A Governance Architecture for LLM-Assisted Research Programs
Components, relationships, and current build status of a proposed closed-loop research governance system
This note describes a governance architecture in active development — not a finished system, but a coherent design whose components, relationships, and current construction state are mapped below.
The essays in this series argue that LLM-assisted research needs governance infrastructure: a frozen identity anchor, an adversarial audit layer, a persistent defect register, bounded patch generation, and a convergence mechanism that judges progress from defect movement rather than prose quality. This note maps those components as a system — describing what each one does, how they connect, and where the architecture currently stands between concept and implementation.
The purpose is not to claim a complete solution. It is to show the design clearly enough that its logic, its gaps, and its current state of construction are all visible at once.
The Nine Components
The architecture breaks into nine functional blocks. The first three establish identity and authority — they are set before any audit begins and are not themselves subject to audit pressure. The remaining six form the operational cycle that runs repeatedly across revision passes.
-
Core Intent MemoThe frozen identity anchor. Defines what the project is fundamentally about, what narrowing is acceptable, and what would count as drift. Not a draft artifact. Cannot be modified through the audit cycle. Everything else is subordinate to it.
-
Authority MapThe artifact-role map. Distinguishes the frozen identity anchor from current governing artifacts, historical calibration artifacts, and lineage records. Prevents authority leakage — the failure mode in which a historical draft or prior audit conclusion silently becomes governing truth.
-
Research BundleThe current governed object: the canonical proposal plus the canonical pre-registration. This is the thing being evaluated, revised, and ultimately judged as commitment-ready or not. Exactly one canonical version exists at any point in time.
-
Historical Calibration SetEarlier drafts, prior audits, pre-/post-audit snapshots. Not current governing truth. Exists to show lineage, prior defect patterns, and revision movement — used to calibrate the audit instrument and assess revision sensitivity, not to govern the present bundle.
-
Audit InstrumentThe adversarial diagnostic layer. A phased, gated protocol that evaluates the current bundle for internal coherence, cross-artifact coherence, Core Intent preservation, defect structure, feasibility, and inferential discipline. Diagnostic only — it does not itself produce revisions or convergence judgments.
-
Defect RegisterThe structured memory of problems found by audit passes. Each defect is tracked as a persistent object with identity, severity, class, locus, status, and closure evidence. This is what allows the system to reason across cycles — without it, every audit pass starts from scratch and cannot detect circular revision.
-
Patch-Generation LayerThe bounded revision mechanism. Converts registered defects into corrective changes explicitly tied to those defect IDs. No unmapped modifications are permitted. This is intended to prevent the common failure mode in which "improving" a document introduces untracked changes that create new defects or mask existing ones.
-
Re-AuditThe post-revision check. Evaluates the revised bundle — unchanged from what was submitted — and determines whether defects were actually closed, merely restated, or replaced by new ones. A revision pass alone does not prove improvement. Re-audit is what closes that gap.
-
Convergence / Terminal-State LayerThe trajectory judge. Operates above the audit layer; it is not the same as audit. Looks across cycles and asks whether blocking defects are decreasing, drift is absent, and the bundle is approaching commitment-readiness — or whether the process is circling, drifting, or should be stopped. Outputs one of five governed decision states.
The System as a Whole
The architecture is a feedback control loop, not a linear pipeline. The audit produces a defect register. The defect register drives bounded patches. Patches produce a revised bundle. The revised bundle goes back to audit. The convergence layer watches this loop from above and decides whether the loop is converging or circling.
Figure 1 — System architecture. Foundation layer (top): set before any audit begins. Operational cycle (middle): runs repeatedly — solid arrows show the main flow. Convergence layer (bottom): judges trajectory across cycles. Dashed amber line = Core Intent anti-drift gate. Dashed blue line = defect movement feeding the convergence judgment.
Three relationships in this diagram carry most of the governance weight. The Core Intent Memo exerts continuous downward pressure — the anti-drift constraint — on the convergence layer, meaning no convergence judgment is valid if identity has been lost. The Defect Register is the central memory: it receives findings from audit, drives the patch layer, receives status updates from re-audit, and feeds the convergence judgment. The convergence layer never touches the bundle directly; it only reads the defect register across cycles.
The Audit Instrument in Practice
Of the nine components, the audit instrument is the most developed. The current implementation is a phased, gated protocol in which each phase must complete and stop before the next begins. This gating is not bureaucratic formality — it prevents the most common failure mode of LLM-assisted evaluation, which is that a context asked to diagnose and repair simultaneously will collapse the two into a single pass that does neither well.
The phases move in a specific sequence: reconstruction of what the bundle actually says → steelmanning the strongest case for it → adversarial challenge → falsification attempt and inference-license mapping → novelty, feasibility, and solo-researcher realism → severity-ranked defect log and bottom-line judgment → revision brief → optional red-team rewrite skeleton. The defect log produced in Phase 6 is the intended input to the Defect Register. The revision brief in Phase 7 is the intended input to the Patch-Generation Layer.
The non-negotiable rules built into the protocol reflect specific failure modes observed in earlier, less structured audit passes: a rule against collapsing phases because an eager context will skip reconstruction and go straight to criticism; a rule distinguishing fact from inference from assumption from speculation; a rule against treating a cleaner or narrower draft as automatically better if it has silently drifted from the Core Intent Memo.
Current Build Status
The architecture is partially implemented. Being honest about which components are operational, which are partially built, and which remain at the design stage is itself a governance discipline.
- Core Intent Memo — frozen identity anchor, versioned and locked
- Authority Map — artifact-role hierarchy, written and governing
- Governance problem statement — fully specified, locked
- Audit instrument — phased adversarial protocol, implemented and calibrated
- Research Bundle — canonical proposal and pre-registration designated
- Defect Register — schema defined, not yet formalized as an operating layer
- Audit design brief — substantial work exists, not yet formally closed
- Historical calibration set — artifacts exist, calibration memo not yet written
- Convergence layer — fully specified conceptually, not yet implemented
- Patch-generation layer — design brief not yet started
- Re-audit instrument — conceptually implied, not yet specified separately
- Operator runbook — implicit in protocols, not yet consolidated
- Full governance cycle — end-to-end locked cycle not yet executed
The most consequential gap is the Defect Register. Without a persistent, formally structured register, each audit cycle produces findings that are not reliably tracked to prior findings. Defects can be rephrased, redistributed, or silently dropped across revision cycles without the system detecting it — which is precisely the failure mode the register is designed to prevent. The audit instrument is strong. The memory layer it feeds is not yet operating.
What This Architecture Is Not
Two clarifications are worth making explicit, because the architecture can be misread in both directions.
This is not a claim that the governance problem is solved. The framework described here was derived from direct application on a live program, the audit instrument has been implemented and calibrated, and the conceptual architecture is coherent. But several critical components are unbuilt, no independent validation has been performed, and the convergence layer — which is the component that would justify calling this a complete governance system — exists only as a specification. What exists is a partially implemented architecture with a working diagnostic layer and an unfinished trajectory-judgment layer.
It is also not a claim that this approach is the only viable one. The adjacent literatures — weak supervision frameworks, registered reports, qualitative saturation theory, LLM auditing research — each address parts of the problem from different angles. The distinctive claim here is narrower: that the combination of frozen identity anchor, authority-mapped artifacts, persistent defect register, and cross-cycle convergence judgment constitutes a coherent approach to the governance problem that does not appear to exist as a packaged framework elsewhere. Whether that claim survives independent scrutiny remains open.