- Tractatus explores external governance—architectural boundaries operating outside the AI runtime that may be more resistant to adversarial manipulation than behavioral training alone. + Tractatus governance is woven into deployment architecture, not bolted on. Five principles guide how the framework evolves, maintains coherence, and resists bypass—making it structurally more difficult (though not impossible) to circumvent through prompting.
- The Challenge: + The Problem: Behavioral training can be manipulated through cleverly crafted prompts. AI governance based solely on internal reasoning is vulnerable to jailbreaks.
- Our Approach: External architectural enforcement that operates independently of the AI's internal reasoning—making it structurally more difficult (though not impossible) to bypass through prompting. + Our Approach: Architectural enforcement operating in the critical execution path—governance services validate every action before it executes, independent of the AI's internal reasoning.
+ These principles, adapted from Christopher Alexander's work on living systems, guide how Tractatus evolves and maintains coherence. They're not documentation—they're design criteria enforced architecturally. +
+Governance woven into deployment architecture, not bolted on
++ Tractatus governance services operate in the critical execution path—every action passes through validation before executing. This isn't monitoring after-the-fact, it's architectural enforcement that cannot be bypassed. +
+Example: PreToolUse Hook
++ When the AI attempts to edit a file, the PreToolUse hook intercepts before execution. BoundaryEnforcer, CrossReferenceValidator, and other services validate the action. If any service blocks, the edit never happens—architecturally impossible to bypass. +
++ Contrast: Bolt-on compliance systems monitor actions after they occur, creating separation between governance and execution. An AI agent could theoretically disable monitoring or exploit gaps. Tractatus eliminates that separation. +
+Coordinated governance, not isolated checks
++ The six governance services don't operate in silos—they coordinate through mutual validation. High context pressure intensifies boundary checking. Instruction persistence affects cross-reference validation. Service outputs feed into each other, creating resilience through redundancy. +
+Example: The 27027 Incident
++ AI attempted to use default database port despite HIGH persistence instruction specifying port 27027. InstructionPersistenceClassifier flagged the instruction. ContextPressureMonitor detected 53.5% pressure. CrossReferenceValidator caught the conflict. BoundaryEnforcer blocked the action. Four services working together prevented the error. +
++ Why it matters: Single service bypass doesn't compromise governance. An attacker would need to circumvent multiple coordinated services simultaneously—exponentially harder than defeating isolated checks. +
+Intensity levels, not yes/no switches
++ Governance operates on gradients: NORMAL → ELEVATED → HIGH → CRITICAL. Context pressure, security impact, and validation rigor all scale with intensity. This mirrors how living systems adapt—gradual responses, not mechanical on/off. +
+Example: Context Pressure Monitoring
++ At NORMAL pressure (0-25%), routine operations proceed smoothly. At ELEVATED (25-50%), validation becomes more thorough. At HIGH (50-75%), human review triggers more frequently. At CRITICAL (>75%), framework recommends session closedown. Graduated response prevents both alert fatigue and catastrophic failures. +
++ Contrast: Binary "allowed/blocked" systems create brittleness—either everything passes or nothing does. Gradients enable natural adaptation to varying risk levels. +
+Changes enhance without breaking
++ Framework changes must preserve wholeness—audit logs remain interpretable, decisions remain valid, institutional memory survives evolution. Version 4.2 logs are readable in version 4.4. Six-month-old audit decisions still make sense. Structure-preserving transformations maintain coherence across time. +
+Example: Adding Framework Fade Detection
++ When inst_064 (framework fade detection) was added, it monitored all six services without changing their core definitions. Pre-existing audit logs remained valid. Service behavior evolved, but historical decisions stayed interpretable. Enhancement without fracture. +
++ Regulatory advantage: Regulators need stable audit trails. Structure-preserving evolution lets the framework adapt while maintaining compliance continuity—no need to re-interpret old decisions every version. +
+Grows from real failures, not theory
++ Framework changes emerge from observed reality, not predetermined plans. When services went unused, we added fade detection. When selective verification reduced noise, we evolved triggering criteria. Real operational experience drives evolution—no building solutions to theoretical problems. +
+Example: MetacognitiveVerifier Selective Mode
++ Audit logs showed MetacognitiveVerifier activating on trivial operations, creating noise. Rather than theorize about thresholds, we analyzed real trigger patterns. Selective mode emerged from data—verify only complex operations (3+ file modifications, 5+ sequential steps). Performance improved based on evidence, not guesswork. +
++ Contrast: Over-engineered systems solve imagined problems. Living process builds only what reality proves necessary—lean, effective, grounded in operational truth. +
++ These principles aren't independent—they form an interlocking pattern. Not-separateness requires deep interlock between services. Gradients enable natural adaptation. Living process drives changes that must be structure-preserving to maintain wholeness. +
+Not-Separateness (governance in critical path)
+↓ requires
+Deep Interlock (services coordinate)
+↓ enables
+Gradients (nuanced responses)
+↓ guided by
+Living Process (evidence-based evolution)
+↓ constrained by
+Structure-Preserving (audit continuity)
+↓
+System Wholeness
++ These services implement the five principles in practice. Each service embodies not-separateness (operating in the critical path), deep interlock (coordinating with others), and gradients (intensity-based responses). +
+