Safety Rules
Honesty is the product’s core promise. A measurement-led system that escalates on thin evidence, or punishes a child for a plan that was never delivered, loses the teacher’s trust. Amal wraps the entire loop in a layer of safety rules that no single decision can bypass.
The five GSR global safety rules
Every progress-monitoring decision (in CBM, RTI, the bundle catalog, and the dashboard) inherits these five rules:
| Rule | Guarantee |
|---|---|
| GSR-01 | Insufficient evidence / Tie Rule. When evidence is split or too thin, halt and emit do_not_decide_yet rather than guess. |
| GSR-02 | Acute regression. A drop of ≥20% across two comparable sessions triggers an Immediate Review, never an automatic fail. |
| GSR-03 | Benchmarks only at review windows. Benchmark comparisons are made at defined review points, not on every probe. |
| GSR-04 | Comparable-data guardrail. Only sessions measured on the same yardstick are compared. |
| GSR-05 | No single-point decision. No status changes on one data point alone. |
GSR-02 never auto-fails a student. A sharp drop raises a flag for a teacher to look at. It is a signal to investigate, not a verdict. The point is to bring a human in, not to push a child down a tier automatically.
The fidelity gate
Before a plan can be judged “not working,” Amal asks whether it was actually delivered. The fidelity gate distinguishes two very different verdicts:
| Fidelity | Verdict |
|---|---|
| ≥ 80% | The plan was delivered. If the student isn’t responding, the plan itself needs adjusting. |
| < 80% | The plan wasn’t delivered, which is a different problem entirely. You can’t conclude the support failed. |
The fidelity gate blocks false escalation. Without it, a plan that was never really taught would look like a plan that failed, and the child might be moved to a more intensive tier for no reason. Low fidelity points at delivery, not at the student.
Teacher decides; growth language only (V-12)
The teacher decides at every step (V-12). The system proposes and explains the why; the teacher approves, changes, or overrides. Three mechanisms keep this safe:
- Override-code dropdowns, no free text. Every override is recorded against a closed catalog of reason codes. There is never a free-text box about a student.
- Context flags from a closed dictionary. Teachers add context only through a controlled set of flag IDs, never typed notes about a child.
- Growth language only. No framework or clinical labels appear in any user-facing copy. Status is described in growth terms, stricter still for parents.
The structural backstops
Three platform-level guarantees sit under everything:
- Tenant isolation. Every tenant-scoped row carries an
organizationId; queries filter by it automatically, and cross-organization access is reported as404. - Append-only audit. Measurement-relevant tables are never edited or deleted in place; corrections are new rows, so the record stays replayable (V-6).
- The System QA Checks registry. A cross-cutting registry of safety checks runs as the backstop (data sufficiency, acute-regression review, bulk-activation safety, scaffold-tier scoping, sensitive-language blocks, and more), so a rule that one module forgot is still caught centrally.
Where to go next
- Progress Monitoring guide: the GSR rules in operation.
- RTI Decisions guide: tier movement and the fidelity gate.
- Language Safety guide: the substring filter, parent-stricter tier, and context-flag dictionary.
- System QA Checks guide: the cross-cutting registry that backstops these rules.
- Standards & Benchmarks guide: where the benchmark comparisons in GSR-03 come from.
- Glossary: GSR, fidelity, acute regression, context flag, override-code catalog defined.