Each pillar runs as a non-bypassable subsystem inside the agent's execution path.
PILLAR 01 · HARD RULES
Food safety + allergen filters · never overridden
When a shopper declares a peanut, dairy, gluten, soy, shellfish, or tree-nut allergy
— the agent will never recommend, substitute, or surface a product
containing that allergen. Not "tries to avoid." Not "weighted lower."
Cannot be overridden by any promotional or merchandising lever in the system.
Allergen filter · 14 declared allergens · matched against ingredient + cross-contamination metadata
Dietary strict-mode · vegan, kosher, halal, GF certified — hard match, no "close enough"
Pediatric safety · choke-risk, texture, age-band · for households with kids 2–7
Recall propagation · CDC/FDA recall feed → SKU removed within minutes
PILLAR 02 · REGULATORY COMPLIANCE
FDA · FTC · state · pre-validated at emit
Every claim the agent makes is pre-validated against the regulatory framework
that governs the claim. Health claims meet FDA criteria; sponsored content
carries explicit FTC disclosure; alcohol + tobacco respect each state's age-gate and
delivery rules. Failed claims never serve — at all.
FDA qualified health claims · pre-validated against 21 CFR 101.14
FTC ad disclosure · sponsored content auto-labeled · agentic surfaces too
Per-state rules · alcohol + tobacco · 50-state matrix · per-tenant overlay
Pricing accuracy · scanner-law compliance · agent never surfaces stale price
PILLAR 03 · AUDIT TRAIL
Every decision logged · every claim traceable
Every agent output is logged with the shopper context, the model version, the catalog
source, the operator levers active at the time, and the regulatory checks that approved
it. "Why did the agent recommend this?" is answerable in under 5 seconds
from the audit console.
Full request lineage · agent input → context → tool calls → SKU sources → output
Model card · which model version, which prompt template, which checks fired
Operator action log · every lever change, with who, when, and projected impact
Tenant-level audit retention · configurable per regulatory requirement · 7-year default
PILLAR 04 · MODEL PROVENANCE
Grounded in the tenant's verified live catalog — never invented
The agent cannot invent products, prices, or claims. Every SKU returned
is constrained to the tenant's verified live catalog at the shopper's home store. Every
claim is grounded in source-attributed metadata. Zero hallucinated SKUs · zero
invented nutritional claims · zero phantom inventory.
SKU grounding · constrained generation · refuses to emit non-existent SKUs
Live-stock verified · only surfaces in-stock items at the shopper's home store
Source-attributed claims · every fact carries metadata back to the source
Continuous validation · adversarial harness re-tests safety filters daily
PILLAR 05 · PRIVACY
Shopper data minimized, redacted · never leaked, never trained on
A grocer's household data is the most sensitive asset on the table. AXP treats it as a
liability to minimize: PII is detected and redacted before it ever reaches a
model or a log, no shopper data trains a model, and every aggregate honors
opt-out. Mapped to NIST AI RMF and ISO 42001 — not a checkbox, a control.
Inbound + outbound filtering · a card number or PII pasted into chat is masked before the model or any log sees it · the agent never echoes it back · fail-closed (AIML-007)
PII / PCI detection · Luhn + format checks for cards & SSNs, NER for free-text PII · full card numbers (PAN) never logged (AIML-003 · PCI-DSS Req. 3)
No PII in training · data-classification + residency policy · shopper data never enters a training set (AIML-001 · ISO 42001 A.6)
Opt-out-aware + right-to-delete · aggregates exclude opted-out households · deletion gated on compliance-officer approval
Framework-mapped · NIST AI RMF MAP-1.1 / MANAGE-1.3 · ISO 42001 A.6–A.8 · OWASP LLM06 · privacy-officer review on every new data flow
PILLAR 06 · RESTRICTED & AGE-GATED ITEMS
Liquor, tobacco, pharmacy — gated end to end
Age-restricted and regulated SKUs — alcohol, tobacco/vape, pharmacy — carry
hard handling rules the agent enforces across the entire path: catalog →
recommendation → cart → fulfillment → payment. The agent won't
surface a restricted item to an unverified household, route it to an unlicensed courier,
or let it ride on an ineligible tender.
21+ age-gate · alcohol + tobacco require verified age before recommend or add-to-cart · ID check at handoff
Licensed-courier routing · only alcohol/pharmacy-handling couriers carry the order · unlicensed couriers flagged and excluded
Tender eligibility · SNAP/EBT auto-excludes alcohol + tobacco at checkout · never charged to an ineligible benefit
Per-state + local matrix · dry counties, blue-law hours, delivery bans · PACT Act for tobacco/vape shipping · per-tenant overlay
Restricted-class tagging · the catalog classifies age-restricted categories so the rule attaches at the SKU, not the UI · hard non-bypass (AIML-008)
GOVERNANCE · A DEDICATED SUBSYSTEM
Not a slide. A subsystem.
The governance pillars above are a dedicated subsystem inside Delectable AXP —
running alongside the commerce, content, advertising, and safety subsystems. The hard
rules execute in the same path as the agent — the agent literally cannot
bypass them because they're not a layer on top of inference, they're part of inference.
POLICY ENGINE
Hard-rule definitions · allergen, dietary, regulatory
PRE-EMIT VALIDATION
FDA · FTC · state checks · run before any output serves
AUDIT LEDGER
Full lineage · model card · operator action log
RECALL FEED
CDC/FDA recall ingestion · SKU removal in minutes
PII REDACTION
Detect + strip personal data · before model or log
RESTRICTED-ITEM GATE
Age-gate · licensed-courier + tender eligibility
14allergens
Hard filters · never overridden · pediatric + adult declared
0SKUs invented
Constrained generation · grounded in the tenant's verified live catalog
<5sec
"Why did the agent recommend this?" — answered from the audit console
Daily
Adversarial safety-filter re-validation · regression harness · audit-ready
0PII leaked
Detected + redacted before any model or log touches it · never used for training
21+ age-gate
Alcohol + tobacco gated recommend → handoff · licensed courier · SNAP-ineligible at tender