all-llm-interactions-are-bounded-and-fail-soft
OUT derived (depth 2)
All LLM-facing operations apply consistent defensive patterns across both interactive (ask) and batch (derive) paths: bounded execution (iteration caps, timeout handling), fail-soft error recovery (fallback to raw results or skipped proposals), and environment isolation (stripping recursive invocation variables).
Summary
Every place the system calls an LLM — whether answering a question or generating new derived knowledge — uses the same safety guardrails: hard limits on how long it can run, graceful handling when the LLM fails or misbehaves, and protection against accidentally spawning itself recursively. This means no single LLM call can hang the system, crash it, or spiral out of control.
Justifications
SL — Both LLM interaction paths share bounded-and-fail-soft design, ensuring no LLM failure can crash or hang the system
Antecedents (all must be IN):
- ask-is-fault-tolerant-and-bounded — The ask module is fault-tolerant (always returns a string, catches LLM failures, falls back to raw FTS5 search) and execution-bounded (tool loop capped at 3 iterations), ensuring reliable bounded knowledge retrieval regardless of LLM availability.
- derive-pipeline-is-defensive — The derive pipeline applies multiple defensive measures: fail-soft validation, Jaccard-based retraction guard, and environment variable stripping to prevent recursive spawning
Dependents
These beliefs depend on this one:
- all-llm-operations-are-defensively-bounded — All three LLM-facing operations — interactive query (ask), batch derivation (derive), and belief classification (list_negative) — apply consistent defensive patterns: bounded execution, fail-soft error handling, hallucination filtering, and graceful degradation on LLM unavailability.
- llm-integration-is-bounded-fail-soft-and-process-isolated — LLM integration achieves three independent safety properties across all modules: execution bounds (iteration caps and timeouts), fail-soft error handling (always returns usable results on failure), and process isolation (subprocess invocation with CLAUDECODE environment stripping to prevent recursive entry)