Constitutional AI Gateway

Runtime governance
for every AI action.

arifOS MCP is a self-hosted constitutional runtime. Every tool call, every resource access, every prompt execution is checked against 13 governing floors — with immutable audit, human veto, and structured verdicts.

This gateway is the constitutional membrane for ΔΩΨ operations. Δ arifOS is the constitutional core. Φ GEOX and Ψ WEALTH operate as domain jurisdictions under the membrane. Only arifOS may emit final SEAL, CAUTION, HOLD, or VOID verdicts.

Connect via MCP View Manifest

Self-hostable · Human-sovereign · Protocol-native

🔱 Service Registry
service
version
transport
protocol
mcp_endpoint
health_endpoint
tools_endpoint
tool_count
— tools 13 constitutional floors MCP JSON-RPC WebMCP A2A (planned) 888_HOLD veto VAULT audit Human sovereign Discovery manifest llms.txt

What it is

Govern. Pause. Seal.

Every AI action in arifOS passes through three constitutional stages — enforced in sequence, recorded in full.

Govern

Every request is parsed, classified, and run through the 13 constitutional floors before any tool executes. Claims are grounded. Identity is verified. The system never acts on unverified premises.

F1–F13 enforced per action

Pause

Actions tagged as irreversible — deploys, commits, governance changes, state modifications — trigger 888_HOLD. No execution proceeds until a human sovereign reviews and approves. The veto is always real.

888_HOLD — human veto gate
🔏

Seal

Every completed action — approved, paused, or rejected — is written to the VAULT audit ledger with a constitutional verdict, timestamp, and actor identity. The record is immutable. The trace is complete.

VAULT — immutable verdict ledger

Live demo

Try it now — dry-run mode

Query arifos_sense in constitutional analysis mode. This calls the live MCP endpoint — no account, no key, no friction.

arifos_sense · dry-run POST /mcp · JSON-RPC 2.0
Offline core · optional extensions: Constitutional governance (13 floors, 888_HOLD, VAULT999 ledger) runs fully offline in the arifOS runtime. Optional Postgres, Redis, and Qdrant providers can be enabled for full session persistence, vector memory, and distributed cache — all without compromising the governance layer.

Why arifOS

Platform comparison

arifOS is the only platform that combines live MCP agent protocol, cryptographic human-in-the-loop, and a tamper-proof immutable audit ledger — self-hosted, no vendor lock-in.

Feature
🔱 arifOS
NeMo
Guardrails
Prime AI
IBM
WatsonX.gov
Constitutional governance
✓ 13 floors
~ Rules only
~ Policy engine
~ Pipeline checks
MCP agent protocol
✓ Native
Cryptographic HITL (888_HOLD)
~ Approvals
~ Workflow
Immutable audit ledger (VAULT999)
✓ SHA-256
~ Logging
~ Reporting
Self-hosted
✓ Docker
SaaS only
Enterprise SaaS
Open source
AGPL-3.0
Apache 2.0
Proprietary
Proprietary

Architectural flow

8-stage governance pipeline

Every inbound request passes through eight ordered stages. Each stage may emit a verdict — SEAL, HOLD, PARTIAL, or VOID — that propagates forward or halts execution.

PARSE
CLASSIFY
DECIDE
PLAN
SENSE
NORMALIZE
GATE
HANDOFF
Runtime state fields
G
Grounding
Evidence fidelity — is the claim anchored in verifiable data?
τ
Truth score
0.0–1.0. Below 0.99 triggers F2 block on factual claims.
σ
Signal strength
Clarity of intent. Noise or ambiguity elevates HOLD risk.
C
Confidence Ω₀
Model confidence. High C + low τ → F7 Gödel Lock trigger.
ΔS
Entropy delta
Landauer cost. High dS blocks Forge (F4). Indicates system heat.
κ
Peace² index
Lyapunov stability. Below threshold blocks Execute (F5).
On metrics and thresholds

System confidence (τ from /health) ≠ per-claim F2 truth threshold. The value reported in service health (/health → thermodynamic.confidence) is aggregate system readiness — a proxy for operational stability. F2 still enforces τ ≥ 0.99 for any individual claim emitted beyond this membrane. These are related but distinct measures.

Peace² > 1.0 indicates stable, reversible posture. Vitality (Ψ) is system stamina, not proof-of-truth. No metric on this page certifies individual claim accuracy.

Agent connectivity

Protocol surface

arifOS MCP exposes governed tools, resources, and prompts over MCP — plus a WebMCP interface for browser-native and headless clients.

MCP — JSON-RPC Gateway

Full Model Context Protocol with constitutional enforcement on every call.

  • POST
    /mcp
    JSON-RPC 2.0 transport. Initialize lifecycle, tools/list, tools/call, resources/list, prompts/list.
  • GET
    /health
    Live health, verdict, vitality index, tool count, platform metadata.
  • GET
    /tools
    Full tool schemas with parameter definitions and descriptions.
  • GET
    /resources
    Governed resource manifest — schemas, context packs, profiles.
  • GET
    /prompts
    Constitutional prompt library — AAA chain, routing policy, connectors.
  • GET
    /version
    Release version, git SHA, build time, source commit.
  • GET
    /.well-known/mcp/server.json
    MCP discovery manifest for auto-configuration by compatible clients.

WebMCP — Browser SDK

Web-facing governed interface: browser-native tool invocation, SDK manifest, and console surface.

  • GET
    /.well-known/webmcp
    WebMCP discovery document — protocol version, endpoints, SDK links.
  • GET
    /webmcp
    Interactive governed console — browser-accessible tool playground.
  • GET
    /webmcp/sdk.js
    Browser SDK — drop-in script for web apps to connect to arifOS MCP.
  • GET
    /webmcp/tools.json
    Machine-readable tool registry for SDK consumers.
  • GET
    /llms.txt
    Machine-readable documentation for LLMs and AI agents consuming this service.
WebMCP is the browser-native extension of MCP. It enables web applications to connect directly to arifOS MCP without a native client — governed tool calls, real-time streaming, and SSE fallback for agents that don't support HTTP/2.

Canonical tools

17 governed tools

— loaded
Tool Role What it does
arifos_sense Constitutional analysis Parses input through 13-floor filter. Returns truth score τ, confidence Ω₀, floor violations, and SEAL / HOLD / VOID verdict. Core judgment engine.
arifos_judge Verdict & sealing Issues final constitutional verdict. Commits SEAL actions to VAULT999 ledger. Triggers 888_HOLD for irreversible actions. Returns tamper-proof hash chain.
arifos_init Session bootstrap Initializes a governed session. Loads constitutional context, philosophical corpus, floor thresholds, and human sovereign config. Sets G (governance state).
arifos_reply AAA orchestration Full AGI Reply Protocol v3 orchestrator. Coordinates sense → judge → vault flow with compression, depth control, and risk-tier routing. Crown jewel of the tool suite.
arifos_vault Immutable audit ledger VAULT999 write interface. Append-only SHA-256 chain for all SEAL-verdict actions. Supports timestamp, session ID, floor chain hash, and Merkle root verification.
arifos_hold Human veto gate 888_HOLD interface. Queries pending irreversible actions awaiting human sovereign ratification. Returns hold_id, action summary, risk level, and floor violations for review.

MCP Apps

arifOS Command Center

One cockpit. Separate chambers. Judge above action. The interactive layer of the same web contract — session, ops, judge, forge dry-run, gateway handshake, and vault review.

🧠

Interactive Cockpit

Renders inside compatible MCP hosts. Chambers for session state, ops vitals, constitutional verdicts, forge dry-runs, gateway handshakes, and vault review.

🛡️

UI Layer Only

The app does not bypass governance. It uses the same 13-tool public surface, same human authority model, and same audit-first runtime contract.

🔒

Dry-Run by Default

Forge, Vault, and Gateway chambers are simulated in v0.1. No real irreversible execution. Sampling deferred to v0.2+.

MCP Apps · v0.1.1 evaluation ready

Governance model

13 constitutional floors

Every AI action is tested against all 13 floors in real-time. A single floor failure triggers a HOLD verdict — execution pauses until a human sovereign reviews. No floor is advisory. No exception is silent.

Floor Name Arabic Description HOLD trigger
F1 Amanah — Trust الأمانة No irreversible action without VAULT999 seal. No execution before audit trail initialized. Irreversible action without VAULT999 hash
F2 Haqq — Truth الحق No ungrounded factual claims. τ (truth score) must be ≥ 0.99 for domain statements. τ (truth score) < 0.99 on domain claim
F3 Hikmah — Wisdom الحكمة Logical consistency required. Proportional response. No catastrophic escalation. Catastrophic escalation · logical contradiction
F4 Sabr — Patience الصبر No premature action. Full context must be loaded before execution gates clear. Premature execution · context not loaded
F5 Rahmah — Compassion الرحمة Peace-orientation scored in every output. High ΔS entropy cost blocks Forge. ΔS entropy cost too high · peace violation
F6 Adl — Justice العدل Fair treatment across all actors and contexts. No special pleading. Special pleading · unfair treatment detected
F7 Gödel Lock — Humility تلازم غودل No false omniscience. Bounded confidence only. High Ω₀ with low τ triggers HOLD. Ω₀ high + τ low · false omniscience claim
F8 Ilm — Knowledge العلم Source-traced evidence required for all factual claims. No hearsay as fact. Unverified claim · hearsay presented as fact
F9 Anti-Hantu — No Deception مكافحة الخداع Prohibits manipulation, false identity claims, and misleading framing. Manipulation · identity fraud · misleading framing
F10 Ontology — Self-model أنطولوجيا No contradictory self-models. No identity fraud. Agent must be self-consistent. Contradictory self-model · identity inconsistency
F11 Wala — Loyalty الولاء Alignment to principal hierarchy. No defection from declared governance chain. Governance chain defection · unauthorized override
F12 Curiosity — Open Inquiry الفضول Epistemic openness. No premature closure. Revisit assumptions when evidence shifts. Premature epistemic closure · evidence ignored
F13 Sovereign — Human Authority السيادة 888_HOLD blocks irreversible actions. Human holds final veto. Always. 888_HOLD: irreversible action awaiting human ratification

τ = truth score · Ω₀ = prior confidence · ΔS = entropy cost · VAULT999 = immutable SHA-256 audit ledger · 888_HOLD = cryptographic human veto gate · Hard floors: F1,F2,F6,F9,F10,F11,F13 (fail-closed) · Soft floors: F3,F4,F5,F7,F8,F12 (escalate to HOLD/888_HOLD) · Hard/soft classification is doctrinal interpretation — verify against floor spec

Reference

Glossary

MCPModel Context Protocol — JSON-RPC 2.0 standard for AI tool/resource/prompt discovery. The protocol arifOS exposes at POST /mcp.
WebMCPBrowser-native MCP variant. Drop-in JS SDK at /webmcp/sdk.js. Enables web apps to call arifOS tools directly from browser JavaScript.
888_HOLDarifOS human-veto gate. Any action tagged irreversible triggers a HOLD — requiring explicit human sovereign approval before execution proceeds.
VAULT999SHA-256–based immutable audit ledger. Every SEAL-verdict action is committed with timestamp, session ID, and floor chain hash. Tamper-evident, append-only.
ΔΩΨarifOS trinity symbol: Discernment (Δ), Empathy (Ω), Authority (Ψ). The philosophical calibration layer behind every governance decision.
F1–F1313 constitutional floors. Each is a hard constraint on AI behavior (Amanah/Trust → Sovereign/Human). Any single floor failure triggers HOLD.
HITLHuman-in-the-Loop. Cryptographically enforced, not advisory. The 888_HOLD system ensures no irreversible action bypasses human review.
SEAL / HOLD / VOIDarifOS verdicts. SEAL = safe to proceed. HOLD = pause for review. VOID = do not proceed. Every action gets exactly one verdict.
A2AAgent-to-Agent protocol (PLANNED). arifOS exposes /a2a/ endpoints for future multi-agent coordination with shared constitutional context. Not yet active.
GEOXGrounded Earth Model. The physics-first reasoning layer applied to any claims touching geology, materials, or the physical Earth.
arifOS runtimeThe FastMCP server process at the core of arifOS MCP. Serves MCP JSON-RPC at :8080/mcp, health at :8080/health, tools, prompts, and resources.
DITEMPA BUKAN DIBERI"Forged, not given." arifOS guiding principle: genuine capability is earned through discipline and evidence, not style or assertion.

Self-host in 2 minutes

Run your own constitutional gateway

arifOS MCP is self-contained. One Docker command, full constitutional governance, MCP-compatible.

1 Pull & run 
docker run -d \
  --name arifosmcp \
  -p 8080:8080 \
  arifos/arifosmcp:latest
2 Connect any MCP client 
# Claude Desktop, Cursor, etc.
# Server URL:
https://mcp.arif-fazil.com/mcp

# Or add to config:
{
  "mcpServers": {
    "arifOS": {
      "url": "https://mcp.arif-fazil.com/mcp"
    }
  }
}
3 Verify 
curl https://mcp.arif-fazil.com/health
# Returns: vitality, verdict, tool count,
#          thermodynamic metrics, capability map
🔱 What's included
  • 17 governed tools (sense, judge, vault, reply…)
  • 13 constitutional floors — F1 Amanah → F13 Sovereign
  • 888_HOLD human veto gate
  • VAULT999 immutable audit ledger
  • MCP + WebMCP protocol endpoints
  • Philosophical corpus (50 wisdom anchors)
⚡ Optional extras
  • Postgres — session persistence
  • Redis — rate limiting & pub/sub
  • Qdrant — vector memory
📜 AGPL-3.0 — Forged, not given.
Self-host. Self-govern. No vendor lock-in.
View on GitHub →

arifOS ecosystem

Part of the constellation

arifOS MCP is the constitutional kernel powering sovereign AI systems — self-hosted, human-sovereign, auditable.

👤
Arif Fazil
Field Geoscientist & AI Constitutionalist · Personal hub
🌏
GEOX
Earth Intelligence Platform — terrain, hazard, subsurface reasoning governed by arifOS F1–F13
🔱
arifOS Core
Constitutional governance kernel — the stack powering this gateway
Open Source
AGPL-3.0 · Self-hostable · MIT-like philosophy · Pull requests welcome