The 12 Laws of the Field
Non-negotiable invariants. Every particle, every event, every decision is bound by these laws. No single service can override them.
Execution Constraints
Laws 1–6 govern how events are processed, decisions are made, and side effects are executed.
Policy Before Execution
No side effect may be executed without prior policy evaluation. Every Action in every ActionPlan must pass through Higgs before Photon executes it.
Decisioning Is Separate from Execution
The system that decides what to do (Fermion) must be a different boundary from the system that does it (Photon). No layer may both decide and execute.
Observability Must Not Mutate Outcomes
Neutrino (audit, observability, explainability) must never influence, block, or alter the execution of events, decisions, or actions. Neutrino is append-only and read-after-write.
Events Are Immutable After Canonicalization
Once Boson produces an EventEnvelope, the envelope's content must not be modified by any downstream layer. Layers may annotate but must not alter.
Side Effects Must Be Declared, Typed, and Auditable
Every side effect the system performs must be represented as a typed Action within an ActionPlan. No implicit, inline, or undeclared side effects are permitted.
Replay Must Be Safe and Deterministic
Re-processing any EventEnvelope through the pipeline must produce the same ActionPlan (given the same policy state) and must not produce duplicate side effects.
System Constraints
Laws 7–12 govern boundaries, configuration, isolation, and the system's relationship to entropy.
Tenant Isolation at Every Layer
No layer may allow data, configuration, credentials, or execution context from one tenant to leak into another tenant's processing.
Configuration Is Externalized
Tenant configuration, routing overrides, policy rules, feature flags, and entitlements must live in Higgs, not in application code or hardcoded constants.
Boundaries Are Explicit and Enforced
Communication between layers must cross a defined boundary with a typed contract. No layer may reach into another layer's data store or internal API.
Deny by Default
When policy, configuration, or entitlement state is missing, ambiguous, or unavailable, the system must deny. The default is always the most restrictive safe state.
Build Only the Missing Layer
Field exists only where other systems stop. If an existing layer can already solve the problem cleanly, Field must not duplicate it.
Entropy Increases by Default
Every unstructured event, missing policy decision, unaudited side effect, or unconstrained cost dimension is entropy entering the system. Field is the counter-force.