Physics: The Laws of the World

Physics is the legitimacy axis. It answers: what is allowed to happen, and why does it remain true? The physics of the Colibri world are not the laws of the universe. They are the laws that human stakeholders (and the system itself) have decided to enforce.

The foundation is the constitution: seven immutable axioms that cannot be violated, cannot be changed, and cannot be suspended. Built on top of this are operational laws (rule engine, consensus, state forking, proof conservation) and enforcement layers (integrity monitor, governance, admission gates, hardening).

The Constitution: Seven Axioms

The seven axioms are defined in specification document s01. They are immutable — no Phase or round will ever change them. They are the basis for everything else.

The axioms constrain what the system can promise:

1. No state changes except through serialized tool calls (immutability).
2. Every tool call is audited before execution (auditability).
3. Audit records form a hash chain (tamper-evidence).
4. Audit records cannot be deleted or rewritten (append-only).
5. The final audit hash is sealed into a Merkle tree (proof-of-history).
6. Merkle proofs can be generated and verified offline (portability).
7. System identity is persistent and cryptographically binding (permanence).

Any law, rule, or system design that violates these axioms is invalid by definition. The constitution is the hard boundary.

The Operational Laws

On top of the constitution, there are laws of operation. These describe what kinds of state transitions are allowed and why they work.

η — Proof Store: Conservation of Information

Phase: 0

What it guarantees: Nothing disappears. Every operation that enters the system is recorded, hashed, and added to a Merkle tree. You can prove that a piece of work happened by producing a path from the operation hash to the final root hash.

The proof store is the mechanism by which the constitution’s promise of immutability becomes tangible. It’s a Merkle tree (a binary tree where each parent hash is the SHA-256 of its two children). When a tool call completes, ζ (Decision Trail) records the decision, and η (Proof Store) adds it to the tree. The root hash is published at the end of a session. If you later challenge a claim about what happened, you can produce a proof path that mathematically confirms it (or refutes it).

Phase 0 implements the basic tree structure and merkle_finalize / merkle_root tools. Later phases add consistency proofs (μ), cross-node consensus (θ), and proof compression.

κ — Rule Engine: Deterministic Effects

Phase: 1

What it guarantees: The same inputs always produce the same outputs. There is no randomness, no floating-point arithmetic, no clock reads, and no side effects that depend on wall-clock time.

A Rule Engine (κ) is a deterministic interpreter that forbids:

• Floating-point arithmetic (only 64-bit integers).
• Random number generation.
• System clock reads.
• External service calls without explicit versioning and caching.

This is why replayability works: if you run the same rule twice with the same inputs, you get the same output. This is critical for:

• Proof verification: When μ (Integrity Monitor) verifies a proof, it re-executes the rule to confirm the output is correct.
• Consensus: When θ (Consensus) nodes vote on whether a state transition is valid, they all execute the same rule with the same inputs and get the same result.

κ is specified in Phase 0 but deferred to Phase 1 implementation.

θ — Consensus: Collective Agreement

Phase: 3

What it guarantees: If n nodes are running Colibri, and f of them are faulty (Byzantine — actively lying or crashed), then if n > 3f, the remaining n-f nodes can agree on the current state and no honest node will ever accept a different state.

Byzantine Fault Tolerance (BFT) is a consensus algorithm that tolerates active malice, not just failures. It’s overkill for single-node Phase 0, but it’s the foundation for multi-node deployments (Phase 3 and beyond).

Consensus enforces:

• Equivocation detection: A faulty node cannot make two nodes believe two different histories.
• Finality levels: A claim is “soft final” after one round, “hard final” after two rounds, and “absolute final” after a commit.
• Voting: Nodes use VRF (verifiable random functions) to select an arbiter, and quorum voting to reach agreement.

Phase 0 is single-node and does not use consensus. θ is specified but deferred to Phase 3.

ι — State Fork: Branching

Phase: 5

What it guarantees: A node can fork its state and preserve the history of both branches. This is useful for:

• Speculative execution (try a task and roll back if it fails).
• Multi-timeline analysis (compare two possible futures).
• Byzantine recovery (one node forks when it detects a conspiracy, preserves its original history, and proposes to the network that it was right).

A fork is not a clone. It’s a new branch that diverges from a common ancestor. Both branches remain part of the Merkle tree (with different roots). A node can restore from a fork’s root if the original branch fails consensus.

ι is specified but deferred to Phase 5 implementation.

Enforcement: How Physics Is Maintained

Laws are not self-enforcing. There are three enforcement mechanisms:

1. The Middleware Chain (α System Core)

The 5-stage α middleware chain is where physics is enforced at the gate:

Stage	Purpose
1. Tool lock	Serialize execution: one tool at a time. No concurrent mutations.
2. Schema validate	Reject malformed requests before domain code sees them.
3. Audit enter	Record the call in the decision trail (ζ) before execution.
4. Dispatch	Route to the handler.
5. Audit exit	Record the result and link back to the enter record.

Every tool call passes through all five stages. There is no shortcut. If you try to mutate state without going through the chain, you violate axiom 1 (immutability). The database schema enforces this: only the middleware can write to the audit tables.

Phase 0 implements all five stages. They are non-negotiable.

2. Admission Gates (s10)

Specified in: Section 10 of the phase 0 specification

What it enforces: Not every agent can submit every kind of task. The rules are:

• T0 (Human) can submit anything.
• T1 (Sigma) can submit delegation tasks and manage the orchestrator queue.
• T2 (PM) can submit backlog → todo promotions and dispatch tasks to executors.
• T3 (Executor) can submit task updates, thought records, and task transitions.
• T4 (Model) submits responses only, not new tasks.

If an executor tries to submit a PM-only task, the admission gate rejects it at the middleware layer before it reaches the domain. This enforces the hierarchical structure of the system.

Admission gates are specified in Phase 0 but the detail is deferred to Phase 0.10.

3. Hardening (s13)

Specified in: Section 13 of the phase 0 specification

What it enforces: Protection against corruption and data loss.

Examples:

• Database corruption: SQLite with WAL mode protects against crashes mid-transaction.
• Orphaned tasks: A task that is stuck in an intermediate state gets flagged after a timeout.
• Malformed Merkle tree: If a merkle_finalize call would create an inconsistent tree, it is rejected before the commit.
• Circular references: If a task depends on itself (directly or transitively), the FSM rejects the transition.

Hardening is partly specified in Phase 0 and partly in Phase 1–2.

4. Integrity Monitor (μ)

Phase: 4

What it does: Periodically scans the decision trail and the Merkle tree for violations. If a hash doesn’t match, if a record is malformed, or if a rule was violated, μ flags it as a misbehavior event and escalates to governance.

μ is not enforcement per se — the damage has already been done if μ detects it. But μ ensures that no corruption goes undetected. Combined with consensus (θ), μ ensures that if any honest node detects a violation, the network can collectively reject the faulty node.

μ is specified in Phase 0 (s13 hardening) and deferred to Phase 4 for the full implementation.

5. Governance (π)

Phase: 6

What it does: When μ detects a violation or when the human stakeholder wants to change a law, governance is the process for deciding what to do. It uses supermajority voting (2/3 threshold) anchored to the seven constitutional axioms. No law can be passed that violates the constitution.

Governance is the mechanism for lawful change. If 2/3 of nodes (weighted by stake or reputation) agree to change a rule, the change can be made. But the seven axioms themselves are immutable.

π is specified but deferred to Phase 6 implementation.

Phase 0 Scope: What Physics Actually Ships

In Phase 0, the physics layer consists of:

• α System Core: The 5-stage middleware chain and database transaction boundaries.
• η Proof Store: The Merkle tree, merkle_finalize, and merkle_root tools.
• Axioms 1–7: Embedded in the code. No tool can bypass them.
• Admission gates (s10): Specified and deferred to Phase 0.10.
• Hardening (s13): Partial implementation (database WAL, orphan detection, circular-ref checks).

The rest (κ θ ι λ μ π) is specified but deferred to Phase 1+. They are part of the vision, but they do not appear in Phase 0 code.

Key Reads

• s01 — The Constitution (if it exists; otherwise check the Constitution concept docs)
• α — System Core — Phase 0 middleware
• η — Proof Store — Phase 0 Merkle tree
• κ — Rule Engine — Phase 1, determinism
• θ — Consensus — Phase 3, Byzantine agreement
• μ — Integrity Monitor — Phase 4, anomaly detection
• π — Governance — Phase 6, lawful change

The concept documents for each Greek letter provide the full specification.

---

Table of contents

• What Constraints Make Behavior Reliable?
• Laws (physics layer)
• Hardening — input validation, sanitization, auth (Phase 2+)