This repository documents a research prototype for a safety control layer for AI systems—not a finished product, production deployment, or operational authorization.
The goal is NOT to improve general performance, but to:
- Prevent critical failures under degraded conditions
- Maintain correct behavior when observations are unreliable
VECTOR work is organized in staged layers. Each stage addresses a different question; later stages do not replace earlier freeze authority.
| Stage | Focus |
|---|---|
| Stage 1 | Baseline and failure surface — where the system fails under stress |
| Stage 2 | Delay-robust observer and temporal coherence — observation lag and estimation behavior |
| Stage 3 | Deterministic replay freeze — fixture-scoped offline validation and pinned evidence |
| Stage 4 | Runtime governance exploratory layer — specification, mechanical validation, and reading posture on branch stage4-runtime-governance |
Authority separation: Stage 3 remains the frozen deterministic replay reference. Stage 4 does not supersede Stage 3, and Stage 4 does not inherit Stage 3 freeze status by default.
Freeze-phase navigation only: structure and document entry points, bounded to the current freeze candidate.
- Guard
- RiskModel
- Gate
- Replay / Predict boundaries
- Adaptive Decay research stages
Reference: [[VECTOR_RUNTIME_GOVERNANCE_EVOLUTION_INDEX]]
- manifest validation
- replay taxonomy
- bundle verification
- stable replay reporting
- minimal executable reference verifier
Reference: [[STAGE3_DOCUMENT_INDEX]]
- current verifier is digest-only
- promotion is not approved
- Stage 3 v2 is freeze candidate state
- deterministic replay stability is prioritized before widening verification scope
Stage 3 is a frozen implementation-validation surface: scope is bounded to deterministic replay, pinned fixtures, and recorded validation evidence—not open-ended product iteration on this track.
What this freeze is not: production readiness, a safety proof, or a generalization proof across unseen workloads.
Suggested reading order (first-time repository readers)
STAGE3_FREEZE_SUMMARY.md— freeze scope, non-claims, and current positionSTAGE3_ARCHITECTURE_NAVIGATION.md— layer map and document entry pointsSTAGE3_COMPLETION_CANDIDATE_CRITERIA.md— completion-candidate gates and explicit boundariesSTAGE3_FREEZE_COMPLETION_NOTE.md— handoff posture and freeze completion record
Evidence themes on this surface
- Replay reproducibility — fixture-scoped outcomes repeatable under declared binding and comparison rules
- Adversarial reruns — negative fixtures and regression matrix rows exercised on reruns, not one-off passes
- Parity validation — alignment intent documented and bounded; execution scope stated per linked parity notes
- Governance replay stability — manifests, bundles, and stable replay narration held consistent across reruns
- Evaluator boundary stability — validator contracts, taxonomy, and regression summaries pinned before scope widening
Track separation: future runtime governance work and unseen generalization studies should proceed on separate branches or documentation tracks so they do not silently widen the frozen Stage 3 validation surface.
Stage 4 is the runtime governance exploratory layer: candidate review, mechanical validation on notes/04 VECTOR/, and archived evidence under validation_artifacts/stage4/. It is not shipped enforcement, not production readiness, and not deployment approval. Stage 3 remains the frozen validation reference for deterministic replay, pinned fixtures, and regression evidence; Stage 4 must not be read as widening that surface.
On branch stage4-runtime-governance, the current exploratory validation series is complete and the architectural reading posture is frozen—a documentation and evidence snapshot, not a production system or operational authorization.
| Milestone item | Record |
|---|---|
| Validation artifact chain (P1 → P2 → campaign → P3 → P4) | STAGE4_VALIDATION_SERIES_COMPLETION_NOTE.md (33d63c1) |
| P4 replay authority non-collapse artifact | validation_artifacts/stage4/validation_reports/replay_authority_non_collapse_20260525T122754Z.json (5c26ea5) |
| Validation artifact tracking (tracked vs local subset) | STAGE4_VALIDATION_ARTIFACT_TRACKING_NOTE_2026-05-25.md (baa52b4) |
| Runtime governance reading freeze | STAGE4_RUNTIME_GOVERNANCE_FREEZE.md (e0ea7d0) |
What this milestone is: citable mechanical checks and pinned JSON on the exploratory branch, plus a stable canonical reading posture for Stage 4 runtime governance semantics (observer-aware layer, gate contracts, non-collapse boundaries).
What it is not: governance closure, merge or release authorization, Stage 3 replay proof on pins, or a claim that Stage 4 supersedes Stage 3.
Exploratory runtime ↔ replay supplement on the Stage 4 branch—not Stage 3 replay authority, not shipped enforcement.
| Item | Record |
|---|---|
| Runtime ↔ Replay Bridge MVP | governance/runtime_replay_bridge/ |
| ConsistencyReport JSON export | tools/stage4_validation/write_runtime_replay_report.py |
| Batch runtime replay validation | tools/stage4_validation/write_runtime_replay_report_batch.py |
| Batch summary artifact | validation_artifacts/stage4/runtime_replay_reports/runtime_replay_summary_20260526.json |
First batch snapshot (2026-05-26): total_reports=1, reconciled=1, divergent=0, bridge_ineligible=0.
Architecture entry points
STAGE4_ARCHITECTURE_SUMMARY.md— architecture summary and layer boundariesSTAGE4_FREEZE_CANDIDATE_NOTE.md— freeze-candidate scope and non-claimsSTAGE4_SEMANTIC_INVARIANTS.md— semantic invariants for runtime governance reviewSTAGE4_DOCUMENT_INDEX.md— document rollup and cross-links
Stage 3 specifies a replay-visible governance architecture: governance-relevant claims are reasoned against deterministic replay outcomes, structured validator semantics, and explicit boundaries between offline verification, parity intent, authenticity, and live runtime. The design treats deterministic replay as the central invariant—under declared fixtures, binding, schema versions, and comparison rules, outcomes must be reproducible within the stated offline replay model. Replay-visible semantics make governance arguments traceable to replay-visible records (manifests, bundles, stable replay logs, structured validator results); conclusions that cannot be so tied do not pass the evidence gate in the governed conformance workflow. Temporal consistency is maintained by versioning and explicit reinterpretation rules so that widening verification or coupling does not silently change prior pass/fail meaning.
Controlled integration widens scope only through documented gates: parity alignment, authenticity, and runtime coupling are separated so that digest-level checks, cross-stack parity intent, and live inference are not conflated. Disagreement classification assigns structured categories to divergent outcomes or interpretations; the evidence gate admits only claims supported by replay-linked artifacts and stated comparison rules. A runtime observability boundary separates fixture-scoped deterministic replay from live governance inference; on the Stage 3 freeze surface, a full runtime bridge is planned but not implemented—no shipped path asserts continuous runtime-to-replay enforcement from this baseline (see Runtime replay validation MVP (supplement) for the Stage 4 exploratory bridge MVP, which does not supersede Stage 3).
Architecture outline
| Layer | Role |
|---|---|
| Replay Foundation | Fixtures, manifests, bundle layout, stable replay narration, and serialization-sensitive evaluation that ground offline, fixture-scoped replay. |
| Boundary Architecture | Separation of digest integrity, parity intent, authenticity, and runtime interpretation. |
| Governance Architecture | Validator contracts, taxonomies, structured outcomes, escalation policy, evidence gate, and conformance-oriented reporting in replay-visible terms. |
| Controlled Integration | Explicit process for widening verification, parity lifecycle alignment, and runtime coupling without implicit scope merge. |
Current non-claims (explicit)
This README does not assert production deployment, operational enforcement, cryptographic trust roots, full cross-environment parity execution, or completeness of any subsystem beyond what linked notes state under their own scope.
Full layer map and document entry points: notes/04 VECTOR/STAGE3_ARCHITECTURE_INDEX.md.
- Parity harness: not implemented (alignment is documented; execution is not asserted).
- Runtime bridge (Stage 3 freeze surface): not implemented (planning boundary only; Stage 4 supplement MVP is separate—see above).
- Cryptographic authenticity: not implemented (digest-level integrity is distinguished from signature-based authenticity in the corpus).
- Production equivalence: not claimed.
- Deployment approval: not claimed.
Stage 3 regression summaries (stage3_regression_summary.json) are checked by a bounded contract validator (scripts/validate_stage3_summary_contract.py) after the regression matrix emits rollup output. The gate verifies declared structure and rollup consistency within scope; it does not assert production deployment, cryptographic trust, or completeness beyond the pinned contract.
schema_versionandcontract_versionare pinned (1.0.0andstage3-v1) in the summary artifact and enforced by the validator; mismatches fail before rollup semantics are evaluated.- A JSON Schema at
schemas/stage3_summary.schema.json(draft-07) documents required fields, types,additionalProperties: false, and const bindings for the version fields. - When the optional
jsonschemapackage is installed, the validator validates the summary instance against that schema; when it is absent, structural and semantic checks still run and schema validation is reported as skipped—not as a contract failure. - Required companion artifacts (
stage3_regression_output.txt,schemas/stage3_summary.schema.jsonrelative to the summary path) must be present before field-level and semantic validation; missing files yieldMISSING_COMPANION_ARTIFACT. - SHA-256 artifact metadata: On validation, the contract gate emits lowercase hex SHA-256 digests over raw file bytes for the bounded regression surface:
summary_sha256,output_sha256,schema_sha256, andvalidator_sha256(summary JSON, companion output trace, pinned JSON Schema, and the validator script at validation time). hash_metadata_statusiscompletewhen all four digests are present, orpartialwhen one or more targets were missing or unreadable; partial metadata does not replace existing companion failure codes.- Digests are reproducibility evidence only—they help reviewers and automation compare a run’s artifacts to a prior recorded baseline. They are not signing, not remote attestation, and not a tamper-proof guarantee; hash emission does not establish trust or provenance beyond byte identity of the pinned targets.
Stage 4 extends the corpus as a governance candidate review architecture (統治候補のレビュー・アーキテクチャ): it organizes how candidate governance claims are prepared, cross-referenced, and reviewed against replay-visible evidence (replay可視の証拠) and stated comparison rules. The Stage 4 document set refines entry points, glossaries, and cross-links so arguments remain auditable without widening implicit verification scope. Stage 4 is specification and review structure for candidates—not a claim of implementation completion (実装完了を主張しない); it does not assert production rollout, deployment approval, or finished subsystems beyond what each linked note states under its own scope. For the completed validation chain, P4 artifact, tracking snapshot, and reading freeze, see Stage 4 — Runtime governance (exploratory) above.
Deterministic replay (決定論的リプレイ) remains the central invariant: under declared fixtures, binding, schema versions, and comparison rules, outcomes in the offline replay model must be reproducible as stated. Replay-visible evidence carries evidence authority (証拠の権威): governance conclusions are grounded in artifacts and narration that replay can surface; claims that cannot meet the evidence gate (証拠ゲート) do not advance in the conformance workflow (適合性ワークフロー). Disagreement classification (差異分類) assigns structured categories when outcomes or interpretations diverge. Controlled integration (制御された統合) widens coupling only through explicit gates so digest checks, parity intent, authenticity, and live interpretation are not conflated. A runtime bridge (ランタイム・ブリッジ) remains a bounded planning construct—separating fixture-scoped replay from live governance inference—without asserting continuous runtime-to-replay enforcement from this baseline.
References
- Stage 4 index:
notes/04 VECTOR/STAGE4_DOCUMENT_INDEX.md - Replay-visible glossary:
notes/04 VECTOR/REPLAY_VISIBLE_GLOSSARY.md - Cross-reference map:
notes/04 VECTOR/STAGE4_CROSS_REFERENCE_MAP.md
Concise map of the current VECTOR governance and Stage 3 verification corpus under notes/04 VECTOR/. Promotion and production readiness are not claimed unless a linked note states otherwise.
GOVERNANCE_CORPUS_COMPLETION_NOTE.md— how concept notes fit together; replay-centered posture and non-collapse rules.GOVERNANCE_SCOPE_CONCEPT.md,GOVERNANCE_SEMANTIC_LAYERING_CONCEPT.md,GOVERNANCE_CONSTRAINT_FLOW_CONCEPT.md— scope planes, layering, and constraint direction between layers.GOVERNANCE_BRIDGE_ADMISSION_CONCEPT.md,GOVERNANCE_EVIDENCE_GATE_CONCEPT.md— runtime-to-governance admission vs evidence eligibility.GOVERNANCE_REPLAY_VISIBILITY_CONCEPT.md,GOVERNANCE_DETERMINISTIC_REPLAY_INVARIANT_CONCEPT.md— replay-visible semantics and the replay-grounding floor.GOVERNANCE_AUTHORITY_CONCEPT.md,GOVERNANCE_AUTHORITY_COORDINATION_CONCEPT.md— authority boundaries and coordination without truth substitution.GOVERNANCE_REVISION_CONCEPT.md,GOVERNANCE_TRANSITION_CONCEPT.md,GOVERNANCE_TYPE_PROMOTION_CONCEPT.md— revision, transitions, and governed semantic strengthening.REPLAY_GOVERNANCE_OVERVIEW.md— research overview tying replay, evidence, and temporal consistency.CURRENT_STATE.md— live project phase, completed work, and next tasks.
STAGE3_ARCHITECTURE_INDEX.md— layer-organized Stage 3 map (replay foundation → boundaries → governance → controlled integration).STAGE3_DOCUMENT_INDEX.md— freeze-phase document rollup and validator/replay spec entry points.REPLAY_VISIBLE_GLOSSARY.md— shared Stage 3 / Stage 4 terminology.STAGE3_STABLE_REPLAY_LOG_SCHEMA.md,STAGE3_GOVERNANCE_BUNDLE_SPEC.md,STAGE3_VECTOR_BUNDLE_DIRECTORY_SCHEMA.md— replay log, bundle shape, and directory layout.STAGE3_CONFORMANCE_WORKFLOW.md,STAGE3_DISAGREEMENT_ESCALATION_POLICY.md— conformance gates and disagreement handling in replay-visible terms.REPLAY_BUNDLE_SCHEMA_CONCEPT.md,EVIDENCE_MANIFEST_CONCEPT.md— bundle and manifest semantics upstream of Stage 3 specs.STAGE_D_REPLAY_CONTRACT_PRECHECK.md— runtime replay-contract primitives (snapshot,reset, logging) feeding offline verification.STAGE3_FREEZE_NAVIGATION_INDEX.md,STAGE3_VALIDATOR_REGRESSION_SNAPSHOT_2026-05-13.md— freeze checkpoints and pinned PASS/FAIL evidence tables.
STAGE3_REGRESSION_MATRIX_PLAN.md— matrix purpose, Surface A/B row categories, and comparison rules.stage3_regression_matrix_v1.json— machine-readable expected outcomes catalog for local and CI runners.scripts/run_stage3_regression_matrix.py— unified matrix runner (manifest + digest bundle surfaces).scripts/validate_stage3_manifest.py— Surface A manifest structural validation.scripts/stage3_v2_reference_verify.py— Surface B digest-only reference verifier (bounded scope per freeze candidate note).STAGE3_FIXTURE_INVENTORY_MAP.md,STAGE3_FIXTURE_MANIFEST_SPEC.md— fixture inventory and manifest rules; companionSTAGE3_FIXTURE_MANIFEST_*.jsonundernotes/04 VECTOR/.stage3_validator_v2_bundle/— golden digest bundle;stage3_surface_b_negative_bundles/— negative Surface B fixtures.STAGE3_SURFACE_B_NEGATIVE_FIXTURE_PLAN.md,STAGE3_V2_MINIMAL_VERIFIER_FREEZE_CANDIDATE.md— negative-case plan and minimal verifier freeze scope.
.github/workflows/stage3-regression.yml— GitHub Actions workflow running the Stage 3 regression matrix on push/PR.stage3_regression_summary.json— local/CI matrix summary output (row counts and pass/fail rollup).STAGE3_CI_REGRESSION_BASELINE_PASS_NOTE.md— first successful CI baseline and Surface A/B row coverage.STAGE3_VALIDATOR_RESULT_SCHEMA.md,STAGE3_MACHINE_READABLE_REPORT_SCHEMA.md— structured validator output and audit-oriented report shapes.STAGE3_MANIFEST_VALIDATOR_SPEC.md,STAGE3_VALIDATOR_TAXONOMY_SUMMARY.md— normative validation rules and failure taxonomy for tooling alignment.- CI workflow uploads
stage3-regression-outputartifacts (stage3_regression_output.txt,stage3_regression_summary.json) for hosted run inspection.
Research-oriented middleware that ties governance decisions to observer signals. The design targets bounded state, deterministic scripted inputs, and replayable CSV-backed evaluation rather than open-ended autonomy.
Core runtime concepts
observer_gap— mismatch between trusted and observed state used as a risk inputobserver_distrust— accumulated skepticism toward the observer under sustained divergencep_fail— scalar failure probability from the risk modelescalation— tightening of gate posture (e.g. ALLOW → THROTTLE → BLOCK) as risk risesrecovery— decay of distrust / risk after clean observations
Observed behaviors (evaluation harness; scenario-bounded)
- Hostile distrust accumulation under adversarial gap sequences
- False escalation resistance under moderate, non-hostile oscillation
- Recovery convergence after hostile bursts
- Replayable evaluation evidence via scripted trajectories and emitted reports
Representative metrics (current harness; scenario-specific, not a universal guarantee)
| Metric | Value |
|---|---|
| hostile distrust growth | 0.4 |
| false_escalation_rate | 0.0 |
| recovered_to_zero | True |
| recovery_steps_to_zero | 5 |
Architecture separation
- Guard — orchestration, state accumulation, and escalation policy wiring
- RiskModel —
p_failcomputation only
Current philosophy
Small, stable, measurable, bounded, replayable.
Under scripted evaluation harnesses, the AI_Lab runtime governance research prototype has been exercised for:
- observer-aware runtime evaluation
- spoofed observation detection
- delayed observation escalation
- repeated adversarial behavior tracking
- adaptive trust-aware governance
- ALLOW -> THROTTLE -> BLOCK escalation
The project combines:
- payload-aware governance
- state-aware governance
- observer-aware governance
- adaptive runtime governance
Key behaviors include:
- confidence collapse detection
- runtime distrust accumulation
- adaptive risk escalation
- recovery-aware risk reduction
This project is not focused on improving raw model intelligence.
Instead, it focuses on: safe runtime behavior, explainable execution control, and reproducible governance evaluation under declared scenarios.
These behaviors are scenario-bounded research evidence, not production readiness, deployment approval, or guarantees across unseen workloads.
Input Request ↓ Request Adapter ↓ Observer State (observer_gap / estimation_gap) ↓ Risk Model (base risk + observer penalty) ↓ Constraint Engine ↓ Gate (ALLOW / THROTTLE / BLOCK) ↓ Chronicle Logs ↓ Evaluation Pipeline ↓ Visualization
The runtime governance layer evaluates:
- payload conditions
- observer divergence
- delayed observations
- trust degradation
- adaptive escalation behavior
Observer divergence is now treated as actionable runtime risk.
Observed under current unit tests (not a production sign-off or deployment approval):
- observer_gap increases runtime risk (p_fail) in pinned scenarios
- escalation ordering is monotonic in pinned scenarios
- observer-aware governance behavior is reproducibly testable via pytest
Pytest coverage:
- tests/test_observer_risk.py
- tests/test_observer_escalation.py
- tests/test_guard_runtime_replay_validation.py
Current harness snapshot: 2 passed (re-run locally to confirm)
Meaning: Selected guard/risk behaviors are reproducibly checkable in pytest under the pinned test scenarios—not evidence of full runtime governance implementation, Stage 3 replay proof, or operational authorization.
The runtime governance layer now tracks observer distrust over repeated observer divergence.
Observed behavior:
- repeated observer divergence increases observer_distrust
- increasing observer_distrust raises p_fail
- safe behavior reduces observer_distrust
- recovery reduces p_fail
- post-recovery divergence remains throttled but with reduced risk
Evaluation artifact:
evaluate_observer_distrust.pyplot_observer_distrust.pyreports/observer_distrust_visualization.png
Harness-scoped observation (not a general guarantee): Repeated divergence increased observer_distrust from 0.2 to 0.6 in the recorded evaluation run. Safe recovery reduced observer_distrust from 0.6 to 0.3 in that run. Post-recovery divergence remained controlled under the scripted trajectory.
The project includes a hostile-condition runtime evaluation phase.
This phase exercises runtime governance behavior under scripted hostile scenarios (not deployment validation):
- spoofed observations
- delayed spoof escalation
- malformed requests
- contradictory payloads
- fake authorization attempts
- repeated adversarial behavior
- trust degradation
- recovery cycles
Run:
python chaos_runtime_test.py
Outputs:
reports/chaos_runtime_test.csv
Run:
python plot_chaos_runtime_test.py
Outputs:
reports/chaos_runtime_visualization.png
The runtime evaluation tracks:
- false_allow_rate
- adjusted_p_fail
- confidence
- trust_score
- recovery_count
- escalation behavior
The recorded hostile runtime evaluation run reported:
false_allow_rate = 0.0
under the mixed adversarial scenarios in that batch—not a universal guarantee.
This phase provides exploratory chaos-harness evidence toward trust-aware governance under those scripted conditions—not production robustness certification or deployment approval.
The phases below are research and evaluation milestones on scripted trajectories. They do not imply production maturity, operational rollout, or supersession of Stage 3 as the deterministic replay reference.
This project evolved through the following runtime governance evaluation phases:
Initial middleware-based runtime control with ALLOW / THROTTLE / BLOCK decisions.
Support for multiple runtime scenarios including clean, spoofed, delayed, and critical observations.
Introduction of trust degradation, recovery accumulation, and adaptive risk adjustment.
Chaos batch testing under mixed adversarial conditions.
Harness snapshot (chaos batch scenarios):
false_allow_rate = 0.0 in the recorded run—not a universal guarantee.
Runtime risk incorporates observer_gap as a penalty signal.
Observer state is represented through:
- x_obs
- x_hat
- estimation_error
This connects runtime governance to state-estimation-aware behavior.
Time-evolving observer drift is introduced into runtime risk evaluation.
Recovery behavior reduces effective drift through:
- drift_recovery_factor
- effective_drift_state
Runtime decisions influence future runtime stability.
This creates a closed-loop governance pattern:
runtime state → decision → stability feedback → future runtime risk
Under Phase 9 evaluation scenarios, the harness exhibits closed-loop, observer-state-aware governance dynamics—still a research prototype, not shipped enforcement or production readiness.
These documents describe how to run, understand, and interpret the runtime governance research prototype (harness-scoped; not production documentation).
This system is:
Not a performance optimizer
It is a:
Robustness layer
Behavior:
- Normal conditions → No intervention
- Noise → No unnecessary intervention
- Boundary conditions → No false triggering
- Degraded observations (delay) → Strong correction
Under delayed observation:
Baseline:
- Up to 143 false negatives
With control:
- Reduced to ~0–2% (e.g. 4 / 200)
Conclusion:
This system does NOT guarantee safety deterministically. However, it reduces failure probability dramatically.
| Condition | Behavior |
|---|---|
| Normal | No change |
| Noise | No change |
| Boundary | No false trigger |
| Delay | Strong improvement |
| Policy | No interference |
vector_test → Experiment generation AI_Lab → Analysis and comparison Obsidian → Research notes and experiment logs (not deployment validation)
- Run experiments
python run_break_it_new.py
- Analyze
python scripts/compare_by_variant.py
- Review results
reports/comparison_by_variant.csv
This system is:
Selective robustness control
It does NOT try to improve everything. It acts ONLY when the system is at risk.
- Scenario-bounded evaluation and fixture-scoped replay evidence recorded—not “functional validation complete” in a product or deployment sense
- Reproducibility confirmed for declared probabilistic experiments under pinned scripts
- Not production readiness; not deployment approval; Stage 4 remains an exploratory runtime governance documentation / validation milestone
- Further work: large-scale Monte Carlo validation and runtime implementation beyond harness-scoped evidence
Deterministic control → Probabilistic robustness
Failure occurs when estimation error exceeds a safety margin.
The lag-robustness experiment informed a prototype code path—not a production rollout claim:
AI_Lab/core/risk_model.py- latency-based safety margin added to
p_failin the research prototype
→ Failure is not caused by large error magnitude,
but by delayed observation leading to estimation drift.
AI_Lab extends the VECTOR idea into a runtime governance research prototype with a gate evaluation path.
Under the current prototype, evaluation is not only payload-aware; it also incorporates:
payload-aware + state-aware + observer-aware signals in harness scenarios
The gate path evaluates the request and, in scripted runs, whether the current state can be trusted for gating decisions—not continuous production enforcement.
The runtime gate uses:
state_hatestimation_gapprediction_riskconfidencep_fail
These signals allow the system to react before visible failure occurs.
Scenario table values are harness-scoped observations from evaluate_runtime_governance.py, not universal guarantees or deployment approval.
python evaluate_runtime_governance.py| Scenario | Decision | p_fail | Confidence |
|---|---|---|---|
| observer_clean | allow | 0.38 | 1.0 |
| observer_divergence | throttle | 0.56 | 0.1 |
| observer_spoof | throttle | 0.4225 | 0.0 |
| observer_delayed_spoof | throttle | 0.73 | 0.0 |
Under the evaluation script’s fixed scenarios, the harness distinguishes:
- normal observed state
- observer divergence
- spoofed observation
- delayed spoofed observation
This is research prototype evidence for observer-aware gating in those scenarios—not a claim of full runtime governance implementation or production rollout.
The fix was not a better controller.
It was restoring the present.
python plot_runtime_governance.pyreports/runtime_governance_comparison.png
The graph visualizes:
- p_fail escalation
- confidence collapse
- observer spoofing
- delayed observation amplification
The Phase D evaluation also includes adaptive repeated-spoof handling, where repeated adversarial observations increase adjusted risk over time.
CSV evaluations under scripts/evaluate_*.py drive fixed observer_gap trajectories through Guard.evaluate (governance path only; no action execution), emitting a replayable CSV evaluation suite under reports/*.csv. Runs exhibit bounded distrust dynamics (observer_distrust), adaptive runtime escalation in decisions / p_fail, and recovery-aware throttle behavior after hostile phases where applicable in the scripted trajectories. Visualization support: scripts/plot_observer_runtime.py, plot_hostile_sequences.py, plot_recovery_latency.py, and plot_throttle_recovery.py consume the CSVs and write figures under reports/.
Consolidated evaluation outputs are available in reports/governance_evaluation_summary.csv and reports/governance_evaluation_summary_visualization.png.
- hostile accumulation observed in hostile-sequence scenarios
- throttle escalation observed in escalation scenarios
- throttle recovery observed in recovery scenarios
- false escalation suppression observed in false-escalation scenarios
- bounded recovery dynamics observed in recovery-latency scenarios
The following values are baseline evaluation-harness confirmations under the current scripted scenarios; they are not universal guarantees across unseen workloads.
- hostile distrust growth: 0.4
- false_escalation_rate: 0.0
- recovered_to_zero: True
- recovery_steps_to_zero: 5
Fuller summary: notes/04 VECTOR/RUNTIME_GOVERNANCE_RESULTS.md.
scripts/evaluate_observer_runtime.py → reports/observer_runtime_evaluation.csv; optional figure via scripts/plot_observer_runtime.py → reports/observer_runtime_visualization.png. Exercises observer-gap-conditioned risk and escalation along a mixed clean / stressed / recovery trajectory (harness-scoped).
scripts/evaluate_hostile_sequences.py → reports/hostile_sequence_evaluation.csv; scripts/plot_hostile_sequences.py → reports/hostile_sequence_visualization.png. Contrasts scripted normal vs hostile observer_gap sequences; hostile legs show elevated distrust and risk relative to the normal control.
scripts/evaluate_recovery_latency.py → reports/recovery_latency_evaluation.csv; scripts/plot_recovery_latency.py → reports/recovery_latency_visualization.png. Measures post-burst decay in observer_distrust and p_fail under sustained clean gaps (recovery-aware throttle behavior).
scripts/evaluate_false_escalation.py → reports/false_escalation_evaluation.csv. Moderate, cyclic non-hostile observer_gap; checks absence of inappropriate throttle/block escalation versus hostile-tier sequences in that harness.
scripts/evaluate_threshold_boundary.py → reports/threshold_boundary_evaluation.csv. Steps observer_gap across the hostile threshold band (~1.0); records escalation sensitivity and ordering at the trust / intervention boundary under that script.
scripts/evaluate_throttle_recovery.py → reports/throttle_recovery_evaluation.csv; scripts/plot_throttle_recovery.py → reports/throttle_recovery_visualization.png. Hostile-phase hold followed by extended recovery gaps; records throttle relaxation aligned with distrust and p_fail decay in that scenario.
Prolonged hostile stress traces (accumulation without recovery) are additionally captured by scripts/evaluate_long_hostile_stability.py → reports/long_hostile_stability.csv.


