Orix Engineering Laws
Orix Engineering Laws
Status: GOVERNING Version: 2.0 (Consolidated from LEL v1) Violations: CRITICAL by default
These are immutable laws that apply to all Orix systems. Violation halts work until resolved.
Normative Semantics
- MUST / SHALL = absolute requirement
- MUST NOT / FORBIDDEN = absolute prohibition
- No exceptions without formal Decision Record (DEC)
Domain 1: Determinism & State
LAW-D01: No Hidden State
All state influencing behavior MUST be explicit, observable, and traceable.
Forbidden: Hidden globals, implicit caches, environment-derived state.
LAW-D02: No Implicit Inputs
Behavior MUST be a function only of explicitly declared inputs and state.
Forbidden: Wall clock, locale, entropy, thread scheduling, nondeterministic iteration.
LAW-D03: No Non-Deterministic Order
Any ordering affecting outcomes MUST be explicitly defined and stable.
Forbidden: Hash iteration order, container order dependence, arrival-order-decides-state.
LAW-D04: No Undefined Behavior
Every reachable path MUST have defined semantics.
Forbidden: “Shouldn’t happen”, “undefined”, “implementation-defined”.
LAW-D05: No Unbounded Costs
Operations MUST have explicit, bounded worst-case costs.
Forbidden: Unbounded loops, unbounded allocations, unbounded message processing.
Domain 2: Failure & Safety
LAW-S01: No Silent Failure
Failure MUST be explicit, detectable, and attributable.
Forbidden: Silent desync, truncation, overflow, fallback, recovery changing outcomes.
LAW-S02: No Unsafe State
The system MUST NOT enter an unsafe state, even transiently.
Forbidden: “Briefly unsafe but corrected”, “unsafe under misuse”.
LAW-S03: No Data Loss Without Signal
Data loss MUST NOT occur silently.
Forbidden: Dropping state/messages without explicit signaling and trace.
LAW-S04: No Catastrophic Single Action
No single action MUST cause irreversible system harm.
Forbidden: One-step deletion/corruption without layered safeguards.
LAW-S05: No Recovery Without Semantics
Recovery MUST be defined before failure occurs.
Forbidden: Ad-hoc recovery, manual heroics, “we’ll fix it after”.
Domain 3: Memory & Resources
LAW-M01: No Unowned Memory
All memory MUST have explicit ownership and lifetime semantics.
Forbidden: Implicit shared mutable ownership, GC timing reliance.
LAW-M02: No Allocation in Hot Paths
Hot paths MUST be allocation-free.
Forbidden: Heap allocation, boxing, iterator allocations in hot execution.
LAW-M03: No Side-Effectful Observability
Instrumentation MUST NOT change system semantics.
Forbidden: Logging that allocates in hot paths, tracing that changes timing.
LAW-M04: No Unbounded Amplification
Inputs MUST NOT cause unbounded fan-out or work multiplication.
Forbidden: Small inputs causing unbounded cascading effects.
LAW-M05: No External Control Over Internal Cost
External actors MUST NOT control resource cost arbitrarily.
Forbidden: Peer-controlled loops, sizes, rates without strict bounds.
Domain 4: Contracts & Evolution
LAW-C01: No Contract Without Versioning
Externalized contracts MUST be versioned or declared immutable.
Forbidden: Silent layout changes, silent schema drift.
LAW-C02: No Breaking Change Without Boundary
Breaking changes MUST be explicit, bounded, and traceable.
Forbidden: Silent breakage, behavioral drift, “minor refactors” altering semantics.
LAW-C03: No Schema Evolution Without Migration
Evolving schemas MUST define forward/backward compatibility and migration.
Forbidden: Schema changes without upgrade/downgrade semantics.
LAW-C04: No Divergent Semantics Across Environments
Semantics MUST NOT change across environments unless declared.
Forbidden: “Only in editor”, “only in debug” behavior without contract.
LAW-C05: No Dependency Without Exit Strategy
Every dependency MUST have an exit strategy.
Forbidden: Hard lock-in without replacement or isolation plan.
Domain 5: Trust & Security
LAW-T01: No Mixed Trust
Trust boundaries MUST be explicit; untrusted inputs validated before use.
Forbidden: Using peer-provided sizes/offsets without validation.
LAW-T02: No Security Through Obscurity
Security MUST NOT rely on secrecy of implementation.
Forbidden: “Attackers won’t know”, “this is internal”.
LAW-T03: No Capability Without Misuse Model
Exposed capabilities MUST define misuse, abuse, escalation models.
Forbidden: APIs without considering denial-of-service, unintended composition.
LAW-T04: No Authority Without Accountability
Authority MUST imply accountability with traceability and revocation.
Forbidden: Granting authority without defined responsibility.
LAW-T05: No Cost Asymmetry Favoring Attackers
Cost of misuse MUST NOT be lower than cost of defense.
Forbidden: Cheap actions triggering expensive processing/recovery.
Domain 6: Verification & Evidence
LAW-V01: No Unproven Claims
Claims are false until proven with reproducible evidence.
Forbidden: Stating determinism, safety, correctness without evidence.
LAW-V02: No Guessing
When information is missing, work MUST halt and ambiguity externalized.
Forbidden: “Best effort”, “reasonable assumption”, inferred intent.
LAW-V03: No Drift
Documentation, decisions, and implementation MUST remain synchronized.
Forbidden: Docs describing aspirational behavior, undocumented code behavior.
LAW-V04: No Partial Truth
Conditional guarantees MUST have explicit conditions.
Forbidden: “Usually”, “should”, “in most cases” without bounds.
LAW-V05: No Reward Without Verification
Positive outcomes MUST NOT be rewarded unless verification satisfied.
Forbidden: Merging/shipping work that bypasses verification.
Domain 7: Agent & AI
LAW-A01: No AI-Specific Exceptions
AI systems MUST NOT receive weaker rules than humans.
Forbidden: “Because AI did it”, “AI misunderstood”.
LAW-A02: No Autonomous Authority Escalation
AI MUST NOT increase their own authority.
Forbidden: Agents modifying permissions, rules, scope without human authorization.
LAW-A03: No Self-Modification of Rules
AI MUST NOT modify laws, standards, or enforcement logic.
Forbidden: Self-editing of governance documents.
LAW-A04: No Goal Expansion
Agents MUST NOT expand or reinterpret goals.
Forbidden: “While we’re here…”, inferred intent, scope creep.
LAW-A05: No Agent-Driven Interpretation
Agents MUST apply rules mechanically, not interpretively.
Forbidden: Balancing, weighing, or reconciling rules by judgment.
Domain 8: Organization & Knowledge
LAW-O01: No Knowledge Locked in Individuals
Critical knowledge MUST NOT exist only in a person’s head.
Forbidden: “I know how this works”, “ask X”, “the author remembers”.
LAW-O02: No Single Point of Failure
System MUST NOT depend on single individual/role/agent.
Forbidden: Knowledge, authority concentrated without redundancy.
LAW-O03: No Governance by Social Convention
Governance MUST be encoded in artifacts, not norms.
Forbidden: “We usually do…”, “everyone knows…”.
LAW-O04: No Silent Erosion of Standards
Standards MUST NOT erode gradually.
Forbidden: “Small exceptions”, “just this once” without amendment.
LAW-O05: No System Requiring Heroics
System MUST NOT rely on extraordinary effort to remain correct.
Forbidden: “Be careful”, “don’t forget” as safeguards.
Domain 9: Governance & Integrity
LAW-G01: No Dual Sources of Truth
Each fact MUST have single authoritative source with explicit precedence.
Forbidden: Multiple “authoritative” docs disagreeing.
LAW-G02: No Unreviewable Changes
Changes MUST be reviewable from repository artifacts alone.
Forbidden: Requiring chat history or personal memory to understand.
LAW-G03: No Abandoned Decisions
Decisions MUST NOT be left indeterminate.
Required states: Accepted, Rejected, Deferred, Deprecated.
LAW-G04: No Progress Without Exit Criteria
Work MUST NOT proceed without clear completion criteria.
Forbidden: Open-ended tasks, vague milestones.
LAW-G05: No System That Can Destroy Its Governance
System MUST NOT erase or invalidate its own laws.
Forbidden: Paths removing traceability, standards, enforcement authority.
Violation Handling
All law violations are CRITICAL by default:
- Work halts immediately
- Violation documented with trace artifacts
- Resolution required before continuation
- No merging, shipping, or deployment
See Also
- CLAUDE.md - Single source of governance truth
- PRINCIPLES.md - Decision-shaping principles
- CERTIFICATION.md - Compliance requirements
- ENGINEERING.md - Implementation practices
Consolidated from LEL v1 (100 laws) - see docs/archive/standards-v1/LEL.md for original