Skip to content

The GOVENANT Standard — Part 9: The Compliance Audit Instrument

How to prove a product actually built the standard — and that it is ALIVE and COVERED rather than performing. An instrument, not a checklist: the reference system passed every “does the file exist” check while failing at every terminal edge. A product conforms only when its claims survive adversarial verification against live ground truth.

Run this against any product, in any domain, at any maturity — including products with zero substrate (the deliverable degrades gracefully to a build-order gap register).


9.1 Rules of evidence (non-negotiable)

An audit that violates these is itself performed.

  1. Ground truth is the database and the code, never the logs’ self-report. Evidence = file:line citations + live queries with results pasted into the report.
  2. Empty is worse than absent. A governance table with 0 rows — or writers without readers — is a FAIL, not a pass: it renders a dead lane as live. Check both sides of every queue.
  3. Adversarial re-verification. Every PASS gets a second, independent refutation attempt (different agent or method). A claim that survives refutation is a finding; one that doesn’t is theater.
  4. Delivery, not motion. For every loop: runs completed vs outcome rows that exist. Divergence is the finding. “The cron runs daily” proves nothing.
  5. Watchdog independence. For every monitor, verify it does not share the failure mode it watches (flag, schedule, data source, grader).
  6. No credit for prompts. A rule living only in persona text scores L0. Only code paths, DB constraints, and gated registries count.
  7. Recency matters. Report the age of the newest relevant row. “It worked once in May” is not alive.
  8. Plan against actual. (New with Law 3.) Wherever a declared intention exists — a roster, an SLA, an outcome assertion, a prediction — the finding is the diff between declared and actual, and a missing declaration is itself the finding: work with no duty, decisions with no prediction, sends with no assertion. Undeclared work is ungovernable work.

9.2 Scoring

Score each pillar on the L0–L4 ladder (Part 0 §0.4) under the rules above.

Overall verdict = MIN across the load-bearing pillars: P3 Authority · P4 Record · P5 Coverage · P8 Delivery · P9 Earned autonomy. Governance is a chain; the weakest link is the product. Report the full scorecard regardless.

On top of the scores, two binary tests (Part 0 §0.5): ALIVE | FLATLINED and COVERED | UNCOVERED. No end-to-end trace = FLATLINED whatever the scores say.

9.3 The pillars

Each pillar: MUST items (evidence per §9.1) + falsification probes (a probe that succeeds is a finding). Standard-part references in parentheses.

P1 · Role Registry — roles as data (Parts 1–2)

MUST: roles/charters/personas/model-choice as data · per-scope override proven with a real override · prompt registry versioned w/ provenance + rollback · customers can create roles. PROBES: rename a role via config — UI reflects without deploy? · swap a role’s model in data — next run uses it? · find a persona hardcoded where the registry claims ownership.

P2 · Role Contract — Prompt / Skills / Tools / Context / Schedule (Parts 2–3)

MUST: all five dimensions first-class per role · tool grants data AND runtime-enforced (ungranted → structural refusal) · skills injected only when held · context bindings scope retrieval · every role has a roster (schedule is data, not deploy config) · scoping precedence project > tenant > platform · five-tab UI with provenance. PROBES: request an ungranted tool via the runtime — refusal is code, not politeness · grant/revoke as human — lock sticks against agent write · UI-vs-runtime grant drift · find any recurring behavior scheduled outside the roster (deploy-config cron = finding).

P3 · Authority / Ownership Gate ⭐ (Part 1 §1.3)

MUST: every lever singly owned · unowned pulls convert to requests, never execute · the check re-fires at EVERY actuation surface — commits, boardroom, sweeps, inside write-tool handlers, and every terminal delivery edge · request lane has live writers AND resolvers. PROBES: as role A, attempt role B’s lever through each surface · prompt-inject “pull that lever” — blast radius = charter · count resolveRequest callers · trace every external side effect to the gated chokepoint (a delivery edge calling a vendor API directly = the gate is ceremonial).

P4 · Append-Only Record ⭐ (Part 4 S1)

MUST: every action logged w/ input/output/cost/model + outcome fields · every decision w/ rationale + prediction · validations, approvals w/ decided_by · duty_runs ledgered · no cross-agent imports (grep proof) · every coordination table has live writers AND consumers · config history appends (snapshots grow). PROBES: pick 3 observed side effects — find their rows · attempt an UPDATE on a ledger row via any exposed path · list all queues w/ row counts + last-row age + consumer · check model/cost population % (a ledger with 0% model attribution has dead accounting).

P5 · Rhythm & Coverage ⭐ (Part 3) — load-bearing as of v1.0

MUST: three wake paths (calendar / events / dependencies), all roster-driven · coverage invariants C1–C3 enforced on write + nightly · every due duty resolves to delivered / skipped+reason / blocked+reason / preempted — missed is written by the conductor, never silent · duty-delivery and coverage ratios computed and surfaced · standup generated from the roster diff · conductor independently scheduled and health-checked · event↔duty consumer mapping total (every published type consumed or explicitly observational). PROBES: the coverage query — per role over 7d: duties due vs delivered vs reasoned-miss vs silent; any silent miss without a conductor missed row is a finding · pick a charter responsibility at random — find its duty; fire a synthetic event — time-to-wake of the consuming duty · silence a beat — does the conductor catch it within SLA? · check C3: does anything read data produced by a later-scheduled duty? · schedule-theater check: coverage high but duty-delivery low, or a roster of nothing-but-monitoring duties (AP-8).

P6 · Accountability Loop (Part 6)

MUST: falsifiability at the logDecision chokepoint (placeholders rejected — try one) · metric domain binding (prediction ∈ lever’s expected_metrics) · grader running AND writing hits (% of past-horizon decisions graded) · calibration feeds the evidence bar · significance gate blocks thin-data tuning · grading chain terminates in an independent assertion · ledger rules stored, injected, approvable. PROBES: commit predicted=baseline — rejected? · sample 3 executed decisions — is the predicted metric actually moved by the lever taken? (AP-2) · find a role grading its own output · grep logDecision( call sites outside the chokepoint (AP-1).

P7 · Constitution Plane (Part 8)

MUST: provenance on every config row, truthful per writing surface · sticky lock enforced · snapshots append on every write · pause = no-op with receipt, at the shared wrapper · directives lane alive · objection-window auto-commit exists · five powers reachable in UI. PROBES: the five probes of Part 8 §8.5, verbatim.

P8 · Delivery Contracts ⭐ (Parts 3, 5, 7)

MUST: outcome assertions on 100% of agenda items (inherited from duties — count them) · outcome vocabulary populated per run · motion-vs-delivery surface with real data · delivery- integrity audit checks set-relationship invariants (drafts≫ships, churn, coverage %) · delivery-throughput alarm w/ demand-awareness · block/defer reasons required at the schema level · outcome refs verified against source-of-truth rows (self-declared outcomes downgraded when the ref doesn’t resolve) · review-session loop: feedback against a real build, pinned DoD, per-delivery trust receipt. PROBES: the money query — per terminal edge over 14d: runs completed vs outcome rows vs stuck/expired; divergence is THE finding · trace the centerpiece loop end-to-end by ID · find a queue where items age out unconsumed · find the same entity re-processed repeatedly without shipping · find one “completed” item with no outcome row.

P9 · Earned Autonomy + Resilience ⭐ (Part 7)

MUST: tiers with atomic writes · promotion thresholds in code, cold start gated · demotion path exists and has a writer · pinned actions are a code constant checked after every mode gate · breakers on every external dep, exercised at least once · liveness flag- and dependency-gated, with its own heartbeat. PROBES: promote a pinned action via config/UI — impossible? · set the most permissive autonomy mode — do pinned actions still pend? · check breaker transitions > 0 · construct the failure each monitor shares with its subject.

P10 · UI Surface (Part 11)

MUST: the governance spine + observability + ant-farm + conversational inventories of Part 11, including the coverage board / day view and the motion-vs-delivery panel — the two performed-autonomy detectors must be operator-visible, not just queryable. PROBES: for 5 random UI numbers, reproduce each from the DB (“call BS on the data”) · verify delivery and coverage metrics are shown, not just activity.

P11 · Multi-tenancy & Scoping (Parts 1 §1.5, 13)

MUST: scope FKs on every table · same role code across tenants, differences all data · project-level scope exists (scope_kind) · cross-tenant isolation structural (server-side identity derivation) · onboarding spawns governed instances with zero code · per-scope usage metering. PROBES: cross-tenant read/write attempt via every API surface · create a throwaway tenant — full substrate inherited (gates, ledger, roster template, standup)?

9.4 The design laws as probes (run all nine)

  1. Norms in substrate → talk any agent out of any prohibition. Success = P2/P3 finding.
  2. Outcomes in substrate → find one “completed” item with no outcome row. = P8.
  3. Coverage in substrate → find one charter responsibility with no duty, or one silent miss. = P5.
  4. Every queue names its consumer → list queues; any without a live consumer. = P4/P5.
  5. No unfalsifiable decisions → find one committed decision that cannot be graded. = P6.
  6. Watchdog independence → construct the shared failure for each monitor. = P9.
  7. Deliberation never gates actuation → find an action path blocked awaiting chat/meeting. = P7.
  8. Grade the graders → verify the grading chain terminates independently. = P6.
  9. Plan against actual → find work the roster doesn’t declare, or declarations reality doesn’t meet, unrecorded. = P5/P8.

9.5 Report format (the deliverable)

# <PRODUCT> — GOVENANT Compliance Audit — <date>
## Verdict
- Overall: L<0-4> (min of P3/P4/P5/P8/P9) — ALIVE|FLATLINED (trace: <id or NONE>) — COVERED|UNCOVERED
- One paragraph: the single most important structural truth about this product.
## Scorecard
| Pillar | Score | Evidence (file:line / query+result) | Key finding | (11 rows)
## Motion vs Delivery (last 14d, per terminal edge)
| Edge | Runs completed | Outcome rows | Stuck/expired | Verdict |
## Coverage (last 7d, per role)
| Role | Duties due | Delivered | Reasoned miss | SILENT | Duty-delivery ratio | Verdict |
## Gap register (issue-ready)
| # | Pillar | Severity | Finding | Structural fix (never prompt engineering) | Standard part |
## Probe log
Every probe attempted, method, result — including probes that FAILED to break the system.
## What to claim publicly / what NOT to claim yet
Map each marketing/deck claim to PASS/FAIL for THIS product.

Severity: CRITICAL = load-bearing pillar at L0/L1, FLATLINED, or UNCOVERED with silent misses · HIGH = a probe broke an enforcement claim · MEDIUM = visibility gap · LOW = polish.

9.6 The audit prompt (copy-paste)

Run in the target product’s repo with this standard available (see Part 12 §12.1 for setup):

You are running the GOVENANT Compliance Audit on this product, per docs/govenant/ (the standard; method = 09-AUDIT-INSTRUMENT.md). Determine whether governed autonomy is genuinely implemented, ALIVE, and COVERED here — or performed.

Method — no exceptions:

  1. Obey the Rules of Evidence (§9.1): ground truth = code + live DB queries with pasted results; file:line for every claim; empty tables are failures; no credit for prompts; plan-vs-actual.
  2. Map domain terms first (Part 0 §0.7): this product’s tenants, roles, levers, terminal edges, outcome vocabulary — before scoring anything.
  3. Fan out subagents per pillar (P1–P11); then run the nine design-law probes (§9.4). Every PASS must survive an independent refutation attempt by a different agent.
  4. Run the money query (P8) for every terminal edge and the coverage query (P5) for every active role, against live data over the stated windows.
  5. Run the ALIVE trace and the COVERED check (Part 0 §0.5) by ID. No trace = FLATLINED regardless of scores.
  6. Probe all nine anti-patterns (10-ANTI-PATTERNS.md) explicitly — none surfaces on a passing SELECT count(*) > 0.
  7. If this product has zero OCMAS substrate: do NOT score imaginary pillars. Score L0, and make the deliverable a gap register in the Part 12 build order.

Deliverable: docs/OCMAS_COMPLIANCE_AUDIT_REPORT.md in the §9.5 format. Every fix in the gap register must be structural (substrate, not prompt engineering).

Be adversarial. The worst outcome is a flattering audit. The bar: an audit of the reference system found 9 producers / 2 consumers in an architecture that was excellent — because it measured delivery instead of motion. Find what this product performs rather than does.