Sovereign Execution Substrate — policy-shaped graphs, evidence-chained transitions, confidence-budget routing, and counterfactual replay for all SZL workflows.
Source: https://github.com/szl-holdings/platform/tree/main/packages/substrate · public package (private:false) · #2 — compile-time Kahn-sort approval-DAG (packages/substrate/src/compiler.ts).
The single, opinionated execution runtime every SZL product surface (Lyte · Aegis · Vessels · Terra · Counsel · Carlota Jo) calls the same way.
defineWorkflow({stages, policy, budget}) → runtime.start(workflow, input, {mode}) → PipelineRun.
compiler.ts runs a Kahn topological sort over the approval DAG at compile time and throws
SubstrateCompilerError for cycles, orphan gates, or high-risk side-effects reachable without an ancestor
ApprovalGate(). Topology-enforced, not runtime-checked. Tests: vitest — src/engine.test.ts · src/compiler.test.ts · src/workflows/phase2.test.ts.
| File | Purpose | LOC | Exports |
|---|---|---|---|
| src/index.ts | Public package entry — re-exports every primitive, type, runtime, compiler, journal, telemetry & workflow symbol. | 332 | AdvisorMatch, AegisThreatTriageInput, AegisThreatTriageResult, AnomalyFinding, AnyStage, ApprovalGate, BriefSection, CarlotaJoTaskRoutingInput… |
| src/types.ts | Core TypeScript interfaces + Zod schemas: ExecutionMode, SideEffectCategory, 7 StageTypes, WorkflowDefinition, PipelineRun, EvidenceBundle. | 559 | AnyStage, AnyStageSchema, ApprovalGate, ApprovalGateSchema, BaseStage, CompiledGraph, CompiledStageNode, ConfidenceBudget… |
| src/stage-primitives.ts | Five stage primitive factories — Reason() · Retrieve() · ToolCall() · Verify() · Decide() — plus ApprovalGate(), definePolicy(), defineBudget(). | 161 | ApprovalGate, Decide, Reason, Retrieve, ToolCall, Verify, defineBudget, definePolicy |
| src/compiler.ts | Innovation #2 — compile-time Kahn topological sort over the approval DAG; throws SubstrateCompilerError for cycles, orphan gates, or high-risk side-effects reachable without an ancestor ApprovalGate. Topology-enforced, not runtime-checked. | 276 | SubstrateCompilerError, compile |
| src/engine.ts | SubstrateRuntime: start(workflow, input, {mode}) → PipelineRun. Workflow registry (register/lookup/list/clear), defaultRuntime singleton. | 1105 | SubstrateRuntime, SubstrateRuntimeOptions, clearWorkflowRegistry, defaultRuntime, listWorkflows, lookupWorkflow, registerWorkflow |
| src/journal.ts | Evidence-chained journal: computeBundleHash, hashValue, sign/verify bundle signatures, SubstrateJournal store, runtime event bus. | 540 | JournalStore, RunStore, SubstrateJournal, SubstrateRuntimeEvent, SubstrateRuntimeEventType, computeBundleHash, defaultJournal, defaultJournalStore… |
| src/budget-router.ts | Confidence-budget routing — routeByBudget, aggregatePipelineConfidence, validateFinalConfidence (escalate when budget exceeded). | 110 | RoutingDecision, aggregatePipelineConfidence, routeByBudget, validateFinalConfidence |
| src/adapters.ts | Adapter registries (model/policy/resource/retriever/tool) + wirePolicyEngineAdapter / wireToolMeshAdapter bridges to platform packages. | 494 | McpCapabilitySpec, McpToolCall, McpToolDefinition, McpToolResult, ModelAdapter, ModelAdapterInput, ModelAdapterOutput, PolicyAdapter… |
| src/telemetry.ts | OpenTelemetry spans: SubstrateTelemetry, getMetrics, getRecentSpans, getRunSpans (SubstrateSpan). | 279 | SubstrateSpan, SubstrateTelemetry, getMetrics, getRecentSpans, getRunSpans |
| src/python-worker.ts | Bridge to services/substrate-py-workers — protocol messages (claim/result/error/heartbeat/register), PYTHON_WORKER_PROTOCOL_VERSION. | 386 | PYTHON_WORKER_PROTOCOL_VERSION, PythonWorkerBaseMessage, PythonWorkerChannel, PythonWorkerMessage, PythonWorkerMessageType, RegisteredWorker, StageClaimMessage, StageErrorMessage… |
| src/cli/bin.ts | `substrate` CLI binary entrypoint. | 80 | |
| src/cli/replay.ts | Replay & counterfactual — replay(), handleReplayRequest, resolvePolicyProfileById, formatDiff (deterministic re-execution of a recorded run). | 312 | PolicyNotFoundError, ReplayEndpointRequest, ReplayEndpointResponse, ReplayOptions, ReplayResult, formatDiff, handleReplayRequest, replay… |
| Workflow | Purpose | Exports |
|---|---|---|
| opportunity-audit.ts | Phase-1 reference workflow — anomaly→remediation opportunity audit (Lyte retriever). | AnomalyFinding, OpportunityAuditInput, OpportunityAuditResult, RemediationDecision, isLyteRetrieverRegistered, opportunityAuditWorkflow |
| cross-system-reconciliation.ts | Reconcile discrepancies across systems → reconciliation decision. | CrossSystemReconciliationInput, CrossSystemReconciliationResult, ReconciliationDecision, ReconciliationDiscrepancy, crossSystemReconciliationWorkflow, runCrossSystemReconciliation |
| evidence-based-recommendation.ts | Evidence-cited recommendation decision packet. | EvidenceBasedRecommendationInput, EvidenceBasedRecommendationResult, EvidenceCitation, RecommendationDecisionPacket, evidenceBasedRecommendationWorkflow, runEvidenceBasedRecommendation |
| executive-brief.ts | Multi-section executive brief generation. | BriefSection, ExecutiveBriefInput, ExecutiveBriefOutput, ExecutiveBriefResult, executiveBriefWorkflow, runExecutiveBrief |
| risk-escalation.ts | Risk-signal summary → escalation decision. | RiskEscalationDecision, RiskEscalationInput, RiskEscalationResult, RiskSignalSummary, riskEscalationWorkflow, runRiskEscalation |
| aegis-threat-triage.ts | Aegis vertical pack — threat triage decision. | AegisThreatTriageInput, AegisThreatTriageResult, ThreatTriageDecision, TriagedThreat, aegisThreatTriageWorkflow, runAegisThreatTriage |
| carlota-jo-task-routing.ts | Carlota Jo vertical pack — advisor-match task routing. | AdvisorMatch, CarlotaJoTaskRoutingInput, CarlotaJoTaskRoutingResult, TaskRoutingDecision, carlotaJoTaskRoutingWorkflow, runCarlotaJoTaskRouting |
| lyte-operational-drift.ts | Lyte vertical pack — operational drift detection decision. | DriftItem, LyteOperationalDriftInput, LyteOperationalDriftResult, OperationalDriftDecision, lyteOperationalDriftWorkflow, runLyteOperationalDrift |
| prism-counsel-evidence-packaging.ts | Prism Counsel vertical pack — legal evidence packaging + matter deadlines. | EvidencePackage, MatterDeadline, PrismCounselDecision, PrismCounselEvidencePackagingInput, PrismCounselEvidencePackagingResult, prismCounselEvidencePackagingWorkflow |
| terra-portfolio-anomaly.ts | Terra vertical pack — portfolio anomaly decision. | PortfolioAnomaly, PortfolioAnomalyDecision, TerraPortfolioAnomalyInput, TerraPortfolioAnomalyResult, runTerraPortfolioAnomaly, terraPortfolioAnomalyWorkflow |
| vessels-voyage-anomaly.ts | Vessels vertical pack — voyage anomaly decision. | VesselsVoyageAnomalyInput, VesselsVoyageAnomalyResult, VoyageAnomaly, VoyageAnomalyDecision, runVesselsVoyageAnomaly, vesselsVoyageAnomalyWorkflow |
| index.ts | Demo seed inputs for the reference workflows. | ALL_WORKFLOW_SEEDS, WorkflowSeedKey, aegisThreatTriageSeed, carlotaJoTaskRoutingSeed, crossSystemReconciliationSeed, evidenceBasedRecommendationSeed |
packages/substrate/ source in szl-holdings/platform and lists every public file, its purpose, and its
exported symbols. The substrate is real code (compiler + engine + journal + budget-router + 11 workflow packs).
It is shipped here as an inspector / documentation surface — the live TypeScript runtime executes inside the platform
monorepo (and the substrate-py-workers GPU fleet), not inside this static HF Space. The side-effect categories enforced by the
compiler are: read-only, write-internal, write-external, financial, notification, deletion, escalation, infrastructure.