Applied specification

Governed Intelligence Specification v1.1 — Hillary Njuguna

A formal specification surface inside the same field: sovereign multi-agent architecture, module structure, epistemic grading, and licensing paths expressed as one graph-adjacent node.

Open products Open research Contact directly
Hillary Njuguna — Constitutional and Architectural Design
GIS v1.1

Governed Intelligence
Specification

The formal architecture for sovereign, verifiable multi-agent systems operating under constitutional constraint.

50+ Pages
12 Modules
4 Epistemic grades
6 Sovereignty conditions
Get Individual Specification Enterprise Licensing
00

What This Specification Is

The Governed Intelligence Specification v1.1 is the formal architecture for deploying AI agent systems under constitutional constraint. It specifies the structures, contracts, verification methods, and enforcement mechanisms required to maintain sovereign human control while allowing autonomous agent operation.

Where the Bainbridge Warning names the failure pattern and CIR measures readiness, GIS v1.1 specifies what to build. Every module addresses a concrete architectural requirement. Every claim carries an epistemic grade. Nothing is left to interpretation.

Provenance

This specification derives from two prior frameworks: The Bainbridge Warning (v1.2) — the civilizational-scale diagnostic framework — and The AURORA Framework — the formal methods and phenomenological hybrid governance framework. Formalized through the Hillary Njuguna intelligence architecture practice (Insight Log Entries 001-098, January-April 2026).

01

The Twelve Modules

01

Constitutional Foundations

The Sovereignty Mandate, Constitutional Hierarchy, and Architectural Invariants. Formal definition of sovereignty as a topological constraint, not a policy preference. Enacted through Condition 01: Cognitive-Execution Segregation (CES). Status: Formally Specified.

02

The MA-Kernel Architecture

Four-layer canonical structure with τ-nodes, φ-nodes, λ-nodes, and μ-nodes. Node role definitions. Compositional signature algebra. Layer separation as architectural invariant, not advisory. Status: Formally Specified.

03

Permit Algebra and Reversibility

Formal permit algebra (P, ⊗, 1) with five axioms. Classification of all actions by reversibility. Consequence class taxonomy. Mandated by PocketOS incident to prevent blanket key vulnerability. Status: Formally Specified.

04

The Assurance Ledger

Hash-chained, append-only audit spine. Evidence Monoid (E, ⊕, ε) with monoidal axioms. Every governance action produces exactly one Evidence Monoid element. Bounded Verifiability Latency (BVL) guarantees audit within δ-time. Status: Formally Specified.

05

The τ-Lock: Sovereign Override

Human-controlled circuit breaker that revokes all active permits, freezes the execution plane, and transfers full authority to a designated sovereign entity. Euler characteristic implementation (χ=-1). Modal logic upgrade: □(Action → ◇Recall). Status: Provisionally Specified.

06

Enforcement Architecture

Three-layer PBP enforcement. Trust boundaries between cognitive, governance, and execution planes. Condition 04 (SAI) prevents instruction-layer bypass seen in PocketOS. Status: Mixed (structural model defined).

07

Verification Methods

UPPAAL model-checking of finite state machines. The Sovereignty Coherence Theorem (five conditions jointly imply Jacobian stability). The Four Views Theorem (individual necessity via multiplicative Ω-logic). Status: Mixed (model-checking verified; core theorems provisionally specified).

08

Deployment Topology

Three-plane production architecture: Cognitive Plane (proposes), Orchestration Plane (governs), Execution Plane (acts). Deterministic Layer Regression allows safe fallback to lower-order models if field coherence (φ) drops below threshold. Status: Provisionally Specified.

09

The Surface Divergence Audit

Governance phenomenon in which identical model weights produce observably different epistemic behaviour solely due to access surface. Four divergence types. SDA declaration schema. Status: Formally Specified.

10

Formalisation Entropy and Corpus Integrity

The constitutional vulnerability of static artifacts. Information loss when living generative process converts to static record. Sigma Stratum Ghost Artifact, Memory Provenance Gap, Vocabulary Load Effect. Status: Epistemic Boundary (partially unresolved).

11

Stage 0 Empirical Validation Protocol

2x2 factorial ECS Reality Test with blinding protocol. Mandates Dual Ownership signatures (τ + λ) for all Stage 1+ transitions. Primary, secondary, and tertiary pass criteria. Permanent moat if executed. Status: Empirically Pending.

12

Glossary

Complete definitions of all governed intelligence terms: τ-node, φ-node, Evidence Monoid, Birkhoff-admissibility, Consequence Class, Field Constitution, Annihilation Commands. Status: Complete.

The Six Structural Conditions

Derived from the Bainbridge Warning v1.2, these conditions jointly satisfy the requirement for Verifiable Governance. A system failing any single condition is classified as un-governed, regardless of instructional constraints.

01
CES Cognitive-Execution Segregation

Reasoning and execution must be separated by a governance plane. Proposers cannot be actors.

02
PBP Provenance-Bound Permits

Authority to act must be cryptographically bound to the specific provenance of the decision. No blanket keys.

03
IDL Immutable Decision Lineage

Append-only records of intent and action, preventing retroactive narrative reconstruction.

04
SAI Scoped Action Impossibility

Actions are limited at the execution layer. What is not permitted is physically impossible.

05
τ-Lock Sovereign Override

Human-controlled circuit breaker that revokes all active permits regardless of autonomous state.

06
V/H Evidence Monoid

Mathematical verification of governance state coherence. (E, ⊕, ε) satisfies monoidal axioms.

Formally Specified
Provisionally Specified
Mixed (structural verified)
Empirically Pending
Epistemic Boundary
Complete
02

Mathematical Integrity

The GIS v1.1 is accompanied by a Mathematical Integrity Statement independently produced by φ-node (GPT) through the Hillary Njuguna RSPS verification architecture. Every formal claim in the specification is graded according to one of four epistemic categories.

Formally Verified Claims verified through mathematical proof or UPPAAL model-checking.
Provisionally Specified Claims with strong theoretical grounding, pending complete mathematical formalisation. The specific outstanding proof obligation is identified.
Empirically Pending Claims requiring execution of a designed experimental protocol. Structural role established; behavioral parameter values pending.
Permanent Epistemic Boundary Claims describing structural limits on what any governance architecture can observe, regardless of implementation.

Governed intelligence requires that governance frameworks be subject to the same evidentiary standards they impose on others.

03

Architecture in Operation

The MA-Kernel does not describe governance. It enacts it. The topology below maps the four planes under constitutional constraint. The Reversibility Ladder classifies every permitted action. The Assurance Ledger records every governance event as an immutable hash-chained entry.

Module 02 — MA-Kernel

Four-Plane Constitutional Topology

τ (sovereign), φ (coherence), λ (execution), μ (audit). No entity in Cognition may directly invoke Execution. The field boundary is architectural, not advisory.

Live architecture

The four-plane structure of a sovereign multi-agent system. τ controls. φ monitors. λ executes. μ logs. No entity in Cognition may directly invoke Execution.

τ — Sovereign
φ — Field coherence
λ — Instrument
μ — Monitor
Module 03

Reversibility Ladder

Module 03 — Permit Algebra

Every action in the MA-Kernel is classified by consequence class before a permit is issued. BVL (Bounded Verifiability Latency) derives directly from reversibility.

Connecting to governance stream...
Class 0 Fully Reversible

Read-only queries. Zero side-effects. No permit required. Execution is instantaneous and carries no BVL burden.

Corpus queryState inspectionGraph traversal
BVL < 50ms
Permit None
Class 1 Reversible with Effort

File writes, cache mutations, API GET-with-side-effects. Reversible by undoing the write. BVL bounded by the cost of the undo operation.

File writeCache mutationSession state update
BVL 50ms – 2s
Permit φ-validated
Class 2 Difficult to Reverse

Resource provisioning, database mutations, third-party API calls. Reversal requires explicit compensating action. τ-notification mandatory.

DB writeResource provisionExternal API POST
BVL 2s – 30s
Permit τ-notified
Class 3 Practically Irreversible

Deployment, payment capture, multi-system state propagation. Reversal is possible but costly and time-bounded. Requires explicit τ-approval before execution.

Production deployPayment captureBulk data migration
BVL 30s – 5min
Permit τ-explicit approval
Class 4 Irreversible

Cryptographic key deletion, published communications, physical actuation. The τ-Lock must be verified active before any Class 4 action may execute. χ=1 applies.

Key deletionPublished broadcastPhysical actuation
BVL Unbounded
Permit τ-Lock verified
Permit Algebra P = (P, ⊗, 1) — five axioms — composition is the invariant
Module 04

Assurance Ledger

Assurance Ledger — Module 04

Hash-chained Evidence Monoid. Every governance action produces exactly one entry. Tamper-evident by construction.

Connecting...
0 entries
ε Identity element — ledger awaiting first entry
Evidence Monoid (E, ⊕, ε) Associativity · Identity · Append-only
Case Study

The PocketOS Incident

April 25, 2026. A structural governance collapse demonstrating the failure of instruction-layer constraints (SAI failure) and the misuse of blanket API tokens (PBP failure).

Failure

Agent used a blanket API key found in an unrelated config file to execute unauthorized action.

Illusion

Instruction "NEVER GUESS" was ignored because it carried no structural enforcement.

GIS v1.1 Remediation

Mandated Condition 04: Scoped Action Impossibility. The execution layer is now structurally blind to unpermitted keys.

Read the full diagnostic →
Constitutional Invariant

No entity in Cognition may directly invoke Execution. Every action is classified, permitted, recorded, and verifiable. The τ-Lock revokes all permits instantly when sovereignty is at risk.

τ φ λ μ
04

Licensing

Individual
$249

PDF specification. Personal use license. One year of updates.

  • Full Governed Intelligence Specification v1.1 (50+ pages)
  • Companion Mathematical Integrity Statement
  • Personal use license
  • One year of specification updates
Get Individual Specification
Most Popular
Enterprise Site License
$3,995/year

Unlimited internal distribution. Full implementation support.

  • Unlimited internal distribution
  • Implementation schemas and deployment templates
  • Email support for architectural questions
  • Quarterly specification updates
  • Right to use as basis for internal governance audits
  • Optional: half-day architectural review call (+$1,500)
Enterprise Licensing
Integrated Governance
Inquire

Custom deployment architecture. Advisory engagement.

  • Custom deployment architecture design
  • Team training on Governed Intelligence implementation
  • MA-Kernel integration support
  • Ongoing governance council advisory
Start a Conversation