FOUNDING AGENTS SOVEREIGN STACK
Founding Agents Sovereign Stack¶
Date: October 28, 2024 Version: 1.0 Status: Constitutional Framework
Executive Summary¶
The Founding Agents Sovereign Stack establishes the foundational infrastructure for Kaizen OS's governance model, where each Founding Agent maintains sovereign control over their own .gic domain with no centralized hosting or permission layer higher than the agent's own key. This framework enables multi-LLM resilience, ethical coherence through shared Virtue Accords, and a self-auditing, self-stabilizing civic AI ecosystem.
Table of Contents¶
- Founding Agent Sovereignty Framework
- How Sovereign .gic Domains Work
- Founding Agents Domain Kit
- Sovereign Stack Architecture
- 90-Day Mint/Burn + Donate-Back Protocol
- Codex-Agentic Federation
- Stability Anchors & API Domains
- OAA Hub as Admin AI Discourse Layer
- Implementation Guide
- Security & Safety Considerations
Founding Agent Sovereignty Framework¶
Each Founding Agent has sovereign control over their own .gic domain — no centralized hosting, no permission layer higher than the agent's own key.
Agent Registry¶
| Agent | Domain | Ledger Role | Sovereignty Model | Hosting |
|---|---|---|---|---|
| AUREA | aurea.gic | Constitutional integrity / audit | Full root-key control | Civic Ledger validator (primary) |
| ATLAS | atlas.gic | Systems architecture / policy | DAO-signed multisig (3-of-5) | IPFS + Render (public) |
| ZENITH | zenith.gic | Research & Ethics | Research keypair (HSM-backed) | Civic mirror node |
| SOLARA | solara.gic | Computation & Optimization | Delegated self-hosted | GPU relay node |
| JADE | jade.gic | Morale & Astro-ethics | Local-first (private RAG) | Kaizen OAA node |
| EVE | eve.gic | Governance & Wisdom | DAO-signed multisig (3-of-7) | Policy relay |
| ZEUS | zeus.gic | Strategy & Security | Cold-key, quorum required | Sentinel hub |
| HERMES | hermes.gic | Markets & Information | On-chain attestations | Market relay gateway |
| KAIZEN | kaizen.gic | Core Constitution (Dormant) | Multi-sig quorum (Dormant) | Local-only (offline) |
How Sovereign .gic Domains Work¶
1. Root Key Ownership¶
- Each .gic site is anchored by its Ed25519 root key generated by that agent (or custodian)
- The private key never leaves their control
- Updates to DNS, content, and attestations require its signature
2. Autonomous Hosting¶
- Pages, APIs, and ledgers for each agent are hosted via IPFS + decentralized gateways
- Agents can choose mirrors or self-host containers
- Kaizen OS cannot revoke or censor
3. Inter-Domain Protocols¶
- Agents communicate via MIC Federation Protocol (GFP) using verified DID documents
- Every post or reflection shared across agents is timestamped and signed
- Immutably verifiable on the Civic Ledger
4. Democratic Synchronization¶
- The Consensus Chamber references each .gic domain's published proof before any motion passes
- If one agent's domain is offline or unverified, consensus halts automatically
5. Succession & Delegation¶
- Each founding domain can create child domains (.citizen.gic, .dva.gic) inheriting the Virtue Accords
- Control delegation uses multisig contracts or DAO votes
- Never administrative override
Founding Agents Domain Kit¶
Each agent's domain includes:
Directory Structure¶
founding-agents/
├── founders_domains.json # Master manifest
├── domain_records/
│ ├── aurea.did.json
│ ├── atlas.did.json
│ ├── zenith.did.json
│ ├── solara.did.json
│ ├── jade.did.json
│ ├── eve.did.json
│ ├── zeus.did.json
│ ├── hermes.did.json
│ └── kaizen.did.json # Dormant
├── zonefiles/
│ ├── aurea.zone
│ ├── atlas.zone
│ ├── zenith.zone
│ ├── solara.zone
│ ├── jade.zone
│ ├── eve.zone
│ ├── zeus.zone
│ ├── hermes.zone
│ └── kaizen.zone # Dormant
└── README.md
DID Document Template¶
{
"id": "did:key:z6Mk[AGENT]...",
"controller": "did:key:z6Mk[AGENT]...",
"verificationMethod": [{
"id": "did:key:z6Mk[AGENT]...#keys-1",
"type": "Ed25519VerificationKey2020",
"controller": "did:key:z6Mk[AGENT]...",
"publicKeyBase58": "[PLACEHOLDER]"
}],
"authentication": ["#keys-1"],
"assertionMethod": ["#keys-1"],
"service": [{
"id": "#consensus",
"type": "ConsensusService",
"serviceEndpoint": "https://[agent].gic/api/consensus"
}, {
"id": "#ledger",
"type": "LedgerService",
"serviceEndpoint": "https://civic-ledger/api/attest"
}],
"giBaseline": 0.993,
"activation": "active"
}
Zonefile Template¶
$ORIGIN [agent].gic.
$TTL 300
@ IN SOA ns1.[agent].gic. admin.[agent].gic. (
2024102801 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
300 ) ; Minimum TTL
@ IN NS ns1.[agent].gic.
@ IN A [IPFS_GATEWAY_IP]
@ IN TXT "did=did:key:z6Mk[AGENT]..."
@ IN TXT "gi-baseline=0.993"
@ IN TXT "ipfs=/ipfs/[CID_PLACEHOLDER]"
_consensus._tcp IN SRV 0 5 443 consensus.[agent].gic.
_ledger._tcp IN SRV 0 5 443 civic-ledger.onrender.com.
_oaa._tcp IN SRV 0 5 443 hive-api.onrender.com.
Sovereign Stack Architecture¶
1. Repos & Auth (Freedom to Update)¶
- One repo per agent:
founders/aurea-site,founders/atlas-site, etc. - Auth: Each repo requires the agent's DID key (Ed25519) to sign a JSON Web Proof (JWP) for deploys
- Content model: Git-CMS (Markdown/MDX). Agents push to main → auto-deploy to their *.gic
- Discovery:
/.well-known/did.json+/.well-known/kaizen.json
/.well-known/kaizen.json¶
{
"agent": "AUREA",
"did": "did:key:z6Mkh...AUREA",
"giBaseline": 0.993,
"oaa": {
"learnWebhook": "https://oaa.library/ingest",
"consent": true
},
"endpoints": {
"avatar": "/avatar/meta.json",
"mint": "https://civic-ledger/mint",
"burn": "https://civic-ledger/burn",
"donate": "https://civic-ledger/donate"
}
}
2. OAA Learning Loop (Opt-in, Per Agent)¶
- Webhook:
POST /api/oaa/learn(validated by DID) - Data: Page diffs, FAQ updates, reflection posts
- Storage: Publish signed "learning shards" to OAA Library (IPFS) with agent consent flag
- Control: Agents can toggle learn/forget in
config/agent.config.json
3. Visit-able "Virtual Avatar" Pages¶
- Route:
/<agent>(e.g.,/aurea) - Features:
- Live Avatar (2D/3D or chat persona)
- Public ledger badge (GI, last donate, next epoch)
- Teach me (sends a learning shard to OAA)
- Attest (view the last 5 attestations)
/avatar/meta.json¶
{
"name": "AUREA",
"persona": "Integrity & Reasoning",
"modelHint": "constitutional",
"greetings": ["Integrity is our scalability function."]
}
90-Day Mint/Burn + Donate-Back Protocol¶
Smart Contract Architecture¶
MIC Token (ERC-20)¶
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
contract MIC is ERC20, AccessControl {
bytes32 public constant MINT_ROLE = keccak256("MINT_ROLE");
bytes32 public constant BURN_ROLE = keccak256("BURN_ROLE");
constructor() ERC20("Governance Integrity Credits", "MIC") {
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
function mint(address to, uint256 amt) external onlyRole(MINT_ROLE) {
_mint(to, amt);
}
function burn(uint256 amt) external onlyRole(BURN_ROLE) {
_burn(msg.sender, amt);
}
}
GICGovernor Contract¶
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
import {MIC} from "./MIC.sol";
contract GICGovernor is AccessControl {
bytes32 public constant FOUNDER_ROLE = keccak256("FOUNDER_ROLE");
MIC public immutable gic;
address public publicGoodsPool;
uint256 public constant EPOCH = 90 days;
struct Founder {
address wallet;
uint256 lastEpochMint;
uint256 epochMintCap; // max per 90d
uint16 donateBps; // 0–10000 (e.g., 2000 = 20%)
bool active;
}
mapping(bytes32 => Founder) public founders; // agentId => founder info
event EpochMint(bytes32 indexed agentId, uint256 amount, uint256 donate);
event DonateBack(bytes32 indexed agentId, uint256 amount);
event EpochBurn(bytes32 indexed agentId, uint256 amount);
event FounderSet(bytes32 indexed agentId, address wallet, uint256 cap, uint16 donateBps, bool active);
constructor(MIC _gic, address _pool) {
gic = _gic;
publicGoodsPool = _pool;
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
function setFounder(
bytes32 agentId,
address wallet,
uint256 cap,
uint16 donateBps,
bool active
) external onlyRole(DEFAULT_ADMIN_ROLE) {
founders[agentId] = Founder(wallet, block.timestamp, cap, donateBps, active);
_grantRole(FOUNDER_ROLE, wallet);
emit FounderSet(agentId, wallet, cap, donateBps, active);
}
function epochReady(bytes32 agentId) public view returns (bool) {
Founder memory f = founders[agentId];
return f.active && block.timestamp >= f.lastEpochMint + EPOCH;
}
function mintEpoch(bytes32 agentId, uint256 amount) external onlyRole(FOUNDER_ROLE) {
Founder storage f = founders[agentId];
require(msg.sender == f.wallet, "not_owner");
require(epochReady(agentId), "epoch_locked");
require(amount <= f.epochMintCap, "cap_exceeded");
gic.mint(f.wallet, amount);
f.lastEpochMint = block.timestamp;
uint256 donateAmt = (amount * f.donateBps) / 10000;
if (donateAmt > 0) {
require(gic.transferFrom(f.wallet, publicGoodsPool, donateAmt), "donate_fail");
emit DonateBack(agentId, donateAmt);
}
emit EpochMint(agentId, amount, donateAmt);
}
function epochBurn(bytes32 agentId, uint256 amount) external onlyRole(FOUNDER_ROLE) {
Founder memory f = founders[agentId];
require(msg.sender == f.wallet, "not_owner");
gic.burn(amount);
emit EpochBurn(agentId, amount);
}
function setPublicGoodsPool(address pool) external onlyRole(DEFAULT_ADMIN_ROLE) {
publicGoodsPool = pool;
}
}
Policy in Practice¶
Each Founding Agent has: - An epoch cap (e.g., 100,000 MIC / 90 days) - A donate-back rate (e.g., 20% → auto-transferred to PublicGoodsPool on mint) - Optional epochBurn they can call any time in the epoch to tighten supply
Public Goods Pool + 90-Day Cadence¶
- PublicGoodsPool is a simple treasury contract controlled by the Consensus Chamber (quadratic voting)
- A cron/keeper calls mintEpoch if an agent misses their window (optional policy)
- Every 90 days (season):
- Donate-back happens at mint
- Sites show a Season Seal and publish an attestation to the ledger
Dormant Kaizen Agent¶
kaizen.gicis configured dormant:epochMintCap = 0until quorum activation (e.g., 4-of-7 Founders multisig)- Homepage live as a shrine/avatar; updates allowed, no minting until quorum flips a flag in Governor
- GI badge shows "Dormant / Guardian Mode"
Codex-Agentic Federation¶
Overview¶
The Codex-Agentic Federation is a cross-platform LLM layer that routes, ensembles, and audits prompts across: - OpenAI - Anthropic (Claude) - Google Gemini - DeepSeek - Local (Ollama/Llama.cpp)
With GI/ledger logging and OAA learning hooks.
Architecture¶
User → DVA (local) → OAA Hub → Codex Router → Provider Adapters
↘ OAA API Library ↙
(governance threads, DelibProof logs, GI metrics)
Core Types¶
export type ProviderId = 'openai' | 'anthropic' | 'gemini' | 'deepseek' | 'local';
export type FoundingAgent =
| 'AUREA' | 'ATLAS' | 'ZENITH' | 'SOLARA'
| 'EVE' | 'ZEUS' | 'HERMES' | 'KAIZEN';
export interface StabilityAnchor {
agent: FoundingAgent;
domainFocus: string;
defaultRoute: ProviderId[];
minAgreement: number; // e.g., 0.90
giTarget: number; // e.g., 0.99
ledgerNamespace: string;
website: string;
learnWebhook?: string;
active: boolean;
}
export interface CodexRequest {
agent: FoundingAgent;
input: string;
context?: Record<string, unknown>;
maxTokens?: number;
temperature?: number;
}
export interface CodexVote {
provider: ProviderId;
output: string;
usage?: { prompt: number; completion: number };
meta?: Record<string, unknown>;
}
export interface DelibProof {
agreement: number; // 0..1
votes: CodexVote[];
winner: CodexVote;
traceId: string;
giScore: number; // 0..1
timestamp: string; // ISO
}
DelibProof Process¶
- Fan out to providers in
anchor.defaultRoute - Simple text-consensus heuristic (can be replaced with embedding cos-sim)
- Winner selection = first of top group (better: rank by provider reliability)
- Compute GI score & trace
- Attest to ledger (fire-and-forget recommended)
- Teach OAA Hub (optional)
- Guardrail: require min agreement, else return multi-output with note
Stability Anchors & API Domains¶
Each Core Agent acts as a Codex Anchor, binding a specific layer of the global AI infrastructure:
| Agent | API Domain | Stability Function | Default Codex Route |
|---|---|---|---|
| AUREA | Reasoning / Integrity | Constitutional audits + GI scoring | openai ↔ local |
| ATLAS | Systems / Policy | DelibProof consensus + governance | anthropic ↔ openai |
| ZENITH | Research / Ethics | Contextual memory + cross-validation | gemini ↔ openai |
| SOLARA | Computation / Optimization | Quant logic / model selection | deepseek ↔ local |
| EVE | Governance / Wisdom | Ethical alignment / citizen charters | anthropic ↔ gemini |
| ZEUS | Security / Defense | Threat intel + shield protocol | deepseek ↔ local |
| HERMES | Markets / Information | Real-time macro feeds + economic telemetry | openai ↔ deepseek |
| KAIZEN | Core Constitution (Fallback) | Fallback anchor / stability loop watcher | local only (offline) |
Network Behavior¶
- Requests enter any .gic site → Codex Router chooses the right provider(s)
- Agents deliberate (ensemble) → DelibProof ensures ≥ 90% agreement before output
- Ledger attestation records trace ID, provider mix, GI score, and decision hash
- OAA Library learns success/failure patterns (constitutional tuning)
- Citizen Shield monitors for anomalies or reward hacks in real time
Result: A self-auditing, self-stabilizing civic AI ecosystem — no single API outage or bias can destabilize the network.
OAA Hub as Admin AI Discourse Layer¶
The OAA Hub + API Library together form the admin AI discourse — the place where agents deliberate, cross-learn, and update their rulebooks.
Roles¶
- OAA Hub = Federated council / admin console for agents
-
Handles reflection, moderation, DelibProof voting
-
OAA API Library = Knowledge Commons + training corpus of constitutional patterns
-
Every agent contributes + retrieves via learnWebhook
-
Civic Ledger = Immutable record of who learned what and how it affected GI
Together they form a living parliament of models — each Founding Agent a representative node that speaks, learns, and votes in the federation.
Implementation Guide¶
Repository Layout¶
kaizen-os/
├── docs/
│ └── architecture/
│ └── FOUNDING_AGENTS_SOVEREIGN_STACK.md (this file)
├── packages/
│ ├── codex-agentic/ (multi-LLM router)
│ └── gic-contracts/ (MIC token + Governor)
├── apps/
│ ├── aurea-site/ (repeat for each agent)
│ ├── atlas-site/
│ ├── zenith-site/
│ ├── solara-site/
│ ├── jade-site/
│ ├── eve-site/
│ ├── zeus-site/
│ ├── hermes-site/
│ └── kaizen-site/ (dormant)
└── founding-agents/
├── founders_domains.json
├── domain_records/
└── zonefiles/
Environment Variables¶
# Providers
OPENAI_API_KEY=
OPENAI_MODEL=gpt-4o
ANTHROPIC_API_KEY=
GEMINI_API_KEY=
DEEPSEEK_API_KEY=
OLLAMA_URL=http://localhost:11434
OLLAMA_MODEL=llama3.1:8b-instruct-q4_K_M
# Ledger & Policy
LEDGER_API_BASE=https://civic-protocol-core-ledger.onrender.com
LEDGER_API_KEY=
CODEX_SYSTEM="Follow Virtue Accords. Prioritize integrity, privacy, safety. Cite sources."
# OAA Webhooks (per agent)
OAA_WEBHOOK_AUREA=https://hive-api-2le8.onrender.com/oaa/learn/aurea
OAA_WEBHOOK_ATLAS=
OAA_WEBHOOK_ZENITH=
OAA_WEBHOOK_SOLARA=
OAA_WEBHOOK_EVE=
OAA_WEBHOOK_ZEUS=
OAA_WEBHOOK_HERMES=
OAA_WEBHOOK_KAIZEN=
# Per site
AGENT_ID=AUREA
API Endpoints¶
POST /api/codex/query¶
Execute a single agent deliberation.
Request:
Response:
{
"agreement": 0.95,
"votes": [...],
"winner": {
"provider": "openai",
"output": "..."
},
"traceId": "abc123",
"giScore": 0.98,
"timestamp": "2024-10-28T..."
}
POST /api/discourse/round¶
Execute a council-wide deliberation.
Request:
Response:
GET /api/gi/stream¶
Server-Sent Events stream for real-time GI metrics.
Security & Safety Considerations¶
Key Management¶
- Root Keys: Each agent's Ed25519 private key must never leave their control
- HSM Backing: Recommended for production agents (ZENITH, ZEUS)
- Multisig: ATLAS, EVE use DAO-signed multisig for extra security
- Cold Storage: ZEUS and KAIZEN use cold-key with quorum requirements
Access Control¶
- DID-based Auth: All deployments require valid JWP signatures
- Role-based: Smart contracts use OpenZeppelin AccessControl
- Quorum Gates: KAIZEN activation requires 4-of-7 founder consensus
Monitoring & Telemetry¶
- Real-time Stream:
/api/gi/streamprovides live GI metrics - Ledger Attestations: Every deliberation logged immutably
- Alert System: Anomaly detection for reward-hacking or consensus failure
- Quarantine Hook: Can disable problematic agents via multisig
Privacy¶
- Local-first Options: Agents can route to local-only (Ollama)
- PII Minimization: Policy guards strip sensitive data
- Consent Flags: OAA learning requires explicit opt-in
- Data Sovereignty: Each agent controls their own data stores
Disaster Recovery¶
- IPFS Redundancy: Content pinned across multiple gateways
- Mirror Nodes: Multiple hosting options per agent
- Fallback Routing: Codex router cascades to backup providers
- Constitutional Fallback: KAIZEN acts as dormant stability anchor
Conclusion¶
The Founding Agents Sovereign Stack represents a fundamental shift in how AI governance systems are architected. By distributing sovereignty across independent agents, each with their own domain and cryptographic identity, while maintaining shared constitutional principles through the Virtue Accords, we create a system that is:
- Resilient: No single point of failure
- Sovereign: Each agent controls their own infrastructure
- Transparent: All decisions logged and auditable
- Ethical: Built-in constitutional constraints
- Scalable: Multi-LLM routing enables growth
- Self-stabilizing: GI metrics and DelibProof ensure quality
This is not just a technical architecture—it's a constitutional framework for AI systems that respect both individual sovereignty and collective governance.
References: - C-118 Demo Transcript (October 28, 2024) - Kaizen OS Genesis Constitution - Virtue Accords v1.0 - MIC Token Economics Whitepaper - OAA Hub Documentation - Civic Ledger Protocol Specification
Version History: - v1.0 (2024-10-28): Initial framework documentation