Principles · v1.1 · Apache 2.0

The lighthouse for codebases that ship under / autonomous agents.

Software-writing is becoming a commodity. What survives contact with autonomous agents is not the code — it is the rules the codebase enforces on its own agents. software/constitution™ is the open standard for that enforcement layer: structural, machine-checkable, unviolatable by agents and humans alike.

This page is the thesis. It explains why existing tools cannot hold the line, what a constitutional alternative looks like, and the red lines that never bend. The standard itself is the operational answer; the kit is how you adopt it in hours.

Adopt in 5 steps → Read the spec on GitHub See conformance levels
01 · The agentic-era shift

Writing code is no longer the constraint.

Coding agents now scaffold modules, refactor across the tree, open pull requests, and ship the diff while a human reads email. The velocity is here. The cost curve is collapsing. The next ten years of engineering hiring will not look like the last ten.

That shift moves the bottleneck. It is no longer typing speed, syntax fluency, or how many features one engineer can ship in a sprint. The bottleneck becomes: which rules does this codebase enforce on the agents that now write most of its code?

Two codebases of identical functionality diverge under agent pressure. One drifts — competing implementations sprout, conventions decay, secrets leak into the wrong tree, two systems do the same job because no one noticed the first. The other holds — because the rules are not in a wiki page agents skim past; they are gates that physically reject the violating merge.

The second codebase is governed by a constitution. The first is governed by hope.

02 · Why existing tools are insufficient

Every layer we already have stops short.

The tools your engineering org already uses each get something right. None of them, alone, prevent an agent from violating a rule the codebase actually cares about.

Style guides

Cosmetic, not structural

They standardise how the code looks. They do not stop an agent from introducing a second implementation of an existing capability, or wiring up a fresh queue alongside the canonical one.

Where they stop: aesthetic conformity is not architectural conformity.

Linters

Syntactic, not semantic

They catch unused variables, missing returns, banned globals. They do not catch the agent that shipped a fully-typed, syntactically perfect parallel-defined cache invalidator.

Where they stop: the violating merge passes lint because it is well-formed code; the rule it broke was an architectural invariant the linter has no language for.

Code reviews

Human-paced, agent-outpaced

Reviewers carry the architectural memory. They notice the second implementation, the rogue stylesheet, the duplicate manifest. Reviewers are also human, also flooded, and now also outpaced by agents that ship faster than any reviewer can catch up with.

Where they stop: the tribal-knowledge layer does not scale to agent velocity, and tribal knowledge is exactly what agents do not inherit.

ADRs & design docs

Advisory, not blocking

They capture the why behind a decision. They sit in a folder. Agents do not read them before opening a pull request; humans rarely re-read them after the original decision lands.

Where they stop: an advisory document does not reject a merge. The rule lives in a markdown file; the violation lives in production.

03 · The constitutional alternative

Rules the codebase physically refuses to break.

A constitution lives at a different layer. It is not a document agents are supposed to read; it is a structure agents physically cannot route around. Three properties make it different from everything above:

Property 01

Structural

Every rule has a named canonical artefact (the constitution document), a manifest entry that maps the rule to the code that implements it, and a CI gate that fails the merge when the rule is broken. No artefact, no rule. No gate, no enforcement.

Property 02

Machine-checkable

Every rule terminates in a script that returns a verdict. Humans audit the scripts; the scripts audit the agents. The judgement is not a person reading a pull request — it is the gate running on every push, every time, with no fatigue.

Property 03

Unviolatable

An agent cannot soften the rule by writing nicer prose around it, by promising to follow it next time, or by leaving a follow-up comment in the diff. The merge either passes the gate or it does not land. The constitution binds agents and humans on the same terms.

Property 04

Versioned + amendable

The rules are not eternal. They live in numbered documents, change under pull request, carry deviation windows when a time-boxed exception is approved. The system is rigid against agents and flexible to its maintainers — on purpose, and on the record.

04 · Red lines that never bend

Four examples from the worked instance.

KYE Protocol™ runs on software/constitution™. These are four of its actual locked rules — each one a chapter, a gate, and a class of failure the codebase cannot ship.

§0 — Zero Competing Systems

Every named capability has exactly one canonical implementation.

The ruleCache-bust values, theme bootstrap, brand markup, design tokens, queue producer/consumer pairs — every concept appears exactly once across the codebase.
The gatecompeting-systems-scan walks the tree and rejects any merge that introduces a second implementation of an existing canonical concept.
What it preventsAn agent that “helpfully” reimplements a utility it could not find — producing two systems doing the same job, drifting independently, becoming a runtime bug six months later.
§33 — IP / OSS Line

What is public is structurally separated from what is not.

The ruleFiles in public/oss/** carry the Apache-2.0 SPDX header. Mechanism content lives only in private/mechanisms/. The path is the boundary, not a code comment.
The gateip-oss-line scans every public-track file for the SPDX header and every private-track basename for accidental leakage into a public path.
What it preventsAn agent that copies a mechanism document into a marketing page because the file titles were similar — turning years of patent strategy into a published disclosure.
§51 — No Single Point of Failure

Every privileged operation declares what happens when its dependency fails.

The ruleA registry lists every privileged operation and answers, for each, what degraded behaviour it carries when its dependency is offline. Vendor-lock-in counts.
The gateno-spof-coverage rejects new vendor-locked code paths that have no degradation answer in the registry, with a baseline that may only improve.
What it preventsAn agent that wires the third-party SDK directly into a payment-irreversible path with no fallback — producing an outage that has no operational answer the first time the vendor blinks.
§52 — Constitutional Binding of Delegated Agents

Every delegated agent emits the same self-governance envelope the protocol requires of itself.

The ruleAn agent that runs against the codebase — coding agent, deploy agent, schema-migration agent — is bound to the same evidence-emission contract as the runtime it ships.
The gatedelegated-agent-binding-coverage rejects an agent registration that does not declare its envelope and rejects an agent run that does not emit one.
What it preventsThe category of failure where the agent that wrote the code is itself unaccountable — the codebase governs its production agents but lets its build agents act invisibly.
05 · Dogfood proof

KYE Protocol™ is the worked instance.

KYE Protocol™ runs on software/constitution™. Fifty-plus numbered chapters. Eighty-plus blocking CI gates. Every architectural amendment travels through the same discipline: a numbered document, an implementation registry entry, a passing gate. If the constitution rejects the change, the constitution rejects the change.

The standard was extracted from that practice. The kit is the same gates KYE ships, packaged for any project to run on its own tree. The conformance test (SCCT) runs against KYE and emits L4 — the highest level the standard defines — on every push. This is not aspirational. This is the discipline the standard is named after, running in production.

github.com/KYE-Protocol → · Live signed receipts →

06 · Adoption

Hours, not weeks.

The kit lives in the same repository as the standard. You scaffold the constitution structure, declare your first rule, wire the reference gates into CI, and run the conformance test. Five commands.

# Scaffold the kit into any target repo
node public/oss/software-constitution/kit/init.mjs /path/to/target

# Author your first rule
$EDITOR /path/to/target/constitution/00-INDEX.md
$EDITOR /path/to/target/constitution/01-YOUR-FIRST-RAIL.md

# Run the gates
node /path/to/target/public/oss/software-constitution/kit/run.mjs

# Get the conformance verdict
npx scct /path/to/target

See the five-step adoption walkthrough on the main page →

07 · Distribution — future

One-click adoption is on the roadmap.

For now the standard ships as a kit and a CLI. A future distribution surface — a GitHub App that scaffolds the constitution, wires the gates, and emits the conformance verdict on every pull request without leaving GitHub — is in design. It is not shipping today. The kit is.

Today · the kit

Apache-2.0. Drop-in. Five commands. Conformance verdict on every push. This is the supported adoption path. Use it.