This document defines the immutable laws that govern the development and runtime behavior of ratelord. All sub-agents and implementations must adhere to these articles.
- The
ratelord-ddaemon is the sole source of truth for constraint state and intent arbitration. - Clients (TUI, Web) are strictly read-only and must not bypass the daemon to update state.
- All state changes, polls, and decisions MUST be recorded as immutable events.
- Snapshot tables are merely optimizations; the system must be capable of rebuilding its entire state from the event log.
- No agent shall perform a constrained action without first submitting an
Intent. - The system shall prefer
approve_with_modifications(throttling/deferral) overdeny_with_reason, provided safety is maintained. - Every
deny_with_reasonresponse MUST include a clear, actionable rationale based on forecasts or hard limits.
- No data point exists in a vacuum. Every event must be scoped to an Agent, an Identity, a Workload, and a Scope (e.g., repo/org).
- Use sentinel identifiers (e.g.,
sentinel:global) when a specific scope dimension is unknown or not applicable; nulls are not permitted for core dimensions. - Global limits are simply the root node of the constraint graph.
- Defensive logic must be triggered by forecasts (e.g., P90 time-to-exhaustion) rather than raw threshold breaches.
- The system must account for variance and uncertainty in provider reset windows.
- All telemetry, credentials, and logs remain local to the user's machine by default.
- Zero-config SQLite (WAL mode) is the mandatory storage engine.
- When constraints tighten, the system must signal agents to degrade functionality (e.g., lower frequency, smaller payloads) rather than halting entirely, unless a Hard Rule is violated.