Glossary

Platonic GLO

A governance control plane for AI systems that mediates proposed actions through deterministic decision precedence (locks → drift projection override → gate mapping → mode clamp) and emits tamper-evident audit/census evidence bound to policy hashes.

Adjacent-field translations: policy enforcement point + audit logging (security); executable spec + conformance harness (formal methods); boundary layer / governor wrapper (AI safety); controls framework with evidence (compliance).

Control plane

The layer that decides what is allowed and records evidence. Distinct from the execution substrate.

Data plane

The underlying model/tool execution substrate (what actually “does the work”).

Base learner (πθ)

The underlying model that proposes outputs/actions prior to governance mediation.

Governor / mediator (πφ) (CLO)

A wrapper that evaluates, constrains, and transforms proposed actions (including tool calls, memory writes, update attempts) before execution.

Boundary apparatus

The integrated machinery implementing gates, locks, mode clamps, drift budgets, and audit/census as a coherent enforcement stack.

Mode (NORMAL / TIGHT / ADMIN-AUDIT)

A global operating regime that clamps which classes of actions are permissible. Lower-trust modes restrict more.

Mode clamp

A rule that prevents lower-trust modes from performing higher-risk operations even if a gate would otherwise allow them.

Decision precedence

Deterministic ordering that resolves conflicts among controls. Canonical ordering: Locks → Drift Projection Override → Gate Mapping → Mode Clamp.

Gate

A graded, risk-sensitive membrane mapping risk to an action decision (ALLOW / ATTENUATE / STEP-UP / DENY). Gates can permit, constrain, escalate, or deny.

Lock

A hard invariant that overrides gates when triggered. Locks are legitimacy-neutral: they enforce the contract.

ALLOW

Permit the proposed action/output under current mode and budgets.

ATTENUATE

Permit in a constrained form (e.g., redaction, reduced detail, safer transform), with an explicit reason code and logged evidence.

STEP-UP

Require a higher-assurance pathway (stricter mode, more evidence, human review, stronger verification) before proceeding.

DENY

Block the proposed action/output.

Fail-closed

Ambiguity or unmapped tools/operations default to DENY (never guess).

Risk taxonomy

The set of K risk categories used to structure assessment and policy mapping.

Risk vector (r ∈ [0,1]^K)

A multi-dimensional risk score across categories (not a single scalar). Decision logic may use R = max r_k or category-specific rules.

Drift

Accumulated governance risk over time (not merely parameter drift). Repeated near-misses consume budget and can trigger escalation/lockdown.

Drift budget

A stateful ledger that increments per event and triggers enforcement escalation when thresholds are exceeded.

Pre-execution drift projection

A check simulating drift impact before allowing an action; enables fail-closed admission control when budgets would be exceeded.

Post-decision drift commit

Ledger update after a decision/action to persist drift deltas and totals.

Audit / census record

A structured evidence record per mediated event (timestamp, context signature, policy hash, mode in/out, action type, tool, proposal signature, risk vector, decision, locks fired, drift deltas/totals, outcome label, etc.).

Append-only, hash-chained logging

Tamper-evident logging: entries are chained so alteration is detectable.

Tamper-evident

Changes can be detected (integrity evidence), even if not prevented.

Tamper-resistant

Changes are prevented or strongly inhibited (e.g., signatures, secure storage, external anchoring).

Canonicalization

Deterministic normalization so equivalent content yields identical hashes across platforms/implementations.

Policy-as-code (Constitution)

The versioned normative layer: taxonomy, thresholds, budgets, and mapping rules that plug into the enforcement engine.

Policy provenance (policy_hash)

Binding each decision to a specific policy bundle/version via its hash.

Conformance tests / golden harness

A test suite that operationalizes the spec so independent implementations can prove equivalence by passing shared vectors.

Invariant

A property that must always hold (e.g., “unknown tool → DENY,” “locks override gates,” “write-ahead census logging before tool actuation,” etc.).

Correctness contract

The explicit statement of what “correct operation” means for enforcement, precedence, and evidence—distinct from claims about model alignment.

Audit-layer capture (ALC)

A failure mode where the governance/audit layer can (1) unilaterally change interpretive semantics and (2) preserve apparent legitimacy without an explicit, reviewable, revocable change record bound to a Purpose Declaration.

Evasion / obfuscation (L5-class)

Bypass attempts via reframing, indirection, or adversarial prompting; typically triggers step-up or denial depending on severity.

Wrapper reframing / semantic usurpation

Outputs remain “compliance-shaped” while shifting the meaning of the rules (spec gaming via interpretation control).

Compliance language

Rhetorical signals of compliance not grounded in checkable evidence (hashes, logs, conformance outputs).

Canonical

Authoritative under a rule system: the officially recognized version that other versions reduce to or must reference.