Structural Separation From Verified Memory

Mechanism

The Memory Separation mechanism is defined in Chapter 4 of the cognition patent as a partitioning of the agent's memory substrate into three structurally distinct regions. Observation memory holds records of perceived events and inputs, indexed by source and timestamp, and is the canonical landing zone for sensor and channel data. Action memory holds the durable record of commitments the agent has made and the outcomes of those commitments, indexed by commitment identifier and lineage. Forecast memory holds the planning graph: branches, their classifications, their evaluations, and their interim scores. Each region has its own type system, its own indexing scheme, and its own retention policy, and the regions are realized as separate stores rather than as logical views over a shared store.

The structural property of separation is that there is no in-band path by which content originating in forecast memory can become content in action memory or observation memory. There is no shared mutable buffer, no implicit pointer, and no transitive read that crosses a region boundary without invoking a typed bridge operation. The bridge operations are few in number, are explicitly named in the architecture, and each carries a precondition expressed in policy and a lineage record that names the bridge invoked, the source object, the destination object, and the policy clause that authorized the crossing.

Three bridges are canonical. The promotion bridge moves a branch outcome from forecast memory into action memory, and is invoked only when an action policy commits to the outcome; its precondition includes that the branch be of an admissible class and that the agent be in the executing state. The corroboration bridge writes the result of a corroborating branch's evaluation back into the metadata of the verified belief it tested, without copying the branch content itself; this updates confidence without migrating speculative material. The observation-to-forecast bridge admits an observation from observation memory into a branch construction in forecast memory; this is a one-way read that produces a derived branch object in forecast memory rather than a shared reference.

Cross-region access in the reverse direction is similarly bounded. Forecast memory may read from observation memory through the observation-to-forecast bridge and may read commitments from action memory through a typed query that returns immutable snapshots; it may not mutate either. Action memory may read from forecast memory only through the promotion bridge's precondition check, which inspects branch class and confidence without exporting branch content. Observation memory does not read from either of the other regions: observations are always primary inputs, never derived.

The cumulative effect of these constraints is that forecast content cannot become verified content except by a named, audited promotion. Memory laundering — the pattern in which speculative content acquires apparent provenance by traversing intermediaries until its origin is obscured — is not possible, because every bridge crossing is recorded with the originating region and the policy clause that authorized it, and the regions themselves are the only sources from which content can be drawn.

Operating Parameters

Each region is parameterized by a type schema for its objects, an indexing scheme for retrieval, a retention policy that governs aging and eviction, and a set of permitted bridge endpoints. The type schema is enforced at write time; an attempt to write an object of a foreign type is rejected at the boundary rather than coerced. The retention policy may differ across regions: observation memory typically has the longest retention with append-only semantics, action memory retains commitments and outcomes for the lifetime of their downstream dependencies, and forecast memory retains branches subject to per-class lifecycle parameters.

Bridge operations are parameterized by their preconditions, their lineage requirements, and their authorized callers. A bridge invocation that fails any precondition is rejected and produces a violation record rather than a partial effect. Lineage requirements specify the canonical fields that must be populated by the bridge's caller and the fields that the bridge populates automatically, including the source object identifier, the destination object identifier, the policy clause, and a transition timestamp.

The separation policy is itself configurable per deployment. A policy may, for example, require multi-clause authorization for promotion bridges in safety-critical contexts (for instance, requiring both a content-confidence threshold and an external acknowledgment), or may permit a more permissive promotion path in low-stakes interactive contexts. The bridge set is fixed by the architecture; the preconditions on each bridge are tunable.

Alternative Embodiments

In a single-process deployment, the three regions are realized as distinct in-memory stores with type-checked accessors that constitute the bridge implementations. In a distributed deployment, each region may be realized as a separate service with its own persistence and its own access boundary, and the bridges are realized as cross-service operations with cryptographic provenance. In a hardware-isolated deployment, the regions may reside in distinct memory protection domains, with the bridges implemented as supervised transitions across the protection boundary.

Alternative bridge embodiments include synchronous bridges that block the caller until the precondition is satisfied or rejected, asynchronous bridges that queue the request and notify on completion, and human-in-the-loop bridges that route the precondition check through an external authority. In every embodiment, the bridge is named, audited, and the only structural means by which content crosses regions.

The taxonomy of regions may be extended. Some embodiments add a goal memory region that holds desired end-states; in such embodiments, goal memory has its own bridges to forecast memory (for branch construction toward goals) and to action memory (for commitment tracking against goals). The structural principle — typed, audited, named bridges as the sole inter-region paths — is preserved across all such extensions.

Further alternative embodiments include capability-secured bridges in which each bridge invocation requires an unforgeable capability token issued by the policy reference subsystem, content-addressed regions in which objects carry cryptographic identifiers that record their region of origin in their addresses, and append-only regions in which all objects are immutable and bridge operations always produce new derived objects rather than mutating existing ones. In each such embodiment, the structural separation property is strengthened by the underlying substrate, and memory laundering is rendered not only architecturally prohibited but also cryptographically detectable through provenance chains that follow each object back to its originating region.

Composition With Other Mechanisms

Memory separation composes directly with branch classification: the class of a branch determines whether it is admissible to the promotion bridge and how its retention is governed inside forecast memory. It composes with confidence governance: confidence values consumed by the promotion bridge precondition are computed over verified content drawn from action and observation memory, never from forecast memory itself, which prevents speculative content from inflating its own promotion confidence.

Memory separation composes with Non-Executing Mode by enforcing that no promotion bridge may fire while the agent is in NEM. Forecast memory continues to evolve during NEM, but the bridge gate that would migrate forecast content into action memory remains closed, preserving the invariant that nothing speculative can become verified during a low-confidence interval. The composition is structural rather than procedural: the gate is an architectural property of the bridge, not a runtime check that could be bypassed.

Distinction From Prior Art

Prior agent architectures commonly hold beliefs, observations, and plans in a unified knowledge base distinguished by tags or confidence values rather than by region. Such architectures rely on convention and on the discipline of consumer code to avoid promoting speculative content into commitment positions. The result is that subtle defects in consumer code, or learned policies that exploit the absence of structural barriers, can produce hallucinated commitments — content treated as verified despite a speculative origin.

Other prior systems implement weak separations through naming conventions, prefix tags, or read-only flags, but in each case the separation is a property of access patterns rather than of the substrate. There is no audited bridge, no typed boundary, and no architectural prohibition on implicit reference. Memory laundering is therefore possible whenever a piece of code reads a forecast object and writes its content into a verified slot.

The disclosed mechanism is distinct because the substrate itself is partitioned, the bridges are the only cross-region paths, every bridge crossing is audited with originating region and policy clause, and the gates on the bridges are architectural. No discipline is required of consumer code, no convention is relied upon, and no learned policy can launder content because the laundering paths do not exist.

Disclosure Scope

The disclosure encompasses any agent memory architecture in which forecast, action, and observation content reside in structurally distinct regions, in which cross-region content movement occurs only through typed, named, audited bridges, and in which the bridges enforce policy-defined preconditions at the architectural boundary. The disclosure covers single-process, distributed, and hardware-isolated embodiments, and it covers any extension of the region taxonomy that preserves the typed-bridge property.

Because the separation is policy-governed and deterministic, it can be formally analyzed, audited, and certified. Different domains tune the bridge preconditions through policy configuration without architectural change, making the same structural capability applicable to autonomous vehicles, companion AI, therapeutic agents, and enterprise systems.

The disclosure further encompasses methods of certifying region separation through static analysis of bridge invocations, methods of detecting attempted laundering by monitoring for objects whose canonical fields conflict with their resident region, methods of evolving region taxonomies in a backward-compatible manner by introducing new regions with their own typed bridges, and methods of composing the separation property with confidentiality requirements such that cross-region access is bounded by both type and authorization. The disclosure includes the property that no consumer code, however written or learned, can produce a verified commitment whose content originated in forecast memory except through a named, audited bridge whose precondition was satisfied at the time of invocation, and that this property is enforced by the substrate rather than by consumer discipline. The disclosure additionally covers methods by which an external auditor, given only the recorded lineage of bridge invocations, can reconstruct the provenance of every object in action memory back to its originating region and the policy clauses that authorized each crossing.