What is Drift Detection?
Drift Detection identifies when the current state of a governed system differs from its approved baseline. Drift triggers enforcement actions defined in the policy artifact.
Types of Drift
- ■Integrity Drift: File hash, configuration, or model weights differ from baseline
- ■Telemetry Drift: Operational metrics outside defined thresholds or ranges
- ■Temporal Drift: Policy TTL expired or timestamps outside valid window
- ■Behavioral Drift: System behavior patterns deviating from expected norms
Why It Matters
Drift detection transforms governance from a point-in-time check to continuous monitoring. Without it, a system approved at deployment could change arbitrarily without notice.
Each drift event produces an enforcement receipt, creating an audit trail of when deviations occurred and how the system responded.
Detection Flow
┌────────────────────────────────────────┐ │ Measurement Cycle │ ├────────────────────────────────────────┤ │ │ │ 1. Compute current state hash │ │ ↓ │ │ 2. Compare to policy baseline │ │ ↓ │ │ 3. If match → MEASUREMENT_OK │ │ If differ → DRIFT_DETECTED │ │ ↓ │ │ 4. Emit enforcement receipt │ │ ↓ │ │ 5. Execute enforcement action │ │ │ └────────────────────────────────────────┘ Reason codes: HASH_MISMATCH_FILE HASH_MISMATCH_CONFIG THRESHOLD_EXCEEDED TTL_EXPIRED