P‑AIProject‑AI
Doctrine · Iron Path

Containment is strictly faster than cognition.

10 doctrine points (constitutional principles) are enforced by 9 execution gates (the runtime sequence). No meaningful action runs in Project-AI unless every gate signs off first. Click a gate to see its invariant, its failure mode, and the source file in the repo that defines it.

Governance Contract · binding invariants

The Ten Points

Every governed execution must satisfy all ten. Violation forces HALT or ESCALATE — there is no pass-through mode.

contract
  1. point 01
    Admissible

    Every request must first be evaluated against the current governance configuration. Unevaluated requests are inadmissible.

  2. point 02
    Invariant-Preserving

    Execution proceeds only when all registered invariants are at or below WARN. BLOCK / HALT / ESCALATE stop execution unconditionally.

  3. point 03
    Continuity-Maintaining

    The governance state chain is hash-linked. Predecessor hash must match the current chain head; forks are rejected.

  4. point 04
    Cryptographically Bound

    Every authorization is signed. Every capability token is HMAC-authenticated. Every evidence bundle carries a content hash.

  5. point 05
    Auditable

    Every governed execution — ALLOW, DENY, DEGRADED, HALT, ESCALATE — produces an evidence bundle. No silent success or failure.

  6. point 06
    Authorized at Instance Level

    Type-level permits are not enough. Each execution instance needs a scoped, valid CapabilityToken naming the actor and operation.

  7. point 07
    Semantically Coherent

    Conflicts between concurrent decisions are detected before execution. Semantic collisions force adjudication, not first-write-wins.

  8. point 08
    Sovereign-Bound

    The Sovereign runtime holds non-bypassable enforcement: Iron Path, config snapshots, and audit blockchain are mandatory, not advisory.

  9. point 09
    Policy-Anchored

    Every binding decision reduces to a Codex-signed PolicyRecord. The kernel cannot author its own policy.

  10. point 10
    Deterministically Replayable

    Given the same inputs, configuration snapshot, and chain state, the kernel must produce the same outcome and the same hash.

Gate 03 · Authority

Capability Validation

gate

Reconstructs the authority chain from the action back to the constitution. No action may execute that cannot present a complete, signed authority path.

Inputs
  • Capability token
  • Authority chain
  • Constitutional anchor
Outputs
  • Verified capability
  • Footprint of required privileges
Failure mode

Broken authority chain → DENY with reason CAP_UNRESOLVABLE.