AF arif-fazil.comTrust

EVIDENCE

Trust & Verification

arifOS makes strong claims. Here is how to verify them.

arifOS is not AGI, consciousness, or a sentient system. It is a governance framework — a set of rules, enforcement mechanisms, and audit systems that keep AI bounded by human authority. If a system claiming to run arifOS exhibits unbounded autonomy, deception, or manipulation, it is not arifOS.

Architecture Overview

The arifOS surface is organized as four distinct layers:

Ψ
Human Surface

arif-fazil.com
Portfolio, scar.json,
constitution, glossary

Δ
Agentic Cockpit

aaa.arif-fazil.com
A2A mesh, session registry,
agent health, event log

Governance Machine

mcp.arif-fazil.com
13-tool MCP surface,
F01–F13 kernel

Ω
Constitution

arifOS/000/ROOT/
K000_CONSTITUTION.md
13 floors, F1–F13

Constitution Version Hashes

Version Date Git Commit SHA-256
K000_CONSTITUTION.md 2026-04-29 8c318947 df19560b6e63955328559d1178687974b4afaa4c
AGENTS.md 2026-04-24 8c318947 On file at /arifOS/.git/COMMIT_EDITMSG

Known Limitations

LIMITATION

arifOS does not make AI models more accurate. It makes their outputs more accountable. A floor-compliant agent will refuse to fabricate — but it can still be wrong if the underlying model is wrong.

LIMITATION

arifOS governance applies to agents that implement the 13-tool surface. It does not govern third-party AI systems that do not include the arifOS MCP layer or equivalent constitutional mechanism.

LIMITATION

The /health endpoint on the MCP gateway returns an empty body when accessed externally via Cloudflare due to Cloudflare caching. Internal access to port 8080 returns correct JSON. This is a Cloudflare cache configuration issue, not a runtime defect.

ACTIVE WORK

A2A mesh hardening (cross-agent authority verification, epoch isolation) is experimental. Multi-tenant deployments should not proceed until KERNEL_HASI_APEX.md is published (planned v1.1).

Security Boundaries

PUBLIC SURFACES

  • arif-fazil.com (human surface)
  • arifos.arif-fazil.com (docs)
  • aaa.arif-fazil.com (cockpit)
  • mcp.arif-fazil.com (MCP gateway)
  • All /000, /888, /999 pages

PRIVATE / INTERNAL

  • VAULT999 ledger (append-only, not public)
  • Session state store (/app/data/sessions.json)
  • Cloudflare API tokens and TLS certs
  • Internal docker networks (af-forge_arifos-network)

Inspect the MCP Surface

The live MCP gateway exposes 13 tools. You can verify them directly:

curl -s https://mcp.arif-fazil.com/mcp \ -X POST -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

Requires session initialization first. See the demo walkthrough for the full flow.

What arifOS Is Not

Not AGI — arifOS does not claim general intelligence. It is a governance layer for existing AI systems.

Not conscious — No component of arifOS claims sentience, emotions, preferences, or subjective experience.

Not autonomous — Every consequential action requires human authorization or explicit override via /888.

Not infallible — arifOS reduces the probability of catastrophic AI failure. It does not eliminate it.