Skip to main content

Substrate-Observation as an Alternative to Envelope Coordination for Concurrent Sessions
draft-morrison-substrate-observation-01

Document Type Active Internet-Draft (individual)
Author Blake Morrison
Last updated 2026-07-05
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-morrison-substrate-observation-01
Network Working Group                                        B. Morrison
Internet-Draft                                    Alter Meridian Pty Ltd
Intended status: Informational                               6 July 2026
Expires: 7 January 2027

  Substrate-Observation as an Alternative to Envelope Coordination for
                          Concurrent Sessions
                draft-morrison-substrate-observation-01

Abstract

   This memo articulates a coordination-protocol anti-pattern observed
   in cross-tool agentic systems and describes a substrate-observation
   alternative that does not require negotiating a wire format between
   heterogeneous concurrent sessions of an identity-bound principal.
   The memo is Informational.  No protocol element is being proposed for
   standardisation; the contribution is the opposite, a delineation of
   what should NOT be standardised, and why, with a reference to the
   substrate-physics primitives that take its place.  Companion memos in
   the morrison-* family describe the identity primitives this memo
   presumes; specifically, this memo relies on the ~handle namespace
   established in [IDPRONOUNS] and the per-principal identity substrate
   referenced in [IDACCORD].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 7 January 2027.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Morrison                 Expires 7 January 2027                 [Page 1]
Internet-Draft            Substrate Observation                July 2026

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Status of This Memo . . . . . . . . . . . . . . . . . . . . .   2
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   4.  The Anti-Pattern  . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Interop Combinatorics . . . . . . . . . . . . . . . . . .   4
     4.2.  Broker Re-Centralisation  . . . . . . . . . . . . . . . .   5
     4.3.  Identity-Binding Leakage  . . . . . . . . . . . . . . . .   5
     4.4.  Constitutive Handshakes Are Not Envelope Coordination . .   5
   5.  The Alternative . . . . . . . . . . . . . . . . . . . . . . .   5
   6.  Reconciliation  . . . . . . . . . . . . . . . . . . . . . . .   6
   7.  Worked Example: Concurrent-Session Conflict Resolution  . . .   7
   8.  Why Not Standardise the Substrate . . . . . . . . . . . . . .   8
   9.  Relation to Prior Art . . . . . . . . . . . . . . . . . . . .   8
   10. Biological Precedent  . . . . . . . . . . . . . . . . . . . .   9
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  11
     12.1.  Ghost-State Injection  . . . . . . . . . . . . . . . . .  11
     12.2.  Simulated Split-Brain  . . . . . . . . . . . . . . . . .  12
     12.3.  Confidence-Replay  . . . . . . . . . . . . . . . . . . .  12
   13. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  12
   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     14.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     14.2.  Informative References . . . . . . . . . . . . . . . . .  13
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  14
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  14
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  14

1.  Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

Morrison                 Expires 7 January 2027                 [Page 2]
Internet-Draft            Substrate Observation                July 2026

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

2.  Introduction

   When a single identity-bound principal operates several agentic
   sessions concurrently, whether across different tools, different
   hosts (a workstation, a laptop, a phone), or different organisational
   contexts (an individual capacity, a workplace capacity, a contracted
   capacity), those sessions must deconflict their action without
   stepping on each other's commits, leases, or external-system state.

   A natural impulse is to standardise a wire protocol for the sessions
   to exchange peer-state envelopes: "I am here, working on X, holding
   lease Y until time T".  This memo argues such standardisation is
   structurally unnecessary, would compound interop burden as new
   agentic tools enter the ecosystem, and would re-centralise an
   inherently distributed problem on whatever broker the envelope
   protocol selected.

   The alternative is substrate observation: each session observes
   byproducts of its peers' normal operation (filesystem timestamps,
   kernel-reported socket peer counts, server-emitted connection counts
   on shared channels) and forms its own local representation of who-
   else-is-here.  No envelope.  No wire format.  No broker.
   Reconciliation occurs post-hoc through substrate-physics commitments
   (filesystem locks, append-only identity logs, economic settlement,
   organisational identity append-logs), never through a canonical
   decision.  Identity binding of the principal's surfaces themselves is
   assumed to follow the conventions of [MCPDNS] and [IDCOMMITS]; this
   memo concerns only the coordination layer above those primitives.

3.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 RFC2119 [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   The following terms are defined for the purposes of this document:

Morrison                 Expires 7 January 2027                 [Page 3]
Internet-Draft            Substrate Observation                July 2026

   *  *Substrate-emitted byproduct.* A filesystem or kernel or network-
      substrate side-effect of an operation undertaken for some purpose
      other than coordination, observable to other sessions of the same
      principal without those sessions having transmitted a coordination
      message.

   *  *Decay-to-uncertainty.* The property that an observation aged
      beyond a recency threshold transitions to an explicit "uncertain"
      state, under which the observing session continues to operate,
      rather than transitioning to an "absent" state under which the
      observing session blocks.

   *  *Mutual hallucination.* The property that each session of a
      principal forms its own local representation of concurrent-peer
      presence from substrate observations, and that no representation
      is canonical.  Divergent representations are reconciled post-hoc
      through substrate-physics commitments, not through agreement among
      the sessions themselves.

   *  *Substrate-physics cascade.* The ordered, non-commutative
      reconciliation pipeline through which divergent local
      representations resolve to a single durable history.  A reference
      implementation orders the cascade as (a) filesystem-lock
      arbitration, (b) per-principal append-only identity-log, (c)
      external operational settlement (cryptographic non-fast-forward
      rejection, on-chain transaction receipt), and (d) per-organisation
      append-only identity-log.  No stage in the cascade transmits a
      coordination marker; each stage is a commitment to the substrate,
      observed identically by every participating session.

4.  The Anti-Pattern

   This memo identifies envelope coordination, the standardisation of a
   peer-state-exchange wire format across heterogeneous agentic
   sessions, as structurally inadequate to the cross-tool identity-
   bound-principal problem.  Three failure modes recur:

4.1.  Interop Combinatorics

   Every additional agentic tool adopting an envelope-coordination
   standard must negotiate compatibility with every prior tool's version
   of the standard.  Tool families evolve at different cadences;
   agreement-by-versioning produces a combinatorial maintenance burden
   borne by the slowest-moving tool's release cycle.  Substrate
   observation has no compatibility surface to negotiate; tools that
   emit substrate byproducts as a side effect of their normal operation
   are mutually visible by construction, regardless of release cycle.

Morrison                 Expires 7 January 2027                 [Page 4]
Internet-Draft            Substrate Observation                July 2026

4.2.  Broker Re-Centralisation

   Envelope-coordination wire formats imply a destination for the
   envelopes.  A broker, whether discovered via DNS, configured per-
   session, or shipped by a single vendor, accumulates the peer-state of
   every session that publishes to it.  This collapses what is logically
   a distributed-observation problem onto a single centralised
   authority, with the predictable consequences for failure-mode (broker
   down implies coordination down) and trust (broker operator sees every
   session's purpose).

4.3.  Identity-Binding Leakage

   Envelope payloads typically carry an identifier ("session-id",
   "principal-id", "agent-id") to permit peers to address each other.
   Such identifiers become a re-identification surface at the wire layer
   that the underlying identity infrastructure may have explicitly
   arranged to bound.  Substrate byproducts emit no payload, they are
   simply present in the substrate, and the inference of peer identity
   is performed locally by each session from substrate-tier credentials
   it already possesses (kernel SO_PEERCRED, transport-layer
   authentication on a shared channel, and equivalent).  No wire-layer
   identifier is exposed.

4.4.  Constitutive Handshakes Are Not Envelope Coordination

   The anti-pattern identified here is the standardisation of a peer-
   state-exchange wire format for the purpose of deconflicting
   otherwise-independent action.  It is NOT a claim against every
   message a concurrent session may transmit.  A constitutive act, one
   that brings a new shared commitment into being that did not exist
   until both parties assented, is categorically distinct from a peer-
   state envelope.  A peer-state envelope DESCRIBES action each session
   decided independently, transmitted only for the convenience of
   deconfliction; that is the anti-pattern.  A constitutive handshake
   CONSTITUTES a commitment that does not exist until assent is
   exchanged, and by its nature it must declare its terms and fail
   closed.  Substrate observation is the correct shape for the former
   and is neither offered for, nor adequate to, the latter.  A
   deliberate handshake is therefore not in tension with this memo: the
   two occupy the describe/constitute boundary, not two competing
   answers to a single question.

5.  The Alternative

   Sessions observe substrate-emitted byproducts.  Three reference
   observables, listed in order of identity-binding strength:

Morrison                 Expires 7 January 2027                 [Page 5]
Internet-Draft            Substrate Observation                July 2026

   *  Filesystem modification timestamps on per-session journal files
      produced by tools that journal to disk.  Pseudonymous; compute-
      location is the observing session's local filesystem.

   *  Kernel-reported socket peer-credentials (SO_PEERCRED on Unix-
      domain sockets, equivalent mechanisms on other systems) for
      sessions mounting a common per-principal daemon.  Identity-bound
      to the principal owning the daemon; compute-location is kernel-
      mediated, host-local.

   *  Server-emitted concurrent-connection counts on a per-principal
      event channel maintained by the principal's identity
      infrastructure.  Identity-bound to the principal; compute-location
      is the server emitting the count, with inference performed locally
      by the subscribing session.

   None of these observables is a coordination message.  Each exists as
   a byproduct of the observed session's normal operation: writing its
   journal, mounting its socket, subscribing to its event channel.

   Each observable class carries an intrinsic identity-binding strength,
   and a session's local representation records not merely what it
   observed but at which tier the observation was drawn.  The closed-
   class provenance grammar of [SUBPROV] provides the vocabulary for
   that annotation.  It distinguishes, for example, a filesystem-
   timestamp observation from a kernel-peer-credential observation from
   a server-emitted-count observation, so that downstream reconciliation
   can weight an observation by the identity-binding strength of its
   source rather than treating all observations as equally
   authoritative.

6.  Reconciliation

   When sessions' local representations diverge, typically when two
   sessions independently take an action that affects shared state (a
   shared filesystem path, a shared external-system resource, a shared
   organisational artifact), reconciliation proceeds through the
   substrate-physics cascade defined in Section 2, ordered: filesystem-
   lock arbitration, per-principal append-only identity-log, external
   operational settlement, per-organisation append-only identity-log.
   Each stage is a substrate commitment.  No stage transmits a
   coordination marker; each stage's outcome is itself observable as
   another substrate byproduct by every participating session.

   The cascade is non-commutative: the outcome of an earlier stage
   constrains the admissibility of a later stage's commitments.  This
   property prevents an attacker from partitioning observations across
   cascade stages to write conflicting commitments simultaneously.

Morrison                 Expires 7 January 2027                 [Page 6]
Internet-Draft            Substrate Observation                July 2026

7.  Worked Example: Concurrent-Session Conflict Resolution

   The following example illustrates the operating posture of a session
   that has formed, from substrate observation alone, a belief that a
   concurrent peer conflicts with its own work, and that resolves that
   belief without transmitting a coordination envelope.

   A principal operates several concurrent sessions.  One session
   prepares to modify a shared artifact and forms the hypothesis that a
   peer is already modifying the same artifact.  Under envelope
   coordination the session would block, or would transmit a query and
   await a peer response, before proceeding.  Under substrate
   observation it instead reconciles the hypothesis against three
   observation classes it already possesses.

   First, the server-emitted concurrent-connection count on the
   principal's per-principal event channel (Section 4, third observable)
   establishes how many peer sessions are present.  This observable is
   identity-bound to the principal and is emitted by the principal's
   server rather than by any single host, so it accounts for peers on
   hosts other than the observing session's own.  A count derived
   instead from a host-local observable (Section 4, second observable,
   kernel peer-credentials on a host-local socket) omits off-host peers
   and MUST NOT be treated as complete.

   Second, the per-session filesystem journals (Section 4, first
   observable) of each present peer disclose, as a byproduct of each
   peer's normal operation, the artifacts that peer is touching.  The
   observing session binds these into a single local representation
   (Section 2, mutual hallucination) and observes whether any present
   peer is touching the shared artifact in question.

   Third, the filesystem presence of an unattended working surface (an
   orphaned working tree, or a branch with no live session behind it) is
   a first-observable byproduct that decays to uncertainty (Section 2).
   It MUST NOT be conflated with a present peer.  A conflict hypothesis
   grounded in a stale filesystem artifact rather than in a live peer is
   precisely the divergent local representation the cascade reconciles
   post-hoc; it is not a live conflict to block on.

   Having reconciled the hypothesis against present, non-stale peers and
   found no present peer touching the shared artifact, the session
   proceeds.  It does NOT conclude that conflict is impossible: the
   mutual-hallucination property (Section 2) denies any local
   representation the status of a canonical decision.  It concludes only
   that no conflict is observed among present peers, which licenses
   action, not certainty.  Any residual conflict, whether a peer that
   begins touching the artifact after the observation or an off-host

Morrison                 Expires 7 January 2027                 [Page 7]
Internet-Draft            Substrate Observation                July 2026

   peer the observing session could not see, is caught at commit time by
   the substrate-physics cascade (Section 5): filesystem-lock
   arbitration, then the per-principal append-only identity-log, then
   external operational settlement such as a cryptographic non-fast-
   forward rejection.  This distinction is the whole of the memo's
   thesis: observation licenses a session to act under uncertainty, and
   the substrate-physics cascade, not a pre-emptive coordination
   envelope, is what makes the action safe.

8.  Why Not Standardise the Substrate

   A reader may ask whether this memo should propose a standardised set
   of substrate observables and a standardised reconciliation cascade.
   It does not.  The observables identified above are characteristic of
   POSIX-derived systems running journal-emitting tools, mounting Unix-
   domain sockets, and subscribing to HTTP-streaming event channels,
   substrate that is itself standardised in [POSIX], [RFC8441], and
   similar.  No new substrate standardisation is required for the
   substrate-observation pattern; it composes directly with existing
   substrate.  Where heterogeneous substrate calls for adapter selection
   (a Windows tool's journal location differs from a POSIX tool's), the
   adapter is a tool-private implementation detail, not a wire-format
   negotiation between sessions.

9.  Relation to Prior Art

   This memo's substrate-observation primitive is structurally distinct
   from each of the prior-art families surveyed below.  The contribution
   of this memo is the joint articulation of why each family is, by
   construction, inadequate to the identity-bound-principal cross-tool
   problem the memo describes; it is not a survey for its own sake.

   Leader-elected consensus PAXOS [RAFT] requires a designated leader,
   explicit coordination messages, and a single canonical log.
   Substrate observation has none of these.

   Conflict-Free Replicated Data Types [CRDT] require a shared mutable
   data structure and commutative merge operations.  Substrate
   observation has neither; the cascade described in Section 5 is non-
   commutative.

   Gossip and epidemic protocols (Demers et al. 1987, [SWIM] and
   successors) require explicit anti-entropy or update messages
   transmitted between nodes on a schedule.  Substrate byproducts are
   not anti-entropy payloads; they are unrelated side-effects.

Morrison                 Expires 7 January 2027                 [Page 8]
Internet-Draft            Substrate Observation                July 2026

   Logical clocks [CLOCKS] (Lamport, vector clocks, Interval Tree
   Clocks) require piggyback of clock state on application messages.
   Substrate observation does not piggyback on coordination messages
   because there are none.

   Distributed snapshots [SNAPSHOTS] require explicit marker messages
   injected along communication channels.  The reconciliation cascade of
   Section 5 is triggered by independent operational events, not
   markers.

   Cryptographically-chained append-only logs (Certificate Transparency
   [RFC6962], Git object graphs, blockchain ledgers) are each
   instantiated by the present memo's cascade as one of its stages, not
   as the whole.  Their novelty in the present context is their
   composition as the second and fourth stages of a non-commutative
   cascade triggered by byproduct emission, not their chained-log
   primitive considered alone.

   Failure detectors (Chandra-Toueg, [SWIM], Lifeguard) output suspect/
   dead judgements about peers based on heartbeat latency/absence.
   Substrate observation outputs uncertainty as a first-class terminal
   operating state; uncertainty is not a transient state on the way to
   dead, it is the state the system operates under.

   Lock-free and wait-free data structures require shared memory between
   threads.  Sessions in the present memo do not share memory; they
   observe substrate-physics surfaces independently.

   Web Locks API [WEBLOCKS] and analogous intra-runtime mechanisms
   operate within a single browser instance and rely on message-passing
   or lock-arbitration provided by the runtime.  They do not generalise
   to the cross-host, cross-tool problem the present memo addresses.

10.  Biological Precedent

   The substrate-observation primitive described in this memo, and the
   anti-protocol posture for which it is the operational realisation,
   has biological precedent across five phylogenetically independent
   subjects.  This section cites that precedent not as prior art and not
   as normative grounding, but as background evidence that coordination
   as observation of substrate-physics (rather than transmission of a
   coordination envelope) is a realisable and selectable architectural
   shape, and not a fanciful engineering construct.

   Four vertebrate subjects converge: African and Asian elephant
   matriarchal recognition with infrasonic identity calls and multi-
   decade individual recognition (McComb, Moss, Durant, Baker and
   Sayialel 2001 "Matriarchs as Repositories of Social Knowledge in

Morrison                 Expires 7 January 2027                 [Page 9]
Internet-Draft            Substrate Observation                July 2026

   African Elephants" Science 292:491-494); corvid (scrub jay, Eurasian
   jay, New Caledonian crow, American crow) episodic-like cache memory
   bound on what-where-when-who, theory-of-mind aware re-caching
   contingent on observer identity, and trans-generational tool
   tradition transmission (Clayton and Dickinson 1998 Nature
   395:272-274; Emery and Clayton 2004 Science 306:1903-1907; Marzluff
   et al 2010 Animal Behaviour 79:699-707); cetacean (sperm whale,
   killer whale, bottlenose dolphin, humpback whale) pod- and matriline-
   distinct dialect drift, decades-long individual signature-whistle
   recognition, and culture-as-population-substrate (Whitehead 2003
   "Sperm Whales: Social Evolution in the Ocean" University of Chicago
   Press; Garland et al 2011 Current Biology 21:687-691; Bruck 2013
   Proceedings of the Royal Society B 280:20131726); and the human
   Highly Superior Autobiographical Memory phenotype (LePort et al 2012
   Neurobiology of Learning and Memory 98:78-92; Mazzoni et al 2019
   NeuroImage 200:163-173).  A fifth subject, cephalopods, is
   phylogenetically independent of the four vertebrate subjects at
   approximately 600 million years of separation: cuttlefish episodic-
   like memory (Jozet-Alves, Bertin and Clayton 2013 Current Biology
   23:R1033-R1035) replicates the corvid scrub-jay finding in an out-of-
   vertebrate-family taxon; cephalopod chromatophore camouflage emits
   identity expression as a continuous output of the substrate-observing
   nervous system rather than as a stored property, with the emission
   decaying to incoherent noise rather than to a frozen last-known-
   pattern when substrate input fails (Hanlon and Messenger 2018
   "Cephalopod Behaviour" Cambridge University Press); and cephalopod
   arm-level motor programs continue executing locally-coherent
   behaviour against their local substrate under experimental
   dissociation of central-peripheral coordination (Sumbre, Gutfreund,
   Fiorito, Flash and Hochner 2001 Science 293:1845-1848).  The
   cephalopod evidence is the strongest available form of biological
   convergence because it establishes that the architectural pattern is
   independently selectable across the largest evolutionary gap
   available in animal cognition, and is therefore a substrate-agnostic
   architectural primitive rather than a vertebrate-specific
   contingency.

   The convergent claim across all five subjects is that coherent
   identity-recognition cognition is realised in biology as a
   distributed substrate of heterogeneous nodes with role-specific decay
   characteristics, not as a single store implemented redundantly, and
   that coordination of action under partial information is achieved
   through observation of substrate-physics rather than through
   transmission of a coordination message between observers.  The four
   properties this memo's specification inherits are: (i) memory is
   distributed across structurally heterogeneous substrates with role-
   specific decay characteristics (mirrored by the L1-L4 cascade across
   heterogeneous substrate-physics layers); (ii) storage at the high-

Morrison                 Expires 7 January 2027                [Page 10]
Internet-Draft            Substrate Observation                July 2026

   salience tier is append-only with the reading surface as a projection
   (mirrored by the per-principal IdentityLog append at L2 and the per-
   organisation collective-scope IdentityLog append at L4); (iii)
   episodes bind heterogeneous modalities with corroboration per-episode
   rather than per-stream (mirrored by the substrate-observation
   primitive which binds heterogeneous substrate-emission classes into a
   single local representation); and (iv) memory carries metadata about
   who observed it (mirrored by the kernel-attested or server-attested
   credential of the emitting session as an intrinsic property of each
   substrate emission).

   The split-brain-immune posture of the present memo's anti-protocol
   shape has its strongest biological grounding in cephalopod
   distributed-control behaviour: when central-peripheral integration
   breaks, arm-level programs continue executing coherently against
   their local substrate.  The animal still acts, but as eight quasi-
   independent agents rather than as one.  This is precisely the multi-
   session split-brain operating posture this memo specifies: divergent
   local representations under uncertainty, with reconciliation post-hoc
   through the substrate-physics cascade rather than through pre-emptive
   central coordination.

   The biological precedent is cited solely as background.  No claim of
   biological prior art is asserted, and no analogy to biological
   substrate is normative for any conformance requirement of this
   specification.

11.  IANA Considerations

   This memo requires no IANA actions.

12.  Security Considerations

   Substrate observation surfaces three classes of attack absent from
   envelope-coordination protocols.

12.1.  Ghost-State Injection

   A peer emits a substrate byproduct then disappears, leaving an aging
   observation influencing other sessions' representations beyond its
   operational lifetime.  Mitigation is decay-to-uncertainty with a per-
   substrate-layer eviction floor: observations below threshold are
   evicted, not retained at vanishing confidence.

Morrison                 Expires 7 January 2027                [Page 11]
Internet-Draft            Substrate Observation                July 2026

12.2.  Simulated Split-Brain

   A peer emits substrate byproducts to some cascade layers but not
   others, producing divergent local representations across layers that
   the cascade cannot fully reconcile.  Mitigation is per-observer
   monotonic layer-coverage commitment: an observer's first emission
   registers its substrate-set, and later emissions outside that set are
   quarantined before identity-log write.

12.3.  Confidence-Replay

   A peer re-emits aged substrate byproducts to refresh observers'
   confidence in stale state.  Mitigation is observation-id-bound decay,
   where the decay clock is keyed to the observation identifier rather
   than to wall-clock receipt time.

13.  Privacy Considerations

   Substrate observables vary in identity-binding strength.  The lowest
   tier (filesystem timestamps, before any identity binding) is
   pseudonymous: the observer can infer presence but not identity.
   Implementations SHOULD operate this tier with refusal to emit in
   cloud-shell environments (where host identity is shared across
   users), refusal to emit in continuous-integration environments (where
   emission would be linkable to public workflow metadata), and refusal
   to enforce locks at this tier (locks require identity binding;
   pseudonymous observations do not provide it).

14.  References

14.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [MCPDNS]   Morrison, B., "Discovery of Model Context Protocol Servers
              via DNS TXT Records", 2026,
              <https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-
              discovery/>.

Morrison                 Expires 7 January 2027                [Page 12]
Internet-Draft            Substrate Observation                July 2026

   [IDPRONOUNS]
              Morrison, B., "Identity Pronouns: A Reference-Axis
              Extension to ~handle Identity Systems", 2026,
              <https://datatracker.ietf.org/doc/draft-morrison-identity-
              pronouns/>.

   [IDACCORD] Morrison, B., "Identity Accord Protocol", 2026,
              <https://datatracker.ietf.org/doc/draft-morrison-identity-
              accord/>.

   [IDCOMMITS]
              Morrison, B., "Identity-Attributed Git Commits via Tier-
              Structured Trailers", 2026,
              <https://datatracker.ietf.org/doc/draft-morrison-identity-
              attributed-commits/>.

   [SUBPROV]  Morrison, B., "Substrate-Provenance Annotation Grammar for
              Large-Language-Model Output", 2026,
              <https://datatracker.ietf.org/doc/draft-morrison-
              substrate-provenance-grammar/>.

14.2.  Informative References

   [POSIX]    "IEEE Std 1003.1-2017, Standard for Information Technology
              - Portable Operating System Interface (POSIX) Base
              Specifications", 2017,
              <https://pubs.opengroup.org/onlinepubs/9699919799/>.

   [RFC8441]  McManus, P., "Bootstrapping WebSockets with HTTP/2",
              RFC 8441, DOI 10.17487/RFC8441, September 2018,
              <https://www.rfc-editor.org/info/rfc8441>.

   [RFC6962]  Laurie, B., Langley, A., and E. Kasper, "Certificate
              Transparency", RFC 6962, DOI 10.17487/RFC6962, June 2013,
              <https://www.rfc-editor.org/info/rfc6962>.

   [PAXOS]    Lamport, L., "The Part-Time Parliament", 1998,
              <https://lamport.azurewebsites.net/pubs/lamport-
              paxos.pdf>.

   [RAFT]     Ongaro, D. and J. Ousterhout, "In Search of an
              Understandable Consensus Algorithm", 2014,
              <https://raft.github.io/raft.pdf>.

   [CRDT]     Shapiro, M., Preguica, N., Baquero, C., and M. Zawirski,
              "Conflict-Free Replicated Data Types", 2011,
              <https://hal.inria.fr/inria-00609399v1/document>.

Morrison                 Expires 7 January 2027                [Page 13]
Internet-Draft            Substrate Observation                July 2026

   [SWIM]     Das, A., Gupta, I., and A. Motivala, "SWIM: Scalable
              Weakly-consistent Infection-style Process Group Membership
              Protocol", 2002,
              <https://www.cs.cornell.edu/projects/Quicksilver/
              public_pdfs/SWIM.pdf>.

   [CLOCKS]   Lamport, L., "Time, Clocks, and the Ordering of Events in
              a Distributed System", 1978,
              <https://lamport.azurewebsites.net/pubs/time-clocks.pdf>.

   [SNAPSHOTS]
              Chandy, K. M. and L. Lamport, "Distributed Snapshots:
              Determining Global States of Distributed Systems", 1985,
              <https://lamport.azurewebsites.net/pubs/chandy.pdf>.

   [WEBLOCKS] "Web Locks API", 2021, <https://www.w3.org/TR/web-locks/>.

Acknowledgements

   This memo grew out of internal architectural design work on
   coordinating concurrent agentic sessions of a single identity-bound
   principal across heterogeneous tooling.  The realisation that
   substrate observation suffices, and that envelope coordination is the
   wrong abstraction at the cross-tool layer, is the central insight
   behind this specification.

Author's Address

   Blake Morrison Alter Meridian Pty Ltd Email: blake@truealter.com

Author's Address

   Blake Morrison
   Alter Meridian Pty Ltd
   Email: blake@truealter.com

Morrison                 Expires 7 January 2027                [Page 14]