The Capability Envelope

Each execution substrate in the system advertises a capability envelope: a structured data object describing the substrate's current structural characteristics along a plurality of defined dimensions. The capability envelope is not a permission list, a service catalog, or a self-reported performance benchmark. It is a formal description of the substrate's affordances, the structural properties that determine what forms of execution the substrate can support. For computational substrates the envelope comprises dimensions including compute class, memory architecture, model access, locality, and execution guarantees. The disclosure extends this same construct to embodied substrates, where the envelope additionally describes the physical affordances of the platform.

Capability envelopes are dynamic data objects. When hardware is provisioned or deprovisioned, when models are loaded or unloaded, when network conditions change, or when other agents consume or release shared substrate resources, the envelope is updated to reflect the substrate's current state. The system does not rely on stale or statically configured capability information. The capability envelope is a living description of the substrate's present affordances, and each dimension is represented as a structured descriptor with defined semantics, value ranges, and comparison operators so that the system can perform formal matching between an objective's requirements and a substrate's envelope.

Physical Affordances of an Embodiment

The capability envelope framework is extended to embodied and robotic systems in which execution substrates include physical bodies with motor systems, sensor arrays, and environmental interaction surfaces. In embodied systems the envelope encompasses not only computational affordances, such as processor type, memory capacity, and model access, but also physical affordances: the degrees of freedom available to the robot's manipulators, the force and torque limits of the robot's actuators, the reach envelope of the robot's arms, the locomotion capabilities of the robot's mobility platform, the sensory modalities available through the robot's sensor suite, and the power budget available for sustained operation.

These physical dimensions populate the same structured envelope as computational dimensions. The disclosure depicts a physical capability envelope assembled from a degrees of freedom module representing the manipulator's available degrees of freedom, a force capacity module representing the actuator's force and torque limits, a reach envelope module representing the spatial extent of the robot's manipulators, and a locomotion module representing the mobility platform's traversal capabilities. Each of these physical affordance modules feeds a physical match module that performs the dimension-by-dimension comparison between the robot's physical capability envelope and a motor objective's physical requirements.

Matching Motor Objectives

The capability determination for an embodied system evaluates whether the robot's physical affordances are structurally sufficient to execute a given motor objective. A motor objective, such as grasping an object, traversing terrain, or assembling a component, carries physical capability requirements that must be matched against the robot's physical capability envelope in the same formal manner that computational capability requirements are matched against a computational substrate's envelope. The matching process evaluates each physical dimension: does the robot's manipulator have the degrees of freedom required to orient the tool, does the actuator have the force capacity required to drive the fastener, does the mobility platform have the ground clearance and traction required to traverse the terrain, and does the sensor suite include the modality required to detect the relevant feature.

As with computational matching, each dimension produces one of three outcomes. A dimension is satisfied when the substrate's capability meets or exceeds the requirement, unsatisfied when the capability falls short in a manner that cannot be resolved through temporal deferral or reconfiguration, or conditionally satisfiable when the capability currently falls short but could be brought into satisfaction through a temporal deferral, a reconfiguration, or a partial decomposition. The aggregate determination resolves to one of a bounded set of determinate outcomes: execution is structurally possible, structurally impossible, structurally deferred, or must be rerouted to an alternative substrate. None of these is an error condition; each is a valid computational result.

Temporal Dynamics of Physical State

The temporal executability forecasting framework extends to embodied systems by incorporating physical state dynamics. The robot's physical capability envelope is time-varying: battery charge depletes, actuator temperatures rise, sensors degrade, and the physical environment changes as terrain becomes muddy, lighting shifts, or obstacles appear. The temporal executability forecast for an embodied system projects these physical state dynamics forward in time and identifies the temporal windows during which the robot's physical capability envelope satisfies the motor objective's requirements.

A motor objective that requires sustained high-torque actuation may be immediately executable but may become temporally impossible as actuator temperatures approach thermal limits. The temporal forecast detects this impending collapse and defers or reroutes the objective before the thermal limit is reached. This converts what would otherwise surface as a runtime stall into a forecasted, governable determination produced before any commitment is made.

Uncertainty in Physical Estimation

The uncertainty model for embodied systems incorporates the inherent uncertainty of physical state estimation. Sensor measurements are noisy, actuator performance degrades non-linearly, terrain properties are partially observable, and environmental conditions are subject to unpredictable change. The uncertainty bounds associated with physical capability dimensions are typically larger than those associated with computational capability dimensions, reflecting the greater epistemic uncertainty inherent in physical systems.

The system accounts for this elevated uncertainty by applying wider confidence intervals to physical capability forecasts and by implementing more conservative execution synthesis thresholds for motor objectives. Uncertainty here is a first-class propagated variable, distinct from the executing agent's confidence: it expresses how reliable the system's own assessment that the robot can execute is, rather than whether the agent should execute.

Distinct from an Operational Design Domain

The capability envelope for embodied systems is structurally distinct from an Operational Design Domain as used in autonomous vehicle systems. The Operational Design Domain defines environmental conditions under which the system is designed to operate, whereas the capability envelope describes the structural affordances of the execution substrate itself, independent of environmental conditions. An Operational Design Domain might specify that a vehicle may operate at speeds below 65 mph in clear weather on divided highways; the capability envelope specifies that the vehicle's compute substrate can execute a given perception pipeline, that its actuator system can produce the required steering torque, and that its sensor array can detect features at the required range. The two are complementary but architecturally independent evaluations.

Capability Is Not Authorization

Capability answers whether an operation can structurally exist, a categorically different question from whether an operation is allowed. Capability envelopes and governance policies are maintained in architecturally separate subsystems with no bidirectional dependency: the capability subsystem does not consult governance when computing determinations, and the governance subsystem does not consult capability envelopes when evaluating permission. The two independent determinations are combined at the execution synthesis gate, where both must be satisfied for synthesis to proceed.

This separation produces the four operational quadrants the system recognizes, and the embodied case makes the second quadrant, authorized but not capable, concrete. A surgeon whose biological signals indicate fatigue-induced motor imprecision may be governance-authorized to perform a procedure, holding the requisite credentials and institutional authorization, yet biologically incapable at the present moment because assessed motor precision falls below the procedure's requirement. The system detects this discrepancy through the same four-quadrant model and responds by deferring the objective until the operator's biological capability envelope recovers, or by routing the objective to an alternative operator whose envelope currently satisfies the requirements. Biological capability assessments are ephemeral, context-scoped, and store no raw biological data.

Distinction from Prior Art

Conventional distributed and robotic systems treat capability implicitly: a task is dispatched to a node, and the node either executes it or returns a failure. The determination of whether the node can execute is typically made through resource-availability checks or through static, manually maintained capability registries. Resource availability is a necessary but insufficient condition for capability, a node may have ample memory and compute yet lack the actuator, sensor, or model required to produce an executable form, and static registries do not capture the temporal dynamics of a capability envelope that changes as hardware, models, environment, and shared resources change.

The embodied capability envelope is structurally different. It is a formal, dimensioned description consulted before any execution plan is constructed, and capability is evaluated prior to the construction of any executable process. Inability to execute is detected and handled at the structural level as a valid result, not discovered at runtime through motor stall or unsafe contact. This is what permits the same capability-native computation that governs machine execution to govern physical motor objectives and even human task assignment under a single architecture.

Disclosure Scope

The capability envelope for embodied and robotic systems, comprising physical affordance dimensions such as manipulator degrees of freedom, actuator force and torque limits, reach envelope, locomotion capability, sensory modalities, and power budget; the dimension-by-dimension physical match against a motor objective's requirements yielding satisfied, unsatisfied, or conditionally satisfiable outcomes; the aggregate determination of structurally possible, impossible, deferred, or rerouted; the extension of temporal executability forecasting and the uncertainty model to time-varying physical state; the distinction from an Operational Design Domain; and the architectural separation of capability from governance authorization, including the authorized-but-not-capable case for human operators, are disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart) at Chapter 6, principally Section 6.15 with supporting disclosure in Sections 6.2, 6.3, 6.4, and 6.16. This article describes that disclosed mechanism. Specific platform calibration procedures and numerical thresholds are reserved for licensee implementation guidance and are not part of this public disclosure.