A sovereign constitutional AGI ecosystem with a control-theoretic, kernel-authoritative governance loop. Every model action lowers to a syscall. Every syscall passes through a deterministic invariant gate. Every decision is sealed, attested, and reversible.
Every other layer of the alignment stack — RLHF, constitution prompts, reflection — runs inside the model's privilege domain. Project-AI relocates the governance loop to a layer the model can never reach: the operating system kernel.
eBPF programs intercept the syscall surface. A control-theoretic loop continuously samples error between observed and policy-permitted state. Decisions are sealed into the Constitutional Code Store with rolling cryptographic attestation.
eBPF programs attached to LSM and tracepoint hooks. Zero-copy decision path; sub-millisecond verdicts.
The Open Constraint Enforcement Engine compiles constitutional invariants to deterministic checks. [OCEE]
Closed-loop controller: observe → compare to policy → act → seal. Reflexive re-arming on violation.
Asymmetric Resilience Layer + Native Immune Reflex Layer — make exploitation structurally unfinishable.
Architect / Guardian / Operator agents in mutual check. No unilateral writes to the constitution.
Append-only, cryptographically chained record of every governed decision. Audit is a primitive, not a feature.
Each of these papers underwrites a specific layer of the architecture above.
The original specification. Defines the substrate, the loop, and the invariant contract.
Whole-system view: the relationship between Project-AI, Cerberus, Triumvirate, the Code Store, and YGGDRASIL.
The TARL/NIRL layer. Why every successful exploit must complete an exponentially growing chain of conditions.
Formal technical specification for deterministic AI governance. The hard rail beneath every governed action.