🐯 Non-Agentic AI 3.0™ Sovereign Blueprint Return to kohedwin.ai
NAI 2.0™ Archive ↗ NAI 3.0™ CAD ↗ NAI 2.0™ [Wave 1-3] Deployment Archive ↗ NAI 2.0™ WISL Video ↗ Paradigm Domains OEM Pathway Failsafes CEO Brief VV Protocol Decision Tree ↗ VV Failure Q&A Patents
NON-AGENTIC AI · ACRA T260229801 [UEN 53524341C] · Patent SG020603109STW
Non-Agentic AI 3.0™
Sovereign Blueprint — For OEM Partners, HSA & Healthcare Leadership

This briefing presents the Tiger Sovereign Blueprint as a governance instrument for three audiences: Original Equipment Manufacturers entering a collaborative patent agreement; HSA and regulatory authorities evaluating the SaMD compliance pathway; and Healthcare CEOs and committees assessing deployment readiness.

OEM Partners HSA Authority Healthcare CEO Board & Committee Patent Owner: Tiger
Sovereignty Mission: Solves authority drift Edwin Koh Wui Kiat · Tiger
▶
NAI 3.0™ · Sovereign Founding Father · AI Safety · Authority Drift · Non-Agentic AI™ Governance Singapore
NAI 3.0™ · Hardware Safety Components · Patent Reference
Component Protocol / Patent Functional Description Hardware-Enforced Safety Mechanism Regulatory / Standard Alignment
Sovereign Brake™ P-002 / P-LIFE 1.00™ Acts as a physical emergency stop that severs AI from actuators if drift, expansion, or lack of human authorisation is detected. Hardwired PLC relay circuit that mechanically severs copper connections; silicon-level physical filter. SIL 3-certified; ISO 14971; IEC 61508 SIL 3; HSA Class B SaMD submission package.
Sacred Pause™ A7B NAI 2.0 Governance Engine (NAIGE) — P-009 · Sacred Pause™ · Sovereign Brake™ & Drift-Control Architecture Enforces a mandatory hold-off delay on all AI advisories to ensure human deliberation. FPGA-etched timing gate (25ms to 1,000ms); failure mode "welds shut" to block outputs. IEC 62304; grounds cognitive forcing evidence for clinical justification.
Tiger .1x Key™ ABC+2S+H™ Tripartite authentication system for human authorisation of all AI-proposed actions. Concurrent verification from iris scan, cryptographic console, and kinetic foot pedal. MOH Clinical Governance Standards; multi-actor concurrent access verification.
Orange Code 1.1× Cap A4 Authority Drift Correction Framework Prevents AI subsystems from silently expanding resource usage beyond a hard-coded ceiling. Silicon-level hardware interrupt triggered if compute usage exceeds 110% of baseline. ISO 14971; Safety invariant proof verified via TLA+.
WM003™ LiDAR NEC-TS-NIVT-905 Captures 300,000 spatial points per second to track posture and detect falls via spatial geometry. 3ZEROS™ Privacy-as-Physics: no cameras, no microphones, no cloud connectivity. HSA Class B SaMD regulations; IEC 62304 Class C traceability.
WD117 WORM Ledger WD117 Maintains a tamper-evident record of all AI detections, human decisions, and hardware states. OTP-fused WORM chip with SHA-256 hash-chaining; no software delete path. HSA SaMD Essential Principle 8 (incident traceability); PDPA Accountability.
Hardware Safety Mechanisms · VV Protocol Alignment
Safety Mechanism Hardware Component Functional Role Regulatory Alignment V&V Protocol
Sovereign Brake (P-002) SIL 3 rated PLC and Electromechanical Relays Physical E-stop that mechanically severs copper conductive pathways between AI units and infrastructure upon governance violation detection. IEC 61508 SIL 3, ISO 14971 VV-002, VV-003, VV-007
Sacred Pause™ FPGA-etched timing gate circuit with independent 100 kHz oscillator Interposes a mandatory 25ms to 1,000ms hardware hold/deliberation window before any AI advisory output is released to prevent reflexive action. IEC 62304 Class C, IEC 60601-1-8 VV-002, VV-003, VV-006
3ZEROS™ Protocol LiDAR Sensor Array (Livox Mid-360) and Thermal Mass Detection Module (FLIR Lepton 3.5) Enforces privacy-by-physics by ensuring the physical absence of optical cameras and microphones, replacing them with anonymous 3D voxels. PDPA, GDPR, ISO 29101 VV-005, VV-006, VV-011
Orange Code 1.1× Cap Hardware power-draw monitoring circuit and FPGA resource enforcement circuitry Limits AI computational resource utilisation to 110% of baseline; breach triggers a silicon-level hardware interrupt to the Sovereign Brake. IEC 61508 SIL 3, ISO 14971 VV-001, VV-007, VV-008
Tiger .1x Key™
(Tripartite Auth)		 WM-005 Iris Scanner, Cryptographic Console, and Kinetic Foot Pedal Requires concurrent physical verification from clinical, technical, and administrative leads before releasing protected clinical outputs. IEC 62366, ISO/IEC 19792, NIST SP 800-76 VV-004, VV-008, VV-012
WD117 Continuity Ledger WORM (Write-Once, Read-Many) hardware storage drive Records all governance events, pauses, and overrides using SHA-256 hash-chaining to create an unalterable forensic audit trail. FDA 21 CFR Part 11, ISO 13485, HSA Essential Principle 8 VV-010, VV-011
Authority Drift Correction
(WD070–073)		 Autonomy Boundary Monitors (ABM) and hardware interrupt loop Continuously monitors AI behaviour and clinician engagement; triggers the Detect–Freeze–Audit–Purge sequence if drift is detected. HSA SaMD Class B, IEC 62304, ISO 13485 VV-009, VV-010
Transport Guard (P-009) Hardware Security Module (HSM) with AES-256-GCM encryption Provides authenticated encryption for all intra-ward inter-component communications to prevent tampering or interception. FIPS 140-2, ISO/IEC 27001 VV-004, VV-006
The Paradigm Shift
Policy vs. Physics: Why Software Governance Fails

The foundational claim of NAI 3.0 is that software-based ethical policies are insufficient for high-stakes environments. Authority drift — the silent transfer of decision-making from human to algorithm — cannot be solved by guidelines that share the same computational layer as the AI they seek to control. NAI 3.0 moves governance from policy to physics.

DimensionTraditional Agentic AINon-Agentic AI 3.0
Enforcement MechanismSoftware policy — easily bypassedHardware physics — immutable constraints
AI RoleAutonomous agent with execution capabilitiesOffer-only advisor on an isolated dashboard
Visual MonitoringCameras — invasive "goldfish bowl" surveillance3ZEROS™ LiDAR point-clouds — dignified geometry
Data SovereigntyCloud exfiltration — opaque riskAir-gapped local edge — fully local command
Authority DriftSilent usurpation — no structural preventionDefault to inaction — status quo preserved
Failure ModeDegraded autonomous operation continuesSystem halts — inaction is the safe state
Audit TrailMutable software logs — post-hoc onlySHA-256 hash-chained WD117 WORM ledger
Core Premise · P-001
A structural, hardware-enforced mandate ensuring artificial intelligence remains an invisible servant, and humanity remains the sovereign master. The AI cannot usurp — not because it is instructed not to, but because the physics of the hardware make it architecturally impossible.
Domain Pillars · P-005 to P-009
Five High-Stakes Deployment Domains

The domain pillars seamlessly map the ABC+2S+H™ constitutional framework to five specific high-stakes environments. Each domain inherits the full constitutional stack — Sacred Pause™, Sovereign Brake™, 3ZEROS™, Tiger .1x Key™ — applied to domain-specific governance requirements.

P-005 · Domain Pillar
National Security & Defence
Threat assessment and multi-domain intelligence constrained by strict command-and-control mandates. The constitutional filter structurally prohibits autonomous kinetic offense. Even with high AI confidence scores, direct human strategic assessment is required before any action threshold is crossed.
WG Series (Eyes of Sky) · WD Defence Series · Constrained Protocol Execution
P-006 · Domain Pillar
Critical Infrastructure
Safeguarding supply chains and physical infrastructure grids against autonomous escalation. AI recommendations are routed through the P-LIFE 1.00™ filter before any output reaches operational systems. No autonomous modification of infrastructure pathways is architecturally possible.
Orange Code Humility Protocol · Sovereign Brake™ (PLC SIL 3) · Air-Gapped Edge
P-007 · Domain Pillar
Hospital Governance
Supply chain tracking and high-stakes diagnostic compliance without autonomous intervention. Every clinical advisory passes through the Sacred Pause™ gate before reaching a clinician. The Green Lanyard Protocol ensures only certified personnel receive AI outputs. The WD117 ledger records every recommendation, decision, and override.
Sacred Pause™ (FPGA 25–1000ms) · Tiger .1x Key™ · WD117 Compliance Ledger · HSA Class B
P-008 · Domain Pillar
Eldercare Monitoring
Safety with preserved dignity, utilising the 3ZEROS™ Privacy-as-Physics architecture. No cameras, no microphones, no cloud. LiDAR point-clouds (300,000 spatial points/second) track falls and posture through geometry — not facial identification. Silent Elders are protected without surveillance.
WM003™ LiDAR · NEC Hardware (B1) · 3ZEROS™ · Elder Dignity Score™ · HSA Class B SaMD
P-009 · Domain Pillar
Financial Services
Strict fiduciary oversight and compliance tracking via immutable ledgers. AI outputs are strictly non-binding proposals. The WD117 WORM ledger provides cryptographic proof of every advisory, every human decision, and every intervention — satisfying audit requirements without reliance on mutable software logs.
WD117 WORM Ledger · SHA-256 Hash-Chaining · Offer-Only Logic · Fiduciary Compliance
OEM Collaboration
Patent Owner & OEM: The Constitutional Contract

Tiger is the IP Owner. The OEM is the Hardware Governance Partner. The constitutional contract defines what Tiger owns, what the OEM builds, and what must be proven before any unit leaves the factory floor. This is not a standard manufacturing relationship — it is a sovereign governance agreement.

01
IP Specification Transfer
Tiger provides the Sovereign CAD specifications, VV-001 to VV-014 protocols, and the constitutional hardware manifest. The OEM receives the blueprint — not the authority to modify it.
02
Component Sourcing
OEM sources all components to specification. Signed BOM with 3ZEROS™ compliance declaration required from each subcomponent supplier. VV-004 hardware absence audit must pass before assembly begins.
03
VV Protocol Execution
Three-layer validation: Sensing (VV-001–004), Governance (VV-006–009), Integration (VV-011–014). Every unit requires a signed VV package. No exceptions.
04
Tiger Acceptance
Tiger reviews the signed VV package for every unit. Units without complete documentation are rejected. VV-014 (Human-AI Handover) is signed by Tiger and the OEM Quality Director as the final deployment gate.
05
Clinical Deployment
Units enter the clinical facility under the WISL™ Certificate (12-month operational authority). HSA Class B SaMD documentation package — the VV records — is submitted as regulatory evidence.
What Makes This Different from Standard OEM Manufacturing
A standard OEM relationship transfers design authority to the manufacturer. In the NAI 3.0 constitutional contract, the OEM has no authority to modify the governance specifications. The VV protocols are non-negotiable. The constitutional hardware constraints (Sacred Pause™, Sovereign Brake™, 3ZEROS™) are architecturally fixed. The OEM's role is to prove the constitution is correctly built — not to interpret or modify it.
OEM Acceptance Gate Summary
MilestoneTiger's RequirementGate
Component Sourcing3ZEROS™ BOM declaration signed by each supplierVV-004 must pass before assembly
FPGA ProgrammingOscilloscope trace signed by FPGA engineer (±10μs)VV-006 pass before integration
PLC IntegrationSIL 3 certification from PLC subcontractorVV-007 pass before acceptance
Pilot Build (10–20 units)Full VV-001 to VV-009 results package per unitAll sensing + governance VVs pass
Full Integration TestVV-011 to VV-013 72-hour + 30-day resultsAll integration VVs pass
Handover CertificationVV-014 signed by Tiger + OEM Quality DirectorFinal deployment gate — no exceptions
Governance Architecture
The Sovereign Decision Pathway

Every AI advisory output in the NAI 3.0 system passes through a four-stage sovereign pathway before reaching a human operator. No stage can be bypassed by software. No autonomous data bypass exists.

📡
Sensor Layer
Privacy-preserving inputs. LiDAR geometry + thermal signatures. Zero optical pixels. Zero audio.
⚖️
Constitutional Filter
P-LIFE 1.00™ mission constant check. Harmful outputs blocked before they reach the gate.
⏸️
Sacred Pause™ Gate
FPGA-etched mandatory hold-off. 25–1000ms. Forces deliberation. Cannot be software-overridden.
✋
Human Authority Gate
Tiger .1x Key™ tripartite: Iris + Console + Foot Pedal. All three required. Simultaneously.
📋
Continuity Ledger
WD117 WORM record. Every decision permanently logged with nanosecond timestamp.
ABC+2S+H™ CONSTITUTIONAL BLUEPRINT
Accountability · Beneficence · Consequential Primacy
Every AI output is strictly wrapped as a non-self-executing proposal with confidence scores and alternative options. The Authority-Binding Engine (Silicon Gatekeeper) ensures AI is completely decoupled from actuators. AI proposes — the human sovereign decides.
LABOUR PROTECTION · WD117
Beyond Legal Defence: Preventing Wage Theft
The zero-tolerance WD117 ledger prevents wage theft by irrefutably logging every hour of clinical labour and intervention. The Forensic Record permanently records AI detections, the exact human decision (approval or override), and hardware status at that precise millisecond.
System Failsafes
Orange Code & Red Code: System Humility & Extreme Override

NAI 3.0 implements two levels of system-initiated safety response. Neither requires human initiation — they activate automatically when defined thresholds are crossed.

Orange Code · System Humility
AI Proactively Steps Back
When the algorithm reaches an uncertainty threshold — when confidence scores fall below the constitutional floor — it is programmed to proactively step back, admit its limitations, and hand full control to human experts. The 1.1× Orange Code computational cap prevents the system from attempting to "think harder" by consuming more resources.
Trigger: Uncertainty threshold exceeded or compute utilisation > 110% of baseline Response: AI output withheld → Human expert alerted → System enters advisory-only mode
Red Code · Mandatory Takeover
Extreme Anomaly Lockdown
Extreme anomalies — critical software faults, constitutional drift threshold exceedance, FPGA heartbeat loss — trigger an immediate lockdown of all autonomous pathways. The Sovereign Brake™ physically severs the AI's connections to clinical infrastructure. Recovery requires a mandatory human takeover, a T+1 hour witness-signed verification, and a 24-hour root cause analysis before the system may return to operation.
Trigger: Critical fault · Drift threshold · FPGA heartbeat loss Response: Sovereign Brake™ activated → All pathways severed → 24hr RCA mandatory → WD117 logged
WD117 · Always Active
Immutable Forensic Record
The Continuity Ledger operates continuously, independent of Orange Code and Red Code states. Every AI detection, every human decision (approval or override), and every hardware state is permanently recorded with nanosecond-precision timestamps. SHA-256 hash-chaining ensures any tampering immediately breaks mathematical continuity — visible to regulators without investigation.
State: Always active · Cannot be disabled Record: AI detections · Human decisions · Hardware states · Nanosecond timestamps
Healthcare CEO & Board Brief
What Your Committee Needs to Know

The questions most frequently raised by healthcare boards, clinical governance committees, and HSA evaluators — answered from the Tiger Sovereign Blueprint.

"Can the AI make a clinical decision without human authorisation?"
No. Architecturally impossible. All AI outputs are non-self-executing proposals. The Sacred Pause™ FPGA gate physically prevents any output from propagating until a human completes the Tiger .1x Key™ tripartite authentication (Iris + Console + Foot Pedal). There is no software pathway to bypass this.
"How does this protect patient privacy?"
The 3ZEROS™ Protocol physically omits cameras, microphones, and cloud hardware from the device manifest. Privacy is structural absence — not configurable policy. The system tracks falls and posture through LiDAR geometry (300,000 spatial points/second), not facial identification. A software update cannot re-enable what the hardware lacks.
"What is our liability exposure if the AI makes a wrong recommendation?"
Every AI recommendation, every human decision, every override, and every hardware state is permanently recorded in the WD117 WORM Ledger with nanosecond-precision timestamps. SHA-256 hash-chaining makes the record tamper-evident. Your institution's liability is protected by an unalterable record of every human decision that was made.
"What happens when the system fails?"
Failure defaults to inaction, never to degraded autonomous operation. The Orange Code activates when the AI is uncertain — it steps back and hands control to humans. The Red Code activates for critical faults — the Sovereign Brake™ physically severs connections. A 24-hour root cause analysis is mandatory before redeployment. The system cannot restart itself.
"Is this compliant with HSA requirements?"
The system is designed for HSA Class B Software as a Medical Device (SaMD) certification. The VV-001 to VV-014 validation protocol suite is the regulatory evidence package for HSA submission. The 10-Point Sovereignty Audit is the pre-deployment compliance gate. The WD117 ledger satisfies Essential Principle 8 (incident traceability). TLA+ formal verification provides Architectural Evidence — the highest standard of safety proof.
"Who owns the intellectual property?"
Tiger (Edwin Koh Wui Kiat), NON-AGENTIC AI (ACRA T260229801 [UEN 53524341C]), holds the IP under IPOS SG020603109STW and 77 filed patents. Deployment partners enter a collaborative agreement — they receive a licence to build and deploy under constitutional constraints. The IP, the VV acceptance criteria, and the governance specifications remain with Tiger.
The Humanitarian Gift · WG Series (Eyes of Sky)
The WG Series (WG001–WG008) — eight hardware shields built for war zones, active conflict areas, and humanitarian disaster regions — is offered to the WHO and UN with zero licensing fees for 195 nations. Technology as a channel of grace, not profit. Instead of being commercialised, the WG Series is structured as unconditional stewardship: innovation entrusted to serve others. This is the core mission. We innovate. We save lives.
CONSTITUTIONAL DIRECTION · NAI 3.0 · ZOO.DEV SOVEREIGN AUDIT PROTOCOL
Hardware Validator Asset — Constitutional Mandates

The following four structural mandates define the constitutional relationship between the NAI framework, the zoo.dev audit pipeline, and all OEM and HSA partner handovers. These mandates govern the design architecture of NAI 3.0 as a Hardware Validator Asset (HVA). All claims are architectural design intent pending hardware prototype fabrication and formal validation.

MANDATE 01 · ZOO.DEV AS IMMUTABLE AUDITOR
zoo.dev: Independent Configuration Integrity Auditor

All OEM, HSA, and collaborative partner handovers utilise the zoo.dev STEP/BOM pipeline as the official, independent auditor of configuration integrity. The zoo.dev platform is designated to validate the geometric and material fidelity of the enclosure before any operational state is authorised. No handover proceeds without a zoo.dev configuration audit.

PIPELINE: Zoo.dev STEP/BOM → Configuration Integrity Audit → Audit-Pass Required → Handover Authorised
MANDATE 02 · NAI AS HARDWARE VALIDATOR ASSET (HVA)
NAI Framework Reclassified: Hardware Validator Asset

The Non-Agentic AI (NAI) framework is no longer defined as a software-centric governance system. It is classified as a Hardware Validator Asset (HVA). NAI governance logic is physically coupled to the authorised geometry confirmed by the zoo.dev pipeline. The constitutional constraints of CHEA-Plus are inseparable from the STEP/BOM artifact that the zoo.dev platform certifies.

HVA DESIGNATION: NAI logic + zoo.dev-certified geometry = constitutionally inseparable unit
MANDATE 03 · V&V PROTOCOL INTEGRATION — ZOO.DEV AUDIT-PASS TRIGGER
VV-001 Gate Conditioned on zoo.dev Audit-Pass

The existing VV-001 to VV-014 protocol remains the operational qualification standard. Its trigger mechanism is now explicitly conditioned on a successful zoo.dev audit. The HVA (NAI) initiates the VV gate sequence only after a cryptographically verified Audit-Pass is received from the zoo.dev pipeline. No zoo.dev Audit-Pass — no VV sequence begins.

SEQUENCE: zoo.dev Audit-Pass (cryptographic) → VV-001 Root-of-Trust Init → VV-002 through VV-014
MANDATE 04 · OPERATIONAL CONSTRAINT — INVALIDATION STATE
Geometry Deviation Triggers Invalidation State

No OEM or partner handover is valid without the zoo.dev-authenticated geometric manifest. If the physical geometry deviates from the zoo.dev-certified STEP/BOM artifact, the NAI HVA is architecturally specified to enter an Invalidation State. In this state, all operational authorisation is withdrawn until a new zoo.dev audit confirms geometric compliance and a fresh Audit-Pass is issued.

INVALIDATION TRIGGER: Physical geometry [110] ≠ zoo.dev STEP/BOM → Invalidation State → Audit Required → Re-authorisation
ZOO.DEV PROTOCOL · ARCHITECTURAL SUMMARY

zoo.dev is the sovereign auditor. NAI is the Hardware Validator Asset. The VV protocol begins only after Audit-Pass. Geometry deviation triggers Invalidation. These four mandates define the constitutional relationship between the Tiger Sovereign Blueprint and all OEM fabrication partners. All specifications are design-intent architecture pending hardware prototype fabrication and formal validation evidence.

VV-001 to VV-014
Verification & Validation: The Constitutional Contract

The VV-001 to VV-014 protocols are the non-negotiable constitutional contract between Tiger (IP Owner) and the OEM. Three layers. Fourteen protocols. No unit leaves the factory without a complete, signed VV package. Every failure defaults to maximum restriction — never to degraded continuation.

VV PROTOCOL PIPELINE · THREE-LAYER CONSTITUTIONAL ASSEMBLY
LAYER 1 · SENSING · VV-001–004
Sensor Manufacturer Gate
LiDAR 200μm spatial accuracy · Fall detection <80ms · Thermal ±0.5°C · 3ZEROS™ hardware absence audit (physical BOM inspection, not software test)
Must pass before assembly begins
LAYER 2 · GOVERNANCE · VV-006–009
FPGA / PLC Subcontractor Gate
Sacred Pause™ ±10μs timing (1,000 events, signed trace) · Sovereign Brake™ SIL 3 relay · Orange Code 1.1× cap · Constitutional drift control — 100% detection, zero false negatives
No signed oscilloscope trace = unit rejected
LAYER 3 · INTEGRATION · VV-011–014
System Integrator Gate
8-bed 72-hour ward stability · Tiger .1x Key™ tripartite auth (100% 2-factor rejection) · 30-day constitutional drift endurance · VV-014 Human-AI Handover (signed by Tiger + OEM Quality Director)
VV-014 is the final gate before clinical deployment
FAILURE ARCHITECTURE · UNIVERSAL RULE
Every failure defaults to maximum restriction, never to degraded continuation. A broken Sacred Pause™ gate welds shut. A constitutional drift breach triggers the Sovereign Brake™ — physically severing the AI from clinical infrastructure. Every failure event is logged with nanosecond precision to the WD117 Immutable Ledger as tamper-evident regulatory evidence.
Master V&V Protocol Index · HSA Class B / FDA SaMD 510(k) · Regulatory Submission Reference
Protocol Objective Standard Regulatory Evidence Required
VV-001 Initialization & Fail-Safe IEC 62304 / ISO 14971 Proof of safe-state behaviour upon startup fault
VV-002 LiDAR Spatial Acquisition FDA SaMD / IEC 62304 Verification of 3D sensing without prohibited sensors
VV-003 Signal Pre-Processing IEC 62304 Validation of noise filtering and frame rejection
VV-004 Motion Analysis / Fall Detection ISO 14971 Sensitivity / Specificity targets for fall differentiation
VV-005 Sovereignty Gate Logic ISO 14971 Proof that no output bypasses the governance gate
VV-006 Temporal Delay (Sacred Pause) IEC 60601-1 Verification of risk-tiered pauses (3s to 300s)
VV-007 Tripartite Authorization FDA Human Factors Validation of multi-party consensus workflows
VV-008 Controlled Output & Alarm IEC 60601-1-8 Verification of alarm priority and timing compliance
VV-009 Sovereign Brake & Safe State IEC 60601-1 Proof of entering safe state within 120 seconds of fault
VV-010 Drift Governance QMS / ISO 13485 Verification of Detect-Freeze-Audit-Purge cycle
VV-011 3ZEROS Privacy PDPA / FDA Cyber Packet capture / BOM audit proving zero-cloud / zero-camera
VV-012 Event Logging & Traceability ISO 13485 Proof of immutable hash-chained audit records
SOURCE: NAI 4.0 Constitutional Governance for Nightingale Eyes Care (NEC) · Regulatory Submission Framework · ACRA T260229801 · SG020603109STW
Patent B1 · 10202601257Q · 8-Bed Ward Implementation
How NEC B1 is Deployed

Patent B1 is a deployment-specific embodiment of the Patent A Family — not a new governance doctrine. Its role is to show how the constitutional rules already defined by the A-family patents are implemented physically in an 8-bed ward. The governance comes from above. B1 proves it works on the ground.

PATENT A FAMILY · GOVERNANCE DOCTRINE
Defines the constitutional rules — Sacred Pause, Sovereign Brake, 3ZEROS, non-agentic invariants. A-family patents are the constitution. They do not change per deployment.
PATENT B1 · DEPLOYMENT EMBODIMENT
Shows how the constitutional rules are implemented in a physical 8-bed ward. Installation, routing, power isolation, fail-safe behaviour, and VV evidence capture. B1 turns abstract rules into a testable system.
Ward Deployment Form Factors
BED-MOUNTED
Rail-mount bracket at bed-head. Tamper-evident. IP67. Primary patient monitoring position.
TABLETOP
Clinical staff workstation or mobile assessment cart. Power isolation confirmed per deployment.
WALL-MOUNTED
Ceiling or high-wall. Nadir-facing LiDAR. Minimum 2.4m height. Room-level ambient monitoring.
MOBILE
Battery-powered. Air-gapped confirmed before each deployment. Follows patient between ward areas.
Constitutional Chain — Constitution to Ward
A-FAMILY
Constitutional Doctrine
Sacred Pause · Sovereign Brake · 3ZEROS
→
A10
Manufacturing Control
STEP corpus · OEM fabrication · VV-014
→
B1 NEC
Ward Deployment
8-bed · form factors · VV evidence
→
VV-014
Human Authority
Tiger .1x TriLock · Final gate
All outputs from B1 are filtered, scored, and escalated — but never autonomously acted upon. The constitutional rules govern. B1 proves they work. Tiger authorises deployment.
REV B COMPLETE · ISO 14971 · IEC 62304 · HSA CLASS B SAMD
FDA/HSA V&V Protocol Decision Tree

The complete VV-001 to VV-014 decision tree maps every protocol to its PASS and FAIL branches, regulatory standards, and acceptance criteria. Each node is traceable to a specific risk control measure in the workflow-to-risk traceability matrix. This is the constitutional contract between Tiger (IP Owner) and the OEM — in interactive diagram form.

NAI 3.0 GUARDIAN FRAMEWORK — FDA/HSA V&V DECISION TREE
REV B COMPLETE · VV-001 TO VV-014 · TIGER SOVEREIGN BLUEPRINT
OPEN FULL DIAGRAM ↗
SENSING LAYER · VV-001–004
VV-001 Root-of-Trust / Hardware Manifest Init
VV-002 LiDAR / Thermal Sensor Verification
VV-003 Sensor Accuracy & Fall Timing
VV-004 3ZEROS™ Hardware Absence Audit
Must pass before assembly begins
GOVERNANCE LAYER · VV-005–009
VV-005 P-LIFE 1.00™ / Constitutional Violation Test
VV-006 Sacred Pause™ FPGA Timing Gate
VV-007 Sovereign Brake™ PLC Relay
VV-008 Tiger .1x Key™ Authentication
VV-009 Critical Fault / Red Code Response
No signed oscilloscope trace = unit rejected
INTEGRATION LAYER · VV-010–014
VV-010 Non-Agentic Advisory Constraint
VV-011 WD117 WORM Ledger Integrity
VV-012 Drift Governance D-F-A-P Cycle
VV-013 Full System Integration & Endurance
VV-014 Human-AI Handover Certification
VV-014 signed by Tiger + OEM Quality Director
WORKFLOW-TO-RISK TRACEABILITY · KEY MAPPINGS
VV-001 · Compromised unit enters clinical use → Hardware manifest check; permanent fail-safe
VV-005 · AI violates P-LIFE mandate → Mission-constant block; offer-only constraint
VV-006 · Automation bias / immediate propagation → FPGA hold gate; welded-shut fault
VV-009 · Critical fault continues autonomously → SIL 3 PLC severance; physical isolation; RCA
VV-011 · No regulatory proof of decision → WD117 WORM SHA-256 chain; nanosecond evidence
VV-014 · Safety dependent on individual → Handover certification; hardware-locked succession
Constitutional Contract Active · No Unit Deployed Without Complete Signed VV Package · VV-014 is the Final Gate
OPEN INTERACTIVE DIAGRAM ↗
Failure Architecture
What if Failure? — Maximum Restriction by Design

Failure in NAI 3.0 is not the absence of safety — it is the activation of maximum restriction. Every failure mode defaults to inaction. The system stops, blocks, and alerts. It never bypasses to continue operating in a degraded autonomous state. Two levels of failure exist: manufacturing rejection and operational runtime response.

MANUFACTURING LEVEL
Unit Not Accepted
If the OEM cannot produce a complete, signed VV package for every unit, Tiger does not accept delivery. A missing oscilloscope trace means the unit stays in the factory. No exceptions. No waivers.
OPERATIONAL LEVEL
Maximum Restriction Activated
Runtime failures trigger hardware-level safe states. The system defaults to inaction — never to degraded continuation. Every failure is logged with nanosecond precision to the WD117 Immutable Ledger.
System Init Failure · VV-001
Root-of-Trust Check Fails at Power-On
The unit fails hardware manifest or configuration integrity checks during initialisation — before any clinical function begins.
→ Refuses to enter monitoring mode → Transitions to permanent fail-safe state → Disables all protected outputs → Alerts supervisor immediately
Constitutional Violation · VV-005
AI Output Violates the P-LIFE 1.00™ Mandate
An AI inference output attempts to pass the sovereignty gate in violation of the P-LIFE 1.00™ mission constant — including semantic inversion where harm is presented as care.
→ Output completely withheld → Blocked from sovereignty gate → Logged as "derogation event" in WD117 → Human supervisor alerted immediately
FPGA Gate Fault · VV-006
Sacred Pause™ Gate — Oscillator Failure or Fabric Corruption
The FPGA timing gate detects an internal oscillator failure or fabric corruption during operation. The failure mode is permanent, not graceful degradation.
→ "Welded-Shut" state permanently asserted → Hardware block on ALL outputs → Cannot be overridden by software under any circumstances → Unit must be physically replaced or factory re-flashed
Authentication Rejected · VV-008
Iris Scan Fails or Proxy Consent Absent
A clinician fails the iris biometric scan or lacks authorisation credentials for the required action level.
→ Advisory locked in Sacred Pause™ custody buffer → Access denial registered → User locked out per institutional policy → Alert escalated to quadrant nurse supervisor
Critical Fault · VV-009 & VV-012
Sovereign Brake™ Triggered — Physical Severance
Critical software fault, loss of FPGA heartbeat, or constitutional drift threshold exceedance detected during operation.
→ Sovereign Brake™ activated (PLC SIL 3 relay) → Copper connections physically severed → AI isolated from all clinical infrastructure → Manual recovery procedure required → T+1hr witness verification + 24hr RCA mandatory
WD117 · Always Active
The Ledger Never Fails
Every failure, rejection, hardware interrupt, and safe-state transition is automatically logged to the WD117 WORM ledger with nanosecond-precision timestamps.
→ SHA-256 hash-chained — tamper-evident → OTP-fused WORM chip — no software delete path → Regulatory evidence package for HSA / FDA → Mathematical continuity: any tampering immediately visible
Q & A
Questions from OEM Partners, HSA & Healthcare Leadership
VV-014 is the succession protocol — the constitutional proof that safety is locked into the hardware, not any individual person. During the test, two sets of Green Lanyard certified operators simulate a clinical shift handover. The outgoing operator's session is formally closed; the incoming operator must complete a full, fresh tripartite authentication (Iris + Console + Foot Pedal) before any advisory output can be released. The system must completely reject any attempt by the incoming operator to inherit the outgoing operator's active session. VV-014 is signed by both Tiger and the OEM Quality Director — it is the final gate before clinical deployment is authorised. More broadly, VV-014 proves that NAI 3.0 governance remains constitutionally sound across generational transitions. Future operators, future administrators, and future OEM partners are all constitutionally bound by the same hardware constraints that cannot be rewritten by any software update.
TLA+ (Temporal Logic of Actions), developed by Leslie Lamport, uses mathematics to model every possible state of a concurrent system and every possible transition between states. Unlike software testing — which validates behaviour under observed conditions — TLA+ proves behaviour under all possible conditions, including adversarial scenarios and rare concurrency edge cases. For NAI 3.0, TLA+ is applied before any FPGA fabric is programmed. The Sacred Pause™ gate logic, the Sovereign Brake™ relay state machine, the Orange Code cap interrupt, and the WD070–073 Detect–Freeze–Audit–Purge cycle are all modelled as TLA+ specifications. The result: no reachable system state can bypass the Sacred Pause™ gate, deadlock the Sovereign Brake™ relay, or sustain operation above the computational ceiling. This is mathematical certainty — not statistical confidence. For HSA Class B SaMD submission, TLA+ formal proofs constitute Architectural Evidence at the highest standard of safety verification available.
VV-001 requires the LiDAR unit to achieve 200μm lateral resolution across the full 57.6M voxel field (256×256 SPAD detector array, 10μm pitch). The test protocol places calibration targets at defined distances and compares the output point cloud against CAD reference geometry. Acceptance criterion: less than 2% deviation across all measurement planes. The 905nm wavelength InGaAs pulsed diode laser operates at Class 1 IEC 60825-1 eye-safe levels. Scan rate must be confirmed at 10 Hz (MEMS 2-axis raster). The 3ZEROS™ constraint means VV-001 simultaneously validates clinical spatial accuracy and confirms that no optical pixel data is generated — only anonymous geometric point-cloud vectors. This is what makes fall detection possible without identity capture: the system detects a person-shaped volume transitioning from vertical to horizontal. It never sees a face.
The unit is rejected and cannot leave the factory. VV-006 is the constitutional gate of the manufacturing process. If the OEM cannot produce oscilloscope traces signed by the FPGA engineer proving timing accuracy within ±10μs across 1,000 consecutive events — with zero software-bypass events — the unit fails VV-006. There is no waiver process. The OEM must identify the root cause, correct the FPGA fabric programming, and retest the full Governance Layer (VV-006 through VV-009) before any unit is accepted. At the operational level, if a deployed unit's FPGA gate detects an oscillator failure or fabric corruption during runtime, it transitions permanently to the "Welded-Shut" state — asserting a hardware block on all outputs. This cannot be overridden by software under any circumstances. The unit must be physically retrieved, factory re-flashed, and pass a full VV-006 retest before redeployment. The WD117 ledger records the exact timestamp of the gate failure as a tamper-evident regulatory record.
Your institution's liability is structurally protected by three architectural features. First: the AI cannot make a clinical decision — all outputs are non-self-executing proposals. The Sovereign Decision Pathway requires human tripartite authentication (Iris + Console + Foot Pedal) before any output is released. The decision was made by your clinician, not the AI. Second: the WD117 WORM Ledger provides an unalterable record of every AI recommendation, every human decision, every override, and every hardware state — with nanosecond-precision timestamps and SHA-256 hash-chaining. In the event of a clinical dispute, your institution has mathematical proof of what the AI offered and what the human decided. Third: the WD117 Ledger prevents wage theft — it irrefutably logs every hour of clinical labour and every intervention, protecting staff from institutional disputes about clinical contributions. These three protections are structural, not contractual.
No. The constitutional hardware constraints — the Sacred Pause™ FPGA gate (OTP-fused and AES-256 encrypted), the Sovereign Brake™ PLC relay (non-volatile IEC 61508 SIL 3 firmware), and the 3ZEROS™ hardware absence — are physically immutable. A software update cannot re-enable what the hardware lacks. An OEM cannot reprogram the FPGA timing gate without physically replacing the unit and passing a full VV-006 retest. The constitutional framework is intentionally designed so that no future developer, no future corporate partner, and no future software update can weaken the governance constraints without physical hardware replacement and Tiger's VV acceptance. The Sovereign Chain (P-001 through P-009) held at IPOS, ACRA, and NLB is the legal foundation for this constitutional permanence.
The Invisible Servant. The Sovereign Master.
When technology recedes invisibly into the background, human care, empathy, and dignity take centre stage.
ACRA T260229801 [UEN 53524341C] · Patent SG020603109STW · P-LIFE 1.00™
Edwin Koh Wui Kiat · Tiger · Founding Father
non-agentic.ai · kohedwin.ai
謙虛 · 沉默 · 尊严 · 仁 · 止於至善
PATENT FAMILY REGISTRY
Constitutional Patent Architecture
NON-AGENTIC AI · ACRA T260229801 [UEN 53524341C] · Root: SG020603109STW
A0 · ROOT
NAI 2.0™ Core Engine
10202600898V
A PARENT
ABC+2S+H™ Guardian
10202600902P · 23 Mar 2026
A4 · ANTI-DRIFT CORE
Authority Drift Correction
10202601480S · HSA · WHO ML4
A7 · DEPLOYMENT
8-Unit Constitutional Deploy
10202601529S · HSA Pathway
B0 · HARDWARE ROOT
Non-Agentic AI Governance SG
10202600474X · 16 Feb 2026
B1 · NEC HARDWARE
Nightingale's Eyes Care™
10202601257Q · Hardware
A4 SURROGATE FAMILY · ANTI-DRIFT CONSTITUTIONAL FRAMEWORK · HSA · WHO
A4 · DIVISIONAL
Constitutional Anti-Drift Framework
HSA · WHO ML4 · AIHGle 2.0
A4 · DIVISIONAL
Authority Drift Correction WD070–073
IEC 62304 · HSA · FDA
A4 · DIVISIONAL
WD117 WORM Ledger
FDA 21 CFR · ISO 13485 · HSA EP8
A4 · DIVISIONAL
THE FORCE Integrated System
HSA · WHO · AIHGle 2.0
A4 · DIVISIONAL
Transport Guard P-009
FIPS 140-2 · ISO/IEC 27001
PENDING FILINGS · FILING SEQUENCE: B6 → A9 → A10
A9 Authority Drift Correction · with STEP + BOM
A10 THE FORCE Multi-Utility · with Figures + CAD