AI-Mediated Curriculum and Progressive Capability Unlocking Using Semantic Performance States

Introduction: From Credentials to Demonstrated Readiness

Credentials are blunt instruments. A license, certificate, or role asserts that a capability exists, but says little about whether that capability is current, authentic, or safely exercisable in context. Once granted, credentials typically persist regardless of behavioral drift, skill decay, misuse, or identity substitution.

The architecture described here replaces static credentialing with a performance-native model governed by the same pre-execution principles described in the ethical enforcement layer. A semantic agent represents the participant and owns the performance state, curriculum state, and the rules for how evidence may change them. LLMs and other inference models can be invoked by that agent as bounded tools, but they do not possess authority. Authority belongs to cryptographically governed policy agents that gate whether a performance state may mutate and whether a capability may be unlocked, downgraded, or revoked.

Users progress through curricula designed to elicit behavior that reveals competence over time. Readiness is represented as a structured semantic performance state whose updates are expressed as typed deltas and admitted only through policy-gated mutation. Capabilities are unlocked only when admissible state transitions exist, and they are revoked when subsequent evidence no longer supports safe operation.

The result is a system in which inference is used to structure evidence, but governance determines what may execute.

1. Inference Without Authority: The AQ Division of Labor

LLMs were built for inference and language generation. They are useful for classifying interaction, summarizing sessions, extracting topics, producing explanations, and proposing structured representations of ambiguous data. They were not built for governance. They cannot provide enforceable guarantees about admissibility, and they cannot be the authority surface for high-stakes permissions.

In Adaptive Query, the semantic agent is the unit of authority. The agent controls what context exists, what evidence may be considered, what policies apply, and what mutations are even eligible to propose. The agent may call an LLM to produce a candidate interpretation or a candidate response, but the output is always treated as non-authoritative data. It cannot unlock capabilities, cannot mutate state, and cannot bypass policy. The only thing an LLM can do is return a proposal for the agent to validate.

This resolves the apparent tension between “ethics without inference” and “curriculum with inference.” AQ does not attempt to enforce ethics by interpreting meaning. AQ enforces admissibility structurally: typed declarations, scope, lineage, and cryptographically governed policy precedence determine whether an update or action can exist before execution.

2. Semantic Performance States as the Core Abstraction

The semantic performance state is a structured representation of demonstrated readiness. It is not a single score. It is a multi-field object with independently evolving dimensions such as cognitive mastery, behavioral stability, safety compliance, physical skill, communication clarity, and contextual reliability.

The performance state is owned by a semantic agent and evolves only through admissible mutation. Proposed updates are expressed as typed deltas referencing evidence, context, and evaluator lineage. Policy agents gate whether a given field may increase, decrease, decay, or remain unchanged, and under what constraints. This prevents performance from becoming an informal model output and preserves it as a governable object.

Because capability is a living property, the state supports growth and regression. Demonstrations can raise relevant fields, while drift, inconsistency, inactivity, or unsafe behavior can cause decay. This allows the system to maintain longitudinal truth without resetting identity or relying on one-time tests.

Each admitted mutation extends lineage and can be audited, challenged, or revoked under governance-defined rules.

3. Curriculum as a Governed Evidence Generator

Curriculum in this system is not merely instructional content; it is an evidence generator designed to elicit behavior that reveals readiness. Curriculum objects define tasks, challenges, and mastery criteria that are selected and sequenced by the semantic agent based on current performance state, policy constraints, and safety context.

The semantic agent performs the orchestration. It selects candidate curriculum elements, enforces pacing, binds each interaction to identity continuity, and determines what evidence is admissible to collect. When language mediation is needed, the agent may invoke an LLM as a callable tool to generate explanations, reflections, or phrasing. The agent also determines the exact context passed to the LLM, and the LLM never performs retrieval, never selects governing policies, and never decides progression.

The curriculum becomes adaptive without surrendering authority. Adaptation happens because the agent can propose different evidence-generating interactions, not because a model is granted the power to unlock capabilities.

4. Evidence Extraction, Retrieval, and Policy-Gated Mutation

The architecture separates three phases that conventional systems often conflate: non-authoritative inference, admissibility validation, and enforcement. During non-authoritative inference, the semantic agent may call one or more models to transform raw interaction into structured candidate evidence, such as topic tags, rubric markers, contradiction flags, safety events, or multimodal consistency indicators.

Retrieval is performed by the governed system, not the model. The semantic agent retrieves the relevant memory, curriculum rubric, and any permitted reference material from governed stores and then decides what subset may be provided to an inference call. The LLM does not pull from databases or decide what is relevant; it receives only what the agent has authorized for that call, and it returns only a proposal.

Candidate evidence may be cross-checked by additional models to reduce error, for example by testing internal consistency, detecting contradictions, or scoring uncertainty bounds. Cross-model checking remains inferential and advisory. Where inference is uncertain, the system records uncertainty and may require additional demonstrations rather than allowing irreversible mutations.

Mutation is gated separately. The semantic agent expresses a proposed performance-state delta as a typed declaration and submits it for admissibility. Policy agents and meta-policies enforce whether that delta is allowed under scope, lineage, and governance rules. The enforcement step is structural and cryptographic: it verifies signatures, precedence, and admissible mutation categories and then admits or rejects the update before any state change is applied.

5. Authenticity, Anti-Gaming, and Identity Continuity

Performance-based systems fail if they can be gamed. The architecture therefore binds evidence to identity continuity and rejects upgrades that cannot be attributed to the same evolving participant. This reduces transfer attacks, replay, coaching-by-proxy, and automated simulation.

Multimodal validation can be used where policy permits: text, audio, video, telemetry, interaction timing, and other signals may be evaluated for internal consistency and human-typical variation. These evaluations can use inference models, but they do not produce authority. They produce structured evidence and bounded uncertainty to be governed.

Where authenticity cannot be established within policy-defined bounds, the system does not guess. It defers progression, restricts capabilities, or requires additional validation, ensuring that safety-critical upgrades remain conservative without requiring constant human oversight.

6. Progressive Capability Unlocking as Pre-Execution Enforcement

Capabilities are unlocked by mapping performance-state fields to governed access rules. A participant who demonstrates stability and compliance may unlock higher-trust interactions. A participant who demonstrates physical proficiency and safety compliance may unlock higher-autonomy modes in embodied systems.

Unlocking is not a discretionary outcome of model inference. It is a policy-gated state transition that occurs before privileged execution. When a capability is requested, the system computes whether a valid execution is admissible under policy given current performance state, identity continuity, and contextual constraints. If admissible, the capability is enabled; if not, the request is denied or deferred without partial execution.

Unlocking is progressive and reversible. As performance improves, additional capabilities reliability become admissible. If regression or risk is detected, capabilities can be downgraded or revoked through governed mutation. Capability control becomes a living contract, not a one-time grant.

The same mechanism governs agent upgrades. A semantic agent representing a user or autonomous process may receive expanded delegation rights only when the policy-gated performance evidence supports that upgrade. This allows systems to grant more autonomy over time without surrendering governance to inference.

7. Certification as a Verifiable, Revocable Artifact

When defined milestones are reached, the system can issue certification artifacts representing validated capability. These artifacts are cryptographically signed, tamper-resistant, and bound to identity continuity and performance lineage.

Certification artifacts are described here as structurally definable outcomes of governed performance state, not as a claim of current issuance, standardization, or production deployment. Their form, lifecycle, and trust regime are expected to vary by domain and policy authority.

Unlike traditional certificates, these artifacts are backed by longitudinal evidence rather than a single test. They can be consumed by external systems to verify readiness without exposing private behavioral data. Verification can be scoped by policy: a verifier may confirm that a capability is currently admissible under a specified regime without receiving the underlying evidence stream.

Because capability is a living state, certification can be revocable or time-bounded. Tokens may remain valid only while underlying performance remains admissible or while revalidation rules are satisfied.

8. From Software to Embodied Systems

The same mechanism governs access across digital, interpersonal, and physical domains. In software applications, it controls feature access and tool permissions. In companion systems, it governs relational depth, communication modes, and safety-critical boundaries.

These domains are presented to illustrate the structural scope of the governance model, not to imply deployment maturity or universal applicability. The same admissibility principles can be defined across domains, while implementation remains context-specific and subject to policy, safety, and regulatory constraints.

In embodied systems, it determines whether a participant may engage higher autonomy levels, operate hazardous equipment, or override safety constraints. Privileged physical actions remain gated before execution by policy and admissible state, rather than being granted because a credential exists.

This unification allows the same governance bodies that define ethical policy to define readiness thresholds for embodied operation, including safety rules, decay rates, and revalidation requirements.

9. Why Evidence-Based Access Matters

Credentials assume permanence. Evidence acknowledges change. By grounding access in accumulated, validated performance, the system aligns with how real capability behaves: improving with practice, degrading without reinforcement, and varying across contexts.

This is especially important for safety-critical and autonomy-related systems where misuse, overconfidence, or identity substitution can cause harm. Evidence-based gating reduces risk while preserving autonomy because enforcement occurs structurally before privileged execution.

It also creates a clean governance surface. Institutions can define policies and meta-policies that determine what readiness means, how upgrades occur, how revocations are triggered, how disputes are handled, and what transparency requirements apply, without granting interpretive authority to inference models.

10a. Demonstration-Based Authority Delegation

A central consequence of policy-gated capability unlocking is that authority itself becomes a function of demonstrated competence rather than a function of static role assignment. When an agent — whether representing a human user or an autonomous process — accrues admissible performance evidence, its delegation envelope expands: it gains the right to take actions, invoke tools, and propose mutations that were previously inadmissible. When evidence regresses, the envelope contracts. Authority is not granted once and held in perpetuity; it is held continuously against the evidence that supports it.

This shifts the structure of trust in autonomous systems. A new agent does not inherit broad authority from credential issuance. It begins with a narrow envelope sufficient to undertake the demonstrations its curriculum prescribes. As demonstrations are admitted, additional capabilities become eligible for unlock. The progression is structural: at each stage, the agent's authority is exactly the union of capabilities whose unlock thresholds are currently satisfied under policy. There is no privileged action available outside this union, and the union is recomputed continuously as evidence accumulates and decays.

Delegation can itself be a graded property. An agent that has demonstrated competence in a capability under supervised conditions may be admitted to that capability under supervised conditions only; admission to unsupervised use of the same capability requires additional evidence supporting the wider envelope. This permits fine-grained handoff curves in which authority transfers from supervisor to agent gradually, with each handoff stage gated by its own admissibility predicate.

The mechanism extends to human–agent teams. A human supervisor's discretionary delegation decisions can themselves be expressed as policy-gated mutations against the agent's authority envelope, with the supervisor's evidence treated as one input among others rather than as an unchecked override. This permits human discretion within bounded scope while preventing supervisor error or compromise from translating into out-of-envelope authority.

10. Operating Parameters and Engineering Envelope

Each component of the capability-gating system carries a typed parameter surface that defines its engineering envelope. The semantic performance state is parameterized by its field schema (which competence dimensions are tracked), the admissible value range for each field (typically a normalized scalar with optional discrete bands), the decay function that governs degradation in the absence of reinforcement, and the lineage-depth bound that limits how far back evidence may be aggregated when computing a current value. Curriculum objects are parameterized by elicitation difficulty, expected evidence yield, the rubric markers they expose for evaluation, and the policy class that governs which evaluators may admit their evidence.

Progressive unlock thresholds are parameterized as tuples of field-by-field minimums plus consistency requirements: a capability does not unlock merely because a field has crossed a numerical threshold once, but rather when the field has remained above threshold across a configured observation window with bounded variance. Window length, variance bound, and minimum sample count are all parameters. This prevents single-event spikes — whether from a lucky demonstration or from an adversarial probe — from triggering durable capability grants.

Regression detection is parameterized by the decay rate, the sliding window over which behavior is evaluated, and the regression threshold below which a downgrade is triggered. Distinct domains require distinct settings: a software-tool capability with low risk may use a slow decay and forgiving regression threshold, while an embodied autonomy capability may use rapid decay and a tight regression threshold that aggressively downgrades on the first sign of unsafe pattern. Authentication parameters bind evidence to identity continuity through multimodal consistency thresholds, interaction-timing distribution checks, and configurable challenge-injection rates designed to detect impersonation or coaching-by-proxy.

The policy enforcement layer is parameterized by signature schemes, precedence rules between policies, scope predicates that bound which agents and contexts a policy applies to, and an admissibility predicate set that determines which mutation classes are eligible at all. The engineering envelope spans these parameter surfaces collectively. A configuration is valid only if its parameter values fall within their declared ranges, its cross-component constraints are satisfied (for example, the curriculum's evidence yield is sufficient to populate the fields that the unlock thresholds reference), and its credential chain authorizes the configured mutation classes.

11. Alternative Embodiments

The architecture admits alternative embodiments along several axes. In a hierarchical embodiment, the semantic agent is composed of a tree of sub-agents, each owning a subset of performance fields and curriculum responsibilities, with a root agent that aggregates evidence and coordinates capability unlocking. This embodiment supports complex domains in which competence is naturally factored — for example, a clinical-training domain in which procedural skill, diagnostic reasoning, communication, and safety compliance are evaluated by distinct sub-agents but must be combined for an overall capability decision.

In a federated embodiment, performance state is sharded across multiple authority domains, each governing the fields under its purview, with cross-domain capability decisions resolved through a composition protocol that requires concurrent admissibility across all relevant authorities. This embodiment supports settings such as multi-jurisdictional credentialing, where one authority governs technical competence and another governs ethical or regulatory compliance, and a capability unlocks only when both domains admit the corresponding state delta.

In a probabilistic embodiment, performance fields carry not single scalar values but full posterior distributions over competence, with unlock decisions evaluated against probability-of-mastery thresholds rather than point estimates. This embodiment is preferred where evidence is sparse or noisy and where uncertainty itself must factor into the unlock decision. In a deterministic embodiment, fields carry interval-valued estimates and unlock decisions evaluate against worst-case bounds; this is preferred in safety-critical settings where the system must refuse to unlock under any plausible interpretation of the evidence rather than under the expected interpretation.

The curriculum generator itself admits implementation variants. In a static-bank embodiment, curriculum elements are drawn from a fixed authored library and selected by the agent under policy. In a generative embodiment, curriculum elements are produced on demand by an LLM call, validated against a structural rubric, and admitted only if they satisfy admissibility predicates that ensure they elicit the intended evidence class. In a hybrid embodiment, generative proposals are constrained by templates drawn from the static bank, combining the diversity of generation with the auditability of authored content.

Capability gating itself admits embodiments ranging from binary unlock/lock decisions to graded capability envelopes in which the same capability is admitted under progressively wider operational contexts as evidence accumulates. A novice operator may be admitted to a capability under restricted environmental conditions and supervised operation; the same capability may admit broader conditions and unsupervised operation as performance evidence supports the wider envelope. The architectural commitment is to policy-gated state transition, not to any particular shape of the unlock decision boundary.

12. Composition with Other Cognitive Primitives

Capability gating does not operate in isolation. It composes with other primitives in the broader cognitive architecture. Confidence governance contributes the per-channel certainty estimates that the unlock policy may consume — for instance, an unlock requirement might demand not only that a performance field exceed threshold but that the confidence governor's certainty in the underlying evaluation also exceed a configured level. Integrity tracking contributes a coherence signal: an unlock proposal that is structurally consistent with the participant's behavioral history is treated differently from one that represents an abrupt shift in pattern, even if the surface-level evidence is comparable.

Inference control composes by treating each capability unlock as an inference step subject to admissibility gating. The inference graph that produces an unlock decision must traverse admissibility predicates at each stage: evidence-extraction admissibility, candidate-delta admissibility, mutation admissibility, and finally execution admissibility for the privileged action that the capability gates. Forecasting composes by allowing the curriculum agent to project the expected trajectory of performance state under different curriculum sequences and select the sequence most likely to advance the participant toward target capability without inducing premature unlocks.

Affect modulation composes in domains where the participant is a human learner and the curriculum agent must reason about engagement and frustration. The agent can use affect signals — bounded and policy-gated — to pace the curriculum, withhold challenge under high-frustration states, and surface support resources. Affect signals do not contribute to performance state directly; they contribute to curriculum sequencing and pacing decisions, preserving the structural separation between affect-driven mediation and authority-bearing performance evaluation.

13. Prior-Art Distinctions and Disclosure Scope

This architecture is structurally distinct from prior-art capability systems along several axes. Role-based access control issues capabilities based on assigned roles without performance-derived gating; this architecture issues capabilities only against admissible state transitions backed by lineage-bearing evidence. Attribute-based access control conditions access on static or slowly-changing attributes; this architecture conditions access on a continuously evolving performance state with structural decay and regression detection. Adaptive learning systems mediate curriculum content but do not implement policy-gated capability unlocking with cryptographic admissibility enforcement; their progression decisions are typically advisory model outputs rather than authority-bearing state transitions.

LLM-based agent systems that grant tool access conditional on runtime model judgment confer authority on the model itself, treating its outputs as load-bearing for permission decisions; this architecture treats LLM outputs as non-authoritative proposals subject to policy-agent admissibility, so model errors cannot translate into unauthorized capability grants. Verifiable-credential systems issue capability artifacts but do not bind those artifacts to longitudinal performance evidence with structural decay; this architecture's certification artifacts are revocable on the basis of evidence drift, not merely on the basis of expiration or explicit revocation events.

The disclosure scope covers: the semantic performance state as a multi-field, lineage-bearing, decay-supporting object; the curriculum object as a governed evidence generator with rubric-bound admissibility; the progressive-unlock-threshold mechanism with windowed consistency requirements; the regression-detection mechanism with parameterized decay and downgrade thresholds; the demonstration-based authority delegation mechanism by which an agent's delegation rights expand with admitted evidence; and the composition of capability gating with the broader primitive set including confidence, integrity, inference control, forecasting, and affect. Specific implementation choices — particular policy languages, particular cryptographic schemes, particular evaluator architectures — are within the disclosure scope as alternative embodiments but are not load-bearing for the architectural claim.

Conclusion: Using LLMs for Inference, Not Governance

AI-mediated curriculum and semantic performance states enable a shift from permission-based systems to readiness-based systems. Capabilities are granted because evidence supports them under policy, not because a credential exists.

The architecture remains AQ-faithful by separating inference from authority. Semantic agents orchestrate retrieval, curriculum, evidence collection, and admissibility requests. LLMs contribute bounded inference and language generation, but policy agents and meta-policies enforce what may mutate and what may execute before any privileged action occurs.

This sets up the next requirement: if capability and governance depend on longitudinal evidence, systems must bind that evidence to the same evolving human over time. Continuity-based biological identity provides that bridge.