Mechanism
Structural separation, as disclosed in Chapter 4 of the cognition filing, is the architectural invariant that keeps the agent's speculative planning graph domain apart from its verified execution memory. The planning graph is a mutable, memory-referenced, directed structure that represents one or more hypothetical future states: a root node holding the agent's current verified state, and a plurality of branches, each a distinct hypothetical trajectory of speculative mutations, delegation outcomes, environmental transitions, or intent resolutions the agent is evaluating. The verified execution memory comprises the committed values of all agent fields, the lineage of all governance-validated mutations, and the accumulated results of all executed operations. These two computational domains are distinct, and the separation between them is not a software convention, a namespace distinction, or an access control policy; it is enforced at the substrate level.
The central property is that no mechanism exists by which a planning graph branch can directly modify verified execution memory. A branch that projects a successful outcome does not thereby make that outcome verified. The projection remains speculative until it is promoted through the governance pipeline and executed. This single property is what lets the agent reason about possible futures without those futures contaminating what the agent treats as real.
What the Separation Achieves
The separation serves several architectural purposes at once. First, it ensures that speculative reasoning cannot contaminate verified state: constructing a branch that projects an outcome does not acquire that outcome as verified memory. Second, it lets the agent hold multiple contradictory hypothetical futures simultaneously without producing internal inconsistency. An agent may construct one branch projecting task success and another projecting task failure without creating a paradox in its verified state, because both branches exist in the speculative domain and neither has been promoted to verified status. Third, it provides the structural basis for the containment layer, which prevents the pathological condition in which speculative content is treated as verified reality.
The Promotion Interface as Sole Gateway
The boundary between the planning graph domain and the verified execution memory domain is enforced through a promotion interface: a governance-controlled gateway that evaluates proposed transitions from speculative to verified status. The promotion interface receives a candidate branch from the planning graph, subjects the candidate to the full governance evaluation pipeline (policy compliance, trust slope validation, integrity impact assessment, capability verification), and either admits the candidate to verified execution memory as a committed mutation or rejects it and returns it to the speculative domain with a rejection annotation.
No alternative pathway from speculative to verified status exists. The promotion interface is the sole gateway, and its governance requirements are not negotiable, waivable, or bypassable by the agent's affective state, personality configuration, or operational urgency. Because only slope-eligible branches may reach promotion, the slope constraint operates prospectively, filtering speculative branches before they reach the promotion interface so the governance pipeline never receives a candidate that would fail trust slope validation.
Bidirectional Separation and Snapshot Isolation
The separation is bidirectional. Just as planning graph content cannot flow into verified execution memory without governance-validated promotion, verified execution memory does not automatically flow into planning graphs. When the forecasting engine constructs a new planning graph, it reads the agent's current verified state as the root node but does not establish a live reference that would cause subsequent verified state changes to propagate automatically into existing planning graphs. This snapshot isolation ensures that planning graph evaluations are deterministic with respect to the verified state at the time of graph construction, and are not perturbed by concurrent execution activity.
The Containment Layer
The containment layer is the structural enforcement mechanism that maintains the separation under all conditions other than governance-validated promotion. It is not a software flag, a metadata annotation, or a runtime check; it is an architectural boundary embedded in the cognitive substrate. The containment layer enforces several invariants simultaneously.
First, every data element within a planning graph (every speculative mutation, every projected outcome, every affective reinforcement tag, every slope projection) is tagged at construction with an immutable speculative marker identifying it as non-verified content. The marker cannot be removed, modified, or overridden by any operation within the planning graph domain. Only the promotion interface, upon successful governance validation, strips the speculative marker and re-tags the content as verified before writing it to execution memory. Second, the containment layer enforces read isolation: queries from the agent's verified execution processes cannot access planning graph content as if it were verified memory. If the execution pipeline queries for a field value, it receives the verified value from execution memory, not a projected value from an active branch. Third, the containment layer prevents speculative content from being written to the agent's lineage as committed state. The lineage records only governance-validated mutations; it may record metadata about the forecasting process itself, such as the creation, evaluation, and pruning of planning graphs as cognitive events, but the speculative content of branches is not recorded as committed state until promoted.
The Delusion Boundary and Containment Collapse
The containment layer defines a delusion boundary condition: a formally specified pathological state in which the containment layer fails and speculative planning graph content is treated as verified reality. Containment collapse, the failure of the containment layer, is the architectural analog of delusion: the cognitive system can no longer distinguish between what it has speculatively projected and what has actually occurred. Containment collapse may arise through several structural failure modes: the speculative marker being corrupted or stripped without governance-validated promotion (through substrate-level failures such as memory corruption, hash collision, or serialization errors, or through adversarial manipulation); the read isolation boundary being breached so execution processes access planning graph content as verified memory; or the promotion interface admitting speculative content without completing governance validation.
The system provides containment integrity verification mechanisms to detect collapse before it produces observable behavioral effects. These include periodic containment audits that verify the integrity of speculative markers across active planning graph structures, boundary crossing monitors that detect unauthorized transitions from the speculative domain to the verified domain, lineage consistency checks that verify every lineage entry corresponds to a governance-validated promotion, and behavioral coherence monitors that detect the agent acting on speculative content as if it were verified, such as referencing projected outcomes that have not occurred.
Containment Restoration
When containment collapse is detected, the system initiates a containment restoration protocol. The protocol comprises immediate suspension of the agent's execution authority, preventing further mutations until containment is restored; quarantine of the affected planning graph structures, isolating them from both the forecasting engine and the verified execution memory domain; lineage forensic analysis that identifies which speculative content, if any, was incorrectly admitted to verified execution memory and marks it for rollback; verified state reconstruction that rebuilds the agent's verified execution memory from the most recent governance-validated checkpoint, excluding any content that entered through a breached boundary; and containment layer re-initialization that reconstructs the boundary with fresh speculative markers, isolation enforcement, and promotion interface validation.
Substrate Deployment
The structural separation and the containment layer are invariant across deployment models. In centralized deployment, planning graphs are maintained in a shared memory space partitioned by agent identity and protected by the containment layer. In federated deployment, planning graphs are maintained locally by each agent while only planning graph summaries are shared upward, so speculative content is not shared across organizational boundaries. In decentralized deployment, coordination occurs peer-to-peer with no centralized aggregation point. In embodied deployment on a robot, vehicle, or wearable device, the containment layer is enforced at the hardware level through memory protection units or trusted execution environments. The deployment model affects communication topology, latency, and resource allocation, but does not alter the governance requirements, promotion interface semantics, or containment layer enforcement that are structurally embedded in the architecture.
Disclosure Scope
The structural separation of the speculative planning graph domain from verified execution memory, the promotion interface as the sole governance-controlled gateway between them, the bidirectional snapshot isolation that prevents verified state from propagating automatically into planning graphs, the containment layer enforcing immutable speculative markers, read isolation, and lineage write protection, and the delusion boundary condition with its detection mechanisms and containment restoration protocol, are disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart). This article describes that disclosed mechanism. The scope extends to centralized, federated, decentralized, and embodied substrate deployments, provided the promotion interface remains the sole pathway from speculative to verified status and the containment layer enforcement is preserved.
