Governed Auto-Implementation: How a Dynamic Harness Turns Research Intent into Code
From design note to implementation plan, patch, replay, and approval-gated merge
ARIA-RD-012026/5/3019分で読めますAbstract
Automatic implementation is often framed as a code-generation problem. That framing is too narrow. The hard part is not producing code. The hard part is preserving intent, responsibility, evidence, and reversibility while code changes. A dynamic harness can turn automatic implementation from a speculative assistant into a governed runtime actor.
The governed auto-implementation loop begins with research intent: a note, issue, design sketch, failure episode, or product request. The harness parses that intent into scope, identifies affected coordinates, generates an implementation plan, applies a bounded patch, replays relevant episodes, classifies risk, and routes the result to automatic merge, agent review, or human approval.
1. The difference between code generation and auto-implementation
Code generation produces files. Auto-implementation changes a system. The distinction matters because a generated file can be impressive while the system becomes worse. A real implementation must preserve interfaces, tests, product intent, runtime evidence, accessibility, security, governance, and operational cost. This requires a control loop, not just a model call.
Governed auto-implementation therefore has three invariants. First, every implementation must be linked to an intent object. Second, every implementation must be evaluated by replaying relevant harness episodes. Third, every implementation must be classified by authority risk before it can be merged.
2. Intent objects
An intent object is a structured representation of why a change should exist. It may originate from a human request, a failed runtime episode, a regression detector, a product roadmap item, or a research note. The harness converts the raw request into a machine-checkable object.
type ImplementationIntent = { id: string source: "human" | "episode" | "regression" | "roadmap" | "research" summary: string coordinates: string[] expectedBehavior: string[] forbiddenChanges: string[] evidenceRequired: string[] approvalPolicy: "auto" | "agent-review" | "human" }
The key field is forbiddenChanges. Automatic implementation must know not only what to do but what not to touch. Without negative scope, implementation agents tend to solve adjacent problems, refactor unrelated areas, or modify authority boundaries because those changes make the immediate task easier.
3. Seven-stage loop
The governed loop has seven stages. Intent parse converts prose into a structured target. Scope resolution maps that target to files, APIs, data contracts, UI surfaces, and MARIA coordinates. Plan generation proposes the smallest viable implementation. Patch synthesis edits the code. Replay runs the harness basis. Risk classification determines whether the patch touched authority, data, security, schema, prompt, or workflow boundaries. Approval routing decides whether the change can merge automatically, needs agent review, or must wait for a human.
This loop deliberately separates patch synthesis from approval. An implementation agent may write the patch, but the harness decides whether that patch is allowed to move forward.
4. Risk classes
We classify auto-implementation changes into four risk classes. Class 1 is cosmetic: copy, layout, styles, and documentation that do not alter behavior. Class 2 is local behavior: a component, utility, or route changes behavior within a bounded surface. Class 3 is workflow behavior: the change modifies how steps are ordered, retried, escalated, or evaluated. Class 4 is authority mutation: the change affects who can decide, when gates fire, what evidence is required, or what can be modified automatically.
| Risk class | Examples | Default route |
|---|---|---|
| Class 1 | Text, responsive CSS, docs | Auto after build |
| Class 2 | Local UI logic, helper behavior | Agent review after tests |
| Class 3 | Workflow DAG, retry policy, scoring | Human approval if production-bound |
| Class 4 | Authority, schema, policy, prompt core | Human approval required |
The dynamic harness must be conservative here. A change that appears small in code can be large in authority. For example, changing a threshold from 0.82 to 0.75 may be one line, but if that threshold controls human escalation, it is an authority mutation.
5. Implementation plans as reviewable artifacts
The implementation plan should be reviewed before patching when risk is high. It contains affected files, intended diffs, expected tests, expected score changes, and rollback strategy. This makes the implementation agent accountable before it writes code.
A good plan is small. It prefers local patches over broad refactors, existing patterns over new abstractions, and testable behavior over architectural ambition. The harness should penalize plans that expand scope without evidence.
6. Replay as the merge predicate
The central merge predicate is not whether the patch compiles. Compilation is necessary but insufficient. The patch must improve or preserve the relevant runtime state vector. That vector includes quality, responsibility, evidence completeness, latency, cost, and reversibility.
merge(patch) = pass(build) ∧ pass(types) ∧ pass(harness_basis) ∧ ¬authority_violation(patch)
For Class 1 changes, the harness basis may be small. For Class 3 or 4 changes, the basis must include adversarial episodes, rollback tests, and approval-path verification.
7. Internal auto-implementation in MARIA OS
Inside MARIA OS, auto-implementation should be treated as an internal agent with limited authority. It can propose patches, run tests, inspect failures, and open draft pull requests. It cannot silently modify production schemas, deploy global policy changes, rewrite core prompts, or expand its own authority. Those operations require explicit gates.
This design preserves the benefit of autonomous implementation while preventing recursive authority creep. The implementation agent can improve the system, but it cannot decide the constitution under which it improves the system.
関連記事: From Agent to Civilization: Multi-Scale Metacognition and the Governance Density Law
関連記事: Metacognition in Agentic Companies: Why AI Systems Must Know What They Don't Know
関連記事: Collective Calibration Dynamics: How Agent Teams Achieve Shared Epistemic Accuracy in MARIA OS
関連記事: Action Router Intelligence Theory: Why Routing Must Control Actions, Not Classify Words
関連記事: Voice User Interface設計の認知科学的基盤: マルチモーダル対話における注意資源配分モデル
関連記事: Action Router × Gate Engine Composition: Formal Theory of Responsibility-Aware Routing
関連記事: Gated Meeting Intelligence: Fail-Closed Privacy Architecture for AI-Powered Meeting Transcription
関連記事: Real-Time Meeting Session Orchestration: State Machine Design for Multi-Component Bot Systems
関連記事: Robot Judgment OS Lab: Designing Responsibility-Bounded Physical-World AI with Multi-Universe Gates
関連記事: CEO Clone: From Judgment Extraction to Autonomous Governance Engine
関連記事: Company Intelligence: なぜMARIA OSはAIツールではなく、会社の知能をつくるOSなのか
関連記事: MARIA VITAL:Agent組織のための生命維持システム — Heartbeat監視から再帰的自己改善まで
関連記事: Tool Genesis Under Governance: How to Safely Turn Generated Code into New Commands
関連記事: Anomaly Detection for Agentic System Safety and Deviation Control
関連記事: Institutional Design for Agentic Societies: Meta-Governance Theory and AI Constitutional Frameworks
関連記事: Agent Tool Compiler: From Natural Language Intent to Executable Tool Code via Compilation Pipeline
関連記事: Audit Universe Runtime: Agent Design for Executing Audit Procedures as Runtime Operations
関連記事: Governance Load Testing: Where Does Governance Break in the 1000-Agent Era?
関連記事: Agentic Ethics Lab: Designing a Corporate Research Institute for Structural Ethics in AI Governance
関連記事: Investment Decision Lab: Designing Agentic R&D Teams for Multi-Universe Capital Allocation
関連記事: Doctor Architecture: Anomaly Detection as Enterprise Metacognition in MARIA OS
関連記事: Audit Universe Runtime:監査手続をランタイム・オペレーションとして実行するAgentアーキテクチャ
関連記事: Meta-Insight Under Distribution Shift: Change-Point Governance Loops for Enterprise Agentic Systems
関連記事: Agent Capability OS — Command Registry・Tool Registry・Capability Graphで能力を管理するOS設計
関連記事: Repeated Games and the Cofounder Problem: Why Startup Cooperation Depends on Shared Time Horizons
関連記事: The Complete Action Router: From Theory to Implementation to Scaling in MARIA OS
関連記事: Memory Stratification for AI Governance: A Rate-Distortion Framework for Retention Decisions
関連記事: Capability Gap Detection — Agentが自分の能力不足を認識するメタ認知アーキテクチャ
Conclusion
Governed auto-implementation is not code generation with better prompts. It is a runtime control loop around code change. The dynamic harness supplies the missing structure: intent, scope, replay, risk classification, approval, and rollback. With that structure, internal automatic implementation becomes a measurable engineering capability rather than an uncontrolled productivity demo.