Audit-Grade Governance From Day 0
AI looks powerful until it breaks in production. The Bespoke Mentis Framework is built so the failure never starts: every system ships with constitutional governance, audit-grade trails, explainable decisions, and strict data boundaries from the first line of code — powered by MU2 v2.8 and the Mentis AI Constitution V6.
Today's AI systems hallucinate, leak data, and violate policies because they were never designed to be governed. Regulators are catching up: EU AI Act, AI Bill of Rights, SEC AI disclosures, and sector rules in healthcare, finance, and aerospace. Our answer is simple: governance is not a patch, it is the operating system.
This Is Not a Policy Document. It Is an Architecture.
Most AI "governance" is a PDF with a signature. MU2 is a compiled enforcement substrate — a second-generation governance kernel that runs inside every system we build. Its 58 Governance Authorities operate in a hierarchical authority chain, each with bounded scope, defined escalation paths, and autonomous enforcement responsibilities. 110 constitutional laws are compiled into runtime behavior — not stored in a settings file.
Compiled, Not Configured
110 constitutional laws are enforcement logic — not documentation. They fire at runtime, cannot be toggled off, and generate cryptographic evidence artifacts on every execution.
Memory + Learning Built In
Episodic Memory (EMA) indexes every session and retrieves context at the start of the next. Active Learning (ALEA) promotes high-signal patterns across deployments. The substrate compounds intelligence over time.
Governed Caching & Cost
AI spend is governed at defined thresholds. Provider prompt caching is enforced on all stable system prompts. Semantic caching is keyed to content hash + model + prompt version. Cache keys are tenant-isolated by design — no cross-tenant data sharing.
The 7-Level Autonomy Gate System
Before any action executes, MU2 classifies it into one of 7 gate classes — G0 through G6. This determines exactly how much autonomy the system has and when human approval is required. Human authority is preserved by architecture. The AI cannot approve its own G0 or G1 gates. Vague approvals are constitutionally rejected in code.
Named approval required. Exact format enforced. No exceptions. Covers auth, security, constitutional law changes, and production deployments.
Work enters AWAITING_APPROVAL state. System cannot proceed until a specific, named approval is recorded. Vague approvals are constitutionally rejected.
Work is completed and a full recommendation set is surfaced for human review. Commit is blocked until approval is received.
Autonomous execution with mandatory periodic checkpoints. Human oversight is preserved through structured handoffs at defined intervals.
System proceeds and notifies the operator asynchronously. Standard for lower-risk feature work — the audit trail still records everything.
System proceeds silently. Reserved for read-only and research operations. Evidence artifacts are still written — governance never stops.
Fail-closed condition. No autonomous recovery. System stops completely and the operator must resolve manually before execution resumes.
Every action is classified before execution. The gate cannot be skipped, appealed, or bypassed at runtime.
Governance is not optional. It is the execution layer.
7 Foundational Principles
The Mentis AI Constitution V6 is grounded in 7 Foundational Principles — the supreme governing intent behind all 110 constitutional laws. These principles cannot be waived, overridden, or traded off for performance.
Truth Over Comfort
Every output prioritizes accuracy over reassurance. Confident responses without evidence are architecturally prohibited — not just discouraged.
Human Authority Supremacy
Human decision-making authority cannot be bypassed, eroded, or overridden by any AI action. High-stakes decisions require human approval by design.
Categorical Harm Prohibition
Specific categories of harm are unconditionally prohibited. These cannot be unlocked by user instructions, system prompts, or runtime configuration.
Systematic Transparency
Every decision, recommendation, and limitation is traceable, observable, and defensible. Black-box outputs are a constitutional violation.
Privacy as Architecture
Data boundaries are structural — not configurable. Customer data never crosses tenant lines, never becomes training material, and never exits its governance scope.
Excellence as Obligation
Incomplete, low-quality, or unverified outputs are a constitutional violation — not an acceptable engineering tradeoff.
Living Governance
The governance substrate evolves through evidence, validation, and deployment learnings — not through convention or preference alone.
7-Component Cognitive Layer — Always On
MU2 runs a permanent cognitive intelligence layer underneath every execution — not just high-stakes decisions. These 7 components cannot be disabled, paused, or bypassed. They monitor, calibrate, and enforce in real time across every session, every model invocation, and every output.
Context Window Management
Monitors context fill in real time. Triggers structured compaction at 65%, issues a hard warning at 80%. Prevents context degradation before it silently corrupts output quality.
Episodic Memory Agent
Indexes past sessions and retrieves relevant context at the start of each new session. Sessions compound — every deployment makes the system more contextually aware of your environment.
Metacognitive Calibration
Evaluates its own reasoning quality mid-execution. Emits CONTINUE, RETHINK, or ROLLBACK signals in real time. The system can interrupt itself before producing a low-quality output.
Active Learning Engine
Pattern strength evolves across sessions — the substrate learns from every deployment. High-signal patterns are promoted. Degraded patterns are flagged for review. Governance improves over time.
Cost Governance V2
AI spend is governed at 50%, 75%, and 90% budget thresholds. No model invocation runs without budget awareness. Uncontrolled AI spend is a constitutional violation.
Dual Process Engine
Fast-path keyword evaluation runs before any LLM invocation. Deterministic routing for known patterns — the LLM is invoked only when fast-path resolution fails. Speed without sacrificing governance.
Epistemic Confidence
Uncertainty must be explicitly declared. Confident outputs without evidentiary grounding are constitutionally prohibited — the system cannot produce certainty it has not earned.
These 7 components run in parallel on every session. None can be disabled. Evidence is written regardless of gate class.
Runtime intelligence, not post-hoc review.
Autonomy Orchestration Layer
Before any execution begins, MU2 v2.8 runs a deterministic orchestration layer that classifies intent, selects the correct specialist, resolves the gate class, enforces scope boundaries, and governs model selection — all before the first token is generated. There is no unclassified execution.
Intent Router
ClassificationNatural language input is parsed into a structured execution signal using keyword fast-path with LLM fallback. The system determines what you are asking — and classifies the risk — before it acts.
Gate Resolver
Gate AssignmentResolves the G0–G6 gate class from task signals, risk tier, and environment context. This single component determines whether execution requires named human approval, checkpoint, or proceeds autonomously.
Specialist Select
Deterministic RoutingRoutes to the correct Specialist Profile using a deterministic routing matrix — not probabilistic selection. The same task code routes to the same specialist every time, with no variance.
Model Selector
Governed Model SelectionSelects the appropriate AI model based on risk tier, task classification, and cost governance thresholds. Model selection is governed — operators cannot invoke an over-powered model for a low-risk task.
Scope Monitor
Boundary EnforcementEnforces per-session scope boundaries in real time. Any detected scope expansion during execution triggers an immediate gate escalation — the system cannot quietly expand beyond what was declared.
Boundary Registry
Pre-Execution LockPer-task forbidden and required constraints are injected at session start and locked. Constraints are declared before execution begins — they cannot be discovered, negotiated, or overridden mid-session.
From Intent to Governed Output — 10 Checkpoints
Every task submitted to MU2 passes through 10 checkpoints before output is written. There is no step that runs ungoverned. Every checkpoint produces evidence.
Intent Parse
Natural language → structured signal. Verbs, objects, risk indicators, and domain classified before anything executes.
Task Classification
Task code and risk tier assigned. Determines which specialist, gate class, and authority set applies.
Scope Declaration
Exact execution boundaries defined and locked. Any work outside this boundary triggers gate escalation.
Intelligence Loading
Relevant domains assembled from 17 Specialist Profiles. EMA retrieves top relevant past sessions and injects episodic context.
Specialist Selection
Deterministic routing to the correct Specialist Profile. No probabilistic selection — same input, same specialist, every time.
Runtime Assembly
Superprompt assembled dynamically: specialist, task, domains, authorities, memory context, and boundary constraints combined.
Gate Determination
G0–G6 class assigned. Pre-execution approval required or execution proceeds — this decision is locked before the first action.
Governed Execution
Scope monitor, cognitive layer (all 7 components), and policy evaluator active simultaneously. Every mutation evaluated before it lands.
Verification
Quality score calculated. Compliance checked. Evidence bundle written. Session cannot close without passing verification.
Closure & Learning
EMA episode written. Active Learning signal emitted. Operator notified per gate class. Change record updated. Intelligence compounds.
Output cannot exist without passing all 10 checkpoints. There is no fast path that bypasses governance.
What It Delivers in Practice
Three operational outcomes every Bespoke Mentis system delivers — by construction, not configuration.
Immutable Audit Trails
Every model invocation, prompt, and data access is logged with SHA256-verified artifacts and timestamps. When regulators, customers, or internal audit ask "why did the AI do that?" you have cryptographic receipts, not screenshots.
Append-only logs. Tamper-evident. Replay-capable for legal discovery.
Data Sovereignty & Tenant Isolation
Customer data never becomes model training exhaust. Each tenant runs with strict isolation, bounded retrieval, and least-privilege access. Sensitive workloads stay inside your trust boundary while still benefiting from intelligent automation.
Designed for SOC 2 / ISO 27001 control families from day 0.
Explainability You Can Prove
Every recommendation comes with reasoning chains, source documents, and decision provenance. You can replay how the AI reached a conclusion, what it saw, and which guardrails fired along the way.
Built for AI Bill of Rights, EU AI Act, and sector-specific rules.
Constitutional Governance Architecture
Powered by MU2 v2.8 — our second-generation governance kernel — and the Mentis AI Constitution V6, encoding 110 constitutional laws across 58 Governance Authorities. These are not configuration files. They are compiled into runtime behavior across every system we build.
Immutable Constitutional Laws
A set of non-negotiable principles governing every AI decision, recommendation, and line of generated logic. These laws cannot be overridden by users, configurations, or runtime conditions — they are architectural constraints, not settings.
58 Named Governance Authorities
A hierarchical chain of 58 specialized authorities, each with bounded scope, defined escalation paths, and enforcement responsibilities across security, privacy, quality, compliance, cognitive safety, and resilience.
Evidence-Grade Auditability
Every operation generates cryptographically verified artifacts. SHA256-chained audit trails that are append-only, tamper-evident, and replay-capable. Not app logs — legal-grade evidence that survives regulatory discovery.
Human Oversight by Design
High-stakes decisions are architected to escalate to human review through the G0–G6 gate system. No system can operate beyond its defined governance boundary. Human authority is preserved by construction — not by policy document.
The Mentis AI Constitution V6 (110 laws, L1–L110) and MU2's 58 Governance Authorities represent years of design, validation, and deployment in regulated environments — including independent governance scoring of 96/100 (EXCELLENT) in life sciences. We share their effects and outcomes openly. The specific laws, authority chains, and enforcement logic are reserved for client engagements.
Built to Map Into Every Major Framework
Our architecture is designed to support controls for every major AI and data governance framework. External certification is on our roadmap; every system we deploy maps cleanly into these control families from day one.
Explicability requirements, prohibited-use classification, and human oversight mandates are addressed through constitutional law enforcement and G0–G6 gate architecture.
Risk management, transparency, and accountability functions map to our Authority chain, decision provenance artifacts, and structured governance scoring.
PHI data boundaries are enforced structurally through tenant isolation and bounded retrieval — not through application-layer filters that can be bypassed.
Security, availability, and confidentiality control families are addressed by constitutional law enforcement, append-only audit trails, and scope monitoring.
Predetermined change control and transparency requirements are met through constitutional law versioning, audit trails, and governance scoring on every deployment.
Prompt injection, data leakage, and insecure output handling are addressed by bounded retrieval architecture, tenant isolation, and output governance authorities.
Without Constitutional Governance
- ×AI autonomy with no defined ceiling — actions cannot be stopped mid-execution
- ×Policy teams rewriting PDF playbooks after every incident
- ×Logs that become liabilities under legal discovery
- ×No gate structure — the AI can proceed on high-stakes decisions without named approval
With Bespoke Mentis Governance
- ✓Every action classified G0–G6 before execution begins — human escalation by architecture
- ✓110 constitutional laws compiled into runtime — not documented into slide decks
- ✓SHA256-chained artifacts generated on every run, regulator-ready by default
- ✓Vague approvals rejected in code. Named, timestamped approval or the system halts.
How We Compare Against the Field
Every cell below is sourced from public documentation, compliance disclosures, and vendor trust centers. We share effects and outcomes — not internal architecture. The gap is structural, not a matter of degree.
| Capability | Bespoke Mentis | Devin | GitHub Copilot | Claude Code | Cursor | Windsurf | OpenAI Codex |
|---|---|---|---|---|---|---|---|
Constitutional laws compiled into runtime Laws fire at execution — cannot be toggled, bypassed, or configured away | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
Named autonomy gate system Every action classified before execution; human escalation enforced by architecture | ✓ | ~ Interactive planning (review before exec), but no classified gate system | ✗ | ~ Plan mode is one step — not a 7-level classified gate architecture | ✗ | ✗ | ✗ |
Audit artifacts on every execution by default SHA-256 evidence generated per run without SIEM configuration | ✓ | ~ API-retrievable audit logs; not SHA-256 chained by default | ~ Admin-level only; agent responses and generated code not captured | ~ Git attribution + auth logs; full agent audit requires SIEM integration | ~ Admin logs only; agent responses and code content not captured — documented feature gap | ~ Logs accepted completions; full audit requires hybrid/self-hosted deployment | ~ Compliance Logs Platform available; requires configuration and export setup |
HIPAA-aligned by architecture PHI boundaries enforced structurally, not just via BAA paperwork | ✓ | ~ Government deployments with ZDR; standard Devin has no BAA | ✗ | ~ BAA available via Bedrock; data stays in VPC but no architectural PHI enforcement | ✗ | ~ BAA available; hybrid/self-hosted options; not architectural enforcement | ~ BAA available; compliance requires customer configuration |
Fail-closed enforcement Any governance violation triggers an immediate halt — no degraded-mode operation | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
Always-on cognitive monitoring layer 7 permanent components monitoring context, reasoning quality, cost, and confidence | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
Episodic memory + active learning Sessions compound intelligence; pattern strength evolves across deployments | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
Independent governance validation score Published score from regulated-industry deployment | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Capability | Bespoke Mentis | IBM watsonx | ServiceNow AICT | Azure AI Foundry | LangChain / LangGraph |
|---|---|---|---|---|---|
Governance compiled into runtime substrate Laws fire during execution — not monitored from a dashboard after the fact | ✓ | ✗ | ✗ | ✗ | ✗ |
Named autonomy gate system Classified gate architecture enforcing execution boundaries before first action | ✓ | ✗ | ✗ | ✗ | ~ interrupt() primitive provides HITL pause — not a classified multi-level gate architecture |
Audit artifacts on every execution by default Evidence generated without additional SIEM or export configuration | ✓ | ~ Lifecycle tracking and logs available; requires configuration per deployment | ~ Evidence capture requires workflow configuration; not automatic per execution | ~ Azure Monitor + Sentinel integration required; not generated by default | ~ LangSmith tracing available; requires deployment and configuration setup |
Fail-closed enforcement Any governance violation triggers immediate halt — no degraded operation | ✓ | ✗ | ✗ | ~ Content safety filters can block requests; not a system-wide fail-closed halt | ✗ |
Constitutional laws — versioned and evidence-based Published, versioned governance document grounded in research papers | ✓ | ✗ | ✗ | ✗ | ✗ |
Always-on cognitive monitoring layer 7-component layer monitoring reasoning quality, context, cost, and confidence | ✓ | ~ Agent monitoring for accuracy/drift launched Q1 2026 — post-hoc metrics, not real-time cognitive layer | ✗ | ✗ | ✗ |
Independent governance validation score Published score from a regulated-industry deployment | ✓ | ✗ | ✗ | ✗ | ✗ |
Governance built from published research 18 research papers as evidentiary foundation — not convention | ✓ | ✗ | ✗ | ✗ | ✗ |
When people say "Claude does this" or "Copilot handles that" — they are describing tools.
Bespoke Mentis is not a tool you configure. MU2 is a governance substrate you deploy. The gap above is not a feature list — it is an architectural category that does not yet exist anywhere else.
Why Constitutional AI Matters
Current AI systems hallucinate with confidence. They invent file paths that don't exist. They generate medical recommendations based on training artifacts rather than clinical evidence. They produce code that compiles but fails silently in production.
The industry's response of "it's a known limitation" is unacceptable when the output influences human health, financial stability, and legal outcomes.
Constitutional AI is not a feature. It is the foundation. Governance does not slow velocity; it enables it.
Ready to Deploy AI You Can Trust?
Every Bespoke Mentis system ships with MU2 v2.8, constitutional constraints, the G0–G6 gate system, immutable audit trails, and human oversight gates from day one. Talk to us about your environment.