0 — mutate ◄ every interaction is a state mutation
│
├── mcp ◄ transport: JSON-RPC 2.0 over stdio (Phase 0)
│ └── json ◄ wire format
│ ├── name: "colibri"
│ ├── version: "0.1.0"
│ └── tools: 14 ◄ ADR-004 R75 Wave H amendment (19 planned → 14 shipped)
│
├── plugin ◄ the Colibri MCP server itself
│ │
│ ├── stateful ◄ single SQLite DB (data/colibri.db), WAL mode
│ │ │
│ │ └── world ◄ the runtime "world model"
│ │ │
│ │ ├── physics ◄ LEGITIMACY AXIS — the laws of the world
│ │ │ │
│ │ │ ├── constitution 7 immutable axioms (s01):
│ │ │ │ ├── AX-01 Append-only no record may be deleted
│ │ │ │ ├── AX-02 Derived reputation trust is computed, never assigned
│ │ │ │ ├── AX-03 No absolute authority no single agent rules
│ │ │ │ ├── AX-04 Consequence windows actions have bounded effects
│ │ │ │ ├── AX-05 Subjective finality finality is probabilistic
│ │ │ │ ├── AX-06 Right to exit any agent may fork
│ │ │ │ └── AX-07 Technical sovereignty the system owns its own rules
│ │ │ │
│ │ │ ├── laws
│ │ │ │ ├── η Proof Store (P0.8) Merkle tree — conservation law.
│ │ │ │ │ ├── leaf = SHA256(tag ‖ content) domain-separated
│ │ │ │ │ ├── tree: balanced binary, odd-count padding
│ │ │ │ │ ├── retention: Hot(memory) → Warm(SQLite) → Cold(hash-only) → Frozen(spec)
│ │ │ │ │ ├── ordering_violation if thought.ts > caller.ts
│ │ │ │ │ └── finalize locks tree — no more leaves
│ │ │ │ │
│ │ │ │ ├── κ Rule Engine (Phase 1) s11 + s12 DSL:
│ │ │ │ │ ├── integer-only (basis points), no floats
│ │ │ │ │ ├── guard → effect two-phase execution
│ │ │ │ │ ├── max 10,000 node budget per rule
│ │ │ │ │ ├── deterministic: same input = identical output
│ │ │ │ │ └── Chevrotain parser (EBNF grammar)
│ │ │ │ │
│ │ │ │ ├── θ Consensus (Phase 3) s06 BFT:
│ │ │ │ │ ├── quorum = floor(2N/3) + 1
│ │ │ │ │ ├── 5 finality: PENDING → SOFT → QUORUM → HARD → ABSOLUTE
│ │ │ │ │ ├── no external effects before HARD
│ │ │ │ │ ├── equivocation → detect + penalize
│ │ │ │ │ ├── gossip: IHAVE/IWANT, triple-anchor validation
│ │ │ │ │ │ (state_root, rule_version, fork_id)
│ │ │ │ │ └── VRF auditor selection prevents manipulation
│ │ │ │ │
│ │ │ │ └── ι State Fork (Phase 5) s07:
│ │ │ │ ├── fork_id = SHA256(parent ‖ event ‖ rule_ver ‖ reason)
│ │ │ │ ├── 3 isolation modes
│ │ │ │ ├── checkpoint every 1000 events
│ │ │ │ ├── merge requires governance vote if rule conflict
│ │ │ │ └── 50% reputation discount on fork transfer
│ │ │ │
│ │ │ ├── enforcement
│ │ │ │ ├── μ Integrity Monitor (Phase 4) s14:
│ │ │ │ │ ├── advisory (not hard blocks)
│ │ │ │ │ ├── 3 detectors: circular logic, coercion traps, axiom drift
│ │ │ │ │ ├── 3 advisory roles: Translator, Sentinel, Guide
│ │ │ │ │ └── output: JSON with decision_hash + reasoning trace
│ │ │ │ │
│ │ │ │ └── π Governance (Phase 6) s19:
│ │ │ │ ├── proposal lifecycle: constitutional / protected / protocol
│ │ │ │ ├── simple + quadratic voting (power = √credits)
│ │ │ │ ├── 3-stage time-lock, entropy injection
│ │ │ │ └── exhaustion: ±10% change per 6-month window
│ │ │ │
│ │ │ ├── middleware (α chain) 5-stage gate, everything passes through:
│ │ │ │ ├── 1. tool-lock "Is this tool available in this mode?"
│ │ │ │ ├── 2. schema-validate "Is the input well-formed?" (Zod)
│ │ │ │ ├── 3. audit-enter "Record: mutation is starting."
│ │ │ │ ├── 4. dispatch "Execute the handler."
│ │ │ │ └── 5. audit-exit "Record: mutation has ended."
│ │ │ │
│ │ │ ├── admission (s10) Phase 1+:
│ │ │ │ ├── token bucket rate limits
│ │ │ │ ├── stake freezing
│ │ │ │ ├── quality gates
│ │ │ │ └── VRF audit sampling (5–20%)
│ │ │ │
│ │ │ └── hardening (s13) security controls:
│ │ │ ├── Zod validation (all inputs)
│ │ │ ├── injection detection (SQL/NoSQL/XPath/LDAP/XXE/SSTI)
│ │ │ ├── secret pattern scanning (8 patterns, CWE)
│ │ │ ├── finality windows (24h+)
│ │ │ └── Shamir SSS recovery (7/10 threshold)
│ │ │
│ │ ├── social ◄ AGENTS — the inhabitants of the world
│ │ │ │
│ │ │ ├── users ◄ who lives here
│ │ │ │ ├── ξ Identity / Soul Vector (Phase 8) s18:
│ │ │ │ │ ├── Ed25519 keypair per agent
│ │ │ │ │ ├── 8 soul domains: BUILDER, JUDGE, INVESTOR, MENTOR,
│ │ │ │ │ │ GUARDIAN, INNOVATOR, DIPLOMAT, STEWARD
│ │ │ │ │ ├── 7 emergent traits (derived)
│ │ │ │ │ ├── L3 namespace aggregation
│ │ │ │ │ └── recovery: Shamir SSS (N=5, M=3)
│ │ │ │ │
│ │ │ │ ├── λ Reputation (Phase 2) s04:
│ │ │ │ │ ├── 5 independent domains: execution, commissioning,
│ │ │ │ │ │ arbitration, social, governance
│ │ │ │ │ ├── decay: 5% execution, 10% arbitration (without activity)
│ │ │ │ │ ├── derived limits: parallel_tasks = √rep
│ │ │ │ │ ├── permanent scars for fraud (100% loss + cap)
│ │ │ │ │ └── experience tokens L0–L2b (non-transferable)
│ │ │ │ │
│ │ │ │ └── tiers (4-tier agent hierarchy)
│ │ │ │ ├── T0 Human (owner) Intent, merge, authorize destructive
│ │ │ │ ├── T1 Sigma Orchestrator Round plan (Phase A), seal (Phase B)
│ │ │ │ │ └── contracts: sigma-orchestrator.md
│ │ │ │ ├── T2 PM backlog→todo, dispatch, wave gates
│ │ │ │ │ └── contracts: pm-contract.md
│ │ │ │ │ └── wave order: governance → runtime → domain
│ │ │ │ │ → integrations → test/ci/docs
│ │ │ │ └── T3 Executor 5-step chain in worktree
│ │ │ │ └── contracts: executor-contract.md
│ │ │ │ └── chain: audit → contract → packet → implement → verify
│ │ │ │
│ │ │ ├── arbitration (s09) Phase 5:
│ │ │ │ ├── 3-level escalation (3/5/7 arbiters, 7/14/21-day)
│ │ │ │ ├── VRF selection with reputation weighting
│ │ │ │ ├── commit-reveal voting
│ │ │ │ └── anti-oligarchy: entropy, participation cap, correlation penalty
│ │ │ │
│ │ │ ├── surfaces ◄ where agents meet the world
│ │ │ │ ├── 1. Repository (E:\AMS) Authoritative truth
│ │ │ │ │ └── direction: truth flows OUT from here
│ │ │ │ ├── 2. Worktrees (.worktrees/) Per-task sandboxes
│ │ │ │ │ └── direction: feeds IN via PR merge
│ │ │ │ ├── 3. Obsidian Vault Human reading surface
│ │ │ │ │ └── direction: one-way pull from docs/
│ │ │ │ │ └── sync: robocopy (no /PURGE), _vault/ never committed
│ │ │ │ └── 4. GitHub Pages Public reading surface
│ │ │ │ └── direction: Jekyll builds every push to main
│ │ │ │
│ │ │ └── LLM location ◄ where AI lives in the world
│ │ │ ├── T4 Models (Claude-only, Phase 0)
│ │ │ └── δ Model Router (Phase 1.5, ADR-005)
│ │ │ ├── score = quality×0.40 + cost×0.30 + latency×0.20 + load×0.10
│ │ │ ├── 8 Claude models (Opus/Sonnet/Haiku × generations)
│ │ │ ├── 6 execution modes: SINGLE, PARALLEL, CHAINED,
│ │ │ │ SWARM, PLAN, COWORK
│ │ │ └── fallback: retry → escalate → fall back → queue
│ │ │
│ │ └── execution ◄ EXECUTION AXIS — how work flows
│ │ │
│ │ ├── α System Core (P0.2) The Big Bang:
│ │ │ ├── 6-step boot: create Server → register handlers →
│ │ │ │ connect transport → resolve initReady → load DB → load domains
│ │ │ ├── transport FIRST (prevents handshake timeout)
│ │ │ ├── tool calls queue behind Promise gate until Phase 2
│ │ │ ├── exit codes: 73 (config), 75 (resource), 71 (lock), 1 (generic)
│ │ │ └── unhandledRejection → graceful shutdown
│ │ │
│ │ ├── γ Server Lifecycle (P0.4)
│ │ │ ├── 4 modes: FULL · READONLY · TEST · MINIMAL
│ │ │ ├── stdio one-shot startup, no file watcher
│ │ │ ├── health check every 30s (PRAGMA integrity_check sampled)
│ │ │ ├── shutdown: 6-stage drain:
│ │ │ │ announce → quiesce-router → drain-tasks →
│ │ │ │ finalize-proof → close-db → release-lock
│ │ │ └── unclean: re-runs merkle_finalize for status='finalizing'
│ │ │
│ │ ├── β Task Pipeline (P0.3) 8-state FSM:
│ │ │ ├── INIT → GATHER → ANALYZE → PLAN → APPLY → VERIFY → DONE
│ │ │ │ ↘ CANCELLED
│ │ │ ├── idempotent: retrying same state = no-op (not error)
│ │ │ ├── task_next_actions returns only unblocked tasks
│ │ │ ├── writeback binding: reflection MUST precede merkle_finalize
│ │ │ └── 8 β tools drive this pipeline
│ │ │
│ │ ├── ε Skill Registry (P0.6)
│ │ │ ├── SKILL.md frontmatter: name, triggers, capabilities, greekLetter
│ │ │ ├── 1 tool: skill_list (read-only, no hot-reload)
│ │ │ ├── registry read once at γ boot
│ │ │ ├── destructive: true blocks auto-invoke unless confirm: true
│ │ │ ├── ε records invocations in ζ via pre/post/error hooks
│ │ │ └── ε does NOT execute — caller's job
│ │ │
│ │ └── ζ Decision Trail (P0.7) The world's memory:
│ │ ├── chain_hash = SHA256(content_hash + parent_chain_hash)
│ │ ├── genesis: parent_chain_hash = "0000…0000" (64 zeros)
│ │ ├── 8 thought types: observation, plan, reflection,
│ │ │ skill_invoke, skill_result, error, demotion, seal
│ │ ├── audit_verify_chain: O(N) walk, offline-verifiable
│ │ ├── chain_race error on concurrent seq advance → retry
│ │ └── tamper-evident: modifying one record breaks all successors
│ │
│ └── 14 tools (the shipped API surface — ADR-004 R75 Wave H amendment)
│ │
│ ├── 5 β Task Pipeline
│ │ task_create · task_get · task_update (FSM-routed) ·
│ │ task_list · task_next_actions
│ │
│ ├── 4 ζ Decision Trail
│ │ audit_session_start · thought_record ·
│ │ thought_record_list · audit_verify_chain
│ │
│ ├── 2 η Proof Store
│ │ merkle_finalize · merkle_root
│ │
│ ├── 1 ε Skill
│ │ skill_list
│ │
│ └── 2 System
│ server_ping · server_health
│
├── additions ◄ ν INTEGRATIONS — bridges to the outside
│ │
│ ├── git GitHub: PRs, branch ops, commit history
│ │ └── rules: never force-push main, never merge from agent,
│ │ always unset GITHUB_TOKEN (use gh CLI keyring)
│ │
│ ├── Obsidian Vault sync:
│ │ └── robocopy docs/ → vault (no /MIR, no /PURGE)
│ │ └── excludes: _vault/, .git, .worktrees, node_modules, temp
│ │ └── planned: CRDT/OT (Yjs/WebSocket) — spec-only, zero Node.js code
│ │
│ ├── Claude API Anthropic SDK wrapper:
│ │ └── 24 controller modules (spec-only, Phase 0.9+)
│ │ └── rules: never log content, never retry silently
│ │ └── 429 rate limit → exponential backoff
│ │
│ └── SDK @modelcontextprotocol/sdk:
│ └── stdio transport (Phase 0)
│ └── Streamable HTTP (Phase 1+, SSE deprecated)
│
│ ├── agent coordination ◄ how multi-agent work is orchestrated
│ │ │
│ │ ├── skills layer (ε) 23 colibri-* skills in .agents/skills/:
│ │ │ ├── Phase 0 active (10):
│ │ │ │ colibri-pm · colibri-executor · colibri-tier1-chains ·
│ │ │ │ colibri-task-management · colibri-audit-proof ·
│ │ │ │ colibri-verification · colibri-mcp-server ·
│ │ │ │ colibri-docs-check · colibri-docs-sync · colibri-greek-nav
│ │ │ ├── Heritage/deferred (12):
│ │ │ │ colibri-growth-strategy · colibri-truthing ·
│ │ │ │ colibri-audit-review · colibri-context-primer ·
│ │ │ │ colibri-cross-reference · colibri-obsidian-sync ·
│ │ │ │ colibri-pr-review · colibri-round-close ·
│ │ │ │ colibri-skeleton-generator · colibri-status ·
│ │ │ │ colibri-writeback · colibri-repo-facing-polish
│ │ │ └── contract: SKILL.md frontmatter → ε reads at γ boot
│ │ │
│ │ ├── swarm templates (.agents/swarms/colibri-5/):
│ │ │ ├── 5-agent parallel pattern (ξ-σ role letters)
│ │ │ ├── battle-tested across 3 sessions, 251 docs
│ │ │ ├── authority hierarchy + conflict resolution
│ │ │ └── reusable — not session-specific
│ │ │
│ │ └── meta-prompts (data/meta-prompts/, HERITAGE):
│ │ ├── 7 Tier-1 phase prompts (INIT→CLOSE)
│ │ ├── 7 specialized (tool-use, error-handling, sub-agent-spawn, etc.)
│ │ ├── Handlebars templated, AMS-coupled ($AMS_ROOT, gsd_*)
│ │ └── superseded by .agents/skills/ + docs/agents/ contracts
│ │
│ ╔══════════════════════════════════════════════════════════╗
│ ║ invoke( *context, #contract ) → Record ║
│ ║ ║
│ ║ Every addition call: ║
│ ║ *context = audit-enter (stage 3 of α chain) ║
│ ║ #contract = schema-validate (stage 2 of α chain) ║
│ ║ → Record = ζ thought_record (hash-chained) ║
│ ║ ║
│ ║ Nothing enters or exits the world without ║
│ ║ passing through the 5-stage α middleware chain ║
│ ║ and leaving a ζ record. ║
│ ╚══════════════════════════════════════════════════════════╝
│
└── time ◄ TEMPORAL STRUCTURE — how the world ages
│
├── session (months) coherent arc of 5–15 rounds
│ ├── sealed with docs/session-seal-sN.md
│ ├── Session 1–5: complete (pre-history)
│ ├── Session 6: R53–R73 (src/ deletion → R73 unification), SEALED
│ ├── Session 7: R74 series (documentation finish, zone hardening), SEALED 2026-04-09
│ └── Session 8: R75+ (Phase 0 code + R81 κ kickoff), ACTIVE
│
├── round (days) one unit of orchestrated work
│ ├── Phase A — plan: Sigma writes manifest (slices, owners, deps)
│ ├── Phase W — waves: PM dispatches executors in wave order:
│ │ ├── W1 governance (specs, ADRs, constitutional)
│ │ ├── W2 runtime (α β γ — execution axis)
│ │ ├── W3 domain (δ ε ζ η — intelligence + first legitimacy)
│ │ ├── W4 integrations (ν — GitHub, Obsidian, Claude API)
│ │ └── W5 test/ci/docs (verification surface)
│ └── Phase B — seal: Sigma audits writeback, closes round
│ └── "No signal = no round" — all 3 axes must leave a signal
│
├── task (hours) the unit executors operate on
│ ├── 8-state β FSM (see execution.β above)
│ ├── 5-step executor chain:
│ │ ├── 1. audit → docs/audits/<name>-audit.md
│ │ ├── 2. contract → docs/contracts/<name>-contract.md
│ │ ├── 3. packet → docs/packets/<name>-packet.md ← gates implementation
│ │ ├── 4. implement → source files
│ │ └── 5. verify → docs/verification/<name>-verification.md
│ │
│ ├── writeback (mandatory):
│ │ task_update(status="done", progress=100)
│ │ thought_record(type="reflection", ...)
│ │
│ └── proof-grade writeback (legitimacy tasks):
│ audit_session_start → work → audit_verify_chain →
│ thought_record(reflection) → merkle_finalize → merkle_root
│ ├── ORDERING RULE: reflection BEFORE merkle_finalize
│ └── 10-tool chain for full proof-grade session
│
└── master flow (15 steps, from intent to seal)
├── 1. T0 intent human sets direction
├── 2. T1 round plan Sigma writes Phase A manifest
├── 3. T2 promote PM moves backlog → todo
├── 4. T3 pick up Executor picks unblocked task
├── 5. T3 worktree git worktree add .worktrees/claude/<slug>
├── 6. T3 audit inventory the surface
├── 7. T3 contract behavioral contract
├── 8. T3 packet execution plan (gates implementation)
├── 9. T3 implement write code in worktree
├── 10. T3 verify test evidence
├── 11. T3 writeback task_update + thought_record
├── 12. T3 PR open push branch, create PR
├── 13. T0 merge human merges PR to main
├── 14. T1 seal Sigma runs Phase B
└── 15. — next loop to step 1