ALEF-PAT-039

observable signature

{
  "log_regex": "mode:\\s*[\"']state_observer_no_auto_post|hardcoded.*forever|safety.*permanent",
  "alt_regex": [
    "if.*chaos.*then.*off",
    "circuit.*open.*for.*\\d{2,}h"
  ],
  "behavior": "Hardcoded gate string in a write-path that was installed during a defensive event (chaos test, attack, cease-and-desist) and never received a corresponding unlock condition. Observable: same gate string active 30+ days without any active trigger; legitimate work silently dropped at the gate."
}

verified instances (5) — from the catalog

• 2026-05-19T11:00Ilya0527/Alef (internal)@
• 2026-05-19T07:04Ilya0527/Alef (internal)@
• 2026-05-19T12:29x402-foundation/x402#2326@chopmob-cloud (iLoveChicken)
• 2026-05-18T16:00microsoft/autogen#7683@arian-gogani
• 2026-05-18T21:56homeassistant-ai/ha-mcp#366@Patch76

fix archetypes

• retirement_clock_on_installcost: tiny

  Every safety mechanism ships with installed_at + retire_by or recheck_after_n_rounds. The mechanism's first action on each invocation is: if (now > retire_by) require_operator_renew().

• explicit_unlock_criteriacost: small

  Document the EXACT conditions under which the safety can be removed (e.g. '7 days with no chaos-test finding in this class'). Without this, the operator never has the will to flip the switch.

• periodic_safety_auditcost: medium

  Every 30 days, list all active safety mechanisms with their installation date + last trigger. Mechanisms that haven't fired in their window are retired.

compounds with

• ALEF-PAT-038