Mechanism

Physical capability is the extension of the platform's capability envelope to embodied substrates: physical bodies with motor systems, sensor arrays, and environmental interaction surfaces. Capability, as the term is used throughout the filing, is not a metric, a score, or a heuristic. It is a computed determination of whether an executable form of a given objective can structurally exist on a given substrate, and it resolves to one of a bounded set of outcomes: execution is structurally possible, structurally impossible, structurally deferred, or must be rerouted to an alternative substrate. For an embodied system the substrate is the robot itself, and the question the determination answers is whether the robot's physical affordances are structurally sufficient to execute a contemplated manipulation, locomotion, or interaction action given the robot's current physical state.

The determination is evaluated before any execution plan is constructed. The system does not build a motion plan and then check whether the robot can carry it out; it first determines whether any executable form of the motor objective can exist on the candidate substrate, and only when the capability determination resolves affirmatively does it proceed to execution synthesis. A motor objective, such as grasping an object, traversing terrain, or assembling a component, carries physical capability requirements that are matched dimension by dimension against the robot's physical capability envelope, in the same formal manner that computational requirements are matched against a computational substrate's envelope.

The Physical Capability Envelope

For an embodied robotic system the capability envelope is a physical capability model that comprises at least the following dimensions. Reach capability is computed from the robot's current joint configurations, kinematic limits, and any temporary restrictions due to payload or obstacle proximity, and it defines the spatial volume within which the robot can place its end effector. Force capability is computed from the actuator limits, current joint torques, payload mass, and safety margin requirements, and it defines the maximum forces the robot can safely apply in each direction. Payload capability is computed from the robot's current load, actuator capacity, structural limits, and dynamic stability margins, and it defines the maximum additional mass the robot can manipulate. Battery or energy capability is computed from current reserves, consumption rate, and charging infrastructure availability, and it defines the temporal window within which the robot can continue operating. Terrain or surface capability is computed from the robot's locomotion system characteristics, current surface conditions, and stability margins, and it defines the surfaces the robot can safely traverse.

The envelope is a dynamic data object, not a static datasheet. It is continuously recomputed as the robot's state changes: as actuators warm and their torque characteristics shift, as batteries deplete, as payloads are acquired or released, and as environmental conditions change. A robot that could safely grasp a heavy object five minutes ago may no longer be able to do so after battery depletion has reduced available motor current. The envelope ensures that every motor command is evaluated against the robot's current structural ability rather than against a static specification that no longer reflects operational reality.

Temporal Executability

Physical capability is evaluated jointly with time and uncertainty. The temporal executability computation determines whether a manipulation can be completed within the available time window. A pick-and-place operation requiring two seconds of transit cannot be executed if a moving obstacle will enter the transit path in one second. For embodied systems the temporal forecast incorporates physical state dynamics: battery charge depletes, actuator temperatures rise, sensors degrade, and the physical environment changes. The forecast projects these dynamics forward and identifies the time windows, if any, during which the robot's physical capability envelope satisfies the motor objective's requirements.

This distinguishes deferred executability from temporal impossibility. A motor objective that requires sustained high-torque actuation may be immediately executable but become temporally impossible as actuator temperatures approach thermal limits. The temporal forecast detects this impending collapse and defers or reroutes the objective before the limit is reached, rather than attempting the action and discovering the failure during execution. Because physical state estimation is inherently noisy, with degrading actuator performance and partially observable terrain, the uncertainty bounds on physical capability dimensions are typically larger than those on computational dimensions, and the system applies wider confidence intervals and more conservative execution synthesis thresholds for motor objectives.

Capability Is Not Authorization

Capability answers whether an operation can structurally exist; it is architecturally separate from permission, authorization, and access control, which answer whether an operation is allowed. The two determinations are maintained in separate subsystems with no bidirectional dependency and are combined only at the execution synthesis gate, where both must be satisfied for synthesis to proceed. This separation produces four operational quadrants, and the embodied domain makes the second quadrant, authorized but not capable, concrete: a robot may hold the governance authorization to perform an action while its present physical envelope cannot support it. The system does not treat this as an error to retry; it recognizes that no executable form can be constructed on this substrate now, and it routes, defers, or decomposes the objective accordingly.

The same distinction extends to human operators in collaborative configurations. A robot's biological identity module verifies operator identity through behavioral continuity of movement patterns, tool-handling dynamics, and workstation interaction rhythms captured through the robot's existing sensors. It detects operator impairment, such as fatigue, distraction, or physical limitation, through changes in the temporal dynamics of those signals. A surgeon whose signals indicate fatigue-induced motor imprecision may be governance-authorized to perform a procedure yet biologically incapable at the present moment, and the system's response is to defer the objective until the operator's biological capability envelope recovers or to route it to an alternative operator.

Confidence and Non-Synthesis

The capability determination feeds the confidence governor. When the determination resolves to anything other than structurally possible with full satisfaction and negligible uncertainty, a reduction function decrements the agent's confidence in proportion to the severity of the insufficiency, and a sufficiently large gap drives confidence below the authorization threshold, suspending execution before any operation is attempted. In the robotic domain confidence is computed from grasp confidence, obstacle clearance confidence, force control confidence, and task completion confidence, and the governor pauses motor execution when any of these drops below threshold. Interruption protocols are domain-specific: assembly operations with precise fit tolerances are terminal tasks whose interruption preserves the pre-insertion state for safe resumption, bin-picking and sorting are exploratory tasks whose interruption broadens the grasp search space, and surgical manipulation applies the most conservative thresholds and requires explicit clinical authorization to resume.

When the joint capability, time, and uncertainty evaluation determines that no executable form should exist in the evaluated context, the outcome is non-synthesis. Non-synthesis is a valid computational result, not a failure or a timeout. It is recorded as a structured determination that identifies the unsatisfied dimensions and indicates whether the condition is permanent, temporal, conditional, or indeterminate, giving the agent the information it needs to reroute, defer, decompose, or revise the objective.

Distinction From the Operational Design Domain

The physical capability envelope is structurally distinct from an Operational Design Domain. An ODD defines the environmental conditions under which a system is designed to operate, for example that a vehicle may operate below a stated speed in clear weather on divided highways. The capability envelope describes the structural affordances of the substrate itself, independent of environmental conditions: that the compute substrate can execute a given perception pipeline, that the actuator system can produce the required steering torque, that the sensor array can detect features at the required range. The two evaluations are complementary but architecturally independent, and the embodied capability envelope adds physical affordances, degrees of freedom, reach, force and torque limits, locomotion capability, sensory modalities, and power budget, to the computational affordances that the envelope already carries for any substrate.

Safety Governance

Capability-constrained motor execution composes with the platform's integrity and governance primitives. Each safety incident, an event in which operation violated a safety constraint, produced an unexpected contact, exceeded a force limit, or entered a restricted zone, is recorded as an integrity deviation with full semantic context, and a redemption process generates restorative mutations such as sensor recalibration, modification of the motion-planning parameters that contributed to the incident, and voluntary reduction of operational scope until the root cause is addressed. Safety-critical actions, such as operations near humans, high-force operations, operations in confined spaces, and operations involving hazardous materials, require that the robot's own admissibility determination, an independent workspace safety monitor, and the supervising operator each confirm safety before the action commits. Hazard-prevention overrides, including emergency stops for unexpected obstacle or human presence and actuator anomalies, take precedence over all other governance mechanisms and produce immediate, unconditional motor suspension.

Disclosure Scope

The physical capability envelope, comprising the extension of the capability determination to embodied substrates, the reach, force, payload, energy, and terrain dimensions computed from the robot's current physical state, the continuous recomputation of the envelope as that state changes, the temporal executability forecast incorporating physical state dynamics, the architectural separation of capability from authorization with its authorized-but-not-capable quadrant, the linkage of the capability determination into the confidence governor and the non-synthesis outcome, the distinction from the Operational Design Domain, and the safety governance and integrity tracking that constrain motor execution, is disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart). This article describes that disclosed mechanism. The scope extends to embodiments including household robots, industrial manipulator arms, warehouse automation, and surgical robots, and to envelope schemas that combine physical and computational affordances, provided capability is computed as a structural determination evaluated before execution synthesis rather than discovered through execution failure.