MORPHISM: Mathematical Exposition¶
NON-NORMATIVE. This document is explanatory. It does not override or extend governance requirements. Enforceable invariants are in docs/governance/MORPHISM.md.
Purpose¶
This document provides a mathematical framing for the governance model. It is a thinking tool — useful for understanding why the invariants are structured as they are, and for reasoning about new edge cases. It is not a policy document.
0. Axioms (semi-formal)¶
The seven Kernel invariants (morphism-kernel.md) are the axiomatic layer. Below, each is restated in semi-formal predicate form. Notation: $s, s'$ range over system states; $f$ over transitions; $\tau$ over execution traces; $\mathcal{C}$ is the category of context; $E$ is the entropy functor; $\mathcal{R}$ is the refusal functor.
| Id | Name | Semi-formal statement |
|---|---|---|
| I-1 | One Truth Per Domain | $\forall$ governance assertion $a$: $\exists !$ canonical source $c$. Every derived artifact references $c$; no restatement of $a$ elsewhere. |
| I-2 | Drift Is Debt | $\forall$ canonical source $c$, consumer $d$: if $d \neq c$ (content or hash), then drift. Drift $\Rightarrow$ block merge. Stale atoms re-extracted within one release. |
| I-3 | Observability | $\forall$ decision that changes governance state: $\exists$ immutable trace (commit with ticket, ADR, or SSOT registry update). Silent changes forbidden. |
| I-4 | Scope Binding | $\forall$ protocol $P$: $P$ declares what it does not govern. Implicit scope expansion = violation. |
| I-5 | Entropy Monotonicity | $\forall$ admissible $s \to s'$: $E(s') \leq E(s) + \epsilon$. Maturity score must not decrease below threshold without recorded exception. |
| I-6 | Refusal as Structure | $\mathcal{R}(s,f) \in {\text{Admit}, \text{Refuse}}$; cost of Refuse = O(1); Refuse emits structured, actionable output. Silent pass that masks failure forbidden. |
| I-7 | Minimal Authority | Permissions = smallest admissible unit ("can do X in context Y"). CODEOWNERS covers all critical paths. "Owns everything" only for repo owner. |
Independence (informal): Each invariant addresses a distinct concern (truth, drift, trace, scope, entropy, refusal, authority). No invariant is derivable from the others without additional operational assumptions. No circularity: Tenets depend only on these invariants; invariants do not reference tenets.
I. The Category of Context¶
Let $\mathcal{C}$ be a category where:
- Objects are system states $s = (D, M, E)$: Data, Metadata, Entropy signature
- Morphisms are valid transitions $f: s_1 \to s_2$ that preserve governance structure
- Composition requires the Read–Verify–Execute sequence: $(g \circ f)$ is valid iff both $f$ and $g$ complete all three phases
A morphism is admissible if it satisfies: 1. Observability — the transition is fully auditable 2. Reversibility — state can be reconstructed to the decision point 3. Coherence — metadata remains consistent with the execution path
II. The Entropy Functor¶
Define $E: \mathcal{C} \to \mathbb{R}_{\geq 0}$ as:
$$E(s) = -\sum_{i} p_i(s) \log p_i(s) + \lambda \cdot \text{scope_drift}(s)$$
Where: - The first term is Shannon entropy of decision distributions in state $s$ - The second term penalizes implicit scope expansion - $\lambda$ is the organizational risk coefficient
Entropy constraint: $E(s_2) \leq E(s_1) + \epsilon$ for any admissible morphism $s_1 \to s_2$.
In practice this maps to Kernel Invariant I-5 (Entropy Monotonicity): maturity_score.py approximates $E$ across 10 measurable governance dimensions.
III. The Governance Monad¶
The Governance Monad $\mathcal{G} = (G, \eta, \mu)$ over $\mathcal{C}$:
$$G(s) = {\text{execution traces } \tau : s_0 \xrightarrow{\tau_1} \cdots \xrightarrow{\tau_n} s \mid \text{each } \tau_i \text{ is admissible}}$$
Unit: $\eta(s) = {s_0 \to s \text{ via identity}}$ — every state has a valid origin trace.
Bind: For $\tau \in G(s_1)$ and admissible $f: s_1 \to s_2$: $$\tau \bind f = {\tau \cdot f : \tau \in G(s_1),\; f \text{ satisfies Verify phase}}$$
Monad laws enforce protocol discipline: 1. Left identity: $\eta(s) \bind f = f(s)$ — initializing then acting equals acting 2. Right identity: $\tau \bind \eta(s_2) = \tau$ — clean termination adds no overhead 3. Associativity: $(\tau \bind f) \bind g = \tau \bind (f \bind g)$ — composition order is canonical
The practical consequence: invalid operations have no type in $G$ and cannot be composed. The structure enforces the protocol without requiring human discipline.
IV. The Refusal Functor¶
$$\mathcal{R}(s, f) = \begin{cases} \text{Admit} & \text{if } f \text{ satisfies Read, Verify, Execute} \ \text{Refuse} & \text{otherwise} \end{cases}$$
Refusal maps to Kernel Invariant I-6: policy_check.py --mode ci implements $\mathcal{R}$ for CI contexts. Cost of refusal is O(1); refusing must not be more expensive than admitting.
V. Ideation Algebra¶
Five operations on admissible morphisms:
| Operation | Formal | Operational meaning |
|---|---|---|
| Sequential composition | $g \circ f: s_0 \to s_2$ | One morphism after another; trace extends linearly |
| Product (parallel scope) | $f \times g: (s_1, s_2) \to (s_1', s_2')$ | Independent contexts; entropy contributions additive |
| Limit (convergence) | $\lim f_i$ | Multiple morphisms reconcile to finest compatible state |
| Coproduct (disjunctive authority) | $[f_1, f_2]: s \to (s_1 \sqcup s_2)$ | One of two valid paths; delegation by disjunction |
| Functor application (policy injection) | $P(f): P(s_0) \to P(s_1)$ | Apply organizational policy across all transitions |
VI. Failure Modes (Derived)¶
| Failure | Mathematical root | Kernel invariant |
|---|---|---|
| Type violation | Morphism output not in $\mathcal{C}$ | I-3 (Observability) |
| Entropy exceedance | $E(s_2) > E(s_0) + \epsilon$ | I-5 (Entropy Monotonicity) |
| Scope drift | Implicit authority expansion | I-4 (Scope Binding) |
| Trace hiding | Missing origin trace in $G$ | I-3 (Observability) |
| Refusal avoidance | Skipping $\mathcal{R}$ / M2 Verify phase | I-6 (Refusal as Structure) |
| Two truths | Multiple canonical sources for same assertion | I-1 (One Truth Per Domain) |
VII. Scaling: Organizational Stratification¶
Tenet 7 (Minimal Authority) applies recursively:
- Level 1 (Individual): operates within morphisms approved by their role functor
- Level 2 (Team): morphisms are products of individual morphisms, constrained by team entropy budget
- Level 3 (Organization): morphisms are limits of team morphisms (finest compatible state)
Scaling property: adding $n$ teams requires $O(n)$ policy specification, not $O(n^2)$ coordination.
VIII. Why the Mathematical Framing Matters¶
The point is not academic formalism. It is:
- Enforcement is automatic — the monad structure means violations cannot be composed; they have no type.
- Entropy is computed, not guessed —
maturity_score.pymeasures it. - Refusal is first-class — $\mathcal{R}$ is a decision boundary, not error handling.
- Scope expansion is forbidden by type — not by hoping people remember.
The seven Kernel invariants and the ten operational tenets that implement them (see governance/INVENTORY.md) are derivable from the category structure. They are not arbitrary rules. Agent behavior (instructions, Read–Verify–Execute, refusal) is specified by these same structures; see the agent-facing expansion governance/agent-kernel-prompt.md. For concrete illustrations of the category, functors E and R, monad G, and ideation algebra in context of the 7 invariants, see governance/MORPHISM.md.
IX. Consistency and coherence¶
The framework has been checked for consistency and coherence (as of 2026-02-17): no statement in this document contradicts the normative Kernel (morphism-kernel.md). The Category of Context, Entropy Functor $E$, Governance Monad $G$, and Refusal Functor $\mathcal{R}$ align with invariants I-3 through I-6; failure modes in §VI map to invariants I-1, I-3, I-4, I-5, I-6. The consistency matrix (theory statement ↔ Kernel invariant ↔ tenet) is maintained in governance/INVENTORY.md §5.
Normative requirements: docs/governance/MORPHISM.md Architectural rationale: docs/adr/002-morphism-governance-model.md