Skip to content

CFAIS Engine Architecture

cjags edited this page Apr 3, 2026 · 2 revisions

CFAIS Engine Architecture

CFAIS (Constitutional Framework for Autonomous Intelligent Systems) is the runtime evaluation engine inside GRDL. It is runtime-agnostic — the same engine binary runs inside OpenShell, Docker, Kubernetes, or standalone.

Design principles

Deterministic. Every evaluation is a condition tree traversal. Same input, same output, every time. No ML, no randomness.

Stateless. No mutable state between evaluations. All state lives in the EvaluationContext. Safe for concurrent use via Go goroutines.

First-match-deny. Rules evaluated in order. First matching rule with critical/high severity produces deny and stops. Same semantics as firewall rules.

Fail-safe. Errors trigger graceful degradation policy, never panics or silent allows.

Evaluation flow

EvaluationContext arrives
    |
    v
Scope lookup (scoped rules + wildcard rules)
    |
    v (for each rule)
Enforcement check (skip shadow rules)
    |
    v
Condition evaluation (recursive, deterministic)
    |
    match? -- no --> next rule
    |
    yes
    |
    v
Severity: critical/high --> DENY (stop)
          medium        --> ALLOW_WITH_AUDIT (stop)
          low/advisory  --> continue
    |
    v (all rules checked)
ALLOW

Performance

Metric Value
Single evaluation < 1 microsecond
Memory ~3 MB
Binary ~6.5 MB
Startup < 20 ms
Concurrency Goroutines (no locks needed)

The engine is CPU-bound on condition evaluation. Zero I/O during evaluation.

Clone this wiki locally