S01 — Constitution
Seven immutable axioms. Cannot be changed without destroying the system.
Axioms
- Append-only events — events are never deleted or modified after creation
- Derived reputation — reputation is computed from event history, never assigned administratively
- No absolute authority — no role can delete events, reset reputation, disable arbitration, or bypass consequences
- Consequence windows — the system issues a sanction intent, the subject gets an admission window to respond, yielding reduces penalties
- Subjective finality — finality is local (per-node validation + signature + counterparty acceptance), not global consensus
- Right to exit — any node may fork at any time (max 10% exit penalty on reputation)
- Technical sovereignty — nodes validate independently and reject state they consider invalid
Protected rules
Rules governing the reputation domain have additional constraints:
- Changes require supermajority >80% approval
- Maximum ±10% parameter change per 6-month window
- 3-stage voting process at 30-day intervals
- Constitutional axioms cannot be modified by any vote
Permanent prohibitions
The following are forbidden regardless of governance vote:
- Administrative access to bypass rules
- Consensus-based event finalization (finality is local, not voted)
- Anonymous reputation resets
- Retroactive rule application
- Machine-only capital sanctions (human must be in the loop)
Implementation Status
⚠ Donor genealogy table — not a Phase 0 claim. The table below was assembled in R40 against the pre-R53 donor AMS runtime (
projects/unified-mcp/src/, deleted R53). Everysrc/path, everyAMS_*env var, and every “spec-only” verdict below is heritage genealogy. Phase 0 Colibri has zero code for any constitutional axiom (legitimacy axis is 33% specified, 0% implemented perdocs/colibri-system.md§3). The constitution will be redesigned againstsrc/domains/governance/(target path) when the legitimacy axis actually ships in Phase 4+ — see ADR-005 and the colibri-system roadmap. When that happens, this table should be rebuilt against the then-current source tree.
Verified against donor AMS source: 2026-04-06 (pre-R53)
| Claim | Status | Notes |
|---|---|---|
| Axiom 1 — Append-only events | Spec-only | No Colibri event store exists in src/. The merkle domain (src/domains/merkle/) provides append-only hash chains for audit sessions, but these serve Colibri session integrity, not a Colibri event log. No DELETE/UPDATE protections on an event table. |
| Axiom 2 — Derived reputation | Spec-only | No reputation model, score computation, or reputation table found in src/ or src/db/schema.sql. |
| Axiom 3 — No absolute authority | Spec-only | Colibri has AMS_SECURITY_MODE (permissive/enforced) and ACL identity (src/config.js), but no Colibri-style role restrictions preventing event deletion or reputation resets. |
| Axiom 4 — Consequence windows | Spec-only | No sanction intent, admission window, or penalty reduction logic found in source. |
| Axiom 5 — Subjective finality | Spec-only | No local-finality or per-node validation logic. Colibri uses centralized SQLite. |
| Axiom 6 — Right to exit (max 10% penalty) | Spec-only | Thread forking exists (src/claude/threads/) but serves conversation branching, not node exit with reputation penalty. No 10% cap implemented. |
| Axiom 7 — Technical sovereignty | Spec-only | No independent node validation or state rejection logic. |
| Protected rules — supermajority >80% | Spec-only | No voting or governance mechanism in source. |
| Protected rules — ±10% parameter change per 6 months | Spec-only | No parameter change tracking or rate limiting. |
| Protected rules — 3-stage voting at 30-day intervals | Spec-only | No multi-stage vote process. |
| Prohibition — admin bypass | Spec-only | AMS_SECURITY_MODE=permissive in dev effectively allows bypass; no Colibri-style absolute prohibition enforced. |
| Prohibition — consensus-based finalization | Spec-only | Not applicable; no consensus layer exists. |
| Prohibition — anonymous reputation resets | Spec-only | No reputation system to reset. |
| Prohibition — retroactive rule application | Spec-only | No rule versioning or temporal enforcement. |
| Prohibition — machine-only capital sanctions | Spec-only | No sanction system; no human-in-the-loop gate. |