Purpose
Capture the alignment between TriTRPC vNext and the current SocioProphet boundary-first / Minimal Universe Model discussion.
TriTRPC vNext already contains the right transport primitives: canonical hot-path control, route handles, stream inheritance, braided semantic cadence, beacons, evidence grades, fallback flags, suite separation, and generated conformance evidence. The next step is to make these primitives serve fail-closed boundary admission rather than only compact transport.
Source alignment
Relevant existing vNext concepts:
CTRL243 = [profile, lane, evidence, fallback, routefmt]KIND243 frame kinds including beacon-cap, beacon-intent, beacon-commit, and errorS243 hot integer/length/handle codingHandle243 for route/session/beacon handlesBraid243 and State243 for semantic cadence- Beacon-A/B/C for capability, intent/reservation, and commit/receipt
- Suite separation for research, FIPS-classical, and CNSA-ready profiles
- canonical encode-before-authenticate/sign discipline
Design law extension
Existing vNext design law:
Do not send meaning when coordinates suffice.
Do not resend coordinates when inheritance suffices.
Do not keep semantics on the hot path when a slower beacon cadence satisfies correctness.
Boundary-first extension:
Do not admit a boundary event when a receipt is missing.
Do not act when capability, policy, or lease is missing.
Do not learn or link when privacy classification is missing.
Do not use fallback as permission unless the route explicitly allows degraded operation.
Do not promote diagnostics into proof/evidence claims without a commit receipt.
Proposed vNext boundary profile
Add a draft annex/profile for fail-closed boundary transport:
Annex X — Boundary Admission and Minimal Universe Profile
Frame semantics:
Beacon-A / capability: publishes watcher bundle, route dictionary, policy handles, suite, and degradation hints.Beacon-B / intent: reserves action leases, declares provisional actuation, declares required echo/receipt class.Beacon-C / commit: carries BoundaryReceipt, self-perception echo reference, evidence grade promotion, or tombstone.KIND243=error: carries fail-closed denial/quarantine reason, not best-effort success.
Required schema additions
BoundaryWatcherDecisionBoundaryReceiptBoundaryStateMachineFailClosedCompositionPolicyBoundaryNegativeTestVector
Evidence-grade alignment
Current CTRL243.evidence values are exact, sampled, verified.
For boundary watchers, map them carefully:
sampled: raw sensor/trace or unverified echo; not admitted.exact: deterministic schema/provenance check passed, but may still lack physical confirmation.verified: watcher composition passed and commit receipt exists.
Open question: this may need a fourth state or an annex-specific interpretation because exact and verified are not the same as observed, landed, confirmed, and admitted.
Fallback alignment
Current CTRL243.fallback values are none, classical-fallback-ok, hedged-ok.
Boundary profile rule:
fallback=none: fail closed.classical-fallback-ok: permitted only for read-only deterministic validation routes.hedged-ok: permitted only when the route policy defines quorum/hedge semantics and all hedged outcomes are receipted.
Fallback MUST NOT silently downgrade actuation, privacy, or proof admission.
State243 alignment
Current State243 trits include lifecycle, epistemic, novelty, friction, and scope.
Boundary profile should reserve values or codebook entries for:
- lifecycle: raw / classified / validated / receipted / admitted / rejected / quarantined
- epistemic: observed / derived / verified / self-perceived / admitted
- friction: fluid / review / gate / deny / quarantine
Open question: decide whether this extends State243 globally or becomes an annex-specific BoundaryState243 interpretation.
Minimal Universe use cases
-
Sensor read:
- sampled trace enters as
STREAM_DATA or unary response.
- commit receipt required before the trace becomes admitted observation.
-
Beep action:
Beacon-B reserves/declares action intent.- action command carries required echo policy.
Beacon-C commits only if microphone echo passes threshold.
-
Haptic action:
- echo confidence includes baseline/noise-floor/calibration hash.
- missing echo => attempted but not admitted as landed.
-
Proof finite spectrum:
- finite diagnostic spectrum requires regression receipt.
- missing regression receipt => reject or quarantine.
Acceptance criteria
Non-goals
- Do not replace stable v1.
- Do not collapse identity/privacy metadata onto the hot path.
- Do not make beacons a way to skip receipts.
- Do not claim FIPS/CNSA compliance without validated module binding.
- Do not make route handles globally meaningful outside session/beacon epoch scope.
Purpose
Capture the alignment between TriTRPC vNext and the current SocioProphet boundary-first / Minimal Universe Model discussion.
TriTRPC vNext already contains the right transport primitives: canonical hot-path control, route handles, stream inheritance, braided semantic cadence, beacons, evidence grades, fallback flags, suite separation, and generated conformance evidence. The next step is to make these primitives serve fail-closed boundary admission rather than only compact transport.
Source alignment
Relevant existing vNext concepts:
CTRL243 = [profile, lane, evidence, fallback, routefmt]KIND243frame kinds includingbeacon-cap,beacon-intent,beacon-commit, anderrorS243hot integer/length/handle codingHandle243for route/session/beacon handlesBraid243andState243for semantic cadenceDesign law extension
Existing vNext design law:
Boundary-first extension:
Proposed vNext boundary profile
Add a draft annex/profile for fail-closed boundary transport:
Annex X — Boundary Admission and Minimal Universe ProfileFrame semantics:
Beacon-A / capability: publishes watcher bundle, route dictionary, policy handles, suite, and degradation hints.Beacon-B / intent: reserves action leases, declares provisional actuation, declares required echo/receipt class.Beacon-C / commit: carriesBoundaryReceipt, self-perception echo reference, evidence grade promotion, or tombstone.KIND243=error: carries fail-closed denial/quarantine reason, not best-effort success.Required schema additions
BoundaryWatcherDecisionBoundaryReceiptBoundaryStateMachineFailClosedCompositionPolicyBoundaryNegativeTestVectorEvidence-grade alignment
Current
CTRL243.evidencevalues areexact,sampled,verified.For boundary watchers, map them carefully:
sampled: raw sensor/trace or unverified echo; not admitted.exact: deterministic schema/provenance check passed, but may still lack physical confirmation.verified: watcher composition passed and commit receipt exists.Open question: this may need a fourth state or an annex-specific interpretation because
exactandverifiedare not the same asobserved,landed,confirmed, andadmitted.Fallback alignment
Current
CTRL243.fallbackvalues arenone,classical-fallback-ok,hedged-ok.Boundary profile rule:
fallback=none: fail closed.classical-fallback-ok: permitted only for read-only deterministic validation routes.hedged-ok: permitted only when the route policy defines quorum/hedge semantics and all hedged outcomes are receipted.Fallback MUST NOT silently downgrade actuation, privacy, or proof admission.
State243 alignment
Current
State243trits include lifecycle, epistemic, novelty, friction, and scope.Boundary profile should reserve values or codebook entries for:
Open question: decide whether this extends
State243globally or becomes an annex-specificBoundaryState243interpretation.Minimal Universe use cases
Sensor read:
STREAM_DATAor unary response.Beep action:
Beacon-Breserves/declares action intent.Beacon-Ccommits only if microphone echo passes threshold.Haptic action:
Proof finite spectrum:
Acceptance criteria
spec/drafts/annex_x_boundary_admission_profile.md.BoundaryWatcherDecisionandBoundaryReceiptschemas to experimental package.Non-goals