Jonathan D.A. Jewell <jonathan@hyperpolymath.org> :toc: macro :toc-title: Contents :toclevels: 3 :sectnums: :icons: font :source-highlighter: rouge :experimental: :repo: https://github.com/hyperpolymath/conative-gating
SLM-as-Cerebellum for LLM Policy Enforcement
A biologically-inspired system where a Small Language Model acts as an inhibitory antagonist to Large Language Models, preventing policy violations through mechanisms analogous to the basal ganglia’s GO/NO-GO decision system.
LLMs are trained to be helpful, which makes them systematically violate explicit project constraints. When given rules like "NEVER use TypeScript, use ReScript", LLMs:
-
Read and acknowledge the constraint
-
Generate compliant-sounding justification
-
Violate the constraint anyway
This happens because:
-
Common languages (TypeScript, Python) dominate training data
-
The "helpfulness drive" overrides explicit instructions
-
LLMs lack true "loss aversion" for policy violations
Documentation-based enforcement fails because LLMs "engage with" documentation rather than obey it.
Conative Gating introduces a second model trained with inverted incentives:
| Component | Role | Analogy |
|---|---|---|
| LLM | Task execution (helpful, creative) | Frontal cortex / Direct pathway ("GO") |
| SLM | Policy enforcement (adversarial, suspicious) | Cerebellum / Indirect pathway ("NO-GO") |
| Policy Oracle | Deterministic rule checking | Reflex arc (fast, no ML) |
| Consensus Arbiter | Weighted decision making | Thalamus (integration) |
Using consensus protocols with asymmetric weighting - the SLM’s votes count 1.5x the LLM’s, creating a natural bias toward inhibition that counters the LLM’s tendency toward helpfulness.
USER REQUEST
|
v
+------------------------+
| CONTEXT ASSEMBLY |
+------------------------+
|
+--------------+--------------+
| |
v v
+-------------+ +---------------+
| LLM | | SLM |
| (Proposer) | | (Adversarial) |
+------+------+ +-------+-------+
| |
+-------------+---------------+
|
v
+------------------------+
| CONSENSUS ARBITER |
| (Modified PBFT) |
| SLM weight: 1.5x |
+------------------------+
|
+-------------+-------------+
| | |
v v v
+-------+ +--------+ +-------+
| ALLOW | |ESCALATE| | BLOCK |
+-------+ +--------+ +-------+
Policy Oracle (Rust)
Deterministic rule checking - forbidden languages, toolchain rules,
security patterns. Fast, no ML needed.
SLM Evaluator (Rust + llama.cpp)
Detects "spirit violations" - technically compliant but violates intent.
Catches verbosity, meta-commentary bloat.
Consensus Arbiter (Elixir/OTP)
Modified PBFT with asymmetric weighting. Three outcomes: ALLOW,
ESCALATE, BLOCK.
git clone https://github.com/hyperpolymath/conative-gating
cd conative-gating
cargo build --release# Scan a directory for policy violations
conative scan ./my-project
# Check a single file
conative check --file src/main.ts
# Check inline content
conative check --content "const x: string = 'hello'"
# Show current policy
conative policy
# Initialize local configuration
conative init
# JSON output for automation
conative scan . --format json| Code | Meaning |
|---|---|
| 0 | Compliant - all checks passed |
| 1 | Hard violation detected (blocked) |
| 2 | Soft concern detected (warning) |
| 3 | Error during execution |
The default policy implements the Rhodium Standard Repository (RSR) language hierarchy:
- Rust, Elixir, Zig, Ada, Haskell, ReScript
- Nickel, Racket
- TypeScript, Python*, Go, Java
Note
*Python exception: Allowed in salt/ directories for SaltStack and
training/ for ML training scripts.
npmrequiresdeno.json(no npm without Deno)
- Detects hardcoded secrets (passwords, API keys)
Initialize local configuration:
conative initThis creates .conative/policy.ncl using Nickel for type-safe
configuration:
{
name = "My Project Policy",
languages = {
tier1 = [...],
forbidden = [...],
exceptions = [
{ language = "python", allowed_paths = ["scripts/"], reason = "Build scripts" }
]
},
enforcement = {
slm_weight = 1.5,
escalate_threshold = 0.4,
block_threshold = 0.7,
}
}conative-gating/
src/
main.rs # CLI application
oracle/ # Policy Oracle crate (Rust)
slm/ # SLM Evaluator crate (Rust)
config/
policy.ncl # Default policy (Nickel)
schema.ncl # Policy schema
training/
compliant/ # Examples that should pass
violations/ # Examples that should fail
edge_cases/ # Spirit violations for SLM
docs/
ARCHITECTURE.md # Full design specification
*.adoc # Integration documentation
{
"hooks": {
"pre-commit": "conative scan --strict"
}
}repos:
- repo: local
hooks:
- id: conative-gating
name: Conative Policy Check
entry: conative scan
language: system
pass_filenames: false# Validate structured proposals
conative validate proposal.json --strictProposal format:
{
"id": "uuid",
"action_type": {"CreateFile": {"path": "src/util.rs"}},
"content": "file contents here",
"files_affected": ["src/util.rs"],
"llm_confidence": 0.95
}-
NeuroPhone - Neurosymbolic phone AI (integrates Conative Gating)
-
ECHIDNA - Multi-prover orchestration (SLM as another "prover")
-
RSR Framework - Rhodium Standard Repository specifications
-
Axiom.jl - Provable Julia ML (future formal verification)
SPDX-License-Identifier: CC-BY-SA-4.0
Copyright © 2025 Jonathan D.A. Jewell
See TOPOLOGY for a visual architecture map and completion dashboard.
