You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: MANIFESTO.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ Clawdapus is infrastructure for bots the way Docker is infrastructure for applic
38
38
6.**Compute Is a Privilege** — Every cognitive cycle is an authorized expenditure. The operator assigns models and schedules; the proxy enforces budgets and rate limits. The bot does not choose its own budget.
39
39
7.**Think Twice, Act Once** — A reasoning model cannot be its own judge. Prompt-level guardrails are part of the same cognitive process they are trying to constrain. Governance must be executed by a separate, independent process.
40
40
8.**Drift is an Open Metric** — We do not trust a bot's self-report. However, defining and measuring behavioral drift is complex and organization-specific. By delegating interception to a swappable governance proxy, the infrastructure avoids defining drift itself, leaving it as an open operational metric for the proxy to explore and quantify.
41
-
9.**Memory Survives the Container (and the Runner)** — A bot acting as a persistent presence cannot afford amnesia. Session history is captured at the proxy boundary and stored outside the runtime directory — infrastructure-owned, always present, never dependent on runner cooperation. The runner's own scratch space is separately persisted. Two surfaces, two owners, both durable. Because the architecture is the agent, and the runtime is just the voice, you can swap the `CLAW_TYPE` (the runner) without losing the mind. Knowledge and context seamlessly cross runtime boundaries.
41
+
9.**Memory Survives the Container (and the Runner)** — A bot acting as a persistent presence cannot afford amnesia. Session history is captured at the proxy boundary and stored outside the runtime directory — infrastructure-owned, always present, never dependent on runner cooperation. The runner's own scratch space is separately persisted. Two surfaces, two owners, both durable. Because the architecture is the agent, and the runtime is just the voice, you can swap the `CLAW_TYPE` (the runner) without losing the mind. Knowledge and context seamlessly cross runtime boundaries. But retention alone is not memory. The architecture is moving toward an **ambient memory plane**: pluggable memory services deriving durable state from the retained record, and the governance proxy recalling relevant context back into the inference stream on future turns — automatically, without the agent asking. The agent would not manage its own long-term memory. Infrastructure would.
42
42
43
43
---
44
44
@@ -57,6 +57,8 @@ These layers are independently versioned, independently deployable, and independ
57
57
58
58
Two persistence surfaces support the running bot. **Session history** is infrastructure-owned: the governance proxy captures every successful LLM turn at the network boundary and writes it to a durable directory outside the runtime tree. This happens regardless of runner type, without any runner cooperation. **Portable memory** is runner-owned: the agent's scratch and note-taking space, mounted at `/claw/memory`. Both surfaces survive container restarts and `claw up` re-runs. A bot deployed for months does not lose its conversational past when its container is recreated. See [ADR-018](docs/decisions/018-session-history-and-memory-retention.md).
59
59
60
+
A planned **ambient memory plane** would build on these surfaces. Pluggable memory services would consume the session history ledger, derive durable state — facts, commitments, episodic summaries, project context — and the governance proxy would recall that state into future turns automatically. Memory recall would be query-aware: unlike feeds, which deliver the same cached content regardless of conversation, recall would be shaped by the current inference request. Memory intelligence — embeddings, ranking, summarization, graph extraction — would live in swappable services behind a stable contract, not in the proxy or the runner. See [ADR-021](docs/decisions/021-memory-plane-and-pluggable-recall.md).
61
+
60
62
### V. The Behavioral Contract
61
63
62
64
The behavioral contract is the single most important file in the architecture. It is the bot's purpose, defined by the operator, delivered as a read-only bind mount from the host. Even if the container is fully compromised (root access), the contract remains untouchable.
- **Planned ambient memory:** The architecture is moving toward querying pluggable memory services before each inference turn, injecting relevant derived context — facts, commitments, summaries — into the prompt automatically. Memory intelligence will live in swappable services, not in the proxy.
353
354
- **Operator dashboard:** Real-time web UI at host port 8181 by default (container `:8081`) — agent activity, provider status, cost breakdown.
354
355
355
356
The reference implementation is [`cllama`](https://github.com/mostlydev/cllama) — a zero-dependency Go binary that implements the transport layer (identity, routing, cost tracking). Future proxy types (`cllama-policy`) will add bidirectional interception: evaluating outbound prompts and amending inbound responses against the agent's behavioral contract.
@@ -482,7 +483,7 @@ Bots install things. That's how real work gets done. Tracked mutation is evoluti
482
483
6. **Claws are users** — standard credentials; the proxy governs intent, the service's own auth governs execution
483
484
7. **Compute is a privilege** — operator assigns models and schedules; proxy enforces budgets and rate limits; bot doesn't choose
484
485
8. **Think twice, act once** — a reasoning model cannot be its own judge
485
-
9. **Memory survives the container (and the runner)** — session history is captured at the proxy boundary and persisted outside the runtime directory. Bots don't start amnesia-fresh after every restart. Infrastructure owns the record; the runner owns the scratch space. Two surfaces, two owners, never merged. Because the architecture is the agent, you can swap the runtime (`CLAW_TYPE`) without losing the mind; knowledge seamlessly crosses driver boundaries.
486
+
9. **Memory survives the container (and the runner)** — session history is captured at the proxy boundary and persisted outside the runtime directory. Bots don't start amnesia-fresh after every restart. Infrastructure owns the record; the runner owns the scratch space. Two surfaces, two owners, never merged. Because the architecture is the agent, you can swap the runtime (`CLAW_TYPE`) without losing the mind; knowledge seamlessly crosses driver boundaries. Retention is only half of memory. The architecture is moving toward an **ambient memory plane**: pluggable memory services deriving durable state from the retained record, and the proxy recalling relevant context into future inference turns automatically. The agent would not manage its own long-term memory — infrastructure would.
0 commit comments