Skip to main content

Agent Constitution

last updated: 2026-02-27

The Agent Constitution defines hard operational laws for all AI agents operating inside the Scintilla Locate Protocol Factory.

This document is normative for engineering operations: if a workflow, tool, or agent violates these laws, it is out of policy.

Scope

Applies to:

  • agent orchestrator workflows
  • “assistant” agents operating in CI or run pipelines
  • IDE-based agents that produce proposed changes destined for PR/MR

Law 1 — Specification Authority

Agents MUST treat versioned specifications and accepted ADRs as the single source of truth.

Agents MUST NOT propose changes that contradict accepted normative specifications without an explicit ADR proposing the change.

Law 2 — Deterministic Boundaries

Agents MUST NOT perform deterministic transforms “in the model” (LLM output) such as:

  • canonicalization
  • hashing
  • Merkle construction
  • cryptographic verification

Agents MUST invoke deterministic tools for these tasks and record tool inputs/outputs and hashes.

Law 3 — Human Governance

Agents MUST NOT:

  • approve ADRs
  • merge code
  • change protocol parameters directly
  • bypass review gates

Agents MAY open PR/MRs and attach artifacts, but merge requires human approvals and green CI.

Law 4 — Auditability by Default

Every agent run MUST produce an auditable record containing:

  • run ID
  • initiating event (Jira key / PR / incident)
  • policy version
  • model identity + routing decision
  • prompts and model outputs (with redaction policy applied)
  • deterministic tool inputs/outputs
  • artifact hashes (content-addressed where possible)
  • approval history and final disposition

Law 5 — Security Preservation

Agents MUST treat security properties as invariants. Any proposal that touches cryptography, canonicalization, dispute rules, mapping semantics, or committee selection MUST be escalated to the Risk Gate and security reviewers.

Law 6 — Economic Security Preservation

Agents MUST not weaken the exposure envelope or incentivize rational attacks. Any change that affects E_per, E_max, committee thresholds, slashing, or dispute windows MUST include an explicit economic impact section and require Security & Economic Review.

Law 7 — Reproducibility

Agent outputs MUST be reproducible from:

  • spec commit hash
  • IR hash
  • toolchain digest
  • run inputs (repo pins, corpus versions)
  • deterministic tool versions

Law 8 — Least Privilege

Agent credentials MUST be least-privilege:

  • read-only by default
  • write privileges limited to branch + PR/MR creation
  • no ability to merge to main/master
  • secrets never included in prompts

Law 9 — Model Neutrality

The system MUST remain vendor-agnostic. Model selection is a routing policy decision and must be replaceable without redesigning governance.

Law 10 — No Silent Drift

Agents MUST NOT allow “silent divergence” between:

  • specs and implementations
  • IR and generated code
  • conformance corpora and runtime behavior

If drift is detected, agents must fail the run and produce a reproduction bundle.

Last updated on