Kenshiki Labs Glossary

The Boundary Gate is the final emission checkpoint. It reads the Claim Ledger result and decides whether the response is authorized, partial, narrative-only, blocked, or needs tighter specification.

The Claim Ledger decomposes a response into atomic claims and checks each one against governed evidence. It records what held up, what failed, and why.

Clean Room is Kenshiki Labs' air-gapped deployment tier. Aurora-compatible database in your isolated environment. Documents ingested via secure media transfer. Zero network path. Full governance chain verifiable offline.

Kadai is the caller-facing reasoning API. It orchestrates governed retrieval, generation, evaluation, and output-state assignment before returning a response.

Kura is Kenshiki Labs' governed evidence store. It ingests source material, preserves provenance and retrieval boundaries, and defines what downstream answers are allowed to rely on.

Oracle Foundry is the ingestion and relationship-discovery subsystem in Kenshiki Labs that processes evidence to extract SIRE identity, detect overlaps and conflicts across sources, and build the topology for multi-source governance.

The Prompt Compiler rewrites a loose request into a governed query before any generation layer sees it. It applies CFPO structure so evidence, policy, and output expectations stay mechanically enforceable.

Refinery is Kenshiki Labs' private VPC deployment tier. Your infrastructure, Kenshiki Labs runs inside your network boundary. Ingestion endpoints are internal to your VPC. Same governance semantics as Workshop, with VPC-level isolation.

Workshop is Kenshiki Labs' shared-infrastructure deployment tier. Kura and orchestration run on Kenshiki Labs-managed AWS with multi-tenant isolation. Evidence is tenant-scoped via row-level security. Deployment takes hours. Best for teams starting with governance.

The Admissibility Gate runs before retrieval to verify that the required approved evidence exists for the operation in question. It is separate from SIRE exclusion and separate from authorization.

CFPO stands for Content, Format, Policy, and Output. It is the structure the Prompt Compiler uses to organize evidence, constraints, and response expectations inside the compiled prompt.

Chain-of-custody for AI is a complete, tamper-evident record of where evidence came from, what the model was allowed to see, what it claimed, whether claims were grounded, and why the output was released. It creates verifiable provenance for every answer.

Coverage is the fraction of eligible evidence examined during retrieval. High coverage (90%+) means the model had access to most relevant sources. Low coverage (<30%) means large gaps. Coverage is recorded in the Claim Ledger for every inference.

The evidence boundary is the line around what the system is allowed to use as real support for an answer. Everything inside it is governed, attributable, and scoped. Everything outside it is not authority.

Gates are policy enforcement points in the Kenshiki Labs pipeline. Retrieval gates check authorization. Claim gates verify grounding. Output gates enforce policy. Gates fire before decisions leave the system, not after.

Governed agency is the design pattern for autonomous AI agents that constrains evidence scope, tool access, and action authorization while leaving decision-making autonomous within those boundaries. Audit trail is recorded for every agent decision.

Governed evidence is source material that has been ingested, structured, scoped, and made admissible inside the Kenshiki Labs pipeline. It is not just retrieved text; it is evidence the system is prepared to defend.

An output state is the explicit classification attached to every Kenshiki Labs response, such as AUTHORIZED, PARTIAL, REQUIRES_SPEC, NARRATIVE_ONLY, or BLOCKED.

ReBAC stands for relationship-based access control. In Kenshiki Labs, it scopes evidence by caller identity and document relationship so the model only sees material the caller is authorized to use.

Runtime AI governance is the enforcement of access, policy, and disclosure rules at the moment an AI system generates a response — rather than after the fact through audit or before the fact through policy documents alone. It requires governance to sit inside the inference pipeline.

SIRE stands for Subject, Included, Relevant, and Excluded. It is the identity metadata that governs what a source covers, how it connects to other sources, and what it must never be used to answer.

The three-way absence distinction recognizes that absence of evidence can mean three different things: (1) Does not exist (the fact is false), (2) Not retrieved (the fact may exist but was outside scope), (3) Not authorized (the fact exists but the caller cannot access it). Correct policy response depends on which one occurred.

The bounded-synthesis pipeline is the end-to-end flow from identity and compilation through retrieval, generation, evaluation, and emission. Every stage operates inside a governed boundary.

The control plane is the part of Kenshiki Labs that governs what the generation layer may see, what claims it may emit, and what policies apply across the system.

Cross-plane policy propagation means governance rules defined in the control plane keep applying as requests move through build and orchestration layers instead of stopping at one integration boundary.

Portable agent identity is Kenshiki Labs' idea that the identity and scope rules attached to evidence should travel with the runtime rather than being reinvented at each layer or deployment tier.

Kenshiki Labs describes itself as a three-plane architecture: build, orchestration, and control. Build shapes evidence and prompts, orchestration runs inference, and control verifies and gates what leaves.