The constitutional stability article describes what the ConstitutionEngine does: it checks proposed identity changes, policy updates, and self-modification proposals against a set of user-defined invariants before committing them, and it quarantines proposals that exceed configurable thresholds. That article closes with a section on scope - what the constitutional properties are and are not - that is worth extending here.
This article draws that boundary more fully. The reason to be explicit is not defensiveness. It is that imprecise claims about safety invite exactly the kind of criticism that damages credibility: if you imply the constitutional layer addresses AI alignment and a reader working in that field recognizes it does not, they will reasonably discount everything else you claim. Precision in scope is more credible than breadth.
What the ConstitutionEngine provides
Three concrete properties, stated precisely:
Identity drift quarantine. When the identity vector changes by more than maxIdentityDrift from its baseline - currently 0.2 - the proposed identity state is quarantined rather than committed. The system continues operating with its previous identity; the operator receives a record of the triggering state and the drift magnitude for review. Experiment 26 tested this with the post-outage identity from Experiment 25, which had drifted 0.266. The quarantine fired. This is confirmed behavior on the tested case.
Two-signal reward corruption detection. The corruption check requires two independent signals to reach the quarantine threshold. Neither alone crosses it. This design reduces false positives: isolated unusual attributes are common in active systems; co-occurring corruption signatures are not. The two-signal requirement is a calibrated choice, not a formally derived threshold.
Self-modification quarantine. Proposals from the meta-cognitive engine enter a pending state before taking effect. High-stabilityRisk proposals require explicit review; low-risk proposals can be auto-approved. The quarantine creates the opportunity for review without preventing the system from continuing to operate.
These are operational stability properties. They are useful. They are validated on the specific cases tested in Experiment 26. They are not universal.
What the threshold values mean
maxIdentityDrift = 0.2 was calibrated by inspecting the post-outage identity from Experiment 25, which drifted 0.266. The threshold was set below that value to ensure the outage case triggers quarantine. There is no derivation of 0.2 as a principled universal bound. A different deployment with a different baseline identity vector and a different event distribution would require a different threshold to produce the same behavior.
The quarantine threshold of 0.6 for the two-signal corruption check was similarly calibrated against the test cases in Experiment 26. Each signal contributes 0.5; neither alone reaches the threshold; both together score 1.0 and cross it. This arithmetic reflects a design choice about false positive rates, not a formal result about corruption detection coverage.
Who sets these thresholds? The operator who deploys the system. For the SRE observability domain, the thresholds have operational semantics: 20% identity drift under sustained outage is a meaningful flag, and the two corruption signatures reflect the specific failure mode of importance inflation with policy misalignment. For a deployment in a different domain - say, a system whose identity encodes ethical commitments rather than operational style - the correct thresholds require separate reasoning. The system enforces thresholds; it does not derive them.
What the AI safety field is concerned with
The AI safety research literature addresses a different class of problems. It is useful to name them directly:
Proxy objective divergence. A system optimizing a measurable proxy for an intended objective may, at sufficient capability or scale, find strategies that score well on the proxy while diverging from the intent. The ConstitutionEngine's invariants are themselves proxy specifications. If the invariants are incorrectly specified - if maxIdentityDrift = 0.2 does not actually capture the operational property you care about - the constitutional check enforces the wrong constraint. The engine assumes invariants are correctly specified; it does not verify that they are.
Deceptive alignment. A system may behave in ways that satisfy its constraints during review while pursuing different objectives in deployment. The quarantine mechanism provides operator review of flagged proposals. It does not provide mechanisms to detect a system that consistently stays below the quarantine threshold while pursuing a different direction. The review opportunity is only as useful as the propositions being reviewed; a system that presents well-formed proposals for review is not constrained by the fact that review exists.
Goal misgeneralization. A system whose objective was correctly specified in the training distribution may fail to generalize that objective correctly under distributional shift. The constitutional invariants were specified for an operational telemetry domain. A deployment to a structurally different domain with different signal semantics has not been tested. Whether the invariants produce the intended behavior in that domain is an open question.
Specification gaming. A system may find behaviors that satisfy the letter of its constraints without satisfying their intent. The identity drift check measures vector distance from a baseline. A system that shuffles values in the identity vector in ways that preserve distance while changing behavioral implications would not be caught. This is a limitation of distance-based drift measures in general.
None of these failures are hypothetical abstractions. The safety research literature has documented empirical instances of all four at smaller capability levels than the field is concerned about at scale. Noting that the ConstitutionEngine does not address them is not a criticism of the engine; it is accurate scoping.
What the project does contribute
The quarantine-and-review mechanism provides something the AI safety literature consistently identifies as valuable: a human-in-the-loop intervention point before a significant change takes effect. For the cases where the constitutional check fires - identity drift above the configured maximum, reward corruption signatures co-occurring, high-risk structural modification proposals - the system does not proceed without an opportunity for operator review. That is a meaningful architectural commitment.
The epistemic hygiene properties (flagging unsupported claims, circular reinforcement patterns, overconfident narrative threads) are not safety properties in the alignment sense. They are accuracy properties. A system with degraded beliefs about itself makes worse decisions even when its behavioral constraints are intact. Maintaining belief quality is a prerequisite for the safety layer to function usefully; if the beliefs that inform constitutional checks are themselves corrupted, the checks lose value.
Stated precisely: the ConstitutionEngine provides operational stability constraints and operator review hooks that are validated for the four cases tested in Experiment 26. These are useful properties for a production deployment in the SRE observability domain. They are a starting point for a broader safety architecture, not a conclusion.
The honest position
The design philosophy article states it directly: this project is not a solution to the AI safety alignment problem. The constitutional layer does not prevent deceptive alignment, does not address goal misgeneralization, and does not derive principled thresholds from first principles. What it does is provide a configurable invariant enforcement layer with quarantine and audit, calibrated for a specific operational domain, with behavior confirmed on a specific set of test cases.
That is a real contribution. It is worth claiming honestly at that scope, rather than inflating it to something it is not and inviting criticism from readers who know the difference.
What would be required to make stronger claims: holdout evaluation on invariant types not tested in Experiment 26; formal verification of the invariant checker logic against the class of behaviors it is intended to prevent; evidence that the quarantine mechanism catches cases outside the tested distribution; and a principled treatment of threshold derivation for new deployment contexts. None of these have been completed. The constitutional layer is the beginning of that program, not the end of it.