Capability Envelope for Substrates

Mechanism

A capability envelope is a structured object with four required components: bounds, evidence, time-validity, and binding. The bounds component enumerates the dimensions along which the envelope asserts competence — compute, memory, network throughput, latency tolerance, sensor modalities, actuator ranges, data classifications, tool surfaces, language domains, regulatory regimes — and assigns each dimension a structured limit expressed in the dimension's native units. Bounds are not lower-bound performance promises and not upper-bound permission caps; they are the closed region of operating space within which the envelope's evidence supports a competence claim.

The evidence component names the basis for the bounds: benchmark results signed by a credentialed evaluator, manufacturer specifications, operational telemetry summaries, formal proofs, third-party certifications, sandbox observations, or peer-fleet attestations. Evidence is itself credentialed — the envelope's verification step chains every evidence reference to a trust root the consuming agent honors — and evidence references are structural, not narrative: a sandbox-fixture verdict naming the fixture by content hash and the verdict by signed observation, not a free-text description.

The time-validity component is a half-open interval during which the envelope is honored. Validity is bounded both forward — evidence ages out, hardware degrades, regulatory regimes shift — and backward — an envelope's claims about a substrate are valid only after the substrate enters the configuration the evidence was collected against. The validity interval is enforced by every consumer of the envelope: the planner refuses to plan against an expired envelope, the policy evaluator denies invocation under one, the lineage tracer flags decisions that traced to envelope evidence outside its window.

The binding component names the object the envelope characterizes. Envelopes bind to substrates (a specific compute node, a specific robot platform), to skills (a specific tool implementation), to agents (a specific deployed assistant configuration), and to compositions of the above. Binding is structural and exclusive: an envelope bound to a substrate is unambiguously the envelope under which that substrate's competence is evaluated, and the consuming planner or policy evaluator does not synthesize an envelope from role membership or implicit defaults when an explicit envelope is present.

Envelopes compose through three explicit operations. Composition occurs when one agent invokes another or when one substrate hosts another: the resulting envelope is the structurally-defined combination of the participating envelopes, with bounds taking the more restrictive value on each dimension where the dimensions correspond and being undefined where they do not. Projection occurs when a task is mapped onto a subset of the envelope's bounds — for example, an envelope asserting competence over a broad sensor suite is projected onto the subset relevant to a specific subtask — producing a new envelope whose bounds are the projection's image. Intersection occurs when multiple envelopes simultaneously constrain a single execution — a substrate envelope, a skill envelope, and an agent envelope all governing the same invocation — producing a new envelope whose bounds are the intersection of the contributing envelopes on each dimension.

Operating Parameters

Bound dimensions are deployment-tunable. A minimal envelope schema covers compute, memory, network, and latency; a richer schema adds sensor modalities, actuator kinematics, data classifications, and tool surfaces; a domain-specific schema adds clinical-decision categories for healthcare, controlled-substance handling for pharmacy automation, weapons-system classes for defense, or financial-instrument categories for trading. The schema is itself a credentialed object; deployments operating across regulatory regimes carry multiple schemas and select the schema variant by request context.

Evidence freshness parameters control how aged evidence may be while still supporting the envelope's bounds. Hardware envelopes typically honor manufacturer specifications indefinitely but require recent telemetry-summary evidence for performance bounds; skill envelopes typically require recent sandbox-fixture evidence; regulatory envelopes typically require evidence dated within the regulator's audit window. Freshness parameters are policy-configured per evidence class; the envelope verification step refuses to honor evidence outside its freshness window.

Composition operators are parameterizable for the conflict-resolution strategy applied when contributing envelopes disagree on a dimension's units, semantics, or scaling. The default strategy is structural rejection: a composition whose contributing envelopes disagree on a dimension's interpretation produces no value on that dimension, which the consuming evaluator treats as the absence of competence on the dimension. Alternative strategies — explicit unit conversion, conservative reduction, evidence-weighted averaging — are available where the dimension's semantics support them; unsupported strategies are not silently substituted.

Time-validity parameters separate the validity of the envelope itself from the validity of its evidence references. An envelope may carry a validity window of weeks while citing evidence with daily freshness windows; the consuming evaluator enforces the more restrictive of the two on each evidence reference and refuses the envelope when any required evidence reference falls outside its window, even if the envelope's own window remains open.

Bound-margin parameters control how the consuming evaluator treats execution requests that approach but do not exceed the envelope's bounds on a dimension. An envelope may carry per-dimension margin annotations that classify a request as nominal when it falls well within the bound, marginal when it approaches the bound, and refused when it exceeds the bound. Marginal classifications produce a credentialed observation that downstream telemetry consumes to schedule re-evaluation of the envelope's evidence; persistent marginal operation on a dimension is the structural signal that the envelope's evidence has aged or that the substrate has drifted toward the bound and should be re-characterized.

Dimension-introduction parameters govern how new bound dimensions are added to a deployment's envelope schema. The default policy treats an envelope that lacks a value on a newly-introduced dimension as the absence of competence on that dimension, which forces explicit re-characterization of every binding before the new dimension begins gating execution; an alternative policy allows an explicit grace window during which envelopes silently honor the new dimension as unbounded, which is appropriate for non-safety-critical dimensions whose introduction would otherwise cause mass refusal. The choice is itself a credentialed admissibility decision recorded in the deployment's policy lineage.

Alternative Embodiments

The mechanism admits embodiments that vary in envelope scope, evidence sourcing, and composition algebra. Per-substrate embodiments characterize physical or virtual compute substrates and are the natural choice for fleet operators; per-skill embodiments characterize executable artifacts and are the natural choice for skill marketplaces; per-agent embodiments characterize deployed agent configurations and are the natural choice for enterprise governance. Multi-binding embodiments produce envelopes that bind simultaneously to a substrate-skill pair, a skill-agent pair, or a full substrate-skill-agent triple, with the binding's specificity determining which invocations the envelope governs.

Evidence sourcing embodiments range from manufacturer-attested specifications through credentialed third-party benchmarks, sandbox-fixture verdicts produced by the consuming deployment, peer-fleet attestations admitted under cross-fleet aggregation credentials, and live-telemetry summaries from operational use. Multi-source embodiments cite evidence from multiple sourcing classes and require quorum verification — for example, a defense envelope may require both manufacturer attestation and a credentialed third-party benchmark — with the verification step refusing the envelope if any required source fails.

Composition-algebra embodiments vary the operators available to envelope manipulation. Minimal embodiments support only intersection — sufficient for most policy-evaluation pathways. Richer embodiments add projection, transformation, and conditional composition that produces different combined envelopes depending on request-context predicates. Domain-specific embodiments add operators that respect the domain's structure: kinematic envelopes compose under a kinematic operator that respects link-chain geometry; data-classification envelopes compose under a lattice operator that respects classification hierarchy.

Composition

The capability envelope composes with the broader credentialed-observation substrate by treating the envelope itself as a credentialed observation. Issuance, revocation, supersession, and lineage tracing apply uniformly. The envelope's bounds become inputs to the policy evaluator's deterministic decision function alongside admissibility policy and request context; the evaluator's decision is structurally traceable to the specific envelope and the specific dimensions that bounded the decision, which is the property that makes audits possible without replaying the original inference.

Composition with sandbox pre-activation certification is direct: the certification artifact carries a capability-envelope projection that bounds the certified skill's permitted operating region, and the activation gate enforces the projection alongside the certification's other predicates. Composition with fleet-level training governance allows a fleet's training acceptance policy to refuse contributions whose claimed exposure exceeds the fleet's envelope on data-classification or sensor-modality dimensions. Composition with the planner allows the planner to enumerate candidate substrates by intersecting their envelopes with the task's required envelope and rejecting candidates whose intersection is empty on any required dimension before any invocation is attempted.

Prior-Art Distinction

Role-based access control and attribute-based access control express authorization — what an actor is permitted to do — and conflate competence with permission by treating authorization as sufficient for execution. Capability-based security regimes (the object-capability tradition, OAuth scopes, capability tokens) express transferable invocation rights but do not express competence bounds, evidence, or time-validity in the structural sense disclosed here. Service-level objectives and service-level agreements express performance promises but are not structural objects manipulated by a planner; they are operational targets evaluated retrospectively.

Hardware-feature-flag systems (CPUID, OpenCL device queries, GPU capability strings) expose substrate features but do not carry credentialed evidence, time-validity, or composition operators; they are static substrate descriptions consumed at runtime initialization. Model-card and system-card disclosures provide narrative competence claims for AI systems but are unstructured and not honored by an evaluator. Robotics workspace envelopes describe geometric reach but are not credentialed objects subject to revocation, and they do not compose with non-geometric dimensions.

The disclosed mechanism's combination — bounds, evidence, time-validity, structural binding, and explicit composition operators — is absent from these regimes. In particular, the property that envelopes are not implicit consequences of role assignment, but explicit objects whose presence is required and whose absence is treated as the absence of the asserted competence, distinguishes the mechanism from every regime that derives competence from authorization context.

Disclosure Scope

The disclosure covers the mechanism by which competence is reified as a structured, signed, time-bounded, composable object whose presence governs the planner, policy evaluator, and lineage tracer in the cognition architecture, regardless of the bound dimensions, evidence sourcing, composition algebra, or binding scope. Autonomous vehicles, embodied robots, defense platforms, healthcare agents, financial agents, infrastructure controllers, and consumer-facing assistants are within the disclosed deployment classes. The mechanism is disclosed as a structural primitive of the capability-awareness layer, composing with sandbox certification, fleet-level training governance, and the credentialed-observation substrate. The disclosure further covers the use of the envelope as the primary input to admissibility decisions that previously relied on role inference or contextual heuristics, and contemplates extensions in which the envelope's bound dimensions, evidence types, and composition operators are themselves subject to credentialed evolution under the same observation-channel substrate that governs the envelopes themselves.