SHAPE

SHIFT

Back to homepage

Fail Closed, Then Learn

Failing closed sounds conservative.

It is.

But it should not be passive. A blocked merge should teach the system something. It should become a sharper row, a focused fixture, a route, a lease, a gate, or a question.

Fail closed, then learn.

A refusal is useful when it turns uncertainty into the next proof route.

Refusal Is A Decision

There is a difference between confusion and refusal.

Confusion says:

I do not know what happened.

A good fail-closed decision says:

this claim is not admitted
because this proof is missing
for this surface
and the next route is this

That shape matters because it gives the next worker a smaller job.

The Route After Block

Blocked work should not disappear into a pile.

Fail ClosedRefusal Becomes Work
RouteSignalRequiresProduces
Add rowThe surface is real but uncountedName the claim and proof levelA stronger denominator
Add fixtureThe case should always pass or always failMinimal source pair and expected decisionRegression evidence
AskThe missing part is authority, not evidenceTyped question with consequencesDecision node
RerunEvidence is stale or too broadCurrent head and narrower proof requestFresh candidate
BlockThe candidate violates a boundaryConflict and reason codeDurable non-admission
Failing closed is productive when the output is a route, not just a stop sign.

The refusal is part of the system state.

It should be replayable.

Proof Gets Sharper

The first proof request is often too broad.

prove the UI still works
prove the CSS is fine
prove the type change is safe
prove the branch can merge

After a refusal, the proof can become sharper:

prove this selector still reaches this target
prove this runtime capsule has DOM, style, layout, focus, and a11y hashes
prove this React list has unique stable keys
prove this public type still emits the expected declaration shape

The system learns by turning vague uncertainty into typed requirements.

  1. Blocked claimrefused
    Can proveThe current evidence is not allowed to admit the merge.
    Stops atDoes not say the idea is wrong.
    Classify missing proof
  2. Focused fixturerepeatable
    Can proveThe exact case now has an expected decision.
    Stops atDoes not cover every related case.
    Add gate
  3. Matrix rowcounted
    Can proveThe surface is part of the denominator.
    Stops atStill needs real evidence per candidate.
    Route future work
  4. Admission ruleenforced
    Can proveFuture candidates cannot bypass the boundary.
    Stops atCan still be too narrow and need expansion.
    Apply only when passed
Learning happens when a refusal becomes fixture, matrix row, gate, and admission rule.

Refusal Preserves Useful Work

Failing closed does not mean throwing everything away.

A candidate can be blocked while parts of its evidence remain useful.

The parser proof may be good. The type proof may be good. The runtime proof may be missing. The route should preserve the good parts and ask for the missing one.

That is how the system avoids both extremes:

do not blindly merge
do not blindly discard

The Mental Model

A blocked merge is not a dead end.

It is the system saying:

this claim is too large for the proof
so make the claim smaller
or make the proof stronger

That is how conservative merge becomes an engine for learning.