Appearance
Stage 3b: Governance 🛡️
Structural changes gated by Build/Fuse mode. The organism grows safely.
Status: ✅ Complete Tests: 58/58 passing (at this stage) New organ: Shield (src/shield/)
The Problem
In Stage 3a, any user could trigger Axiom to create agents, delete them, reassign skills — dangerous in production. No audit trail. No safety net.
The Solution: Build/Fuse Mode
Two system-wide modes govern what's allowed:
| Mode | Structural changes | Operational changes |
|---|---|---|
| BUILD | ✅ Allowed | ✅ Allowed |
| FUSE | ❌ Blocked | ✅ Allowed |
Default for new organisms: BUILD. Fresh organism needs to be built. Typical lifecycle: BUILD → setup → FUSE (operational) → BUILD (for changes) → FUSE
What's New
Shield Module
src/shield/
├── governance.ts Mode state + structural audit log
└── gate.ts Wraps skills, enforces mode, audits executionsNew Tool: set_mode
Switch modes with a reason:
set_mode(mode: "build" | "fuse", reason: "setup complete")Gate Wrapper
Every skill goes through a gate. Structural skills check the mode:
typescript
// If structural and mode is FUSE:
// → Returns: "Structural skill 'add_agent' blocked in FUSE mode"
// If non-structural:
// → Executes normally
// On successful execution of structural skill:
// → Audited: who (actor), what (skill), input, mode, traceAudit Log
Every structural change is logged:
- Which user triggered it
- Which agent executed it
- What input was provided
- Which mode the system was in
- Trace ID for cross-referencing
Structural vs Operational
| Skill | Structural? | Why |
|---|---|---|
add_agent | ✅ | Creates new agent |
add_skill_to_agent | ✅ | Modifies agent config |
remove_agent | ✅ | Deletes agent |
grant_collection_access | ✅ | Changes access control |
set_mode | ❌ | Governance itself |
send_message | ❌ | Operational |
create_task | ❌ | Operational |
add_contact | ❌ | Operational |
store_data | ❌ | Operational |
Example Flow
User (in FUSE mode): "Create an agent to handle X"
Axiom: "I'm in FUSE mode. Should I switch to BUILD to make this change?"
User: "Yes"
Axiom: set_mode(build, reason="add new agent")
Axiom: add_agent(...) → audited: actor="User", mode="build"
Axiom: "Created agent X. Switching back to FUSE."
Axiom: set_mode(fuse, reason="setup complete")Code: The Gate
typescript
// src/shield/gate.ts
export function gateSkill(skill, structural, governance, auditContext) {
if (!structural) return skill; // No gating for operational
return {
...skill,
execute: async (input) => {
const mode = await governance.getMode();
if (mode === "fuse") {
return `Structural skill "${skill.name}" blocked in FUSE mode.`;
}
const result = await skill.execute(input);
await governance.auditStructural({...});
return result;
},
};
}Why This Matters
Before: "Anyone can modify anything at any time" (chaos)
After: "Changes require explicit intent" (safety)
BUILD mode = "I'm making changes, go ahead"
FUSE mode = "Lock it down, just operate"The organism can grow AND stay safe. Intent is explicit. Every structural change is logged. Accidental destruction is prevented by default.