SERVICES
Phantom
The enforcement agent and human-in-the-loop gate.
Policy engine
Phantom is the enforcement layer behind the freeze. It surfaces AI-generated decisions and CVE-flagged packages for human review, then either releases them (approveAIDecision) or force-transfers them into quarantine. Every decision is consulted against owasaka's OPA policy and written to a signed audit trail.
Human review queue for AI-origin decisions
approve → unfreeze · reject → forcedTransfer(quarantine)
Force-quarantines packages with unresolved CVEs
Consults owasaka OPA (Rego) policy bundles
Cryptographically signed audit log
Internal architecture
Policy
OPA bundles
Versioned Rego policy sets
Evaluation
decision engine
Allow / deny per transfer
decision cache
Low-latency repeat lookups
Evidence
audit log
Cryptographically signed records
Position in the protocol
ADRToken policy gatePhantom