The custody stack
One discipline, several organs: typed custody between observation, interpretation, authority, action, memory, and refusal. The map below is the system's actual architecture — the edges are the product.
Conversions — what must be earned, not assumed
An observation becomes a claim only through preflight that preserves its evidence.
A claim becomes a premise only if it is admissible — policy engines decide over claims; custody decides whether those claims may become premises.
Standing observed is not standing spendable — the gap between check and exercise is measured on a typed clock basis, and a lapse refuses the spend.
Drill, replay, and synthetic runs demonstrate structure; they cannot confer operational effect.
A verdict enters the evidence plane as a receipted claim, not a log line.
An authorized action still refuses without spendable capacity.
Logs are self-report until sealed.
A lapsed grant must reach everyone currently relying on it, with delivery accounted.
Organs — what each handles, and what it refuses
nqoperational
- handles
- observation→claim preflight for operational systems
- refuses
- assertion that abandons its evidence
- proof
- SQL-interrogable evidence store; every claim traceable to its observation
wicketoperational
- handles
- admissibility preflight for agentic intents
- refuses
- intents from revoked or out-of-scope actors
- proof
- spec harness; typed preflight verdicts
standingoperational
- handles
- standing and entitlement observation
- refuses
- attesting standing it cannot verify
- proof
- standing receipts with observation age
nightshiftoperational
- handles
- deferred governed work
- refuses
- completion claims without reconciliation
- proof
- work receipts; reconciliation trail
agent_governorresearch
- handles
- write-blocking action gating for AI agents: typed claims in, receipts out
- refuses
- writes without verified proposals; spends past the standing horizon; demonstrated evidence conferring operational effect
- proof
- golden refusal corpus; content-addressed gate receipts; Lean class-boundary theorems
- receipt
dda5a1e5…— the temporal-lapse refusal: standing valid at check, void at spend, gap on a named monotonic basis. Reproduce:demo/refused-spend.sh
continuityoperational
- handles
- governed state persistence across sessions
- refuses
- state mutation without a receipt
- proof
- hash-chained receipts
verifierresearch
- handles
- formal constraint admissibility (Z3 sidecar)
- refuses
- proposals that violate declared constraints — specimen: the stale-standing denial
- proof
examples/stale-standing-denied.json+ golden output pinned to the README
Projects
A working surface for claims, witnesses, coverage, consequence, refusal, and receipts.
Operational
In daily use. Local-first, evidence-preserving, ops-shaped.
nq
Claim preflight for operational systems. Separates observation from assertion, preserves evidence, interrogate with SQL. One binary, zero infrastructure.
nightshift
Deferred governed work with receipts and reconciliation.
wicket
Admissibility preflight kernel for agentic operations.
standing
Standing and entitlement observability.
Governance kernels & substrate
Standalone components that compose into the governance stack.
wicket-guard
Preflight for AI-agent-authored diffs. Cooks authority-bearing surface mutations into Wicket intents.
agent_governor
Research substrate for governed agent work.
continuity
Governed state persistence with hash-chained receipts.
verifier
Formal admissibility sidecar using Z3.
ATProto / Bluesky
Transparency, monitoring, and moderation tooling for the AT Protocol.
rpp
Receipts and reviewability overlay for ATProto.
atproto-labelwatch
Monitor labeling activity across the network, flag integrity-risk patterns. Live →
atproto-driftwatch
Track how claims propagate and mutate. A labeler that doesn't emit labels.
atproto-labeler
Custom labeling service with governed drift detection.
atproto-feeds
Source-first signal desk. Structural feed ranking that rewards originality over engagement. Live →
atproto-archive
Personal corpus archiver into JSONL and plaintext.
atproto-stats
Follow noise analyzer. Interaction density, posting cadence, graph statistics.
Other
grid-dependency-atlas
Interactive map of communities exposed to infrastructure decisions made outside their control. Explore →
Research
Selected papers and preprints — full list in the papers repo.
Temporal Coherence & Δt Theory
Selected claims from this series are formally audited in Lean — see unpingable/lean (proof reader’s portal).
- Δt-Constrained Inference: A General Model of Temporal Coherence in Hierarchical Systems
- Detecting Temporal Debt in Language Models and Software Systems
- Temporal Closure Requirements for Synthetic Coherence
- You Need More Than Just Attention: Invariant Requirements for Temporal Coherence in AI Systems
- The Temporal Attack Surface: A Δt Framework for Asynchronous Security Systems
- Temporal Asymmetry in Censorship Systems
- The Gain Geometry of Temporal Mismatch: Shear, Leverage, and Capture in Multi-Timescale Systems
Systems & Institutional Dynamics
- Control Laws for Hierarchical Kinetics: Design Principles for Multi-Timescale Systems
- The Coherence Criterion: A Unified Framework for Stability in Hierarchical Systems
- The Second Law of Organizations: How Temporal Lag Drives Irreversible Institutional Decay
- Capacity-Constrained Stability: A Control-Theoretic Framework for Institutional Resilience
- Cybernetic Fault Domains: When Commitment Outruns Verification