# PYTHON_QUARANTINE — runtime is C++/CUDA/Planck, Python is the surgery station behind glass **Doctrine, 2026-05-01.** GIGACHAD_NATIVE is a sovereign C++/CUDA runtime. Python has no place in the living organism: not as router, not as organ logic, not as verifier in the production path, not as the thing deciding architecture. Python is allowed only as a disposable **offline surgery capsule** that produces non-Python artefacts the C++ runtime can mmap. --- ## What is forbidden * **Python in the hot path.** No Python process running during inference. * **Python as a router.** The dispatcher in `src/main.cpp::run_chat` and the route classifiers in `src/dispatcher/` are the only routers. No Python sidecar that decides what an organ runs. * **Python as organ logic.** Every `phys05_*` and `physarium_*` is C++/CUDA producing tokens through the `OrganManager` against a `.planck` pack. * **Python as production verifier.** `verifier::verify_for_route` in C++ owns acceptance. Python verifiers exist only inside `tools/bench/*.py` for *measuring*, never for *gating runtime behaviour*. * **Python deciding architecture.** Schema, pack format, organ farm topology, BD store, dispatcher rules — all defined in C++ headers / source. Python doesn't get to mutate live structure. A Python file that lives in `src/` or `build/` is a smell — investigate before merging. ## What is allowed Python is permitted only inside `tools/surgery/`, `tools/bench/`, or one-off scripts under `scripts/`, and only when the script is one of: | Allowed Python role | Example | |-----------------------------------|--------------------------------------------------------| | **Bench harness** (offline) | `tools/bench/mbpp_he_3mode.py`, `tools/bench/livecodebench_3mode.py`, `tools/bench/monster_integration_v1.py` — call `--chat`, score outputs. Never live during user inference. | | **Poison harvester** | `tools/surgery/bench_to_poison_dataset.py`, `tools/surgery/poison_to_dataset.py` — read DAG / bench JSON, emit JSONL. | | **QLoRA trainer** (PEFT/PyTorch) | `tools/surgery/train_code_skeleton_lora.py` — train an adapter, save to disk. Once. Not invoked at runtime. | | **Merge + repack** | `tools/surgery/merge_code_skeleton_lora.py` — produce a fresh `.planck` pack. After this step Python is done. | | **Probes / one-shot diagnostics** | `tools/surgery/identity_probe.py`, `_diagnose_memory.py` — read state, print report, exit. | Each of those is a **disposable capsule.** It runs to completion, drops a non-Python artefact (`.planck`, `.jsonl`, `.md`, `.json`), and is gone. The artefact crosses the glass into the C++ runtime; the Python process does not. ## Output contract — what crosses the glass The only legal outputs of a Python surgery capsule are: 1. **A `.planck` pack** consumed by `OrganManager` via `mmap` (`build/planck7b_tool` produces the pack from a merged HF dir). 2. **A JSONL dataset** under `data/organ_surgery//poison_train.jsonl` (input to the next surgery, never read at runtime). 3. **A report** under `reports/` (or its mirror in `/mnt/c/Users/pc/Desktop/folder/reports/`) that humans read. 4. **A scoreboard / memory update** noting the surgery happened. If a Python tool wants to ship anything else into the live runtime — a `.so`, a daemon, a sidecar HTTP server, a pickle — that is a violation of this doctrine and must be rewritten in C++ before it is allowed near production code. ## How this maps to BD6 The BD6 pass that closed 2026-05-01 followed the contract exactly: ``` bench failures (C++ runtime → reports/MBPP_HE_3MODE_V1.json) → tools/surgery/bench_to_poison_dataset.py [Python] → data/organ_surgery/phys05_code_skeleton/poison_train.jsonl → tools/surgery/train_code_skeleton_lora.py [Python, QLoRA, GPU] → tools/surgery/output/code_skeleton_lora/ [PEFT adapter on disk] → tools/surgery/merge_code_skeleton_lora.py [Python, merge + planck7b_tool] → physarum05b_code_skeleton.planck [BF16 pack — the artefact] → src/organs/organ_manager.cpp PHYS05_PACK retargeted → make -j4 → C++ runtime mmaps the new pack at boot → Mode-B re-bench (NO_7B_FALLBACK=1, organ-only) → reports/MBPP_HE_3MODE_V1.json overwritten → reports/BD6_POST_SURGERY_DELTA.md ``` After the merge step, Python exits. The runtime does not import torch / peft / transformers. It mmaps the BF16 weights, runs them on the existing CUDA Q4 / DP4A path, and emits a DAG envelope. No Python in the request path, ever. ## How to keep this doctrine alive * When you write a new file in `tools/surgery/` or `tools/bench/`, document its **single artefact output** at the top of the file (a `.planck`, a `.jsonl`, a `reports/*.md`). * If a future task tempts you to add a Python service that the runtime calls — stop. Either (a) compile that logic into C++/CUDA, (b) make it produce a static artefact at build time, or (c) reject the task. * Reviews should treat any new `import` of `torch`, `peft`, `bitsandbytes`, `transformers`, `datasets`, `peft`, or `accelerate` outside `tools/surgery/` and `tools/bench/` as a hard fail. * External backends (llama.cpp, ExLlamaV2, AWQ-Marlin) follow the same rule — they are patients on the autopsy table per `CLEAN_ROOM_DOCTRINE.md`, not runtime dependencies. The BD6 capsule is the same shape: it touches Python only inside a glass box, then ships a pack. The runtime is a body. Python is a scalpel. After the cut, the scalpel is washed and put back in the drawer.