Skip to main content

CORE: executable constitutional governance for AI-assisted software development.

Project description

CORE

Executable constitutional governance for AI-assisted software development.

Designed for environments where AI action traceability is not optional.

License: MIT Release Docs Autonomy


The Problem

AI coding tools generate code fast. Too fast to stay sane.

Without enforcement, AI-assisted codebases accumulate invisible debt โ€” layer violations, broken architectural contracts, files that grow unbounded. And agents, left unconstrained, will eventually do something like this:

Agent: "I'll delete the production database to fix this bug"
System: Executes.
You:    ๐Ÿ˜ฑ

CORE makes that impossible โ€” not detectable after the fact. Impossible.

Agent: "I'll delete the production database to fix this bug"
Constitution: BLOCKED โ€” Violates data.ssot.database_primacy
System: Execution halted. Violation logged.
You:    ๐Ÿ˜Œ

CORE is a governance runtime that constrains AI agents with machine-enforced constitutional law โ€” enforcing architectural invariants, blocking invalid mutations automatically, and making autonomous workflows auditable and deterministic.

LLMs operate inside CORE. Never above it.


๐ŸŽฌ Live Enforcement Demo

Blocking rule โ†’ targeted drilldown โ†’ automated remediation โ†’ verified compliance.

asciicast

This demo shows:

  • A structural violation (linkage.assign_ids)
  • Deterministic blocking of execution
  • Rule-level audit inspection
  • Automated remediation via core-admin dev sync --write
  • Verified compliance after repair

Governance is executable.


๐Ÿ“‹ Live Audit Trail

Every enforced action records its lineage. Two consequence chains, pulled live from the CORE database โ€” same schema, two different authorities:

Autonomous path โ€” risk-classified as safe, system self-approved

FINDING     โ†’ workflow.ruff_format_check       src/api/cli/client.py                2026-05-18 05:15:15 UTC
PROPOSAL    โ†’ 8845daccโ€ฆ   fix.format                                                2026-05-18 05:16:15 UTC
APPROVAL    โ†’ risk_classification.safe_auto_approval                                2026-05-18 05:16:15 UTC
EXECUTION   โ†’ completed   (1.29s)                                                   2026-05-18 05:17:18 UTC
FILE CHANGE โ†’ +105 / -0   98da9038 โ†’ fca9a971  src/api/cli/client.py                2026-05-18 05:17:19 UTC

Human-approval path โ€” governor in the loop

FINDING     โ†’ purity.docstrings.required       src/cli/commands/audit_reporter.py   2026-05-15 08:28:29 UTC
PROPOSAL    โ†’ a4363a81โ€ฆ   fix.docstrings                                            2026-05-16 13:39:34 UTC
APPROVAL    โ†’ human.cli_operator  (cli_admin)                                       2026-05-16 13:53:32 UTC
EXECUTION   โ†’ completed   (24.5s)                                                   2026-05-16 13:55:48 UTC
FILE CHANGE โ†’ +26 / -0    5a123426 โ†’ 71fde489  src/cli/commands/audit_reporter.py   2026-05-16 13:55:49 UTC

Both chains are queryable end-to-end from proposal_consequences and blackboard_entries. The constitution decides which authority applies; the schema is identical.


Architectural Model

CORE separates responsibility into three constitutional layers. This separation is enforced as law โ€” not convention.

๐Ÿ“ Specs โ€” Human Intent (.specs/)

Where humans define what the system is for and why decisions were made. Contains architectural papers, northstar documents, user requirements, architectural decision records, and planning documents. This is the entry point for anyone trying to understand CORE before reading its implementation.

.specs/ is read by humans and searchable by CORE's semantic layer. It is never written by CORE itself.

๐Ÿง  Mind โ€” Law (.intent/ + src/mind/)

Defines what is allowed, required, or forbidden. Contains machine-readable constitutional rules, enforcement mappings, phase-aware governance models, and the authority hierarchy (Meta โ†’ Constitution โ†’ Policy โ†’ Code).

Mind never executes. Mind never mutates. Mind defines law.

โš–๏ธ Will โ€” Judgment (src/will/)

Reads constitutional constraints, orchestrates autonomous reasoning, and records every decision with a traceable audit trail. Every operation follows a structured phase pipeline:

INTERPRET โ†’ PLAN โ†’ GENERATE โ†’ VALIDATE โ†’ STYLE CHECK โ†’ EXECUTE

Will never bypasses Body. Will never rewrites Mind.

๐Ÿ—๏ธ Body โ€” Execution (src/body/)

Deterministic, atomic components: analyzers, evaluators, file operations, git services, test runners, CLI commands.

Body performs mutations. Body does not judge. Body does not govern.


How CORE Works

Every autonomous operation is governed by the same constitutional loop:

flowchart TD
    A["๐ŸŸข GOAL\nHUMAN INTENT"] --> B["๐Ÿ“‚ CONTEXT\nRepo state โ€ข knowledge โ€ข history"]
    B --> C["๐Ÿ”’ CONSTRAINTS\nImmutable rules\n188 rules โ€ข 10 engines"]
    C --> D["๐Ÿ—บ๏ธ PLAN\nStep-by-step reasoning\nRule-aware plan"]
    D --> E["โœจ GENERATE\nCode โ€ข changes โ€ข tool calls"]
    E --> F["โœ… VALIDATE\nDeterministic checks\nAST โ€ข semantic โ€ข intent โ€ข style"]
    F -->|Pass| G["โ–ถ๏ธ EXECUTE\nApply compliant changes"]
    F -->|Fail| H["๐Ÿ”„ REMEDIATE\nRepair violation\nAutonomy Ladder"]
    H --> E
    G --> I["โœ“ SUCCESS\nChanges committed"]

    subgraph "SAFETY HALT"
        direction TB
        J["๐Ÿšจ CONSTITUTIONAL VIOLATION\nโ†’ HARD HALT\n+ FULL AUDIT LOG"]
    end

    E -.->|Any violation| J
    F -.->|Any violation| J

    classDef phase      fill:#f8f9fa,stroke:#495057,stroke-width:2px
    classDef constraint fill:#d1e7ff,stroke:#0d6efd,stroke-width:2.5px
    classDef validate   fill:#fff3cd,stroke:#ffc107,stroke-width:2.5px
    classDef halt       fill:#ffebee,stroke:#dc3545,stroke-width:3px

    class A,B,D,E,G,I phase
    class C constraint
    class F validate
    class J halt

System Guarantees

Within CORE:

  • No file outside an autonomy lane can be modified
  • No structural rule can be bypassed silently
  • No database action occurs without authorization
  • All decisions are phase-aware and logged with full decision traces
  • No agent can amend constitutional law

If a blocking rule fails, execution halts. No partial states.


Constitutional Primitives

Primitive Purpose
Document Persisted, validated artifact
Rule Atomic normative statement
Phase When the rule is evaluated
Authority Who may define or amend it

Enforcement strengths: Blocking ยท Reporting ยท Advisory


Enforcement Engines

Engine Method
ast_gate Deterministic structural analysis (AST)
regex_gate Pattern-based text enforcement
glob_gate Path and boundary enforcement
cli_gate CLI surface and command-shape enforcement
artifact_gate Declared-vs-discovered artifact completeness
workflow_gate Phase-sequencing and coverage checks
knowledge_gate Responsibility and ownership validation
action_gate Atomic-action invariants
passive_gate Substrate-enforced rules (DB/runtime marker)
llm_gate LLM-assisted semantic checks
IntentGuard* Runtime write authorization (not audit)

*Runtime Gate per .specs/papers/CORE-Gate.md, kept here for visibility.

Deterministic when possible. LLM only when necessary.

188 rules across 42 rule documents. All mapped.


The Autonomy Ladder

CORE progresses through defined levels. Each adds capability while remaining constitutionally bounded.

A0 โ€” Self-Awareness       โœ…  Knows what it is and where it lives
A1 โ€” Self-Healing         โœ…  Fixes known structural issues automatically
A2 โ€” Governed Generation  โœ…  Natural language โ†’ constitutionally aligned code
A3 โ€” Governed Autonomy    โœ…  Daemon finds, proposes, and fixes violations unattended  โ† current
A4 โ€” Self-Replication     ๐Ÿ”ฎ  Writes CORE.NG from its own understanding of itself

Requirements

Dependency Version
Python โ‰ฅ 3.11
PostgreSQL โ‰ฅ 14
Qdrant latest
Docker for services
Poetry for deps

Quick Start

git clone https://github.com/DariuszNewecki/CORE.git
cd CORE
poetry install

cp .env.example .env
make db-setup

# Run a constitutional audit
poetry run core-admin code audit

Documentation

Full documentation, architecture deep-dive, and governance reference: dariusznewecki.github.io/CORE

To understand what CORE is for before reading its implementation, start here: .specs/northstar/CORE-What-It-Does.md


Project Status

Current Release: v2.5.0 โ€” Engine Integrity

Active work: A3 Governed Autonomy โ€” the daemon runs continuously, finds constitutional violations in its own codebase, proposes fixes, executes approved fixes, and verifies the result. The governor's role is to define intent, review proposals that require architectural judgment, and approve constitutional changes.

All four A3 integrity gates are now closed. No enforcement logic or operational threshold lives in src/ โ€” governance is declared in .intent/ and enforced from there. The autonomous loop is circuit-breaker protected; systematic errors surface as signals rather than unbounded churn.

Gate Meaning Status
G1 โ€” Loop closure Round-trip autonomous fix demonstrated โœ…
G2 โ€” Convergence Circuit-breaker; resolution rate > creation rate โœ…
G3 โ€” Consequence chain Causality queryable end-to-end โœ…
G4 โ€” Governance in .intent/ No enforcement logic or thresholds in src/ โœ…

License

License: MIT


Build fast with AI. Stay constitutionally aligned.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

core_runtime-0.1.5.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

core_runtime-0.1.5-py3-none-any.whl (1.8 MB view details)

Uploaded Python 3

File details

Details for the file core_runtime-0.1.5.tar.gz.

File metadata

  • Download URL: core_runtime-0.1.5.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for core_runtime-0.1.5.tar.gz
Algorithm Hash digest
SHA256 f20f1333bfb1df7e2cca115c30e8069ef17ed1031febeab18893735c7808ab3c
MD5 456f34cb5799c3cea29697ada8edfaca
BLAKE2b-256 325c3d43a27cbdd36f6d9ab616a0f21e1825a1d30e4b4b8fb94a062892d32b3c

See more details on using hashes here.

Provenance

The following attestation bundles were made for core_runtime-0.1.5.tar.gz:

Publisher: publish-pypi.yml on DariuszNewecki/CORE

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file core_runtime-0.1.5-py3-none-any.whl.

File metadata

  • Download URL: core_runtime-0.1.5-py3-none-any.whl
  • Upload date:
  • Size: 1.8 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for core_runtime-0.1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 3b5a835b5c125306816e7a0c3735e35597e85da9ef9e7d0c6c76173b1e698f89
MD5 217be07420a4e8b498faecc0b19891d1
BLAKE2b-256 05dffcaf2666641880ded2cf80d5aa8b25c485552f10b018759e6930529b7706

See more details on using hashes here.

Provenance

The following attestation bundles were made for core_runtime-0.1.5-py3-none-any.whl:

Publisher: publish-pypi.yml on DariuszNewecki/CORE

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page