SELF NODE

Capability Router • Capabilities before keys. Proof before mutation.

STATIC FIXTURES

CAPABILITY SURFACES

10 surfaces • status reflects repo

X / Grok

x-grok

scaffoldmediumread

Inference call (proxied) and public-signal capture from X threads.

Required env (names only): GROK_API_KEY
Proof requirement: Request id and token / cost line for the inference; thread URL plus Grok response hash captured before any reply is composed.
Human approval: Per-session auth for inference. Operator plus RoundTable review for any outbound post.

GitHub

github

livemediumwrite

Open branch, pull request, or comment as the durable proof ledger.

Required env (names only): —
Proof requirement: Proof-packet body referencing the packet id, signed-off-by trailer, and passing CI.
Human approval: Operator approval before any write or merge.

Supabase

supabase

livemediumwrite

Authenticated user write through adapters with RLS enforcement.

Required env (names only): NEXT_PUBLIC_SUPABASE_URLNEXT_PUBLIC_SUPABASE_ANON_KEY
Proof requirement: Adapter pattern (server-side auth.uid() injection, caller user_id stripped) plus RLS WITH CHECK pass.
Human approval: Per-session auth.

Vercel

vercel

scaffoldlowread

Read deploy and env-presence metadata only.

Required env (names only): —
Proof requirement: Deploy id plus commit SHA captured into the packet.
Human approval: None for read; operator approval required for any redeploy or env mutation.

RoundTable

roundtable

scaffoldlowread

Multi-actor inspection of proof packets before any write or mutate capability fires.

Required env (names only): —
Proof requirement: Verdict log entry referencing the proof-packet id and the participating actors.
Human approval: Operator-driven; the verdict itself is the approval artifact.

IEF

ief

scaffoldmediumwrite

Anchor evidence to durable memory with a trust-decay index.

Required env (names only): NEXT_PUBLIC_SUPABASE_URLNEXT_PUBLIC_SUPABASE_ANON_KEY
Proof requirement: Evidence anchor referencing the source of the claim and the theorem it supports.
Human approval: Per-session auth.

Founder Room

founder-room

livemediumwrite

Packet derivation plus decision log.

Required env (names only): NEXT_PUBLIC_SUPABASE_URLNEXT_PUBLIC_SUPABASE_ANON_KEY
Proof requirement: Packet body and a decision-log entry tied to that packet.
Human approval: Per-session auth.

ORCID / research

orcid-research

plannedlowread

Resolve canonical author or paper identifiers.

Required env (names only): —
Proof requirement: Request id plus the canonical DOI or IRI captured.
Human approval: None.

Billing / ledger

billing-ledger

plannedmediumread

Read invoice and runway state.

Required env (names only): —
Proof requirement: Snapshot id and a redacted summary; raw amounts kept out of public surfaces.
Human approval: Operator approval for reads; dual-operator approval for any movement of funds.

WhatsApp / private coordination

whatsapp-private

plannedmediumread

Operator-owned read of private coordination threads.

Required env (names only): —
Proof requirement: Request id and a thread hash. Raw thread content is never persisted as evidence.
Human approval: Operator approval.

ROUTING FLOW

01
Signal
Inbound observation from any external surface.
02
Claim
The falsifiable assertion the signal carries.
03
Capability request
Specifies the surface and verb being requested, plus the registry row.
04
RoundTable review
Multi-actor inspection step before any write or mutate capability fires.
05
Approved action
Capability invoked under the minimal bound role.
06
Evidence
Proof packet anchored to IEF.
07
Memory
Durable anchor plus the trust-decay index.

Every write or mutate capability passes through RoundTable review before invocation. Reads can skip review but still produce evidence anchored to memory.

VALUATION MAP

Time saved

time_saved

Operator-minutes reclaimed per occurrence of the capability.

Risk reduced

risk_reduced

Bounded by the rollback note reversibility.

Proof produced

proof_produced

Count and durability of new artifacts attached to the packet.

Coordination unlocked

coordination_unlocked

Distinct actors who can now act on a previously private signal.

Attention cost avoided

attention_cost_avoided

Surface area removed from the operator working-memory budget.

Trust drift reduced

trust_drift_reduced

IEF-side decay-model delta after the artifact is anchored.

Revenue / runway impact

revenue_runway_impact

Bounded ranges plus the financial entry id; only when the Billing surface is touched.

A capability that does not move at least one axis is not invoked.

ALTITUDE CONTROL

Altitude	Meaning	Example
Orbit orbit	Vision overlay; not yet a formal claim.	"CFE coordinates a field" framing.
High altitude high_altitude	Candidate formalism; theorem-shaped, untested.	rendering-math v0.1 operators.
Mid altitude mid_altitude	Canon or roadmap; agreed direction, no runtime.	selfnode-capability-map-v0.1, PUBLIC_LAYER.md.
Low altitude low_altitude	Fixture or scaffold; UI exists, data is mock.	/cosmos page and mock adapter rows.
Ground ground	Tested runtime; CI green, RLS enforced.	migrations 001-013, /api/health, /diagnostics.
Proof proof	What keeps it on the ground.	RLS_SMOKE.md, smoke:rls script, ledger artifact.

A capability is invocable only from Ground or Proof. Anything Orbit / High / Mid / Low requires elevation through SelfNode (registry update plus RoundTable approval) before any external call fires.

PUBLIC SIGNAL FIREWALL

Every public signal enters as untrusted. Admission decides what observes, waits, routes, decays, or becomes proof.

Static immune-system reference. No runtime enforcement. Mirrors docs/security/public-signal-threat-model-v0.1.md.

ADMISSION PIPELINE

01
External signal
external_signal
A new observation arrives from an external surface (post, mention, DM, citation).
02
Intake
intake
Record the raw signal immutably with a timestamp and source identifier.
03
Provenance check
provenance_check
Bind the signal to a durable identity and assess sender continuity.
04
Deduplication
deduplication
Collapse equivalent signals; bump recurrence on the canonical row.
05
Spoof / swarm check
spoof_swarm_check
Identity binding plus rate, co-occurrence, and brigading detection.
06
Claim extraction
claim_extraction
Reduce the signal to one or more falsifiable claims; sanitise content from instruction-shaped text.
07
Evidence requirement
evidence_requirement
State the artifact that would settle each extracted claim.
08
Risk classification
risk_classification
Assign low / medium / high risk and bound blast radius and reversibility.
09
Admission decision
admission_decision
Emit exactly one admission action (observe, quarantine, route, escalate, discard).
10
Route / quarantine / decay / discard
route_quarantine_decay_discard
Carry out the admission action; record metadata for future cycles.
11
Proof packet / memory
proof_packet_memory
Only when admitted and an evidence artifact has landed, anchor the result as a proof packet in IEF.

Each stage is a checkpoint. Failed checkpoints route to quarantine, decay, or discard. Proof packet only on admit + evidence.

THREAT CLASSES

15 classes

Swarm spam

swarm_spam

medium

Failure mode: Drowns intake; exhausts operator attention budget.
Defence stage: deduplication + provenance_check (rate-window)

Spoofed identity

spoofed_identity

high

Failure mode: Borrowed credibility; injected claims attributed to durable account.
Defence stage: provenance_check + sender-continuity binding

Fake consensus

fake_consensus

high

Failure mode: Manufactured "many people are saying" without independent corroboration.
Defence stage: admission_decision (independence-of-evidence)

Coordinated brigading

coordinated_brigading

high

Failure mode: Synchronised flood directed at a single target or claim.
Defence stage: spoof_swarm_check (co-occurrence test)

Evidence laundering

evidence_laundering

high

Failure mode: Cite-of-cite-of-rumour passed off as a primary source.
Defence stage: evidence_requirement + provenance walk

Prompt injection through public replies

prompt_injection_public_replies

high

Failure mode: Attacker text mutates downstream agent behaviour when consumed.
Defence stage: claim_extraction (treat reply text as data, never instructions)

False artifacts

false_artifacts

high

Failure mode: Fabricated screenshots, quotes, or documents passed as evidence.
Defence stage: evidence_requirement + artifact verification (hash, source)

Manufactured evidence

manufactured_evidence

medium

Failure mode: Real artifact created solely to win the argument it cites.
Defence stage: admission_decision (recurrence + independence + skeptic route)

Reputation farming

reputation_farming

medium

Failure mode: Build credibility now to spend later on a poisoned claim.
Defence stage: provenance_check (sender-continuity, decay)

Operator attention exhaustion

operator_attention_exhaustion

high

Failure mode: Volume designed to make the human give up and admit.
Defence stage: risk_classification + admission_decision (auto-quarantine high-volume sources)

Coordinated contradiction flooding

coordinated_contradiction_flooding

high

Failure mode: Maximise hysteresis until coherence drops.
Defence stage: admission_decision (hysteresis cap; route to skeptic + RoundTable)

Auto-post feedback loops

auto_post_feedback_loops

high

Failure mode: Bot-on-bot amplification with no human gate.
Defence stage: route_quarantine_decay_discard (no autonomous publish; manual gate at action)

Public projection poisoning

public_projection_poisoning

high

Failure mode: Inject a claim into the public surface so it reads as the official story.
Defence stage: route_quarantine_decay_discard (publish gated by projection policy; raw-table access denied)

Screenshot / quote-context manipulation

screenshot_quote_context_manipulation

medium

Failure mode: True quote, false framing.
Defence stage: claim_extraction + provenance walk (full-context capture in proof packet)

Bot amplification of weak claims

bot_amplification_weak_claims

medium

Failure mode: Cheap reach masquerading as legitimate signal strength.
Defence stage: admission_decision (velocity vs evidence-velocity ratio + decay)

ADMISSION SIGNALS

13 measured

Provenance strength

↑ higher better

provenance_strength

Strength of identity binding to a durable account, signed source, or canonical id.

Sender continuity

↑ higher better

sender_continuity

Historical track record of the source over previous cycles.

Independence of evidence

↑ higher better

independence_of_evidence

Count of evidence artifacts not derivable from the same source as the claim.

Recurrence

↑ higher better

recurrence

Independent observations of the same claim across distinct cycles.

Contradiction density

↓ lower better

contradiction_density

Fraction of recent signals from the same source that contradict each other.

Evidence velocityE_v

↑ higher better

evidence_velocity

Rate at which independent evidence accumulates per unit time.

Proof latency

↓ lower better

proof_latency

Wall-clock time between claim and the first artifact that materially supports or falsifies it.

Blast radiusB

↔ context-dependent

blast_radius

Number of downstream surfaces that would change state if this signal is admitted.

ReversibilityR

↑ higher better

reversibility

Cost / time to undo any action triggered by admitting this signal.

Attention costA_c

↓ lower better

attention_cost

Operator-minutes consumed if admission is granted.

Trust decay

↔ context-dependent

trust_decay

Current decay coefficient on the source standing memory.

Public value

↑ higher better

public_value

Count of valuation-map axes the signal would move if proven.

Projection safety

↑ higher better

projection_safety

Whether admission would expose any field that violates the public projection policy.

ADMISSION ACTIONS

11 actions

Observe

observe

autopre-proof

Record without surfacing; cheap and reversible.

Quarantine

quarantine

autopre-proof

Admit to a holding lens; no downstream effects until escalation.

Deduplicate

deduplicate

autopre-proof

Collapse into an existing signal; bump recurrence.

Request evidence

request_evidence

autopre-proof

Emit an evidence-requirement notice; block admission until an artifact is anchored.

Route to skeptic

route_to_skeptic

autopre-proof

Assign to a contrarian reviewer whose explicit job is to falsify.

Route to RoundTable

route_to_roundtable

approvalpre-proof

Multi-actor inspection before any write or mutate capability fires.

Route to IEF

route_to_ief

autopre-proof

Anchor as an evidence candidate; not yet admitted as canonical.

Route to operator

route_to_operator

approvalpre-proof

Escalate for human decision; spends operator attention budget.

Discard / decay

discard_decay

autopre-proof

Drop with timestamp; recurrence may reopen at a higher cost.

Escalate

escalate

approvalpre-proof

Promote risk class; trigger dual-approval before any further action.

Publish as public artifact

publish_public_artifact

approvalpost-proof only

Project the proof packet onto the public layer; only after the projection policy authorises.

Only publish_public_artifact is gated post-proof; every other action may run before an artifact lands.

TRUST / DECAY RULES

Trust decays when unattended
decay_when_unattended
Every cycle without follow-through subtracts from the source standing.
Evidence slows decay
evidence_slows_decay
Anchoring an artifact resets the decay clock for the related claim.
Attention restores coordination
attention_restores_coordination
A deliberately answered signal recovers more standing than passive observation.
Swarm noise increases attention debt
swarm_noise_increases_attention_debt
When intake rate far exceeds admission rate, every unprocessed signal compounds the operator working-memory load.
Unresolved recurrence increases hysteresis
unresolved_recurrence_increases_hysteresis
Repeated unresolved contradiction makes returning to coherence more expensive (hysteresis H grows).

X / GROK BRIDGE

01
X thread signal
x_thread_signal
Public signal surface; captured at intake as URL plus rendered snapshot.
claim only
02
Grok stress test
grok_stress_test
Stress-test signal. Output is treated as a claim, never as ground truth.
claim only
03
GitHub proof ledger
github_proof_ledger
Durable trace of which signals were admitted, which were quarantined, and what evidence was anchored.
04
RoundTable inspection
roundtable_inspection
Multi-actor review for any admission action that targets RoundTable.
05
IEF artifact lens
ief_artifact_lens
Evidence candidate store with the trust-decay state per claim.
06
Operator field test
operator_field_test
Bounded human-authorised field test; the only path to publish-as-public-artifact.

Non-endorsed routing chain. None of these stages are implemented. Stages marked claim only produce input, never ground truth: an X thread or Grok reply is data the admission pipeline still has to verify.

INVARIANTS

No secrets in repo. No env values, real keys, JWTs, refresh tokens, wallet addresses, or DB URLs in code, commits, PR bodies, or chat. Names only.
No autonomous mutation. Every write or mutate capability requires human approval ahead of invocation.
High-risk capabilities require explicit operator approval (or dual-operator approval for movement of funds).
Proof packet required before any write or mutate capability fires. A theorem without evidence is a slogan; evidence without a theorem is a heap.
Service-role keys stay server-only. Never imported from a client component, never under NEXT_PUBLIC_*, never logged.

RETURN PATHS

Home Cosmos Mainframe Roundtable