Framework design upload

spec/policy-model.md

@@ -0,0 +1,17 @@
+# Policy model (draft)
+
+Policies are deterministic rules enforced outside model weights.
+
+## Policy dimensions
+- tool allow/deny
+- network egress constraints
+- filesystem scope constraints
+- side-effect confirmation requirements
+- budget ceilings and escalation rules
+- data classification rules (PII, secrets, etc.)
+
+## Representation
+Initial representation may be:
+- YAML/JSON policy documents
+- versioned and referenced by `policy_ref`
+