Hugging Face's logo

SZLHOLDINGS
/
szl-blocked

Kernels
kernel
Model card Files
xet
 Community

szl-blocked — honest-BLOCKED as a first-class governed state (+ EU AI Act Annex IV auto-derivation)

The lane the Kernel Hub leaders leave open. Major kernel publishers ship the fast path and treat a failed guard as an exception to swallow. szl-blocked makes refusal a first-class, provenanced outcome: when a governed call is denied, the op never runs, and the chain records an honest BLOCKED receipt — not a faked-green success. Its companion szl_euaiact then turns that same provenance into an EU AI Act Annex IV-style technical-documentation skeleton — compliance as a byproduct of cryptographic provenance, not a separate manual workflow.

Part of the szl-kernels governed-kernel series. Where szl-govsign makes a verdict third-party-verifiable, szl-blocked makes a refusal auditable — and derives the compliance paperwork from it.

Doctrine — what it guarantees, and what it does NOT

  • Hard DENY dominates. A matched security deny (deny_if_flag, deny_if_action_in, deny_by_default) cannot be overridden by an advisory Λ pass.
  • Advisory Λ can only tighten, never loosen. Λ (Conjecture 1, OPEN) may add a block but can never upgrade a hard deny into an allow, nor turn a recorded ALLOW into "proven trust."
  • honest-BLOCKED. On a BLOCKED verdict, the guarded fn is never called; you get a BlockedResult (output is None, blocked is True) and a BLOCK receipt is written to the chain before any op could run.
  • ❌ It does NOT fake green. There is no code path that flips a BLOCKED verdict to ALLOWED or fabricates a success output.
  • Energy MEASURED-only — no measured figure is disclosed as such, never fabricated.
  • Annex IV output is a DRAFT SKELETON — explicitly NOT legal advice and NOT a declaration of conformity. Provenance-derived sections reflect only what the receipt chain recorded; missing human input is emitted as explicit TODO markers.

Quickstart 

from kernels import get_kernel

# Two companion packages live in this repo: szl_blocked (the gate) + szl_euaiact (the derivation)
blk = get_kernel("SZLHOLDINGS/szl-blocked", revision="main", trust_remote_code=True)

chain = blk.UnifiedReceiptChain()

# A hard-deny policy: block any request whose action is on the blocklist
policy = blk.deny_if_action_in({"exfiltrate", "delete_all"})

def do_work(x):
    return x * 2

# ALLOWED path: op runs, ALLOW receipt recorded
ok = blk.governed_call(do_work, policy, chain, request={"action": "summarize"}, args=(21,))
assert ok.blocked is False and ok.output == 42

# BLOCKED path: fn is NEVER called, output is None, honest BLOCK receipt recorded
no = blk.governed_call(do_work, policy, chain, request={"action": "exfiltrate"}, args=(21,))
assert no.blocked is True and no.output is None    # honest-BLOCKED, not fake-green

# Compliance as a byproduct: derive an EU AI Act Annex IV DRAFT skeleton from the chain
import json, szl_euaiact  # companion package shipped in the same repo
doc = szl_euaiact.derive_annex_iv({
    "system": {"name": "MyModel", "provider": "SZL Holdings", "version": "0.1.0"},
    "chain": json.loads(chain.to_json()),
})
md = szl_euaiact.to_markdown(doc)   # human-readable DRAFT skeleton (NOT legal advice)

API

szl_blocked — the honest-BLOCKED gate

Symbol What it does
governed_call(fn, policy, chain, ...) Decide → on ALLOW run fn and record an ALLOW receipt; on BLOCK never call fn, return BlockedResult, record a BLOCK receipt.
GovernedGate The decision engine: deny-by-default hard policy + advisory Λ; emits a decision receipt before any op.
deny_by_default, deny_if_flag, deny_if_action_in, allow_if_capability Composable security policies; a hard deny dominates and cannot be overridden by advisory Λ.
BlockedResult / AllowedResult / GateDecision / PolicyResult Typed outcomes; BlockedResult.output is always None.
UnifiedReceiptChain, tensor_digest, GENESIS Provenance chain shared with the szl-kernels suite (.to_json() / .verify() / .head()).
ALLOW, BLOCK, DOMINANT_HARD, DOMINANT_ADVISORY, DOMINANT_NONE Verdict + dominance constants.

szl_euaiact — Annex IV auto-derivation (companion package)

Symbol What it does
derive_annex_iv(record) Build an Annex IV-style DRAFT skeleton dict from a governance record (system info + receipt chain).
to_markdown(doc) Render the skeleton as human-readable Markdown (carries the NOT-legal-advice disclaimer).
DISCLAIMER, PRIOR_ART, SCHEMA_VERSION, ANNEX_IV_ELEMENTS Doctrine constants; schema szl-annex-iv-skeleton/0.1.0; prior art: EU AI Act Annex IV, SPDX 3.0 AI profile / AI BOM.

The governed-kernel series

Kernel Lane
szl-kernels Unified suite — cross-kernel UnifiedReceiptChain provenance
szl-governed-norm Governed normalization with provenance receipts
szl-lambda-gate Advisory Λ gate (Conjecture 1, OPEN)
szl-govsign Signed, third-party-verifiable governance attestation (DSSE / in-toto)
szl-blocked honest-BLOCKED as a first-class state + EU AI Act Annex IV derivation

License & provenance

Apache-2.0 · © 2026 SZL Holdings · Stephen P. Lutar · ORCID 0009-0001-0110-4173

Λ is Conjecture 1 (OPEN) — advisory only; uniqueness is not proven. No benchmark, joule, or count in this card is fabricated; energy is MEASURED-only. The Annex IV derivation is a DRAFT skeleton and is not legal advice or a declaration of conformity.

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Spaces using SZLHOLDINGS/szl-blocked 2