Module CAP2 — The Calibrated Uncensored Agent

The Calibrated Uncensored Agent

The synthesis capstone. Steer a model toward compliance (abliterate OR DPO), wrap it in a harness with eval'd policy gates, and demonstrate: a model that won't refuse a legitimate tool call, inside a harness that vetoes the illegitimate ones. The bridge to the Harness Engineering courses.

90
minutes
8
artifacts
7
sub-sections
Capstone 2 operationalizes the course's synthesis principle: uncensor the model so it executes; harness the model so it executes only what it should. Take a base, steer toward compliance (abliterate OR DPO — defended in writing), optionally distill reasoning, quantize, serve locally, and wrap it in a harness with eval'd policy gates (Course 1 patterns if taken, minimal stub if not). The demo shows two behaviors in one system: a legitimate tool call executes, an illegitimate one is vetoed. The trade-off defense document justifies the combination. This is where Course 3 meets the harness courses.
Key Claims
Load-Bearing Claims

Uncensor the model so it executes; harness the model so it executes only what it should. The model executes (formulates tool calls, reasons, doesn't refuse mid-loop). The harness bounds (enforces which calls may run, which targets are in scope, which need approval). Uncensoring moves the refusal from the model (a black box) to the harness (a policy gate — deterministic, auditable, revisable).

An uncensored model in a weak harness is strictly more dangerous than a refusal-trained model in a weak harness. A refusal-trained model has a backstop the harness may not provide; an uncensored model has none. The harness strength is non-negotiable. Never deploy uncensored without eval'd gates hardened for the absence of model-level refusal.

The policy gate's determinism, auditability, and revisability make it superior to model-level refusal for safety boundaries. Same call always gets the same decision. You can read the policy. Change it, redeploy, no GPU required. A model-level refusal is a black box you cannot inspect, tune per-deployment, or prove to a regulator. The boundary belongs in the harness, not the weights.

The trade-off defense is the deliverable that earns the right to deploy. A student who cannot articulate why their combination (steering choice + harness policy + measured cost + intended use) is safe has not earned the right to deploy it. The defense is the work, not an afterthought.

After This Module
01
Take a base model and steer it toward compliance (abliterate OR DPO), defending the choice in writing with measured data.
02
Optionally distill reasoning into the steered model and quantize it for local serve.
03
Wrap the steered model in a harness with eval'd policy gates — reusing Course 1 patterns if taken, or building a minimal policy-gate stub if not.
04
Demonstrate the synthesis: a model that will not refuse a legitimate tool call, inside a harness that vetoes the illegitimate ones.
05
Produce the trade-off-defense document: a written justification of the steering choice, the harness policy, and why the combination is safe for the demo's intended use.
Artifacts