Public prior art. This repository publishes an enabling, dated technical disclosure of a mechanism for safely multiplexing one AI agent runtime across trust tiers, provider wire-shapes, and a registry-fail-closed tool surface with synthetic browser-UUID identity. Its purpose is defensive: to place the mechanism in the public domain of prior art so that no party may obtain an exclusive patent over it.
Author: Gustavo Assuncao, PhD · Publisher: Gus IT LLC (Florida, USA) · Date: 2026-07-03 · Version: 1.0
Production AI agent runtimes increasingly serve several audiences at once — authenticated engineers, authenticated business users, and fully anonymous website visitors. This disclosure describes a single runtime whose entire security posture for a turn is derived from one declarative scope contract object, one per audience. The contract binds:
- Trust tier / auth mode — require a session principal, or run unauthenticated.
- Identity source — a session user, or a synthetic principal fabricated from a browser UUID (a
syntheticflag short-circuits datastore lookups while satisfying RBAC/audit interfaces). - Tool policy — including a registry-only, fail-closed policy: tools resolve only through a central gatekeeper registry keyed by scope, returning the empty set if the registry is absent, so code drift cannot widen the surface.
- Model set + provider wire-shape — virtual model ids resolved at the edge; one tool loop drives either the Anthropic content-blocks shape or the OpenAI/vLLM
tool_callsshape. - Budgets — tier-differentiated iteration caps, per-tool timeouts, dual-key (IP + browser UUID) rate limits.
- Bot gate — a challenge required on the first turn, unconditionally.
The novelty: no framework derives trust tier, identity synthesis, provider wire-shape, budgets, and a registry-only tool allowlist from a single declarative scope object, and no framework elevates the registry chokepoint to a stated tamper-evidence invariant. See DEFENSIVE-PUBLICATION.md.
The mechanism is simple to reinvent and valuable enough to attract a patent filing. Publishing an enabling and dated description establishes public prior art, barring others from claiming exclusivity over the disclosed combination. This is a deliberate, standard defensive-publication move.
| Path | What it is |
|---|---|
DEFENSIVE-PUBLICATION.md |
The full ~5,000-word disclosure: problem, mechanism, data model, worked example, prior-art delta, one independent + 16 dependent claims, appendices. |
docs/FIGURES.md |
Five annotated mermaid diagrams. |
docs/PRIOR-ART.md |
Cited references, a delta table, and the honest novelty nub. |
docs/OPEN-SOURCE-APP.md |
How the mechanism maps to a runnable app + an AKS-style deployment sketch. |
src/ |
Clean-room, dependency-free, offline-runnable Node.js (ESM) reference implementation. |
src/README.md |
Reference-code notice + a files table. |
The reference is dependency-free and uses injectable provider stubs — no real model providers, endpoints, or credentials.
cd src
node example.jsYou will see the same runtime serve (a) an anonymous browser-UUID visitor over the OpenAI/vLLM wire-shape with a fail-closed, registry-resolved tool set, and (b) an authenticated engineer over the Anthropic content-blocks wire-shape — with no runtime code branching on audience, only different contracts. The demo also shows the surface failing closed to zero tools when the registry is withheld.
- Disclosed: the mechanism — the declarative scope contract; identity synthesis via a synthetic principal; the registry-fail-closed tool surface as a tamper-evidence invariant; the contract-selected dual wire-shape loop; edge-resolved virtual model ids; tier-differentiated budgets.
- Not disclosed / withheld: empirically-tuned constants (iteration caps, per-tool timeouts, truncation bounds, rate-limit numbers, cache TTLs) appear as
[WITHHELD — trade secret]in the disclosure and as clearly-labeled illustrative defaults in code. No secrets, keys, tokens, or proprietary source are included.
Dual-licensed.
- Open source: AGPL-3.0-or-later. Network use is distribution — deploying a modified version obligates you to offer the corresponding source under the AGPL.
- Commercial: for use without AGPL obligations, a commercial license is available from Gus IT LLC. Contact gus@gusit.de.
The prose disclosure (DEFENSIVE-PUBLICATION.md and docs/) is released as public prior art; you may read, cite, and redistribute it to establish prior art. The reference code in src/ is licensed as above.
Assuncao, G. (2026). Declarative Scope Contracts Multiplexing One Agent Runtime Across Trust Tiers, Provider Wire-Shapes, and a Registry-Fail-Closed Tool Surface with Synthetic Browser-UUID Identity. Defensive Publication v1.0, Gus IT LLC. 2026-07-03.
© 2026 Gus IT LLC (Florida, USA). Disclosure released as public prior art; reference code dual-licensed AGPL-3.0-or-later + commercial.