Admissibility as Skill Router

Mechanism

Each skill artifact is published into the mesh together with a declared admissibility profile. The profile enumerates the operating environments in which the skill is applicable (geospatial cell classes, network postures, mission categories), the credentials the invoking operating unit must hold (issuer chain, freshness window, revocation state), the attestations the skill itself must currently carry (build provenance, signature chain, vulnerability disclosure status), and the jurisdictional authorities under which the skill may be invoked. The profile is signed by the skill publisher and counter-signed by the governing authority that admits the skill into the catalogue.

When an operating unit receives a request, the admissibility router does not first ask which skills are capable of executing the request. It first asks which skills are admissible at this moment, in this cell, under the current credentials of the requester, against the current attestation set the operating unit can present. The router evaluates each candidate skill's profile against the live context vector. Capability matching is performed only over the admissible subset. A skill that is capable but not admissible is structurally excluded from routing; a skill that is admissible but not capable is filtered downstream by ordinary capability matching. The composition is non-commutative: admissibility precedes capability, and the precedence is enforced by the architecture rather than by configuration.

Each routing decision is recorded as a lineage event. The record carries the triggering request hash, the context vector evaluated, the full set of skills considered, the admissibility outcome for each, the capability outcome for each admissible skill, the selected skill artifact identifier, and the signatures of the operating unit and the routing primitive. The record enters audit retention under the governance authority of the operating cell. A reviewer reconstructing a past decision recovers not only which skill ran, but which skills were excluded, on what admissibility ground, against what credential and attestation state.

The admissibility router itself is a credentialed primitive: it is published with a build provenance signature, a configuration manifest signed by the governing authority of the operating cell, and a runtime attestation that asserts the binary's integrity at routing time. The router's own attestations enter every lineage record it produces, so a reviewer auditing a routing decision audits not only the skill that ran but the router that selected it. This recursive credentialing closes a class of trust gaps in which a compromised router could systematically misroute requests while individual skill activations appeared, in isolation, to be properly admitted; the router's attestation is part of the evidence base against which the activation is later judged.

Context-vector construction is itself a primitive operation distinct from profile evaluation. The operating unit assembles the context vector from a set of context sources — geospatial fix from a credentialed positioning service, jurisdictional posture from the cell's governance feed, credential state from the operating unit's local credential store with freshness validated against the issuing authority, attestation set from the operating unit's attestation cache, mission posture from the unit's currently-active mission credential. Each source contributes a signed context fragment, and the assembled vector carries the union of source signatures. Profile evaluation against the assembled vector is a function of the vector and the profile alone; the evaluator does not consult external state, which is the property that makes admissibility verdicts deterministic and reproducible from the lineage record.

Operating Parameters

Admissibility profile evaluation is bounded in latency. Production deployments hold the per-request evaluation envelope below ten milliseconds for catalogues of up to several thousand skills by precomputing profile-context indices and caching credential validation results within their freshness windows. Profile freshness is parameterised: short-lived attestations (build provenance, vulnerability disclosure) drive cache invalidation when the attestation refreshes; long-lived attestations (jurisdictional admission) are validated on a slower cycle. Credential freshness is enforced at routing time, not at session establishment, so revocation propagates within the credential's stated freshness window.

The router accepts disputed profiles. When two governing authorities disagree about whether a skill is admissible in a contested cell, the router consults the dispute-resolution primitive, which yields either a resolved admissibility verdict, a refusal-to-route outcome, or a graduated-response routing outcome that selects a more conservative skill from the admissible set. The dispute mechanism is itself recorded in lineage. Byzantine-robust evaluation tolerates a bounded fraction of compromised authority signatures within each profile-counter-signature set, with the bound declared per skill class.

Audit retention parameters vary by operation class. Defence-class routing decisions retain for the period mandated by the governing defence authority; civilian critical-infrastructure routing decisions retain under the relevant sectoral regulator's schedule; commercial routing decisions retain for the period declared in the operating unit's published governance. Retention authority, retention duration, and access controls are themselves declared in the lineage record so that downstream auditors can determine, without out-of-band knowledge, who holds the record and under what access regime.

Throughput parameters bound the rate at which an operating unit may originate routing decisions, the rate at which a single skill artifact may be activated through routing within a declared interval, and the rate at which credentials may be presented for freshness re-validation. Rate envelopes serve two distinct purposes: they constrain the blast radius of a compromised operating unit or skill (an attacker who compromises the unit cannot exfiltrate work product faster than the envelope permits, and an attacker who substitutes a malicious skill artifact cannot drive activation faster than the catalogue's published rate), and they bound the load that the lineage retention infrastructure must absorb during peak operations. Envelope values are declared per skill class in the catalogue and per operating unit in the unit's deployment manifest, and the binding minimum of the two governs at runtime. Burst tolerance is parameterised separately from sustained rate, so that a unit with bursty operational tempo (for example, a sensor that emits clustered observations at fixed sampling intervals) need not be configured against the sustained envelope of a continuously-operating unit.

Failure-mode parameters declare the router's behaviour under specific evaluator failure conditions. A profile-evaluation timeout expires when the evaluator cannot complete admissibility evaluation within the bounded latency envelope; the routing decision then defaults to refusal-to-route with the timeout recorded in lineage. A credential-freshness lookup failure occurs when the credential issuance authority's revocation feed is unreachable; the router applies the cached freshness verdict if it remains within the freshness window, and refuses to route otherwise. A context-source unavailability occurs when one of the context-vector source primitives fails to produce a signed fragment; the router applies degraded-context routing if the missing source is non-essential to the active profile, and refuses to route if the source is essential. Each failure mode and its disposition is itself recorded in lineage with sufficient granularity to distinguish a refusal driven by absent admissibility from a refusal driven by infrastructural unavailability.

Alternative Embodiments

In one embodiment, admissibility profiles are expressed as declarative predicates over the context vector and evaluated by a profile interpreter co-located with the operating unit. In a second embodiment, profiles are compiled to executable evaluation modules and signed as part of the skill artifact, allowing more expressive admissibility logic at the cost of a heavier publication review. In a third embodiment, the admissibility evaluation is performed by a separate admissibility authority that returns signed admissibility verdicts to the operating unit, decoupling the policy authority from the operating unit's local trust base; this embodiment supports cross-organisational skill federation in which the operating unit need not directly trust the skill publisher.

Routing may be single-skill, in which the router selects exactly one admissible-and-capable skill, or composite, in which the router selects an ordered set of admissible skills to be invoked in sequence or in parallel and the final outcome reconciled. Composite routing is used where redundancy or corroboration is required, for instance in safety-critical actuation paths in which two independently-published skills must concur. The admissibility envelope of a composite is the intersection of the constituent envelopes; the lineage record carries the envelope intersection so that downstream audit need not recompute it.

Profile expression admits several variants: enumerated authorisation lists, attribute-based predicates, capability tokens with embedded admissibility constraints, and hybrid forms. The architecture is agnostic to the expression language so long as the evaluator is deterministic, signed, and version-bound. Skills may declare more than one profile (for instance, a more permissive profile for exercise environments and a stricter profile for live operations), and the active profile is selected by the operating unit's declared posture at request time.

In a further embodiment, the admissibility router caches verdicts for a bounded time interval keyed by the tuple of skill artifact identifier, profile version, and context-vector hash. Cached verdicts are accepted on subsequent requests whose context vector hashes identically and whose profile version remains in force; cache hits short-circuit profile evaluation but still produce a lineage record citing the cached verdict by content hash. Cache invalidation occurs on profile-version change, on credential revocation events that intersect the cached context, and on attestation refresh events that supersede a cached attestation. In a still further embodiment, admissibility evaluation is split into a fast path executed in-line on the operating unit and a slow path executed by a remote admissibility authority; the fast path applies a conservative subset of the profile derived by the slow path and signed by the operating unit's governing authority, with periodic reconciliation against the slow-path verdict and with discrepancy detection driving immediate fall-through to the slow path on subsequent requests. This split-evaluator embodiment is suited to operating units with tight latency budgets that cannot afford full profile evaluation on the request path but that retain access to a remote authority on a slower cycle.

Composition

Admissibility-driven routing composes with the wider mesh architecture along several axes. Cross-jurisdictional routing is supported because the profile's jurisdictional authority list is evaluated against the operating cell's jurisdictional state, allowing a request that crosses a cell boundary to re-evaluate admissibility without re-establishing the session. Byzantine-robust routing is supported because the profile-counter-signature set tolerates a bounded fraction of compromised authority signatures and falls through to dispute resolution when the bound is exceeded. Dispute mechanism integration is supported because every routing exclusion produces a lineage record that a disputing party can cite without out-of-band evidence.

The routing primitive composes with the skill publication primitive in that profile signatures are validated against the same authority graph that admits skills into the catalogue, removing a class of split-trust failures. It composes with the credential issuance primitive in that credential freshness is evaluated at routing time against the issuance authority's revocation feed. It composes with the lineage-recorded-provenance primitive in that the routing record is itself a lineage event subject to the same retention, access, and tamper-evidence guarantees as any other operation record.

Composition with mission-conditioned posture is supported through a posture-selector input on the context vector. A single skill may publish multiple admissibility profiles indexed by posture identifier; the operating unit's currently-declared posture selects the active profile, and a posture transition triggers a re-evaluation of any in-flight routing that has not yet committed to a skill activation. Composition with environmental probes is supported through context-vector entries that carry probe attestations: an environmental observation that a cell is degraded, contested, or denied propagates into the admissibility evaluation by selecting more conservative profiles, demoting permissive skills out of the admissible set, or triggering refusal-to-route outcomes when no skill is admissible at the current posture. Composition with deactivation events is supported through a deactivation-state input that, when asserted, narrows the admissible set to skills explicitly tagged as deactivation-safe.

Prior-Art Distinction

Prior skill-routing systems have routed on capability metadata, on declared intent, on cost or latency objectives, or on policy attached to the requester rather than to the skill. Capability routing answers can the skill do this, intent routing answers does the skill match the request, policy-on-requester routing answers may this requester invoke any skill of this class. None of these answer is this specific skill artifact admissible, in this specific operating context, under the present credential and attestation state, recorded in lineage with sufficient evidence to reconstruct the decision later.

The distinction is structural rather than configurational. A capability-routed system can be augmented with policy filters, but the policy filter sits beside capability matching and is therefore subject to bypass when the filter is misconfigured, omitted, or evaluated against stale state. The present architecture inverts the order: admissibility is evaluated first, the admissible set is the only set capability matching sees, and the inversion is a property of the routing primitive rather than of any deployment configuration. The lineage record of the inversion produces evidence that the inversion was applied, against which context, with what outcome.

A second distinction concerns the evidentiary footprint of an exclusion. In prior systems, when a request is denied or rerouted, the evidence base for the denial is typically a log message describing the policy that fired; the excluded alternatives are not enumerated, the context that drove the decision is not preserved in machine-checkable form, and reconstruction of the decision after the fact depends on retained operator notes. The present architecture records the full candidate set, the per-candidate admissibility verdict, and the signed context vector against which each verdict was rendered, producing an evidentiary footprint sufficient to reconstruct the decision deterministically from the record alone. This property is necessary for adversarial review: a party challenging an exclusion cites the record, and the operator defending the exclusion replays the evaluation against the recorded context vector, with no recourse to operator memory or out-of-band log fragments.

Disclosure Scope

The disclosure covers the admissibility-profile format, the composite admissibility evaluation primitive, the precedence of admissibility over capability in routing, the recording of routing decisions including excluded skills in lineage, and the dispute and byzantine-robust extensions to the routing primitive. Defence adaptation operations and civilian critical-infrastructure adaptation operations are within scope, as are commercial deployments that elect to operate under the architecture's governance regime. The scope contemplates routing evolution: as skill ecosystems mature and as new admissibility classes become relevant (for instance, environmental or supply-chain admissibility), profile schemas update through the architecture's governance procedures without breaking the recorded provenance of past decisions. The scope further extends to federated catalogues across multiple authorities, to mission-conditioned profile selection at request time, and to long-horizon retention of routing decisions sufficient to support forensic reconstruction of past skill activations under the credential and attestation state in force at the time of the activation.

The disclosure does not bind to any particular profile expression language, signature primitive, attestation scheme, or transport substrate, provided the structural invariants are preserved: that admissibility precedes capability in the routing decision, that the candidate set considered and the per-candidate verdict are recorded in lineage, that credential and attestation freshness are evaluated at routing time against the verdict, and that the routing primitive is itself a credentialed artifact whose attestation enters the lineage record it produces. Variants employing post-quantum signatures, hardware-anchored attestation, distributed-ledger lineage substrates, and hybrid centralised-federated catalogue topologies are within scope. Variants employing alternative latency or throughput envelopes, alternative cache and invalidation disciplines, and alternative dispute-resolution primitives are within scope. The scope further encompasses use of admissibility-driven routing as a substrate for downstream governance properties — corroboration constraints over admitted skill activations, dispute mechanisms over excluded candidates, revocation propagation through prior routing records — under the same composition discipline by which the routing primitive composes with the wider mesh.