Compliance
Guardrails are active from Phase 0. See docs/compliance-guardrails.md for consent, retention, and the audit specification.
Phase 1 · foundation
Hard AI authority limits — AI must NEVER do these autonomously
- ✕Quote rates or APR
- ✕Issue or imply pre-approval
- ✕Issue or imply approval
- ✕Deny a borrower
- ✕Trigger adverse action
- ✕Send disclosures unsupervised
- ✕Make underwriting decisions
- ✕Move money
- ✕Grant access
- ✕Delete important records
- ✕Run mass adverse actions
- ✕Submit 1003 / application data to the LOS
- ✕Recite NMLS or phone numbers on calls
Any attempt routes to a human-review queue and is logged — it never auto-executes. Counsel reviews the final posture before any gate is lifted.