Git commits tell you WHAT changed. EPICON tells you WHY.
No consequential action without recorded intent. Mobius is the constitutional witness, not the actor.
EPICON is the Mobius Substrate constitutional principle that no consequential action may occur without recorded intent. EPICON Guard is its first enforcement surface: a GitHub Action that validates a structured Intent Publication in every pull request and classifies the PR into a consequence tier before merge.
Traditional Git tracks what changed, when, and who. It does not track why it changed, when the authority to change it expires, or what would make you revert. EPICON Guard adds that layer.
The protocol does not prevent actions. It makes divergence legible, attributable, and time-bound.
Add five lines to any repo:
# .github/workflows/epicon-guard.yml
name: EPICON Guard
on:
pull_request:
types: [opened, edited, synchronize, reopened]
permissions:
contents: read
pull-requests: read
jobs:
epicon:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: kaizencycle/epicon@v1
Then include an intent block in your PR body:
```intent
epicon_id: EPICON_C-367_CORE_stripe-integration_v1
ledger_id: your-github-username
scope: core
mode: normal
issued_at: 2026-07-09T00:00:00Z
expires_at: 2026-08-09T00:00:00Z
justification:
VALUES INVOKED: integrity, transparency, cost-efficiency
REASONING: Current provider fees are 2.9%; Stripe offers 2.4% plus
stronger fraud detection. Projected savings $50k/year.
ANCHORS:
- Provider fee schedules (public pricing pages)
- Internal fraud-rate benchmarks, Q2 report
BOUNDARIES: Does not apply to invoicing or payout flows
COUNTERFACTUAL: If fraud rate rises above 0.5%, this justification fails
counterfactuals:
- If fraud rate increases >0.5%, revert
- If A/B test shows worse conversion, stay with current provider
```
To make the gate binding, mark Intent Publication Gate as a required status check in branch protection. That is the moment EPICON becomes a precondition gate rather than an audit log.
Every check maps to a named invariant from EPICON-02 (Intent Publication & Divergence Protocol):
| # | Invariant | Enforcement |
|---|---|---|
| I1 | Intent must precede authority | Intent block required; missing intent fails consequential PRs |
| I2 | Intent immutable once published | justification_hash (SHA-256) emitted as a witness |
| I3 | Authority scoped and time-bounded | scope enum + issued_at / expires_at validated |
| I4 | Divergence observable, not blocked | Files outside the scope envelope are flagged, never blocked |
| I5 | Expiration is mandatory | Missing or past expires_at fails; re-publication required |
| I6 | No narrative substitutes verification | Structured justification required — prose never passes the gate |
PRs are classified EP-1 / EP-2 / EP-3 per the EPICON Tiering Specification:
Override the default registry by committing .github/epicon-policy.json —
see policy/epicon-policy.example.json.
tier · status (PASS | PASS_WITH_BACKFILL | QUARANTINE | FAIL_CLOSED) ·
epicon_id · justification_hash · divergence_count — consumable by
downstream workflow steps.
The Action implements — it does not define. Canon lives in the Mobius Substrate monorepo:
docs/epicon/ — EPICON-01/02/03 specifications, EJ schema, templatesdocs/specs/EPICON_TIERING_SPEC_v0.1.md — EP-1/2/3 grammarschemas/epicon_constitutional_v1.schema.json — ledger commitment schema| Component | Status |
|---|---|
| GitHub Action (Intent Publication Gate) | ✅ Live — kaizencycle/epicon@v1 |
| Landing site (GitHub Pages) | ✅ Live |
GitHub App (Checks API, intent immutability, /epicon revalidate) |
🔄 Roadmap — v1 |
| CPC ledger attestation (EP-3 constitutional commitments) | 🔄 Roadmap — v2 |
| Dashboard / Corporate Integrity Index (CII) | 💡 Concept |
| GitLab / Jira / Slack integrations | 💡 Concept |
If it isn’t marked ✅, it doesn’t exist yet. This README does not sell futures.
action.yml # Composite action — the consumable entrypoint
src/validate.mjs # Zero-dependency validator (Node ≥ 20)
policy/ # Example tier policy registry
examples/ # Consumer workflow for adopting repos
test/ # Fixtures + classifier tests
docs/ # Product spec and intent records
website/ # Landing page (GitHub Pages)
git clone https://github.com/kaizencycle/epicon.git
cd epicon
node test/classify.test.mjs
Every PR to this repo is validated by the Guard it ships. See CONTRIBUTING.md.
EPICON Guard is part of Mobius Substrate, civic AI governance infrastructure. Mobius is not a data warehouse and not a decision-maker — it is a constitutional witness. Decision-making remains with humans and authorized systems; EPICON records, gates, and attests.
Related components: the Mobius ledger (integrity-backed audit chain), MIC (integrity-gated credit), and the sentinel council (ATLAS, ZEUS, EVE, JADE, AUREA and roster).
AGPL-3.0. The EPICON specifications in Mobius-Substrate are CC0 1.0 (public domain) — the protocol is free for anyone to implement; this implementation is copyleft.
🛡️ Git commits tell you WHAT changed. EPICON tells you WHY.
Built by kaizencycle · Mobius Substrate · “We heal as we walk.”