CFAIS Engine Architecture

CFAIS (Constitutional Framework for Autonomous Intelligent Systems) is the runtime evaluation engine inside GRDL. It is runtime-agnostic — the same engine binary runs inside OpenShell, Docker, Kubernetes, or standalone.

Design principles

Deterministic. Every evaluation is a condition tree traversal. Same input, same output, every time. No ML, no randomness.

Stateless. No mutable state between evaluations. All state lives in the EvaluationContext. Safe for concurrent use via Go goroutines.

First-match-deny. Rules evaluated in order. First matching rule with critical/high severity produces deny and stops. Same semantics as firewall rules.

Fail-safe. Errors trigger graceful degradation policy, never panics or silent allows.

Evaluation flow

EvaluationContext arrives
    |
    v
Scope lookup (scoped rules + wildcard rules)
    |
    v (for each rule)
Enforcement check (skip shadow rules)
    |
    v
Condition evaluation (recursive, deterministic)
    |
    match? -- no --> next rule
    |
    yes
    |
    v
Severity: critical/high --> DENY (stop)
          medium        --> ALLOW_WITH_AUDIT (stop)
          low/advisory  --> continue
    |
    v (all rules checked)
ALLOW

Performance

Metric	Value
Single evaluation	< 1 microsecond
Memory	~3 MB
Binary	~6.5 MB
Startup	< 20 ms
Concurrency	Goroutines (no locks needed)

The engine is CPU-bound on condition evaluation. Zero I/O during evaluation.

GRDL Wiki

Home

Getting started

Language

Architecture

Reference

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CFAIS Engine Architecture

CFAIS Engine Architecture

Design principles

Evaluation flow

Performance

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally