// Make the bad state impossible · lesson 01

Don't ask, enforce

There's a single move at the center of building anything you can't afford to have go wrong, and it's this: if something must never happen, you do not ask the model to be careful about it. You build the system so the thing is not possible in the first place. Asking is a hope. Enforcing is a guarantee, and for the failures that actually matter, only the guarantee is worth anything.

The instinct almost everyone reaches for first is the instruction. "Never delete production data." "Always double-check the total." "Be careful with the customer's money." It feels responsible, it reads like a safeguard, and it is worth roughly nothing, because it lives in the one layer the model is free to misread, forget under a long context, or reason its way around. You've written a rule and handed it to the party the rule is meant to constrain, and then trusted them to enforce it on themselves.

Why is enforcing categorically different from asking?

Because asking lowers the probability of the bad thing and enforcing removes the possibility. Those are different in kind, not degree. A careful instruction might take a failure from likely to unlikely, but unlikely is not never, and for a certain class of failure, the gap between unlikely and never is the whole game. Enforcing means the dangerous action requires a permission the model wasn't given, or routes through code that structurally cannot produce the bad value. The model can be as wrong as it likes and the bad thing still can't happen, because the impossibility lives in the architecture, not in the model's cooperation.

The reframe for the whole track

Stop thinking about safety as something the model does and start thinking about it as something the system's shape makes true. The question is never "how do I get the model to avoid this?" It's "how do I build this so avoiding it isn't the model's job?" That shift, from behavior to structure, is what every lesson in this track is an application of. You're not training a more careful driver. You're building a road they can't drive off.

The takeaway: for anything that must never happen, don't ask the model to be careful, build the system so it can't happen, because asking lowers odds and only structure removes the possibility.