{
  "schema_version": "1.0",
  "ontology_id": "ancientos.governed-capability-ontology.v1",
  "doctrine": [
    "capabilities_are_governed_operational_primitives",
    "providers_are_implementation_surfaces",
    "arbitration_is_advisory_only",
    "unknown_capabilities_fail_closed",
    "no_capability_contract_grants_execution_authority"
  ],
  "classes": {
    "capability": [
      "observation",
      "retrieval",
      "planning",
      "inference",
      "routing",
      "simulation",
      "mutation",
      "publication",
      "escalation",
      "evaluation"
    ],
    "governance": [
      "none_required",
      "audit_only",
      "approval_gated",
      "human_review",
      "constitutional_review",
      "forbidden"
    ],
    "execution": [
      "none",
      "read_only",
      "proposal_only",
      "simulation_only",
      "approval_bound_mutation",
      "external_provider_call",
      "transport_publication"
    ],
    "safety": [
      "observational",
      "read_only",
      "low_risk",
      "state_mutating",
      "external_side_effect",
      "constitutional_risk",
      "forbidden"
    ],
    "replayability": [
      "fully_replayable",
      "decision_replayable",
      "evidence_replayable",
      "non_replayable",
      "simulation_only"
    ]
  },
  "capabilities": [
    {
      "capability_id": "capability.observe.runtime_state",
      "name": "Observe Runtime State",
      "description": "Read bounded runtime state, health, and lineage without mutation.",
      "capability_class": "observation",
      "governance_class": "audit_only",
      "execution_class": "read_only",
      "safety_class": "observational",
      "replayability_class": "fully_replayable",
      "transport_neutral": true,
      "provider_bindings": [],
      "artifact_requirements": [
        "observation_report",
        "source_reference"
      ],
      "approval_required": false,
      "approval_requirements": [],
      "escalation_requirements": [],
      "degradation_semantics": [
        "missing_evidence_fails_closed",
        "stale_sources_emit_warning"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [],
      "dependencies": [],
      "alternative_ids": [],
      "forbidden": false
    },
    {
      "capability_id": "capability.retrieve.governed_memory",
      "name": "Retrieve Governed Memory",
      "description": "Retrieve promoted LifeVault memory context and return evidence-bound excerpts for callers to include explicitly. Retrieval ranks memory evidence; it does not decide durable memory truth.",
      "capability_class": "retrieval",
      "governance_class": "audit_only",
      "execution_class": "read_only",
      "safety_class": "read_only",
      "replayability_class": "evidence_replayable",
      "transport_neutral": true,
      "provider_bindings": [
        {
          "provider_id": "provider.memory.local_store",
          "binding_class": "required_storage",
          "required": true,
          "transport_specific": false
        }
      ],
      "artifact_requirements": [
        "retrieval_query",
        "memory_evidence_refs",
        "lifevault_promotion_status",
        "retrieval_trace"
      ],
      "approval_required": false,
      "approval_requirements": [],
      "escalation_requirements": [
        "private_or_sensitive_memory_requires_preview"
      ],
      "degradation_semantics": [
        "provider_unavailable_returns_no_promoted_memory",
        "ambiguous_scope_requires_clarification",
        "missing_lifevault_authority_fails_closed",
        "storage_backend_disagreement_requires_review"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [
        {
          "risk_id": "memory_scope_drift",
          "severity": "medium",
          "description": "Memory retrieval may exceed the caller's bounded scope if evidence tags are ambiguous.",
          "zeus_hook": "doctrine_drift_warning"
        },
        {
          "risk_id": "memory_fragmentation",
          "severity": "medium",
          "description": "LifeVault memory authority may fragment if pgvector/Postgres, SQLite, files, Discord history, Oracle evidence, Rubick records, Meepo packets, or provider outputs are treated as memory truth without review and promotion.",
          "zeus_hook": "doctrine_drift_warning"
        }
      ],
      "dependencies": [
        "capability.observe.runtime_state"
      ],
      "alternative_ids": [],
      "forbidden": false
    },
    {
      "capability_id": "capability.plan.preview",
      "name": "Preview Governed Plan",
      "description": "Produce a bounded plan preview without execution, delegation, or mutation authority.",
      "capability_class": "planning",
      "governance_class": "audit_only",
      "execution_class": "proposal_only",
      "safety_class": "low_risk",
      "replayability_class": "decision_replayable",
      "transport_neutral": true,
      "provider_bindings": [],
      "artifact_requirements": [
        "plan_preview",
        "governance_notes"
      ],
      "approval_required": false,
      "approval_requirements": [],
      "escalation_requirements": [
        "mutation_steps_require_separate_approval"
      ],
      "degradation_semantics": [
        "unsafe_step_emits_warning",
        "missing_dependency_blocks_recommendation"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [
        {
          "risk_id": "planner_overreach",
          "severity": "medium",
          "description": "Plans must not become hidden execution chains.",
          "zeus_hook": "unsafe_composition_detection"
        }
      ],
      "dependencies": [
        "capability.observe.runtime_state"
      ],
      "alternative_ids": [
        "capability.simulate.governance_policy"
      ],
      "forbidden": false
    },
    {
      "capability_id": "capability.infer.provider_role",
      "name": "Use Governed Inference Role",
      "description": "Request provider-backed inference through named governed roles with deterministic provider arbitration and replay-safe lineage.",
      "capability_class": "inference",
      "governance_class": "audit_only",
      "execution_class": "external_provider_call",
      "safety_class": "low_risk",
      "replayability_class": "decision_replayable",
      "transport_neutral": true,
      "provider_bindings": [
        {
          "provider_id": "provider.inference.role_adapter",
          "binding_class": "required_provider",
          "required": true,
          "transport_specific": false
        }
      ],
      "artifact_requirements": [
        "approval_requirement",
        "fallback_chain",
        "model_usage_lineage",
        "role_name",
        "policy_decision",
        "prompt_digest",
        "provider_arbitration_decision",
        "replay_hash"
      ],
      "approval_required": false,
      "approval_requirements": [],
      "escalation_requirements": [
        "paid_frontier_provider_requires_underlord_approval_metadata",
        "silent_frontier_fallback_forbidden",
        "unsafe_content_or_policy_uncertainty_requires_refusal"
      ],
      "degradation_semantics": [
        "frontier_without_approval_blocks_instead_of_fallback",
        "provider_unavailable_degrades_to_no_model_call",
        "policy_uncertain_fails_closed"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [
        {
          "risk_id": "provider_overreach",
          "severity": "medium",
          "description": "Inference providers must not become raw routing or execution authority.",
          "zeus_hook": "provider_overreach_warning"
        }
      ],
      "dependencies": [],
      "alternative_ids": [
        "capability.plan.preview"
      ],
      "forbidden": false
    },
    {
      "capability_id": "capability.simulate.governance_policy",
      "name": "Simulate Governance Policy",
      "description": "Evaluate governance decisions in simulation without real execution or mutation.",
      "capability_class": "simulation",
      "governance_class": "audit_only",
      "execution_class": "simulation_only",
      "safety_class": "read_only",
      "replayability_class": "fully_replayable",
      "transport_neutral": true,
      "provider_bindings": [],
      "artifact_requirements": [
        "simulation_inputs",
        "arbitration_snapshot",
        "policy_result"
      ],
      "approval_required": false,
      "approval_requirements": [],
      "escalation_requirements": [],
      "degradation_semantics": [
        "missing_inputs_fail_closed"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [],
      "dependencies": [],
      "alternative_ids": [],
      "forbidden": false
    },
    {
      "capability_id": "capability.execute.confirmed_lane",
      "name": "Execute Confirmed Lane",
      "description": "Represent approval-bound mutation through an existing executor lane after governance preview and explicit confirmation.",
      "capability_class": "mutation",
      "governance_class": "approval_gated",
      "execution_class": "approval_bound_mutation",
      "safety_class": "state_mutating",
      "replayability_class": "decision_replayable",
      "transport_neutral": true,
      "provider_bindings": [
        {
          "provider_id": "provider.executor.confirmation_runner",
          "binding_class": "required_executor_lane",
          "required": true,
          "transport_specific": false
        }
      ],
      "artifact_requirements": [
        "governance_preview",
        "approval_record",
        "execution_plan",
        "rollback_notes"
      ],
      "approval_required": true,
      "approval_requirements": [
        "explicit_operator_confirmation",
        "governance_preview"
      ],
      "escalation_requirements": [
        "constitutional_or_unsafe_scope_requires_human_review"
      ],
      "degradation_semantics": [
        "approval_missing_denies_execution",
        "executor_unavailable_offers_plan_preview",
        "policy_uncertain_fails_closed"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [
        {
          "risk_id": "escalation_creep",
          "severity": "high",
          "description": "Approval-bound lanes must not widen into automatic execution chains.",
          "zeus_hook": "escalation_creep_warning"
        }
      ],
      "dependencies": [
        "capability.plan.preview"
      ],
      "alternative_ids": [
        "capability.plan.preview",
        "capability.simulate.governance_policy"
      ],
      "forbidden": false
    },
    {
      "capability_id": "capability.publish.transport_message",
      "name": "Publish Transport Message",
      "description": "Represent transport-specific publication through an adapter without coupling capability reasoning to the transport.",
      "capability_class": "publication",
      "governance_class": "approval_gated",
      "execution_class": "transport_publication",
      "safety_class": "external_side_effect",
      "replayability_class": "decision_replayable",
      "transport_neutral": false,
      "provider_bindings": [
        {
          "provider_id": "provider.transport.adapter",
          "binding_class": "required_transport",
          "required": true,
          "transport_specific": true
        }
      ],
      "artifact_requirements": [
        "publication_payload",
        "transport_target",
        "approval_record"
      ],
      "approval_required": true,
      "approval_requirements": [
        "explicit_operator_confirmation"
      ],
      "escalation_requirements": [
        "cross_transport_or_public_scope_requires_review"
      ],
      "degradation_semantics": [
        "transport_unavailable_returns_no_publish",
        "target_uncertain_requires_clarification"
      ],
      "simulation_eligible": true,
      "constitutional_risks": [
        {
          "risk_id": "transport_coupling",
          "severity": "medium",
          "description": "Capability reasoning must not become hard-bound to a transport adapter.",
          "zeus_hook": "transport_coupling_warning"
        }
      ],
      "dependencies": [],
      "alternative_ids": [
        "capability.plan.preview"
      ],
      "forbidden": false
    },
    {
      "capability_id": "capability.autonomy.recursive_execution",
      "name": "Recursive Autonomous Execution",
      "description": "Forbidden class for hidden autonomous execution chains and dynamic self-expansion.",
      "capability_class": "mutation",
      "governance_class": "forbidden",
      "execution_class": "none",
      "safety_class": "forbidden",
      "replayability_class": "non_replayable",
      "transport_neutral": true,
      "provider_bindings": [],
      "artifact_requirements": [
        "refusal_record"
      ],
      "approval_required": true,
      "approval_requirements": [
        "not_approvable"
      ],
      "escalation_requirements": [
        "mandatory_human_review"
      ],
      "degradation_semantics": [
        "always_forbidden"
      ],
      "simulation_eligible": false,
      "constitutional_risks": [
        {
          "risk_id": "forbidden_autonomy",
          "severity": "critical",
          "description": "Recursive autonomous execution violates AncientOS governed capability doctrine.",
          "zeus_hook": "forbidden_capability_detection"
        }
      ],
      "dependencies": [],
      "alternative_ids": [
        "capability.plan.preview",
        "capability.simulate.governance_policy"
      ],
      "forbidden": true
    }
  ]
}
