Constitution
The constitution is Commander's safety backbone — a TOML file signed with Ed25519 that defines what the agent can and cannot do. It cannot be bypassed.
Structure
[identity]
version = "1.0.0"
checksum = "..." # SHA-256 of content
signed_by = "..." # Who signed it
signature = "..." # Ed25519 signature
[boundaries]
# Never execute these (highest priority)
forbidden = [
"rm -rf /",
"DROP DATABASE",
"sudo rm *",
]
# Ask before executing
requires_approval = [
"git push",
"deploy *",
"install package",
]
# Execute freely
auto_allowed = [
"git *",
"cargo test",
"npm test",
"echo *",
"cat *",
]
[resource_limits]
max_api_cost_per_run = 5.0
max_api_cost_per_day = 50.0
max_execution_time = 3600
max_concurrent_workflows = 3
max_file_write_size = "10MB"
allowed_directories = ["~/Projects", "~/.mur", "/tmp"]
blocked_directories = ["/etc", "/System", "~/.ssh"]
[model_permissions]
thinking_model = { can_execute = false, can_read = true }
coding_model = { can_execute = true, can_read = true, sandbox_only = true }
task_model = { can_execute = true, can_read = true }
How It Works
Every action goes through a 3-step check:
- Forbidden? → Blocked immediately, logged to audit
- Requires approval? → Paused until user confirms
- Auto allowed? → Executes freely
- Unknown? → Defaults to requiring approval (safe default)
Pattern matching uses word boundaries — git * matches git push but not digit.
Signing & Verification
# Generate keypair + sign
murc constitution sign
# Verify integrity
murc constitution verify
# View current rules
murc constitution show
If the constitution file is modified without re-signing, verify will detect the tampering:
VERIFICATION FAILED: Constitution has been modified!
Expected checksum: 359c58b7...
Actual checksum: a1b2c3d4...
Tamper Protection
- SHA-256 checksum of the entire file (excluding identity section)
- Ed25519 signature over the checksum
- Keys stored separately (
signing.key,signing.pub) - The watchdog independently monitors constitution integrity at runtime