Skip to content
GitHub
Operations

World Model Authoring

Operator surface for the authoring primitives: creating and versioning world models, authoring the context schema + configuration block + action registry, authoring rules alongside the World Agent (which generates the deterministic predicate code from a behavioral spec extracted independently of the predicate), and managing two-dimensional provenance with a full audit trail. The human operator drives the surface through the UI, which is a thin client over the same HTTP API — see API/UI parity.


Scope (expected, subject to epic refinement)

Section titled “Scope (expected, subject to epic refinement)”
  • World-model lifecycle — create, list, version, retire
  • Context schema authoring — declare typed attributes with sources (supplied / system_generated / computed); declare derivations for computed attributes; constraint authoring (min/max, enum, regex)
  • Configuration-block authoring — declare stable per-version values (business hours, holiday calendars, thresholds, regional regulatory parameters); change-driven regeneration of dependent rule code
  • Action-registry authoring — register actions per domain; assign rules to actions; set aggregation mode per action
  • Rule authoring — propose candidate (natural-language form + tier + outcome), invoke the World Agent to generate the predicate code and applies_when filter, derive the rule’s typed input declaration bound declared == read, and extract a behavioral spec from the rule text independently of the predicate that the generated predicate must pass; attach authoritative-source citations
  • Two-dimensional provenance management — authoritative-source dimension (operator-authored citations verified at the conformity gate) and code dimension (regenerated when the natural-language form or configuration dependencies change; verified at the implementation-readiness gate, where codegen is bound declared == read so the rule’s declared inputs equal the predicate’s actual reads per ADR-107)
  • Rule status machine transitionscandidate → enshrined → retired per World Model; publish/deploy are separate boundaries that gather assigned enshrined rules

Documented as the surface ships.

Documented as the surface ships. Every UI action has an API equivalent — the UI is an API client over the same routes; see API/UI parity.

  • Rule authoring flows through the governed Evolution Loop. Candidates do not become enshrined without human sign-off on the natural-language rule intent; generated predicate code, behavioral tests, input declarations, and source-conformity evidence are machine-checked review artifacts around that intent.
  • Authoritative-source provenance is an audited field. Tier downgrades and upgrades both leave an audit record. Code-dimension provenance regenerates whenever the natural-language form or configuration dependencies change; the regeneration is also audited.
  • Retirement is a state transition, not a delete. The rule applies uniformly to world models, rules, source materials, and action-registry entries — retired rows remain queryable for audit and for evolution history.
  • Configuration-block edits force code-dimension regeneration on dependent rules. A configuration change is a version bump that re-runs the implementation-readiness gate against the regenerated code; predicates do not read configuration at runtime.
  • Concurrent operator actions on the same world-model entity (rule, configuration value, context-schema attribute, action-registry entry, relationship) are serialized at the row level — one wins; the other receives a clean conflict response. Mirrors the ApprovalDecision row-level serialization established for the enshrinement gate.
  • Every authoring mutate API is idempotent on (operator_id, correlation_id). The WorldAuthoringAudit correlation_id column doubles as the idempotency anchor — a retried request with the same operator + correlation id returns the original outcome rather than double-applying.

Every authoring action — world-model create / retire, context-schema attribute add / edit, configuration value add / edit, action-registry entry add / retire, rule candidate propose / revise / retire, authoritative-source citation add / change, provenance-tier change — appends a WorldAuthoringAudit row alongside the entity-state mutation in the same transaction. The audit row is records, not memory: it participates in the operator-action audit family alongside ApprovalDecision and agent_approval per Memory System / Records are not memory and Data Retention / Audit posture.

WorldAuthoringAudit is operator-scoped (no domain RLS) — operator identity is the audit key. It is distinct from ApprovalDecision (same identity domain — both worlds-side, both app.user_id-keyed — but different action surface: enshrinement-gate decision rather than authoring action).

See Domain Model / WorldAuthoringAudit and Data Retention for the worlds-side (world_authoring_audit, WORLDS) → 730d / 30d / STRIP_PAYLOAD entry.