Every TFB instrument is a fast reflex loop and a slow deliberation loop, joined by a single immutable gate — the governor — that bounds the machine's move to β (under 1) of yours. It can't move unless you move, its share is always smaller than yours, and it can never reverse you. The same clamp runs in all of them; proven once, carried everywhere.
Helm and the Tokenizer are specified and verified end to end. They sit in a wider line of instruments that share the thesis.
You write; it suggests within bounds. Your intent is the hand, its edits the lift — applied only with your hand on the wheel.
You play; it harmonizes under the ceiling. Your line leads; its accompaniment can color but never take the melody.
You draw; it firms toward your own ideal, bounded by β of your deviation. The closest sibling — it already runs the same clamp.
What makes it a family and not five demos: the governor instantiates the same way each time. The hard part is naming the hand, the lift, and the budget honestly per domain.
| instrument | the hand (trusted) | the lift (bounded) | the budget | fail-safe |
|---|---|---|---|---|
| Helm | your force | motor torque | your measured force | blind sensor → motor off |
| Tokenizer | deterministic base | adaptive / LLM resegmentation | base uncertainty | low detection → base |
| Code | your code & intent | suggested edits | your activity & acceptance | low confidence → no auto-apply |
| Duet | your playing | harmonic / rhythmic assist | your notes & timing | silence → your line passes |
| Ink | your stroke | firming toward your ideal | your own deviation | uncertain → raw stroke |
A real instrument increases your contact with reality. The honest ledger, across the line.
The clamp is the strong part. The trusted input, the calibration, the cumulative and multi-DOF accounting, and the governance around it are where the risk and the work live. The honest list — with what each demands.
| weakness | mitigation |
|---|---|
| The measured signal is the attack surface | A spoofed or drifting "your force" grants real authority. Harden the input, not just the clamp: redundant, diverse, signed sensing; plausibility limits; force–motion cross-checks. |
| Silent sensor failure beats fail-safe | "Blind ⇒ zero" needs blindness to be detected. Watchdogs, cross-modal consistency, bounded rate-of-change, bias to zero on disagreement. |
| Per-tick bound ≠ cumulative bound | A persistent in-budget bias can ratchet you over time. Bound cumulative authority over windows; decay the budget; require net-human-positive. |
| Multi-DOF leakage | Budget earned on one axis can be spent on another you aren't driving. Bound each DOF independently; zero budget on idle axes. |
| It bounds force, not goals | A harmful objective pursued within budget is still harmful. Keep human goal-authority; receipts and interpretability on the slow loop. One primitive, not a whole safety story. |
| It protects the reference even when wrong | No-override faithfully preserves a confidently-wrong base. Demand calibrated (not merely high) confidence; promotion paths to fix the base; monitor locked-in errors. |
| Calibration & the deviation metric are hard | The whole guarantee rests on them. Conformal / temperature calibration; semantic-aware deviation; conservative defaults. |
| Sometimes the machine should dominate | E-stop, collision, tremor arrest. A separate, narrow, certified safety authority may exceed β — only to reach a safe state, never to pursue a goal. |
| Governance reduces to keys + a slider | The anchor is immutable only if keys and the build pipeline are. Multi-party signed promotion, reproducible builds, key custody; principled β defaults, β = 0 floor. |
| "Can't overpower me" invites over-trust | The real guarantee is narrow. Scope every claim precisely; keep the honest-limits ledger as loud as the promise. |