PEL
Governed Process Substrate for AI cognition. Software-enforced operational discipline that turns frameworks-on-paper into closed, audit-grade improvement loops on hardware-attested evidence.
What PEL claims, and what it does not claim
— D-PEL-10, constitutional doctrine
PEL is a software-enforced operational discipline that turns ISO 42001, NIST AI RMF, and AIUC-1 from framework-on-paper into closed, audit-grade improvement loops running on hardware-attested evidence.
PEL does not claim cognition quality from attestation; it claims evidence integrity, control authority, and trend authenticity for the measurement and governance trail that surrounds cognition. PEL does not replace ISO 42001, NIST AI RMF, AIUC-1, or any LLM observability platform; it provides the software-enforced operationalization layer they assume but do not mandate.
Ten doctrines
- D-PEL-01 — Human discipline is insufficient for defect prevention
- D-PEL-02 — Defects are statistical, not anecdotal
- D-PEL-03 — Closure loops require attested evidence integrity
- D-PEL-04 — No metric without provenance
- D-PEL-05 — Invention capture without scope drift
- D-PEL-06 — ISNAD-traceable evidence — every claim chains to source
- D-PEL-07 — Control without ownership is theater
- D-PEL-08 — One-object-one-registry — no dual-class entries
- D-PEL-09 — Every controlled state has owner / relapse / escalation
- D-PEL-10 — Doctrines without software counterparts are aspirations
Three-registry separation
| Registry | Tracks | Anti-sprawl rules |
|---|---|---|
| D-TAX | Defects (manifested failures) | R-D-1 through R-D-7. 5 family ranges. 9-state lifecycle UNSCOPED → CLOSED. |
| L-TAX | Loopholes (structural absences of defense) | R-L-1 through R-L-8. L→D promotion via R-L-5. |
| W-TAX | Waste (consumed resources) | R-W-1 through R-W-7. R-W-4 specifically blocks denominator-tampering — opportunity counts version-pinned, can only tighten on improvement. |
One object, one registry. No dual-class entries. The separation is the contribution; the anti-sprawl governance is what makes it survive eighteen months of operation without decaying into taxonomy theater.
The seven moat layers — verifier state
| Layer | Internal status | Public verifier state |
|---|---|---|
| 1 · Attested substrate | RUNNING | Confirmed at commit a9042b3 (2026-04-13). Verifier script published; cross-references ARS-OMEGA Wall 1. |
| 2 · Enforced control tests | RUNNING | Verified by Auditor packet. 26 tests pass. Validator enforces 19 anti-sprawl rules across 4 registries. |
| 3 · Rendering contracts | SPECIFIED | RC-1 through RC-8 specified in PEL v2.1 §8.8. Phase PEL-3 implementation deadline 2026-06-13. |
| 4 · Chronicle as trend evidence | ACCUMULATING | 2026-04-13 success run → 2026-05-02 live run shows tamper-evident trajectory. Re-run today catches real cadence drift on CTL-102 + CTL-200 by design. |
| 5 · Meta-control / self-audit | RUNNING | Verified by Auditor packet. CTL-META-01 produces 2 findings against today's registry state with named owners and §9.5 escalation paths. |
| 6 · Cross-role governance | RUNNING | Operating under AI Governance v2.2 (sealed 2026-03-31). P0 invariant: Auditor has zero deployment rights. |
| 7 · ISNAD heritage | RUNNING | Founder asset — chain-of-transmission discipline inherited from Mauritanian linguistic-scholarship tradition. Method note forthcoming. |
Layers 2, 4, and 5 are independently verifiable today via the PEL Phase 1 Auditor Packet (sealed 2026-05-02). Reproduction takes under five minutes. Tree hash, run instructions, and live evidence are published in the receipts registry.
The 2026-05-02 live run · FAIL by design
The most important artifact in the PEL Phase 1 packet is the live re-run dated 2026-05-02. It produced:
| Component | Verdict | What this means |
|---|---|---|
| Registry validator (CTL-THREE-OBJECT-01) | PASS | All 19 anti-sprawl rules across 4 registries enforced cleanly. No structural violations. |
| Meta-control audit (CTL-META-01) | FAIL | Two findings: CTL-102 and CTL-200 last verified 2026-04-13; today is 19 days past their per-session cadence budget. |
| Aggregate verdict | FAIL | One failed control fails the aggregate. As designed. |
If the meta-audit had returned green on stale controls, PEL would not be a governed process substrate. It would be a thermometer that reads the same temperature regardless of weather.
This is the second-order property no document copy can claim and no compliance dashboard can simulate. The system catches its own discipline decay. That is what governed process means.
The Rendering Contract pattern
PEL's most generalizable contribution is the rendering contract pattern: software-enforced refusal to publish a claim whose underlying evidence does not support it. The contract is defined by eight rules (RC-1 through RC-8) that govern how metrics with different provisional-status fields render in customer-facing reports. Sovereign override is a first-class, logged, expiring event. Contract test failure blocks publication atomically.
The methodological alpha here is simple: any writing discipline can be converted into a software invariant by giving it a mechanical enforcer, versioning the enforcer, signing the enforcer, and requiring the enforcer to pass before the artifact exists at all.
This is the pattern that turns governance prose into governance machinery. A Tier C original-research piece — "Rendering Contracts: How Honesty Becomes a Software Invariant" — is on the publication queue.
What is independently verifiable today
Every Tier 0 claim on this page is backed by the PEL Phase 1 Auditor Packet. The packet contains:
- 1,883 lines of Python implementation (validator + meta-control audit + schema)
- 1,055 lines of test code (26 tests, all passing)
- 626 lines of registry data (CTL · D-TAX · L-TAX · W-TAX)
- Three independent evidence runs (committed success, committed failure, fresh live re-run)
- Tree hash for independent verification
- Reproduction script (single command, 5-minute runtime, pyyaml-only dependency)