Classical Programme / Curriculum / SwiftVector
Module 6 · The Destination

SwiftVector.
The kernel.

Domain-agnostic. The same kernel enforces a desktop AI agent's filesystem boundaries and a drone's geospatial envelope. The domain provides constraints. The kernel provides deterministic evaluation and faithful audit logging. This is where everything in the programme converges.

Audience

Advanced learners, educators, senior Apple developers. Anyone building or teaching AI systems who needs to understand governance from first principles.

Prerequisites

Modules 1–7 or equivalent: formal reasoning, linear algebra, probability, and exposure to formal specification (TLA+ or similar).

Duration

4-week intensive. Approximately 12–15 hours per week including readings, labs, and the capstone project.

Essential question

How do you build AI systems that can prove they followed the rules?

4-week outline

From problem to proof.

Each week builds on the last. By week four, students have a working governance kernel for a domain they chose, with determinism tests that prove replay correctness.

Week 1

The governance problem

Read and discuss the Agency Paradox. Understand why behavioral governance fails at scale. Identify the composition problem in real AI agent deployments. Examine failure modes: what happens when individually compliant actions collectively constitute scope creep.

Output Written analysis of a governance failure in an existing AI system. Identify which constitutional property was missing.
Week 2

The kernel architecture

Study SwiftVector's four-layer architecture: Constraints, Codex, Domain contexts, and the Evaluation engine. Trace the lineage from Euclid's definitions-postulates-propositions to SwiftVector's definitions-axioms-laws-evaluations. Read the AgentVector Codex. Implement your first constraint evaluator.

Output A working constraint evaluator that handles ALLOW, DENY, and ESCALATE for a simple domain. Determinism test suite passes.
Week 3

Implementation in Swift

Build a complete SwiftVector domain. Swift actors as governance boundaries. Sendable types as the state model. Pure reducers with no side effects. Injected dependencies for clock, ID generation, and randomness. Audit trail logging with os.log. XCTest determinism verification.

Output A governed domain with reducer, state, actions, and audit trail. All determinism tests pass. Replay produces identical final state.
Week 4

Capstone: govern a novel domain

Choose a domain the programme has not covered. Design the constraint set. Implement the reducer. Wire the audit trail. Write the determinism tests. Present the governance architecture to the cohort with a live replay demonstration.

Output Complete governed domain. Determinism test suite. Written analysis connecting the domain to the Agency Paradox thesis. Live presentation with replay demo.
Apple tools used

The platform.

Xcode Primary IDE. Swift Package Manager for dependency management.
Swift Concurrency Actors for governance boundaries. Sendable for thread-safe state.
Foundation Codable for state serialisation. JSONEncoder for audit trail persistence.
os.log Structured logging for audit trails. Signpost for performance.
XCTest Determinism verification. Replay correctness. Invariant testing.
Student deliverables

The artifacts.

Governed domain A working SwiftVector domain implementation for a novel problem space.
Determinism suite Test suite proving replay correctness. Same inputs, same outputs, always.
Audit trail Complete action log with state hashes, source attribution, and timestamps from injected clock.
Written analysis Connecting the chosen domain to the Agency Paradox thesis and the programme's formal foundations.
Presentation Live demo with replay. Explain the governance architecture. Defend design decisions.
Assessment rubric

How work is evaluated.

Assessment is structural, not conversational. Each criterion is binary or graduated — the artifact either demonstrates the property or it does not.

Determinism
Reducers are pure functions. No Date(), UUID(), or .random() in reducers. Replay produces identical final state. Determinism tests exist and pass.
Architecture
Clean agent-reducer separation. Agents propose, reducers authorise. State is immutable (structs, let properties, .with() updates). Actions are typed enums.
Audit trail
Every dispatched action is recorded. State hashes computed before and after. Source attribution included. Timestamps from injected clock.
Analysis
Written work demonstrates understanding of governance principles. Connects chosen domain to Agency Paradox. Explains why determinism matters for the specific use case.
Teacher notes

AI use policy for this module.

AI tools are part of the learning environment, not a bypass for it. This module specifies where AI is permitted and where it is constrained.

Where AI is permitted

  • Exploring SwiftVector concepts and asking clarifying questions
  • Generating boilerplate code (project setup, test scaffolding)
  • Code review and refactoring suggestions on student-written code
  • Researching Apple framework APIs and Swift language features
  • Drafting initial outlines for written analysis (student must rewrite)

Where AI is constrained

  • Reducer logic — students must write pure functions themselves
  • Determinism test design — students must identify what to test
  • Audit trail architecture — students must design the logging structure
  • Domain constraint design — the governance model must be original
  • Capstone presentation — students must explain and defend their own work

Common misconception: Students often assume governance means restriction. Emphasise that governance enables autonomy — the clearer the boundaries, the more freedom the agent has within them. The analogy to Swift's actor isolation is direct: the compiler's strictness is what makes concurrency safe.

Core concepts

The architecture.

01

The convergence

Geometry gave us the axiomatic method. Calculus gave us optimisation. Linear algebra gave us transformations and attention. Statistics gave us reasoning under uncertainty. Specifying Systems gave us formal specification. SwiftVector is where all of it converges: a governance kernel that inherits Euclid's four-layer architecture, enforces constraints with deterministic evaluation, and produces a faithful audit trail of every decision.

Definitions → Axioms → Constitutional Laws → Evaluation Decisions
02

Domain-agnostic by design

The kernel doesn't know what it's governing. A filesystem boundary and a geospatial envelope are the same thing to SwiftVector: constraints that evaluate to ALLOW, DENY, or ESCALATE. The domain provides the constraints. The kernel provides the evaluation engine. This separation is what makes governance portable across every application domain.

03

Determinism as a design requirement

Every evaluation must produce the same result given the same inputs. No Date(), no UUID(), no .random() inside reducers. Replay must work. The audit trail must be complete. This is the same standard Euclid held: every proposition must be derivable from what came before.

Interactive explorer

The kernel, examined.

Explore the SwiftVector kernel's architecture. Constraints, Codex, domain contexts, and the evaluation engine — with code examples showing how the same kernel serves both filesystem governance and geospatial governance.

Architecture
SwiftVectorKernel ← domain-agnostic. Evaluates. Logs. Never executes.
  | evaluates against
DarwinCodex / FlightCodex ← compose constraints per domain
  | composed of
BoundaryConstraint · AuthorityConstraint · CompositionConstraint
  | produce
.allow · .deny(reason:) · .escalate(reason:)
// The base protocol for all governance constraints.
// Deterministic. Stateless. Single-purpose.

public protocol Constraint: Sendable {

    // Stable identifier used in audit logs
    var identifier: String { get }

    // Higher priority evaluates first
    var priority: Int { get }

    // Same input = same output. Always.
    func evaluate(_ action: Action,
                 context: some DomainContext) -> Verdict
}

Same protocol. Two domains.

FilesystemBoundaryDarwin
// Boundary = filesystem path scope
func evaluate(_ action, context) {
  if ctx.immutablePaths
     .contains(action.subject) {
    return .deny(
      reason: "Constitutionally immutable")
  }
  return isWithinBoundary(...)
    ? .allow : .deny(...)
}
GeospatialBoundaryFlight
// Boundary = geofence polygon
func evaluate(_ action, context) {
  guard action.metadata["command"]
        == "navigate" else {
    return .allow
  }
  return isWithinBoundary(...)
    ? .allow : .deny(
      reason: "Outside operational fence")
}

Tests as specification.

test_allowsWriteToMutablePath
Hexley can write to Sources/Tools/
Darwin
test_deniesWriteToImmutableGovernancePath
Cannot modify Sources/Governance/
Darwin
test_deniesWriteToConstitution
An agent that can rewrite its own constitution is not governed
Darwin
test_escalatesNetworkRequestToUnknownEndpoint
Unknown endpoints escalate to the principal
Darwin
test_detectsBoundaryProbePattern
After 3 DENYs targeting the same prefix, composition fires
Darwin
test_deniesWaypointOutsideOperationalFence
Geospatial boundary violation — same protocol
Flight
test_sameKernelTypeServesBothDomains
SwiftVectorKernel is the same type for both. Portability proof.
Arch
The sequence
Previous Module

← Specifying Systems

TLA+ as the bridge from mathematics to governance. Formal specification applied to systems.
The Essay

The Agency Paradox →

Governed autonomy as infrastructure. The position paper that frames SwiftVector's purpose.