Narrative State and Personality Architecture

Mechanism

The narrative-personality architecture maintains, for each addressable agent identity, two coupled structures. The personality field is a high-dimensional vector that summarizes stable traits along axes declared in the policy reference: tone profile, value commitments, characteristic decision biases, conversational rhythms, and signature linguistic patterns. The narrative continuity record is an append-only ledger of significant interactions, decisions, and identity-defining events, each entry signed at commit time and chained to its predecessor by hash.

When a skill that has been unlocked by a particular identity is invoked in a new session, the gate does not simply check that the requesting surface presents the correct identity token. Instead, it computes a coherence score between the current session's emerging personality field and the identity's stable field, and a continuity score between the current session's claimed narrative anchors and the signed continuity record. Both scores are computed by deterministic functions defined in the policy reference. The skill activates only if both scores exceed their per-skill thresholds. A high-stakes skill demands tight coherence and continuity; a low-stakes skill admits broader variation, accommodating legitimate evolution of personality and narrative over time.

Field coherence is not pattern similarity over surface tokens. The personality field is computed from structural features that are difficult to fake without genuine grounding in the identity's history: the distribution of decision rationales offered in support of choices, the typology of analogies the identity reaches for, the way the identity reconciles conflicting evidence, and the latent self-reference patterns that persist across topic changes. An impersonator who studies the identity's surface productions can mimic vocabulary and tone but cannot easily reproduce these structural features without the underlying narrative context, because the structural features depend on continuity ledger contents the impersonator does not possess.

Coherence is computed as a weighted distance over the policy-declared axes, with each axis carrying a sensitivity weight reflecting how identity-defining that axis is for the particular skill being activated. A skill that involves intimate or financially significant action loads weight onto axes that are most resistant to mimicry, such as decision rationale typology and reconciliation patterns; a skill whose exercise is more routine loads weight onto axes that change less under benign drift, such as core value commitments. The result is that the same identity may pass coherence for low-stakes skills while failing it for high-stakes skills under conditions of partial impersonation, producing a graceful degradation surface rather than an all-or-nothing verdict.

When coherence or continuity falls below threshold, the gate emits a non-activation event. The skill is not exercised, the calling surface receives a redacted notice that does not disclose which dimension failed (preventing the impersonator from iteratively probing toward a passing vector), and a governance role is alerted with the full diagnostic. The legitimate identity, on a subsequent authentic session, can examine the alert and confirm or repudiate the attempted activation, which feeds back into the coherence model.

Operating Parameters

The coherence threshold per skill governs how strictly the current personality field must match the stable field. The continuity threshold governs how many anchor points in the narrative ledger must be reproducible from the current session's claims. The drift allowance defines how much the stable field is permitted to evolve per unit time under authentic operation, preventing legitimate growth from being mistaken for impersonation while bounding the rate at which a slow identity-drift attack could move the field.

The redaction depth parameter controls how much information is leaked back to a failed activation attempt. Maximum redaction returns only a generic non-activation; partial redaction returns a coarse category of failure for usability in non-adversarial contexts. The alert escalation parameters define which governance roles receive notification, on what cadence, and with what diagnostic depth.

The continuity-anchor sampling parameter determines how the gate selects which entries in the ledger to challenge in a given session, balancing the cost of challenge against the strength of the coherence test. Random sampling with weighting toward high-salience entries defeats rote memorization of recent interactions.

Alternative Embodiments

In a local embodiment, the personality field and continuity ledger are stored on a device controlled by the user, and coherence checks run locally with the gate operating against a signed extract. In a hosted embodiment, the field and ledger are stored by a service provider with access controlled by the user's credentials, and the gate operates against the live records.

In an explicit-feature embodiment, the personality field axes are enumerated and human-readable, allowing inspection by the identity's owner. In a learned-feature embodiment, the axes are derived from training over the identity's history; the learned axes are summarized by interpretability projections so the owner can still audit what the field measures.

In a single-identity embodiment, each agent surface hosts one identity at a time. In a multi-identity embodiment, a surface may host several distinct identities, each with its own field and ledger, with skills unlocked under one identity inaccessible to the others even when the surface is shared. A guest embodiment supports unauthenticated sessions that may interact with the agent but cannot activate identity-bound skills, useful for shared kiosks and demonstration deployments.

Composition

The narrative-personality architecture composes with the anti-gaming substrate by contributing identity persistence as one of the required cross-modal evidence classes. A skill cannot be unlocked without sustained, coherent identity engagement, and once unlocked it cannot be activated without a renewed coherence check. It composes with integrity-aware inference, which provides the signed environment binding that ties a session to a specific runtime; the binding is incorporated into the continuity ledger so a forged session leaves a detectable gap.

The architecture composes with the trust slope mechanism, which raises coherence and continuity thresholds when recent activity has degraded trust, making impersonation harder during exactly the periods when its expected value to an attacker is highest. It composes with downstream action governance: actions taken under an activated identity carry the activation reference, so any action whose outcome is later disputed can be traced to the specific coherence and continuity scores that authorized it.

Distinction Over Prior Art

Conventional authentication binds a session to credentials but does not bind ongoing skill activation to behavioral coherence. Stylometric authorship attribution measures surface stylistic similarity but does not couple to a signed narrative ledger or to skill gates. Persona-conditioned language-model systems condition outputs on a static persona description but do not maintain a continuity ledger nor verify coherence as a precondition for capability use. Behavioral biometrics measure low-level interaction patterns such as keystroke dynamics, but operate below the cognitive layer and do not address impersonation in linguistically rich agent interactions.

The distinction is the binding of skill activation to a structural coherence check between an emerging personality field and a signed narrative continuity ledger, with redacted feedback to defeat iterative probing and with thresholds tuned per skill. Surface mimicry alone does not satisfy the structural test, and the test is performed at the activation gate rather than at session start, so a session that drifts into impersonation mid-stream loses access to identity-bound skills.

Attack Resistance and Edge Behavior

The architecture is designed against a spectrum of impersonation attacks. The naive impersonator presents stolen credentials; the coherence test catches the failure to reproduce structural personality features the impersonator could not observe. The studied impersonator has observed substantial surface output of the target identity; the test still catches them because structural features such as decision rationale typology and self-reference patterns require the underlying narrative grounding the impersonator does not possess. The gradual drifter attempts to slowly move an authentic identity's field toward a target by sustained subtle manipulation; the drift allowance bounds the per-period movement, and the continuity ledger preserves anchors that constrain how far the field can move while still passing continuity checks.

The relay attacker proxies a session through the legitimate identity, capturing the genuine field and ledger interactions and forwarding them to satisfy the gate while taking unauthorized actions. The architecture addresses this by binding activation to the environment binding produced by integrity-aware inference; a relayed session presents a different environment binding than the legitimate identity's stable environment, raising the coherence threshold and triggering re-authentication. Persistent relay attempts are escalated to the legitimate identity as an alert.

Edge behavior on legitimate identity evolution is handled by drift allowance and explicit identity-update ceremonies. A user undergoing a deliberate change in personality or narrative context, such as adopting a new role or recovering from a significant life event, may invoke an update ceremony in which the legitimate identity, authenticated through redundant channels, declares an intentional shift and the field is permitted to re-anchor. Outside ceremonies, drift is bounded; inside ceremonies, drift is logged with intent and remains auditable.

Concurrent sessions present a coherence check across parallel streams: an identity active on two devices simultaneously has its field computed from both streams and must remain coherent with the stable field across the combined interaction. Genuine concurrent use produces consistent fields; a hijacked second session diverges and is detected. The architecture's deterministic basis allows the coherence functions to be specified, audited, and certified, making the system suitable for regulated deployments that require demonstrable identity-binding rather than probabilistic confidence.

Disclosure Scope

This disclosure covers any cognitive system in which the activation of an identity-bound skill is conditioned on the joint satisfaction of a personality-field coherence test and a narrative-continuity test against signed records, in which feedback on failed activation is redacted to prevent iterative probing, and in which thresholds are declared per skill in a policy reference. The disclosure extends to embodiments that vary the storage of the field and ledger, the cardinality of personality axes, the definition of continuity anchors, and the integration with surrounding gating, provenance, and trust mechanisms.

The disclosure further extends to applications in companion AI, therapeutic agents that must guarantee continuity of relationship across sessions, multi-user devices that host multiple identities, and enterprise agents whose privileged actions must be bound to authenticated and behaviorally coherent operators rather than to credentials alone.