# ============================================================================= # disclosure_tiers.yaml — the five-tier disclosure policy # ============================================================================= # Disclosure tier: TIER_0_PUBLIC # Schema version: 0.1.0 # Sealed: 2026-05-13 # Sealed by: Yahya (CTO, OptimaX Solutions LLC) # ============================================================================= # # This file is the canonical policy. It defines the five tiers, their # audience, and the rendering rules that govern what each audience may see. # The specific restricted-token enumeration is intentionally NOT in this # file. Token enforcement is implemented by the disclosure linter # (`governedai_site/build/disclosure_tier_check.py`); enumerating tokens # inside policy documents creates the self-referential leak class that the # linter exists to prevent. # ============================================================================= schema_version: "0.1.0" policy_id: "GOVERNEDAI_DISCLOSURE_TIERS_v0.1" sealed_at: "2026-05-13" sealed_by: "Yahya (CTO, OptimaX Solutions LLC)" tiers: TIER_0_PUBLIC: name: "Public" audience: - "Anyone, including external readers, search engines, language models" rendering_rule: > Surfaces marked TIER_0_PUBLIC may be rendered on any public surface. They must pass the disclosure-tier rendering contract at build time. No restricted runtime specifics, no patent-sensitive internals, no trade-translation content, no named prospective counterparties. examples: - "Public doctrine documents" - "The receipts registry (entries marked tier 0)" - "The schemas listing the shape of governed-AI evidence" - "The evaluator contract (public-contract level only)" TIER_1_PARTNER: name: "Partner" audience: - "Named counsel-vetted partner organizations under executed NDA" rendering_rule: > Surfaces marked TIER_1_PARTNER are rendered only inside the diligence room provisioned for the named technical evaluator listed in the access request. The fact that TIER_1_PARTNER surfaces exist is disclosable; the contents are not. examples: - "Architecture summary at partner depth" - "Partner-specific receipt detail" - "Tier 1 narrative depth on the five pillars" TIER_2_NDA: name: "NDA" audience: - "NDA-executed evaluators and retained counsel only" rendering_rule: > Surfaces marked TIER_2_NDA require NDA execution AND counsel review before disclosure. Implementation specifics, internal protocol specifications, and design-decision rationale at depth live here. examples: - "Implementation specifics" - "Internal protocol specifications" - "Design-decision rationale at engineering depth" TIER_3_INTERNAL_ONLY: name: "Internal Only" audience: - "OptimaX engineering and governance teams only" rendering_rule: > Surfaces marked TIER_3_INTERNAL_ONLY are never disclosed outside OptimaX. Operational artifacts, internal-only audits, sealed decision rationale at full depth. examples: - "Operational runbooks" - "Internal audit findings" - "Sealed decision rationale at full depth" TIER_4_PATENT_SENSITIVE: name: "Patent Sensitive" audience: - "Retained counsel only; never disclosed without counsel review" rendering_rule: > Surfaces marked TIER_4_PATENT_SENSITIVE are governed by the patent-sensitive boundary. Disclosure of any TIER_4 surface on a public artifact is a P0 governance violation. Token enforcement is implemented by the disclosure linter; the specific tokens are not enumerated in this file. examples: - "Patent-sensitive implementation details (governed by linter)" - "Filing-sensitive material under counsel review" rendering_contract: rule: > Every published artifact carries a `disclosure_tier` declaration. The build-time disclosure linter enforces that no artifact at a given tier renders content from a higher tier. enforcement: "governedai_site/build/disclosure_tier_check.py" contract_invariants: - "RC-G-1: every page declares its disclosure tier" - "RC-G-2: no tier-0 page renders tier-1+ content" - "RC-G-3: the linter is the policy enforcement; this file is the declaration" review_cadence_days: 180 next_review_due_at: "2026-11-09" status: active version: "0.1.0"