The Layered Model

SATE operates on strict, isolated layers. Higher layers consume lower layers but cannot corrupt them. This ensures forensic soundness from observation to policy.

L0

Execution Truth

No Intelligence. Pure Observation.
SATE wraps execution contexts to capture the "Ground Truth". It generates a Sealed Proof Bundle containing execution timing, output hashes, and environment fingerprints. It detects "Jitter" (variance) by re-running commands.

L1

Behavioral Signals

Analysis Only. No Modification.
We extract signals from L0 evidence (e.g., "Exit Code instability", "Artifact Hash Drift"). We classify behaviors like "Mixed Determinism" or "Environment Coupling". We do *not* fix them here.

L2

Reasoning & Recommendations

No Side Effects.
SATE generates Causal Hypotheses (e.g., "Time-Dependent Input") and proposes abstract Remediation Options (e.g., "Control Time Inputs"). This layer thinks, but cannot act.

L3

Controlled Action

Authorized Execution. Mandatory Backup.
SATE applies *one* authorized stabilization action (e.g., injecting a `libfaketime` wrapper). Guarantee: Every L3 action triggers a cryptographic file backup before any write occurs.

L4

Governance & Policy

Governance Only. No Enforcement.
SATE learns from aggregated execution patterns across repositories. It proposes Policy Candidates (e.g., "Enforce Deterministic Ordering"), which must be explicitly ratified by a human.