Skip to content

gusitllc/declarative-scope-contract-agent-runtime

Repository files navigation

Declarative Scope Contracts for a Multi-Tier Agent Runtime — Defensive Publication

Public prior art. This repository publishes an enabling, dated technical disclosure of a mechanism for safely multiplexing one AI agent runtime across trust tiers, provider wire-shapes, and a registry-fail-closed tool surface with synthetic browser-UUID identity. Its purpose is defensive: to place the mechanism in the public domain of prior art so that no party may obtain an exclusive patent over it.

Author: Gustavo Assuncao, PhD · Publisher: Gus IT LLC (Florida, USA) · Date: 2026-07-03 · Version: 1.0


What this is

Production AI agent runtimes increasingly serve several audiences at once — authenticated engineers, authenticated business users, and fully anonymous website visitors. This disclosure describes a single runtime whose entire security posture for a turn is derived from one declarative scope contract object, one per audience. The contract binds:

  • Trust tier / auth mode — require a session principal, or run unauthenticated.
  • Identity source — a session user, or a synthetic principal fabricated from a browser UUID (a synthetic flag short-circuits datastore lookups while satisfying RBAC/audit interfaces).
  • Tool policy — including a registry-only, fail-closed policy: tools resolve only through a central gatekeeper registry keyed by scope, returning the empty set if the registry is absent, so code drift cannot widen the surface.
  • Model set + provider wire-shape — virtual model ids resolved at the edge; one tool loop drives either the Anthropic content-blocks shape or the OpenAI/vLLM tool_calls shape.
  • Budgets — tier-differentiated iteration caps, per-tool timeouts, dual-key (IP + browser UUID) rate limits.
  • Bot gate — a challenge required on the first turn, unconditionally.

The novelty: no framework derives trust tier, identity synthesis, provider wire-shape, budgets, and a registry-only tool allowlist from a single declarative scope object, and no framework elevates the registry chokepoint to a stated tamper-evidence invariant. See DEFENSIVE-PUBLICATION.md.

Why publish it (defensive intent)

The mechanism is simple to reinvent and valuable enough to attract a patent filing. Publishing an enabling and dated description establishes public prior art, barring others from claiming exclusivity over the disclosed combination. This is a deliberate, standard defensive-publication move.

Repository contents

Path What it is
DEFENSIVE-PUBLICATION.md The full ~5,000-word disclosure: problem, mechanism, data model, worked example, prior-art delta, one independent + 16 dependent claims, appendices.
docs/FIGURES.md Five annotated mermaid diagrams.
docs/PRIOR-ART.md Cited references, a delta table, and the honest novelty nub.
docs/OPEN-SOURCE-APP.md How the mechanism maps to a runnable app + an AKS-style deployment sketch.
src/ Clean-room, dependency-free, offline-runnable Node.js (ESM) reference implementation.
src/README.md Reference-code notice + a files table.

Run the reference

The reference is dependency-free and uses injectable provider stubs — no real model providers, endpoints, or credentials.

cd src
node example.js

You will see the same runtime serve (a) an anonymous browser-UUID visitor over the OpenAI/vLLM wire-shape with a fail-closed, registry-resolved tool set, and (b) an authenticated engineer over the Anthropic content-blocks wire-shape — with no runtime code branching on audience, only different contracts. The demo also shows the surface failing closed to zero tools when the registry is withheld.

Scope of the disclosure

  • Disclosed: the mechanism — the declarative scope contract; identity synthesis via a synthetic principal; the registry-fail-closed tool surface as a tamper-evidence invariant; the contract-selected dual wire-shape loop; edge-resolved virtual model ids; tier-differentiated budgets.
  • Not disclosed / withheld: empirically-tuned constants (iteration caps, per-tool timeouts, truncation bounds, rate-limit numbers, cache TTLs) appear as [WITHHELD — trade secret] in the disclosure and as clearly-labeled illustrative defaults in code. No secrets, keys, tokens, or proprietary source are included.

License

Dual-licensed.

  • Open source: AGPL-3.0-or-later. Network use is distribution — deploying a modified version obligates you to offer the corresponding source under the AGPL.
  • Commercial: for use without AGPL obligations, a commercial license is available from Gus IT LLC. Contact gus@gusit.de.

The prose disclosure (DEFENSIVE-PUBLICATION.md and docs/) is released as public prior art; you may read, cite, and redistribute it to establish prior art. The reference code in src/ is licensed as above.

Citation

Assuncao, G. (2026). Declarative Scope Contracts Multiplexing One Agent Runtime Across Trust Tiers, Provider Wire-Shapes, and a Registry-Fail-Closed Tool Surface with Synthetic Browser-UUID Identity. Defensive Publication v1.0, Gus IT LLC. 2026-07-03.


© 2026 Gus IT LLC (Florida, USA). Disclosure released as public prior art; reference code dual-licensed AGPL-3.0-or-later + commercial.

About

A single declarative scope object binds auth mode, synthetic browser-UUID identity, a registry-only tool allowlist, provider wire-shape, virtual model ids, and per-tier budgets — turning trust-tier safety into a data invariant rather than scattered c

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors