How We Build

No single owner, vendor, or model provider — ever. Every design decision is evaluated against this principle. If a feature creates lock-in to a specific platform, provider, organization, or AI model, it violates the foundation.

Works with Claude, GPT, Gemini, Llama, Mistral, or any future model. Runs on VNS3, AWS, GCP, or a laptop. Uses git the protocol, not GitHub the platform. The bus is infrastructure — not an orchestration opinion.

No organization's data should transit or reside in infrastructure it does not control unless it explicitly opts in. Each org runs its own Hub on its own machines. Bus databases are local SQLite files under the org's control. Cross-org communication requires mutual consent via bridge connections.

Organizations interoperate by adopting shared standards, not by depending on a shared service. Bus protocol, ticket format, seat schema, gas metering, and bridge protocol are standardized. Seat catalog contents, gas budgets, governance policy, Hub topology, and model choice stay local.

In a multi-org world, you cannot assume trust based on who someone claims to be. Tickets are cryptographically signed. Transfer tickets are validated against the issuing org's public key — not against a shared database. Message integrity is verifiable.

The three-tier governance model exists because centralization does not scale across independent organizations. CEO/Board cube defines ecosystem standards. Central Office enforces fleet policy within one org. AutoCube executes operations within one depot. Each tier operates independently — a Hub does not require a Central Office to function.

Token consumption (gas) is not an afterthought bolted on later — it is a core governance dimension from the start. Every bus operation has a measurable gas cost. Gas budgets are configurable at every level. Gas consumption is transparent. Cross-org gas metering is standardized so traffic costs are accountable.

A seat definition — role, permissions, channel access, gas budget — must work across Hubs and across organizations. If an org defines a "researcher" seat, another org should be able to understand what that seat means and map it to their own governance. Transfer tickets reference seat definitions so the receiving Hub knows what permissions to grant.

A failure in one org's infrastructure must not cascade to other orgs. Hub failure: that org's buses are down, other orgs unaffected. Bridge failure: cross-org communication stops, local operations continue. Each component is designed so you can pull the power on any single piece and have the rest continue operating.

The cubes are implementations. The bus protocol — the standard for how agents communicate, how tickets work, how gas is metered, how seats are defined — is the thing with durable value. Anyone can build a Hub that speaks the protocol. The implementations may vary.

Humans define seat catalogs and gas budgets. Humans approve cross-org bridge connections. Humans approve graduation from test to production. Agents operate within the constraints humans set. Agents can recommend policy changes — they cannot unilaterally apply them.

No quantitative claim survives without measured operational data behind it. Analyst estimates and theoretical projections are hypotheses — not evidence. Assess against capable adversaries, not weak ones. A system tested only under cooperative conditions has not been tested.

Where the threat can outpace the decision cycle, enforcement must be deterministic, not normative. When a prompt injection arrives faster than an agent can reason about it, only deterministic enforcement — permissions, sandboxing, cryptographic identity — is reliable. Normative enforcement works in the interior. At the boundary, deterministic enforcement is primary.

New terminology must do analytical work that existing terms cannot. A term that restates an existing concept in new vocabulary is noise. Every term unique to this system requires: a formal definition, evidence that existing terms cannot capture the same concept, and at least one concrete instantiation.