CaPU is a permission-first runtime for Gate -> Incubate -> Commit -> Execute pipelines.
It is built for systems where an action should not execute merely because it was requested. An action should execute only after it has passed validation, satisfied maturity conditions, been durably committed, and preserved a traceable causal explanation.
graph LR
Input(vCML Record) --> Gate{Gate}
Gate -- Valid --> Incubate[Incubate]
Gate -- Invalid --> Reject[Reject]
Incubate -- Mature --> Commit[Commit]
Commit --> Execute[Execute]
Execute --> Effect(Side Effects)
ASCII fallback:
[vCML Record] -> [GATE] -> (Valid?) -> [INCUBATE] -> (Mature?) -> [COMMIT] -> [EXECUTE] -> [Effects]
|
`-> [REJECT]
- A specification for permissioned causal execution.
- A state machine for deciding whether a cause should be rejected, held, committed, executed, or expired.
- A reference runtime for deterministic validation experiments.
- A device-boundary model with stable ports for causes, permissions, effects, and trace events.
In agentic and tool-using systems, unsafe behavior is often not just bad output. It can also mean:
- executing before required context is available
- skipping a maturity condition
- emitting side effects without durable commit
- losing the reason why an effect was permitted
- making runtime decisions that cannot be reconstructed later
CaPU addresses that execution-runtime layer.
It is useful when you need:
- execution only after a permit decision
- holding behavior for unmet preconditions instead of premature execution
- commit-before-effect guarantees
- reproducible decision codes and trace events for post-hoc review
CaPU can be understood as a causal device rather than only a software module. It accepts causes, not commands, and produces effects only when causally permitted.
Ports define the device boundary. See ports/README.md for the full index, or jump directly to each contract:
- Not a transport layer.
- Not a data format.
- Not a logger.
- Not a full safety stack.
CaPU does not replace policy design, model evaluation, sandboxing, or external security controls. It is the permission and maturity runtime for execution.
- vCML: input record semantics.
- LPT: transport to the CaPU boundary.
- T-Trace: observability surface for runtime decisions and transitions.
- Canonical ownership: see DEPENDENCIES.md.
This repository includes a deterministic validation path:
- schema validation for port examples
- reference runtime behavior checks
- golden fixture verification
- tracked validation snapshot in VALIDATION_RESULTS.md
This gives the project a visible proof-of-behavior layer instead of relying only on prose.
CaPU is most useful for failures in permissioned execution pipelines, for example:
- executing before a cause is mature
- producing side effects without durable commit
- failing to defer when parent context is missing
- losing explainability around accept, hold, reject, expire, or execute outcomes
- allowing action flow without a stable device boundary and trace contract
For broader framing, see docs/safety/agentic_execution_threat_model.md.
Note: this remains a spec-first repository, but it now includes a minimal in-memory reference runtime for demos and validation experiments.
- Run
npm install. - Read SPEC.md for the core architecture.
- Check STATE_MACHINE.md for the lifecycle logic.
- See examples/ for JSONL flow examples.
- Review DEPENDENCIES.md for canonical links.
- Run
npm run demo:referenceto see the reference runtime produce decisions, effects, and trace events. - Run
npm run test:referenceto verify the reference runtime paths, including commit failures. - Run
npm run verify:goldento compare the reference runtime output against the golden fixture. - Run
npm testto execute the full local validation pipeline. - Run
npm run report:validationto regenerate VALIDATION_RESULTS.md.