Layer 1 · NOW
LUIPM
Kernel
The core permit-management substrate. Classifies proposed actions, resolves predicate sets, and computes Γ. The central enforcement point.
EXECUTION AUTHORITY INFRASTRUCTURE
Intelligence may propose. Execution must be authorized.
Lakhowal inserts a deterministic Gamma Permit boundary between what an AI proposes and what an enterprise authorizes. Sub-100ms, audit-grade, deployed in Shadow Mode without changing a line of model code.
LAKHOWAL
LAS
Stability Layer
LUIPM
Kernel
RCC
Context Layer
LFC
Federation
THE GAMMA STACK
A proposed action enters. A Gamma Permit exits — or doesn't.
Layer 2 · NOW
LAS
Stability
Consistency and integrity under load. Monitors Integrity-Flux (I_φ) drift and maintains coherence under adversarial conditions.
Layer 3 · NOW
LFC
Federation
Coordinates distributed agents and environments. Maintains permit validity across sovereign boundaries with attested concurrence.
Layer 4 · NOW
RCC
Context
Manages contextual state, currency, and drift signals. Feeds the Internal Coherence Score (ICS) for every evaluation cycle.
HOW IT WORKS
A deterministic boundary between AI proposal and enterprise action.
A proposed action descends through four layers. The Execution Gateway opens only when Γ = 0.
Deterministic. Audit-grade.
Sub-100ms.
A proposed action enters at LUIPM, descends through predicate checks, and either receives a Gamma Permit or enters SAFE_STATE. Every decision produces a signed ERTuple committed to the Hydra Ledger. No exceptions.
Read the Gamma SpecContext
Is state current?
RCC
Stability
Is reasoning stable?
LAS
Federation
Do all parties concur?
LFC
Permit
Γ = 0?
LUIPM
THE BOUNDARY HOLDS
Sub-100ms
Enforcement Overhead
3
Invariants. Zero Exceptions.
Audit-Grade
Evidence on Every Decision
Shadow Mode
Zero Production Disruption
THE CATEGORY
One Boundary. Five Layers.
Lakhowal is to autonomous AI what identity infrastructure is to access, network protection is to traffic, and payment infrastructure is to money — a foundational layer that every regulated enterprise will eventually require. The problem is not AI governance. The problem is execution authority.
Your AI policies say what should happen. Your dashboards show what may have happened. Your logs record what already happened. Lakhowal controls what is allowed to happen.
LUIPM — Kernel
LAS — Stability
LFC — Federation
RCC — Context
Each layer is independently deployable. Combined deployment is the full Gamma Stack.
THE GAMMA STACK
Deterministic execution authority, in five layers.
| Layer | Name | Budget | Function | Description | Status |
|---|---|---|---|---|---|
| 1 | LUIPM | 5 ms | Kernel — the core permit-management substrate | Receives proposed actions, classifies them, resolves predicate sets, and computes Γ. The central enforcement point. | NOW |
| 2 | LAS | 40 ms | Stability — consistency and integrity under load | Runs predicates in parallel, monitors Integrity-Flux (I_φ) drift, maintains coherence under load and adversarial conditions. | NOW |
| 3 | LFC | 10 ms | Federation — coordinates distributed agents and environments | Maintains permit validity across distributed agents, environments, and sovereign boundaries. Attested concurrence. | NOW |
| 4 | RCC | 25 ms | Context — manages contextual state, currency, drift signals | Tracks context currency, telemetry freshness, inter-predicate consistency. Feeds the ICS (Internal Coherence Score). | NOW |
| 5 | Reverse Law | 8 ms | Evidence — produces the immutable hash-linked record | Constructs and commits the ERTuple to the Hydra Ledger hash chain. TEE-backed signing. Proof-Before-Action enforced here. | NOW |
NON-COMPENSATORY · PROOF-BEFORE-ACTION · CAUSAL INDEPENDENCE
The Three Invariants
Swipe horizontally to view all columns.
| Invariant | Rule | Layer | What It Means |
|---|---|---|---|
| Non-Compensatory | Γ = 0 is the only state that permits actuation. Any Γ > 0 forces SAFE_STATE. | LUIPM | No passing predicate compensates for one failure. No human override unlocks the gateway. |
| Proof-Before-Action | The ERTuple must commit to the Hydra Ledger before the Gamma Permit token is released. | Reverse Law | If the ledger commit fails for any reason, the system enters SAFE_STATE — even if every predicate passed. |
| 100ms Latency Budget | Total enforcement overhead does not exceed 100ms. p99 ≤ 100ms; p99.9 ≤ 150ms. | All Layers | Sub-100ms enforcement with 10ms headroom. Production-grade by design. |
| Causal Independence | The AI cannot grant its own permit. Authority is external to the model. | Architecture | Memory, hardware, and software logic boundaries are physically and logically separate. |
CAUSAL INDEPENDENCE
Swipe to view each principle.
Memory Boundary — the AI's reasoning state is sandboxed away from the permit decision state.
Hardware Boundary — the signing keys for ERTuples are isolated (TEE-backed in current release).
Software Logic Boundary — the predicate evaluator and the action proposer cannot share execution context.
Authority is granted externally to the AI, never by the AI itself.
Fail-closed everywhere by default. Fail-open per action class requires explicit, audited configuration — which itself produces an ERTuple.
THE GAMMA EXECUTION SEQUENCE — ARCHITECTURE VIEW
LUIPM
Kernel
LUIPM
Enforcement
RCC
Context
LFC
Federation
Reverse Law
Evidence
A proposed action enters at LUIPM.
Evidence is committed before the permit is released.
SYSTEM DEEP-DIVE
Core Layer — LUIPM Kernel
What it is
The core permit-management substrate. A proposed action enters LUIPM, which classifies the action, resolves the predicate set, and computes Γ (sum of failed predicates). If Γ = 0, the Gamma Permit is released.
The Non-Compensatory Rule
Γ = 0 is the only state that permits actuation. Any Γ > 0 — even one failed predicate — forces SAFE_STATE. Human approval does not compensate for predicate failure.
Proof-Before-Action
The ERTuple must commit to the Hydra Ledger before the Gamma Permit token is released. If the ledger commit fails for any reason, the system enters SAFE_STATE — even if every predicate passed.
Latency Budget
Action capture and classification: 5ms. Predicate fan-out and resolution: 40ms. Γ computation: 2ms. ERTuple construction and signing: 10ms. Hydra Ledger commit: 25ms. Permit release: 8ms. Total: 90ms (10ms headroom).
Deployment
Shadow Mode — non-blocking observer, deployable in 5–10 business days. Inline Gateway — fail-closed enforcement in customer VPC. SDK-Wrapped Action — for embedded agents. Air-Gapped / Sovereign — no outbound network dependency.
Fail semantics
Fail-closed everywhere by default. Fail-open per action class requires explicit, audited configuration — which itself produces an ERTuple committed to the ledger.
“No Gamma Permit. No action. No exception.”
How Each Persona Sees It
📊 Chief Risk Officer
The Gamma Permit is the enforcement record before the call from the regulator. Every proposed AI action — approved or denied — produces a signed ERTuple committed to the Hydra Ledger. Your Ghost Transaction Log exists before you need it.
🔒 Chief Information Security Officer
LUIPM is fail-closed by default on every action class. Integrity-Flux (I_φ) monitors reasoning drift in real time. Predicate-bounded IAM scope prevents privilege creep. Prompt injection that corrupts reasoning state cannot unlock the gateway — Γ > 0 is the only outcome.
⚙️ Principal Architect
p99 enforcement overhead under 100ms. Shadow Mode deploys in 5–10 business days without touching model code. Four topologies: Shadow Mode, Inline Gateway, SDK-Wrapped Action, Air-Gapped Sovereign. SDK in Python, Go, and REST.
The Canonical 8-Step Execution Sequence
1
Steps 1–4: AI agent proposes action → Gamma Interceptor classifies and resolves predicate set → predicates evaluated in parallel → Γ computed (sum of failed predicates).
2
Steps 5–6: ERTuple constructed and signed → committed to Hydra Ledger hash chain. Step 6 must succeed before step 7. This is the Proof-Before-Action invariant.
3
Steps 7–8: If Γ = 0, Gamma Permit token released → downstream API call allowed at the Execution Gateway. Total elapsed time ≤ 100ms.
BOTTOM LINE
One boundary between AI proposal and enterprise action. Deterministic. Audit-grade. Sub-100ms. The Gamma Permit is either issued or it isn't. There is no third state.
THE INVARIANT
No Gamma Permit. No action. No box.
Lakhowal is Execution Authority Infrastructure for autonomous AI. The category is to autonomous AI what identity infrastructure is to access — a foundational layer that every regulated enterprise will eventually require.