We built this before we knew
what we had found.
In late 2025, we were trying to solve a specific problem: how do you make an automated decision about a person legitimate at the moment it happens. Every other approach intervenes after the fact. The USS intervenes before. Because of that, every decision it permits is also reconstructible, auditable, and defensible. Not as a feature bolted on. As a structural consequence of getting the timing right.
A decision was made about you. You do not know who made it, what they were authorised to decide, or whether anyone was accountable for the outcome. The system acted as if it had authority when no human ever declared it.
That is Ghost Authority. It remains structurally identical whether it happens in a hospital, a welfare office, a bank, a hiring process, or a care home. The domain changes. The structure does not.
The USS exists to make Ghost Authority structurally impossible. Not as a policy or a guideline. As a gate that either opens or stays closed.
Select your position and a domain below. The gate runs on two versions of the same decision: one with declared authority and one without. Watch what the mathematics does to a real decision.
L_valid false
state GAMMA
gate_hash null
error 403-GA
L_valid true
state ALPHA
gate_hash [SHA-256]
replay FIRST_SEEN
What the gate just decided
What declared authority changes
Why this matters to your institution
The USS does not sit across every decision.
Each organisation defines what counts as high risk for their context. That definition is theirs. A hospital decides which clinical actions require declared authority. A lender decides which credit decisions fall within scope. Once defined, that small category of decisions moves through the gate.
Some of those decisions are handled at the design stage, built into the system before it ever sees a live case. Others run through the API at the moment of decision. Either way, the gate applies the same rule: declared human authority must exist before the action proceeds.
In the rare case where authority cannot be confirmed, the gate stays closed. The action waits. This is not a bottleneck. It is the system doing exactly what it is supposed to do. In most domains, a decision that cannot be authorised immediately is a decision that should wait. The gate holds it there safely until someone with authority can sign off.
USS™ v2.4 is a deterministic, rule-based governance engine. Three detection layers. Four structural violation rules. Eleven automated decision categories derived from a mathematical closure across two domains. Seventy-five tests passing across eight test files. Every invariant enforced directly in code.
Severity is separated from impact. Decision is separated from measurement. Authority is separated from outcome. No machine learning in the decision path. Classification informs. Only the gate decides. No probability thresholds. No blended scores. No scalar collapse. No hidden weighting.
Existing governance systems describe what should happen. The USS™ enforces what structurally can happen. It is not a policy layer bolted onto an existing system. It is the layer that determines whether the system has permission to act at all.
The proof runs.
We welcome inquiries into the USS™ from institutions, regulators, and implementation partners.
[email protected]