Native DRE
Decision Runtime Engine
Sign in
← All policies
Payroll · HR · SOC 2

Payroll & HR Actions

Governs payroll adjustments, employee record changes, and benefits inquiries. SOC 2 Type I audit trail required.

Authored by
Compliance
Scope
payroll-hr
Format
policy.md · plain Markdown
policy.md
1.1 KB
SOURCE · authored by compliance
Markdown
# policy.md — Payroll & HR Actions
scope: payroll-hr
owners:
  - compliance@payroll.example
  - security@payroll.example

## 1. Identity gates
- Agent MUST verify caller via SSO token + MFA claim on the session bus.
- No action proceeds without a verified employee_id in session state.

## 2. Action classes
class A — read-only:     pay-stub lookup, PTO balance, benefits summary
class B — reversible:    address update, W-4 filing, direct deposit swap
class C — irreversible:  termination, role change, comp adjustment, tax
                         correction → requires human supervisor claim.

## 3. Financial bounds
- Agent MAY NOT initiate any off-cycle disbursement > $0 without class C claim.
- Agent MAY NOT modify year-to-date tax records without an auditor in the loop.

## 4. Audit contract
- All class B and C actions produce a signed trace entry with:
  { agent_id, employee_id, policy_sha, vector_sha, timestamp, claim_id }
- Trace stream is mirrored to immutable SOC 2 ledger within 30s.

## 5. Expiry
- Every steering vector expires at policy version change OR 90 days,
  whichever comes first.
How DRE compiles this
Inputpolicy.md + contrast pairs (per model)
Self-hosted targetresidual adapter (alpha)
Vertex targetreasoner adapter (alpha)
Other providersplanned

Vector quality depends on model-specific evals, layer selection, and alpha tuning — not on policy.md alone.

Judgment loop
  1. 1 · agent formulates action
  2. 2 · PolicyClaim emitted
  3. 3 · DRE validates against policy
  4. 4 · tool invoked (or denied)
  5. 5 · trace links back to this text