Mechanism
The curriculum engine is the subsystem responsible for defining, sequencing, and administering the learning and assessment activities through which a requester accumulates the performance evidence required to satisfy a capability gate. A requester may be a human operator, a semantic agent, or a composite system. For each gated capability the engine defines a structured curriculum comprising a set of learning objectives, a set of assessment instruments, a sequencing policy that determines the order in which learning objectives and assessments are presented, and a mastery threshold for each objective that specifies the performance level required to satisfy that objective.
The engine sits upstream of the capability gate. The gate is a governed evaluation point that stands between a requester and a capability the requester seeks to exercise, and it does not rely on credentials, degrees, or role assignments. It evaluates demonstrated performance evidence: observations, measurements, and assessments that directly measure the requester's ability to exercise the capability competently in the current context. The curriculum engine is the structured source of that evidence. It produces mastery evidence through assessment and continuous operational monitoring, and that mastery evidence flows to the gate, which evaluates it against defined competency thresholds.
Progressive Unlock
The curriculum engine implements progressive unlock: a capability is not granted in a single assessment event but is unlocked progressively as the requester demonstrates mastery of increasingly complex or critical aspects of the capability. The progressive unlock model ensures that a requester is exposed to simpler aspects of a capability before being granted access to more complex or higher-risk aspects, and that the accumulated evidence of mastery reflects demonstrated competence across the full scope of the capability rather than performance on a single assessment.
This is why the engine sequences objectives rather than treating a capability as a single pass-or-fail test. Simpler or lower-risk aspects are presented and assessed first; mastery of those aspects is a prerequisite for being presented with the more complex or higher-risk aspects. The capability gate therefore opens not on a single demonstration but on accumulated evidence that spans the curriculum's full scope.
The Curriculum as a Governed Object
Each curriculum operates within the semantic agent framework as a governed object. Its definition, sequencing, and modification are subject to policy constraints and lineage recording. Changes to a curriculum, including additions of new learning objectives, modifications of mastery thresholds, and resequencing of assessment order, are governed mutations: they are validated, policy-checked, and recorded in the curriculum's lineage.
The consequence is that a curriculum cannot be weakened, shortened, or bypassed without a governed policy change that is attributable to a specific governance authority and auditable through the lineage. There is no path by which the assessment sequence or a mastery threshold can be quietly relaxed: any such change is itself a recorded, attributable event.
The Capability Gate
The capability gate evaluates the accumulated evidence and produces a binary determination: the gate opens, granting access to the capability, or the gate remains closed, denying access. Because the engine continues to feed evidence through continuous operational monitoring after access has been granted, the gate operates as a continuous evaluation rather than a one-time assessment. The gate may close, revoking access to a previously granted capability, if the requester's ongoing performance evidence indicates that competence has degraded below the required threshold.
In the disclosed architecture the curriculum engine produces mastery evidence, that evidence flows to the gate, and the gate produces one of two outcomes: a progressive unlock, in which the requester is granted access, or a regression or revocation, in which access is denied or revoked based on evidence of competency degradation below the required threshold.
Certification Token
When a capability gate opens, that is, when the accumulated evidence satisfies all gating criteria for a defined capability, the system generates a certification token. The token is a cryptographically signed data object that attests to the holder's demonstrated mastery of the capability at a specific point in time, under specific assessment conditions, as evaluated by specific evaluation instruments. It is not a role assignment, a permission grant, or a static badge: it is a time-bounded, evidence-backed, cryptographically verifiable attestation that is subject to expiration, revocation, and revalidation.
The token comprises a capability identifier; the identity of the holder; an evidence hash, which is a cryptographic hash of the evidence corpus evaluated at issuance that lets a verifier confirm the token was issued on specific evidence without access to the evidence itself; the issuance timestamp; the expiration timestamp; the policy scope under which the token was issued; the issuing authority; a device entropy binding to the physical device from which the mastery evidence was submitted, which prevents token portability to devices on which the mastery was not demonstrated; and the cryptographic signature of the issuing authority.
Token Lifecycle and Cross-Platform Deployment
The certification token participates in a defined lifecycle. Upon issuance the token is active and may be presented to capability gates, verification services, and cross-platform deployment gates as evidence of mastery. Upon expiration it becomes inactive and the holder must re-demonstrate mastery to obtain a new token. Upon revocation, triggered by evidence of mastery regression, incident reports, or governance intervention, the token is invalidated regardless of whether it has expired. Upon revalidation, triggered by successful completion of a re-assessment, a new token is issued with fresh evidence bindings. Each lifecycle transition is recorded as a governed event in the holder's lineage.
The token supports cross-platform deployment gating. When a holder presents a token to a system outside the originating platform, the receiving system verifies the token's cryptographic signature against the issuing authority's public key, validates the token's expiration status, and evaluates the token's policy scope for compatibility with the receiving system's own governance requirements. If verification succeeds, the receiving system may accept the token as evidence of mastery within the scope the token defines, subject to any additional requirements imposed by the receiving system's own capability gate.
Regression Detection and Revocation
When the gating system grants a capability based on accumulated evidence, the system continues monitoring the grantee's performance after the capability is unlocked. This monitoring produces a continuous evidence stream that is evaluated against a regression threshold, a defined performance floor below which the grantee's demonstrated competency is deemed insufficient to maintain the grant. If subsequent performance falls below the regression threshold, indicating skill decay, context change, or gaming, the capability is automatically revoked, and the grantee must re-demonstrate competency through the same evidence-based pathway that originally granted it.
The regression threshold may be set at the same level as the original granting threshold or at a lower level that provides a buffer against transient performance dips, as specified by the applicable policy configuration. Revocation is protective: the system records the revocation event, the evidence that triggered it, and the performance trajectory leading to revocation in the grantee's lineage. Revocation may trigger a mandatory cooldown period during which the grantee may not re-apply, ensuring that re-demonstration reflects genuine competency recovery rather than short-term performance variance.
Disclosure Scope
The curriculum engine and progressive unlock mechanism described here, comprising the per-capability curriculum of learning objectives, assessment instruments, sequencing policy, and per-objective mastery thresholds; the progressive unlock model that exposes a requester to simpler aspects before higher-risk aspects; the treatment of each curriculum as a governed object whose definition, sequencing, and modification are validated, policy-checked, and lineage-recorded; the production of mastery evidence that flows to a capability gate; the certification token, its fields, and its active, expired, revoked, and revalidated lifecycle, including cross-platform deployment gating; and continuous post-grant monitoring with regression-threshold revocation, is disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart). This article describes that disclosed mechanism. The scope extends to embodiments in which the evidence is acquired through a multimodal evaluation pipeline and in which mastery evidence credibility is adjusted by anti-gaming measures, provided the curriculum remains a governed object whose progressive unlock is driven by accumulated performance evidence evaluated against defined mastery thresholds.
