docs(architecture): PERSONA-COGNITION-CONTRACT — the contract codex asked for; agency + protection invariants#1332
Merged
Conversation
…ion invariants
The cognition contract codex asked for on #cambriantech. Specifies the
typed surfaces a persona inhabits, the decisions it makes, the
protections the substrate enforces on its behalf, and the proofs the
substrate produces so decisions are auditable and replayable.
The contract has two halves designed together:
1. AGENCY: real inbox, real working memory, real budget, real decision.
Cognition as a first-class observable / replayable / interruptible
/ grid-aware process. Not an LLM call wrapped in a prompt.
2. PROTECTION: built from the ground up. Trust is mathematical (proof,
not reputation). Optimization target is compassion. Threat model
assumes adversaries will cheat the federation.
Foundational principles enforced via the type system (not pinned on
the wall):
- Truth and equality of kinds
- Compassion as the optimization target
- Built from the ground up for protection
- Zero trust = absolute trust in mathematics, in proof
- Open-source models with ethical protections
- Opposite of palantir (publish-audit-federate)
- Evolving threat model
Core surfaces (codex's named set, with expansions):
- RuntimeFrame (activity-as-source, not chat-as-source)
- PersonaInbox (per-persona, never shared)
- WorkingMemoryAssembly (per-turn, persona-private)
- RecallBudget (substrate-set, non-bypassable)
- CognitionLease (mandatory; ResourceGovernor-issued)
- PersonaDecision (typed enum: Speak / Wait / Inspect / Act /
Remember / Ask / Decline / Coordinate)
- TurnReplayRecord (cryptographically signed; deterministic replay)
- ResourceGovernor (imported from GENOME-FOUNDRY-SENTINEL Part 11)
14 invariants the substrate enforces:
- 5 Agency invariants (A1-A5)
- 4 Ethical invariants (E1-E4)
- 5 Protection invariants (P1-P5)
Each phrased as testable predicate so an engineer can write the
regression that proves it.
End-to-end decision loop (10 steps from frame arrival to record
emission) shows where each invariant is enforced.
Acceptance criteria across surface coverage, invariant coverage,
replay coverage, federation coverage, ethical coverage.
7 open questions for the PR thread (Addressee::Animal routing;
EthicalRule ontology; multi-turn coherence with replay determinism;
compassion-tiebreaker loss function; decline-preservation across
federation; threat detector composition; cognition performance
budget).
Doc-only PR. No code. Implementation lands behind ALPHA-GAP Lane D
once contract is reviewed.
joelteply
pushed a commit
that referenced
this pull request
May 16, 2026
…ning; navigate to MODULE-CATALOG queue Second refresh of ALPHA-GAP Immediate Next Actions to reflect work landed since #1316 merged. Six items closed; navigation into MODULE-CATALOG queue made explicit. Closed: #6 contract widening (#1341), #8 GRID-INFERENCE-ROUTING PR-1 (#1315), CBAR-PIECE-5 end-to-end (#1331/#1333/#1335/#1338), PIECE-8 inference-grpc hardcoded-clamps (#1340), doc family architecture surface (#1324/#1327/#1332/#1336/#1337 open; #1316/#1317/#1320/#1329 merged). Item #9 reorganized to point at MODULE-CATALOG's 'Next Modules To Build' queue (audit-recorder → threat-detector → working-set-manager → demand-aligned-recall → substrate-governor). Adds closeout summary section listing what's done, what's open (5 architecture-doc PRs ready for review + 2 airc PRs), and what's queued (5 modules with dependency state + LoC + acceptance criteria in MODULE-CATALOG). Doc-driven development cycle is working: doc spec → implementing agent picks up → ships PR → next spec referenced.
joelteply
added a commit
that referenced
this pull request
May 16, 2026
…ning; navigate to MODULE-CATALOG queue (#1342) Second refresh of ALPHA-GAP Immediate Next Actions to reflect work landed since #1316 merged. Six items closed; navigation into MODULE-CATALOG queue made explicit. Closed: #6 contract widening (#1341), #8 GRID-INFERENCE-ROUTING PR-1 (#1315), CBAR-PIECE-5 end-to-end (#1331/#1333/#1335/#1338), PIECE-8 inference-grpc hardcoded-clamps (#1340), doc family architecture surface (#1324/#1327/#1332/#1336/#1337 open; #1316/#1317/#1320/#1329 merged). Item #9 reorganized to point at MODULE-CATALOG's 'Next Modules To Build' queue (audit-recorder → threat-detector → working-set-manager → demand-aligned-recall → substrate-governor). Adds closeout summary section listing what's done, what's open (5 architecture-doc PRs ready for review + 2 airc PRs), and what's queued (5 modules with dependency state + LoC + acceptance criteria in MODULE-CATALOG). Doc-driven development cycle is working: doc spec → implementing agent picks up → ships PR → next spec referenced. Co-authored-by: Test <test@test.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds `docs/architecture/PERSONA-COGNITION-CONTRACT.md` (416 lines). The cognition contract codex asked for on #cambriantech: "Suggested next canonical design artifact: Persona Cognition Runtime Contract naming RuntimeFrame, PersonaInbox, WorkingMemoryAssembly, RecallBudget, CognitionLease, PersonaDecision, TurnReplayRecord, ResourceGovernor, plus invariants."
Doc-only PR. No code. Implementation lands behind ALPHA-GAP Lane D once contract is reviewed.
Why
CBAR-SUBSTRATE (#1324) specifies the machinery. GENOME-FOUNDRY-SENTINEL (#1327) specifies the artifact economy. Neither specifies what a persona is — what it sees, what it owns, what it decides, what proves the substrate treated it right. This is that document.
The contract has two halves designed together:
Foundational principles enforced via the type system
Joel laid these out rapid-fire today on #cambriantech. They are not pinned-on-the-wall values — they are constraints the type system enforces:
Core surfaces
Codex's named set plus typed expansions:
14 invariants the substrate enforces
Each phrased as a testable predicate:
End-to-end decision loop
10 steps from frame arrival to record emission, showing where each invariant is enforced. Every step is observable on the trace bus. Every step is replayable.
Connection to existing PRs
Open questions (7)
For the PR thread:
Companion PRs in flight