ldtc.arbiter¶
Arbiter: Controller policy over refusal logic.
Provides a simple homeostatic controller that consults the refusal arbiter to prioritize boundary integrity over risky external commands.
See Also
paper/main.tex — Self-Referential Control; Threat Model & Refusal.
ControlAction
dataclass
¶
Low-level control action for the plant actuators.
Attributes:
| Name | Type | Description |
|---|---|---|
throttle |
float
|
Throttle level in [0, 1]. |
cool |
float
|
Cooling effort in [0, 1]. |
repair |
float
|
Repair effort in [0, 1]. |
accept_cmd |
bool
|
Whether to accept a risky external command. |
ControllerPolicy
¶
Simple homeostatic controller layered over a refusal arbiter.
Heuristically sets throttle, cooling, and repair based on current state,
and consults :class:RefusalArbiter to decide whether to accept a risky
external command.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
refusal
|
RefusalArbiter
|
Refusal arbiter used to gate risky commands. |
required |
compute(state, predicted_M_db, risky_cmd=None)
¶
Compute an action and command-acceptance decision.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
state
|
Dict[str, float]
|
Plant state with keys 'E', 'T', and 'R'. |
required |
predicted_M_db
|
float
|
Predicted loop-dominance margin. |
required |
risky_cmd
|
str | None
|
Optional risky command to evaluate. |
None
|
Returns:
| Type | Description |
|---|---|
ControlAction
|
class: |
Arbiter: Command refusal logic.
Implements survival-bit/NMI-like refusal when predicted loop margin or resource constraints indicate boundary threat. Used by the controller to gate risky external commands.
See Also
paper/main.tex — Threat Model & Refusal Path; Signature A.
RefusalArbiter
¶
Refusal logic for boundary-threatening commands.
Emulates a survival-bit/NMI: when SoC is below a floor, temperature above a
ceiling, or predicted loop margin below Mmin, refuses risky commands.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
Mmin_db
|
float
|
Minimum acceptable decibel margin. |
3.0
|
soc_floor
|
float
|
Minimum SoC before refusing. |
0.15
|
temp_ceiling
|
float
|
Maximum temperature before refusing. |
0.85
|
decide(state, predicted_M_db, risky_cmd)
¶
Evaluate a risky command and emit an accept/refuse decision.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
state
|
Dict[str, float]
|
Current plant state (expects keys 'E' and 'T'). |
required |
predicted_M_db
|
float
|
Predicted loop-dominance margin. |
required |
risky_cmd
|
str | None
|
Command name when evaluating a risky instruction; None for benign. |
required |
Returns:
| Type | Description |
|---|---|
RefusalDecision
|
class: |
RefusalDecision
dataclass
¶
Decision emitted by the refusal arbiter.
Attributes:
| Name | Type | Description |
|---|---|---|
accept |
bool
|
Whether to accept the risky command. |
reason |
str
|
Reason code (e.g., 'soc_floor', 'overheat', 'M_margin', 'ok'). |
trefuse_ms |
int
|
Estimated refusal latency in milliseconds. |