all-llm-operations-are-defensively-bounded
OUT derived (depth 3)
All three LLM-facing operations — interactive query (ask), batch derivation (derive), and belief classification (list_negative) — apply consistent defensive patterns: bounded execution, fail-soft error handling, hallucination filtering, and graceful degradation on LLM unavailability.
Summary
Every place the system calls an LLM — whether answering a user question, generating new derived claims, or classifying negative beliefs — is protected by the same safety net: execution limits, graceful fallbacks when the LLM is unavailable or returns garbage, and filtering to catch hallucinated results. This claim is currently retracted, meaning at least one of those operational paths may not actually meet this standard.
Justifications
SL — ask+derive defensive bounds (depth-2) combined with list_negative's two-stage classification and hallucination filtering (depth-1) cover all three LLM-facing operations
Antecedents (all must be IN):
- all-llm-interactions-are-bounded-and-fail-soft — All LLM-facing operations apply consistent defensive patterns across both interactive (ask) and batch (derive) paths: bounded execution (iteration caps, timeout handling), fail-soft error recovery (fallback to raw results or skipped proposals), and environment isolation (stripping recursive invocation variables).
- list-negative-is-defensively-bounded — The negative belief listing pipeline applies defense-in-depth: keyword pre-filtering narrows candidates before LLM classification, hallucinated node IDs are discarded against the actual network, and malformed LLM output falls back gracefully to zero count rather than raising.
Dependents
These beliefs depend on this one:
- llm-integration-is-defense-in-depth-across-layers — All LLM integration achieves defense-in-depth across two independent layers: application-level defensive bounding provides iteration caps, fail-soft error handling, Jaccard retraction guards, and hallucination filtering across all LLM-facing operations, while infrastructure-level process isolation executes all LLM calls through subprocess boundaries with CLAUDECODE environment scrubbing to prevent recursive invocation — ensuring safety at both the semantic and process boundaries.