Risk Twin Scenario Planner
A planner for defining Risk Twin scenarios, configuring accelerated-time simulation parameters, setting pass/fail gates, and validating that a charter fix actually works before it touches production — making recovery testable rather than assumed.
What it does
Alignment Debt tracking catches problems after deployment. Risk Twins catch them before. Chapter 6 draws the line: "Alignment Debt tracking is retrospective... Risk Twins are prospective: they surface problems before deployment by running proposed strategy changes against simulated environments." A Risk Twin is a parallel simulated copy of a deployment, run in accelerated time across thousands of scenarios, that surfaces failure modes before customers do.
This planner is where you build those scenarios. Aether Dynamics runs its Risk Twin continuously in parallel with production; when a pull request proposes a policy change, the CI/CD pipeline deploys it to the twin "at 10× speed, compressing thirty simulated days into three hours." The approval gate is not "this looks reasonable." It is, in the book's exact words, "this passed simulation under normal conditions plus three adversarial scenarios." The tool makes that gate explicit: you define the scenario population, set the time-compression factor, and declare the pass/fail conditions a proposed strategy change must clear before merge.
It also operationalizes Chapter 8's second function — recovery validation. "After a production failure, running the post-mortem scenario through the Risk Twin environment validates that a charter amendment or model recalibration actually fixes the failure mode before redeployment. Recovery becomes testable rather than assumed." The book is candid about why this matters: organizations that skip it, that "amended the charter and redeployed on confidence rather than evidence," watch the same failure recur with a different surface. The planner forces the evidence.
And it respects the limits the book names. Risk Twins "validate strategies against historical patterns and cannot predict black-swan events outside training distribution." So the planner wires in Aether's three divergence signals — confidence intervals widening beyond historical ranges, early performance deviation within the first 48 hours of deployment, and novelty detection for patterns outside training distribution — as live post-deployment guardrails, with the rollback protocol attached.
Who it's for: Guardians, governance leads, and engineers who gate strategy changes — anyone who refuses to ship a charter amendment on confidence when it could be shipped on evidence.
Figure: The simulation instrument this tool builds — a continuous parallel twin gating every proposed strategy change at 10× speed.
APPROVED: passed ≥1 normal + all (≥3) adversarial scenarios.
A strategy change cannot be marked “deployed” without these configured. Toggle a monitor to see the rollback protocol it triggers.
All monitors clear. If any signal fires: reduce deployment scope → increase human oversight → ready rapid rollback. The twin validates against historical patterns and cannot predict what it has never seen.
Limits: the twin validates strategies against historical patterns and cannot predict black-swan events outside training distribution. A PASS is not a guarantee — it is the largest class of failures, the foreseeable ones, caught before they become expensive.
Risk Twins
Strategy as Code
Alignment Debt
Strategy-as-Code Repo Template
Alignment Debt Tracker
IPRE Pipeline Designer
- Book 1, Chapter 6 — "The Governance Layer—How the Organization Stays Within Bounds" (Risk Twins; 10× accelerated simulation; the adversarial-scenario gate; the three divergence signals; the Strategy Repository / Risk Twin architecture).
- Book 1, Chapter 8 — "Production Governance—Detection, Escalation, and Recovery" (Risk Twins as detection and recovery instruments; recovery becomes testable; Klarna counterfactual).