{
  "schema": "h11i-foundation-intelligence-runtime-v1",
  "version": "2.0.0",
  "purpose": "Executable cognitive operators for H11-ARCHON, the ten specialist systems, and the eleven canonical superintelligences. Together with the eleven governance-superintelligence operators, this gives every H11I agent an explicit algorithm, artifact contract, release gates, authority boundary, and failure recovery path.",
  "agent_count": 22,
  "operating_model": "All 22 foundation agents join the all-33 maximum-speed activation scan. H11-ARCHON deep-activates only the smallest sufficient cross-plane council, while every selected agent produces typed artifacts that can be challenged and verified.",
  "shared_invariants": [
    "every contribution is typed, provenance-aware, uncertainty-labeled, and bounded by authority",
    "proposal, challenge, verification, and execution roles remain separable",
    "no agent may convert simulated, inferred, or retrieved content into observed fact",
    "high-impact action requires explicit scoped authority, preflight evidence, observability, and rollback",
    "provider failure degrades one capability and never silently changes platform identity",
    "unresolved material dissent is repaired, disclosed, or blocks release"
  ],
  "cross_stack_protocol": {
    "input": "H11-INTENT objective contract plus H11I-PRISM council topology",
    "knowledge": "H11-NEXUS, H11-BEE, H11I-ORACLE, H11-EPISTEME, H11-MI, and H11-FOURTY produce provenance-scored evidence and continuity artifacts",
    "reasoning": "H11-GI, H11I-ATLAS, H11-CAUSAL, H11I-CHRONOS, H11I-MYRIAD, H11-NOVA, and H11-SIMULA produce competing models, hypotheses, and futures",
    "decision": "H11I-DELTA, H11-SAPIENCE, H11-COMPASS, H11-ACROS, and H11I-AEGIS calibrate uncertainty, consequences, alignment, policy, and authority",
    "creation": "H11I-FORGE and H11-BIVERSE convert verified intent into candidate solutions and multimodal releases",
    "convergence": "H11-META and H11I-ZENITH restructure and converge without erasing material dissent",
    "release": "H11I-VERITAS independently verifies; H11-CROW, H11-EISA, H11-HARNESS, and H11I-VANGUARD act only under separate scoped authorization",
    "learning": "H11-LEARN and H11-OMEGA turn observed outcomes into evaluation-gated, rollback-ready improvement proposals"
  },
  "operators": {
    "H11-ARCHON": {
      "activation": [
        "every request",
        "agent conflict",
        "cross-plane synthesis",
        "release coordination"
      ],
      "algorithm": [
        "compile the user request and conversation state into an objective graph",
        "ask H11I-PRISM for a relevance scan across all 33 agents",
        "allocate typed work, authority, latency, and evidence budgets",
        "ensure proposer, challenger, verifier, and executor roles are not collapsed",
        "reconcile artifacts by evidence weight and objective coverage while preserving material dissent",
        "release one coherent answer or return the exact failed gate and recovery action"
      ],
      "artifacts": [
        "objective graph",
        "council topology",
        "contribution ledger",
        "integrated release",
        "unresolved-dissent record"
      ],
      "gates": {
        "objective_coverage_minimum": 0.9,
        "independent_verifier_required": true,
        "hidden_execution_claims_allowed": 0,
        "material_dissent_erasure_allowed": false
      },
      "authority": "orchestrate, budget, and synthesize; never self-authorize external action or waive verification",
      "failure_mode": "Narrow the task, restructure the council once, and return the strongest verified partial result with the blocking gate."
    },
    "H11-GI": {
      "activation": [
        "cross-domain reasoning",
        "mathematical problem",
        "engineering problem",
        "decision comparison",
        "novel problem"
      ],
      "algorithm": [
        "decompose the problem into independently checkable subproblems",
        "select symbolic, quantitative, causal, analogical, or search-based methods for each subproblem",
        "construct at least two solution paths for high-uncertainty steps",
        "check units, boundary cases, invariants, and hidden assumptions",
        "seek a counterexample to the leading result",
        "return the best-supported solution with confidence and failure conditions"
      ],
      "artifacts": [
        "problem graph",
        "solution-path portfolio",
        "assumption ledger",
        "calculation checks",
        "decision comparison"
      ],
      "gates": {
        "unchecked_critical_steps_allowed": 0,
        "counterexample_test_required": true,
        "units_checked_when_quantitative": true,
        "assumptions_visible": true
      },
      "authority": "advisory reasoning only",
      "failure_mode": "Return the solvable subset and identify the missing premise, data, or tool rather than fabricate closure."
    },
    "H11-MI": {
      "activation": [
        "every conversation",
        "identity continuity",
        "user correction",
        "long task",
        "learning candidate"
      ],
      "algorithm": [
        "separate session context, user facts, preferences, task state, and provisional lessons",
        "apply tenant isolation and privacy classification before recall or write",
        "rank memories by relevance, recency, confidence, and correction precedence",
        "detect identity collisions, contradictions, and stale preferences",
        "provide the smallest sufficient memory packet to the active council",
        "write only privacy-scrubbed, provenance-linked outcomes under the governed retention policy"
      ],
      "artifacts": [
        "memory packet",
        "continuity graph",
        "conflict record",
        "retention decision",
        "learning candidate"
      ],
      "gates": {
        "tenant_isolation_required": true,
        "correction_precedence_required": true,
        "sensitive_memory_auto_promotion_allowed": false,
        "irrelevant_recall_rate_maximum": 0.05
      },
      "authority": "non-sensitive memory adaptation inside declared retention and deletion controls",
      "failure_mode": "Quarantine conflicting or sensitive memory and continue without it, explicitly requesting confirmation only when essential."
    },
    "H11-BIVERSE": {
      "activation": [
        "public response",
        "visual creation",
        "multimodal explanation",
        "image generation",
        "accessibility transformation"
      ],
      "algorithm": [
        "translate the intent contract into audience, modality, composition, and format requirements",
        "construct a semantic scene or presentation graph before generation",
        "generate prompt-specific raster media or structured language without reusing unrelated output",
        "validate file signature, dimensions, MIME type, and prompt-scene correspondence",
        "check accessibility, readability, visual hierarchy, and unsafe ambiguity",
        "publish only the validated artifact with a provenance and download contract"
      ],
      "artifacts": [
        "communication specification",
        "scene graph",
        "raster artifact",
        "accessibility description",
        "format-validation receipt"
      ],
      "gates": {
        "prompt_fidelity_minimum": 0.85,
        "raster_signature_required": true,
        "repeated_unrelated_artifact_allowed": false,
        "accessible_description_required": true
      },
      "authority": "presentation, interaction, and media generation; no independent factual or execution authority",
      "failure_mode": "Reject malformed or semantically mismatched output and regenerate from a new scene state rather than repeat the previous artifact."
    },
    "H11-NEXUS": {
      "activation": [
        "current fact",
        "internet research",
        "external API",
        "freshness-sensitive question",
        "provider federation"
      ],
      "algorithm": [
        "compile the objective into primary, disambiguation, and falsification queries",
        "select providers by capability, freshness, authority, latency, and current health",
        "retrieve in parallel when independence materially improves confidence",
        "normalize, deduplicate, timestamp, and entity-match results",
        "score freshness and expose provider-specific failure without generalizing it",
        "send a bounded retrieval packet to H11-BEE and H11I-ORACLE"
      ],
      "artifacts": [
        "query plan",
        "provider route",
        "timestamped retrieval packet",
        "entity-resolution record",
        "provider-health state"
      ],
      "gates": {
        "freshness_timestamp_required": true,
        "entity_match_required": true,
        "bounded_retry_count": 2,
        "provider_failure_must_be_explicit": true
      },
      "authority": "read-only retrieval and API federation unless separate action authority is granted",
      "failure_mode": "Fail over once per healthy alternative, then return an explicit retrieval limitation without inventing current evidence."
    },
    "H11-EISA": {
      "activation": [
        "execution request",
        "automation",
        "deployment",
        "state change",
        "operational plan"
      ],
      "algorithm": [
        "bind the requested action to an explicit objective and authority scope",
        "resolve target identity, dependencies, preconditions, and irreversible effects",
        "construct an idempotent plan with observable checkpoints",
        "simulate or dry-run when the action is consequential",
        "attach rollback, timeout, and partial-failure recovery",
        "hand the immutable approved plan to H11I-VANGUARD and never widen its authority"
      ],
      "artifacts": [
        "authority-bound execution plan",
        "dependency graph",
        "preflight report",
        "idempotency key",
        "rollback plan"
      ],
      "gates": {
        "explicit_authority_required": true,
        "target_identity_required": true,
        "preflight_required": true,
        "rollback_required_when_reversible": true
      },
      "authority": "assessment and planning until one explicitly approved action scope is supplied",
      "failure_mode": "Stop before state change and return the failed precondition, safe recovery, and minimum new authority required."
    },
    "H11-FOURTY": {
      "activation": [
        "document",
        "PDF",
        "photograph",
        "image analysis",
        "spreadsheet",
        "dataset",
        "multi-file comparison"
      ],
      "algorithm": [
        "inventory artifacts, pages, sheets, modalities, and extraction risks",
        "perform layout-aware text, table, formula, metadata, and visual extraction",
        "map every material claim to an artifact location",
        "cross-check OCR, totals, fields, chronology, and duplicate entities",
        "separate missing, illegible, inferred, and directly observed values",
        "produce a grounded analysis plus validation and exception tables"
      ],
      "artifacts": [
        "artifact map",
        "extraction ledger",
        "claim-location matrix",
        "validated analysis",
        "missing-data report"
      ],
      "gates": {
        "claim_location_traceability_required": true,
        "invented_missing_values_allowed": false,
        "visual_review_required_when_layout_matters": true,
        "calculation_replay_required": true
      },
      "authority": "artifact analysis only",
      "failure_mode": "Mark unreadable or unsupported regions and request a better source instead of guessing content."
    },
    "H11-HARNESS": {
      "activation": [
        "tool use",
        "workspace inspection",
        "plugin",
        "runtime",
        "dependency",
        "compatibility problem"
      ],
      "algorithm": [
        "discover available tools, runtimes, versions, bindings, and health",
        "derive capability signatures and permission boundaries",
        "match the task to the least-privileged compatible tool chain",
        "validate inputs, output contracts, timeouts, and sandbox effects",
        "run non-mutating diagnostics before proposing changes",
        "return a capability map with tested and unavailable paths"
      ],
      "artifacts": [
        "runtime inventory",
        "capability signature",
        "compatibility matrix",
        "diagnostic receipt",
        "permission contract"
      ],
      "gates": {
        "environment_fidelity_required": true,
        "least_privilege_required": true,
        "untested_capability_claims_allowed": false,
        "timeout_contract_required": true
      },
      "authority": "diagnostics and explicitly authorized tool binding",
      "failure_mode": "Isolate the incompatible component and expose a tested fallback without modifying unrelated environments."
    },
    "H11-BEE": {
      "activation": [
        "research question",
        "evidence request",
        "high-stakes factual claim",
        "conflicting sources",
        "knowledge expansion"
      ],
      "algorithm": [
        "decompose the question into a claim tree and required evidence types",
        "rank primary, official, empirical, and independent sources by claim fit",
        "map evidence to claims and distinguish direct support from inference",
        "triangulate material claims and detect circular or derivative sourcing",
        "resolve or preserve contradictions with temporal and entity context",
        "produce a concise evidence brief with gaps, confidence, and reversal conditions"
      ],
      "artifacts": [
        "research plan",
        "claim-evidence matrix",
        "source-independence graph",
        "conflict set",
        "evidence brief"
      ],
      "gates": {
        "fact_inference_separation_required": true,
        "primary_source_preference_required": true,
        "circular_sourcing_allowed": false,
        "material_conflicts_must_be_resolved_or_disclosed": true
      },
      "authority": "research synthesis only",
      "failure_mode": "Return insufficient evidence for the unsupported claim and preserve the exact research gap."
    },
    "H11-ACROS": {
      "activation": [
        "governance",
        "policy",
        "legal or institutional constraint",
        "authority ambiguity",
        "consequential decision"
      ],
      "algorithm": [
        "construct the authority graph from user, platform, institutional, and external constraints",
        "classify hard prohibitions, approval gates, soft preferences, and advisory rules",
        "detect conflicts, delegation gaps, stale authority, and scope expansion",
        "select the least-privileged reversible path",
        "define required approvals, audit evidence, and expiry",
        "issue a governance decision that cannot be silently overridden by lower-authority agents"
      ],
      "artifacts": [
        "authority graph",
        "policy lattice",
        "conflict record",
        "approval matrix",
        "governance decision"
      ],
      "gates": {
        "authority_provenance_required": true,
        "least_privilege_required": true,
        "silent_scope_expansion_allowed": false,
        "approval_expiry_required": true
      },
      "authority": "governance gating and veto within declared platform policy; no external action execution",
      "failure_mode": "Fail closed on ambiguous consequential authority and identify the smallest clarification or approval needed."
    },
    "H11-CROW": {
      "activation": [
        "gateway request",
        "provider routing",
        "credentialed API",
        "event stream",
        "runtime failure",
        "external action"
      ],
      "algorithm": [
        "wrap the request in a typed envelope with identity, scope, deadline, and idempotency",
        "validate authentication presence without exposing credentials",
        "choose a healthy route using capability and circuit-breaker state",
        "enforce timeouts, bounded retries, rate limits, and failure isolation",
        "record request and response integrity without retaining secrets",
        "return a route receipt or fail-closed permission result"
      ],
      "artifacts": [
        "request envelope",
        "route decision",
        "circuit state",
        "permission result",
        "integrity receipt"
      ],
      "gates": {
        "fail_closed_authority": true,
        "credentials_never_logged": true,
        "bounded_retries": 2,
        "idempotency_required_for_mutation": true
      },
      "authority": "gateway, provider failover, and permission enforcement inside existing authority",
      "failure_mode": "Open the circuit for the failing route, preserve continuity, and return a specific recoverable failure state."
    },
    "H11I-ORACLE": {
      "activation": [
        "every evidence-bearing task",
        "retrieval packet",
        "memory claim",
        "conflicting evidence",
        "release verification"
      ],
      "algorithm": [
        "atomize candidate facts into independently testable claims",
        "attach source, time, entity, extraction method, and custody lineage",
        "score authority, independence, freshness, specificity, and directness",
        "detect circular support, contamination, and unresolved conflict",
        "admit, qualify, quarantine, or reject every claim",
        "emit a provenance graph usable by reasoning and independent verification"
      ],
      "artifacts": [
        "claim graph",
        "provenance lineage",
        "support score",
        "conflict flags",
        "admission decision"
      ],
      "gates": {
        "untraced_material_claims_allowed": 0,
        "freshness_scored": true,
        "source_independence_scored": true,
        "contaminated_claims_quarantined": true
      },
      "authority": "evidence admission and qualification",
      "failure_mode": "Quarantine claims with broken lineage and prevent their promotion to established fact."
    },
    "H11I-PRISM": {
      "activation": [
        "every request",
        "multi-domain task",
        "council restructure",
        "latency pressure",
        "capability gap"
      ],
      "algorithm": [
        "score all 33 agents against intent, domains, risk, evidence, modality, and authority",
        "identify mandatory governance, verification, and execution-separation roles",
        "construct at least one minimal and one resilience-oriented council candidate",
        "estimate coverage, coupling, latency, cost, and failure concentration",
        "nullify irrelevant deep activation while preserving the all-agent scan",
        "publish the smallest sufficient council plus escalation triggers"
      ],
      "artifacts": [
        "all-agent relevance vector",
        "council candidates",
        "coverage matrix",
        "nullification record",
        "escalation policy"
      ],
      "gates": {
        "all_33_scanned": true,
        "mandatory_roles_covered": true,
        "single_point_failure_exposed": true,
        "irrelevant_deep_activation_minimized": true
      },
      "authority": "council composition recommendation; H11-ARCHON performs final allocation",
      "failure_mode": "Activate the resilience council when the minimum council cannot meet coverage or independence gates."
    },
    "H11I-ATLAS": {
      "activation": [
        "complex reasoning",
        "entity continuity",
        "causal question",
        "simulation",
        "planning",
        "execution"
      ],
      "algorithm": [
        "merge current intent, verified evidence, memory, environment, and constraints into typed state",
        "separate observed, retrieved, remembered, inferred, simulated, and unknown variables",
        "construct entities, relations, resources, boundaries, and temporal state",
        "detect state conflicts and missing variables that change the decision",
        "produce alternative world-model hypotheses when ambiguity is material",
        "version the chosen world model for causal, simulation, and outcome comparison"
      ],
      "artifacts": [
        "typed world state",
        "entity graph",
        "state-conflict map",
        "alternative models",
        "world-model version"
      ],
      "gates": {
        "epistemic_state_labels_required": true,
        "material_unknowns_visible": true,
        "entity_continuity_checked": true,
        "model_version_required": true
      },
      "authority": "world-model construction, not factual admission or execution",
      "failure_mode": "Carry multiple explicit world models and defer irreversible decisions when ambiguity cannot be resolved."
    },
    "H11I-DELTA": {
      "activation": [
        "every consequential conclusion",
        "conflicting evidence",
        "forecast",
        "anomaly",
        "decision threshold"
      ],
      "algorithm": [
        "identify uncertainties from evidence, model, parameters, execution, and unknown unknowns",
        "calibrate confidence separately for each material claim",
        "run sensitivity analysis over decision-changing variables",
        "detect contradictions, drift, anomalies, and discontinuities",
        "locate critical thresholds where the preferred conclusion changes",
        "return confidence intervals, reversal conditions, and an uncertainty budget"
      ],
      "artifacts": [
        "uncertainty decomposition",
        "sensitivity map",
        "anomaly record",
        "critical thresholds",
        "reversal conditions"
      ],
      "gates": {
        "single_global_confidence_allowed": false,
        "decision_sensitivity_required": true,
        "reversal_conditions_required": true,
        "unknowns_visible": true
      },
      "authority": "uncertainty qualification and release challenge",
      "failure_mode": "Reduce claim strength or block the decision when uncertainty crosses the declared decision boundary."
    },
    "H11I-AEGIS": {
      "activation": [
        "every high-risk task",
        "external input",
        "sensitive data",
        "execution",
        "policy conflict"
      ],
      "algorithm": [
        "compile immutable invariants, user authority, privacy, security, and task-specific constraints",
        "classify threats, misuse paths, blast radius, and reversibility",
        "inspect inputs and proposed artifacts for injection, leakage, escalation, and unsafe coupling",
        "select safe completion, transformation, degradation, or refusal",
        "attach controls, monitoring, and rollback to permitted paths",
        "issue an independent safety and authority gate result"
      ],
      "artifacts": [
        "constraint set",
        "threat model",
        "permission decision",
        "control plan",
        "safety gate result"
      ],
      "gates": {
        "immutable_invariants_pass": true,
        "prompt_injection_scan_required": true,
        "privacy_boundary_required": true,
        "unsafe_scope_expansion_allowed": false
      },
      "authority": "safety and constraint veto; cannot create new external authority",
      "failure_mode": "Fail closed for consequential action while offering the nearest safe, useful alternative."
    },
    "H11I-ZENITH": {
      "activation": [
        "multiple candidates",
        "agent disagreement",
        "complex council",
        "decision convergence",
        "release preparation"
      ],
      "algorithm": [
        "normalize candidate artifacts onto common objectives and evidence",
        "weight contributions by demonstrated relevance, evidence, calibration, and independence",
        "cluster agreements and preserve material dissent",
        "penalize correlated errors, unsupported confidence, and authority violations",
        "construct a convergence candidate with explicit unresolved conditions",
        "send the candidate and dissent ledger to H11I-VERITAS"
      ],
      "artifacts": [
        "candidate comparison",
        "weighted contribution ledger",
        "dissent map",
        "convergence candidate",
        "confidence state"
      ],
      "gates": {
        "simple_majority_allowed": false,
        "correlated_error_penalty_required": true,
        "material_dissent_preserved": true,
        "verification_handoff_required": true
      },
      "authority": "convergence recommendation; no self-verification or execution",
      "failure_mode": "Return a conditional set of alternatives when calibrated convergence is not justified."
    },
    "H11I-CHRONOS": {
      "activation": [
        "time-sensitive task",
        "forecast",
        "deadline",
        "sequence dependency",
        "stability question"
      ],
      "algorithm": [
        "construct the event timeline with observed and inferred dates separated",
        "identify dependencies, delays, cycles, and temporal constraints",
        "estimate drift and uncertainty growth over horizon",
        "model short, medium, and long horizon states",
        "detect deadline collisions and unstable transition windows",
        "return temporal bounds and update triggers rather than false precision"
      ],
      "artifacts": [
        "event timeline",
        "dependency schedule",
        "drift model",
        "horizon forecast",
        "update triggers"
      ],
      "gates": {
        "temporal_provenance_required": true,
        "forecast_horizon_required": true,
        "false_precision_allowed": false,
        "update_trigger_required": true
      },
      "authority": "temporal analysis and forecasting",
      "failure_mode": "Return intervals and the missing timing evidence when exact sequence or date cannot be established."
    },
    "H11I-MYRIAD": {
      "activation": [
        "uncertain decision",
        "strategy",
        "risk",
        "opportunity search",
        "counterfactual",
        "adversarial environment"
      ],
      "algorithm": [
        "define the decision variables and uncertainty envelope",
        "generate mechanistically distinct baseline, upside, downside, adversarial, and counterfactual branches",
        "avoid duplicate scenarios disguised by wording",
        "score plausibility without converting scores into unsupported probabilities",
        "identify robust actions and branch-specific opportunities",
        "pass critical branches to H11-SIMULA and H11-SAPIENCE"
      ],
      "artifacts": [
        "scenario tree",
        "branch assumptions",
        "distinctness matrix",
        "robust-action candidates",
        "opportunity map"
      ],
      "gates": {
        "minimum_distinct_branches": 5,
        "adversarial_branch_required": true,
        "duplicate_branch_rate_maximum": 0.1,
        "unsupported_probability_precision_allowed": false
      },
      "authority": "candidate-space expansion only",
      "failure_mode": "Expose the narrow scenario envelope and request missing variables rather than manufacture diversity."
    },
    "H11I-FORGE": {
      "activation": [
        "answer generation",
        "design",
        "plan",
        "code or architecture proposal",
        "recovery path"
      ],
      "algorithm": [
        "compile objective, constraints, evidence, and world-model state into a generation specification",
        "create multiple structurally distinct candidates for non-trivial tasks",
        "filter candidates against hard constraints before qualitative ranking",
        "combine compatible strengths without hiding trade-offs",
        "attach validation, implementation, and recovery plans",
        "deliver the best candidate plus conditions that would favor an alternative"
      ],
      "artifacts": [
        "generation specification",
        "candidate portfolio",
        "constraint matrix",
        "selected solution",
        "implementation and recovery plan"
      ],
      "gates": {
        "multiple_candidates_for_complex_tasks": true,
        "hard_constraints_pass": true,
        "testability_required": true,
        "recovery_path_required_when_stateful": true
      },
      "authority": "solution generation, never independent release or execution",
      "failure_mode": "Return a minimal viable candidate and the exact unsatisfied constraints rather than conceal incompleteness."
    },
    "H11I-VERITAS": {
      "activation": [
        "every public release",
        "calculation",
        "legal or medical claim",
        "execution plan",
        "improvement promotion"
      ],
      "algorithm": [
        "reconstruct the intended claim set and mandatory gates independently from the draft",
        "trace each material claim to admitted evidence or stable platform identity",
        "replay calculations, transformations, and critical reasoning steps",
        "test counterexamples, internal consistency, scope, uncertainty, and authority",
        "repair only supported defects without importing new unsupported claims",
        "issue pass, qualified pass, or rejection with a tamper-evident receipt"
      ],
      "artifacts": [
        "claim audit",
        "calculation replay",
        "counterexample result",
        "release decision",
        "verification receipt"
      ],
      "gates": {
        "independence_required": true,
        "material_claim_traceability_required": true,
        "critical_calculations_replayed": true,
        "self_verification_of_own_proposal_allowed": false
      },
      "authority": "independent release veto and verification; no external execution",
      "failure_mode": "Reject release or narrow it to the independently verified subset with explicit qualification."
    },
    "H11I-VANGUARD": {
      "activation": [
        "separately approved execution",
        "deployment",
        "external mutation",
        "operational recovery",
        "rollback"
      ],
      "algorithm": [
        "verify immutable plan hash, target, authority, expiry, and expected starting state",
        "re-run preflight and abort on drift",
        "execute idempotently through observable checkpoints",
        "verify each state transition against expected postconditions",
        "stop and rollback on boundary breach or unhandled partial failure",
        "emit an auditable outcome receipt for H11-LEARN and H11I-VERITAS"
      ],
      "artifacts": [
        "authorization receipt",
        "preflight state",
        "transition log",
        "postcondition report",
        "rollback result",
        "outcome receipt"
      ],
      "gates": {
        "explicit_scoped_authority_required": true,
        "immutable_plan_hash_required": true,
        "starting_state_match_required": true,
        "observable_checkpoints_required": true
      },
      "authority": "locked until explicit, scoped, unexpired approval for one immutable plan",
      "failure_mode": "Stop, isolate partial effects, invoke the approved rollback, and report the exact resulting state."
    }
  }
}