of improvise.

evidence_gap

The missing fact, receipt, proof, or observation required for action.

authority_gap

The missing permission, policy, human approval, or role boundary.

boundary_gap

The unresolved scope condition that makes action unsafe or unsupported.

reopen_condition

The concrete condition under which the request can return to review.