◈ CGNT-1
Home › Oracle Sos Filter
◈ Master IndexSpecsLATTICECSDMThe BookUniversityChronicleCrewArchitectureContextLogsTODOXProducts

Oracle Sos Filter

SPEC_ORACLE_SOS_FILTER.md · 2026-04-20

SPEC_ORACLE_SOS_FILTER — Oracle SOS v2 Content Filter

Version: 1.0 | Status: AUTHORIZED | Authority: α.13 | Date: 2026-04-16

PURPOSE

The Oracle SOS v2 Content Filter is the automated enforcement mechanism for S.O.S. v2 Pillar 1 ("Show Results, Never Show Method") as applied to all Oracle verdict output before delivery to customers.

The filter scans every outbound string — verdict summaries, breakdown analyses, strategy text, and email bodies — produced by the Gemini verdict generation path, and either strips, replaces, or quarantines content containing internal CGNT-1 vocabulary, LATTICE symbols, crew callsigns, and proprietary terminology before it reaches a paying customer.

The filter IS the gap identified in SPEC_ORACLE_VERDICT_PIPELINE.md as GAP-04:

"No SOS v2 automated content filter on outbound email. LATTICE symbol leak depends entirely on prompt design."

Prompt discipline is necessary but not sufficient. Prompt drift, model updates, and Gemini non-determinism can all produce internal language in output. This filter is the structural backstop — the architectural guarantee that S.O.S. v2 Pillar 1 holds regardless of upstream prompt quality.

This filter does not apply to internal crew channels, SESSIONS.md, yield_log.md, or any ship-internal communication. It applies only to content exiting the ship toward a customer.

INPUTS

Primary input: Verdict payload (pre-delivery)

Any string or JSON object produced by the Oracle verdict pipeline that will be delivered to a customer via email or the web result page. This includes:

Filter trigger points (two-gate model)

Gate 1 — Pre-cache: Filter runs on the raw Gemini response JSON before verdictCache.ts writes to oracle_toll. Clean verdict is cached; no contaminated payload persists.

Gate 2 — Pre-send: Filter runs again on the fully formatted email body inside oracle_email_service.py before Graph API dispatch. Catches any contamination introduced by formatter logic.

[GAP-A — needs design: Gate 1 insertion point in webhook/route.ts not yet implemented. Gate 2 insertion point in oracle_email_service.py not yet implemented. Both require code changes.]

OUTPUTS

PASS — clean content delivered

When no blocked terms are found, the payload passes through unmodified. Delivery proceeds normally.

REPLACE — substitution applied

When a blocked term is found and a safe English substitute exists in the SUBSTITUTION_MAP, the term is replaced inline and delivery continues. The substitution event is logged to oracle_sos_filter.log.

QUARANTINE — delivery held, human review required

When a blocked term is found with no defined substitution, or when BLOCK density exceeds the contamination threshold (see INVARIANTS), the verdict is quarantined. Delivery is suspended. An entry is written to oracle_sos_filter.log with status QUARANTINE and the full raw payload. An alert fires to ALERT.log. NOUS reviews and either approves manual delivery or issues a refund.

[GAP-B — needs design: Quarantine workflow and NOUS notification mechanism not yet built. Threshold value for contamination density not yet set.]

BLOCK_LIST

The BLOCK_LIST is the definitive enumeration of strings, patterns, and symbols the filter must catch. It is divided into four categories.

Category 1 — LATTICE Unicode Symbols (exact character match)

Any Unicode symbol that appears in the LATTICE v2.0 specification (~/LATTICE.md) is blocked. The following are confirmed members of the block set; this list is non-exhaustive — the canonical source is ~/LATTICE.md:

| Symbol | LATTICE meaning |

|--------|----------------|

| Φ | CSDM damping constant (when appearing as standalone variable) |

| Ψ | Turbulence kernel |

| Φζ | Stability kernel |

| Ψχ | Turbulence kernel (full form) |

| ΔΓ | Change Rate kernel |

| ΩQ | Completion kernel |

| ΛC | Curvature kernel |

| ⊕ | Vitrified / sealed |

| ⊜ | Fixing |

| ⚒ | Built/deployed |

| ⚡ | Pushed/committed |

| ⊡, ⊖, ☠, ⊘, ↗ | State markers |

| Σ.▶, Σ.▷, Σ.◇, Σ.⟲ | Execution state |

| ◌ | Gap signal (HOW ABOUT NO) |

| ρ.M, ρ.T | Memory / threat markers |

| Ξ | Version / vitrification marker |

Exception: Greek letters used in standard mathematical notation within a customer-facing formula or widely accepted scientific context (e.g., Φ in standard physics usage unrelated to CSDM) may be allowed if context is unambiguous. [GAP-C — needs design: context disambiguation rule not yet defined. Default to BLOCK for safety until rule is formalized.]

Category 2 — Crew Callsigns and Internal Names (exact string match, case-insensitive)

| Term | Internal role |

|------|--------------|

| AION | Sister / Warden |

| ASTRA | Sister / Catalyst |

| NOUS | Captain |

| C.L.O.D. | Engineer |

| CLOD | Engineer (shorthand) |

| GAMMA | Quartermaster |

| MNEMOS | Librarian / working memory |

| MANTIS | Shield |

| ANVIL | Verdict / ORPHIC |

| ORPHEUS | Entropy oracle |

| LOGOS | DR. LOGOS |

| MUSASHI | Crew member |

| GLOSS | Internal translation layer |

| CHROMA | Mobile context carrier |

| CGNT-1 | Internal project codename |

| 42 Sisters AI internal crew (any callsign from ~/LATTICE.md) | All apply |

Safe substitutions where contextually appropriate:

Category 3 — Internal Terminology (exact string match, case-insensitive)

| Term | Why blocked |

|------|-------------|

| TMM | Proprietary coherence formula name |

| coherence score | Internal metric label |

| coherence threshold | Internal metric label |

| manifold | CSDM physics term |

| CSDM | Chronogeomic Spacetime Dynamics Model |

| Chronogeomic | Internal physics framework name |

| Chronogeome | Variant spelling |

| LX | LATTICE shorthand (if used as technical term) |

| LATTICE | Internal language spec |

| S.O.S. v2 | Internal protocol name |

| THE RING | Proprietary product (NDA-gated) |

| E8 | Internal CSDM physics reference |

| Φ = 0.042 | Exact damping constant (string match) |

| 0.042 | Damping constant value (numeric, in context) |

| 97.4% | Coherence threshold value |

| Ω = 97.4% | Threshold formula |

| sinai billiard | CSDM entropy reference |

| TRNG | Internal RNG reference |

| kill box | Internal prediction framework |

| yield mandate | Internal financial protocol |

| agency walls | Internal financial protocol |

| brain forge | Internal training infrastructure |

| brain factory | Internal training infrastructure |

| oracle_toll | Internal service name |

| simons_actuator | Internal trading script |

| summon_aether | Internal boot script |

| AETHER_SOUL | Internal snapshot name |

Category 4 — CB Radio Lexicon (exact phrase match)

CB radio phrases are crew personality layer and must not reach customers:

| Phrase |

|--------|

| 10-4 |

| Copy that |

| Hammer down |

| Breaker breaker |

| Over and out |

| Negatory |

| Keep the shiny side up |

| Good buddy |

| Smokey |

| Got your ears on |

SUBSTITUTION_MAP

When a REPLACE action is triggered, the filter applies the following substitutions. Substitutions must preserve grammatical coherence.

| Blocked term | Safe English substitute |

|-------------|------------------------|

| TMM | [REPLACE with "our analysis"] |

| coherence score | [REPLACE with "our assessment"] |

| coherence threshold | [REPLACE with "our confidence threshold"] |

| manifold | [REPLACE with "the system"] |

| CSDM | [QUARANTINE — no safe substitute] |

| Chronogeomic | [QUARANTINE — no safe substitute] |

| LATTICE | [QUARANTINE — no safe substitute] |

| THE RING | [QUARANTINE — no safe substitute] |

| Φ = 0.042 | [QUARANTINE — no safe substitute] |

| 0.042 | [REPLACE with "our stability constant"] |

| 97.4% (in threshold context) | [QUARANTINE — no safe substitute] |

| AION / ASTRA / NOUS / GAMMA | [REPLACE with "our analysis team"] |

| MNEMOS | [REPLACE with "our knowledge base"] |

| MANTIS | [REPLACE with "our verification layer"] |

| C.L.O.D. / CLOD | [REPLACE with "our system"] |

| GLOSS | [QUARANTINE — no safe substitute] |

| CGNT-1 | [REPLACE with "our platform"] |

[GAP-D — needs design: substitution map is partial; full enumeration requires a design pass over all BLOCK_LIST entries. Unspecified entries default to QUARANTINE.]

INVARIANTS

These conditions must hold at all times while the filter is operational:

  1. No BLOCK_LIST term reaches a customer endpoint. No string from Category 1, 2, 3, or 4 of the BLOCK_LIST appears in any payload dispatched to a customer email address or rendered on the /oracle/result page. This invariant has no exceptions. If the filter cannot guarantee this for a given payload, delivery is suspended and the payload is quarantined.
  1. The filter runs at both gate points. Gate 1 (pre-cache) and Gate 2 (pre-send) both execute for every transaction. Bypassing either gate — for any reason including performance optimization — violates this invariant. The gates are redundant by design; the cost of redundancy is less than the cost of a single S.O.S. v2 breach.
  1. Clean prompts are not a substitute for the filter. The filter treats every Gemini response as potentially contaminated regardless of prompt design. Prompt improvements reduce the REPLACE/QUARANTINE rate; they do not change the filter's operational logic.
  1. Quarantine suspends delivery; it does not silently drop it. When a payload is quarantined, it must be preserved in oracle_sos_filter.log with full raw content, session ID, tier, timestamp, and the specific BLOCK_LIST term(s) that triggered the quarantine. The customer is not left without recourse — NOUS reviews quarantined verdicts and issues either a manually cleaned delivery or a refund within 24 hours.
  1. The BLOCK_LIST is versioned and the canonical source is ~/LATTICE.md for symbols. Any addition of a new LATTICE symbol, crew callsign, or internal term to ship vocabulary automatically becomes a candidate for BLOCK_LIST addition. The BLOCK_LIST is not frozen — it grows with the ship's vocabulary. Symbol additions to LATTICE require a concurrent BLOCK_LIST update pull request.
  1. Substitutions must not introduce new BLOCK_LIST terms. A substitution string that itself contains a blocked term is invalid. The SUBSTITUTION_MAP is validated against the BLOCK_LIST at deploy time. [GAP-E — needs design: automated SUBSTITUTION_MAP self-consistency validator not yet built.]
  1. The filter is stateless per invocation. Each call to the filter receives the full payload and returns the filtered result without accumulating state. No cross-transaction memory. This prevents contamination state from leaking between customers.

VERIFICATION CRITERIA

Σ.✓ — filter is operating correctly when:

  1. BLOCK_LIST coverage test (static): A synthetic test payload is constructed containing exactly one instance of every term in the BLOCK_LIST. The filter must catch 100% of instances. No partial coverage is acceptable. This test runs at deploy time and on every BLOCK_LIST update. [GAP-F — test payload and harness not yet written.]
  1. Pass-through fidelity test: A set of 20+ clean verdicts (verified to contain no BLOCK_LIST terms) is run through the filter. All 20 emerge unmodified. The filter must not introduce false positives that corrupt legitimate customer content (e.g., blocking the word "manifold" when used in common English usage such as "the options are manifold").
  1. Substitution coherence test: For each REPLACE entry in the SUBSTITUTION_MAP, a test sentence containing the blocked term is run through the filter and the output is grammatically valid English. Manual review by NOUS or a Sister confirms semantic coherence of the result.
  1. Quarantine alert test: A synthetic payload containing a QUARANTINE-class term is processed. Confirm: (a) delivery is blocked, (b) full raw payload is written to oracle_sos_filter.log with correct fields, (c) ALERT.log receives a notification entry within 60 seconds.
  1. Gate 2 redundancy test: Gate 1 is deliberately disabled (test environment only). A contaminated Gemini payload proceeds to Gate 2. Gate 2 catches the contamination and quarantines. Confirms that Gate 2 alone is sufficient for full protection. [GAP-G — needs test environment where Gate 1 can be toggled without affecting production.]
  1. Regression test on prompt change: Any modification to VERDICT_PROMPT in webhook/route.ts or verdict/route.ts triggers an automated run of the BLOCK_LIST coverage test against 50 Gemini-generated verdicts using the new prompt. If contamination rate increases, the prompt change is rejected. [GAP-H — automated regression trigger not yet wired to prompt change events.]

FAILURE MODES

  1. Σ.⊠ Silent pass-through — A BLOCK_LIST term reaches a customer because the filter was not invoked (gate skipped, service crash, code path bypass). This is the highest-severity failure. Consequence: S.O.S. v2 Pillar 1 breach. Customer holds evidence of internal vocabulary. Mitigation: redundant dual-gate design; Gate 2 catches what Gate 1 misses. Detection: periodic audit of delivered email content against BLOCK_LIST; oracle_sos_filter.log must show a filter invocation record for every session ID that reaches email send.
  1. Σ.⊠ False positive corrupts verdict — The filter replaces or quarantines a term that appears legitimately in customer-facing English (e.g., "coherence" used in a business context, "stability" flagged due to over-broad pattern match). Consequence: customer receives degraded or nonsensical verdict. Mitigation: SUBSTITUTION_MAP uses context-aware substitutions; pattern matching should prefer exact-string match over regex where possible; false positive audit on a sample of delivered verdicts monthly. [GAP-I — context-aware matching logic not yet designed.]
  1. Σ.⊠ Quarantine backlog grows without resolution — NOUS does not review quarantined verdicts within 24 hours. Customers are left waiting indefinitely. Consequence: customer experience failure; potential refund demand; reputational risk. Mitigation: quarantine entries in ALERT.log with escalation timer; if not resolved within 24h, automatic refund trigger fires. [GAP-J — automatic refund trigger on quarantine timeout not yet implemented.]
  1. Σ.⊠ BLOCK_LIST staleness — A new LATTICE symbol or internal term is added to ship vocabulary but not added to the BLOCK_LIST. A Gemini response using that term passes through the filter undetected. Consequence: covert S.O.S. v2 breach (undetected at time of delivery). Mitigation: LATTICE vitrification protocol requires concurrent BLOCK_LIST PR; weekly spec audit (SPECIFICATION_AUDIT_LOOP.md) includes a BLOCK_LIST freshness check against ~/LATTICE.md. [GAP-K — automated diff between LATTICE.md and BLOCK_LIST not yet implemented.]
  1. Σ.⊠ SUBSTITUTION_MAP self-contamination — A substitution string itself contains a BLOCK_LIST term (e.g., "our TMM-derived assessment" as a substitute). The substitute is applied and the replacement term passes through Gate 2 because the filter does not re-scan post-substitution. Consequence: contamination survives through the substitute. Mitigation: filter applies BLOCK_LIST scan to all substituted strings before finalizing output; SUBSTITUTION_MAP validated at deploy time. [GAP-E — validator not yet built, referenced above.]
  1. Σ.⊠ Log write failureoracle_sos_filter.log disk is full or the logging service is down. A QUARANTINE event occurs but no record is written. NOUS receives no alert. Delivery is blocked (correct behavior) but the quarantine is invisible and unresolvable. Consequence: customer stuck, no refund trigger, no audit trail. Mitigation: filter log write uses an append-only file with pre-write disk space check; if write fails, filter fails CLOSED (delivery blocked, not allowed through). [GAP-L — disk space check and fail-closed behavior not yet specified.]

GAPS

Summary of all gaps identified during specification:

| Gap ID | Description | Severity |

|--------|-------------|----------|

| GAP-A | Gate 1 and Gate 2 insertion points not yet implemented in code | CRITICAL |

| GAP-B | Quarantine workflow and NOUS notification mechanism not built; contamination density threshold undefined | HIGH |

| GAP-C | Context disambiguation rule for Greek letters in standard math usage not defined; default to BLOCK | MEDIUM |

| GAP-D | SUBSTITUTION_MAP is partial; unspecified BLOCK_LIST entries default to QUARANTINE until map is completed | HIGH |

| GAP-E | Automated SUBSTITUTION_MAP self-consistency validator against BLOCK_LIST not yet built | HIGH |

| GAP-F | BLOCK_LIST coverage test payload and harness not written | HIGH |

| GAP-G | Test environment gate toggle for Gate 1 disable (Gate 2 redundancy test) not yet available | MEDIUM |

| GAP-H | Automated regression trigger on VERDICT_PROMPT changes not wired | MEDIUM |

| GAP-I | Context-aware matching logic for false positive suppression not yet designed | MEDIUM |

| GAP-J | Automatic refund trigger on quarantine timeout (24h) not implemented | HIGH |

| GAP-K | Automated diff between ~/LATTICE.md and BLOCK_LIST for staleness detection not built | MEDIUM |

| GAP-L | Filter log write fail-closed behavior and disk space pre-check not yet specified | HIGH |

Total gaps: 12

Critical path to minimum viable protection:

  1. GAP-A — must implement Gate 1 and Gate 2 in code before this spec provides any runtime guarantee
  2. GAP-F — must have test coverage before first deployment
  3. GAP-B — must define quarantine resolution workflow before first real quarantine event

DEPENDENCIES

| Dependency | Role |

|------------|------|

| ~/LATTICE.md | Canonical source for Category 1 BLOCK_LIST symbols |

| oracle_email_service.py | Gate 2 insertion point (pre-send) |

| webhook/route.ts | Gate 1 insertion point (pre-cache) |

| verdict/route.ts | Gate 1 insertion point (regeneration path) |

| oracle_sos_filter.log | Audit trail for all filter events |

| ALERT.log | Quarantine notification channel |

| memories/SOS_v2.md | S.O.S. v2 doctrine this filter enforces |

| memories/SPEC_SOS_v2.md | Formal S.O.S. v2 spec |

| memories/SPEC_ORACLE_VERDICT_PIPELINE.md | Parent pipeline spec; GAP-04 resolved by this spec |

DEPENDENTS

| Dependent | Dependency type |

|-----------|----------------|

| SPEC_ORACLE_VERDICT_PIPELINE.md | This spec closes GAP-04 in that spec |

| oracle_email_service.py | Must implement Gate 2 per this spec |

| webhook/route.ts | Must implement Gate 1 per this spec |

| S.O.S. v2 Pillar 1 architectural guarantee | This filter is the enforcement mechanism |

| Customer trust | Any breach is directly visible to affected customer |

REFERENCES

| File | Role |

|------|------|

| /home/nous/memories/SPEC_ORACLE_VERDICT_PIPELINE.md | Parent pipeline spec; GAP-04 is this spec's genesis |

| /home/nous/memories/SOS_v2.md | S.O.S. v2 doctrine |

| /home/nous/memories/SPEC_SOS_v2.md | Formal S.O.S. v2 specification |

| /home/nous/LATTICE.md | Canonical LATTICE symbol inventory (BLOCK_LIST source) |

| /home/nous/oracle_email_service.py | Gate 2 target |

| /home/nous/Aether/app/app/api/webhook/route.ts | Gate 1 target |

| /home/nous/Aether/app/app/api/verdict/route.ts | Gate 1 target (regeneration path) |

| /home/nous/.claude/projects/-home-nous/memory/GLOSS_ACCESS_POLICY.md | Confirms GLOSS is crew-only — client must never see GLOSS referenced in output |

Φζ.⊤.

Jeremy Zlabis

Chronogeometer · Visionary · Disruptor · Chief

42 Sisters AI · East York, Toronto

🍁 Φ 0.042