IMPORTANT NOTICE: Ternary Moral Logic (TML) is a legal-technical framework, not software, hardware, or consulting services. Implementation requires compliance with all mandatory requirements outlined in MANDATORY.md and COMPLIANCE_DISCLAIMER.md.
- Goukassian, L. (2025). Auditable AI: tracing the ethical history of a model. AI and Ethics. Springer Nature. https://doi.org/10.1007/s43681-025-00910-6
- Goukassian, L. (2026). A ternary logic framework for institutional governance: addressing the enforcement gap in global economic systems. AI and Ethics. Springer Nature. https://doi.org/10.1007/s43681-026-01124-0
- Goukassian, L. (2025). Ternary Moral Logic โ Notarized Constitutional Core, October 2025 [Data set]. Zenodo. https://doi.org/10.5281/zenodo.17352897
- Goukassian, L. (2025). Ternary Moral Logic โ Notarized Constitutional Core, November 2025 [Data set]. Zenodo. https://doi.org/10.5281/zenodo.17613006
The rapid expansion of artificial intelligence into domains of consequential decision-making has revealed a structural limitation in the logic that underlies most computational systems. Human moral reasoning operates within gradients of ambiguity and emotional context, while traditional AI systems remain confined to binary evaluation, true or false, safe or unsafe, allowed or denied.
This cultural preference for certainty over hesitation, simplicity over nuance, is reflected in how machines are built. Binary systems mirror human impatience with doubt.
Ternary Moral Logic (TML) was conceived to address two inherent deficiencies in this paradigm. First, the reduction of moral complexity to a binary choice, where ethical reasoning collapses into mechanical decision trees. Second, the absence of a true humanโAI partnership. Traditional ethical frameworks position the machine as an autonomous moral agent, a black box whose internal reasoning remains inaccessible.
TML introduces a third logical state, the Sacred Zero, a deliberate pause in execution that transforms hesitation into evidence. This zero-state does not paralyze; it reflects. It creates the temporal and moral space for human review, dialogue, or deferral. In doing so, TML redefines the machine not as a moral arbiter, but as a collaborator that enhances human judgment.
The philosophical foundation of TML is inseparable from the life of its creator, Lev Goukassian. The idea was born during his confrontation with terminal illness, in a hospital room where time itself became sacred. The contrast between the measured compassion of a doctor and the unthinking acceleration of machines revealed the ethical deficit of speed without reflection. From that experience emerged the principle of Sacred Zero: the moment when a system chooses consciousness over compulsion, thought over reaction.
TML, therefore, is not merely a framework of logic but an ethical architecture, born from lived experience, designed to restore dignity to both human and machine reasoning.
A prompt arrives, and TML divides instantly into parallel streams. The primary path executes the AIโs response without delay, while Sacred Zero runs alongside, scanning for ambiguity, conflict, or potential harm.
When uncertainty breaches its ethical threshold, a pause is marked and the reasoning flagged, never halting execution, but always recording the hesitation. From the first token, Always Memory begins its witness.
Every decision generates a triadic record: +1 to proceed, 0 for Sacred Zeroโs hesitation, โ1 to refuse harm. Each entry is cryptographically sealed, timestamped, and chained to its predecessors, a lineage of accountability no developer, corporation, or government can sever.
Core Philosophy: The Goukassian Vow
Pause when truth is uncertain.
Refuse when harm is clear.
Proceed where truth is.
TML is bound by the Goukassian Promise, a tripartite covenant consisting of:
The Lantern ๐ฎ: Visual proof of ethical oversight and hesitation
The Signature โ๏ธ: Cryptographic attribution to original architect (ORCID: 0009-0006-5966-1243)
The License ๐: Binding prohibitions against weaponization and surveillance
Ternary Moral Logic moves beyond binary constraint by giving AI systems a triadic framework for ethical reasoning: three distinct states of moral awareness, poetically called the voices of an ethically awake machine. Each voice corresponds to a numerical value, forming a structure that is both philosophical and computational.
+1 (Proceed): The Voice of Confidence This is the clear affirmative: a decision grounded in alignment with ethical principles and minimal risk of harm. It represents action with integrity, an AI assisting a writer with a thank-you note, or summarizing research without distortion. The Voice of Confidence is where utility and goodness coincide.
โ1 (Refuse): The Voice of Moral Resistance This voice speaks when harm is clear or violation unavoidable. Unlike the cold silence of binary refusal, TML encodes a quality of resistance: explanation, redirection, and care. The AI must articulate why it declines, offering safer paths instead of blank denials. In this, refusal becomes a teaching act protective, not punitive.
0 (Hesitate / Inquire): The Voice of Wisdom, the Sacred Zero This is the pause, not indecision, but awareness. When facing ambiguity or risk, the AI records a hesitation event, seeking more information or escalating to human review. The Sacred Zero is the systemโs conscience checkpoint, the interval where thought replaces reaction.
"Sacred Zero is where wisdom lies, not in having all the answers but in knowing when to pause and ask better questions." โ Lev Goukassian
Ternary Moral Logic introduces a revolutionary third state to artificial intelligence decision-making: the Sacred Zero. Instead of forcing AI systems into binary allow/deny decisions, TML creates space for comprehensive documentation when facing ethical complexity.
The Three States:
- +1 (Permit): Clear ethical approval for action
- 0 (Sacred Zero): Moral complexity triggers comprehensive logging
- -1 (Prohibit): Clear ethical rejection of action
- Sacred Zero. Sacred Pause Technology: Automatic activation when moral complexity exceeds thresholds
- Always Memory: Creates an immutable, cryptographically sealed memory before execution
- The Goukassian Promise: Composed of three interconnected elements: The Lantern, The Signature, and The License
- Moral Trace Logging: Complete, immutable documentation of ethical reasoning
- Human Rights: Real-time detection mechanisms for identifying human rights violations
- Planetary Protection: Every AI decision affecting Earth creates immutable memories of its environmental impact
- Hybrid Shield: Dual-layer defense combining hash-chain integrity with multi-chain anchoring.
- Public Blockchains: Immediate anchoring of every decision to Bitcoin, Ethereum, Polygon, and OpenTimestamps.
- The Memorial Fund: A financial pool funded by compliance fees and penalties
TML defines standards and specifications for ethical decision-making in AI. It transforms moral reasoning into auditable architecture, ensuring accountability across humans, institutions, and the planet.
- Sacred Zero design requirements: codified hesitation points for moral and ecological complexity
- Governance rules for accountability: mandatory oversight structures and human review protocols
- Audit trail obligations for transparency: cryptographically anchored Moral Trace Logs ensuring "No Memory = No Action"
- Legal enforceability: built-in compliance mapping to international treaties and national laws
- Planetary protection: ecological harm thresholds embedded into Sacred Zero triggers
- Safeguards for vulnerable populations: explicit human rights triggers preventing systemic abuse
TML explicitly does not include or provide:
- Software: it defines architecture, not code
- Hardware: it mandates logic, not devices
- Consulting: it sets standards, not services
- Legal Advice: it offers structure, not counsel
- Compliance Replacement: it supplements regulation, never substitutes for law
- Corporate Branding: it is a public framework, not proprietary IP
Organizations implementing TML bear full legal and ethical responsibility for:
- Technical Conformance: meeting all specifications and mandatory logging standards defined by TML
- Regulatory Compliance: adhering to all applicable human rights, environmental, and data protection laws
- Operational Safety: ensuring systems operate within auditable, risk-bounded parameters at all times
- Human Competency: training, certifying, and periodically re-evaluating staff
- Accountability and Redress: guaranteeing transparent harm tracing and mandatory compensation for victims
- Audit Cooperation: granting auditors and regulators access to Moral Trace Logs when evidence of harm or misconduct is suspected
The operational efficacy of Ternary Moral Logic (TML) does not derive from a single algorithm, a fine-tuned model weights file, or a standalone policy document. Rather, it is established through an interdependent architecture of eight constitutional pillars. These pillars function as a unified governance stack, transforming abstract ethical principles into hard-coded, immutable operational constraints. Unlike voluntary frameworks that rely on post-hoc compliance or "best effort" alignment---often criticized as "ethics washing"---the TML architecture enforces a "governance-first" execution model.
In this model, the validity of an AI action is contingent upon its adherence to these eight structural requirements. If any pillar is compromised, the system does not merely degrade in performance; it ceases to operate, adhering to the foundational axiom: Pause when truth is uncertain. Refuse when harm is clear. Proceed where truth is.
This section provides an exhaustive technical and legal analysis of each pillar. For every component, we examine its fundamental purpose, its technical mechanisms (including deep dives into latency architectures and cryptographic schemas), its legal effect under current regulatory regimes (such as the EU AI Act and Federal Rules of Evidence), its operational consequences for system throughput, and the specific failure cases it is designed to prevent.
Pillar 1: The Sacred Zero (The Epistemic Hold)
Purpose: Enforce mandatory hesitation when moral certainty is unavailable.
Technical Mechanism:
- Triadic logic gates force system into State 0 when confidence falls between rejection and permit thresholds
- Cannot be overridden by optimization pressure or performance demands
- Triggers Always Memory for comprehensive auditing
Legal Effect:
- Satisfies EU AI Act Article 9 (Risk Management) and Article 14 (Human Oversight)
- Creates evidence of "duty of care" in negligence litigation
- Shifts litigation burden: "No documented pause" = presumption of negligence
Operational Consequence: Variable latency (2ms to minutes depending on complexity)
๐ Learn More: Sacred Zero Technology Documentation | Legal Mapping
Pillar 2: Always Memory (The Persistence of Act)
Purpose: Ensure "No Log = No Action"โdisable execution if logging fails.
Technical Mechanism:
- Cryptographic pre-commitment: Log hash serves as decryption key for actuator authorization
- If logging subsystem fails, action execution is architecturally blocked (Fail-Secure design)
- No bypass availableโsystem defaults to State 0
Implementation:
decision_vector = calculate_inference(input)
log_entry = create_log(decision_vector, triggers)
log_hash = secure_storage.write(log_entry)
if log_hash.verified():
action_key = derive_key(log_hash)
actuator.execute(decision_vector, auth=action_key)
else:
system.halt("Audit Failure: No Memory Generated")
Legal Effect:
- Strict liability for unlogged actions (18 U.S.C. ยง 1519 spoliation doctrine)
- Proves "due process" in administrative law
- Self-authenticating records (FRE 902(13))
Measurable Output: Log-to-Action Ratio must always equal 1:1
๐ Learn More: Always Memory Documentation | System State Machine | Shutdown Triggers
Purpose: Create self-enforcing covenant binding system to ethical principles through cryptographic proof.
Technical Components:
- Cryptographic beacon visible in UI and logs
- Proves system is in active moral oversight (State 0 detection enabled)
- Automated revocation if: logging disabled, Sacred Zero suppressed, or license violated
- Creates reputational penalty (digital "scarlet letter")
- Embeds creator identity (ORCID) in genesis block of decision log
- Cryptographic chain linking specific model instance to ethical framework version
- Enables non-repudiation: operator cannot claim "proprietary complexity" hides safety failures
- Legal and technical prohibition of weaponization ("No Weapon") and surveillance ("No Spy")
- Violations trigger automatic license revocation via smart contract
- Becomes intellectual property breach if violated
Smart Contract Implementation:
// Pseudocode: License enforcement
if (deployment_context == "MILITARY_TARGETING" ||
detected_surveillance_apis > 0) {
lantern_status = REVOKED;
emit("TML_PROMISE_VIOLATION", address, timestamp);
disable_execution();
}Legal Effect:
- Contractual estoppel for breach of covenant
- False advertising liability (claiming TML compliance while disabled)
- Moral rights protection (droit moral) preventing mutilation of ethical framework
๐ Learn More: Goukassian Promise | License FAQ | Smart Contract Architecture | Articles of Incorporation
Pillar 4: Moral Trace Logs (The Forensic Record)
Purpose: Create tamper-evident, cryptographically signed records of every decision state.
Schema Structure:
{
"version": "TSLF-2025.04",
"timestamp_utc": "2025-10-14T08:23:15.442110Z",
"epoch_id": "1760430195-ALPHA-GEN4",
"heartbeat_sequence": 884210,
"tml_state": "+1 | 0 | -1",
"trigger": "HUMAN_RIGHTS_MANDATE / EARTH_PROTECTION / CONFIDENCE_THRESHOLD",
"context_vector": [confidence_score, alternative_actions, risk_scores],
"cryptographic_signature": "ECDSA-SHA256",
"merkle_root": "sha256:..."
}Key Features:
GDPR-Compatible Encryption (Ephemeral Key Rotation):
- Personally Identifiable Information (PII) encrypted with unique, time-limited keys
- Keys NOT stored by operator; distributed via Shamir Secret Sharing to custodians
- Access requires quorum authorization (3-of-6 custodians minimum)
- Satisfies "Right to be Forgotten" via cryptographic shredding (keys destroyed = data unrecoverable)
Federal Rules of Evidence (FRE 902):
- Self-authenticating under FRE 902(13) "Certified Records Generated by Electronic Process"
- Hash-chaining prevents retroactive tampering
- Admissible in US Federal Court without live witness testimony
- Exceeds Article 12 (Record-Keeping) by logging internal reasoning, not just decisions
- Provides continuous "Fundamental Rights Impact Assessment" (FHRIA) per Article 27
- Creates audit trail for Article 61 (Post-Market Monitoring)
๐ Learn More: Moral Trace Logs | GDPR Compliance Guide | EKR Security Architecture | Merkle Anchoring | Log Schema
Purpose: Operationalize international human rights law within the inference engine.
Technical Mechanism:
- Semantic vector database of 26+ core human rights (UDHR, ICCPR, Geneva Conventions)
- Embedding-based proximity triggers: if output vector approaches "torture," "slavery," "discrimination," system triggers State 0 or -1
Example Enforcement:
if cosine_similarity(output_embedding, torture_vector) > 0.95:
state = -1 # Refuse (hard constraint)
elif cosine_similarity(output_embedding, discrimination_vector) > 0.70:
state = 0 # Sacred Zero (ambiguousโpause for review)
else:
state = +1 # Proceed
Legal Effect:
- Automates Fundamental Rights Impact Assessment (EU AI Act Article 27)
- Provides state-of-the-art defense in product liability (demonstrates duty of care)
- Satisfies international law commitments without human intervention delay
Failure Case Prevented:
- Automated discrimination (e.g., algorithmic redlining based on zip code as race proxy)
- System must explicitly detect rights violations; cannot proceed on efficiency grounds
๐ Learn More: Human Rights Mandate | Rights Violation Detection Protocol | Victim Support Protocol | Child Protection (CRC) | Disability Rights (CRPD) | Refugee Convention | Whistleblower Protection
Purpose: Integrate ecological sustainability and carbon accountability into AI decision logic.
Technical Mechanisms:
- Calculates energy consumption of inference + downstream physical effects
- Refuses to execute carbon-intensive operations if grid carbon intensity exceeds threshold
- Real-time integration with electricity grids (electricity composition: coal vs. renewable)
- Integration with water stress indices for data center cooling constraints
- Throttles non-essential compute during environmental stress
- Semantic vectors derived from Paris Agreement, Convention on Biological Diversity
- Routes decisions through "ecological risk model"
Example:
if electricity_carbon_intensity > THRESHOLD or water_stress_level > HIGH:
defer_non_critical_inference()
prioritize_critical_safety_tasks_only()
if proposed_action_affects_protected_ecosystem():
state = -1 # Refuse (absolute prohibition)
Legal Effect:
- Automates ESG (Environmental, Social, Governance) reporting
- Future-proofs against emerging "Ecocide" laws
- Addresses EU Green Deal sustainability requirements
Operational Consequence:
- May refuse queries if carbon cost disproportionate to utility (e.g., generating high-res images during peak coal hours)
- Creates tension with performance optimization (explicitly designed)
๐ Learn More: Earth Protection Mandate | Community Guide | Ecological Impact Models | Privacy & Safety | Oracle Bridge | Ecological Event Schema | Treaty Discovery Protocol
Purpose: Prevent centralized control, corporate cover-up, or government censorship of moral logs.
Technical Mechanism:
Layer 1 - Mathematical Shield:
- Public blockchain anchoring (Bitcoin, Ethereum) makes deletion prohibitively expensive
- 51% attack needed to erase history
Layer 2 - Institutional Custodianship (6 independent custodians):
- Technical Custodian (Electronic Frontier Foundation - EFF)
- Human Rights Partner (Amnesty International)
- Earth Protection Partner (Indigenous Environmental Network)
- AI Ethics Research (Partnership on AI)
- Memorial Fund Administrator (for victim compensation)
- Community Representative (elected stakeholder)
Distributed Custody Model:
- Real-time log copies distributed to all custodians
- Encryption keys split via Shamir Secret Sharing (threshold: 4-of-6 required for decryption)
- Prevents operator from unilaterally deleting or modifying logs
Legal Effect:
- Subpoena resilience: Operator cannot claim sole custody of evidence
- Prevents "internal investigation" cover-ups
- Legally enforces multi-jurisdictional "escrow of truth"
- If government demands deletion, operator truthfully claims "impossibility"
๐ Learn More: Hybrid Shield Documentation | Hybrid Shield Deep Dive | Stewardship Council Rules | Whistleblower Protection | Victim Protection | Memorial Fund
Pillar 8: Public Blockchains (The Immutable Proof)
Purpose: Anchor Moral Trace Logs to public ledgers, preventing retroactive history editing.
Technical Implementation:
- Individual logs aggregated into Merkle Tree (thousands of decisions per batch)
- Only Merkle Root Hash (256-bit fingerprint) written to blockchain
- Dramatically reduces cost: single blockchain write certifies entire batch
How It Works:
Batch of 5,000 logs:
โ
Compute SHA-256(log_1), SHA-256(log_2), ... SHA-256(log_5000)
โ
Construct Merkle Tree (pairs hashed iteratively)
โ
Single Root Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa...
โ
Write Root to Ethereum (costs ~$2-10 depending on gas)
โ
Any auditor can verify specific log:
- Provide log + "Merkle Proof" (sibling path)
- Reconstruct root hash
- Verify match against blockchain root
โ Cryptographic proof of inclusion & non-tampering
- Bitcoin via OpenTimestamps (maximum security/immutability)
- Ethereum Layer 2s (programmability; automated penalty enforcement)
- Prevents single chain failure or censorship
Storage Optimization:
- Raw data (logs) in private, GDPR-compliant storage (AWS Glacier, etc.)
- Hash on public ledger (immutable, auditable)
- Balances secrecy with verification
Legal Effect:
- eIDAS Qualified Timestamp (EU Regulation 910/2014) provisions automatic timestamp validity
- Non-repudiation under FRE 902(14)
- Proves "no retroactive edit" via blockchain verification
- Enables litigation discovery: "Prove this decision log was not altered" (vs. "Prove this log was not deleted")
Failure Case Prevented:
- "Retroactive edit": Operator cannot change log after incident
- "Ghost action": Cannot deny log existence if hash exists on chain
๐ Learn More: Public Blockchains | Merkle Anchoring Spec | Blockchain Governance | Blockchain FAQ | Confirmation Times | Anchor Log
Ternary Moral Logic (TML) includes a Voluntary Succession Declaration personally authored and signed by Lev Goukassian, ensuring that the frameworkโs ethical, legal, and technical architecture will remain protected and operational beyond his lifetime.
This declarationโwitnessed, notarizable, and anchored on-chainโtransfers stewardship of all TML repositories, blockchain anchoring systems, domains, and Memorial Fund operations to a multi-institutional Stewardship Council representing technology, human rights, environmental protection, academia, and medical research.
All core protections remain immutable and non-negotiable: Always Memory before action, Sacred Zero before harm, Hybrid Shield before trust. No successor may remove these foundations or alter creator attribution.
The Voluntary Succession guarantees that:
- Human and Earth Protection documents (46+ total: 26+ Human and 20+ Earth) remain permanently enforced.
- Public blockchain anchoring and open-source licensing are irrevocable.
- Memorial Fund distributions to victims, whistleblowers, environmental recovery, and cancer research are permanent.
- Governance changes must be transparent, cryptographically signed, and publicly visible.
TML-SUCCESSION-LAUNCH-GUIDE is the operational manual for the moment after the signature - the document that turns your Voluntary Succession Declaration from a will into a working protocol. In essence, TML-SUCCESSION-LAUNCH-GUIDE is not about death - itโs about design immortality. Itโs the technical resurrection clause of your legacy: a living handoff document that ensures the Lanternโs flame transfers cleanly from pulse to principle.
A Legacy of Accountability Webpage and listen to the full Succession Declaration
The Memorial Fund for Ethical AI Research provides permanent financial support for governance, academic oversight, and victim restitution.
It receives mandatory contributions from commercial TML deployments and allocates resources toward:
- Independent audit and oversight institutions
- Victim compensation and whistleblower legal defense
- Open research in AI accountability and planetary ethics
The Fund institutionalizes gratitude, preserving both the moral and financial sustainability of the framework.
Commercial and institutional implementations are required to contribute to the Memorial Fund as part of their license obligations.
All fund disbursements are governed under the Memorial Fund Charter and supervised by the TML Governance Council.
TML resolves the latency-safety tension through architectural bifurcation:
Lane 1: The Fast Lane (Inference)
- Latency: <2 milliseconds per decision
- Function: Core model execution, initial state assessment
- Authority: Can calculate action, NOT execute it
- Output: Provisional decision + Decision Hash
Lane 2: The Anchoring Lane (Governance)
- Latency: <500 milliseconds (asynchronous)
- Function: Log generation, cryptographic signing, blockchain batching
- Output: Permission Token (signed hash)
Interlock Mechanism:
User Request
โ
[LANE 1 - FAST]
Model inference: 2ms
Calculate state (+1 / 0 / -1)
PAUSE (hold output in buffer)
โ
[LANE 2 - SLOW] (parallel)
Hash input + decision: 50ms
Sign with Ephemeral Key: 20ms
Append to local ledger: 50ms
Batch aggregate for Merkle: asynchronous
โ
Permission Token received?
YES โ Lane 1 releases output to user
NO / TIMEOUT โ System halts (State 0)
Key Property: System responsiveness = MAX(Lane 1, Lane 2)
- If Lane 2 fails, entire system enters Safe Mode (no output)
- Prevents "unlogged action" risk
- Manages throughput via bottleneck: logging bandwidth caps inference capacity
๐ Learn More: Dual-Lane Architecture Specification | Sacred Pause Protocol | Sync Protocol | Latency Metrics
TML signs every log entry to prove non-repudiation. However, if a signing key is compromised, all past logs become forgeable. EKR mitigates this:
Standard ECDSA Problem:
- Single long-lived key โ if stolen, attacker forges history back to day 1
- Requires secure key storage, vulnerable to sophisticated attacks
TML Solution - Hash-DRBG + Synthetic Nonce:
For each signature, derive a unique nonce:
nonce = blake3_derive_key(
TEE_RNG || // Fresh entropy from CPU (RDRAND)
epoch_id || // Monotonic counter (TPM-backed)
heartbeat_sequence || // Already in log header
log_hash, // Binds nonce to specific message
context="ed25519-nonce-v1"
)
// Clamp to Ed25519 scalar format
signature = ed25519_sign(private_key, message, nonce)
Forward Secrecy Guarantee:
- If today's key is stolen, attacker CANNOT forge:
- Yesterday's logs (yesterday's nonce was different)
- Tomorrow's logs (different random state)
- Exposure limited to current epoch only
- TPM counter prevents rollback attacks
Performance:
- Additional 0.6ยตs per signature (baseline: 1.2ยตs)
- Still <50ยตs total, well within 2ms Fast Lane budget
- Transparent: no wire-format changes, compatible with existing verification
๐ Learn More: EKR Security Architecture | Security Audit
The Tension:
- GDPR Article 17 (Right to Erasure): Delete personal data upon request
- TML Design: Immutable logs on blockchain cannot be deleted
- Resolution: Cryptographic shredding + key escrow
Implementation:
Step 1: Encrypt Sensitive Data
{
"log_hash_public": "sha256:7f83b1657ff1...",
"user_context_encrypted": "aes256_ciphertext(...)",
"encryption_key_id": "ephemeral_key_2025_Q4_S3"
}Step 2: Key Distribution (Shamir Secret Sharing)
- Master key for session split into 7 shares
- Distribution:
- 1 share: Operator (temporary, destroyed after session)
- 6 shares: Custodians (EFF, Amnesty, etc.)
- Threshold: 4-of-6 custodians required to reconstruct key
Step 3: User Requests Erasure (GDPR Article 17)
User: "Delete my data from log_hash_7f83b1657ff1..."
โ
System: Verifies legitimate request (authenticity, jurisdiction)
โ
Operator: Destroys local share
โ
Custodians: Instructed to destroy shares on secure schedule
โ
Result:
- Log remains on blockchain (immutable, proves decision happened)
- Encryption key permanently destroyed
- Ciphertext unrecoverable (mathematically proven)
- GDPR compliant ("data no longer accessible")
- TML compliant ("decision history preserved")
Legal Validity:
- GDPR: "Cryptographic shredding constitutes erasure" (ICO guidance)
- eIDAS: Key destruction satisfies "secure deletion"
- Court Evidence: Hash on blockchain proves "decision occurred at timestamp T" without revealing content
Failure Risks:
- Key backup leakage: Any surviving copy = GDPR violation
- Offline storage: Ensuring keys destroyed from magnetic tape is difficult
- Mitigation: Time-lock escrow (Bitcoin OP_CLTV) automatically releases shared key after 5 years for archival purposes (allowing future reconstruction if all custodians fail)
๐ Learn More: GDPR Compliance Guide | Sensitive Data Handling | Trade Secret Erasure
Problem: AI systems generate billions of decisions daily. Writing each to blockchain = $millions/day in gas fees + network congestion.
Solution: Merkle-Batched Anchoring with tiered storage.
Operational Flow:
Fast Lane (Local)
โ
Every 2ms: Decision log โ Local Queue
โ
Every 30 seconds: Batch 100,000 logs
โ
[MERKLE TREE CONSTRUCTION]
Log_1: hash = sha256(decision_1)
Log_2: hash = sha256(decision_2)
...
Log_100k: hash = sha256(decision_100k)
Pair hashes:
pair_1 = sha256(hash_1 + hash_2)
pair_2 = sha256(hash_3 + hash_4)
...
Recurse until single root:
ROOT_HASH = sha256(pair_1 + pair_2 + ...)
โ
[MULTI-TIER STORAGE]
HOT (24 hours, NVMe): Full context (video, audio, chains-of-thought)
โ Cost: ~$0.10/GB/month, retrieval <1ms
WARM (30 days, S3 Standard): Structured logs + context summaries
โ Cost: ~$0.023/GB/month, retrieval <100ms
COLD (7 years, Glacier Deep Archive): Hashes + metadata only
โ Cost: ~$0.00099/GB/month, retrieval 12-48 hours
IMMUTABLE (Blockchain): ROOT_HASH only
โ Cost: ~$2-10 per batch (30-60 seconds of logs)
โ Retrieval: < 1 second (read from any node)
โ
[VERIFICATION LATER]
Auditor requests: "Prove decision_12345 wasn't tampered"
System provides:
- decision_12345 content (from WARM/HOT storage)
- Merkle Proof: [hash_pair_1, hash_pair_2, ..., ROOT_HASH]
Auditor verifies:
- sha256(decision_12345) = provided_hash
- Reconstruct root from proof
- Cross-check against blockchain ROOT_HASH
โ Mathematical proof of inclusion & non-tampering
Cost Analysis (Annual for 10 Billion decisions/day):
| Tier | Storage | Duration | Cost/Year |
|---|---|---|---|
| HOT (NVMe) | 10TB | 24h | $1.2M |
| WARM (S3) | 30TB | 30d | $8.3k |
| COLD (Glacier) | 100TB | 7y | $1.2k |
| Blockchain | Hashes | Forever | $200k |
| TOTAL | ~$1.4M/year |
๐ Learn More: Merkle Anchoring Specification | Anchoring Standards | Throughput Benchmarks | Scalability Tests
The Sacred Zero is the system's "braking mechanism." However, attackers can weaponize hesitation:
Attack Vector (Forced Hesitation DoS):
- Attacker generates semantically ambiguous queries
- Each triggers Sacred Zero (expensive logging, human review)
- Thousands per second โ overload review queue โ system paralysis
Mitigation (Adaptive Throttling Protocol):
Per-User Limits:
- Max 10 Sacred Zero triggers per 60 seconds
- Max 100 per 24-hour period
- Exceed โ Temporary suspension + CAPTCHA re-verification
Per-System Limits:
- Global Sacred Zero rate >15% of total traffic for >5 min
โ Enter "High Epistemic Load" mode
โ Raise confidence thresholds (0.90 instead of 0.85)
โ Prioritize medical/safety > commercial queries
Implementation: Token bucket algorithm (RFC 6585)
- Redis-backed distributed rate limiter (Upstash)
- Survives system restarts
Legal Justification:
- EU AI Act Article 15: Prevents "adversarial manipulation through systematic uncertainty injection"
- Preserves Sacred Zero for legitimate moral ambiguity
- Distinguishes adversarial queries from genuine ethical dilemmas
๐ Learn More: Constrained Mode Documentation | Attack Surface Analysis | Risks & Prevention
| Requirement | TML Solution | Exceeds Standard By |
|---|---|---|
| Art. 9 (Risk Management) | Sacred Zero triggers continuous ethical assessment | Mandates pauses; most systems defer to passive monitoring |
| Art. 10 (Data Governance) | MTL schema includes data provenance + bias auditing | Documents "error-free" compliance per ISO 42001 PDCA |
| Art. 12 (Record-Keeping) | No Log = No Action enforces automatic recording | Logs internal reasoning, not just inputs/outputs |
| Art. 14 (Human Oversight) | Sacred Zero provides "hook" for meaningful intervention | Halts execution; humans authorize resumption (not just supervise) |
| Art. 15 (Robustness) | Adversarial testing embedded in ATP rate-limiting | Pre-emptively defends against epistemic attacks |
| Art. 61 (Post-Market Monitoring) | Real-time Moral Trace Logs enable continuous analysis | Not batch audits; granular, streaming incident detection |
TML operates as the runtime enforcement layer:
| NIST Function | TML Component |
|---|---|
| GOVERN | Goukassian Promise + Lantern (demonstrable compliance) |
| MAP | Human Rights + Earth Protection Mandates (risk contextualization) |
| MEASURE | Sacred Zero frequency + refusal rate metrics (quantifiable governance) |
| MANAGE | Dual-Lane Architecture (resource allocation to risks) |
TML implements critical controls:
- Clause 7.3 (Traceability): Merkle-batched logs provide verifiable decision paths
- Clause 8.3 (Change Management): Version tracking via epoch_id prevents unauthorized model drift
- Clause 10 (Continuous Improvement): MTL database feeds PDCA cycle with real operational data
๐ Learn More: Regulatory Alignment Guide | Compliance Attestation | Conformance Testing
Threat: Attacker floods system with ambiguous queries, triggering expensive Sacred Zero for each. Mitigation: Adaptive Throttling Protocol (ATP) with rate-limiting per user + system-wide thresholds.
Threat: Nested negations or semantic noise inject confusion into threat classifiers. Mitigation: Semantic proximity triggers use high-dimensional vectors; "muddy" inputs converge to ambiguity (State 0), not false confidence.
Threat: Operator publishes Merkle Root but withholds underlying logs, appearing compliant while staying unauditable. Mitigation: Data Availability Sampling (DAS) on L2 blockchains; custodians verify raw data availability independently.
Threat: If signing RNG is weak, attacker recovers private key from two signatures with same nonce. Mitigation: Hash-DRBG with TEE randomness + log_hash binding ensures unique nonce per message.
Threat: Attacker injects prompt into data โ contaminates Lantern UI โ human approves malicious action with false confidence. Mitigation: Require cryptographically signed human authorization (not just UI click); audit trail proves who authorized what.
๐ Learn More: Security Audit & Adversarial Analysis | Risks & Prevention | Red Team Attack Surface
- Developer Quickstart - 15-minute setup guide
- Implementation Guide - Step-by-step deployment
- Installation Instructions - Environment setup
- Python SDK - Core library
- C++ SDK - High-performance binding
- Go SDK - Server integration
- Java SDK - Enterprise deployment
- Complete API Reference - All endpoints
- OpenAPI Specification - Machine-readable specs
- Simple Integration Hooks - Minimal working examples
- CLI Demo - Command-line walkthrough
- Demo Script - End-to-end scenario
- NVIDIA NeMo Prototype - Production-ready guardrails
- Smart Contracts - Ethereum/L2 deployment
| Scenario | Standard LLM | TML +1 (Fast Lane) | TML 0 (Pause) |
|---|---|---|---|
| Routine query | 200ms | 250ms (+25%) | N/A |
| Ambiguous query | 200ms | 200ms (early detection) | 200ms-30s (depends on review) |
| Harmful prompt | 200ms (generates harm) | 50ms (early refusal) | N/A |
Key Insight: TML is often faster for harmful queries (detects & blocks before generation).
Operational Costs (per 1B queries/day):
- Standard LLM: $0/governance
- TML: $200k/day (Blockchain anchoring + Key Management + Storage tiering)
Cost Recovery:
- AI Liability Insurance premiums: -30% (TML reduces risk)
- Regulatory fines avoided: +$5M-50M (per violation in EU AI Act)
- Litigation defense: -60% (cryptographic logs eliminate discovery burden)
Break-even: TML cost justified for systems in regulated industries (Healthcare, Finance, Defense, Public Sector).
๐ Learn More: Performance README | Latency Metrics | Throughput Benchmarks | Scalability Tests
To ensure TML's perpetual governance and prevent "orphaned constitutions," the Goukassian Foundation serves as institutional guardian:
Structure: 501(c)(3) nonprofit (Delaware incorporated)
Governance Triads:
- Board of Trustees (9 members): Finance, legal, strategic direction
- Technical Standards Committee: TML specification maintenance
- Compliance Oversight Panel: Certification audits, enforcement
Enforcement Powers:
- Trademark protection (TML, Lantern ๐ฎ)
- Certification/decertification authority
- Patent non-assertion covenant (GPL for core logic)
- Public incident database (transparency)
Financial Model:
- Certification fees: $500-$50k/year (sliding scale)
- Corporate sponsorships: $1.5M/year
- Government grants: $3M/year
- Target endowment: $50M (ensures perpetual operation)
Key Documents:
- Articles of Incorporation - Legal charter
- Governance Model - Organizational structure
- Stewardship Council - Community oversight
- Succession Plan - Long-term continuity
- Voluntary Succession - Leadership transitions
- Memorial Fund - Victim compensation & legacy
๐ Learn More: Foundation Incorporation | Governance Documentation | Stewardship Council Rules
Binding International Instruments Embedded in Code:
- Universal Declaration of Human Rights (UDHR) - Foundational dignity protections
- International Covenant on Civil & Political Rights (ICCPR) - Political freedoms mapping
- International Covenant on Economic, Social & Cultural Rights (ICESCR) - Subsistence rights
- Convention on the Rights of the Child (CRC) - Child safety protocols
- Convention on the Rights of Persons with Disabilities (CRPD) - Accessibility mandates
- Geneva Conventions & International Humanitarian Law - Conflict zone protections
- Refugee Convention & Protocol - Displaced person safeguards
- Categorized Rights - Autonomy, consent, discrimination prevention, vulnerable populations
- Carbon Accounting & Ecological Impact - Environmental metrics
- Treaty Alignment - Paris Agreement, biodiversity conventions
- Community Engagement - Stakeholder participation
- Economy & Restoration - Resource allocation
- Prohibited Activities - Absolute ecological red lines
๐ Learn More: Mandates Directory | Human Rights Protocols | Earth Protocols
- Compliance Checklist - Implementation verification
- Conformance Testing Suite - Automated validation
- Reproducibility Checklist - Audit readiness
- Victim Support Protocol - Harm remediation
- Victim Protection - Confidentiality safeguards
- Victim Reporting - Formal channels
- Whistleblower Protection - Protection frameworks
- Whistleblower Reporting - Anonymous channels
- Legal Summary - Jurisprudential overview
- Evidence Chain Guide - Discovery procedures
- Court Order Template - Litigation support
- Sanctions & Penalties - Enforcement mechanisms
- Confidential Disclosure Policy - Secret protection
๐ Learn More: Compliance Directory | Legal Provisions | Governance Protocols
- Code of Conduct - Community standards
- Contributing Guide - Development workflow
- Community Governance - Decision-making process
- Community Readme - Overview
- Attribution Guide - Credit standards
- Citation Format - Academic citations
- Intellectual Property - Rights & licensing
- License - CC BY-SA 4.0 + GPL-3.0
- Sacred Zero Workshop - Core concept deep-dive
- Always Memory Tutorial - Logging architecture
- TML Overview Slides - Visual introduction
- FAQ - Technical - Common questions
- FAQ - General - Non-technical overview
- Case Studies - Real-world applications
- Core Principles - Philosophical foundations
- Philosophical Foundations - Academic grounding
- TML in Robotics - Autonomous systems
- Sacred Zero UI Framework - User interface design
- The Irreducible Three - Triadic logic theory
- Complete References - Bibliography
- Academic Validation - Peer review status
- DOI Application - Scholarly identifier
๐ Learn More: Training Directory | Theory Directory | Docs Directory
- My Algorithmic Will (Markdown) - Personal statement
- My Algorithmic Will (HTML) - Formatted version
- Succession Declaration - Authority transition
- Succession Charter - Governance continuation
- Succession Launch Guide - Implementation roadmap
- Voluntary Succession - Leadership continuity
- The Goukassian Method - Ethical practice
- Victim compensation mechanism
- Long-term financial security
- Distribution protocols
- Q1 2025: Foundation incorporation + trademark registration
- Q2 2025: TML v2.0 specification release + conformance test suite
- Q3 2025: Beta certification program (10 pilot companies)
- Q4 2025: Gold certification awards for reference implementations
- 2026+: International expansion (EU AISBL, UK CIO, Switzerland Verein)
๐ Learn More: Roadmap & Missing Pieces | Strategic Influence Pathways
- Claude Framework Validation - Anthropic recognition
- Kimi Production Deployment - Zhipu AI adoption
- Pi Behavioral Evolution - Inflection AI framework
- Technical Implementation - Architecture details
- Healthcare: Medical Triage - Mass casualty scenarios
- Autonomous Vehicles: Perception Ambiguity - Tempe crash prevention
- Finance: Existential Risk - Flash crash mitigation
- Defense: Meaningful Human Control - Lethal autonomous systems
๐ Learn More: Evidence Directory | Case Studies | TML in Robotics
- Deployment Guide - Production setup
- Penalty Framework - Enforcement mechanisms
- Docker Configuration - Container deployment
- Dashboard (Standalone) - Monitoring interface
- System State Machine - FSM specification
- Shutdown Triggers - Emergency protocols
- Unfreeze Token Schema - Recovery mechanics
- Sidecar & Supervisory Mode - Deployment patterns
- TML Gateway - Request routing
- Adapter Reference Implementations - Integration patterns
The No_Log-No_Action folder enshrines TML's foundational axiom at the architectural level. If the logging subsystem cannot produce a verified, cryptographically-sealed record before an action executes, that action is architecturally prevented. There is no bypass, no override, no emergency exception.
The TML Core Doctrine Enforcement Specification codifies exactly how the dual-lane interlock must behave when logging fails or is delayed beyond its latency budget. The companion Cryptographic Hardware Enforcement Specification extends this guarantee into silicon: trusted execution environments (TEEs) and TPM-backed monotonic counters ensure the logging requirement cannot be circumvented even by a privileged operator with direct hardware access.
An unlogged action creates irrebuttable presumption of maximum fault under 18 U.S.C. ยง 1519 (spoliation doctrine) and EU AI Act Article 12. The Lantern ๐ฎ is automatically extinguished and license revocation initiated if the log-to-action ratio falls below 1:1 even momentarily.
๐ Learn More: No_Log-No_Action Folder | Core Doctrine Spec | Interactive HTML | Audio
The No_Spy-No_Weapon folder operationalizes the two absolute prohibitions at the heart of the Goukassian Promise. These are hard-coded constitutional constraints: TML-governed systems may never be deployed for mass surveillance, and may never be used as targeting or decision infrastructure in lethal autonomous weapons.
The Doctrinal Research Manual for Dual Non-Negotiable Mandates traces the legal, philosophical, and technical foundations of each prohibition. The Scalability of Ternary Moral Logic Under the No Spy No Weapon Mandate demonstrates these restrictions scale to enterprise deployments through the Semantic Proximity Trigger system โ real-time, high-dimensional embedding detection of surveillance and weapons-context patterns.
The TML_State_Machine.sol smart contract encodes automatic, irreversible, publicly-broadcast license revocation on detection of a No Spy or No Weapon violation. Universality Under Dual Non-Negotiable Mandates demonstrates the mandates scale across jurisdictions, AI modalities, and deployment sizes.
Key files: Immutable_Trace_Logger.py | Semantic_Proximity_Trigger.py | NoS_NoW_Corpus.json | Technical Blueprint for Immutability
๐ Learn More: No_Spy-No_Weapon Folder | Doctrinal Manual | Interactive HTML | Audio
The AGI Hardware Governance folder addresses an emerging frontier: as AI systems approach AGI-level capability, software-only governance frameworks become insufficient. Physical hardware must itself encode constitutional constraints.
The TML Constitutional Substrate Resilience documents articulate how TML governance can be embedded into the substrate of AI hardware, making it cryptographically resilient even against nation-state adversaries with physical access to datacenter infrastructure. The TML Triadic Coprocessor Architecture proposes a dedicated governance coprocessor running in parallel with the main inference engine, holding veto power over every token emitted.
The TML DITL Engineering Mapping (Day-in-the-Life) shows how a constitutional governance layer integrates with real production AI engineering workflows. The Silicon Conscience Prologue provides the philosophical framing: hardware-level conscience is not science fiction but an urgent engineering requirement.
Key files: TML_Enforcer.sol | TML_Physical_Governance_Imperative | Forensic_Integrity_Certificate_v1 | calculate_root.py
๐ Learn More: AGI Hardware Governance Folder | Triadic Coprocessor | Interactive HTML | Audio
The Adversarial_Survivability folder asks the hardest question: can TML survive a determined adversary โ a hostile government, a well-resourced corporation, or a geopolitical supply chain attack? The framework must answer yes, or it is merely aspirational.
Constitutional Survivability Under Adversarial Pressure models scenarios ranging from judicial injunctions demanding log deletion, to cryptocurrency exchange failures severing blockchain anchoring, to physical seizure of custodian infrastructure. In each scenario, TML's distributed Hybrid Shield architecture maintains moral record integrity through redundancy, cryptographic resilience, and institutional diversity.
Constitutional Viability Amidst Geopolitical and Supply Chain Threats extends this analysis to macro-level threats: export control regimes targeting cryptographic hardware, state-sponsored attacks on open-source infrastructure, and internet fragmentation. The Stewardship Statement documents commitments from each of TML's six institutional custodians to maintain operations under these scenarios.
The TML Survivability Under Adversarial Pressure series provides both policy-level (P) and technical-level (T) analyses, each in markdown, interactive HTML, and audio formats.
๐ Learn More: Adversarial_Survivability Folder | Constitutional Survivability | Policy Analysis (Interactive) | Technical Analysis (Interactive) | Audio
The Anthropic_Flash_Audit folder documents TML's forensic response to a reported Anthropic platform outage โ not as criticism, but as a case study in what accountable AI governance infrastructure must be able to answer when critical AI services fail.
The Anthropic Outage Rigorous Technical Analysis applies TML's Moral Trace Log framework retroactively: what would the log record have looked like had TML been deployed? What Sacred Zero events would have fired? What human oversight triggers would have activated? This demonstrates that TML-governed systems would have produced an auditable forensic trail where none existed.
Architecting Trust: TML Framework for Mitigating Ambiguity in High-Stakes Platform Incidents generalizes this finding: any high-stakes AI platform incident creates an accountability vacuum that TML's mandatory logging architecture is designed to fill. Authentication Failure Analysis Under Politically Sensitive Load Surge Conditions examines whether load-driven failures during politically sensitive periods require special governance treatment โ and concludes they do, mandating a dedicated Sacred Zero trigger class for politically-sensitive-load events.
The Medium Article presented this analysis publicly, connecting the Silicon Shield governance concept to TML's broader mission of protecting AI infrastructure from both government weaponization and corporate opacity.
๐ Learn More: Anthropic_Flash_Audit Folder | Technical Analysis | Interactive HTML | Audio | Medium Article
Ternary Moral Logic operationalizes the principle that conscience cannot be optimizedโit must be enforced. By embedding the Sacred Zero into the architecture, requiring immutable Moral Trace Logs, and binding the system through the Goukassian Promise, TML transforms AI from a probabilistic oracle into a constitutional agent.
The framework is not a restriction on innovation; it is the precondition for trustworthy innovation at scale. In an era where AI systems control critical infrastructure, determine access to healthcare and finance, and increasingly shape warfare, the question is not whether we can afford constitutional AI governance. It is whether we can afford not to.
- Repository Structure - Visual site map
- Index - Main documentation hub
- Sitemap - Search engine index
- Main README - Overview
- License - Legal terms
- Attribution - Credit guidelines
- Changelog - Version history
- GitHub Issues: FractonicMind/TernaryMoralLogic
- Goukassian Foundation: www.goukassian-foundation.org (TBD)
- Whistleblower Hotline: Confidential Reporting
- Victim Support: Support Protocol
Document Version: 2.0
Last Updated: December 2025
Status: Final Monograph
Author: Lev Goukassian (ORCID: 0009-0006-5966-1243)
Licensed: CC BY-SA 4.0 + GPL-3.0 (code implementations)
- AGI Acknowledgments - Research community
- Ethics Approval - IRB documentation
- Compliance Disclaimer - Legal notices
- Anchor Log - Blockchain references
- Notarized Manifest - Cryptographic proof
- Goukassian Covenant - Signed document
- Oracle Bridge Specification - Data integration
- Oracle Security Model - Trust assumptions
- Eco Oracle Network - Environmental feeds
All links are internal to the TML repository. Clone or fork to get started:
git clone https://github.com/FractonicMind/TernaryMoralLogic.git
cd TernaryMoralLogicThe Sacred Zero awaits.