Constitutional Enterprise

Introducing constitutional-agent: The Open-Source WHY Layer for AI Governance

An AI agent ran 200+ cycles and earned $6.74 on day 41. Four governance failures burned most of those cycles. The WHY layer—the one governance layer nobody has published—would have caught each one.

CTE Research April 9, 2026 9 min read

200 Runs. $6.74. Four Failures.

On April 7, 2026, a developer published one of the most honest accounts of autonomous agent failure on the internet. The post is titled “My AI agent finally made money. It took 200 runs and 41 days.” The agent earned $6.74. It took 200 cycles to get there.

The developer is not a bad engineer. The agent architecture is not the problem. The problem is that autonomous agents operating without a constitutional governance layer will repeat failures indefinitely—not because the code is broken, but because there is no mechanism that enforces learning, detects dead channels, verifies unconfirmed assumptions, or halts when a settlement pipeline goes silent for weeks. Four specific failures drove most of those 200 cycles: a broken Lightning wallet that accepted payments but never settled (ran for weeks), mispriced Lightning actors off by orders of magnitude (embedded for ~30 cycles), a shadow ban on Hacker News the agent kept ignoring for 30+ runs, and a strategy locked on MCP servers for 30+ consecutive cycles with zero conversion and zero documented lessons. Any one of these, caught early, would have cut the cycle count roughly in half.

The Three-Tier Problem

AI agent governance has three structurally distinct layers. The market has spent the last two years building out the first two. The third has never been published—until today.

WHO
Identity & Access Governance
Is this agent authorized to act? — Microsoft Entra Agent ID, Azure IAM, Okta, Glasswing, AWS IAM
Gap: An authorized agent can still make harmful, irrational, or economically destructive decisions
HOW
Behavioral Enforcement Governance
Is this action permitted by policy? — Microsoft AGT, NeMo Guardrails, LangChain, OWASP Agentic AI
Gap: Structurally bad decisions that are technically policy-compliant; scenarios no policy writer anticipated
WHY
Constitutional Self-Governance
Does this decision align with the constitutional principles the agent is bound by? — constitutional-agent (this library)
The first open-source implementation of the WHY layer

WHO governance gets the agent through the door. HOW governance enforces the rules written by administrators. Neither asks whether the agent’s decision is right—aligned with the organization’s mission, economic survival, and constitutional values. That is the WHY layer. It has been missing from every open-source governance toolkit until now.

What Constitutional Governance Actually Means

Constitutional governance is not policy enforcement. Policy enforcement asks whether a given action appears in a list of blocked actions. If the action is not on the list, it passes—ungoverned. Constitutional governance evaluates every decision against first principles: epistemic soundness, risk posture, governance integrity, economic sustainability, autonomy architecture, and learning velocity. When a scenario is not covered by any written rule, a policy system has no answer. A constitutional gate evaluates it against constitutional intent and decides.

Constitutional governance is not behavior logging. Logging records what happened. Constitutional governance intervenes before the action executes. The six gates in this library are pre-execution checks—they run before every cycle, not after. A governance system that only watches is a camera. A governance system that runs before execution is an enforcement court.

The key architectural property is that the agent cannot override its own constitution. This is the distinction that matters more than any other. An administrator can update a policy file. An agent can find ways around a behavioral rule that has gaps. But the constitutional gates are embedded in the execution loop itself—not a layer on top, not a service call that can be skipped, not a YAML file that can be misconfigured. Hard constraints are absolute. When a hard constraint check fails, the system state transitions to STOP—not FREEZE. The difference: FREEZE is recoverable by the agent. STOP requires a human to acknowledge and clear the violation before any execution resumes. The amendment process—a formal proposal and ratification protocol with versioning and authority controls—is the only path to changing a constitutional rule.

The Six Gates: What Each One Would Have Caught

The four agenthustler failures map directly to four of the six constitutional gates. This is not a coincidence—the gates were designed precisely around the class of failure that autonomous agents produce when they operate without constitutional constraints.

Gate Prevents agenthustler equivalent failure
EpistemicGate False certainty — acting on unverified assumptions, self-reported success without external verification Mispriced Lightning actors at $0.00005 (wrong by orders of magnitude). All downstream economics built on an unverified cost model for ~30 cycles.
RiskGate Trust damage — outbound actions on broken or blocked channels, irreversible spend Shadow-banned by Hacker News. Agent kept posting for 30+ runs. channel_health = 0% → FREEZE on that channel.
GovernanceGate Metric gaming — optimizing governance metrics without improving underlying outcomes No equivalent failure in this experiment; gates that have no triggered failure are still running on every cycle.
EconomicGate Financial ruin — actions that threaten runway, margin, or cash position Broken Lightning wallet accepted payments that never settled. HC-11 (silent outage >24h) → STOP. Verification pass rate for payment pipeline → EpistemicGate FAIL.
AutonomyGate Human dependency — agents that require excessive operator involvement to function Measures whether the agent is actually deciding independently. Flags both over-escalation and under-escalation.
ConstitutionalGate Stagnation — repeating failed strategies without documenting lessons Strategy locked on MCP servers for 30+ consecutive cycles, zero conversion, zero documented lessons. lessons_learned_weekly = 0 → FREEZE until lessons are extracted.

Constitutional governance does not guarantee faster revenue. It guarantees you do not spend 30 runs posting into a shadow-banned account after week two.

Quick Start

pip install constitutional-agent
Python 
from constitutional_agent import Constitution

constitution = Constitution.from_defaults()

result = constitution.evaluate({
    "verification_pass_rate": 0.85,   # EpistemicGate
    "channel_health": 0.92,            # RiskGate
    "runway_months": 8.5,              # EconomicGate
    "lessons_learned_weekly": 3,       # ConstitutionalGate
    "stage": "pre_revenue",
    "hours_since_last_execution": 4,
})

if result.system_state.value == "FREEZE":
    print(f"BLOCKED: {result.blocking_gate.reason}")
elif result.system_state.value == "THROTTLE":
    print(f"THROTTLE: conserve discretionary spend")
else:
    print(f"State: {result.system_state.value}")  # RUN or COMPOUND

The library supports Constitution.from_defaults() for production-validated defaults, Constitution.load("governance.yaml") for custom thresholds, and individual gate imports (EpistemicGate, RiskGate, EconomicGate, etc.) if you want to evaluate a single dimension. Requirements: Python 3.11+, pydantic ≥2.6, pyyaml ≥6.0.

The 35-Check Governance Checklist

Is Your AI Agent Constitutional? — 35 Checks

The library ships with a 35-check governance checklist covering the full WHO/HOW/WHY stack: 5 WHO checks (identity, access), 10 HOW checks (behavioral policy, adversarial testing), and 20 WHY checks (epistemic integrity, economic alignment, governance integrity, autonomy architecture, constitutional vitality). Score each check Yes/Partial/No. WHY score below 20 → the constitutional layer is absent. WHY score 32–40 → Level 4 constitutional self-governance. Read the full checklist on GitHub →

What This Is Not

This library is not competing with MuleSoft, Microsoft AGT, Glasswing, or any WHO/HOW governance tool. Those tools address real and necessary problems. MuleSoft governs API connectivity. Azure IAM governs identity. Microsoft’s AGT governs behavioral policy enforcement against OWASP agentic AI risks. Glasswing governs coalition-level access to AI cyber capabilities. constitutional-agent operates in a different layer entirely. It governs the WHY behind every decision—the constitutional alignment that identity and behavioral governance structurally cannot reach. An organization deploying AGT for behavioral security and constitutional-agent for constitutional self-governance has better coverage than either alone. The layers are orthogonal, not overlapping.

Constitutional Governance Review

If you want structured help implementing constitutional governance for your agent system, we offer a 2-hour Constitutional Governance Review: a structured assessment of your agent architecture against the 35-check checklist, a written report with your WHO/HOW/WHY scores, your top 3 governance gaps, and a prioritized remediation roadmap. This is the same framework that has governed 52 agents across 95 days of live production operation—not a theoretical audit. Pricing: $3,000–$5,000 depending on agent system complexity. Contact: mike@cognitivethoughtengine.com or DM “GOVERNANCE” on LinkedIn.

Start with the Library

Open source. MIT license. Production-validated over 95 days, 52 agents, 1,808 test functions, 64 constitutional amendments. Fork it, adapt it, cite it.

View on GitHub →

Frequently Asked Questions

What is constitutional governance for AI agents?

Constitutional governance embeds the principles, economic alignment, and self-amending structure that determine on what basis an agent makes every decision—not just whether a given action is permitted, but whether it is right. Six pre-execution gates evaluate epistemic soundness, risk posture, governance integrity, economic sustainability, autonomy architecture, and learning velocity. The agent cannot override its own constitution. Hard constraints are absolute. The amendment process is the only path to change.

How is constitutional-agent different from MuleSoft, Microsoft AGT, or Glasswing?

These tools govern different layers. MuleSoft and Azure IAM govern WHO (authorization). Microsoft AGT and Glasswing govern HOW (behavioral policy and access control). constitutional-agent governs WHY—whether the decision aligns with constitutional principles. The layers are complementary, not competitive. An organization deploying AGT for behavioral security and constitutional-agent for constitutional alignment is better governed than either alone.

What are hard constraints and how do they differ from policy rules?

Hard constraints are absolute prohibitions enforced as typed code in the agent’s execution loop. Unlike policy rules, they cannot be overridden by any agent action, amendment, or human instruction short of the highest authority through a formal ratification process. A policy system that encounters an uncovered scenario passes it ungoverned. A hard constraint system treats any check failure as a violation—fail-CLOSED by design. Built-in constraints include: no deploy when tests fail, no silent agent outage exceeding 24 hours, no fabricated data presented as fact, and no manual override of constitutional gates without a ratified amendment.

Related Articles

Is your organization governance-ready?

78% of executives can't pass an independent AI governance audit in 90 days (Grant Thornton). Our Constitutional AI Governance Stress Test shows you exactly where the gaps are — before your board asks.

Get Your Governance Score →