EOC Validation · Sub-Page
Architecture Overview
Behavioral description of the five subsystems that make AriaOS governance work end-to-end under operational load.
Adapter Pattern
AriaOS uses a swappable adapter pattern that allows evaluators to run the full console against an in-memory simulation without access to a live AriaOS instance. The same interface contract connects to production deployments with no application-layer code changes. Mode selection is handled by a single environment variable.
Audit Chain
Every audit-relevant event extends a SHA-256 hash chain with sequential integrity verification. Each entry links cryptographically to its predecessor. Tampering with any past entry invalidates all subsequent hashes. The chain is verified on demand and survives network partitions without integrity loss. An in-memory ring buffer retains recent entries for fast verification.
Pre-LLM Compliance Gate
A mandatory compliance gate runs PII / PHI redaction, policy-cache enforcement, and audit-chain provenance stamping before any prompt reaches either AI tier. Provider contracts require no-training guarantees. The gate cannot be bypassed regardless of tier, network state, or operator role. Output from either tier carries provenance metadata forward to the HITL queue.
HITL Decision Queue
All AI-proposed actions enter a pending queue and cannot execute until an operator explicitly approves. Both approval and rejection are recorded as audit-chain events. No downstream action — resource orders, public alerts, evacuation changes — dispatches without human authorization. Each decision carries the proposing tier, confidence score, standards channel that fires on approval, and pre-LLM compliance attestation.
Dual-Tier AI
The local sovereign tier is the unconditional default under any degraded network condition. Cloud augmentation activates only when the system reports healthy connectivity and policy permits. Both tiers produce identical output envelopes, enabling seamless interleaving of local and cloud drafts during partial-connectivity windows. Cloud-only capabilities degrade gracefully to local-tier substitutes when the cloud is unavailable.