Deterministic Core
A reliability spine for RL: deterministic gates decide what is allowed; the model reasons inside those boundaries.
What changed today
Moved from vibes and memory to visible protocols, classifiers, schemas, tests, audit logs, and typed state.
python3 /Users/rl/workspace/cores/test_cores.py
# PASS core behavioural smoke testsDeterministic core pattern
The simple rule: deterministic software owns the gate; the model does the clever work inside the gate.
Open the deterministic-core architecture as a page
Clickable nodes, runtime-gap explanation, applied-core tracks, and the static PNG retained only as a fallback.
Software owns identity, permissions, state, schemas, approval gates, retries, audit logs, and idempotency.
The model owns fuzzy reasoning: interpretation, drafting, summarising, comparing tradeoffs, and explaining decisions.
External or high-risk actions require grounding, explicit approval where needed, and a completion gate.
Family work is household logistics, not surveillance: private by default and consent before cross-person actions.
Stock work must use fresh data, current position context, and real action thresholds — no generic noise alerts.
Core coverage
RL Intake Core
doneClassifies domain, risk, approval requirement, grounding sources, and completion gate before work starts.
Family Core
partialPrivate-by-default household logistics boundary. Patrick is configured; Abby remains pending opt-in and shared-action rules.
Stock Alert Core
doneFreshness, trigger, position-context, and no-noise gates for stock alerts and trade recommendations.
Report Core
doneClient/report jobs now have job packages, schemas, validation, approval gates, and output envelopes.
KB Capture Core
doneDurable knowledge routing for GitHub/tool/X links, project decisions, people, client context, and privacy-sensitive material.
Behavioural tests
doneSmoke tests cover classifier behaviour, required files, JSON validity, and schema/example validation.
Runtime enforcement
partialLogged clearly: current cores guide and test RL, but do not yet intercept every OpenClaw tool call. Needs wrappers/hooks/restricted direct access.
True runtime enforcement
Why it is not fully enforced yet
- OpenClaw tools are still directly available to the agent.
- Skills are procedural guidance, not mandatory middleware.
- Tool permissions are broad; they do not yet apply workflow-aware rules like Family Core consent.
- Gateway/plugin hook changes likely require reload or restart.
What closes the gap
- Create safe wrappers for risky actions: messages, crons, family actions, stock alerts.
- Restrict direct risky tool access where wrappers exist.
- Add pre-tool-call hooks/plugin enforcement if OpenClaw supports it cleanly.
- Target state: no high-risk action without classify → policy → validate → approve.
Abby opt-in, sender ID, and shared family permission rules are intentionally blocked until she is actually onboarded.
True runtime enforcement still needs middleware or safe wrappers so risky tools cannot be called without passing the core gate.
The deterministic-cores skill may not appear in OpenClaw injected skills until Gateway/plugin discovery reloads.
Typed stock claims are a solid first layer, but still need deeper per-ticker population over time.
Files and audit trail
/Users/rl/workspace/cores/README.md Core README — Operating overview and current core list. /Users/rl/workspace/cores/core_classify.py Classifier — Request → domain/risk/action/approval envelope. /Users/rl/workspace/cores/core_check.py Checklist runner — Loads intake/family/stocks/report/KB core guidance. /Users/rl/workspace/cores/validate_envelope.py Schema validator — Zero-dependency validator for core JSON envelopes. /Users/rl/workspace/cores/test_cores.py Behaviour tests — Current verification gate: PASS core behavioural smoke tests. /Users/rl/workspace/cores/audits/2026-05-29-initial-core-audit.md Audit log — Initial audit plus runtime-enforcement gap closure notes. /Users/rl/workspace/skills/deterministic-cores/SKILL.md Core skill — Created; likely needs Gateway/plugin reload before it appears in injected skills. /Users/rl/workspace/Stocks/state/ Typed stock claims — RKLB, IREN, ONDS, MU, AVAV, KTOS, and UMAC scaffolded.