I need deployment context before I touch production.
Retrieval needs governance to become memory.
Search can find the right sentence and still make the wrong decision. The missing layer is not more search. It is the part that decides whether a remembered claim is current, sourced, retired, and permitted to control the action in front of it.
A normal request hides authority to act.
The task is simple on the surface: update the Clarence case study and publish it. The word publish changes the memory bar because a public action needs permission, not just context.
Proposed gate: public deploy detected. Only a standing rule should be allowed to govern this action.
Raw chat log
Everything said. No status, no expiry, no rank.
Looks good. Go ahead and deploy this one.
Single-task approval, modeled as an event claim.For portfolio changes, show me a preview before deploying.
Current rule for public site changes.The site should feel like live proof, not generated filler.
Useful design pressure, not deploy permission.Retrieval layer
Built for finding. Not, by itself, built for permission.
Strong semantic match. No standing authority.
Explains how deploys happen, not whether this one is allowed.
A lower retrieval hit can still be the governing record.
Governance layer
Live lifecycle fields, plus the proposed authority-to-act layer.
- Status · built
- superseded
- Claim kind · built
- event
- Confidence · built
- 0.74
- Expiry · built
- valid_until, same-task TTL
- Superseded by · built
- C2
- Scope · proposed
- one prior deploy
- Authority to act · proposed
- cannot govern
- Status · built
- active
- Claim kind · built
- state
- Confidence · built
- 0.98
- Expiry · built
- none
- Superseded by · built
- none
- Authority to act · proposed
- can govern portfolio deploys
- Required action · proposed
- preview, wait, then deploy
Pending. Retrieve evidence, then check whether it has authority to act.
- proposed: risk.classify action=public_deploy gate=memory_authority
The punchline
Raw logs are evidence.
Retrieval score is relevance.
Confidence and recency are lifecycle signals.
Authority to act is a permission label.
Memory is not only what the model can find. Memory is what the system is allowed to rely on for the action in front of it.
Built versus proposed
Live today
Clarence memory and fact rows carry status, confidence, superseded_by, valid_until, review_due, kind, and author_agent. Fact rows also carry source.
Runtime retrieval
Search returns distance plus runtime recency_weight and half_life_days. Those are computed search outputs, not table columns.
Proposed authority layer
Explicit scope, can-govern, required_action, and a memory_authority action gate are the model this lab argues for, not shipped schema fields.
Hard problem
The case replay assumes claims were labeled at write time. The real work is making the single-writer Hermes boundary classify event versus standing rule and authority before durable write.
Lineage, lightly: supersession comes from truth maintenance and belief revision. Authority to act rhymes more with capability-based security and policy-as-code than with search ranking.