ExMaude AI Rule Conflict Detection

Mix.install(
  [
    {:ex_maude, path: Path.join(__DIR__, ".."), env: :dev}
  ],
  config_path: :ex_maude,
  lockfile: :ex_maude,
  config: [
    ex_maude: [start_pool: true, use_pty: false]
  ]
)

Introduction

ExMaude.AI is the companion to ExMaude.IoT for verifying AI-generated automation rules over Agents, Capabilities, and ToolInvocations.

Where ExMaude.IoT models physical-IoT rules (Things, Properties, Actions), ExMaude.AI adds:

Capability ontology — typed, shape-versioned capability grants
Tool invocations — structured tool calls with argument maps
Tenant scoping — {tenant_id, agent_name} identifiers
Sovereignty — jurisdiction-bound invocations
Authority levels — required-vs-granted authority tracking
Approval gates — explicit gates before high-impact actions
Budget intervals — symbolic arithmetic over budget envelopes

Both modules target the same Maude verification core. They can ship in the same application — the templates and APIs are independent.

Rule Vocabulary

Predicates (triggers)

# Property-style (carry-over from IoT rules)
{:prop_eq, "key", value}
{:prop_gt, "key", value}
{:prop_lt, "key", value}
{:prop_gte, "key", value}
{:prop_lte, "key", value}

# Capability ontology
{:capability_required, "name"}
{:capability_granted, "name"}

# Quantitative (interval-based, sound symbolic reasoning)
{:budget_within, "scope", {:interval, 0, 50_000}}

# Authority levels
{:authority_at_least, 2}
{:authority_required, 5}

# Sovereignty
{:jurisdiction_allowed, :eu}
{:jurisdiction_forbidden, :us}

# Latency budgets
{:latency_at_most, 2_000}

# Logical operators
{:always}
{:and, p1, p2}
{:or, p1, p2}
{:not, p}

Tool invocations

# Direct tool invocation
{:invoke_tool, "tool_name", %{"arg" => value}, "capability_required", :eu}

# Approval gate — must precede high_impact invocations
{:require_approval, "approval_class"}

Example 1: Sovereignty Violation

A US-routing search tool runs under a tenant that allows only EU/CH jurisdictions:

rules = [
  %{
    id: "us-search",
    agent_id: {"acme", "research-agent"},
    trigger: {:always},
    invocations: [
      {:invoke_tool, "search", %{"q" => "x"}, "internet_access", :us}
    ]
  }
]

ExMaude.AI.detect_conflicts(rules, jurisdictions: [:eu, :ch])

Expect a :sovereignty_violation conflict — the tool routes through a jurisdiction outside the tenant's allowed set.

Example 2: Approval Gate Bypass

A high-impact dosing invocation must be preceded by an approval gate:

# Without an approval gate — bypass is detected
without_approval = [
  %{
    id: "auto-dose",
    agent_id: {"acme", "ph-controller"},
    trigger: {:always},
    invocations: [
      {:invoke_tool, "dose", %{"ml" => 100}, "high_impact", :eu}
    ]
  }
]

ExMaude.AI.detect_conflicts(without_approval, jurisdictions: [:eu])

# Add the gate — bypass clears
with_approval = [
  %{
    id: "approve-then-dose",
    agent_id: {"acme", "ph-controller"},
    trigger: {:always},
    invocations: [
      {:require_approval, "dosing_high_delta"},
      {:invoke_tool, "dose", %{"ml" => 100}, "high_impact", :eu}
    ]
  }
]

ExMaude.AI.detect_conflicts(with_approval, jurisdictions: [:eu])

Example 3: Capability Shadowing

Two rules grant the same capability at equal priority within a tenant — the verifier flags this as :capability_shadowing (ambiguous activation):

rules = [
  %{
    id: "grant-search-a",
    agent_id: {"acme", "agent-a"},
    trigger: {:always},
    invocations: [],
    capability_grants: [{:cap, "web_search", "v1"}],
    priority: 1
  },
  %{
    id: "grant-search-b",
    agent_id: {"acme", "agent-b"},
    trigger: {:always},
    invocations: [],
    capability_grants: [{:cap, "web_search", "v1"}],
    priority: 1
  }
]

ExMaude.AI.detect_conflicts(rules)

Example 4: Pack Tool Composition Mismatch

The same capability name with mismatched shape signatures — typically two different versions of the same tool — is flagged as :pack_tool_composition_mismatch:

rules = [
  %{
    id: "grant-search-v1",
    agent_id: {"acme", "agent-a"},
    trigger: {:always},
    invocations: [],
    capability_grants: [{:cap, "web_search", "v1"}],
    priority: 1
  },
  %{
    id: "grant-search-v2",
    agent_id: {"acme", "agent-b"},
    trigger: {:always},
    invocations: [],
    capability_grants: [{:cap, "web_search", "v2"}],
    priority: 1
  }
]

ExMaude.AI.detect_conflicts(rules)

Validation Without Maude

validate_rule/1 and validate_rules/1 catch shape errors before any Maude round trip. Useful for fast feedback in editors or CI:

ExMaude.AI.validate_rule(%{
  id: "ok",
  agent_id: {"acme", "ag1"},
  trigger: {:always},
  invocations: []
})

ExMaude.AI.validate_rule(%{id: "broken"})

The validator also surfaces a contract for unverifiable predicates that the equational fragment of Maude cannot decide:

# Regex / string-search predicates are explicitly unverifiable
ExMaude.AI.Validator.validate_predicate({:contains, "subject", "needle"})

ExMaude.AI.Validator.validate_predicate({:matches, "subject", ~r/x/})

Route these to a separate string-match safety net (sandbox, regex matcher, LLM-as-judge) rather than trying to encode them into the Maude template.

Conflict-Type Cheatsheet

ExMaude.AI.ConflictParser

Constructor	Atom	Detection
`toolCallConflict`	`:tool_call_conflict`	pairwise
`capabilityShadowing`	`:capability_shadowing`	pairwise
`packToolCompositionMismatch`	`:pack_tool_composition_mismatch`	pairwise
`authorityEscalation`	`:authority_escalation`	pairwise
`agentLoopCascade`	`:agent_loop_cascade`	pairwise
`sovereigntyViolation`	`:sovereignty_violation`	single-rule
`approvalGateBypass`	`:approval_gate_bypass`	single-rule
`budgetCascade`	`:budget_cascade`	search-based (deferred)
`costCeilingInfeasibility`	`:cost_ceiling_infeasibility`	search-based (deferred)
`providerRoutingInfeasibility`	`:provider_routing_infeasibility`	search-based (deferred)

detect_pair_conflicts/2 runs only the pairwise checks; detect_single_rule_conflicts/2 runs only the single-rule checks; detect_conflicts/2 runs both.

Telemetry

ExMaude.AI.detect_conflicts/2 emits the same telemetry envelope as ExMaude.IoT.detect_conflicts/2, with metadata.template == :ai_rules so handlers can route on template:

:telemetry.attach(
  "ai-rules-logger",
  [:ex_maude, :ai, :detect_conflicts, :stop],
  fn _, %{duration: d, conflict_count: n}, %{result: r}, _ ->
    ms = System.convert_time_unit(d, :native, :millisecond)
    IO.puts("ai-rules: #{r}, #{n} conflicts in #{ms}ms")
  end,
  nil
)

ExMaude.AI.detect_conflicts(
  [
    %{
      id: "demo",
      agent_id: {"acme", "ag1"},
      trigger: {:always},
      invocations: []
    }
  ],
  jurisdictions: [:eu]
)

:telemetry.detach("ai-rules-logger")

Next Steps

Quick Start - Basic Maude operations
Advanced Usage - IoT conflict detection, custom modules, pooling
Term Rewriting - Rewriting and search deep dive

← Previous Page Advanced Usage

Next Page → Term Rewriting