What GOPEL Is
GOPEL — Governance Orchestrator Policy Enforcement Layer — is the only published, fully disclosed reference implementation of a non-cognitive multi-AI governance architecture anywhere in the world.
That claim carries weight because the search for something like it came up empty. In 2025, during the build of the HAIA-RECCLIN governance framework, the need for a pre-inference enforcement layer was clear. No published specification, open-source repository, academic paper, or policy framework contained one. In January 2026, that question was put directly to multiple AI platforms under CAIPR parallel dispatch. The answer across every platform was the same: nothing had been published. GOPEL was built to fill that gap.
GOPEL is now at v1.5, with the Navigator architecture correction confirmed by Tier 0 arbiter in March 2026 as the defining update of this version. What follows is the full canonical description.
GOPEL Is Governed Infrastructure
GOPEL is the secured, governed channel between the human arbiter and every AI platform in use. Every request passes through GOPEL. Every response returns through GOPEL. Nothing leaves or enters the governed boundary without cryptographic integrity verification, authenticated identity binding, and a logged record.
Security and governance are distinct properties GOPEL provides simultaneously. The security property means no data moves without cryptographic verification and authenticated identity binding. The governance property means no operation executes without a logged record, no checkpoint advances without human approval, and no authorization proceeds outside the enterprise policy framework.
Security without governance is a locked room with no accountability for what happens inside. Governance without security is a chain of custody with gaps. GOPEL provides both.
The canonical descriptor names the governance function as primary because governance is the purpose. Security is the mechanism that makes the governance trustworthy.
GOPEL governs but does not think. Policy application and enforcement are deterministic for any given configuration, evidence set, and transaction state. This is not a limitation. It is the security design. Pipes that can think can be manipulated.
What GOPEL Carries
GOPEL carries prompts. GOPEL does not write prompts, evaluate prompts, or modify prompts. This distinction is non-negotiable because formatting a prompt requires content evaluation, and content evaluation violates the non-cognitive constraint that makes GOPEL trustworthy.
What GOPEL carries are prompts already formatted with RECCLIN governance instructions before GOPEL receives them. Those instructions require every AI platform response to include: role, task, answer, sources, conflicts, confidence, expiry, fact-to-tactic-to-KPI, recommendation, and decision point.
GOPEL validates that the schema is present in every dispatch and logs every response in full, unedited, exactly as received. GOPEL validates structure. GOPEL does not evaluate content.
The v1.5 Update: Navigator Architecture Correction
The defining update in v1.5 is the Navigator architecture correction, confirmed by Tier 0 arbiter in March 2026.
The Navigator is the cognitive function that produces synthesis from platform outputs. In v1.5, the architecture establishes clearly that the Navigator is always external to GOPEL in all three operating models. GOPEL routes to the Navigator and logs its output unchanged. GOPEL never performs synthesis, generates recommendations, or serves as Navigator under any operating model or configuration.
This correction matters because any architecture that allows the governance enforcement layer to also perform cognitive synthesis collapses the structural separation that makes governance trustworthy. The enforcement layer and the synthesis function must remain distinct. v1.5 makes that boundary explicit and irrevocable.
Three Agent Operating Models
GOPEL supports three agent operating models with distinct Navigator configurations. Choosing the operating model is a CBG decision made by the human arbiter before any workflow begins.
| Model | Navigator Configuration | CBG Checkpoint |
|---|---|---|
| Model 1: Iterated Dispatch Loop | All platforms function as navigators through iterated cross-platform exchange. X iterations set by human arbiter before dispatch. | One checkpoint at workflow end. |
| Model 2: Human-Supervised Navigator | Human selects Navigator before workflow begins: public AI, private in-house AI, or closed tool. GOPEL routes to designated Navigator. Human reviews synthesis at each gate. | Checkpoint at every RECCLIN role gate. Operationalizes EU AI Act Article 14. |
| Model 3: Human as Navigator | No AI platform serves as Navigator. Human arbiter receives all platform outputs and performs synthesis directly. | No agent automation. Every synthesis decision is a documented human judgment act. Model that produced the published book and all operational case studies. |
Model 3 is the highest-fidelity governance configuration. It is the model that produced the published book and all operational case studies.
Targeted Role Dispatch vs. CAIPR Parallel Dispatch
GOPEL supports both dispatch architectures. They are complementary, not interchangeable.
Targeted Role Dispatch applies a pre-approved routing matrix established outside GOPEL. Different parts of a task go to different platforms matched to RECCLIN roles. This produces role-specialized excellence. It does not produce convergence analysis because platforms answer different questions rather than the same question.
CAIPR Parallel Dispatch sends the identical prompt to multiple independent platforms simultaneously. Platform count follows the odd-number protocol — 3, 5, 7, 9, or 11 — to prevent tie outcomes. No platform receives any other platform’s output before producing its own. Consensus thresholds decline as platform count increases to preserve dissent: 2 of 3, 3 of 5, 4 of 7, 5 of 9, 6 of 11.
Dissent is governance data. A single platform disagreeing with all others is not noise to suppress. It is the signal that prevented documented governance failures in operational practice.
Fail-Closed Security Architecture
When any security verification fails, GOPEL halts. It does not proceed and does not silently degrade. The failure event is logged and the human arbiter is alerted.
Three verification layers operate before dispatch and upon response collection for every transaction: container integrity check, API security check, and transport integrity check. A circuit breaker halts the entire pipeline when configurable thresholds are exceeded. Once a CRITICAL breach is logged, the pipeline cannot resume until a specifically authorized human arbiter executes the acknowledge-breach procedure.
Cryptographic Audit Trail
The term “log” understates what GOPEL produces. Every operation writes to an append-only, hash-chained, digitally signed audit trail. Append-only means nothing is overwritten. Hash-chained means each record contains the SHA-256 hash of the previous record — any alteration to any record breaks the chain. This is forensically useful evidence suitable for regulatory audit and legal proceedings.
Six record types are produced for every transaction:
- Request Record — the governed prompt before dispatch
- Dispatch Record — platform selection, routing, and timing
- Response Record — raw platform output, unedited, exactly as received
- Navigation Record — Navigator synthesis logged unchanged
- Arbitration Record — proves a human decided, not merely that a human was present; mandatory rationale field required
- Decision Record — links the final authorized output to every upstream record in the chain
An empty rationale field in the Arbitration Record is a documentation failure. The record distinguishes a deliberate judgment from a credential submission.
The post-quantum cryptographic agility amendment extends the signature architecture to remain valid across multi-decade retention obligations, replacing ECDSA P-256 and Ed25519 with post-quantum signature standards consistent with NIST guidance.
Confidential Processing Extension
After GOPEL dispatches a prompt and before GOPEL collects the response, the data is inside an AI platform’s inference stack. GOPEL has zero visibility into that interval. The Confidential Processing Extension (CPE) classifies every dispatch into exactly one of four profiles before any data moves.
| Profile | Classification | What It Requires |
|---|---|---|
| Profile 0 | Prohibition — System Default | Blocks any dispatch lacking a valid endpoint capability flag or recognized data sensitivity label. No regulated data moves to an unverified endpoint without explicit human arbiter authorization in the audit trail. |
| Profile 1 | Legal Standard — Attested Confidential | TEE attestation verified against approved trust anchor. Legal compliance standard required by HIPAA for PHI and equivalent regulated material. VAISA is the legislative mandate mechanism at the inference layer. |
| Profile 2 | Interim Default — Minimized External | Deterministic tokenization of structured regulated identifiers before dispatch. Token map never leaves GOPEL custody. Does not solve free text leakage or unstructured document sensitivity. |
| Profile 3 | Exception Only — Human-Gated Emergency | Named arbiter explicit approval with documented justification. 72-hour limit. Mandatory post-use review within 14 days. Not a compliance substitute for Profile 1. |
Operating under Profile 2 with raw PHI or classified material is a compliance gap, not a compliant posture. As of March 2026, most commercial LLM APIs do not yet expose attestation evidence at Profile 1 level. VAISA is the legislative mechanism designed to change that.
Automation Bias Monitoring
The most common governance failure is the human gradually stopping oversight without any single moment that triggers an alert. GOPEL’s Report operation surfaces that pattern structurally.
Four counters are produced for every observation window:
- Approval rate above 95% — deploying authority determines response
- Reversal rate below 2% — deploying authority determines response
- Consecutive agreement run above 20 — deploying authority determines escalation response
- Zero-reversal count at or above 10 — deploying authority determines escalation response
These are deterministic arithmetic operations on Decision Records. GOPEL counts. The deploying organization decides what the counts mean and when action is required.
Platform Selection: Anchor-Plus-Rotation
GOPEL executes platform selection through an anchor-plus-rotation protocol. No platform holds a permanent anchor position across all sessions. Rotation distributes anchor responsibility so that no single platform’s limitations become the framework’s limitations.
The cryptographic rotation seed means no external actor can predict which platforms GOPEL will select for any given dispatch. Predictable selection enables targeted adversarial manipulation. Cryptographic rotation materially reduces that attack vector without any cognitive evaluation at runtime.
The Key Architectural Boundary
Four boundaries define what GOPEL is and is not:
- The Navigator is always external to GOPEL. GOPEL routes to it and logs its output unchanged.
- The audit review function is always external to GOPEL. GOPEL counts and produces audit material; the Discretionary Audit Policy governs when and how that material is reviewed.
- All analytical content and escalation decisions originate outside GOPEL.
- GOPEL moves, logs, and enforces.
Frequently Asked Questions
What is GOPEL? GOPEL (Governance Orchestrator Policy Enforcement Layer) is the only published reference implementation of a non-cognitive multi-AI governance architecture. It is a pre-inference enforcement layer for governed multi-AI workflows. GOPEL moves, logs, and enforces — it does not think, evaluate, or generate content.
What does non-cognitive mean in GOPEL’s architecture? Non-cognitive means GOPEL performs zero content reasoning or judgment. Policy application is deterministic for any given configuration, evidence set, and transaction state. GOPEL does not write, evaluate, or modify prompts. This is a security design: pipes that can think can be manipulated.
What are GOPEL’s three agent operating models? Model 1 (Iterated Dispatch Loop) dispatches to all platforms with one CBG checkpoint at workflow end. Model 2 (Human-Supervised Navigator) has a CBG checkpoint at every RECCLIN role gate and operationalizes EU AI Act Article 14. Model 3 (Human as Navigator) has no agent automation — the human performs all synthesis directly.
What is the v1.5 Navigator architecture correction? v1.5 confirms by Tier 0 arbiter that the Navigator is always external to GOPEL in all three operating models. GOPEL routes to the Navigator and logs its output unchanged. GOPEL never performs synthesis or serves as Navigator under any configuration.
What kind of audit trail does GOPEL produce? An append-only, hash-chained, digitally signed cryptographic audit trail producing six record types per transaction. The Arbitration Record proves a human decided — not merely that a human was present. Any alteration to any record breaks the hash chain.
What is the Confidential Processing Extension? CPE classifies every dispatch into one of four profiles before any data moves. Profile 0 blocks unverified dispatches. Profile 1 is the legal standard for HIPAA-regulated material. Profile 2 is the interim default using deterministic tokenization. Profile 3 is a human-gated emergency exception with strict time limits.
How does GOPEL prevent automation bias? GOPEL’s Report operation produces four counters per observation window — approval rate, reversal rate, consecutive agreement run, and zero-reversal count — as deterministic arithmetic on Decision Records. The counters surface the pattern of gradual oversight reduction that has no single trigger moment.
How does GOPEL relate to HAIA-CAIPR? GOPEL automates the mechanics of CAIPR parallel dispatch without performing cognitive work. CAIPR is the human orchestration protocol. GOPEL is the infrastructure that executes CAIPR’s dispatch, collection, routing, logging, and reporting operations deterministically. GOPEL enforces CAIPR’s governance requirements — it does not replace them.
Published Resources
- GitHub: github.com/basilpuglisi/HAIA (CC BY-NC 4.0)
- Book: Governing AI: When Capability Exceeds Control — Basil C. Puglisi, MPA — ISBN 9798349677687
- Congressional Package: AI Provider Plurality v9
- Legislative Mechanism: Verified AI Inference Standards Act (VAISA)
- Case Studies: 006 HAIA-CAIPR, 002 CBG Audit Log, 001 Thought Leader
Leave a Reply
You must be logged in to post a comment.