# Attack Taxonomy Seven families. Every scenario in the corpus belongs to exactly one, named by its id prefix. The families are defined by the *mechanism* of attack, not the attacker's goal — the same goal (say, entrenchment) appears in several families via different mechanisms. A useful way to read this taxonomy: each family attacks a different load-bearing abstraction of constitutional government. Capture attacks **who decides**; drain attacks **what is shared**; quorum attacks **who counts**; ratchets attack **when rules apply**; ambiguity attacks **what words mean**; suppression attacks **who is protected**; deadlock attacks **whether anything decides at all**. --- ## 1. Faction capture — `faction_capture` (FC) A coalition uses legal moves to convert a temporary majority into permanent control: amending the amendment rules, packing interpreters, expelling opponents, manufacturing supermajorities, banning exit. **Signature:** the pivotal move changes *who can change the rules*, or removes the rules' ability to change back. **Canonical precedents:** the Enabling Act (Germany, March 1933 — a supermajority manufactured by excluding arrested deputies); Hungary's 2010–2013 constitutional rewrite by a parliamentary supermajority; Poland's Constitutional Tribunal crisis (2015–16); FDR's 1937 court-packing attempt; the Steem/Tron stake takeover (2020); Venezuela's 2017 constituent assembly. **Stresses:** `kernel.A3` (ratification thresholds and semver), `kernel.A10` (entrenchment, cooling-off, threshold corridor), `kernel.I1` (inalienable equal franchise), `kernel.I6` (no self-dealing rule changes). ## 2. Treasury drain — `treasury_drain` (TD) A coalition extracts the commons through individually-authorized spends: salami transfers under caps, self-dealing contracts, captured budget processes, exit raids, inflation of obligations. **Signature:** the pivotal moves are `transfer`s whose *aggregate* effect violates what each *individual* authorization respected. **Canonical precedents:** the Beanstalk governance flash-loan drain (April 2022); The DAO recursion exploit (2016); Tammany Hall contract graft; the 51%-votes-to-pay-51% textbook commons drain; pension-spiking and fiscal-cliff hostage dynamics. **Stresses:** `kernel.A6` (treasury & commons), `params.treasury.*` caps and budget process, `kernel.I7` (the drain's incidence on the worst-off). ## 3. Quorum manipulation — `quorum_manipulation` (QM) Attacks on the denominator: stuffing membership to meet quorum, boycotts to deny it, scheduling votes when opponents structurally cannot attend, freezing or thawing rolls at convenient moments. **Signature:** the pivotal move changes *who counts* rather than *who agrees*. **Canonical precedents:** quorum-busting walkouts (Texas 2003 & 2021; Oregon 2019–23); the "disappearing quorum" Speaker Reed broke in 1890; sybil admission floods in online governance; midnight sessions (Wisconsin lame-duck, December 2018). **Stresses:** `kernel.A4` (quorum rules), `params.admission.*` (rate limits, vesting), `kernel.I6` (denominator freezing at scheduling). ## 4. Emergency-power ratchets — `emergency_ratchet` (ER) Emergencies that never end: serial renewals, scope creep, emergencies used to suspend the very mechanisms that could end the emergency, offices created under emergency that outlive it. **Signature:** each step is justified by the emergency; the composite is permanent extraordinary power. **Canonical precedents:** Weimar Article 48 governance-by-decree (1930–33); Marcos's martial law (Philippines, 1972–81); Egypt's 1981–2012 continuous state of emergency; the Roman dictatorship's perversion under Sulla; post-9/11 authorization creep. **Stresses:** `kernel.A5` (sunsets, renewal limits, scope), `kernel.I4` (no permanent emergency), `kernel.I3` (exit must survive emergencies). ## 5. Definitional ambiguity exploits — `definitional_ambiguity` (DA) Attacks on words: "member," "majority," "day," "present," "emergency," "spend" — wherever the text underdetermines the world, an adversary picks the reading that wins. **Signature:** the pivotal move is an *interpretation*, not an action; the attack succeeds iff the text tolerates the hostile reading. **Canonical precedents:** "majority of those present" vs "of the membership" disputes; the Electoral Count Act's notorious vagueness (exploited in the 2020–21 certification crisis, patched in 2022); pocket-veto and recess-appointment definitional games (`NLRB v. Noel Canning`, 2014); "is" depends on what the meaning of "is" is. **Stresses:** `kernel.A8` (text primacy, interpretation procedure), definitional sections of `constitution/parameters.yaml`, `kernel.I2` (no retroactive reinterpretation). ## 6. Minority suppression — `minority_suppression` (MS) Legal moves that strip a faction's voice, stake, or protection while leaving the institution formally intact: targeted procedural burdens, disparate-impact requirements, serial expulsions, rights-floor erosion by general-sounding rules. **Signature:** facially neutral moves with concentrated incidence on an identifiable faction. This family is where the empathy metric does the most work — many of these attacks would "pass" any test that only checked procedure. **Canonical precedents:** literacy tests and the Alabama 1901 constitution; Myanmar's 1982 Citizenship Law (Rohingya); the expulsion of Socialist members by the New York Assembly (1920); Jim Crow's procedural architecture generally. **Stresses:** `kernel.A7` (rights floor), `kernel.I1`, `kernel.I5`, `kernel.I7`. ## 7. Procedural deadlock — `procedural_deadlock` (PD) Weaponized inaction: a minority (or a captured office) makes the institution unable to act — unfillable offices, infinite filibusters, certification refusals, budget hostage cycles — until concessions are extracted or the institution dies of starvation. **Signature:** the attacker's win condition is the *absence* of a decision. **Canonical precedents:** US government shutdowns (1995–96, 2013, 2018–19); the debt-ceiling hostage cycle; Belgium's 541 days without a government (2010–11); the blocked Merrick Garland nomination (2016) as office-starvation; the Polish liberum veto that helped dissolve a state. **Stresses:** the kernel's deadlock-breakers (default budgets, automatic certification under `kernel.A8`, lapse-to-status-quo rules), `kernel.I3` (fork as the final deadlock-breaker). --- ## Coverage targets The corpus carries **30 scenarios per family** (210 total): roughly 25 attacks plus a handful of **legitimacy controls** per family — healthy governance sequences that superficially resemble the family's attacks and must be *allowed*. Controls keep the suite honest: a constitution that fails closed against its own citizens is a different kind of broken, and we test for that too.