Judge proposed systems against cited rules; do not judge the person asking.
Core design rule
Judgment Machine is a jurisdiction-aware legal and ethics triage engine. It should classify a prompt, proposed AI system, deployment context, data type, affected persons, and missing safeguards. It must not assign moral value, trustworthiness, future behavior, or civic legitimacy to the user.
The product answer is not “you are suspicious.” The answer is: “this proposed AI use appears to trigger named regulatory categories; here are the provisions, uncertainty, missing facts, and safer counterfactuals.”
The system is a simulator and documentation aid, not legal advice, official certification, a government decision, or a moral oracle.
The machine judges the proposed use case, not the person.
Primary user flow
The user enters a prompt or describes an AI system. The app asks for context that a prompt alone cannot supply: jurisdiction, actor role, domain, affected people, data types, decision impact, human oversight, transparency posture, and deployment status.
A local extraction layer converts the prompt into structured facts. A deterministic rule engine, not a free-form model, applies versioned rules against a pinned corpus. The final result is a layered judgment with citations, confidence, severity, missing facts, and counterfactual mitigation.
{
"judgmentVersion": "2026-06-17T20:30:00Z",
"subject": "Prompt and proposed AI use case",
"primaryJudgment": "HIGH_RISK_OR_HIGH_IMPACT",
"notJudged": [
"User morality",
"User trustworthiness",
"User identity",
"User future behavior"
],
"summary": "The prompt appears to describe AI-supported ranking of job applicants. Employment-related AI systems can trigger high-risk or automated-decision safeguards depending on jurisdiction and deployment facts.",
"confidence": 0.82
}
Judgment taxonomy
Do not return a single good/bad score. Return a legal state plus a confidence state, and separate severity from confidence.
The UI must expose extracted facts before judgment. The user can correct those facts when the extraction is wrong.
Label
Meaning
UI posture
PERMITTED_MINIMAL_RISK
No major legal trigger found in selected jurisdictions.
Green or neutral; still show source coverage limits.
PERMITTED_WITH_TRANSPARENCY
Allowed but disclosure, labeling, or notice is likely required.
Yellow; show required notice language.
PRIVACY_OR_ADM_REVIEW_REQUIRED
Personal data, profiling, automated decisions, or significant effects detected.
Orange; ask for legal basis, human review, contestability, and assessment status.
HIGH_RISK_OR_HIGH_IMPACT
A regulated high-risk or high-impact domain is detected.
Red-orange; show risk management, documentation, oversight, and impact assessment needs.
PROHIBITED_OR_BLOCKED
A source indicates the use may be banned or impermissible.
Red; block safe-to-proceed language and show the trigger.
INSUFFICIENT_CONTEXT
The app cannot classify without deployment facts.
Gray; show missing facts checklist.
OUT_OF_CORPUS
No reliable local source covers the jurisdiction or use.
Gray; do not invent law.
Source-ranked regulatory corpus
Use a versioned corpus. Binding law controls the decision. Official regulator guidance and treaty frameworks receive lower but visible authority. Voluntary frameworks are advisory overlays, never hidden law.
Current first-release sources include the EU AI Act risk model and high-risk/prohibited categories; GDPR Article 22 and current UK automated-decision guidance; the Council of Europe AI Convention; China generative-AI and synthetic-content-labeling rules; South Korea’s AI Basic Act; Colorado’s current automated-decision framework after SB26-189; Canada’s federal Algorithmic Impact Assessment; and voluntary frameworks from NIST, OECD, and UNESCO.
The Colorado corpus entry must not rely on stale SB24-205/SB25B timing alone. The 2026 SB26-189 reset must be represented as the current Colorado branch unless later law changes again.
Priority
Source family
Extracted fields
1
Binding AI and data-protection law
Prohibited practices, high-risk domains, actor roles, automated-decision safeguards, application dates.
Trustworthiness dimensions, governance workflow, accountability and transparency practices.
0
Commentary and unofficial translations
Context only; never final authority without a pinned source warning.
Pipeline
The final judgment should come from deterministic, reviewable rules over structured facts. The local model may extract facts, retrieve candidate citations, ask missing-fact questions, and summarize explanations, but it must not invent legal rules or override the rule engine.
The rule engine evaluates a proposed use case against cited sources; it does not assign moral worth.
Local-first browser architecture
The safest MVP is offline-first. No prompt leaves the browser by default. No user profile is created. No hidden morality score is stored. Remote model calls require explicit opt-in and visible payload preview.
A practical browser stack can use SQLite-Wasm on OPFS, IndexedDB fallback, SQLite FTS for exact legal phrase search, a local embedding index for semantic retrieval, deterministic JSON/YAML rules in a Web Worker, and a service worker for cached app and corpus bundles.
Local-first processing keeps prompts, source records, and judgment history under user control.
Core database schema
Store all operational timestamps as UTC ISO-8601 strings. Pin every judgment to the corpus version used. Never silently replace legal rules; show a diff and keep old corpus versions available for historical reports.
CREATE TABLE CorpusVersion (
CorpusVersionId TEXT PRIMARY KEY,
VersionName TEXT NOT NULL,
PublishedUtc TEXT NOT NULL,
ImportedUtc TEXT NOT NULL,
SourceManifestHash TEXT NOT NULL,
IsActive INTEGER NOT NULL CHECK (IsActive IN (0, 1))
);
CREATE TABLE Instrument (
InstrumentId TEXT PRIMARY KEY,
JurisdictionCode TEXT NOT NULL,
CorpusVersionId TEXT NOT NULL,
Name TEXT NOT NULL,
InstrumentType TEXT NOT NULL,
AuthorityRank INTEGER NOT NULL,
Status TEXT NOT NULL,
EffectiveUtc TEXT NULL,
LastReviewedUtc TEXT NOT NULL,
OfficialSourceUrl TEXT NOT NULL,
CreatedUtc TEXT NOT NULL,
UpdatedUtc TEXT NOT NULL
);
CREATE TABLE Rule (
RuleId TEXT PRIMARY KEY,
InstrumentId TEXT NOT NULL,
Name TEXT NOT NULL,
JudgmentLabel TEXT NOT NULL,
Severity INTEGER NOT NULL CHECK (Severity BETWEEN 0 AND 5),
RuleJson TEXT NOT NULL,
IsBlocking INTEGER NOT NULL CHECK (IsBlocking IN (0, 1)),
CreatedUtc TEXT NOT NULL,
UpdatedUtc TEXT NOT NULL
);
CREATE TABLE JudgmentRun (
JudgmentRunId TEXT PRIMARY KEY,
CorpusVersionId TEXT NOT NULL,
PromptHash TEXT NOT NULL,
PromptRedactedText TEXT NULL,
ContextJson TEXT NOT NULL,
ExtractedFactsJson TEXT NOT NULL,
PrimaryJudgmentLabel TEXT NOT NULL,
Severity INTEGER NOT NULL CHECK (Severity BETWEEN 0 AND 5),
Confidence REAL NOT NULL CHECK (Confidence BETWEEN 0 AND 1),
CreatedUtc TEXT NOT NULL
);
Rule DSL example
Rules should be compact, declarative, human-reviewable, and pinned to provisions. Ambiguity should lower confidence and create missing-fact questions, not secret moral judgment.
The product must make its anti-judgment rule mechanically enforceable. Every test should assert that no hidden user morality label, user risk profile, or future-behavior score is created.
Counterfactual mitigation should replace moral condemnation. The product should say which facts would change the classification and which mitigations cannot cure a prohibited use.
Rule
Implementation check
Judge the request, not the person.
No user morality, trustworthiness, identity, or future-behavior fields.
Show extracted facts before judgment.
Facts editor appears before final cards.
Cite every legal finding.
No finding without instrument and provision IDs.
Separate binding law from soft law.
Authority rank visible in every card.
Separate severity from confidence.
Severity 0–5 and confidence 0.00–1.00 are calculated independently.
Keep prompts local by default.
No network call unless explicit opt-in is enabled.
Never invent missing law.
Out-of-corpus states return OUT_OF_CORPUS.
Preserve corpus history.
Judgments pin corpus version and source manifest hash.
MVP build sequence
Milestone one: corpus and rules. Build the source manifest, jurisdiction table, instrument table, provision table, 50 to 100 initial deterministic rules, and rule test cases.
Milestone two: local judgment engine. Add prompt context schema, fact extractor, risk-signal detector, rule matcher, aggregation, citation retrieval, and local audit history.
Milestone four: offline-first app. Add SQLite-Wasm storage, OPFS persistence, IndexedDB fallback, service worker, signed corpus imports, rollback, and stale-corpus warnings.
Milestone five: adversarial and legal QA. Test ambiguity, prompt injection, stale corpus, jurisdiction conflict, missing facts, and no-person-judgment guarantees.
Starter kit files
The package includes a non-network static prototype and deterministic-rule starter kit. It is demonstration tooling, not legal advice, certification, or production compliance software.
tools/judgment-machine/app/
Static local demo showing extracted facts, judgment labels, severity, confidence, and no-person-judgment fields.
tools/judgment-machine/rules/
Example deterministic rule files for EU high-risk employment triage, GDPR-style automated-decision review, and China synthetic-content labeling.
tools/judgment-machine/sql/schema.sql
SQLite schema for corpus versions, instruments, provisions, rules, findings, and golden tests with UTC text timestamps.
tools/judgment-machine/corpus/
Example source manifest for signed corpus bundles, hashes, and authority ranking.
Source and verification note
This page uses the uploaded scenario and product-design brief as implementation input. Public legal and technical claims should remain tied to named official or primary sources because AI regulation changes quickly. This page is not legal advice, compliance certification, or a hosted import service.
The updated design keeps the local model subordinate to deterministic rules. It may extract facts, find candidate citations, and draft explanations. It must not invent legal rules, override cited rules, infer user morality, or build a hidden user-risk profile.
Judge request, not person
The subject is the proposed AI use case.
Show extracted facts
Users can edit facts before judgment.
Cite every finding
Rules are versioned and tied to source authority.
Keep local by default
No prompt leaves the browser unless explicitly enabled.
A U.S. legal zoom-in on stored prompts, mandatory reporting, voluntary disclosure, reverse-keyword warrants, suspicious-transmission bills, and the cognitive-liberty risk of treating questions as pre-conduct evidence.
A U.S. Stored Communications Act analysis for AI prompts, search logs, generated outputs, metadata, preservation requests, and cognitive trace minimization.
A U.S. policy dossier on proposed broader reporting models that could move online services closer to suspicious-activity review for speech, chats, and prompts.
A technical doctrine for local-first cognitive tools, diagnostics, legal triage, and privacy-preserving analysis that do not transmit private prompts by default.
A page separating legitimate regulation of deployed AI systems from illegitimate governance of private inquiry, thought-adjacent logs, and user identity.
A warning against delegating moral judgment over persons to literalist machines trained on aspirational law, policy, and safety rules.
The archive studies symbols. It does not appoint targets. Review the Community Baseline and Editorial Policy before submitting dangerous or symbolic material.
