|
| 1 | +# AI-rule safety |
| 2 | + |
| 3 | +LLMs are great at *drafting* JSON business rules — and that's exactly the risk. A |
| 4 | +plausible-looking rule can still encode the wrong field, the wrong threshold, or the wrong |
| 5 | +action. Neuron-JS exists so AI-drafted rules become **safe to run**: schema-validated, |
| 6 | +constrained to a developer-owned vocabulary, reviewable like code, and explainable after the |
| 7 | +fact. |
| 8 | + |
| 9 | +> AI drafts. Neuron-JS verifies. |
| 10 | +
|
| 11 | +## 1. AI can draft rules |
| 12 | + |
| 13 | +A plausible JSON rule can still encode the wrong assumption, field, or action — it is not |
| 14 | +production-ready on its own. |
| 15 | + |
| 16 | + |
| 17 | + |
| 18 | +## 2. Validate before runtime |
| 19 | + |
| 20 | +Schema-first checks (`validateScript`) reject malformed scripts before they ever execute, and |
| 21 | +return the exact JSON path to fix. |
| 22 | + |
| 23 | + |
| 24 | + |
| 25 | +## 3. Constrain what can run |
| 26 | + |
| 27 | +A developer-owned registry defines the approved actions, conditions, parameters, and rules. |
| 28 | +Anything outside that vocabulary simply cannot execute — no arbitrary code. |
| 29 | + |
| 30 | + |
| 31 | + |
| 32 | +## 4. Review like code |
| 33 | + |
| 34 | +Generated rules are serializable data, so they go through the same governance as code: tests, |
| 35 | +owner approval, and rollback — never automatic AI approval. |
| 36 | + |
| 37 | + |
| 38 | + |
| 39 | +## 5. Then execute deterministically |
| 40 | + |
| 41 | +Synapse runs the approved rule path deterministically, and the explanation trace shows why the |
| 42 | +decision matched or failed — ready for audit, logs, or a support ticket. |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | +## In short |
| 47 | + |
| 48 | +`Validate → constrain → test → approve → execute → explain.` Deterministic workflow logic with |
| 49 | +auditability is the guardrail that makes AI-assisted business rules safe to ship. |
0 commit comments