Piia-Engram per-item trust boundaries and refusal semantics #38
Patdolitse
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This is an Engram-authored, artifact-level note on piia-engram's implemented and documented trust boundaries and refusal semantics. It is not a standards proposal, and not an endorsement of any external comparison table. The refusals below apply when Engram's opt-in governance layer (
ENGRAM_GOVERNANCE) is enabled.The framing that matters: piia-engram is a user-owned identity and knowledge layer, not a codebase-enforcement layer. Retrieved memory may inform a model's context, but it does not by itself authorize tool execution, publication, export, overwrite, promotion, or any registry/release action. Provenance and confirmation state are shared concerns with other memory layers; action authority is not — it sits in a different layer.
What Engram refuses to do when the opt-in governance layer is enabled
Honesty / scope
These are implemented behaviors with public references (README / CHANGELOG / PRIVACY / source invariants), under the opt-in governance layer. Engram's boundary is a local-first policy boundary for a user-owned store; it is deliberately not a cryptographic or sandboxed enforcement layer. That is the design point — Engram governs disclosure, mutation, and promotion of a user's own memory; it does not sit in a tool-execution enforcement path.
Beta Was this translation helpful? Give feedback.
All reactions