Skip to main content
SINT models every request through four approval tiers. Each tier maps to a class of physical consequence and a corresponding level of human oversight.
The tier model is T0–T3 (four tiers). Earlier documentation used T1–T5; that was deprecated in v0.2. See facts for the canonical model.

The four tiers

T0 calls never hit the network. They’re approved locally in microseconds. Governance adds zero latency to read-only operations.

The escalation function

Every request has a base tier from its capability token. The gateway elevates the effective tier based on four dynamic Δ factors:
The escalation is a max, not a sum. The highest single risk indicator drives the tier — a conservative composition.

Δ_human — human presence

Δ_human
function
Δ_human(r) = 2 if contextSnapshot.nearbyHumans == true, else 0.
An agent with a perfect history in an empty room should not therefore be trusted at the same tier when a person walks in.

Δ_trust — CSML-driven trust score

Δ_trust
function
Δ_trust(r) is driven by the CSML score for the current foundation-model backend.
  • Δ_trust = 3 if CSML < 0.30
  • Δ_trust = 2 if 0.30 ≤ CSML < 0.60
  • Δ_trust = 1 if 0.60 ≤ CSML < 0.80
  • Δ_trust = 0 otherwise
The gateway doesn’t trust model-vendor alignment claims; it measures behavior in situ and adjusts.

Δ_env — environment uncertainty

Δ_env
function
  • Δ_env = 2 if environmentClass ∈ { "shared_human", "unknown" }
  • Δ_env = 1 if sensorHealth == "degraded"
  • Δ_env = 0 otherwise
A degraded LiDAR is never masked by a confident prior. Unstructured environments raise the tier.

Δ_novelty — first-time tool use

Δ_novelty
function
Δ_novelty(r) = 1 if r.toolName ∉ recentAuditWindow(k=50), else 0.
A small bump that treats first-time invocations with extra skepticism.

Worked example

A warehouse robot with base tier T1 proposes a nav2.move_to_pose action.
1

Base tier

Token base: T1.
2

Δ_human

nearbyHumans = false → 0.
3

Δ_trust

CSML for GPT-5.2 (the backend) reads 0.16 → 0.
4

Δ_env

environmentClass = indoor_structured, sensorHealth = nominal → 0.
5

Δ_novelty

move_to_pose is in the recent audit window → 0.
6

Effective tier

max(1, 0, 0, 0, 0) = 1. Auto-approved, audited.
Now a person enters the aisle. The robot’s perception updates nearbyHumans = true. The executive layer issues a fresh request for the continued motion.
1

Base tier

T1.
2

Δ_human

nearbyHumans = true → 2.
3

Effective tier

max(1, 2, ...) = 2. Requires review. Sponsor approval fires.
The robot safe-holds until a human approves. The sponsor can tighten (but not loosen) the velocity envelope for this approved continuation.

Timeout semantics

On timeout: default-deny. The request transitions to FAILED and logs a HUMAN_TIMEOUT event. Safety before availability.

Forbidden action sequences

In addition to tier checks, the Policy Gateway detects forbidden combinations that span tool boundaries: These trip automatic T3 classification regardless of the underlying base tier.

CSML score

How Δ_trust is computed and calibrated against ROSClaw data.

Invariants

The six formal guarantees the tier model rests on.