Unified Architecture
A formally verified, economically grounded, legally reasoned system for AI agent orchestration, compliance, and governance.
This document maps ten systems into a single coherent architecture. Each system occupies a distinct layer but shares formal vocabulary, type structures, and proof infrastructure with the others.
The glue is EconLib4 — a Lean 4 library that provides the mathematical substrate upon which every other system predicates.
The systems are not independent projects that happen to be written by the same person. They are a vertically integrated stack spanning from mathematical foundations through agent orchestration to domain application and cross-cutting infrastructure.
The mathematical substrate. Formalises economics, game theory, mechanism design, trust, cryptography, information theory, and semantic compression in Lean 4. Every system in the stack implicitly assumes game-theoretic, information-theoretic, or mechanism-design properties. EconLib4 makes those assumptions explicit, compositional, and machine-checkable.
| Module | Key Theorems | Grounds |
|---|---|---|
| MechanismDesign | vcg_is_dsic, revelation_principle | TokenGov allocation, OpenCompliance audit |
| GameTheory | nash_exists, shapley_uniqueness | CSC budget partitioning, Elan coordination |
| SemanticCompression | groundtrace_sound ✓ | CSC wind tunnel, LegalLean simplification |
| Trust | reputation_effect, staking_cooperation | TokenGov reputation, CCAP trust model |
| Learning | mw_regret_bound | TokenGov adaptive allocation, Elan skill selection |
| Crypto | special_soundness, fiat_shamir | CCAP attestation, OpenCompliance evidence |
| SocialChoice | arrow_impossibility | LegalLean rule aggregation |
| ContractTheory | monotone_implementable | TokenGov screening, LegalLean compliance |
| Finance | put_call_parity ✓ | TokenGov cross-account optimisation |
| Information | data_processing_inequality | TokenGov efficiency, CSC chaos monkey |
The runtime. Models an entire organisation as communicating BEAM processes — each agent is a GenServer with typed state, capability bounds, and supervision. Provides process topology, fault tolerance, skill dispatch, state introspection, and Monte Carlo simulation.
English → Verified Agent Pipelines. Compiles natural language prompts into typed, capability-bounded, budget-constrained SkillDAGs with machine-checked Lean 4 proofs at every handoff point. Three-layer verification: type safety, capability safety, budget safety.
Mechanism design for token budget allocation. Closes the feedback loop between AI agent token consumption and real-world economic outcomes across four accounts. VCG-based allocation, reputation ledger, yoneme cross-account deduplication, bounded punishment, ROI oracle.
Compositional safety proofs. Addresses Spera (2026, Thm 9.2): safety is non-compositional under conjunctive capability dependencies — two individually safe agents can compose into an unsafe coalition. Spectral formalises the full capability space as a directed hypergraph, computes closure under conjunctive dependencies, and proves the closure does not intersect the forbidden set — all via ZK proofs that preserve agent privacy.
Formal legal reasoning. Formalises legal rules as machine-checkable propositions in Lean 4 — rule formalisation, compliance checking, legal simplification with proved semantic preservation, and wind tunnel testing for paraphrase robustness.
Standards-grade compliance infrastructure. Replaces compliance theatre with typed, machine-readable evidence chains. Covers SOC 2, ISO 27001, GDPR, NICE digital health, CE marking, ICH E6(R3), MHRA, SRA. The key insight: compliance is a mechanism-design problem.
Agent communication protocol. Defines how agents communicate, attest capabilities, and verify execution. Execution traces, witnesshood, capability attestation, and graded reputation with transitivity conditions.
The commercially deployed application at the top of the stack. AI voice agents for law firms with HubSpot, Slack, and email integration via Elan's CompanyAsCode model. Both a customer of the stack and a proving ground — its sales cycles generate the data that trains TokenGov's reputation model.
Recursive benchmarking and self-improvement harness. Not a layer — a temporal envelope wrapping Layers 0–4. Feeds synthetic scenarios end-to-end, captures full execution traces across all nine other systems, compares outputs against prior versions, and proves that system evolution preserves or improves correctness. The recursive loop: generate → execute → trace → compare → improve → recurse.
Every cell describes what the row system imports from the column system.
| EconLib4 | Elan | CSC | TokenGov | Spectral | LegalLean | OC | CCAP | |
|---|---|---|---|---|---|---|---|---|
| Elan | Regret, Bayesian, AdverseSelection | — | Compiled pipelines | Budget allocation | Safety status, circuit breaker | — | Compliance posture | Execution traces |
| CSC | Shapley, Groundtrace, Nash, ZK | Skill registry | — | Budget ceiling; FiduciaryScope calls TokenGov.NormfallAlert.check_all — first live cross-system runtime integration | Coalition safety cert | — | — | Trace format |
| TokenGov | VCG, Revelation, Reputation, Regret | Agent pool | Budget requests | — | Cross-account safety proof | — | — | Reputation bridge |
| Spectral | ZK, Commitment, Safety.Compositional | Process topology | SkillDAG envelopes | Capability sets | — | Legal constraints | Regulatory forbidden sets | Per-agent attestations |
| LegalLean | ExtensiveForm, MoralHazard, Arrow | — | — | — | Legal safety surface | — | Control library | — |
| OC | DirectMechanism, GS, Commitment | — | — | — | Compliance-as-safety | Control formalisation | — | Evidence attestation |
| CCAP | Commitment, ZK, Reputation | — | HandoffProofs | — | Coalition attestation (ZK) | — | Evidence format | — |
| LegalEngine | — | Runtime | — | Token budget | — | Legal reasoning | Trust-surface reports | — |
| Recursa | Groundtrace, Entropy, Regret, Nash | Traces | Replay, paraphrases | Budget snapshots | Temporal speculum | Scenario seeds | Audit scenarios | Trace format |
19 compliance modules across three layers: Elan provides infrastructure-level controls (audit, policy, model governance, non-repudiation, incident response). TokenGov provides data-level controls (PII, AML, HITL, retention, export). CSC provides trustworthiness controls (Phase 1–5: hallucination gate, audit chain, escalation, competence, pathway, client profile, data grounding, fiduciary scope). Together they cover 7+ regulatory frameworks. BenchArena Tier 8 compliance_mapping: stack 55% > standard 45%.
| Module | Layer | π Score | Regulations | Description |
|---|---|---|---|---|
| ComplianceAuditLog | Elan | 94.2 | FINRA 4511, SEC 17a-4, SOC2 CC7, PCI Req.10 | Immutable HMAC-chained event log with 6-year retention |
| AgentPolicyEngine | Elan | 91.7 | SOC2 CC6, FINRA 3110, SR 11-7 | RBAC with kill-switch per agent class |
| ModelRegistry | Elan | 88.4 | SR 11-7, FINRA 3110, SOC2 CC8 | Full SR 11-7 model inventory with risk tiers |
| PIIVault | TokenGov | 85.1 | GDPR Art.22, CCPA ADMT, PCI DSS | Tokenization + PII classification + context window redaction |
| AMLMonitor | TokenGov | 82.9 | BSA, FinCEN | CTR/structuring/velocity rules, SAR 30-day SLA |
| NonRepudiationChain | Elan | 79.3 | FINRA 4511, SEC 17a-4 | Cryptographic HMAC chain-of-custody |
| HumanReviewQueue | TokenGov | 76.8 | FINRA 3110, SR 11-7, GDPR | Mandatory HITL gate with SLA tracking |
| IncidentResponse | Elan | 71.4 | SOC2 CC9, BSA, PCI DSS 12.10 | P0/P1 auto-kill, circuit breaker, automated RCA |
| DataRetentionEngine | TokenGov | 68.9 | FINRA 4511, PCI, GDPR | Policy-driven retention with GDPR erasure handling |
| RegulatoryExportAPI | TokenGov | 64.2 | SEC 17a-4, FINRA | Search/retrieve records for regulator production |
| ConfabulumRate | CSC | Phase 1 | Epistemic integrity | 9-type hallucination gate, halt threshold 0.65 |
| GroundtraceRecord | CSC | Phase 2 | SEC 17a-4, Rule 17a-4 | 20-field SHA-256 hash chain, Rule 17a-4 path |
| EscalationGate | CSC | Phase 3 | FINRA 3110, FINRA 3120 | I11 invariant, FINRA 3110/3120 material-decision gate |
| CompetenceSignal | CSC | Phase 3 | Epistemic risk controls | Vocabulary-gated synthesis by confidence score |
| PathwayAudit | CSC | Phase 3 | FINRA 3110, FINRA 3120, SEC 17a-4, DOL fiduciary | Compositional deontic compliance, 4 FINRA/SEC obligations |
| ClientProfile | CSC | Phase 4 | Suitability / fiduciary | I13 invariant, freshness-gated advice context |
| DataAdapter | CSC | Phase 4 | Data quality / citeability | Typed/citable FactualGround, stale-ground-blocked proved |
| FiduciaryScope | CSC | Phase 5 | DOL fiduciary rule, SEC AI governance | Licensed-operator wrapper, liability_acceptance_hash gate |
| NormfallAlert | TokenGov | Phase 5 | DOL fiduciary rule, SEC AI governance, FINRA agentic AI | Tracks DOL/SEC/FINRA norm obsolescence, struck-norm halt |
| Module | FINRA | SEC | SOC2 | BSA/AML | PCI-DSS | GDPR | SR 11-7 |
|---|---|---|---|---|---|---|---|
| ComplianceAuditLog | ✓ | ✓ | ✓ | — | ✓ | — | — |
| AgentPolicyEngine | ✓ | — | ✓ | — | — | — | ✓ |
| ModelRegistry | ✓ | — | ✓ | — | — | — | ✓ |
| NonRepudiationChain | ✓ | ✓ | — | — | — | — | — |
| IncidentResponse | — | — | ✓ | ✓ | ✓ | — | — |
| PIIVault | — | — | — | — | ✓ | ✓ | — |
| AMLMonitor | — | — | — | ✓ | — | — | — |
| HumanReviewQueue | ✓ | — | — | — | — | ✓ | ✓ |
| DataRetentionEngine | ✓ | — | — | — | ✓ | ✓ | — |
| RegulatoryExportAPI | ✓ | ✓ | — | — | — | — | — |
Part of OpenCompliance Foundation
These 10 modules implement the compliance controls defined by the OpenCompliance Foundation schema. Typed, machine-readable evidence chains replace compliance theatre.
Addressing the Regulatory AI Accountability Gap
The stack closes the regulatory AI accountability gap across four dimensions: ConfabulumRate gates hallucination at the source (9-type classifier, halt threshold 0.65); FiduciaryScope requires a licensed operator before advice is generated (liability_acceptance_hash gate); NormfallAlert detects when governing norms are struck (e.g. DOL fiduciary rule, March 2026) and halts advice generation until norms are re-evaluated; and CompetenceSignal prevents confident language when internal confidence is low (CertaintyVocabulary: Verified / HighConfidence / Moderate / Uncertain / Halted).
Five phases of formally-verified trustworthiness controls, all proved and passing CI.
| Phase | Theme | Key Modules | Status |
|---|---|---|---|
| Phase 1 | Epistemic Integrity | RAG grounding, ConfabulumRate gate, CertaintyVocabulary | ✓ Complete |
| Phase 2 | Audit Trail | GroundtraceRecord, SHA-256 hash chain, BenchArena telemetry | ✓ Complete |
| Phase 3 | Agentic Risk Controls | EscalationGate (I11 invariant), CompetenceSignal, PathwayAudit | ✓ Complete |
| Phase 4 | Data Grounding | ClientProfile (I13 invariant), DataAdapter (PerplexitySearch + FRED) | ✓ Complete |
| Phase 5 | Legal / Normative | NormfallAlert (TokenGov), FiduciaryScope (licensed operator wrapper) | ✓ Complete |
EconLib4's SemanticCompression module — a novel contribution that exists in no other formalisation library — cuts across every system.
Redundancy quantifies wasted tokens; tersiture sets minimum budgets
Groundtrace verifies wind tunnel; NoisyChannel bounds chaos monkey
Groundtrace over hypergraph closure — proves safety certificates preserve semantic content of capability attestations
Groundtrace verifies trace compression; NoisyChannel bounds scenario-vs-reality information loss; Entropy detects redundant scenarios
Legal text compression with proved semantic preservation
InformationDensity measures prompt quality before dispatch
semantic_channel_coding sets agent-to-agent communication rate bounds
Regulatory language simplification preserving regulatory intent
Terms coined across the stack that form a shared vocabulary.
The stack is not ten systems bolted together. It is one system expressed at ten levels of abstraction.
Each question is answered formally. Each answer is connected to the others via EconLib4's shared type vocabulary. The result is a vertically integrated stack where mathematical proof, economic incentive, legal reasoning, and commercial application share a single formal substrate.