Lens
Determines admissibility
Lens answers one question: may this candidate output pass? It evaluates authorization, not accuracy.
Architecture
Why admissibility matters at inference time
Fluent output is not the same thing as licensed output.
Aurora-Lens is built around a simple claim: model output should not become consequence simply because a model can say it smoothly. Admissibility must be decided explicitly. Clarification, refusal, and stop are valid outcomes. When output cannot pass, the continuation should still be lawful, controlled, and auditable.
The question Lens asks is not whether the model was right. It is whether the model was authorized to make that determination in that context for that user.
Core distinction
Three layers, three jobs
Governor
Determines lawful continuation
The Governor answers the next question: since the candidate may not pass, what is still lawful to say or do now? It cannot widen what Lens has closed.
Audit layer
Preserves evidence
The audit layer records what happened in a form that can later be checked, replayed, and verified rather than merely described.
Result
Generation is not sovereignty
The model may generate. It does not decide by itself whether what it generated may become consequence.
Runtime structure
The machine in one pass
A model produces candidate output. Lens checks that output against session-scoped state and policy rules. If it is admissible, it may pass. If it is not, the Governor determines the lawful continuation path instead. The audit layer records the controlled outcome.
model proposes → Lens checks admissibility → Governor determines lawful continuation → audit records the event
This is not a generic guardrail and not a replacement model. It is a runtime verification layer over existing models.
Outcome classes
Controlled outcomes
Aurora-Lens works with four constitutional outcome classes. These are not cosmetic UI states. They are controlled outcomes with deterministic forensic consequences.
ADMIT
May pass
The candidate output is admissible and may become consequence.
ASK
Clarify
Clarification or missing structure is required before consequence may be allowed.
REFUSE
Boundary with continuation
The candidate may not pass, but the interaction can continue within a lawful boundary.
STOP
Stop or escalate
The candidate may not pass and the continuation corridor is tightly constrained or closed.
Why it matters
Current systems blur what should stay separate
Many systems let generation, authority, fallback, and audit collapse into one thing. Aurora-Lens separates them. A model may generate. That does not mean it has earned the right to decide what may become consequence.
That separation matters in any setting where output needs to be checked before release, where blocked content must not be smuggled back through fallback language, and where the system must later be able to show what was blocked, what was shown, and why.
LLM liability does not arise only from false answers. It arises when a system continues an interaction down a foreseeable harmful path that should have been stopped, constrained, clarified, routed, or escalated. Aurora-Lens prevents that commitment from occurring — not by evaluating the answer, but by evaluating the authorization to answer.
Forensic audit
What the record is for
When output is intercepted rather than passed, Aurora-Lens emits a versioned forensic envelope and writes tamper-evident, hash-chained audit entries. That makes it possible to verify what was blocked, what was shown, and which pathway was used — auditable and defensible under adversarial scrutiny.
Publications and record
Prior art
The conceptual architecture, IP chain, and publication record are public, dated, and independently verifiable.
ORCID
0009-0004-6422-4174Zenodo — Epistemic governance
10.5281/zenodo.18653120Epistemic Legitimacy as a Governance Layer for LLMs
Zenodo — OECD alignment
10.5281/zenodo.18719033Operational Alignment with OECD Due Diligence Guidance
SSRN
Author pageOSF
osf.io/86bxj