Standard of Proof v2.0

Registry-backed, fail-closed authority standard

Last updated: 2026-01-19 • Applies to: Registry ≥ 2.0

1. Purpose

This Standard defines the evidentiary conditions under which Legacy Lens may issue, refuse, or decline to issue a governance decision.

It exists to prevent irreversible decisions from being made on assumption, probability, inference, runtime observation, or post-hoc rationalization.

This Standard is designed for post-incident scrutiny — the moment when an institution must answer not what was intended, but what can be proven.

2. Authority Scope

Legacy Lens operates as an independent deterministic decision authority.

It is invoked when a decision must survive examination by regulators, auditors, independent monitors, boards or risk committees, courts, or enforcement bodies.

Legacy Lens does not assist in execution. It defines the evidentiary limit of a system.

3. Core Principle

Where provability terminates, authority terminates.

Authority is issued only when system behavior is provable from source artifacts alone under a declared governance context.

If any behavior depends on runtime state not present in the artifacts, authority cannot be issued.

4. Declared Governance Context (Locked)

Every analysis is bound to a governance context declared prior to execution:

Environment: Production | Non-Production
Regulatory Scope: Regulated | Internal
Business Criticality: Low | Medium | High

Once recorded, the context is immutable, cannot be weakened post-analysis, and applies to all decisions derived from the bundle.

Changing context requires a new analysis and a new authority record.

5. Deterministic Evidence Requirement

A system is provable only if:

All control flow is statically resolvable.
All data dependencies are visible in artifacts.
All external effects are explicitly declared.
No behavior depends on runtime memory, state, or linkage not present in the submitted corpus.

Legacy Lens does not accept runtime telemetry, execution traces, logs, confidence scores, inferred behavior, AI interpretation, or test coverage claims.

6. Provability Boundaries (Canonical)

The following constructs terminate provability under all regulated contexts:

ALTER statements
GO TO DEPENDING ON
Dynamic or variable-name CALL
CICS commands without explicit RESP / RESP2
EXEC CICS HANDLE CONDITION, LINK, RETURN, START
IMS DL/I runtime resolution
Assembler entry points
Unresolved external dependencies
Any runtime-dependent control transfer

These are governance boundaries, not bugs.

7. Decision Outcomes

GO is issued only when no provability boundaries are present in scope, all behavior is provable from artifacts, and the declared context is satisfied. A GO does not certify compliance or runtime correctness; it certifies provability.

NO-GO is issued when provability boundaries are present and behavior cannot be proven deterministically. A NO-GO does not imply the system is broken. It states that behavior cannot be proven.

REFUSE is issued when artifacts are incomplete, malformed, or insufficient. REFUSE is a complete outcome.

8. Context Interaction Rule

Governance context influences interpretation, not provability. Context may affect how non-boundary evidence is described, but it cannot override provability boundaries. Boundary presence always terminates authority.

Thus: a system that is NO-GO under Production · Regulated · High remains NO-GO under Development · Internal · Low if the same provability boundaries exist. This is intentional.

9. Fail-Closed Posture

Legacy Lens operates fail-closed. False NO-GO is acceptable. False GO is unacceptable. Where provability terminates, authority terminates.

10. Registry Binding

Every authority record is bound to a specific registry version, a specific policy hash, and a specific evidence bundle. Registries are immutable once published. Authority cannot outlive the registry that issued it.

11. Evidence Bundles

Each decision produces an immutable evidence bundle containing bundle root hash, findings hash, discards hash, registry version and policy hash, declared governance context snapshot, and audience-specific PDFs.

Evidence is replayable indefinitely. Authority issuance is time-bound; evidence is not.

12. Explicit Non-Claims

Legacy Lens does not execute code, simulate runtime behavior, certify regulatory compliance, provide remediation guidance, predict future outcomes, infer intent or correctness, or assign risk scores.

13. Citation Language (Required)

Authority records must include:

This decision is issued under Legacy Lens Standard of Proof v2.0 and Registry version <X>. The declared governance context was recorded prior to analysis and is immutable. Where provability terminates, authority terminates.

14. Post-Incident Doctrine

Legacy Lens exists for the moment after a consent order, a regulatory finding, a failed migration, a disputed transaction, or a merger under scrutiny. When confidence collapses, only proof remains.