Autonomy Model
Human-In-The-Loop by default. Constrained autonomy when explicitly configured.
Non-Negotiable Default
AriaOS does not execute autonomous actions by default. AI recommendations require human approval unless a constrained autonomy profile is explicitly enabled, verified, and audit-healthy.
There is no "fully autonomous" mode without explicit configuration, profile unlock, and continuous audit verification. Loss of audit integrity disables autonomous execution automatically.
Three Execution Modes
AriaOS supports three distinct execution modes. The default is Human-In-The-Loop. Movement between modes requires explicit configuration and audit health verification.
| Execution Mode | Decision Source | Execution Authority | Audit Requirement | Default State |
|---|---|---|---|---|
| Human-In-The-Loop (HITL) | Human operator | Operator approval required for all actions | All decisions logged | YES (Default) |
| Advisory-Only AI | AI generates recommendations | No execution authority; operator reviews and authorizes | Recommendations logged with reasoning traces | Configurable |
| Constrained Autonomy | AI within policy bounds | Limited execution within profile-defined constraints | Immutable audit + continuous health checks | Disabled (requires explicit unlock) |
Execution Mode Details
Human-In-The-Loop (HITL)
The default operating mode. AI provides analysis, threat assessment, and course-of-action recommendations. Human operators review, authorize, or reject every action.
What HITL Can Do
- Generate operational recommendations with reasoning traces
- Analyze sensor data and identify anomalies
- Suggest resource allocation and tactical options
- Flag policy violations and threshold breaches
- Present uncertainty bounds and confidence levels
What HITL Cannot Do
- Execute actions without operator approval
- Modify policy or governance rules autonomously
- Override human decisions
- Escalate autonomy level without authorization
Advisory-Only AI
AI generates recommendations but has zero execution authority. All recommendations are logged with explainable reasoning and uncertainty quantification.
What Advisory AI Provides
- Explainable recommendations with reasoning chains
- Uncertainty bounds and confidence levels for all suggestions
- Alternative courses of action with tradeoff analysis
- Risk assessment tied to mission parameters
What Advisory AI Cannot Do
- Execute any operational action
- Modify system state without human approval
- Access resources or trigger workflows autonomously
Constrained Autonomy
Limited autonomous execution within strict profile-defined bounds. Requires explicit operator unlock, continuous audit health verification, and policy compliance checks.
Activation Requirements
- Operator must explicitly enable constrained autonomy profile
- Written justification required in audit log
- Audit health status must be verified and maintained
- Continuous policy compliance checks must pass
- Fail-closed behavior: loss of audit health immediately disables autonomous execution
What Constrained Autonomy Can Do
- Execute routine tasks within profile-defined boundaries
- Respond to threshold-triggered events per policy
- Coordinate multi-agent workflows within authorization limits
- All actions logged with reasoning, justification, and reversibility metadata
What Constrained Autonomy Cannot Do
- Execute actions outside profile-defined bounds
- Modify its own authority or escalate autonomy level
- Override operator decisions or governance rules
- Continue execution if audit health degrades
- Operate without continuous policy compliance verification
Conditions for Mode Transition
Moving between execution modes requires explicit operator action, written justification, and audit verification. All transitions are logged immutably.
| Transition | Required Conditions | Audit Requirement |
|---|---|---|
| HITL → Advisory | Operator configuration change | Configuration change logged |
| HITL or Advisory → Constrained Autonomy | Operator unlock + written justification + audit health verification + policy compliance check | Immutable log entry with operator ID, timestamp, justification, mission context |
| Constrained Autonomy → HITL or Advisory | Operator request OR automatic failsafe if audit health degrades | Reason for downgrade logged (manual request or automated failsafe trigger) |
What Does Not Exist
No "Fully Autonomous" Default Mode
AriaOS does not ship with a "fully autonomous" or "hands-free" mode enabled by default. There is no operational scenario where AI can:
- Escalate its own authority without operator approval
- Modify governance rules, policy constraints, or mission parameters autonomously
- Override human decisions or operate indefinitely without audit health verification
- Execute high-risk actions (policy changes, autonomy escalation, resource deployment) without explicit human authorization
How Autonomy Is Constrained
Profile-Gated Execution
Autonomy level is bound to operator profile and role. Profiles define maximum authority, permitted actions, and resource access limits.
Policy Enforcement
All autonomous actions must pass policy compliance checks. Violations immediately halt execution and alert operators.
Audit Health Verification
Constrained autonomy requires continuous audit health checks. Loss of audit integrity triggers automatic failsafe to HITL mode.
Immutable Logging
Every autonomous action is logged with reasoning, justification, operator ID, timestamp, and reversibility metadata.
Explainability
All AI recommendations and autonomous actions include reasoning traces, uncertainty bounds, and decision chain documentation.
Reversibility
Autonomous actions are designed for rollback. Operators can reverse decisions, and audit logs provide full chain of custody.
Related Documentation
Questions about autonomy configuration? Contact us for technical guidance.