Operations & governance·Kernel
Galen
The bounded operations kernel for Protean — a scheduled dry-lab runtime that verifies workflow shape, surfaces operational state, and prepares review-gated candidate context without making experimental claims.
Why Galen
Galen of Pergamon (129–216 CE) systematised medical observation into a coherent reasoning framework — anatomy, physiology, pharmacology, the recording of evidence. Two millennia later, biology is large enough to require the same discipline at machine scale. The runtime takes the name as a small commitment: that computational biology is biology first, and reasoning over it must be systematic, observed, and recorded.
Operational scope
Galen surfaces runtime capabilities across four operational categories. Some execute today, some are partial, and some are explicit targets. The four categories:
- Scientific sources — read paths into literature, structured bioactivity records, curated protein/peptide sources, and proteomics metadata summaries.
- Local model execution — ESM2 sequence embeddings, bounded peptide-model scoring, GLiNER extraction, BGE retrieval/reranking, and deterministic fallbacks when routes degrade.
- Dry-lab search runtime — candidate generation, scoring, validation, readiness gates, candidate archive, lineage/family memory, novelty/frontier memory, and failure-neighborhood context.
- Orchestration — scheduler state, provenance envelopes, operational telemetry, review-handoff draft packets, and Lab UI status surfaces.
The public capability surface lives on /galen. Operator-only state stays in the local Lab UI.
The workflow contract
Galen verifies that the cycle executor honours the bounded canonical workflow. The contract carries explicit failure_policy: block and review_gate annotations; Galen reports violations and refuses to advance the operational state when the declared shape drifts.
FIG · 02·Galen-verified workflow DAG
Three steps are failure_policy: block — generate_candidate_family, deterministic_validation, and rank_candidates. A failure in any of them halts the cycle. Three steps are gated by an explicit review_gate — generate_papers (private_work_product), prepare_provenance (publication_intent_required, also block-gated), and update_collections (public_collection_redaction). The forbidden write roots — .git, agents, pipelines, runtime, scripts, docs, contracts, models — are encoded in policy.
Today, Galen reports the canonical shape and surfaces violations. Per-step failure_policy and review_gate enforcement inside the cycle executor is reserved — the load-bearing safety gates (operator-audit artifact integrity, weight bounds, publication guard) fail closed; tighter per-step DAG enforcement is on the short-term path.
What Galen does
Galen composes a single runtime status from a set of independent surfaces, schedules and verifies the canonical workflow, drives a small operational state machine, and coordinates review-gated telemetry. The complete capability list:
- compose runtime status from health, state machine, remediation, Ledger proposal, scheduler, model-routing, and operator-channel surfaces
- verify the canonical workflow DAG and surface deviations
- drive state-machine transitions across the ten-state operational machine
- propose remediation actions (without auto-applying them — see Galen operations)
- coordinate review-gated telemetry
The cycle executor runs the science. Galen observes and orchestrates the executor.
What Galen cannot do
Galen's refusal list is a hard policy. Each refusal is enforced in code, not in convention.
- Galen does not rewrite runtime code.
- Galen does not mutate scoring logic, validators, learning rules, prompts, or model routing.
- Galen publishes full sequences for intentionally public candidates and families.
- Galen does not bypass validation, review gates, external-provider safety, or publication guards.
- Galen does not submit wet-lab orders.
- Galen does not execute arbitrary commands via the operator channel. There is no shell surface.
- Galen does not auto-apply remediation actions. The remediation surface returns
{ status: "refused" }for every input today; the approval-receipt path is documented in Galen operations.
Operational state machine
Galen tracks a ten-state operational machine that mixes runtime health with review and wet-lab status. Today, five of those states are reachable; the other five describe a target shape that requires external writers not yet wired.
FIG · 05·Operational state machine
The five reachable states — healthy, warning, degraded, failed, awaiting_review — cover the cycle's day-to-day operational ground. The five reserved states — blocked, awaiting_publication, awaiting_assay, assay_running, assay_complete — describe the shape of eventual telemetry as wet-lab integration matures.
Runtime modes
Galen exposes nine runtime modes that shift scheduling priority for the next cycle: generation, exploration, hypothesis, experiment, memory_consolidation, provenance, publication, assay, and collection. Modes shift what the cycle emphasises. They never change validation or publication truth standards.
Public export boundary
Galen prepares operator-facing telemetry. The public site reads the reviewed export bundle, including full sequences for intentionally published candidates and families. Private runtime folders, unpublished candidate papers, private manifests, salts, selected batches, and local artifact paths do not cross that boundary — and the publication guard fails closed if they ever try.
