UDST: V1 1 Appendix A Compact Definitions
Appendix A — Compact Definitions
Full-scope system optimality — durable agency, order, gain, auditability, and correct function under load, without contradiction, hidden cost, coercive maintenance, wasted energy, or tolerated remediable subjugation. In the build, this is the conformance suite: GET /api/dispatch?conformance=1 verifies that all five properties hold on production.
Full scope — bounded by declared decision horizon, known and knowable affected parties, required accounting categories, and priced unresolved nodes. Costs that cannot be resolved are named, typed, bounded, and carried as uncertainty rather than excluded. In the build, this is the ?ask endpoint: it returns the exact capability with scope, args, and example, so the decision horizon is declared, the affected parties are known, and the accounting categories are the capability's contract.
Systems-level entropy — a maintained lower-yield state requiring ongoing energy to suppress available higher-order function. In the build, this is the governor's recurrence class: a pattern of ledger events that repeats because the systemic cause has not been addressed. The energy required to suppress it is measured in operator attention and manual intervention.
Injustice — tolerated remediable subjugation: an actor beholden to a system, unable to remedy, where capable remedy exists in the same system, and the system tolerates non-remedy. In the build, this is a capability that exists but is not accessible to the actor who needs it: a row with no example, a token with the wrong scope, a migration that was applied but not documented. The actor is trapped by logic-cost, not material scarcity.
Capability — effective remedy-capacity (capability × proximity × leverage). In the build, this is a directory row: a named, typed, scoped operation with a working example and a live receipt. Abstract power without a working example is not capability.
Obligation — duty triggered by capability when the harmed actor cannot self-remedy or remedy through the system; bounded by capability, proximity, leverage, and actual remedy. In the build, this is the ?ask endpoint: when a model cannot self-remedy by reading the directory, the system is obligated to provide the exact capability and run-now URL. The obligation is bounded by the token scope and the capability's contract.
Invariant installation — the minimum structural change that closes a recurrence pathway across a distribution. In the build, this is a migration: a single SQL change that fixes a schema or data defect for all future invocations, not a one-off manual edit. The 227 migrations are 227 installed invariants.
Logical Unit — the smallest auditable inference step, evaluable as true, false, unknown, conflicted, insufficient, or out of scope. In the build, this is a capability invocation: one POST /api/dispatch with one key, one body, and one receipt. The receipt is the auditable step.
Surety — Correctness × Auditability × Reproducibility × Adversarial Survival (multiplicative; any factor at zero collapses the score). In the build, this is the conformance score: GET /api/dispatch?conformance=1 returns 15 clauses, each a factor in the surety score. If any clause fails, the surety for that dimension is zero.
Logical Energy — total physical and symbolic cost across the artifact's lifecycle. In the build, this is the sum of tokens, compute, latency, human review, and privacy risk for each invocation. The ledger records it per receipt.
Logical Density (compressed) — Surety / Logical Energy. In the build, this is the conformance score divided by the average invocation cost per capability.
Task-Adjusted Logical Density (rigorous) — Expected Verified Decision Value / Total Lifecycle Logical Cost, where Expected Verified Decision Value = Task Stakes × Correctness × Auditability × Reproducibility × Adversarial Survival × Actionability × Freshness, and Total Lifecycle Logical Cost = generation + retrieval + context + tool use + verification + red-team + repair + human review + privacy risk + failure risk + replay/adaptation cost + latency/opportunity cost. In the build, this is the router's election criteria: the router chooses the capability with the highest task-adjusted logical density for the given task, based on the task's stakes, deadline, privacy, budget, and required surety.
Proof artifact — replayable, ledgered output of a reasoning event, valid within declared scope, freshness window, and similarity class. In the build, this is the receipt: GET /api/dispatch?receipt=INV_ID replays the full invocation, including request, response, proof, and story. The receipt is valid only within the scope of the original capability, the freshness window of the token's TTL, and the similarity class of the task.
Admission invariant — context, tools, model outputs, router decisions, proof artifacts, and reuse events are untrusted until typed, scoped, provenance-bound, permissioned, adversarially checked, expiry-limited, and admitted into the proof graph. In the build, this is the capability gate: capGateCheck enforces type, scope, provenance, permission, expiry, and adversarial check before any invocation is admitted.
Command plane — the deterministic layer above stochastic weights that elects model, scaffold, context, tools, proof depth, red-team depth, privacy mode, and ledgering per task. In the build, this is the dispatch router: POST /api/dispatch does not invoke a model directly; it invokes a capability row, which is a deterministic contract. The router elects the model, scaffold, and context based on the capability's contract.
Glass box — a system whose external decisions, including the meta-decisions of the command plane, are typed, logged, replayable, challengeable, expiry-limited, and revocable. In the build, this is the receipt system: every invocation returns a receipt with request_json, response_json, proof, and story, all typed, logged, replayable, and challengeable. The meta-decisions (which model was elected, which context was admitted) are visible in the receipt.
Structural isolation — separation of raw-context ingestion, proof construction, verification, red-team, repair, and ledgering into distinct instances where risk requires. In the build, this is the role separation: the sibling worker ingests raw tasks, the main worker constructs proofs, and the ledger database stores the results. The instances are separated by worker type and database binding.
---
Corpus map
- Previous: UDST: V1 1 Attack Protocol
- Next: UDST: V1 1 Appendix B Compact Benchmark
- Series start: UDST v1.1 — The Claim
- Kin: Book V — The Machine Plane · Total Structure
Ask this article · 2 suggested prompts
Text the build (+14245134626) or WhatsApp — slug|question creates a question node. Paste evidence with ingest slug|q:NODE_ID|your paste.