| title | CRI-CORE — Deterministic Enforcement Kernel | ||||||
|---|---|---|---|---|---|---|---|
| filetype | documentation | ||||||
| type | repository-overview | ||||||
| domain | enforcement | ||||||
| version | 0.13.0 | ||||||
| doi | 10.5281/zenodo.19080238 | ||||||
| status | Active | ||||||
| created | 2026-02-19 | ||||||
| updated | 2026-05-03 | ||||||
| author |
|
||||||
| maintainer |
|
||||||
| license | Apache-2.0 | ||||||
| copyright |
|
||||||
| ai_assisted | partial | ||||||
| dependencies | |||||||
| anchors |
|
CRI-CORE is a deterministic enforcement engine that decides whether an action is allowed to execute.
It does not generate actions. It does not manage workflows. It does not store state.
It enforces one thing:
Whether a proposed action is admissible at the moment of execution.
All actions must pass through a single evaluation boundary:
INPUT:
* compiled_contract
* proposal
* run_context
OUTPUT:
* commit_allowed (True / False)
* stage_results (full trace of evaluation)
If commit_allowed is False, the action must not execute.
from cricore.api import evaluate_structured
result = evaluate_structured(
proposal=proposal,
compiled_contract=compiled_contract,
run_context=run_context
)
if result.commit_allowed:
execute_action()
else:
block_action()CRI-CORE evaluates proposals through a fixed pipeline:
- Structure
- Contract binding
- Independence (role separation)
- Integrity (context validation)
- Publication
- Final commit decision
Each stage produces a deterministic result.
The proposal must reference the exact contract used for evaluation.
proposal.contract.hash == compiled_contract.contract_hash
Mismatch results in a blocked decision.
The evaluation process does not modify the proposal.
All decisions are based on the caller’s original input.
Execution mode is never silently downgraded.
function argument > run_context["mode"] > "local"
Identical inputs produce identical results.
Payload generation is byte-stable across runs.
Every evaluation returns a complete stage-by-stage trace.
No hidden logic.
- advisory enforcement
- missing integrity/publication does not block
- emits warnings
- full enforcement
- all required conditions must pass
- no soft failures
CRI-CORE does not:
- execute actions
- manage identity systems
- persist logs
- provide audit guarantees
Those belong to higher layers (e.g., Waveframe Guard / Cloud).
Structured evaluation pipeline is stable.
Legacy filesystem-based execution is deprecated and retained only for reference.
Apache 2.0