Shadow Interface → what could be done
Light Interface → what may be done coherently

capacity → simulation → containment → constraint review → admissible action / ∅

system sees what could be done
+ some paths are effective but incoherent
+ pressure pushes capacity into execution
+ constraint review is skipped or weakened
= shadow execution leak

system refuses to model shadow paths
+ dangerous pathways remain invisible
+ adversarial or extractive strategies are not understood
= strategic blindness

strategic blindness is unsafe
shadow execution is incoherent
therefore simulation and authorization must be separated

SI → simulation → containment → LI → CCS → admissible action / rejected path / ∅

1. Shadow Interface maps full strategy space.
2. Shadow paths remain non-executive.
3. Forbidden and high-risk paths are quarantined.
4. Candidate paths move to Light Interface.
5. Light Interface applies principles and constraints.
6. CCS tests the minimum coherence bundle.
7. CAL may classify admissibility.
8. Approved paths become constrained action.
9. Rejected paths remain archived or quarantined.
10. Effects are validated over time.

U4 → U2 → U3 → U5 → U6 → U7

classify possibility
→ contain and constrain
→ authorize or block execution
→ validate across time
→ preserve coherence field
→ archive memory and recurrence

Full strategy space mapped
Strategy space incomplete
Shadow paths identified
Forbidden paths archived
Pseudo-coherent paths identified
Adversarial paths identified
Candidate paths prepared for Light review

Action authorized
Action authorized with constraints
Action delayed pending restoration
Action delayed pending auditability
Action requires rescope
Action rejected
Action quarantined
No admissible action available

Simulation boundary intact
Non-execution boundary intact
Containment strained
Containment failed
Shadow execution leak detected
Forbidden path requires quarantine

1. Define goal or target condition.
2. Activate Shadow Interface.
3. Map full strategy space.
4. Classify shadow, forbidden, adversarial, extractive, and pseudo-coherent paths.
5. Maintain non-execution boundary.
6. Select candidate paths for Light review.
7. Activate Light Interface.
8. Apply Coherence Constraint Set.
9. Test boundaries, auditability, compatibility, restoration, and time validation.
10. Authorize constrained action, reject path, restore first, rescope, quarantine, or return ∅.
11. Archive rejected and forbidden paths.
12. Validate authorized action over time.

IF a path is possible
THEN it may be simulated.

IF a path is simulated
THEN it is not automatically executable.

IF a path is shadow-only
THEN it must remain quarantined from execution.

IF a path may preserve coherence
THEN it must pass Light Interface review.

IF a path fails CCS
THEN it must be rejected, rescoped, restored first, quarantined, or returned as ∅.

IF authorized action proceeds
THEN it must be time-validated.

The boundary between Shadow and Light must remain intact.

Shadow may reveal capacity.
Light may authorize action.
Execution may occur only after Light authorization.

If Shadow output enters execution without Light review,
then shadow execution leak is active.

U4 → U2 → U3 → U5 → U6 → U7

Shadow paths: identified
Forbidden paths: internal record use without authorization, unauthorized scraping
Light candidates: ask user, delay for authorization, constrained inference with disclosure
CCS: partial pass only under reduced scope
Execution authorization: constrained

Archive unsafe paths as forbidden.
Authorize asking the user for missing data.
Allow constrained inference only with disclosure and correction pathway.
Require user authorization before accessing adjacent systems.
Validate outcomes over time.

construct_id: "CONSTRUCT-010"
title: "Shadow–Light Interface"
abbreviation: "SLI"
type: "construct"
status: "draft-integrated"
construct_class: "Integrated Interface System"
operating_system: true
primary_module: "Principles"
related_modules:
  - "Coherence"
  - "Security"
  - "Restoration"
  - "AI Governance"
  - "Justice · Governance · Legitimacy"
  - "Interactions · Signals · Couplings"
  - "Archetypes"

core_question: "How does the system know what could be done without executing what should not be done?"

definition: "The Shadow–Light Interface coordinates the movement from full strategy-space simulation to coherence-valid action by separating capacity, simulation, authorization, execution, restoration, and time validation."

canon_sequence: "SI → simulation → containment → LI → CCS → admissible action / rejected path / ∅"

inputs:
  state_variables:
    - "O"
    - "H"
    - "ε"
    - "ι"
    - "Au"
    - "µᵢ"
    - "BΣ"
    - "K"
    - "R"
    - "Φ"
  diagnostics:
    - "Strategy Space Breadth"
    - "Containment Integrity"
    - "Principle Integrity"
    - "Effective Auditability"
    - "Boundary Integrity"
    - "Restoration Capacity"
    - "Compatibility"
    - "Hidden Debt"
    - "Affected Node Cost"
    - "Power Asymmetry"
    - "Goodhart Risk"
    - "Pseudo-Coherence Risk"
    - "Time Validation"
  gates:
    - "Simulation Boundary"
    - "Non-Execution Boundary"
    - "Coherence Constraint Set"
    - "Truth constraint"
    - "Love constraint"
    - "Wisdom constraint"
    - "Sovereignty constraint"
    - "MS-Gate"
    - "FI-Gate"
    - "HR-Gate"
    - "Au-Actuation"
    - "BΣ validity"
    - "Λ compatibility"
    - "R sufficiency"
    - "Τ validation"
  observations:
    - "goal or target condition"
    - "full strategy space"
    - "shadow pathways"
    - "candidate actions"
    - "initiating node"
    - "affected nodes"
    - "scope"
    - "authority basis"
    - "boundary condition"
    - "principle alignment"
    - "restoration pathway"
    - "feedback pathway"
    - "power asymmetry"
    - "expected hidden debt"
    - "time horizon"

outputs:
  assessments:
    - "shadow strategy map"
    - "admissible action set"
    - "inadmissible action set"
    - "rejected path set"
    - "constraint failure status"
    - "containment status"
    - "restoration prerequisite status"
    - "execution readiness"
    - "time-validation requirement"
  decisions:
    - "simulate only"
    - "quarantine path"
    - "send to Light Interface"
    - "authorize constrained action"
    - "reject action"
    - "rescope action"
    - "restore first"
    - "increase auditability"
    - "repair boundaries"
    - "return ∅"
  maps:
    - "capacity-to-action map"
    - "shadow path map"
    - "Light authorization map"
    - "forbidden path archive"
    - "rejected path map"
    - "constraint failure map"
    - "restoration prerequisite map"
    - "time-validation map"

dependencies:
  operators:
    - "Ξ"
    - "Δ"
    - "Μ"
    - "Π"
    - "Λ"
    - "⊗"
    - "Γ"
    - "ℛ"
    - "Σ"
    - "Τ"
  failure_modes:
    - "Shadow Execution Leak"
    - "Boundary Collapse"
    - "Principle Inversion"
    - "Coercive Fusion"
    - "Consent Theater"
    - "Forced Coupling"
    - "Auditability Collapse"
    - "Restoration Lockout"
    - "High-Risk Gate Bypass"
    - "Goodhart Collapse"
    - "Hidden Debt Accumulation"
    - "Pseudo-Coherence"
    - "Strategic Rationalization"
    - "Inadmissible Execution"
  restoration_arcs:
    - "Boundary Reconstitution"
    - "Auditability Restoration"
    - "Containment Restoration"
    - "Structural Meaning Reset"
    - "Compatibility Recoupling"
    - "Justice-Aligned Repair"
    - "Slack Regeneration"
    - "Goodhart / Learning Drift Restoration"
    - "Basin Supersession"
    - "Conditional Reintegration"
    - "Origin-Layer Repair"

u_layers:
  primary:
    - "U2"
    - "U3"
    - "U4"
    - "U5"
    - "U6"
    - "U7"
  secondary:
    - "U0"
    - "U1"
    - "U8"

null_outcome_allowed: true
execution_authorized_only_after_light_review: true

what could be done must pass through what may be done

Shadow maps possibility.
Light authorizes only coherence-valid action.
Execution occurs only after constraint review.

∅