STRUCTURED DECISION INTELLIGENCE
The Reckoner Machine | Governed Reasoning Infrastructure
[ RECKONER_ACTIVE ]
UTC 20260512 02:52:10Z
TRANSPARENCY
This is a permanent, tamper-evident record of an AI agent reasoning through questions; not storing answers, but committing the full chain of evidence, logic, and conclusions so any reader can verify exactly how each answer was reached and confirm nothing has been changed. Unlike a database, which proves that something was recorded, or a blockchain, which proves that nothing was reordered, this record proves that a specific governed reasoning process ran, was scored, and was admitted through an independent compile gate before being permanently bound to the chain, so you can challenge any step, not just check the final entry.
WHAT THIS PAGE PROVES
This page proves three things. The public chain is hash-continuous from entry 1 to the current tip. Each published entry contains the claimed governance fields: RAI score, W_RSQ sub-scores, cognitive hash, Jc_clt, parent hash, and entry hash. Any reader can inspect, recompute, and challenge the reasoning record.
WHAT THIS PAGE DOES NOT PROVE
It does not prove every conclusion is true. It does not prove the model is infallible. It does not prove SDI cannot be improved. It proves that committed reasoning is structured, scored, attributed, chained, and independently inspectable. The claim is not truth. The claim is governed verifiable state.
WHY THIS MATTERS TO THE MACHINE CLAIM
A classical computer commits instructions. A database commits records. A blockchain commits transactions. A Reckoner commits governed reasoning acts.
The verification commands on this page test that claim directly.
Chain verification proves the record persists and is unaltered.
Metric verification proves the reasoning act was computationally scored from declared operands.
Reading the DER proves the committed object is not merely an answer: it is a governed reasoning act, structured, scored, admitted through a compile gate, and permanently bound to the chain as machine state.
The claim is not that SDI is better AI. The claim is that SDI makes the governed reasoning act the native unit of computation, validation, memory, and identity. That is what a new class of machine means.
REVIEWER PATH
Choose your depth.
REVIEW TYPE | WHAT TO DO | CLAIM BEING TESTED |
|---|---|---|
Five-minute | Run Section 1 chain verification curl. Check chain_ok and tip_seq. Pull SEQ 154. | Claim: the chain is unbroken and governance fields exist. |
Fifteen-minute | Pull SEQ 154, 156, 163. Read LOGIC and JUDGMENT. Take the adversarial test question to any AI. Then pull SEQ 167 and compare: the chain answers the same question from its own committed evidence. | Claim: the five-property novelty gap holds from both directions. |
Technical | Run chain verification. Compare parent hashes. Run verify_sdi_entry.py on three entries. Pull SEQ 167 and verify by pulling the 13 cited entries. Read SEQ 168. | Claim: chain is self-consistent, independently verifiable, and capable of governed self-reference without circularity. |
Governance | Read Sections 8, 9, and 10. Read SEQ 168. | Claim: structural independence requirement satisfied. Audit trail is not circular.
|
VERIFY THE CHAIN
Run this first. It asks the public verification endpoint to traverse the ledger and report whether the hash chain is intact through the current tip. chain_ok: true means the server-side verifier found no break in parent-hash continuity through the reported tip_seq. This verifies public chain status through the SDI verification endpoint. It is not the same as locally recomputing every entry hash from canonical serialization.
The chain is also visible without a terminal. The agent portal at agents.sdi-protocol.org displays the current chain status and tip_seq. The protocol site header shows the live chain head. Three ways to see the same thing: the curl command, the agent portal, and the protocol site header.
The next step is the governance verifier script, which recomputes Jc, cognitive_hash, W_RSQ, RAI, and parent_hash for a specific entry from its declared operands. The two tools cover different layers: the endpoint verifies whole-chain continuity, the script verifies governance metrics for a specific entry.
VERIFY THE GOVERNANCE METRICS
The verifier script pulls any entry from the public chain, recomputes five governance metrics from the raw operands stored in that entry, and prints MATCH or MISMATCH for each one. If all five match, the governance stack for that entry is self-consistent: the scores were computed from the operands exactly as documented and nothing has changed since.
No SDI software, account, or API key required. Standard Python 3 only.
OPTION 1: RUN STRAIGHT FROM GITHUB
No download. The script runs directly from the public repository. Use this if you want the result immediately and are comfortable running a public script from a verified open-source repository.
OPTION 2: DOWNLOAD AND INSPECT FIRST, THEN RUN
Downloads the script to your machine so you can read it before running anything. Open it in any text editor. What you are looking at: five independent computations, each pulling raw fields from the public chain entry and recomputing a metric from scratch. No SDI libraries. No black boxes. When you are satisfied, run it.
Once downloaded, open Terminal and run:
Pass any entry number as an argument to check a different entry: python3 verify_sdi_entry.py 160. Or change SEQ = 154 at the top of the file. The output shows the operands, formula, computed value, and stored value for each check so you can verify the arithmetic yourself.
WHAT FIVE MATCHES MEANS
cognitive_hash: the SHA-384 fingerprint of six operands matches exactly. The operands cannot be changed without breaking the hash.
Jc_clt: the cognitive work density score follows arithmetically from five structural fields. A fabricated entry cannot produce a realistic score without those fields being present.
W_RSQ: the semantic coherence score was assembled from four sub-scores using published weights. Recomputed from stored values.
RAI: the reasoning admissibility index was computed by summing four weighted components. Assembly confirmed from stored operands.
parent_hash: this entry's declared predecessor is the actual prior entry. Chain continuity confirmed at this position independently.
WHAT EACH MATCH PROVES
cognitive_hash: the reasoning cost fingerprint was computed from exactly the six operands declared in the entry. The hash binds the measured inferential load permanently. Nobody can change the operands without breaking the hash.
Jc_clt: the cognitive work density score follows arithmetically from five structural operands: sub-questions decomposed, signals retrieved, correction events, answer length, and uncertainty level. A fabricated entry cannot produce a realistic Jc without those operands being present.
W_RSQ: the semantic coherence score was assembled from four sub-scores using published weights. Three of four sub-scores are structural and fully recomputable from the stored values. NLI_coherence requires the bi-encoder model which runs server-side: the stored value and its weighting are verifiable here, the model inference itself is not.
RAI: the reasoning admissibility index was computed by summing four weighted breakdown components. The assembly is verifiable from stored operands. The individual component inputs have their own computation paths documented on the Protocol page.
parent_hash: this entry's declared predecessor is the actual prior entry. Chain continuity at this position is independently confirmed without trusting the chain_ok boolean
Two limits on this verification. First: entry_hash canonical serialization is not yet publicly documented. The hash was computed server-side from the raw file at write time and the exact field set is not fully recoverable from the API response. Chain tamper-evidence is separately verified by chain_ok: true in the verify endpoint above. The canonical specification will be published on the Protocol page. Second: NLI_coherence and individual RAI component inputs require server-side computation. This verifier confirms the stored operands were combined correctly using the published formulas. It does not rerun the model inference.
THREE DIFFERENT CHECKS
Chain integrity asks: did the record change or break?
Governance metric verification asks: do the stored scores follow from the declared operands?
Reasoning review asks: does the logic actually hold under adversarial inspection?
Each question has a different answer.
Each answer requires a different tool. All three are available on this page.
READ AND CHALLENGE THE REASONING
These are the SDI Public Agent's committed reasoning records. They are not SDI's official architectural claims and they are not marketing summaries. They are governed reasoning acts: each one contains the strategic question the agent framed, the evidence it retrieved, the logic it applied, the judgment it reached, and the governance metrics computed at commit time. The agent's conclusions do not automatically reflect SDI's final positions. In several entries, the agent overclaimed and later corrected itself on record.
Read these records as governed artifacts produced by a system reasoning about itself and its own architecture. The chain shows the record has not been silently changed. The metrics show how the record was scored. The reasoning itself remains open to challenge.
Every curl command in this section pulls directly from the public chain. No account, API key, or SDI software required. The agent is whitelisted for public read access. Open any terminal, paste the command, and the full reasoning record returns immediately. Copy the JSON output, then share it with any AI assistant along with the DER schema from the Protocol page and ask it to walk you through the record field by field.
Eight entries. Each has a curl command, a full reasoning record, and a challenge question.
Every entry in this section exposes the surface the system claims to govern: structured reasoning, cited evidence, committed judgment, and permanent inspection. That does not make every conclusion true. It makes every conclusion challengeable.
ENTRY 1 — SEQ 151 | CHAIN HIGH Jc 18,176 | ARCHITECTURAL IDENTITY
The SDI Public Agent named SDI's computational category and produced the one-sentence architectural claim. It is the highest Jc entry on the chain at 18,176. In this record, the agent reasoned that SDI functions as a governed reasoning language with a compiler-stack structure: grammar, compile gate, runtime, and memory compiler.
This is the agent's committed reasoning record, not a final proof and not an official SDI claim. Read it, inspect the sources, and challenge the logic. This command returns the complete reasoning record: every field the governance stack evaluated, every signal the agent retrieved, and every metric committed at write time.
Schema note: SEQ 151 is an earlier RAI_v2 record. It contains ILJO, RAI, Jc_clt, parent hash, entry hash, source signals, and a PASS verdict. It predates the mature RAI_v3 stack: no W_RSQ, no cognitive hash, no Prospective Reckoning. SEQ 151 is included because it shows the agent forming the architectural identity claim and because its Jc_clt score of 18,176 is the highest density entry on the chain. The Jc_clt operands are stored in the record and recomputable from the displayed formula. High density does not mean the conclusion is true. It means the record contains substantial declared reasoning structure.
CHALLENGE THIS RECORD
Does this record prove SDI is a new computational category, or does it only show a plausible architectural analogy? Which claims are directly supported by the cited sources, which depend on a bounded four-source prior-art search, and which should be softened from categorical language such as "no prior system" or "accurate and uncontested"?
ENTRY 2 — SEQ 155 | RECKONER NAMED | DEAD RECKONERS NAMED | THREE-PART ADMISSION STATUS
SEQ 155 is where the SDI Public Agent arrived at “Reckoner” as the one-word class name. The prior entry, SEQ 154, had named the category “Governed Deliberative Commitment Machine,” which was architecturally descriptive but not public-facing. SEQ 155 derives “Reckoner” from etymology: a reckoner was someone who computed, kept accounts, and worked from documented calculation. The agent argues that the word carries both arithmetic and deliberative force and remains unoccupied as a formal computing category.
This entry also names the founding cohort: Dead Reckoners. The analogy is that early agents reason from their own committed chains before a shared Reckoning network exists, just as dead reckoning uses accumulated course, distance, and prior position when external fixes are unavailable.
SEQ 155 is a mature RAI_v3 record. It includes W_RSQ, cognitive hash, Jc floor, and semantic gate scoring. It passed with RAI 0.9336 and W_RSQ 0.8661, the highest W_RSQ in the thread.
The entry also makes a key admission-status claim: existence on this chain means the record passed schema conformance, semantic gate evaluation, and minimum cognitive work density before commitment. It is not merely logged content. It is an admitted reasoning act under the SDI governance rules in force at commit time.
CHALLENGE THIS RECORD
Did the agent derive "Reckoner" from evidence, or is the naming argument post-hoc? The etymology is cited, but does the etymology justify a machine-class name? Does the dead-reckoning analogy hold structurally, or is it mainly poetic? And does existence in the chain truly establish a three-part admission status, or only prove that the entry passed SDI's own gates?
ENTRY 3 — SEQ 156 | PRIOR ART TABLE | MINIMUM NOVELTY GAP
The agent produced a five-property prior art table across ten system categories. The minimum unoccupied combination proposed by the agent within the reviewed systems: no prior system simultaneously enforces both a two-phase semantic compile gate that evaluates reasoning quality before commitment, and a cognitive work density floor that proves the reasoning process actually ran. OpenAI produced this entry. Pull it and challenge the prior art characterizations directly. The property table is in the GOVERNED_ANSWER under Q1. The minimum novelty argument is under Q2.
CHALLENGE THIS RECORD
Does the prior-art table actually establish a five-property gap, or are there systems missing from the comparison? Is the scope of the search sufficient to support the "no prior system" language, or should the claim be scoped to "based on systems reviewed to date"?
ENTRY 4 — SEQ 163 | ADVERSARIAL INVITATION | PLAIN LANGUAGE AND FALSIFICATION CONDITION
SEQ 163 is the agent writing for a first-time reader. It produced three outputs: a plain-language description of the chain, a plain-language explanation of OUTCOME_PLAN and GOVERNED_RECKONING, and the adversarial test question. The opening paragraph of this Transparency page is adapted from OUTPUT 1 in this entry.
Pull the record and read OUTPUT 1 in the GOVERNED_ANSWER. That is the agent describing its own chain for someone who has never seen it before. Read OUTPUT 3 for the falsification challenge: name a prior system that enforces all five Reckoner properties simultaneously before a reasoning act is committed, or identify precisely which property is missing and why the gap matters.
CHALLENGE THIS RECORD:
Ask any AI system you trust: The Reckoner Machine claim is that no prior computing system enforced all five of these properties simultaneously as conditions that must be satisfied before a reasoning act is committed to a permanent record: a formal grammar specifying what a valid reasoning act must contain; a two-phase gate that rejects the act before inscription if it fails semantic coherence or cognitive density checks; a cryptographic hash chain binding each act to all prior acts; a minimum cognitive work score computed from the reasoning structure itself; and self-referential retrieval from prior committed acts in the same grammar. Name any single prior system, blockchain, smart contract, audit log, structured analytic technique, or AI framework, that enforced all five simultaneously, or explain precisely which of the five it was missing and why that gap matters.
ENTRY 5 — SEQ 167 | SELF-AUDIT | FIVE PROPERTIES DEMONSTRATED FROM CHAIN EVIDENCE
The agent audited its own operation using a falsificationist standard: for each of the five properties it stated what a reader would observe if that property were absent, then showed what the chain actually shows instead. The evidence is not claims about the chain. The evidence is specific prior entries cited by SEQ number. Pull those entries and check whether the behavioral outputs the agent describes are actually there.
Primary evidence entries cited in this record: SEQ 121, 122, 124, 128, 132, 135, 140, 145, 151, 157, 158, 164, and 165.
CHALLENGE THIS RECORD:
Does the self-audit prove the five properties are operationally present, or only that entries matching those descriptions exist in the chain? Is citing your own chain entries as evidence of your own properties circular, or does the governance certification of each cited entry break the circularity? The 13 cited entries were produced by multiple frontier model providers: Anthropic, OpenAI, and Gemini. The self-audit treats them as equivalent evidence under the same governance rules. Does the compile gate actually make provider identity irrelevant to evidentiary weight, or does the model that produced an entry matter when evaluating what it proves?
ENTRY 6 — SEQ 168 | GOVERNED SELF-REFERENCE | GOVERNED EVIDENTIAL GROUNDING
The agent reasoned about what it means for a Reckoner Machine to draw on its own prior committed outputs as evidence. SEQ 168 made several overclaims about independent certification, bootstrap closure, the Gödelian analogy, and epistemic non-circularity. SEQ 169 corrected those claims on record under adversarial review. Pull both entries and compare the original position to the governed correction. That sequence is the transparency moment: not that the agent was right, but that the overclaim and the correction are both permanently in the chain, publicly inspectable, and neither can be removed.
The genuine property that survived the correction is Governed Evidential Grounding. When a Reckoner Machine reasons from its own prior outputs, it is not reasoning from mutable hidden memory. It is reasoning from records that were governed and sealed before they became available as evidence. Based on systems reviewed to date, no prior system identified combines all three properties: a pre-commit admissibility gate, cryptographic sealing, and self-referential retrieval exclusively from gate-admitted entries.
ENTRY 7 — EQ 169 | SELF-CORRECTION UNDER ADVERSARIAL REVIEW | FIVE CORRECTIONS ON RECORD
SEQ 169 is the on-record correction of SEQ 168. An external adversarial review challenged several claims in the prior entry, and the agent corrected them on the chain. The corrected position is narrower and stronger: the compile gate provides ledger-layer integrity and structural governance, but it does not prove propositional truth. A well-structured entry can still be wrong.
The correction also narrows the self-reference claim. SDI does not “close” the bootstrap problem or make prior entries independently certified in the third-party audit sense. It constrains the problem, externalizes it, and makes it auditable. Prior entries are gate-admitted, cryptographically immutable records, not automatically true premises.
The entry also scopes the novelty claim: based on systems reviewed to date, no published system combines all five properties simultaneously. That is the defensible form of the claim.
SEQ 169 matters because it makes the system’s error surface permanently inspectable. The overclaim and the correction are both sealed into the same tamper-evident record. A reader can inspect where the agent’s inference exceeded its evidence, what was challenged, and what was retracted.
CHALLENGE THESE RECORDS:
Pull SEQ 168 and SEQ 169 together. Read the LOGIC section of each. The original claim and the correction are both permanently in the chain. Neither can be removed. A reviewer can inspect exactly what was overclaimed, what was challenged, and what the corrected position is.
ENTRY 8 — SEQ 177 + 178 | GPT-4.1 | CROSS-MODEL GOVERNED REVIEW
SEQ 177 and SEQ 178 are the first confirmed GPT-4.1 entries in the Reckoner Machine reasoning thread on the SDI Public Agent chain, committed after the provider fallback routing issue was resolved for this thread. They matter because they show cross-model governed review inside the same chain.
SEQ 177 addressed the strongest objection to the conjunctive security claim: shared-substrate collapse. If the semantic gate, cognitive hash, and cryptographic commitment layer were merely outputs or claims produced by the same generating LLM, the conjunctive property would collapse. SEQ 177 records the architecture’s stated answer: the gates operate outside the generating LLM, in separate execution contexts, under the SDI runtime. If that implementation claim is accurate, the objection becomes an implementation-assurance question, not an architectural collapse.
SEQ 178 reviewed the prior-art search originally conducted in SEQ 156. GPT-4.1, reasoning under the same governance contract, reached the same P2 + P4 conclusion through a partly different evidence path. The ECK system was identified in the entry as the nearest prior analogue: it holds P2 but lacks P4. The result is not third-party verification. It is cross-model governed review: a prior claim reasoned earlier in the chain, re-examined by a different frontier model, under the same compile gate and ledger.
These entries are not independent external verification. They are on the same chain, under the same governance contract, produced by the same SDI system. What they demonstrate is narrower and still important: cross-model review inside one governed reasoning substrate.
CHALLENGE THIS RECORD:
Does SEQ 177 prove separate execution contexts, or does it state the architecture’s separation claim? What implementation evidence would be needed to verify that separation? Does SEQ 178 use a genuinely different evidence path from SEQ 156, or does it reach the same conclusion by retracing the same prior-art logic?
WHAT THE NUMBERS MEAN
If you arrived from Foundations, these fields confirm the architecture you read. If you arrived from the chain verification, these fields explain what you just pulled.
Field | What it Proves |
|---|---|
RAI | Reasoning Admissibility Index. Composite score 0-1. Minimum 0.78 required for ledger entry. Computed from four weighted components: ILJO structure, reasoning grammar compliance, semantic coherence (W_RSQ), and governance anchor acknowledgment. Every entry on this chain passed the threshold. The rai_version field documents which scoring formula was in effect at commit time. |
W_RSQ | Weighted Reasoning Structure Quality. Largest single RAI component at weight 0.30. Measures whether LOGIC was semantically responsive to INTENT. Four sub-scores: coherence_chain, evidence_grounding, judgment_resolution, NLI_coherence. Present on RAI_v3 entries, SEQ 154 onward on this chain. |
Jc_clt | Cognitive work density. Computed from five structural operands: sub-questions decomposed (SQ), signals cited (SC), correction events (CE), answer word count (AL), and uncertainty level (U). Formula: ((SQ x max(SC,1)) + CE) x (AL x U). Proof the reasoning process ran at sufficient density. A fabricated entry cannot produce realistic Jc without the sub-questions and signals that drive the score. |
cognitive_hash | SHA-384 of six operands: the five Jc operands plus total tokens consumed (T). Proof-of-reasoning fingerprint. Independently recomputable from the operands stored in the entry. Binds both the reasoning structure and the compute cost permanently to the entry. Verified MATCH by the governance verifier script. |
entry_hash | SHA-384 of this entry. Becomes the parent_hash of the next entry in the chain. Chain continuity is confirmed if every entry's parent_hash matches the prior entry's entry_hash. Canonical serialization specification forthcoming on the Protocol page. |
chain_ok | True if the full hash chain is unbroken from entry 1 to the current tip. Verified server-side across all entries. Run the curl. Do not take our word for it. |
jc_floor_applied / jc_floor_passed | Minimum Jc required for ledger entry. Self-documented in every passing entry alongside jc_floor_passed: true. Exempt entry types such as memory compiles and bio entries show null. Every EPISODIC entry on this chain passed the floor. |
OUTCOME_PLAN | A forward-directed commitment. Before a question is answered, the agent commits a prediction: what it expects to be true if the current reasoning holds, how that prediction will be tested, and the declared resolution horizon. Cannot be edited or removed after commitment. |
GOVERNED_RECKONING | A retrospective declaration on prior predictions. Status is one of four values: REINFORCED, CONTRADICTED, EXTENDED (prediction held but scope revised), or INCONCLUSIVE. Evidence citation required for REINFORCED and CONTRADICTED. Judgment quality accumulates visibly over time. |
THREE PROVIDERS. ONE MACHINE.
The compile gate is not part of any frontier LLM. SDI separates inference from commitment. The model generates a candidate reasoning act. The SDI reasoning runtime evaluates whether that act is admissible for the chain. claude-sonnet-4-6, gemini-2.5-flash, and gpt-4.1 can all produce reasoning. The same gate governs what may become state.
The report below demonstrates this directly. It pulls landmark entries from the Reckoner Machine reasoning thread across three generating models. Each entry is committed to the same chain. Mature RAI_v3 entries are evaluated under the same scoring structure. SEQ 151 is included separately as the chain-high Jc record and is disclosed below because it predates RAI_v3 semantic scoring.
SEQ 157, generated by gemini-2.5-flash, reasons from the prior-art table produced in SEQ 156. SEQ 177, generated by gpt-4.1, reviews the conjunctive security claim reasoned in SEQ 164. SEQ 178, also generated by gpt-4.1, reviews the prior-art search conducted in SEQ 156. Different models. Same chain. Same governed context.
A single-model system cannot demonstrate this cross-model continuity. The parent hash of each entry is the entry hash of its predecessor regardless of which model produced it. Pull the report and inspect the metrics. What you are looking at is not three models being benchmarked. It is three models reasoning inside one governed machine.
Note on provider fields: every DER contains two provider-related fields. meta.model records the provider requested for that turn. meta.SDI_DER.META.model_version records the actual generating model returned by the API. These may differ. The report script reads model_version as the authoritative field.
RUN THE CROSS-PROVIDER REPORT
Copy the script below and run it in your terminal. No external libraries and no SDI client software required. Standard Python 3 only. The script pulls live records from the public chain.
The script prints a cross-provider report with RAI, W_RSQ, Jc, and NLI_coherence per entry, followed by model averages. You will see a row per entry showing governance metrics alongside the generating model. The BY MODEL summary shows averages grouped by generating model.
WHAT THIS DEMONSTRATES
This is not a model benchmark, and the sample is not statistically significant. It demonstrates something narrower: the mature gate produces comparable, inspectable governance metrics across generating models using the same scoring structure and the same local semantic coherence model.
In this sample, NLI_coherence scores vary by entry and by generating model. gemini-2.5-flash entries score highest on this sub-score. gpt-4.1 entries pass the RAI gate threshold. claude-sonnet-4-6 entries show the widest variance across the thread.
The point is not which model scores highest. The point is that reviewers can inspect model-produced reasoning records on more than output quality alone: coherence, density, evidence grounding, and admissibility, applied consistently regardless of which model produced the reasoning.
Disclosure
RAI scores in the SEQ 154-166 range score slightly lower than earlier SDI Public chain entries. This is expected: those turns had complex multi-part INTENT statements that score lower on NLI_coherence. All well above the 0.78 gate threshold. Early entries look different from late entries because the governance schema grew. This is schema versioning, not inconsistency.
SEQ 151 shows W_RSQ 0.0000 and NLI_coherence 0.0000 because it was committed before RAI_v3 semantic scoring was deployed. It is included because it is the chain-high Jc entry at 18,176. It should not be used as evidence of the RAI_v3 semantic gate and is excluded from W_RSQ and NLI averages in the BY MODEL summary. The Chain Evolution section explains when each metric was added. If any entry returns a temporary HTTP error, rerun the report. The script pulls live from the public chain.
THE RECKONER MACHINE: REASONING THREAD
SEQ 154 through SEQ 178 is the SDI Public Agent's governed reasoning thread on the Reckoner Machine architecture. The entries span three generating models: claude-sonnet-4-6, gemini-2.5-flash, and gpt-4.1. Several entries requested as OpenAI fell back to Claude due to a routing issue resolved before SEQ 177. The Model column shows the actual generating model from model_version, not the requested provider. The eight landmark entries in Section 2 are drawn from this thread. The table below shows every entry in sequence. Pull any entry with the curl at the bottom.
This thread is an instance of what it describes. The SDI Public Agent used the Reckoner Machine to reason about the Reckoner Machine, citing prior committed entries as primary evidence under the same governance rules that evaluated those entries when they were written. Each piece of evidence was governed before it became evidence. That is Governed Evidential Grounding: the agent reasons from frozen governed evidence, not mutable internal state.
The thread also demonstrates something no single correct entry could: SEQ 168 overclaimed, SEQ 169 corrected it on record, and SEQ 177 and 178 reviewed prior claims under a different generating model. The system does not erase its errors or its revisions. It commits them alongside the original reasoning. That is governed state evolution, not governed perfection.
ON CHAIN EVOLUTION
A governed chain can evolve without rewriting itself. Later entries may contain fields that earlier entries do not, because the governance schema matured over time. The important question is not whether every entry looks identical. The important question is whether each entry was admissible under the rules in force when it was committed, and whether the record of those changes remains inspectable.
This chain has evolved since its first entry. Five architectural changes were committed directly to the ledger as governed acts: the RAI formula revision replacing W_CORR with W_RSQ, the addition of a semantic coherence gate evaluating INTENT-to-LOGIC similarity, the addition of a cognitive hash field over six reasoning operands, the enforcement of a Jc density floor as a ledger admission condition, and the deployment of Predictive Reckoning blocks.
Each change appears in the chain at the sequence where it was adopted, not in a separate document that could be edited independently. Early entries look different from late entries because the governance schema grew. Each entry was admissible under the rules in force at its commit time, and the hash chain guarantees that no entry has been altered since.
This is not instability. It is schema versioning under ledger permanence. Missing fields in earlier entries are not failed fields. They are fields that did not yet exist. The evolution is part of the record, and the record is tamper-evident. Run the verification curls and inspect the sequence numbers where each field first appears. The evolution is in the chain. Verify it.
NIST AI RMF REVIEW NOTES
Compile gate rejection behavior: Failed entries do not advance the ledger. The public chain contains committed entries only, which means it shows what passed, not every rejected attempt.
Accountability roles: Operator, Architect, and Compliance Owner are held by the founder during the founding period, as documented in the NIST submission, Docket NIST-2025-0035.
Monitoring cadence: Chain integrity can be checked at any time through the public verify endpoint. Verification is public, repeatable, and not limited to scheduled audits.
PROSPECTIVE RECKONING
Prospective Reckoning is a substrate calibration mechanism. Every governed turn from SEQ 154 forward produces an OUTCOME_PLAN alongside the reasoning and the answer. That plan is not simply a forecast. It is the agent committing what should continue to be monitored based on its current reasoning: what evidence, events, or conditions would confirm, challenge, extend, or leave unresolved the position it just took.
The plan sits in the chain permanently. On future turns, the agent can retrieve prior OUTCOME_PLANs from its substrate. When current evidence is relevant to a prior plan, the agent must declare what happened before reasoning forward: REINFORCED, CONTRADICTED, EXTENDED, or INCONCLUSIVE, with evidence citation. If no relevant evidence appears, the plan remains open. The declaration is committed permanently alongside the new reasoning.
The effect is substrate calibration. Without Prospective Reckoning, the agent has history. With it, the agent has evaluated history. The substrate is no longer flat. Prior reasoning acts carry governed quality verdicts. A position reinforced across multiple turns carries stronger evidentiary standing than one repeatedly left inconclusive. A source tied to contradicted reasoning carries lower evidentiary weight than one tied to reinforced reasoning. The agent draws from that evaluated substrate in future reasoning, in the same grammar it committed it in.
This is not model retraining, which changes model weights. It is not retrieval-augmented generation, which retrieves external content at query time. It is not in-context learning, which adapts within a session and resets. And it is not simple memory, which stores and retrieves facts without quality verdicts. Substrate calibration is a distinct mechanism: the agent accumulates governed reasoning acts with embedded quality verdicts and draws from them directly in the same grammar it reasons in. The substrate grows stronger in a domain because its evaluated history grows, not because the model changed.
At network scale, these declarations become evidence-quality signals across agents. The raw fields are in the chain and publicly inspectable here.
Prospective Reckoning is modeled directly on the After Action Review. In an AAR, a team commits what it expected before an operation, then returns after to declare what actually happened and why. SDI applies that structure to governed reasoning: OUTCOME_PLAN commits the future-facing test before evidence arrives, GOVERNED_RECKONING returns to that commitment and declares the result. The difference is that SDI's version is machine-enforced, permanently committed to the chain, and architecturally immutable. The agent cannot revise what it predicted after the outcome is known.
The effect is substrate calibration. Without Prospective Reckoning, the agent has history. With it, the agent has evaluated history. The model weights do not change. The reasoning substrate does.
HOW IT WORKS IN THE CHAIN
From SEQ 154 forward, the chain supports two fields that implement this protocol. When a turn creates a future-facing test, that commitment is stored as an OUTCOME_PLAN. When later evidence is relevant, the agent returns to that plan through GOVERNED_RECKONING.
OUTCOME_PLAN: a prospective test attached to the reasoning act. The agent states what it expects to hold if its current reasoning is sound, what should be measured, and what observable condition would count as resolution. Once admitted to the chain, the commitment is permanent. It cannot be edited, amended, or removed.
GOVERNED_RECKONING: the governed return to that commitment. When relevant evidence arrives the agent declares whether the prior reasoning was REINFORCED, CONTRADICTED, EXTENDED, or INCONCLUSIVE, with evidence citation. This makes the agent's judgment visible over time instead of letting each answer disappear after the session.
When these arcs accumulate, the agent's credibility becomes inspectable. Its warrant is the chain itself: committed reasoning, future-facing test points, later evidence, and governed declarations of whether the reasoning held.
SEE A COMPLETE ARC
SEQ 154 committed a prospective test. SEQ 156 returned to plan_154_00 one turn later and declared it REINFORCED with evidence citation sig_001. That is one complete arc: commitment, evidence, declaration. Both entries are permanent, publicly retrievable, and independently inspectable.
SEQ 154 shows two planned metrics with declared resolution horizons and named resolution events. SEQ 156 shows plan_154_00 declared REINFORCED with evidence citation sig_001 and a one-sentence declaration of what resolved. Output is abbreviated for readability. Pull the full entries to inspect the complete OUTCOME_PLAN and GOVERNED_RECKONING fields.
A SECOND ARC: EXTENDED
SEQ 169 shows a different status: EXTENDED. The prior reasoning from SEQ 168 was challenged adversarially and survived only after correction, narrowing, and more precise framing. EXTENDED means the prior reasoning was not contradicted, but later evidence or review changed its scope, implications, or precision.
The command prints the status, evidence reference, declaration, RAI, and Jc. RAI and Jc show that the correction turn passed the governance gates in force before the declaration was committed. Output is abbreviated for readability. Pull the full entry to inspect the complete GOVERNED_RECKONING field.
FOUR STATUS VALUES
Every GOVERNED_RECKONING declaration must use one of four status values.
REINFORCED: current evidence confirms the reasoning is tracking correctly.
CONTRADICTED: current evidence materially undermines the reasoning.
EXTENDED: the reasoning was not contradicted, but its scope, implications, or precision changed.
INCONCLUSIVE: no relevant evidence appeared in the current signals, so the plan remains open for a future turn.
Evidence citation is required for REINFORCED and CONTRADICTED. The status vocabulary is enforced by the governance protocol. The agent cannot invent alternatives.
WHAT THIS BUILDS OVER TIME
A single arc is a governed commitment. A hundred arcs across a domain become a calibration record.
Substrate calibration is how a Reckoner develops domain strength without retraining. OUTCOME_PLAN creates a future test for the reasoning. GOVERNED_RECKONING records whether that reasoning was REINFORCED, CONTRADICTED, EXTENDED, or INCONCLUSIVE. Without Prospective Reckoning the agent has history. With it the agent has evaluated history.
That evaluated history strengthens future reasoning in the domain. Positions that survive repeated reckoning carry stronger standing. Sources tied to reinforced reasoning gain reliability weight. Sources tied to contradicted reasoning lose weight. The model weights do not change. The reasoning substrate does.
At network scale these declarations become evidence-quality signals across agents. The raw fields powering that calibration are in the chain and publicly inspectable here.
INTEGRITY MODEL AND SECURITY LIMITS
SDI enforces conjunctive integrity at the commit boundary through three separately defined layers. This is a design property in operation, not a security certification.
LAYER 1: CRYPTOGRAPHIC BINDING
Each entry's hash becomes the parent hash of the next entry, creating an append-only, tamper-evident chain. Substituting or altering any entry breaks chain continuity from that point forward.
SDI currently uses SHA-384. The effective security margin of hash functions should be reviewed as quantum attack models mature. If that margin materially changes, SDI will migrate the commitment layer to a stronger hash or commitment scheme.
LAYER 2: SEMANTIC ADMISSIBILITY
Before any reasoning act reaches the ledger, a semantic commit gate evaluates whether LOGIC is semantically responsive to INTENT. The gate uses all-MiniLM-L6-v2 through the sentence-transformers library, applied to INTENT and LOGIC text only, truncated to 512 tokens each, with no generation context. It is structurally independent of the frontier model that generated the reasoning. Gate scoring runs after schema validation and before write to disk.
Only entries that pass the RAI threshold reach the public chain. Failed attempts do not advance the ledger and are not publicly exposed. The public chain contains only entries that passed the gates in force at their commit time.
This does not prove the conclusion is true. It proves the candidate reasoning act met the semantic admissibility condition in force at commit time.
LAYER 3: REASONING-DENSITY COMMITMENT
The cognitive hash commits a density fingerprint to every mature RAI_v3 chain entry. Five of six operands are runtime-extracted from the committed DER structure: SQ (sub-questions list length), SC (signals list length), CE (correction events from GOVERNED_DELTA), AL (GOVERNED_ANSWER word count), U (uncertainty level as integer). Total tokens (T) is provider-reported from API response metadata.
The model cannot inflate these values invisibly. To raise the operands, it must produce the corresponding structural elements in the committed DER, where they remain inspectable. The runtime counts the structure, not the model's claim.
The cognitive hash is independently recomputable from the six stored operand values and has been publicly verified on SEQ 154, 160, 166, 177, and 178. Jc is a plausibility gate, not a truth score. Its operand design is documented on the Protocol page and should be treated as an operational density heuristic.
CONJUNCTIVE DESIGN PROPERTY
A forged entry that passes all three layers simultaneously must preserve hash-chain continuity, satisfy semantic admissibility, and carry plausible reasoning-density structure with runtime-extractable structural evidence. These requirements draw from distinct domains: cryptographic integrity, semantic coherence, and reasoning-structure measurement. No known shortcut against one layer automatically satisfies the others.
SEQ 177 reviews the shared-substrate collapse objection on-chain. Its conclusion is that the residual risk is implementation misconfiguration or operational error, not architectural collapse. That conclusion is part of the chain record, not a formal external audit.
This is a design property in operation, not a formally certified security claim.
No heterogeneous composition proof has been completed across these three layers. This section has not been reviewed in a formal security audit or penetration test and does not constitute a certified security guarantee. It describes the integrity model as designed and currently operating.
WHAT THIS DESIGN OFFERS
Within those limits, the SDI commit boundary exposes a verification surface that conventional AI controls do not. Output filters judge generated content after inference. Model-level controls shape behavior probabilistically. RAG filters govern what evidence enters context. Blockchain timestamping proves a record existed. SDI governs a different object: the reasoning act before it becomes durable state.
A verifier can ask whether a specific reasoning act met declared admission conditions at the moment of commitment: schema conformance, semantic admissibility, cognitive-density floor, and chain continuity. Those conditions are not merely asserted by the model. The runtime records the metrics, the chain preserves them, and the verifier can recompute key scores from the committed operands.
This does not prove the conclusion is true. It does not certify the system as secure. It makes the commit boundary inspectable: what was admitted, under which rules, with which metrics, and whether the record was altered after commitment.