Morphism Governance Kernel — The Seven Invariants

assetactive

Morphism — The Seven Invariants (Governance Kernel)

The seven invariants define the non-negotiable behavioral constraints that every Morphism subsystem must satisfy. They form the axiomatic kernel from which all policy enforcement, drift detection, and audit behavior derives.

The Invariants

  1. One Truth Per Domain (I-1): Every governance domain must have a single authoritative source of truth. No conflicting declarations across config files, code, or documentation.

  2. Drift Is Debt (I-2): Any deviation between the SSOT and implementation must be treated as technical debt. Drift is quantified via kappa metrics and surfaced immediately.

  3. Observability (I-3): All agent actions must be traceable and provable. Every transformation produces a Proof Witness that can be independently verified.

  4. Scope Binding (I-4): Agents must operate within strictly defined file and resource scopes. No out-of-scope mutations are permitted, even if the agent "knows" the right answer.

  5. Entropy Monotonicity (I-5): Every change must either maintain or reduce structural entropy. Changes that increase disorder without governance justification are refused.

  6. Refusal as Structure (I-6): The system must refuse operations that violate invariants. Refusal is a first-class governance outcome, not an error state.

  7. Minimal Authority (I-7): Components operate with the least privilege required. No subsystem accumulates permissions beyond its declared scope.

Relationship to Architecture

The invariants are enforced at every control surface:

| Surface | Enforcement | |---------|-------------| | CLI | morphism validate checks I-1 through I-7 locally | | MCP Server | Tools refuse operations violating scope binding (I-4) or entropy (I-5) | | CI Gate | Pipeline blocks merges when kappa exceeds threshold (I-2) | | Dashboard | Visualizes drift (I-2) and observability trails (I-3) |

Provenance: Extracted from Downloads/Morphism/MORPHISM_SSOT.md (last verified 2026-03-26). The seven invariants were not present in the existing db/projects/morphism.md project record or db/assets/morphism-brand.md asset.