mosaicstack/stack
1
0
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Projects Releases 14 Wiki Activity
Files
c70b217a5c06c0510c073c56097512f0e09931fc
stack/docs/design/framework-constitution/debate/position-aiml.md
Jason Woltje c70b217a5c
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Details
docs(design): mosaic framework constitution — expert conference output 
Conference of 7 experts (architect/moonshot/contrarian/coder/aiml/devex/steward)
debated layering, sanitization, upgrade-safety, cross-harness robustness.
Artifacts: BRIEF, 7 positions, 7 rebuttals, synthesis-v1, 3 red-team passes,
canonical DESIGN.md, OPEN-QUESTIONS.md, MISSION.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 23:47:49 -05:00

209 lines
24 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Position Paper — The Prompt-Systems Lens on the Mosaic Constitution
**Author lens:** AI/ML Prompt-Systems Expert (how LLMs actually consume system prompts and context; what placement, length, and structure help vs. hurt instruction-following across models and harnesses).
**Scope:** Opinionated answers to DQ1DQ5 from `BRIEF.md`, grounded in the real files under `packages/mosaic/framework/`. I cite file paths and propose concrete structures, not principles in the abstract.
---
## TL;DR for the conference
The Constitution debate has been framed as an *ownership/governance* problem (who owns what, who can edit what, how do upgrades not clobber). That framing is correct but incomplete. From a prompt-systems view there is a second, equally hard problem hiding inside it: **the always-resident context that Mosaic injects today is already past the size and redundancy threshold where instruction-following measurably degrades, and the proposed Constitution layer will make it worse unless we treat resident-token budget as a first-class, enforced constraint.**
Concretely: `defaults/AGENTS.md` (155 lines, ~13 numbered "hard gates" + ~16 "non-negotiable rules" + 4 more rule blocks) is injected verbatim into *every* session, then `SOUL.md`, `USER.md`, the TOOLS index, and a runtime contract are stacked on top — before the agent has read a single project file. That is the worst possible place to be adding a third governance document. My recommendations below are designed to add the Constitution *layer* (which I support) while **shrinking** total resident tokens, not growing them.
---
## How LLMs actually consume this context (the physics we're designing against)
Five empirical behaviors drive every recommendation in this paper:
1. **Primacy + recency, U-shaped attention.** Instructions at the very top and very bottom of the resident context are followed most reliably; the middle is the "lost in the middle" zone. A 155-line gate document placed in the middle of a 5-file stack loses enforcement power on its *middle* rules regardless of how many times they say "MANDATORY."
2. **Instruction density decay.** Past a few dozen imperative rules, marginal rules don't just fail to help — they *dilute* the salience of the rules that matter. The model cannot tell rule #7 of 33 from rule #28; "HARD GATE" loses meaning when 30 things are hard gates. `defaults/AGENTS.md` currently has at least four parallel "these are the critical ones" sections (`CRITICAL HARD GATES`, `Non-Negotiable Operating Rules`, `Other Hard Rules`, plus the per-section "Hard Rule" tags). This is salience inflation.
3. **Contradiction is silently lossy.** When two resident sources conflict, models do not reliably pick the "higher precedence" one — they pick the *nearer*, the *more recent*, or the *more specific-sounding* one, unpredictably. So precedence cannot be enforced by prose ("global rules win"); it must be enforced by **not shipping the contradiction into the same context window**. Today `defaults/AGENTS.md` line 37 and `templates/agent/AGENTS.md.template` line 12 both state the ci-queue-wait rule but with **different paths** (`tools/git/` vs `rails/git/`) — a live contradiction that ships to the model.
4. **Repetition has a budget too.** A small amount of deliberate repetition at top-and-bottom *helps* (it's how you beat lost-in-the-middle). But Mosaic over-repeats: the mode-declaration protocol appears in `defaults/AGENTS.md`, `guides/E2E-DELIVERY.md`, `guides/ORCHESTRATOR.md`, and all four `runtime/*/RUNTIME.md`. That's not reinforcement, it's five maintenance sites and five drift opportunities, and it spends recency budget on a low-stakes rule.
5. **Structure is a parsing aid, but only if it's consistent.** Models parse Markdown headings, numbered lists, and tables as structure. The framework already does this well (the Conditional Guide Loading table in `defaults/AGENTS.md` is excellent prompt design). The failure mode is *inconsistent* structure — e.g., "Hard Rule" sometimes a heading, sometimes a parenthetical, sometimes a bare bullet — which forces the model to infer importance instead of reading it.
These five points are the throughline. Now the design questions.
---
## DQ1 — Layering: yes to a Constitution, but layer by *token-lifecycle*, not just by ownership
I support introducing an explicit Constitution layer distinct from SOUL (persona) and USER (operator). But the layering axis that matters for instruction-following is **"how often does the model need this, and is it negotiable?"** — not just "who owns it." I propose the canonical layers be defined along *both* axes simultaneously, because the residency decision (what's always in context) is where models live or die.
### Proposed canonical layers
| Layer | Owner | Residency | Negotiable? | Content |
|---|---|---|---|---|
| **L0 — Constitution** | Framework | **Always resident, ~40 lines hard cap** | No (immutable law) | The irreducible gates: completion-defined-at-merge, PR-review-before-merge, green-CI, no-forced-merge, no-hardcoded-secrets, escalation triggers, block-vs-done. The "if you violate one thing, violate nothing" set. |
| **L1 — Contract** | Framework | On-demand (guide-loaded) | No, but elaborative | The *procedures* that implement L0: the E2E execution cycle, testing matrix, orchestrator protocol, documentation gate. Today's `defaults/AGENTS.md` bulk + `guides/*`. |
| **L2 — SOUL (persona)** | Framework default, user-overridable | Always resident, ~25 lines | Soft (style, not law) | Agent name, tone, communication style, behavioral principles. |
| **L3 — USER (operator)** | User | Always resident, ~25 lines | Soft (preferences) | Name, timezone, accessibility, comms prefs, project table. |
| **L4 — Runtime adapter** | Framework | Always resident, ~15 lines | No (mechanism only) | Harness-specific *mechanism* (subagent syntax, hook config), never policy. |
| **L5 — Project** | User/repo | Loaded when in a repo | No (inherits L0) | `<repo>/AGENTS.md`. |
The key move: **L0 is a new, tiny, surgically-extracted document — not a rename of the current `AGENTS.md`.** Today `defaults/AGENTS.md` conflates L0 and L1 (it even admits this: line 6 "It carries only what must be resident" — but then carries 155 lines). The Constitution is the ~40-line subset that is *truly* non-negotiable and *truly* needs to be resident to prevent a gate violation. Everything else is L1 and moves behind conditional loading.
### Precedence order (and how to actually enforce it)
Declared precedence, highest to lowest:
```
L0 Constitution > L4 Runtime mechanism > L1 Contract > L5 Project > L2 SOUL > L3 USER
```
Rationale from the lens: **law > mechanism > procedure > project > persona > preference**. SOUL/USER are *below* the contract on purpose — a user's "be terse" preference must never be readable as license to skip a gate. The current `SOUL.md` line 32 ("USER.md formatting preferences override any generic Anthropic minimal-formatting guidance") is the *correct* shape of an override (narrow, scoped to formatting) and should be the template for how L2/L3 are allowed to win: **only over style, never over law.**
But precedence prose is unreliable (behavior #3 above). Enforce it three structural ways instead:
1. **Physical placement encodes precedence.** Put L0 at the very top of the injected blob AND restate the 5-bullet gate summary at the very bottom (the "recency anchor"). This is the one place I endorse deliberate repetition. SOUL/USER go in the *middle* — the lowest-attention zone — which is exactly right because they're the lowest-precedence, softest layers.
2. **One contradiction-free source per fact.** A rule lives in exactly one layer. If L0 owns "completion = merged PR + green CI," then L1/L5/templates *reference* it, they do not restate it with their own wording. This kills the `tools/` vs `rails/` path drift class of bug.
3. **A precedence preamble of one sentence**, not a section: "If anything below conflicts with the Constitution, the Constitution wins; report the conflict." One sentence at the L0 boundary outperforms a precedence subsection because it's short enough to survive attention.
---
## DQ2 — Sanitization: template-then-init, with *generic-but-real* defaults, and a hard PII tripwire
The brief offers three options (generic-defaults / empty-defaults+examples / template-then-init). From the lens, the deciding factor is **cold-start instruction quality**: an agent given an empty or placeholder-laden persona produces worse, more generic work because it has no concrete stance to reason from. So:
**Recommendation: template-then-init, but ship defaults that are concrete and immediately usable — never `{{PLACEHOLDER}}` tokens left in resident context.**
The current state is split-brained and should be fixed:
- `defaults/SOUL.md` is *contaminated* — hardcoded "Jarvis" (line 9) and "PDA-friendly" (line 23). This is the bug the brief names.
- `defaults/USER.md` is *correct* — it's a clean, generic, self-describing default ("(not configured)", line 11; "Run `mosaic init`", line 6). This is the model to follow.
- `templates/SOUL.md.template` is *correct* — clean `{{AGENT_NAME}}` tokens.
So the fix for SOUL is mechanical and already half-done: **`defaults/SOUL.md` should become a sanitized generic default like `defaults/USER.md` already is** — agent name "Assistant," generic role, no PDA, no Jarvis — and the *real* personalization is generated by `mosaic-init` from `templates/SOUL.md.template` (which the installer already does: `install.sh` lines 233240 deliberately exclude SOUL/USER from seeding and let `mosaic init` generate them).
**Critical prompt-systems caveat on placeholders:** a half-rendered template is *worse than no file* for an LLM. If `mosaic init` ever fails mid-render and leaves `You are **{{AGENT_NAME}}**` in `~/.config/mosaic/SOUL.md`, the model will literally adopt "{{AGENT_NAME}}" as a name or, worse, treat the unrendered braces as an instruction artifact and behave erratically. Mitigations:
1. **`mosaic-doctor` must hard-fail on any `{{...}}` or `${...}` token in a resident file** (`SOUL.md`, `USER.md`, `AGENTS.md`, `TOOLS.md`, the Constitution). This is a one-line regex gate and it closes the entire half-rendered-template failure class. Today `tools/_scripts/mosaic-doctor` is advisory; for resident files this specific check should be non-advisory.
2. **Default-render fallback:** `mosaic-init` already has sane defaults (`mosaic-init` line 277 defaults AGENT_NAME to "Assistant"). Guarantee that *every* token has a non-empty default so a non-interactive or interrupted run never emits a placeholder.
**PII tripwire (the sanitization gate the brief actually needs):** add a CI check in the framework package that greps the *shipped* tree (`defaults/`, `guides/`, `templates/`, `runtime/`, `adapters/`) for an operator denylist (`jarvis`, `jason`, `woltje`, `PDA`, home-dir usernames, emails). The brief says 29 files are contaminated; a 15-line CI grep makes that un-reintroducible. This belongs in the alpha's DoD. Note `defaults/AUDIT-2026-02-17-framework-consistency.md` lines 124128 explicitly preserve a `jarvis-loop.json` reference "by design" — that decision should be revisited; a public package should carry *zero* operator tokens, and a profile preset can be renamed generically without loss.
---
## DQ3 — Customization & upgrade safety: separate files by mutability, never co-mingle owned and generated lines
The upgrade-safety problem and the instruction-following problem have the **same root cause and the same fix**: *never put framework-owned text and user-owned text in the same file.* When they co-mingle, you get both (a) clobber-on-upgrade and (b) the model unable to tell law from preference.
The installer already implements the right primitive — `install.sh` line 24 `PRESERVE_PATHS=("AGENTS.md" "SOUL.md" "USER.md" "TOOLS.md" "STANDARDS.md" "memory" ...)` with `rsync --delete --exclude` of preserved paths (lines 116124). The problem is the *granularity*: `AGENTS.md` is in PRESERVE_PATHS, which means **once a user edits the contract, they stop receiving framework gate updates forever** — silent drift, the exact failure the brief calls out. That's a direct consequence of L0 and L5 living in one file.
### Concrete file layout that fixes both problems
Deploy to `~/.config/mosaic/` as **separately-owned files with a clear naming convention**:
```
~/.config/mosaic/
CONSTITUTION.md ← L0. Framework-owned. ALWAYS overwritten on upgrade. Never in PRESERVE_PATHS. ~40 lines.
AGENTS.md ← L1 index + load order. Framework-owned, overwritten on upgrade.
SOUL.md ← L2. Generated once from template. Preserved. User-owned.
USER.md ← L3. Generated once. Preserved. User-owned.
SOUL.local.md ← optional L2 overlay. Always preserved. (see below)
USER.local.md ← optional L3 overlay. Always preserved.
.framework-version ← schema version (already exists, install.sh line 65)
```
**The `.local.md` overlay pattern is the upgrade-safety keystone.** Instead of letting users edit framework files (which forces them out of the update stream), give them a dedicated, never-touched overlay file per layer:
- Framework owns and freely upgrades `CONSTITUTION.md`, `AGENTS.md`, the base `SOUL.md`/`USER.md` *shape*.
- User customization that must survive *and* must not block upgrades goes in `*.local.md`, which is `PRESERVE_PATHS`-protected and **loaded last within its layer** (so it wins on style per the precedence rules, but is structurally incapable of overriding L0 because L0 is injected before it and re-anchored after it).
This gives the brief's requirement — "customize and still receive framework updates" — with a mechanism the model can also reason about: *base = framework law/shape; `.local` = my deltas.* It mirrors the `settings.json` / `settings.local.json` split the Claude runtime already uses (`runtime/claude/RUNTIME.md` line 47).
### Migration path (alpha-safe)
The installer already has a versioned migration framework (`install.sh` lines 160202, `FRAMEWORK_VERSION=2`). Add a **v2→v3 migration** that:
1. Detects a user-edited `AGENTS.md` (diff against the shipped v2 default).
2. Extracts their non-framework additions into `AGENTS.local.md` (or flags them for manual review if ambiguous).
3. Installs the new `CONSTITUTION.md` + slimmed `AGENTS.md`, removes `AGENTS.md` from PRESERVE_PATHS going forward.
4. Writes a one-screen `UPGRADE-NOTES` so the change is visible, not silent.
This is backward-compatible per the brief's constraint and uses machinery that already exists.
---
## DQ4 — Cross-harness robustness: one canonical L0 text, injected by adapters, never paraphrased
The harnesses inject differently — and the README table (`defaults/README.md` lines 127135) already documents this honestly: `mosaic pi` and `mosaic claude` use `--append-system-prompt`; `codex`/`opencode` write to an instructions file; direct launches use a thin pointer that tells the agent to *read* `AGENTS.md`. Two distinct delivery channels — **injected-as-system-prompt** vs **read-as-a-file** — and they are not equivalent for instruction-following.
### The robustness rule from the lens: L0 must be injected as system-prompt text on *every* harness, identically, byte-for-byte.
Why byte-for-byte matters: if Claude gets the Constitution via `--append-system-prompt` but Codex gets a pointer saying "read `~/.config/mosaic/AGENTS.md`," the two agents have **different effective system prompts** — one has the law resident at primacy position, the other has a *deferred instruction to maybe go read the law*, which a model under task pressure will skip. The current thin-pointer pattern (`runtime/claude/CLAUDE.md` lines 310: "BEFORE responding... READ ~/.config/mosaic/AGENTS.md... Do NOT respond until both files are loaded") is asking the model to self-enforce a read. Models comply with this *most* of the time, but "most" is not a gate.
**Concrete adapter strategy:**
1. **Single source of truth:** `CONSTITUTION.md` (L0) is the one file. No harness restates its content; adapters only *transport* it.
2. **Composition at launch, not duplication at rest:** the launcher composes `CONSTITUTION.md` + `AGENTS.md`(L1 index) + `SOUL/USER` + the *adapter's own ~15-line mechanism note* into the system-prompt injection. The four `runtime/*/RUNTIME.md` files shrink to **mechanism only** (subagent syntax, hook config, MCP registration) — they currently re-litigate policy (every one of them restates "git wrappers first," "mode declaration," "runtime caution doesn't override gates" — e.g. `runtime/codex/RUNTIME.md` lines 1417, `runtime/pi/RUNTIME.md` lines 1316, `runtime/opencode/RUNTIME.md` lines 1317). That policy is L0/L1; delete it from the runtime files and let composition supply it once.
3. **For direct (non-`mosaic`) launches** where injection isn't available, the thin pointer is the only option — but make the pointer carry the *5-bullet gate summary inline* so even a model that skips the read still has the irreducible law resident. A pointer that says "read the law" is weaker than a pointer that says "here are the 5 gates; full procedures in `AGENTS.md`."
4. **Pi is the canary for over-trust.** `runtime/pi/RUNTIME.md` line 20 ("Pi operates without permission restrictions... trusts the operator") means Pi has *no mechanical backstop* for the gates — so for Pi specifically, L0 resident-text fidelity is the *only* enforcement. That's an argument for keeping L0 tiny and high-salience, not large.
Net: the cross-harness contract is "**L0 text is identical and system-prompt-resident everywhere; adapters differ only in transport mechanism and the ~15 lines of harness-native syntax.**" That's both more robust *and* less to maintain than today's four-way policy duplication.
---
## DQ5 — Minimalism vs completeness: a resident-token budget, enforced, with on-demand depth
This is the question I feel most strongly about, because it's where the current design is actively hurting model performance.
### The diagnosis
The always-resident stack today, before any project file, is roughly:
- `defaults/AGENTS.md` — 155 lines, ~33 distinct imperative rules across 4 "importance" framings.
- `SOUL.md` — ~53 lines.
- `USER.md` — ~38 lines.
- TOOLS index + a `runtime/*/RUNTIME.md` — ~6080 lines.
Call it ~300+ lines / ~34K tokens of dense, imperative, partially-redundant, partially-contradictory law resident in *every* session including "list the files in this dir." Per behaviors #2 and #4, this is past the point of diminishing returns and into the point of *negative* returns: the agent cannot weight 33 co-equal "hard" rules, and the genuinely critical ones (don't fake completion, don't force-merge, don't hardcode secrets) lose salience to the merely procedural ones (milestone versioning starts at 0.0.1).
### The fix: a two-tier model with an enforced budget
**Tier 1 — Resident (the Constitution + thin index): hard cap ~120 lines / ~1.2K tokens total across L0+L2+L3+L4+the AGENTS index.** Everything in Tier 1 earns its place by answering "would omitting this cause a *gate violation* in the first 3 tool calls?" If not, it's Tier 2.
**Tier 2 — On-demand (the Contract + guides): unbounded, loaded by the Conditional Guide Loading table.** The framework *already has this mechanism* and it's the best-designed part of the system: `defaults/AGENTS.md` lines 89110 plus the load-order at lines 922. The fix is to **move bulk out of Tier 1 into Tier 2 aggressively** — specifically:
- The 16 "Non-Negotiable Operating Rules" (`defaults/AGENTS.md` lines 4155) are mostly *pointers to guides already* ("full detail in `guides/E2E-DELIVERY.md`"). Collapse them to a 5-line "you are bound by the E2E contract; load it before implementing" and let E2E-DELIVERY carry the detail. The detail is already duplicated there.
- Subagent model-selection (lines 111121), Superpowers enforcement (123139), and the mode-declaration protocol are Tier-2 candidates — they matter at *specific decision points*, not on every turn. Trigger them via the conditional table.
- Keep in Tier 1 only: the CRITICAL HARD GATES reduced to the ~7 that are truly irreducible, block-vs-done, the escalation triggers, and the load-order/conditional-table index.
**Enforce the budget mechanically.** Add to `mosaic-doctor` (and to framework CI) a **resident-line-count assertion**: if `CONSTITUTION.md` + the AGENTS index exceeds the cap, fail. A budget that isn't enforced will be eroded one "just one more critical rule" at a time — which is exactly how `AGENTS.md` reached 155 lines. The cap is the forcing function that keeps the Constitution legible to the model.
### On "robust but not contradictory"
Minimalism *is* the contradiction fix. Every line you don't ship is a line that can't drift from its duplicate. The current `tools/` vs `rails/` path split (`defaults/AGENTS.md` line 30/37 vs `templates/agent/AGENTS.md.template` lines 5/12/13) exists *because* the same rule is written in multiple resident-ish places. One canonical line, referenced not restated, cannot contradict itself. (Note: that path drift — `rails/` in the template — also appears to be a **stale path bug** worth fixing regardless of this redesign; the live framework uses `tools/git/`.)
---
## What I would change, concretely (file-by-file)
1. **Create `defaults/CONSTITUTION.md`** (~40 lines, L0). Extract from `defaults/AGENTS.md`: the irreducible hard gates (completion-at-merge, PR-review, green-CI, no-force-merge, queue-guard, wrappers-first, block-vs-done), the 5 escalation triggers, and the one-sentence precedence preamble. Top-of-injection + bottom-anchor placement.
2. **Slim `defaults/AGENTS.md`** to an *index + load-order + Conditional Guide Loading table* (~60 lines). It stops being the law; it becomes the table of contents that triggers Tier-2 loads. Remove it from `install.sh` `PRESERVE_PATHS` so gate updates flow on upgrade.
3. **Sanitize `defaults/SOUL.md`**: replace "Jarvis" (line 9) and "PDA-friendly" (line 23) with generic defaults, matching the already-clean `defaults/USER.md` pattern. Real persona comes from `templates/SOUL.md.template` via `mosaic-init`.
4. **Strip policy from `runtime/{claude,codex,pi,opencode}/RUNTIME.md`**: delete the restated "wrappers first / mode declaration / caution-doesn't-override-gates" blocks; keep only harness-native *mechanism* (subagent syntax, hooks, MCP registration). Policy is supplied once by composition.
5. **Add `*.local.md` overlay support** to `mosaic-init` and `install.sh` PRESERVE_PATHS for `SOUL.local.md` / `USER.local.md` (and an `AGENTS.local.md` migration target). Loaded last-within-layer; structurally below L0.
6. **Harden `mosaic-doctor`** with two non-advisory checks for resident files: (a) zero unrendered `{{...}}`/`${...}` tokens; (b) resident-line-count budget assertion.
7. **Add a framework-CI PII grep** over `defaults/`, `guides/`, `templates/`, `runtime/`, `adapters/` against an operator denylist; revisit the intentionally-preserved `jarvis-loop.json` reference in `defaults/AUDIT-2026-02-17-framework-consistency.md` (rename generically).
8. **Fix the `rails/` vs `tools/` path drift** in `templates/agent/AGENTS.md.template` (lines 5, 12, 13, 91 etc.) as a correctness bug, and make the template *reference* the Constitution rather than restate gates.
---
## Biggest risk I see
**Adding the Constitution layer without enforcing the resident-token budget will make instruction-following worse, not better.** A new top-level "CONSTITUTION.md" is psychologically tempting to fill — it will accrete every rule someone considers important, and within two releases it will be the new 155-line `AGENTS.md`, now stacked *on top of* the old one we failed to fully drain. The governance win (clean ownership) would come at a real prompt-quality loss (more dense resident law → lower per-rule adherence → more gate violations, the very thing the gates exist to prevent). The mechanical line-count budget in `mosaic-doctor`/CI is not a nice-to-have; it is the load-bearing control that makes the whole re-architecture a net positive for how the model actually behaves. Ship the budget gate in the same alpha as the Constitution, or don't ship the Constitution.
Reference in New Issue View Git Blame Copy Permalink