| name | black-barrier |
| description | Use Black Barrier when ordinary buffering is too soft and thresholding alone is too permissive. The problem is not just one incoming hit, or a stream of weak noise, but contact that should have to prove itself before it reaches the work at all: ambiguous requests, half-authorized changes, untrusted touchpoints, speculative interruptions, or access that has not earned the right to cross the perimeter. Black Barrier establishes a denser selective shell around a critical surface. Unlike Barrier, it is not a one-hit absorb. Unlike Aura, it does not merely ignore weak impacts below a threshold. It enforces a stricter admission rule: only declared, validated, high-confidence contact gets through, and everything else is refused, deferred, or held outside until it can justify entry. |
Black Barrier
Raise a deny-by-default barrier that only admits named, legitimate contact.
Overview
Use Black Barrier when ordinary buffering is too soft and thresholding alone is too permissive. The problem is not just one incoming hit, or a stream of weak noise, but contact that should have to prove itself before it reaches the work at all: ambiguous requests, half-authorized changes, untrusted touchpoints, speculative interruptions, or access that has not earned the right to cross the perimeter. Black Barrier establishes a denser selective shell around a critical surface. Unlike Barrier, it is not a one-hit absorb. Unlike Aura, it does not merely ignore weak impacts below a threshold. It enforces a stricter admission rule: only declared, validated, high-confidence contact gets through, and everything else is refused, deferred, or held outside until it can justify entry.
This is the secondary Codex compatibility rendering of a hybrid battle-chip pattern with a shipping-now execution model.
Canonical chip family: Black Barrier
Codex shelf: Defense and Recovery
Provider target: Codex compatibility surface.
When To Use
- A critical workflow, decision path, or operating surface should not accept casual, ambiguous, or weakly justified contact.
- You need stronger selectivity than Aura because the real problem is unauthorized or poorly qualified entry, not just nuisance noise.
- The next phase of work needs a hardened perimeter where only named, validated interactions are allowed through.
Workflow
- Name the exact surface that needs the barrier and define why ordinary buffering is no longer sufficient there.
- Specify the admission standard explicitly: what contact is trusted enough to enter, what evidence it must provide, and what gets refused or held outside.
- Raise the smallest deny-by-default barrier that preserves the necessary path for legitimate work, then verify that only qualified contact crosses it.
Deliverables
- A deny-by-default protective layer, policy, gate, or operating rule around the named critical surface.
- A short note describing what is allowed through, what is blocked, what is deferred for later review, and why.
Guardrails
- Black Barrier is for high-selectivity protection, not blanket refusal of reality. If legitimate work cannot cross the perimeter, the barrier is too dense.
- Do not describe vague distrust as a security policy. The admission rule must be explicit enough that Hermes can tell allowed contact from rejected contact.
- If a simple absorb layer would handle the next hit cleanly, use Barrier instead. If a threshold shell against nuisance pressure is enough, use Aura instead.
Default Invocation
Use Black Barrier to raise a deny-by-default protective shell around the critical surface: allow only named, validated, legitimate contact through, keep ambiguous or unqualified contact outside, and explain the admission rule clearly.
