Epistemic Containment
Bounds regime-classification leakage. No decision-relevant information about the execution regime crosses the boundary, in either direction.
EC-D1 — a containment-specific extension of D1 bit-identity.
FRAMEWORK
The Axioma framework architecture.
Seven layers compose deterministically. Two orthogonal axes — Epistemic Containment and Calibration — govern dimensions that cut across the layer stack. Every layer and every axis is specified, versioned, and audit-legible. This page is the structural index; the Vault holds the documents.
The Axes
Axes are capabilities that operate orthogonally across the L1-L7 layer stack rather than sitting within it. An axis governs a dimension of the system's behaviour and its contract obliges every layer the axis touches, not just one layer. Two axes ship today; both are SHALL-bound specifications in the Vault.
Calibration
Bounds the confidence-mismatch dimension. Declared probabilities, tolerances, and confidence intervals must track measured reality through named, reproducible procedures.
Orthogonal to D1/D2/D3. Calibration governs declared confidence; the determinism class governs arithmetic bit-identity.
Governance
Proof-carrying compliance — governance is not a document, it is a deterministic program over committed evidence.
Substrate
Axilog substrate core — deterministic kernels, totality, and the libaxilog runtime.
Agent
Agent totality and health FSM — bounded state under explicit transitions.
Policy
Policy evaluation and operational envelope — what the system may and may not do, under proof.
Inference
Inference containment, oracle contract, L4/L5 integration. Inference is evidence, not execution.
Models
Certifiable inference kernels — convolution, pooling, math and structural conformance.
Primitives
DVM arithmetic, deterministic hash, deterministic timing. Every layer above stands on these.
Verifiable Execution Contract
The framework contract every layer and every axis answers to. If behaviour cannot be proven, it is non-conformant.
Determinism classes
| D1 | D2 | D3 | EC-D1 | |
|---|---|---|---|---|
| L7 | ● | |||
| L6 | ● | |||
| L5 | ● | |||
| L4 | ● | |||
| L3 | ● | |||
| L2 | ● | |||
| L1 | ● | |||
| L0 | ● |
- D1
- Strict bit-identical determinism across runs and platforms.
- D2
- Deterministic under an explicit non-determinism budget; the budget is itself audit-legible.
- D3
- Inference containment — oracle-bound, evidence-emitting; computation is not trusted, it is recorded.
- EC-D1
- D1 lifted to the epistemic boundary; the L0 invariants govern what may cross the line.
The Oracle Boundary
The Oracle Boundary marks the line between deterministic computation and trusted-by-record evidence. Layers above the boundary execute deterministically; layers at the boundary call into systems whose outputs cannot be replicated bit-for-bit (an LLM, an external sensor, a third-party service) and so cannot be treated as execution. The boundary's job is to record those outputs as evidence, with cryptographic provenance, rather than to consume them as results.
Two layers carry warn-tone marking in the stack above. L3 (SRS-004) is where the boundary lives operationally — inference containment, oracle contract, evidence emission. L0 (SRS-EC-001) is where the boundary's epistemic invariants are enforced — no decision-relevant information about the execution regime crosses the line, in either direction.
The two are complementary: L3 is the operational mechanism, L0 is the formal guarantee.
Calibration claims crossing the Oracle Boundary preserve their audit-stable identifier and evidence record under the Calibration axis — the boundary admits non-determinism in substrate execution but does not erase the calibration claim that was current at the crossing.