FCAL — Fail-Closed Admissibility Layer

The Reality Layer

Deterministic execution boundary for AI systems.

AI can generate proposals.
Execution requires admissibility.
Binary verdict with an audit-ready evidence pack.

Try live validation See fixed examples
The Problem

Two different epistemologies.
One conflation.

Probabilistic evaluation optimizes likelihood. Execution requires binary admissibility. Current systems treat both as the same inference problem.

AI Output
Probabilistic
Optimized for likelihood. Confidence ≠ correctness.
Real-World Execution
Binary
The beam holds or it doesn't. The circuit fires or it doesn't.
Current Approach
Guardrails
Probabilistic checks on probabilistic outputs.
Missing
Admissibility gate
Independent verification against physics or formal limits.
Architecture

AI proposes. Physics decides.

A deterministic gate between AI reasoning and real-world execution. Uncertainty equals rejection.

AI-Generated Proposal
Deterministic Admissibility Gate
SURVIVE
EXTINCT

Uncertainty = Rejection  ·  Fail-closed by design

Interactive Demo

Evidence, not confidence.

Deterministic admissibility is evaluated by a standards-based oracle (Eurocode / Kirchhoff / mandate bounds). This page shows the evidence pack format and decision boundary with fixed inputs for reproducibility. Live oracle endpoint is operational; demonstrated under NDA.

▸ Verdict: SURVIVE / EXTINCT ▸ Evidence: checks + thresholds + references ▸ Audit: reproducible decision trace
Note: this page is not a public oracle endpoint — it is a reproducible evidence-pack format.
Cross-Domain Failure

Each component is safe.
The combination is not.

Single-domain validators check their own scope and report SURVIVE. But failures emerge at the boundary — where one domain's output degrades another domain's assumptions. No individual oracle can catch this. A coupling oracle can.

Scenario: Aluminum frame + PCB assembly (ΔT 60°C at interface)
Phase 1 · Individual domain validation
Structural Oracle ✓ SURVIVE
Checked: ULS bending capacity, Al 6061-T6
Assumption: Ambient temperature (20°C)
Utilization 0.850 ≤ 1.00
Thermal Oracle ✓ SURVIVE
Checked: Thermal envelope per IPC-2152
Assumption: ΔT measured at board–structure interface
ΔT 60°C ≤ 70°C limit
Both oracles report SURVIVE. A component-level review would approve this design.
But the structural oracle assumed ambient temperature. The thermal oracle validated only its own envelope.
Phase 2 · Cross-domain coupling check
Coupling Oracle · Thermal ↔ Structural ✗ EXTINCT
Checked: Thermal derating → aluminum yield reduction
Physics: Al 6061-T6 derating rate 0.3%/°C (ASM/MMPDS, ref. available on request)
Yield strength
276 → 226.3 MPa
−18.0% from thermal derating
Utilization
0.850 → 1.037
Exceeds limit — EXTINCT
The combination is fatal: 60°C heat reduces aluminum yield strength by 18%, pushing utilization past the limit. This failure exists only at the boundary between domains. No single-domain validator can catch it.
Deterministic check: thermal derating (ASM/MMPDS, ref. on request) × structural utilization · Fixed inputs for reproducibility
Full coupling kill evidence pack Finance coupling kill →
Category

Why this layer does not exist today

01 Guardrails are probabilistic — they optimize the same inference that produced the error.
02 Policy engines validate permissions and identity — who can act, not whether the action is physically admissible.
03 No production system ties admissibility to physics, formal limits, or domain-specific mathematical proof.
Positioning

Three layers. One is missing.

Layer What it validates Method
Syntax / Tooling Allowed operations and patterns Rule matching, regex, schema
Policy / Transaction Who can act, when, under what authority Identity, timing, value bounds
Reality Layer (FCAL) Physical and formal admissibility Eurocode, Kirchhoff, formal limits

All three layers are required. Only one is missing.

Foundation

Research and protection

Intellectual Property
Provisional patent filed (USPTO)
System and Method for Validating AI-Generated Responses Through External Simulation Gating with Model-Bound Discrepancy Detection
Research Foundation
Bounded Fallibility
The deterministic admissibility principle is derived from the Residual Error Inevitability Lemma and the Utility–Harm Separation Theorem.

Open / download technical note (PDF) →
Validation Domains
Four production oracles
Structural engineering (EN 1993-1-1 Eurocode)
Electrical circuits (Kirchhoff + IPC-2152)
Governance (risk exposure bounds)
Cross-domain coupling (thermal derating)
Architecture
Fail-closed by design
Every proposal must pass an external, deterministic gate before execution. The gate is not the model. The gate does not learn. The gate does not negotiate.
Contact

Jussi Lumiaho

Systems Architect · Fail-Closed AI Validation · Finland

LinkedIn → Email →
Provisional patent filed (USPTO). Application details available on request.
© 2026 Jussi Lumiaho. All rights reserved.