Skip to content

LLM Boundaries

LLMs are useful in sigMAX because they can transform intent into structured material: architecture drafts, contracts, component descriptions, binary contracts, controlled pseudo-code and documentation.

They are not trusted as unchecked producers of final runtime artifacts. The boundary is deliberate: the LLM may propose structured intent and controlled logic, while deterministic tooling parses, validates, lowers, compiles, packages and records the effective state.

Uncontrolled generation can drift silently. A model can invent a helper, skip a validation step, add an import, choose an undeclared HTTP target, or produce code that looks plausible but no longer matches the declared architecture.

sigMAX avoids that failure mode by placing the LLM before the executable boundary. The model works in formats that can be checked, rejected and regenerated without granting runtime authority.

RisksigMAX response
Invented implementation detailRequire contracts, declared primitives and known DSL instructions.
Hidden host accessAllow only imports and capabilities listed in the Binary Contract.
Unbounded payload or parsingUse runtime primitives with documented limits.
Drifting architectureCompare contracts with generated agreements.
Plausible but invalid outputParse and validate before lowering or execution.

The LLM can help in stages where ambiguity still needs to be shaped into explicit structure.

AreaAcceptable LLM contributionRequired handoff
ArchitectureIdentify domains, components, routes and boundaries.Application and Component Contracts.
ContractsDraft structured expected state.Schema validation and contract review.
Binary behaviorDescribe handler inputs, outputs, imports and constraints.Binary Contract validation.
Controlled logicGenerate sigmax.pseudo/v0.1 pseudo-code.Pseudocode parser and deterministic lowering.
DocumentationExplain generated artifacts and validation results.Human review and source alignment.
TestsDraft scenarios from declared routes and contracts.Deterministic test generation or explicit fixtures.

The LLM should not be the authority for runtime behavior.

Not owned by the LLMWhy
Final C subset codeIt must be produced by deterministic lowering from validated pseudo-code.
WASM artifactsThey must be compiled and checked by the toolchain.
Runtime importsImports must come from declared primitives and binary contracts.
CapabilitiesHost access must be declared, not inferred by generated prose.
Docker Compose outputThe local stack is generated from skeletons and component inventory.
AgreementsAgreements record observed state after generation and validation.
Security exposureNetwork, secrets, HTTP targets and native access require explicit policy.

The current runtime generator makes the LLM boundary concrete. The pseudocode provider asks for sigmax.pseudo/v0.1 text only, with metadata lines, two-letter uppercase DSL instructions and explicit @... pseudo aliases. It rejects JSON, YAML, Markdown, code fences and C as generated output for this step.

That keeps the LLM output narrow enough to parse before any executable artifact exists.

Prompt ruleBoundary enforced
Generate pseudo-code text only.Prevents accidental Markdown, YAML, JSON or C from becoming trusted input.
Start with #S, #M, #F and optional metadata.Makes the artifact versioned and attributable.
Use two-letter DSL instructions.Keeps operations inside the parser vocabulary.
Use only contract fields, bindings and outputs.Prevents invented data paths.
Use only primitives documented in runtime/functions.toon.Prevents invented host imports.
Do not write raw C calls.Keeps C generation deterministic.

The runtime primitive catalog is the vocabulary the LLM must respect.

RuleMeaning for generation
Use only declared sigMAX primitives.Unknown primitive names are generation errors.
Include only /runtime/sigma.h.Generated C cannot pull in arbitrary headers.
Direct Linux calls are forbidden.No raw filesystem, sockets, process APIs or syscalls.
Direct SQL is forbidden.Storage goes through declared bindings and runtime primitives.
Raw JSON responses are forbidden.Public responses use response and ObjectIR primitives.
Host primitives require capabilities.HTTP, storage, time, random, regex, JSON and secrets stay policy-controlled.
WASM imports must be listed.A primitive with a wasm_import must appear in the Binary Contract.
Capabilities must be listed.A primitive with a capability must be allowed by contract.

The LLM must preserve the runtime control shape expected by deterministic lowering.

CaseRequired shape
Validation failureSet response status, emit validation error, return -1.
Runtime/API errorSet response status, emit structured error, return -1.
SuccessSet response status, build ObjectIR output, return 0.
Storage/service callUse declared typed binding through the runtime primitive surface.
Input handlingUse only input primitives allowed by the Binary Contract.

This matters because the compiled WASM module is later checked against imports, exports, ABI assumptions, generated C and agreement evidence.

Each LLM-produced artifact should cross a gate before it becomes input to the next stage.

GateReject when
Contract parsingThe output is not valid structured contract data.
Contract validationRequired routes, components, bindings or binary fields are missing.
Pseudo-code parsingThe file is not sigmax.pseudo/v0.1 or uses unknown instructions.
Primitive validationA pseudo-code instruction requires an undeclared import or capability.
C subset generationThe pseudo-code cannot lower deterministically.
WASM validationImports, exports, ABI, memory assumptions or forbidden tokens drift.
Agreement comparisonThe observed artifact differs from the expected contract state.
  • Does the generated output match the expected artifact type?
  • Does it reference only contract-defined names?
  • Are imports and capabilities declared before use?
  • Are HTTP targets logical and policy-controlled?
  • Are errors emitted with status, structured error and return -1?
  • Are successful responses emitted through ObjectIR?
  • Can the next deterministic tool parse it without guessing?
  • Would an agreement be able to record and compare the result?

Use the LLM where language, intent and decomposition are useful. Stop the LLM where executable authority begins.

That line is the main design choice: sigMAX can benefit from generation while keeping final code, runtime access, validation, packaging and drift evidence under deterministic control.