Policy
Allowed, denied, and approval-required actions are explicit.
Trust model
Trust is a runtime property.
RuleOak keeps important decisions outside the prompt: policies are evaluated by the runtime, risky actions can require approval, and runs produce audit-style records.
Evidence
Outputs can show what records, sources, or observations support them.
Approval
Human review can be required before risky or external actions.
Audit
Runs keep event records for review and learning.
Sandbox foundation
Deny-by-default controls for first-launch workflows.
RuleOak Core v1.0 includes filesystem, network, command, and tool policy guards with tests and threat-model documentation. It has not yet completed an external security review.