The Control-Plane Paradox
Who evaluates the evaluator is a systems question.
This schematic expands the control plane into separable assets: policy owners, hidden tests, deterministic validators, model judges, evidence stores, signing keys, promotion rules, and disagreement monitors.
The control plane is both guardrail and target.
External governance is necessary for adaptive ecologies. It also concentrates authority in the evaluator, registry, router, release controller, hidden tests, signing keys, and rollback machinery.
plane hidden testsevaluatorregistrysigning keysrouterrollbackhuman approvalmemory policy
An adaptive ecology requires an external authority that candidates cannot rewrite. That authority simultaneously becomes the definition of success, the owner of hidden evidence, the source of deployment permission, the controller of identity, the keeper of lineage, the allocator of resources, the arbiter of retirement, and the mechanism through which rollback occurs.
Why external governance is necessary
Candidates must not edit evaluators, thresholds, hidden tests, policy, registries, release aliases, credentials, or evidence stores. Immutable artifacts, signed manifests, independent evaluation, least privilege, shadow release, canaries, no-op outcomes, and rollback are necessary controls for a changing population.
Why the same layer becomes dangerous
The stronger the control plane becomes, the more damaging its compromise, capture, corruption, monoculture, or misconfiguration becomes. A corrupted evaluator can promote the wrong descendants. A leaked hidden suite can reward overfitting. A compromised registry can launder identity. A signing-key failure can authorize the wrong package. A router mistake can create an untested capability. A rollback packet that lacks memory or alias state can restore only part of the ecology.
What follows
The conclusion is not to abandon external governance. The conclusion is to make the control plane minimal, separable, independently audited, versioned, reproducible, recoverable, transparent about assumptions, resistant to candidate influence, resistant to organizational pressure, and evaluated through multiple independent methods.
Operational rule
Treat governance as a safety-critical subsystem. It must have its own threat model, regression tests, source-integrity records, emergency stop path, and succession process.
<!-- expanded-release-content -->
Concentration of authority
The control plane decides what counts as success. It may hold hidden tests, scoring weights, registry authority, signing keys, deployment aliases, router configuration, memory consolidation rules, permission profiles, evidence records, and rollback instructions. That concentration is useful because candidates should not control these assets. It is also dangerous because failure at this layer can affect the whole ecology.
A compromised evaluator can promote risky descendants while all artifacts appear properly signed. A monoculture of model-based judges can create correlated blind spots while appearing independent on paper. A registry error can preserve lineage while mislabeling active identity. A release alias can point users to a new composition while dashboards still display a familiar product name.
Governance is not outside the system
The evaluator has prompts, models, parsers, budgets, dependencies, owners, and failure modes. The registry has credentials, storage, replication, audit logs, and recovery procedures. The router has thresholds and feedback loops. The human approval process has fatigue, incentives, and time pressure. Treating governance as external in authority does not make it external in risk.
Design posture
A safer control plane is minimal, separable, independently audited, reproducible, recoverable, and explicit about assumptions. It uses append-only evidence where practical, protects hidden tests, preserves no-op outcomes, records evaluator changes, monitors disagreement, and requires human-owned hard constraints for policy decisions.
Succession problem
The control plane can also evolve. Evaluators are updated, benchmarks are replaced, signing keys rotate, registries migrate, and release policies change. Control-plane succession must itself be governed, or the system loses the ability to interpret older evidence.