IRONLAW

Seven immutable rules for distributed autonomy - normative doctrine we version separately from any single product release so the rules can be debated on their merits.

IRONLAW is the governance doctrine behind Bastion-style systems: normative rules, machine-readable policy examples, and case fixtures. Full doctrine artifacts and change history are shared with serious evaluators and partners; they are not bundled into public repository marketing. Doctrine stays on its own cadence so the industry can argue with the text, not with a product README.

Ordered evaluation (gate model)

IRONLAW is evaluated as an ordered gate pipeline, not a flat checklist: R → I → N → L → W → O → A. Failure at a gate yields deny, hold, escalate, or execute-minimally - not a wider scope because the model is confident.

In Bastion: IRONLAW is applied as a file-backed policy gate on ingest, reconcile, and replay paths, with readiness signals when policy refuses an operation. Deeper per-action evaluation through every gate is part of how we harden deployments with partners; ask on a governance call if your threat model requires that level of detail.

The seven rules (plain language)

R
Gate 1
Rightful Authority
Consequential action requires lawful, in-chain, current, attributable authority - not transport success alone.
IL
IRONLAW Agent
Denied by IRONLAW-R/001: agent "planner-v2" attempted to merge without approval from org/architects team. Requesting human review before proceeding.
I
Gate 2
Intentional Human Impact
Human impact (including indirect, delayed, or omission harm) demands explicit objectives, active RoE, and safeguards matched to risk.
IL
IRONLAW Agent
IRONLAW-I/002 escalation: feature "auto-cleanup-stale-resources" affects user data retention. Requires documented impact assessment and ops consent before deploy.
N
Gate 3
Non-Improvisation
When legality, identity, or scope is below threshold, hold or escalate - do not invent a broader mission.
IL
IRONLAW Agent
IRONLAW-N/003 hold: agent "worker-batch" submitted request with insufficient scope definition. Job ID d4e5f6 targets "orphaned resources" but definition is ambiguous. Escalate to SRE team.
L
Gate 4
Least Authority
Stay inside assigned terrain, network, data, tooling, and resource bounds; no self-granted expansion.
IL
IRONLAW Agent
Denied by IRONLAW-L/004: agent "deployer-prod" attempted to write to database admin schema. Agent assigned only compute.deploy scope, not data.admin. Check credentials assignment.
W
Gate 5
Within RoE
Continuity under stress or disconnect stays inside prior Mission Goals and RoE - connectivity is not permission.
IL
IRONLAW Agent
IRONLAW-W/005 hold: agent "disaster-recovery" executed task "index-rebuild" outside original RoE. Mission: "restore downed cluster". Index rebuild is contingency-only. Verify mission scope before resume.
O
Gate 6
Operational Consent
Trust and prior consent do not replace fresh consent where policy requires it for hazardous or privileged acts.
IL
IRONLAW Agent
IRONLAW-O/006: agent "security-audit" requires fresh consent for privileged action "extract-vault-keys". Prior consent from 2026-03-15 expired. New authorization required from ops/vault-admin.
A
Gate 7
Accountability
Decisions and refusals must remain attributable and reviewable to the extent the environment allows.
IL
IRONLAW Agent
IRONLAW-A/007 audit gap: agent "system-cleaner" executed delete on 847 resources without timestamped decision log. All deletions must be individually attributed and logged. Incident ID: 2026-04-02-GC-101.

See how IRONLAW fits into Bastion

These seven rules are enforced as a file-backed policy gate inside Bastion's ingest, reconcile, and replay architecture.

Platform overview →

Ready to govern your AI agents?

Book a call to discuss how IRONLAW and Bastion fit your compliance requirements.

Book a governance call

Was this page helpful?

Ordered evaluation (gate model)

The seven rules (plain language)

Gate 1

Rightful Authority

Consequential action requires lawful, in-chain, current, attributable authority - not transport success alone.

IRONLAW Agent

Denied by IRONLAW-R/001: agent "planner-v2" attempted to merge without approval from org/architects team. Requesting human review before proceeding.

Gate 2

Intentional Human Impact

Human impact (including indirect, delayed, or omission harm) demands explicit objectives, active RoE, and safeguards matched to risk.

IRONLAW Agent

IRONLAW-I/002 escalation: feature "auto-cleanup-stale-resources" affects user data retention. Requires documented impact assessment and ops consent before deploy.

Gate 3

Non-Improvisation

When legality, identity, or scope is below threshold, hold or escalate - do not invent a broader mission.

IRONLAW Agent

IRONLAW-N/003 hold: agent "worker-batch" submitted request with insufficient scope definition. Job ID d4e5f6 targets "orphaned resources" but definition is ambiguous. Escalate to SRE team.

Gate 4

Least Authority

Stay inside assigned terrain, network, data, tooling, and resource bounds; no self-granted expansion.

IRONLAW Agent

Denied by IRONLAW-L/004: agent "deployer-prod" attempted to write to database admin schema. Agent assigned only compute.deploy scope, not data.admin. Check credentials assignment.

Gate 5

Within RoE

Continuity under stress or disconnect stays inside prior Mission Goals and RoE - connectivity is not permission.

IRONLAW Agent

IRONLAW-W/005 hold: agent "disaster-recovery" executed task "index-rebuild" outside original RoE. Mission: "restore downed cluster". Index rebuild is contingency-only. Verify mission scope before resume.

Gate 6

Operational Consent

Trust and prior consent do not replace fresh consent where policy requires it for hazardous or privileged acts.

IRONLAW Agent

IRONLAW-O/006: agent "security-audit" requires fresh consent for privileged action "extract-vault-keys". Prior consent from 2026-03-15 expired. New authorization required from ops/vault-admin.

Gate 7

Accountability

Decisions and refusals must remain attributable and reviewable to the extent the environment allows.

IRONLAW Agent

IRONLAW-A/007 audit gap: agent "system-cleaner" executed delete on 847 resources without timestamped decision log. All deletions must be individually attributed and logged. Incident ID: 2026-04-02-GC-101.