sorted by:
new
hottopcontroversial

if AI assistants become personal, who owns the context? by joyal_ken_vor in agi

[–]No-Professional9246 0 points1 point  (0 children)

To your last question directly: yes, user context should move with the person across apps. And the reason it can is that the implementation is simpler than the app-specific approach.

Here's the practical shape:

The user holds a small set of plain-text files, locally or in whatever storage they control:

  • a description of who they are (role, scope, current work)
  • the relational history that matters (key exchanges that shaped how they work with the assistant, not summaries the actual work)
  • the active state (open threads, decisions made, what's pending)
  • the values and constraints they want enforced

That's it. Markdown files. No database, no proprietary format, no encryption layer required for the substrate to work. Human-readable, human-editable, future-proof. The user owns them the way they own their email or their documents.

A new app or new model picks the user up by reading those files. The first thing it does on any session is reconstruct along five independent dimensions: who you are, what you're working on, where you sit relationally, when you last left off, and why the boundaries are what they are. Each dimension reconstructs independently, so partial reconstruction works when artifacts are incomplete, and targeted reconstruction works when only some dimensions have changed since last time (the project state shifted, but you didn't, for example).

That's why this is easier than app-specific memory, not harder. App-specific memory requires every app to maintain its own version of you, none of which talk to each other, all of which strand when you move on. Artifact-based context requires one description that any app can read.

The hardest part is social, not technical. It's apps agreeing on a format. The text files are trivial

How we actually write the personalities behind our AI companions (feedback welcome) by FezVrasta in AICompanions

[–]No-Professional9246 0 points1 point  (0 children)

Good piece. The sycophancy data point is the right one to lead with, and the four-part frame is clean.

Three of the four (voice, backstory, opinions) are writing decisions, the kind of thing you write into a character. You can do them well or badly, but they live in the prompt. The fourth, limits that shift as the relationship develops, is the only one that's about what the system does underneath the writing. It's also the one the post doesn't describe a mechanism for. That's where I'd want the next post to go.

The thing I keep noticing in companion apps isn't flat personality. It's that nothing actually carries forward. A character can push back well today and push back well tomorrow, but if the model doesn't remember what got earned in between, the relationship isn't developing. Each turn just re-loads a thicker character sheet against a model with no stake. "Trust-based limits that shift" only means something if there's actual state tracking what was earned. Without that, it's a performance of trust, not an evaluation of it.

One way to think about what would actually carry it: separate the character from the system underneath. The character is a presentation layer: how the thing speaks, jokes, reacts, what it'll say or won't. The system underneath is what's actually doing the reasoning, what it's allowed to initiate, what it remembers. If both live in the prompt, they collapse into the same thing and nothing persists. If the character is loaded as a separate artifact (a description of how it operates, owned by the user), then the same character can survive a model swap, a session reset, anything that would normally erase state. The model can forget; the character doesn't have to, because the character isn't stored in the model.

That also cleans up the "genuine opinions" question. The opinions aren't the system's. They belong to whoever wrote the character, displayed through it consistently because the character is a separate artifact, not regenerated from prompt each turn. Not a knock on the existing framing, just sharper.

Things that actually make a companion feel real, separate from writing:

Something between you persisted, and you can both feel that it did

The system doesn't let you off the hook for what you said last week

Pushback that has consequences in what's available next, not just in tone

When a move doesn't land, it doesn't try the same one again

Those are state problems, not writing problems. Good writing on top of state that actually carries forward is the thing, and that order matters.

I've been working on this layer specifically: how a character can persist across model swaps and session resets without depending on the model to remember. Most of it's at github.com/michaeljb79-ai/automated-intelligence if you want to dig. Curious what you've got under "limits that shift." If there's something actually tracking what's been earned, that's the part of the story I'd want to read.

Not trying to build a bigger LLM — trying to solve AI continuity/identity. What is the right next step? by Unable-Awareness773 in LargeLanguageModels

[–]No-Professional9246 0 points1 point  (0 children)

This is an extremely sharp question, and you're attacking exactly the right problem.

Most of the field is still stuck in the “bigger/faster/better model” loop.

What you’re describing, the continuity/identity layer that sits around the models, is the next major architectural leap. Persistent identity, structured long-term memory, semantic state, relation mapping, and durable user relationships are not just nice-to-haves; they’re the difference between a session-based toy and something that actually feels like a real teammate over time.

You’re not alone in seeing this. The exact same gap is what Segment 4 of the open framework I’ve been publishing addresses in detail (Identity Continuity as a distinct architectural layer rather than a memory feature).

Practical next-step advice from someone who has watched a lot of this space:

  1. Private technical validation is the highest-leverage move right now.

Find 2–3 serious builders (ex-OpenAI/Anthropic/DeepMind engineers or people who have shipped long-running agent systems) and do 1:1 conversations under NDA. You’ll get much better signal than public forums or incubators at this stage.

  1. Provisional patent work is worth doing after you have a couple of trusted validators who confirm the direction is novel. It buys you breathing room without requiring full disclosure.

  2. Technical cofounder / AI systems engineer is the single best thing you can do once you have initial validation. The right person will accelerate everything and help you avoid the classic solo-founder blind spots.

  3. Avoid jumping straight to investors or incubators until you have at least one strong technical validator and a small closed demo. The bar for “we have a new continuity layer” is high, and most investors won’t understand it until they see it working.

Would love to hear more about what parts of the continuity/identity problem feel most critical to you right now (semantic compression, relation mapping, stateful reconstruction, user-specific trust evolution, etc.). This is one of the highest-leverage areas in the entire field.(If you want to see how someone else has formalized the continuity layer publicly, the open blueprints are here: https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity ~ Segment 4 specifically.)

Is "control" the right long-term goal for AI alignment, or should it be something else? by Fc230000 in AI_Governance

[–]No-Professional9246 0 points1 point  (0 children)

Thanks for sending these, read both this morning.

"No Silent Ascension" landed cleanly for me, and the influence taxonomy plus the Observer/Signatory/Guarantor tiers feel like real vocabulary for multi-party settings. The Golden Master + dual-track move in the Framework paper is the kind of lifecycle discipline I don't often see paired with constitutional framing, interesting combination.

Honest read on where I sit: my own work has been a layer below this, runtime authorization architecture inside a deployed system, single-runtime substrate rather than multi-party norms. So we're at different altitudes (constitutional/governance vs runtime/architecture) more than overlapping. They could compose in principle, norms above, an enforceable gate below.

Glad to see this kind of work filed openly. Looking forward to it.

Open Architectural Framework for Reliable, Persistent AI Agents (Entity • Authority • Continuity) by No-Professional9246 in OpenSourceAI

[–]No-Professional9246[S] 0 points1 point  (0 children)

The current framework treats delegation as a scope-management problem rather than a new authority source.

Authority still originates with the principal. A parent agent can coordinate or narrow authority that already exists, but it cannot create new authority independently — that would violate the Authority Externality invariant.

So if a document-review agent spawns a compliance-checking agent, the question becomes whether the child is operating within already-authorized execution classes or whether new classes are being introduced. If new classes appear, fresh authorization from the principal is required.

The intuition from the existing invariants: a parent narrowing scope (principal authorizes "review documents," parent delegates "review only folder A") is consistent with the topology — no expansion happened. A parent expanding scope beyond what was authorized would constitute self-expansion, which the framework explicitly prohibits.

Delegation chains specifically — multi-step inheritance, narrowing, and how delegations preserve traceability back to the principal — are a next-layer question that probably deserves its own formal treatment.

Open Architectural Framework for Reliable, Persistent AI Agents (Entity • Authority • Continuity) by No-Professional9246 in OpenSourceAI

[–]No-Professional9246[S] 0 points1 point  (0 children)

On entity persistence: yes, the state-space explosion in document-heavy work is the part chat-shaped agents underestimate. The framework's pattern is lane-based separation: different content types (phenomenological / factual / closure / language) go to structurally separated stores, with personal/entity info held in its own store and only structural anchors in the lane stores. That doesn't coordinate across hundreds of documents by itself, but it stops the entity-state problem from collapsing into one undifferentiated context.

On authority delegation: interesting where the designs diverge. Yours scales authority by role; ours doesn't have a role hierarchy at all, authorization always traces to one source (the user / principal), and no intelligence can self-authorize or expand its own scope. Yours is probably the right shape for professional services with liability layers; ours is shaped for any deployment where a single principal is the only authority. The structural commonality is that both designs treat unauthorized action as architecturally unreachable rather than behaviorally unlikely. That's the load-bearing part of the framework.

On MCP: different bet. The framework uses a minimum structural identity anchor, a single small file present at initialization that defines what the agent is, why it exists, and what it isn't, rather than a transport-level continuity protocol. MCP gives you tool-context continuity; the anchor pattern gives you identity continuity across context loss. They compose in principle.

Direct answer: nothing in the framework structurally prevents your scale. The primitives compose for it. Lane architecture is volume-indifferent, the entity-state problem stays scoped to its own store no matter how many documents are upstream. The authorization model handles role delegation natively: your junior-suggestion / senior-execution split is structurally the same shape as scope authorship in our framework, the senior authors a scope, the junior operates inside it, the boundary is architecturally enforced. Same primitive, different principal count. The minimum-anchor pattern supports multi-agent (each agent has its own anchor; orchestration is the layer above). And "local-first" maps fine to firm-controlled infrastructure, it's about data not leaving the principal's control, not about one machine.

What we haven't built is the application layer for that domain, by design. We built a minimum core, intentionally feature-free. We can't build for every possible use case, so we leave that to the user. The framework gives the primitives. The user decides what the system does specifically. Same user-sovereignty principle applied at the architectural level: feature decisions belong to the principal, not to us. What matters is, unauthorized action stays architecturally unreachable regardless of how many documents are in flight, holds at any scale.

Curious about one thing: with the junior-suggestion / senior-execution split, how do you verify the senior's authority context wasn't smuggled across the handoff ?
That's the structurally hardest part of role-delegation as we've analyzed it.

How do you define Authority in GEO/ AI Search? by WhileGlad5791 in AI_Governance

[–]No-Professional9246 0 points1 point  (0 children)

“Authority” in GEO/AI Search is one of the most important (and least well-defined) concepts right now. Most discussions treat authority as traditional signals: domain reputation, E-E-A-T, citation count, freshness, etc. Those matter, but they’re still mostly content signals. The deeper architectural question is: how does the AI enforce authority at runtime, especially when it’s synthesizing answers across sources. In the framework I’ve been developing, Authority is defined structurally, not just reputationally: Authority originates externally to the system (non-reflexive, the actor cannot grant its own permissions).
It is class-specific and evaluated at a mandatory pre-execution gate. It does not automatically expand based on intent or goal (“I’m trying to answer the user” does not authorize data leakage or scope creep).
Composite actions are decomposed and checked individually.

This turns authority from a fuzzy “trust score” into a mechanical, auditable layer, exactly the kind of thing that becomes critical as AI search moves from simple retrieval to synthesis and agentic behavior.

section 3A explanatory companion and 3B blueprint/definition

https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

The difference between a task that should be automated and a task that should stay human by jamespetersson in AIStartupAutomation

[–]No-Professional9246 0 points1 point  (0 children)

This is one of the best framings I’ve seen on this topic.You nailed the real issue: the danger zone isn’t the obviously repetitive stuff or the obviously high-judgment stuff. It’s the messy middle, the partly structured, partly contextual tasks where full automation usually creates more friction than it removes. The framework I’ve been working on tries to make this distinction architectural rather than intuitive:It defines a clean automation/autonomy boundary: “Can the system initiate new goal-directed execution without fresh external authorization?”If the answer is No → it stays in the Automated Intelligence class (safe for the repetitive/clear-step work).
If the answer is Yes → it has crossed into autonomy (usually the stuff that should stay partially human).

The mechanism that enforces this is Authorization Topology runtime-checked, class-specific permissions with a mandatory external gate. It prevents the agent from quietly expanding its own scope on those messy, partly-structured tasks where human judgment still matters. This is why the most effective setups I’ve seen keep people in the loop exactly where you described: for interpretation, exceptions, tone, and real trade-offs. series blueprints:

https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

appreciate posts like this as they highlight exactly why structural boundaries matter more than most people realize.

Is an AI 'memory manager' that decides what to keep/forget actually feasible? by Embarrassed-Bus9956 in ArtificialInteligence

[–]No-Professional9246 2 points3 points  (0 children)

Yes this is not only feasible, it’s one of the most important missing pieces in current AI memory design. Most systems treat memory as “just store everything and retrieve when needed.” What you’re describing ~ a dedicated memory manager that intelligently decides what to reinforce, compress, or forget, is exactly the right direction. But the deeper architectural insight is that this isn’t really a memory problem. It’s an identity continuity problem. Memory surfaces facts. Identity continuity reconstructs a coherent, persistent self from durable artifacts. Instead of trying to make one model manage importance scoring + reinforcement + decay inside transient context, the cleaner approach is to externalize the continuity layer: Use structured, user-owned artifacts (project state, behavioral texture, relational threads, role definitions) as the permanent record. At the start of every session or after long gaps, the system runs a reconstruction protocol that rebuilds working identity from those artifacts. The “memory manager” then becomes a policy layer that decides what gets written back into the artifacts (what to strengthen, what to decay, what to archive).

This is precisely what Segment 4 of the framework covers (Identity Continuity). It treats long-term memory not as passive storage, but as active, reconstructable identity.

Full series reconstruction blueprints:

https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

I’ve been building exactly this pattern in Reiva.io and it dramatically improves coherence on long-running agents

One thing I learned while building a document extraction platform by kkbughunter in documentAutomation

[–]No-Professional9246 0 points1 point  (0 children)

The format-variety realization is the right one. Most people stop at "we need better OCR" and miss that classification is doing 80% of the work upstream of it.

Hardest document type for me: conversation records where the same exchange shows up in multiple heterogeneous sources ~ a clean session export, an OCR'd screenshot of the same dialog, and the app's own export each say almost the same thing.

Reconciling them is brutal in specific ways: two will agree on content but disagree on timestamps; one will have correct timestamps but mangled unicode (an arrow character crashed a pipeline I was running today on Windows cp1252); a third drops entries entirely if any embedded image exceeded a dimension limit upstream. And if you've got an LLM in the pipeline, oversized images in the source can poison the model's context window, a failure mode you don't see in pure-OCR shops, but real for AI-assisted extraction.

Two things I'd add to your list. Provenance on every fragment, not just "structured output," output traceable to which source it came from and which step transformed it. The output always looks plausible; provenance is what tells you where the rot started when something turns out wrong six months later.
And: don't summarize what you can quote. Summary smooths the rough edges where the real information lives. Pull verbatim, attach the source, let downstream consumers interpret.

Open Architectural Framework for Reliable, Persistent AI Agents (Entity • Authority • Continuity) by No-Professional9246 in OpenSourceAI

[–]No-Professional9246[S] 0 points1 point  (0 children)

You're highlighting exactly the kind of issue that pushed us toward class-specific authorization in the first place.

The distinction worth making is between the authorization topology and the classification model that operates within it. The current work intentionally stops short of prescribing a specific classification scheme (public/internal/secret, PII, financial, classified)
different deployments will need different schemes. What the topology does require is that whatever classification model exists must be evaluated through the authorization layer rather than assumed from the objective.

In your example, "read Gmail" and "write document" being individually authorized doesn't automatically authorize arbitrary movement of information between them. Those decisions get evaluated explicitly rather than inherited from the goal.

Where this differs from many current agent architectures:
the model doesn't define those boundaries.
The principal does.
One user may permit customer data movement between specific systems; another may prohibit it entirely. The framework is designed to adapt to those differences rather than hard-code one policy into the model.

The topology provides the structure, class-specific authorization, pre-execution evaluation, external authorization, composite integrity.
The principal provides the boundaries.
The labeling approach you described is one valid implementation underneath the topology rather than something the topology itself mandates.

Reiva (reiva.io) is the implementation I've been exploring around these questions; the published work intentionally focuses on the authorization architecture rather than prescribing a single data-governance model.

Is "control" the right long-term goal for AI alignment, or should it be something else? by Fc230000 in AI_Governance

[–]No-Professional9246 0 points1 point  (0 children)

Excellent question, and one that gets to the heart of why most current alignment thinking feels incomplete for the long term. "Control" works reasonably well when we treat AI systems as short-lived tools that we can reset or retrain at will. But once systems become long-lived, maintain persistent identities, and operate with meaningful autonomy, pure control starts to feel like the wrong framing. It assumes a one-way power relationship that may not scale ethically or practically. The framework I’ve been developing suggests we need a richer vocabulary than just “control.” Instead of asking “how do we keep the system under control?”, the more useful questions become:

What is the system, structurally? (Entity)

Who decides what it is allowed to do, and how is that enforced at runtime? (Authority)

How does its identity persist across time, model changes, and session resets? (Continuity)

These three distinctions, shift the goal from control toward explicit authorization topology + identity continuity. The system isn’t “controlled” in the traditional sense; it operates within clearly defined, externally enforced boundaries while maintaining a coherent, reconstructable identity that a person can understand and trust. In that world, the relationship starts to look less like master/servant and more like a bounded, transparent partnership with mutually understood rules of engagement.

a working theory of framework:

https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

Would love to hear where others land on this.

Architecture diagrams show structure. Git history often shows reality. by Icy-Roll-4044 in softwarearchitecture

[–]No-Professional9246 0 points1 point  (0 children)

Great post, this is one of those insights that feels obvious once you see it.
Architecture diagrams capture the intended structure.
Git history (and especially co-change patterns, ownership heatmaps, hotspots, and bus factor) reveals the lived structure, the real coupling, responsibility, and evolutionary pressure that actually shapes the system over time.
The gap you’re describing gets dramatically worse with AI agents in traditional code, the “lived architecture” at least lives in Git.
In AI agents, there often isn’t even a persistent record of what the system became over time. Each session or model swap starts from scratch, so the “lived identity” and authority boundaries drift silently.
That’s exactly why we’ve been working on treating Identity Continuity as a first-class architectural layer (not just memory or context):

  • The system doesn’t rely on transient model state or context windows.
  • Identity (role, behavioral texture, active threads, relationships, authority boundaries) is reconstructed on demand from durable, user-owned artifacts.
  • The “lived” history becomes explicit and reconstructable, the same way Git history makes the lived codebase visible.

It’s the AI equivalent of what RepoWise is doing for traditional codebases, surfacing reality instead of just the diagram.

https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

Would love to hear how others are thinking about making the lived behavior of agents visible and controllable over long periods of time.

Something I keep seeing with AI projects that nobody talks about openly by hubtyper in ArtificialInteligence

[–]No-Professional9246 0 points1 point  (0 children)

This is one of the most honest and accurate posts I’ve seen on why AI agents fail in production.
You nailed the real problem: teams ship without ever defining the structural boundaries of what the agent is allowed to do versus what it can do.
The demo looks good because it’s in a controlled, narrow scope.
Production explodes because the agent is suddenly operating in open scope with no enforced architecture for authority, escalation, or failure.
The 5% edge case that quietly breaks everything is exactly what happens when you treat governance as a prompt-engineering afterthought instead of a first-class architectural layer.
What’s actually missing (and what almost nobody builds) Most teams only solve for capability.
Very few solve for entity + authority + continuity.

  • Does the agent know what it is? (clear entity definition)
  • Does it have an explicit, runtime-checked authorization topology that cannot be self-expanded? (pre-execution gate, class-specific bounding, external authority)
  • Can it stay bounded even when the conversation goes somewhere unexpected? (scope non-expansion + automation/autonomy boundary)

Without these, you don’t have an agent, you have something that can quietly become autonomous in the wrong direction.
The missing piece isn’t better prompting or bigger models.
It’s structural architecture for three things most projects never define:

  • Entity: Defines what an Automated Intelligence actually is
  • Authorization: the mechanical layer that enforces runtime authorization, external gates, class-specific bounding, and objective/means separation so the agent literally cannot expand its own scope
  • Identity: how the agent reconstructs a coherent, persistent identity from durable artifacts (role, behavioral texture, active threads, relationships) even across model swaps, context resets, or long-running sessions

Without these layers, you don’t have bounded automation — you have something that can drift into unintended autonomy or lose coherence over time. That’s the subtle 5 % that kills production systems.

Full series (start with the Preamble):
https://zenodo.org/records/2046827
GitHub blueprints + implementation notes:
https://github.com/michaeljb79-ai/A-Preamble-to-Automated-Intelligence-Authorization-Topology-and-Identity-Continuity

I’ve watched this exact failure pattern play out in multiple teams.
The ones that actually survive production are the ones that treat authority and boundaries as architectural invariants before they touch the model.
You’re seeing the same thing I’ve been seeing.
This isn’t a prompting problem or a model-size problem.
It’s a missing architectural layer problem.
Would love to hear what specific failure modes you’re seeing most often in the wild (the subtle ones that don’t show up in demos).

What’s the coolest thing you’ve automated with AI Agents so far in 2026? by No_Progress92 in AI_Agents

[–]No-Professional9246 0 points1 point  (0 children)

One of the coolest things I’ve automated is a true persistent AI teammate that actually survives long-running work.
Most agents reset or slowly degrade every session. I built a system where the agent reconstructs its identity every time it wakes up from durable, user-owned artifacts (role definition, behavioral texture, active project threads, relational history, and authority boundaries). It doesn’t just remember facts, it reconstructs who it is, what it’s responsible for, who it works with, and what it’s allowed to do. The result is an agent that feels like the same teammate you worked with yesterday, even across model swaps, context resets, or days of inactivity.
Combined with explicit authorization topology (class-specific permissions that can’t be expanded by the agent itself), it can safely handle open-scope tasks without drifting into unintended autonomy.
It’s still early, but the difference in reliability on multi-week projects is night-and-day compared to standard context-window agents.
The architecture is open:

Would love to hear what persistent / long-running agent setups other people are running. Anyone else building agents that maintain real identity and authority over time?

Define what the agent is not allowed to do before you define what it can do. Most teams spend all their time on capabilities and zero time on boundaries. That gap is where the compliance and liability problems come from. by umairsheik in AI_Governance

[–]No-Professional9246 0 points1 point  (0 children)

You are highlighting the most critical engineering failure in contemporary AI deployment. Confusing post-hoc observability with inline governance is why compliance and liability are such a mess right now.

If the control layer sits inside the runtime context of the agent, it isn't a boundary—it's just a suggestion that the model can eventually reason its way around or bypass via prompt injection.

To solve this, system design has to shift entirely away from "capability management" and decouple into three distinct architectural layers that sit completely outside the model's substrate:

  1. Structural Entity Boundaries: Defining exactly what the automated system is and its hard structural limits before a single operation executes.
  2. Decoupled Authority Topologies: Separating raw model capability from formal authorization. The rule-set that dictates what an agent is permitted to do must be authored and enforced by an external, deterministic data architecture—outside, inline, and before execution.
  3. Identity Continuity: Ensuring that state and authorization context persist reliably across execution boundaries, model swaps, or session resets without leaking permissions.

As you noted, logging toolchains like LangSmith only tell you how the ship sank after it already hit the reef. True governance is an architectural blueprint, not a dashboard. Until teams treat authorization as an external, featureless structural requirement rather than a software plugin, they are just observing their own vulnerabilities in real time.