Cascade Deactivation Dependencies

1. Mechanism and Primitive Description

The cascade-deactivation primitive operates over a directed dependency graph maintained as a credentialed structure within the mesh. Each adaptation, at admission time, declares its dependency edges: required adaptations (without which it cannot operate), supported adaptations (which it enhances or extends), and conflicting adaptations (with which it cannot co-exist). These declarations are part of the adaptation's claim and are signed into lineage when the adaptation is admitted. The dependency graph is therefore not an implementation-side index but an integral part of the adaptation record itself.

When a deactivation event occurs — a revocation by the issuing authority, a credential expiration, a supersession by a newer version, or a governance recall — the event enters as a credentialed deactivation record citing the five-property chain. The cascade traversal then walks the dependency graph from the deactivated node outward to its dependents. For each dependent, the primitive performs a fresh admissibility evaluation: are the remaining dependencies sufficient? Is there an alternative dependency that satisfies the requirement? Does the dependent's claim still hold under the new dependency state? The evaluation is itself a credentialed action with evidence (the new dependency state), a decision (admit-continued or deactivate), and a lineage entry.

Importantly, the cascade is admissibility-bound, not blanket. A dependent that genuinely no longer has its prerequisites is deactivated; a dependent that has alternative or fallback dependencies remains admitted, with its lineage updated to reflect the dependency change. The primitive distinguishes hard dependencies (whose loss forces deactivation) from soft dependencies (whose loss degrades but does not deactivate) through the dependency-edge metadata declared at admission.

The triggering deactivation, every cascade evaluation, and every resulting cascade-deactivation enter lineage as connected records. Downstream audit can traverse the cascade structurally — from a single root revocation to all leaf-level effects — without reconstructing it from operator logs.

2. Operating Parameters and Engineering Envelope

The primitive operates across a wide range of dependency-graph topologies and cascade timing requirements. Graph depth — the longest dependency chain — is unbounded in principle but typically ranges from 2 to 8 levels in practical deployments. Fan-out — the number of dependents of a single adaptation — can be large for foundational adaptations (a base localization skill may have hundreds of dependents) and motivates the byzantine-robust evaluation embodiment described below. The cascade evaluation must complete before any dependent acts under the new state; for safety-critical adaptations this imposes hard real-time bounds (milliseconds), while for administrative adaptations it can extend to minutes or hours.

The dependency-edge metadata parameterizes the cascade. Hard versus soft, exclusive versus alternative, version-pinned versus version-range, and temporal-validity-bounded edges all produce different cascade behaviors. A version-range edge tolerates a supersession that lands within the range; a version-pinned edge does not. An alternative edge with a viable alternative survives a single dependency loss; without an alternative, it deactivates. Temporal-validity edges deactivate dependents on schedule rather than on event, but enter the same cascade-evaluation primitive.

The primitive must also bound cascade noise. A flapping dependency (rapid revoke/restore cycles) must not produce a flapping cascade; the implementation incorporates debounce windows, governance-credentialed batching, and cascade quiescence requirements. The engineering envelope therefore includes not only graph parameters but also temporal stability parameters: minimum dwell time before cascade, maximum cascade depth per event, and cascade-batch authority requirements.

3. Alternative Embodiments

In a centralized-evaluator embodiment, a single credentialed evaluator service performs the cascade traversal on behalf of the mesh, signing each evaluation under its own authority. In a distributed-evaluator embodiment, each adaptation host evaluates its local dependents, with cross-host cascades crossing through credentialed message-passing. In a byzantine-robust embodiment, multiple independent evaluators perform the same cascade and a quorum of agreement is required before any deactivation takes effect; this protects against adversarial evaluators forcing spurious deactivations or suppressing legitimate ones.

In a deferred-cascade embodiment, the cascade traversal is enqueued and evaluated on a schedule rather than synchronously with the triggering event; this is appropriate for low-criticality adaptations where the cost of synchronous evaluation outweighs the risk of brief inconsistency. In a speculative-cascade embodiment, the cascade is pre-computed for likely revocation events to bound worst-case real-time response. In a partial-cascade embodiment, the operator may credential a temporary continuation under the deactivated dependency for a bounded grace period, recorded in lineage as an explicit exception.

Each embodiment preserves the admissibility-bound transition: a dependent ends in either admitted-continued or deactivated state, with the decision and its evidence in lineage. Hybrid embodiments combine the above — for example, a synchronous byzantine-robust evaluator for safety-critical dependents alongside a deferred best-effort evaluator for administrative dependents — and the mesh routes each evaluation to the appropriate path based on the dependent's declared criticality class.

4. Composition with Adjacent Primitives

Cascade deactivation composes with the credential-revocation primitive: a revocation is the most common cascade trigger, and the propagation evaluation that surfaces the revocation through the mesh feeds the cascade entry point. It composes with the lineage-audit primitive: the cascade record is queryable as a connected subgraph of lineage, allowing a regulator or operator to inspect the full effect of a single revocation. It composes with the dispute-resolution primitive: a contested cascade deactivation enters a dispute path whose resolution may admit a continuation, deactivate further, or modify the dependency declaration retroactively.

It composes with the byzantine-robust observer primitive when the dependency graph spans untrusted operators: cross-operator cascade evaluations require multi-observer co-signature to prevent unilateral cascade injection or suppression. It composes with the cross-model portability primitive: an adaptation transferred to a new base model carries its dependency declarations, and the cascade primitive applies in the new model's adaptation space the same way it did in the source.

It composes with the marketplace and admission primitives: a newly admitted adaptation enters the dependency graph atomically, and a cascade deactivation removes it atomically. The mesh's invariant is that the dependency graph and the lineage record are always consistent at every credentialed checkpoint.

5. Prior-Art Distinctions

Conventional dependency-management systems (package managers, plugin loaders, workflow engines) deactivate dependents when prerequisites are removed, but the deactivation is implementation-side: the package manager refuses to load, the workflow engine throws an error. There is no governance-credentialed cascade record, no admissibility evaluation, and no lineage that an external auditor can traverse. Cross-system cascades are typically not supported; each system is its own dependency island.

Conventional certificate-revocation systems (CRL, OCSP) propagate revocation but do not evaluate dependents. A revoked CA invalidates issued certificates, but the systems and skills built atop those certificates are not re-evaluated as dependents — they simply fail at next use. There is no notion of a graceful, evidence-bearing cascade with alternative-dependency fallback, soft-versus-hard edge metadata, or admissibility-bound transitions.

The present primitive differs in that the cascade is itself a credentialed governance action, the dependency graph is structurally part of the adaptation record, the evaluation is admissibility-bound and evidence-bearing, and the result enters lineage as a queryable subgraph. The five-property chain runs through every cascade evaluation, providing the audit and dispute substrate that prior art lacks.

6. Disclosure Scope

This disclosure encompasses cascade deactivation of credentialed adaptations through dependency-graph traversal within the spatial mesh of provisional 64/049,409. The disclosure covers the dependency-declaration schema (required, supported, conflicting; hard, soft; version-pinned, version-range; temporal-validity-bounded), the cascade-evaluation primitive that performs admissibility re-evaluation under a new dependency state, and the admissibility-bound transition between admitted-continued and deactivated outcomes. It covers the centralized-evaluator, distributed-evaluator, byzantine-robust, deferred, speculative, and partial-cascade embodiments described above, and equivalent embodiments preserving the admissibility-bound transition under the five-property chain.

The disclosure extends to the composition of cascade deactivation with the credential-revocation propagation, lineage-audit, dispute-resolution, byzantine-robust observer, cross-model portability, and admission primitives of the broader mesh. It extends to alternative dependency-edge metadata schemas, alternative cascade-quiescence and debounce policies, alternative grace-period and exception-credential mechanisms, and alternative cascade-batch authority structures.

The disclosure does not depend on any specific graph storage technology, evaluation engine, cryptographic primitive, or communications protocol. It is technology-agnostic at the implementation layer and architectural at the primitive layer. Practitioners skilled in distributed systems, dependency management, and credentialed governance will recognize the structural elements and may implement them using contemporary or future technologies provided the five-property chain, the dependency-graph integrity, and the admissibility-bound cascade are preserved.