What is Morphism?¶
NON-NORMATIVE.
Morphism is a Categorical Governance Framework that applies category theory to automate software governance. It replaces ad-hoc policy checklists with mathematically rigorous invariants, giving teams continuous, auditable assurance that their repositories meet security, compliance, and operational standards.
Why Category Theory for Governance?¶
Governance rules are compositional: policies compose with hooks, hooks compose with CI workflows, workflows compose with security gates. Category theory — functors, natural transformations, sheaf cohomology — provides the exact vocabulary to model these compositions and prove they are consistent. This is not abstraction for its own sake. It gives Morphism two concrete properties that checklist-based tools lack:
- Drift detection with mathematical guarantees. A weighted L-infinity metric (kappa) quantifies how far a repository has drifted from its governance specification. Drift is a number, not a guess.
- Compositional verification. When two governance rules each pass individually, category theory lets Morphism prove they still hold when combined. No interaction surprises.
How It Works¶
Governance Objects¶
Morphism defines seven typed governance objects:
| Object | Purpose |
|---|---|
| Policy | Declarative governance rules (e.g., "all PRs require review") |
| GitHook | Pre-commit and pre-push enforcement |
| CIWorkflow | CI pipeline validation steps |
| SSOTAtom | Single Source of Truth entries — atomic, versioned facts |
| Document | Governed documentation with freshness tracking |
| SecurityGate | Authentication, authorization, and supply-chain checks |
| Runbook | Operational procedures with executable validation |
These objects live in your repository alongside your code. Morphism tracks their relationships as a category and detects when any morphism (relationship) breaks.
The Kappa Metric¶
Morphism computes a weighted L-infinity norm (kappa) across all governance objects. Kappa is a single number between 0 and 1 that represents the maximum governance drift in any dimension. Lower is better. A kappa of 0 means every governance object matches its specification exactly.
Four Verdicts¶
Every governance check produces one of four verdicts with an associated confidence score:
| Verdict | Meaning |
|---|---|
| PASS | All invariants hold. Confidence above threshold. |
| WARN | Minor drift detected. Confidence is marginal. |
| HEDGE | Significant drift. Manual review recommended. |
| FAIL | Invariant violation. Deployment should be blocked. |
Confidence gating prevents false positives: a check does not PASS unless the evidence meets a minimum confidence threshold.
Evidence Tracking¶
Every verdict is backed by typed provenance records — proof witnesses, CI run artifacts, and ledger entries. Morphism does not just tell you something passed; it shows you why, with an auditable chain of evidence.
What You Get¶
MCP Server (19 tools). Morphism exposes its governance engine as a Model Context Protocol server. Any MCP-compatible agent or IDE can call tools for policy validation, drift detection, categorical consistency checks, SSOT verification, and more.
Dashboard. A Next.js application at morphism.systems provides a trace viewer for governance events, real-time drift alerts, and historical kappa trends.
CI Integration. Morphism runs in your CI pipeline as a validation gate. It produces structured verdicts that can block merges, trigger alerts, or feed into compliance reports.
CLI. A command-line interface for local validation, scaffolding governance files, and running the full audit pipeline before pushing code.
Self-Governing. Morphism dogfoods its own framework. The governance rules that ship with Morphism are themselves governed by Morphism, providing a living reference implementation.
Getting Started¶
Install the governance toolkit and scaffold your repository:
pip install morphism-systems
morphism scaffold tier 1 # or tier 2, tier 3 depending on project type
morphism audit # run the full governance pipeline
For detailed setup, see the documentation or explore the MCP tools programmatically via any compatible agent.
Morphism is developed by Morphism Systems. For questions or enterprise inquiries, visit morphism.systems.