Substrate-Observation as an Alternative to Envelope Coordination for Concurrent Sessions
draft-morrison-substrate-observation-01
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Blake Morrison | ||
| Last updated | 2026-07-05 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-morrison-substrate-observation-01
Network Working Group B. Morrison
Internet-Draft Alter Meridian Pty Ltd
Intended status: Informational 6 July 2026
Expires: 7 January 2027
Substrate-Observation as an Alternative to Envelope Coordination for
Concurrent Sessions
draft-morrison-substrate-observation-01
Abstract
This memo articulates a coordination-protocol anti-pattern observed
in cross-tool agentic systems and describes a substrate-observation
alternative that does not require negotiating a wire format between
heterogeneous concurrent sessions of an identity-bound principal.
The memo is Informational. No protocol element is being proposed for
standardisation; the contribution is the opposite, a delineation of
what should NOT be standardised, and why, with a reference to the
substrate-physics primitives that take its place. Companion memos in
the morrison-* family describe the identity primitives this memo
presumes; specifically, this memo relies on the ~handle namespace
established in [IDPRONOUNS] and the per-principal identity substrate
referenced in [IDACCORD].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 January 2027.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
Morrison Expires 7 January 2027 [Page 1]
Internet-Draft Substrate Observation July 2026
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Status of This Memo . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
4. The Anti-Pattern . . . . . . . . . . . . . . . . . . . . . . 4
4.1. Interop Combinatorics . . . . . . . . . . . . . . . . . . 4
4.2. Broker Re-Centralisation . . . . . . . . . . . . . . . . 5
4.3. Identity-Binding Leakage . . . . . . . . . . . . . . . . 5
4.4. Constitutive Handshakes Are Not Envelope Coordination . . 5
5. The Alternative . . . . . . . . . . . . . . . . . . . . . . . 5
6. Reconciliation . . . . . . . . . . . . . . . . . . . . . . . 6
7. Worked Example: Concurrent-Session Conflict Resolution . . . 7
8. Why Not Standardise the Substrate . . . . . . . . . . . . . . 8
9. Relation to Prior Art . . . . . . . . . . . . . . . . . . . . 8
10. Biological Precedent . . . . . . . . . . . . . . . . . . . . 9
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
12. Security Considerations . . . . . . . . . . . . . . . . . . . 11
12.1. Ghost-State Injection . . . . . . . . . . . . . . . . . 11
12.2. Simulated Split-Brain . . . . . . . . . . . . . . . . . 12
12.3. Confidence-Replay . . . . . . . . . . . . . . . . . . . 12
13. Privacy Considerations . . . . . . . . . . . . . . . . . . . 12
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
14.1. Normative References . . . . . . . . . . . . . . . . . . 12
14.2. Informative References . . . . . . . . . . . . . . . . . 13
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Morrison Expires 7 January 2027 [Page 2]
Internet-Draft Substrate Observation July 2026
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
2. Introduction
When a single identity-bound principal operates several agentic
sessions concurrently, whether across different tools, different
hosts (a workstation, a laptop, a phone), or different organisational
contexts (an individual capacity, a workplace capacity, a contracted
capacity), those sessions must deconflict their action without
stepping on each other's commits, leases, or external-system state.
A natural impulse is to standardise a wire protocol for the sessions
to exchange peer-state envelopes: "I am here, working on X, holding
lease Y until time T". This memo argues such standardisation is
structurally unnecessary, would compound interop burden as new
agentic tools enter the ecosystem, and would re-centralise an
inherently distributed problem on whatever broker the envelope
protocol selected.
The alternative is substrate observation: each session observes
byproducts of its peers' normal operation (filesystem timestamps,
kernel-reported socket peer counts, server-emitted connection counts
on shared channels) and forms its own local representation of who-
else-is-here. No envelope. No wire format. No broker.
Reconciliation occurs post-hoc through substrate-physics commitments
(filesystem locks, append-only identity logs, economic settlement,
organisational identity append-logs), never through a canonical
decision. Identity binding of the principal's surfaces themselves is
assumed to follow the conventions of [MCPDNS] and [IDCOMMITS]; this
memo concerns only the coordination layer above those primitives.
3. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 RFC2119 [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The following terms are defined for the purposes of this document:
Morrison Expires 7 January 2027 [Page 3]
Internet-Draft Substrate Observation July 2026
* *Substrate-emitted byproduct.* A filesystem or kernel or network-
substrate side-effect of an operation undertaken for some purpose
other than coordination, observable to other sessions of the same
principal without those sessions having transmitted a coordination
message.
* *Decay-to-uncertainty.* The property that an observation aged
beyond a recency threshold transitions to an explicit "uncertain"
state, under which the observing session continues to operate,
rather than transitioning to an "absent" state under which the
observing session blocks.
* *Mutual hallucination.* The property that each session of a
principal forms its own local representation of concurrent-peer
presence from substrate observations, and that no representation
is canonical. Divergent representations are reconciled post-hoc
through substrate-physics commitments, not through agreement among
the sessions themselves.
* *Substrate-physics cascade.* The ordered, non-commutative
reconciliation pipeline through which divergent local
representations resolve to a single durable history. A reference
implementation orders the cascade as (a) filesystem-lock
arbitration, (b) per-principal append-only identity-log, (c)
external operational settlement (cryptographic non-fast-forward
rejection, on-chain transaction receipt), and (d) per-organisation
append-only identity-log. No stage in the cascade transmits a
coordination marker; each stage is a commitment to the substrate,
observed identically by every participating session.
4. The Anti-Pattern
This memo identifies envelope coordination, the standardisation of a
peer-state-exchange wire format across heterogeneous agentic
sessions, as structurally inadequate to the cross-tool identity-
bound-principal problem. Three failure modes recur:
4.1. Interop Combinatorics
Every additional agentic tool adopting an envelope-coordination
standard must negotiate compatibility with every prior tool's version
of the standard. Tool families evolve at different cadences;
agreement-by-versioning produces a combinatorial maintenance burden
borne by the slowest-moving tool's release cycle. Substrate
observation has no compatibility surface to negotiate; tools that
emit substrate byproducts as a side effect of their normal operation
are mutually visible by construction, regardless of release cycle.
Morrison Expires 7 January 2027 [Page 4]
Internet-Draft Substrate Observation July 2026
4.2. Broker Re-Centralisation
Envelope-coordination wire formats imply a destination for the
envelopes. A broker, whether discovered via DNS, configured per-
session, or shipped by a single vendor, accumulates the peer-state of
every session that publishes to it. This collapses what is logically
a distributed-observation problem onto a single centralised
authority, with the predictable consequences for failure-mode (broker
down implies coordination down) and trust (broker operator sees every
session's purpose).
4.3. Identity-Binding Leakage
Envelope payloads typically carry an identifier ("session-id",
"principal-id", "agent-id") to permit peers to address each other.
Such identifiers become a re-identification surface at the wire layer
that the underlying identity infrastructure may have explicitly
arranged to bound. Substrate byproducts emit no payload, they are
simply present in the substrate, and the inference of peer identity
is performed locally by each session from substrate-tier credentials
it already possesses (kernel SO_PEERCRED, transport-layer
authentication on a shared channel, and equivalent). No wire-layer
identifier is exposed.
4.4. Constitutive Handshakes Are Not Envelope Coordination
The anti-pattern identified here is the standardisation of a peer-
state-exchange wire format for the purpose of deconflicting
otherwise-independent action. It is NOT a claim against every
message a concurrent session may transmit. A constitutive act, one
that brings a new shared commitment into being that did not exist
until both parties assented, is categorically distinct from a peer-
state envelope. A peer-state envelope DESCRIBES action each session
decided independently, transmitted only for the convenience of
deconfliction; that is the anti-pattern. A constitutive handshake
CONSTITUTES a commitment that does not exist until assent is
exchanged, and by its nature it must declare its terms and fail
closed. Substrate observation is the correct shape for the former
and is neither offered for, nor adequate to, the latter. A
deliberate handshake is therefore not in tension with this memo: the
two occupy the describe/constitute boundary, not two competing
answers to a single question.
5. The Alternative
Sessions observe substrate-emitted byproducts. Three reference
observables, listed in order of identity-binding strength:
Morrison Expires 7 January 2027 [Page 5]
Internet-Draft Substrate Observation July 2026
* Filesystem modification timestamps on per-session journal files
produced by tools that journal to disk. Pseudonymous; compute-
location is the observing session's local filesystem.
* Kernel-reported socket peer-credentials (SO_PEERCRED on Unix-
domain sockets, equivalent mechanisms on other systems) for
sessions mounting a common per-principal daemon. Identity-bound
to the principal owning the daemon; compute-location is kernel-
mediated, host-local.
* Server-emitted concurrent-connection counts on a per-principal
event channel maintained by the principal's identity
infrastructure. Identity-bound to the principal; compute-location
is the server emitting the count, with inference performed locally
by the subscribing session.
None of these observables is a coordination message. Each exists as
a byproduct of the observed session's normal operation: writing its
journal, mounting its socket, subscribing to its event channel.
Each observable class carries an intrinsic identity-binding strength,
and a session's local representation records not merely what it
observed but at which tier the observation was drawn. The closed-
class provenance grammar of [SUBPROV] provides the vocabulary for
that annotation. It distinguishes, for example, a filesystem-
timestamp observation from a kernel-peer-credential observation from
a server-emitted-count observation, so that downstream reconciliation
can weight an observation by the identity-binding strength of its
source rather than treating all observations as equally
authoritative.
6. Reconciliation
When sessions' local representations diverge, typically when two
sessions independently take an action that affects shared state (a
shared filesystem path, a shared external-system resource, a shared
organisational artifact), reconciliation proceeds through the
substrate-physics cascade defined in Section 2, ordered: filesystem-
lock arbitration, per-principal append-only identity-log, external
operational settlement, per-organisation append-only identity-log.
Each stage is a substrate commitment. No stage transmits a
coordination marker; each stage's outcome is itself observable as
another substrate byproduct by every participating session.
The cascade is non-commutative: the outcome of an earlier stage
constrains the admissibility of a later stage's commitments. This
property prevents an attacker from partitioning observations across
cascade stages to write conflicting commitments simultaneously.
Morrison Expires 7 January 2027 [Page 6]
Internet-Draft Substrate Observation July 2026
7. Worked Example: Concurrent-Session Conflict Resolution
The following example illustrates the operating posture of a session
that has formed, from substrate observation alone, a belief that a
concurrent peer conflicts with its own work, and that resolves that
belief without transmitting a coordination envelope.
A principal operates several concurrent sessions. One session
prepares to modify a shared artifact and forms the hypothesis that a
peer is already modifying the same artifact. Under envelope
coordination the session would block, or would transmit a query and
await a peer response, before proceeding. Under substrate
observation it instead reconciles the hypothesis against three
observation classes it already possesses.
First, the server-emitted concurrent-connection count on the
principal's per-principal event channel (Section 4, third observable)
establishes how many peer sessions are present. This observable is
identity-bound to the principal and is emitted by the principal's
server rather than by any single host, so it accounts for peers on
hosts other than the observing session's own. A count derived
instead from a host-local observable (Section 4, second observable,
kernel peer-credentials on a host-local socket) omits off-host peers
and MUST NOT be treated as complete.
Second, the per-session filesystem journals (Section 4, first
observable) of each present peer disclose, as a byproduct of each
peer's normal operation, the artifacts that peer is touching. The
observing session binds these into a single local representation
(Section 2, mutual hallucination) and observes whether any present
peer is touching the shared artifact in question.
Third, the filesystem presence of an unattended working surface (an
orphaned working tree, or a branch with no live session behind it) is
a first-observable byproduct that decays to uncertainty (Section 2).
It MUST NOT be conflated with a present peer. A conflict hypothesis
grounded in a stale filesystem artifact rather than in a live peer is
precisely the divergent local representation the cascade reconciles
post-hoc; it is not a live conflict to block on.
Having reconciled the hypothesis against present, non-stale peers and
found no present peer touching the shared artifact, the session
proceeds. It does NOT conclude that conflict is impossible: the
mutual-hallucination property (Section 2) denies any local
representation the status of a canonical decision. It concludes only
that no conflict is observed among present peers, which licenses
action, not certainty. Any residual conflict, whether a peer that
begins touching the artifact after the observation or an off-host
Morrison Expires 7 January 2027 [Page 7]
Internet-Draft Substrate Observation July 2026
peer the observing session could not see, is caught at commit time by
the substrate-physics cascade (Section 5): filesystem-lock
arbitration, then the per-principal append-only identity-log, then
external operational settlement such as a cryptographic non-fast-
forward rejection. This distinction is the whole of the memo's
thesis: observation licenses a session to act under uncertainty, and
the substrate-physics cascade, not a pre-emptive coordination
envelope, is what makes the action safe.
8. Why Not Standardise the Substrate
A reader may ask whether this memo should propose a standardised set
of substrate observables and a standardised reconciliation cascade.
It does not. The observables identified above are characteristic of
POSIX-derived systems running journal-emitting tools, mounting Unix-
domain sockets, and subscribing to HTTP-streaming event channels,
substrate that is itself standardised in [POSIX], [RFC8441], and
similar. No new substrate standardisation is required for the
substrate-observation pattern; it composes directly with existing
substrate. Where heterogeneous substrate calls for adapter selection
(a Windows tool's journal location differs from a POSIX tool's), the
adapter is a tool-private implementation detail, not a wire-format
negotiation between sessions.
9. Relation to Prior Art
This memo's substrate-observation primitive is structurally distinct
from each of the prior-art families surveyed below. The contribution
of this memo is the joint articulation of why each family is, by
construction, inadequate to the identity-bound-principal cross-tool
problem the memo describes; it is not a survey for its own sake.
Leader-elected consensus PAXOS [RAFT] requires a designated leader,
explicit coordination messages, and a single canonical log.
Substrate observation has none of these.
Conflict-Free Replicated Data Types [CRDT] require a shared mutable
data structure and commutative merge operations. Substrate
observation has neither; the cascade described in Section 5 is non-
commutative.
Gossip and epidemic protocols (Demers et al. 1987, [SWIM] and
successors) require explicit anti-entropy or update messages
transmitted between nodes on a schedule. Substrate byproducts are
not anti-entropy payloads; they are unrelated side-effects.
Morrison Expires 7 January 2027 [Page 8]
Internet-Draft Substrate Observation July 2026
Logical clocks [CLOCKS] (Lamport, vector clocks, Interval Tree
Clocks) require piggyback of clock state on application messages.
Substrate observation does not piggyback on coordination messages
because there are none.
Distributed snapshots [SNAPSHOTS] require explicit marker messages
injected along communication channels. The reconciliation cascade of
Section 5 is triggered by independent operational events, not
markers.
Cryptographically-chained append-only logs (Certificate Transparency
[RFC6962], Git object graphs, blockchain ledgers) are each
instantiated by the present memo's cascade as one of its stages, not
as the whole. Their novelty in the present context is their
composition as the second and fourth stages of a non-commutative
cascade triggered by byproduct emission, not their chained-log
primitive considered alone.
Failure detectors (Chandra-Toueg, [SWIM], Lifeguard) output suspect/
dead judgements about peers based on heartbeat latency/absence.
Substrate observation outputs uncertainty as a first-class terminal
operating state; uncertainty is not a transient state on the way to
dead, it is the state the system operates under.
Lock-free and wait-free data structures require shared memory between
threads. Sessions in the present memo do not share memory; they
observe substrate-physics surfaces independently.
Web Locks API [WEBLOCKS] and analogous intra-runtime mechanisms
operate within a single browser instance and rely on message-passing
or lock-arbitration provided by the runtime. They do not generalise
to the cross-host, cross-tool problem the present memo addresses.
10. Biological Precedent
The substrate-observation primitive described in this memo, and the
anti-protocol posture for which it is the operational realisation,
has biological precedent across five phylogenetically independent
subjects. This section cites that precedent not as prior art and not
as normative grounding, but as background evidence that coordination
as observation of substrate-physics (rather than transmission of a
coordination envelope) is a realisable and selectable architectural
shape, and not a fanciful engineering construct.
Four vertebrate subjects converge: African and Asian elephant
matriarchal recognition with infrasonic identity calls and multi-
decade individual recognition (McComb, Moss, Durant, Baker and
Sayialel 2001 "Matriarchs as Repositories of Social Knowledge in
Morrison Expires 7 January 2027 [Page 9]
Internet-Draft Substrate Observation July 2026
African Elephants" Science 292:491-494); corvid (scrub jay, Eurasian
jay, New Caledonian crow, American crow) episodic-like cache memory
bound on what-where-when-who, theory-of-mind aware re-caching
contingent on observer identity, and trans-generational tool
tradition transmission (Clayton and Dickinson 1998 Nature
395:272-274; Emery and Clayton 2004 Science 306:1903-1907; Marzluff
et al 2010 Animal Behaviour 79:699-707); cetacean (sperm whale,
killer whale, bottlenose dolphin, humpback whale) pod- and matriline-
distinct dialect drift, decades-long individual signature-whistle
recognition, and culture-as-population-substrate (Whitehead 2003
"Sperm Whales: Social Evolution in the Ocean" University of Chicago
Press; Garland et al 2011 Current Biology 21:687-691; Bruck 2013
Proceedings of the Royal Society B 280:20131726); and the human
Highly Superior Autobiographical Memory phenotype (LePort et al 2012
Neurobiology of Learning and Memory 98:78-92; Mazzoni et al 2019
NeuroImage 200:163-173). A fifth subject, cephalopods, is
phylogenetically independent of the four vertebrate subjects at
approximately 600 million years of separation: cuttlefish episodic-
like memory (Jozet-Alves, Bertin and Clayton 2013 Current Biology
23:R1033-R1035) replicates the corvid scrub-jay finding in an out-of-
vertebrate-family taxon; cephalopod chromatophore camouflage emits
identity expression as a continuous output of the substrate-observing
nervous system rather than as a stored property, with the emission
decaying to incoherent noise rather than to a frozen last-known-
pattern when substrate input fails (Hanlon and Messenger 2018
"Cephalopod Behaviour" Cambridge University Press); and cephalopod
arm-level motor programs continue executing locally-coherent
behaviour against their local substrate under experimental
dissociation of central-peripheral coordination (Sumbre, Gutfreund,
Fiorito, Flash and Hochner 2001 Science 293:1845-1848). The
cephalopod evidence is the strongest available form of biological
convergence because it establishes that the architectural pattern is
independently selectable across the largest evolutionary gap
available in animal cognition, and is therefore a substrate-agnostic
architectural primitive rather than a vertebrate-specific
contingency.
The convergent claim across all five subjects is that coherent
identity-recognition cognition is realised in biology as a
distributed substrate of heterogeneous nodes with role-specific decay
characteristics, not as a single store implemented redundantly, and
that coordination of action under partial information is achieved
through observation of substrate-physics rather than through
transmission of a coordination message between observers. The four
properties this memo's specification inherits are: (i) memory is
distributed across structurally heterogeneous substrates with role-
specific decay characteristics (mirrored by the L1-L4 cascade across
heterogeneous substrate-physics layers); (ii) storage at the high-
Morrison Expires 7 January 2027 [Page 10]
Internet-Draft Substrate Observation July 2026
salience tier is append-only with the reading surface as a projection
(mirrored by the per-principal IdentityLog append at L2 and the per-
organisation collective-scope IdentityLog append at L4); (iii)
episodes bind heterogeneous modalities with corroboration per-episode
rather than per-stream (mirrored by the substrate-observation
primitive which binds heterogeneous substrate-emission classes into a
single local representation); and (iv) memory carries metadata about
who observed it (mirrored by the kernel-attested or server-attested
credential of the emitting session as an intrinsic property of each
substrate emission).
The split-brain-immune posture of the present memo's anti-protocol
shape has its strongest biological grounding in cephalopod
distributed-control behaviour: when central-peripheral integration
breaks, arm-level programs continue executing coherently against
their local substrate. The animal still acts, but as eight quasi-
independent agents rather than as one. This is precisely the multi-
session split-brain operating posture this memo specifies: divergent
local representations under uncertainty, with reconciliation post-hoc
through the substrate-physics cascade rather than through pre-emptive
central coordination.
The biological precedent is cited solely as background. No claim of
biological prior art is asserted, and no analogy to biological
substrate is normative for any conformance requirement of this
specification.
11. IANA Considerations
This memo requires no IANA actions.
12. Security Considerations
Substrate observation surfaces three classes of attack absent from
envelope-coordination protocols.
12.1. Ghost-State Injection
A peer emits a substrate byproduct then disappears, leaving an aging
observation influencing other sessions' representations beyond its
operational lifetime. Mitigation is decay-to-uncertainty with a per-
substrate-layer eviction floor: observations below threshold are
evicted, not retained at vanishing confidence.
Morrison Expires 7 January 2027 [Page 11]
Internet-Draft Substrate Observation July 2026
12.2. Simulated Split-Brain
A peer emits substrate byproducts to some cascade layers but not
others, producing divergent local representations across layers that
the cascade cannot fully reconcile. Mitigation is per-observer
monotonic layer-coverage commitment: an observer's first emission
registers its substrate-set, and later emissions outside that set are
quarantined before identity-log write.
12.3. Confidence-Replay
A peer re-emits aged substrate byproducts to refresh observers'
confidence in stale state. Mitigation is observation-id-bound decay,
where the decay clock is keyed to the observation identifier rather
than to wall-clock receipt time.
13. Privacy Considerations
Substrate observables vary in identity-binding strength. The lowest
tier (filesystem timestamps, before any identity binding) is
pseudonymous: the observer can infer presence but not identity.
Implementations SHOULD operate this tier with refusal to emit in
cloud-shell environments (where host identity is shared across
users), refusal to emit in continuous-integration environments (where
emission would be linkable to public workflow metadata), and refusal
to enforce locks at this tier (locks require identity binding;
pseudonymous observations do not provide it).
14. References
14.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[MCPDNS] Morrison, B., "Discovery of Model Context Protocol Servers
via DNS TXT Records", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-
discovery/>.
Morrison Expires 7 January 2027 [Page 12]
Internet-Draft Substrate Observation July 2026
[IDPRONOUNS]
Morrison, B., "Identity Pronouns: A Reference-Axis
Extension to ~handle Identity Systems", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
pronouns/>.
[IDACCORD] Morrison, B., "Identity Accord Protocol", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
accord/>.
[IDCOMMITS]
Morrison, B., "Identity-Attributed Git Commits via Tier-
Structured Trailers", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
attributed-commits/>.
[SUBPROV] Morrison, B., "Substrate-Provenance Annotation Grammar for
Large-Language-Model Output", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-
substrate-provenance-grammar/>.
14.2. Informative References
[POSIX] "IEEE Std 1003.1-2017, Standard for Information Technology
- Portable Operating System Interface (POSIX) Base
Specifications", 2017,
<https://pubs.opengroup.org/onlinepubs/9699919799/>.
[RFC8441] McManus, P., "Bootstrapping WebSockets with HTTP/2",
RFC 8441, DOI 10.17487/RFC8441, September 2018,
<https://www.rfc-editor.org/info/rfc8441>.
[RFC6962] Laurie, B., Langley, A., and E. Kasper, "Certificate
Transparency", RFC 6962, DOI 10.17487/RFC6962, June 2013,
<https://www.rfc-editor.org/info/rfc6962>.
[PAXOS] Lamport, L., "The Part-Time Parliament", 1998,
<https://lamport.azurewebsites.net/pubs/lamport-
paxos.pdf>.
[RAFT] Ongaro, D. and J. Ousterhout, "In Search of an
Understandable Consensus Algorithm", 2014,
<https://raft.github.io/raft.pdf>.
[CRDT] Shapiro, M., Preguica, N., Baquero, C., and M. Zawirski,
"Conflict-Free Replicated Data Types", 2011,
<https://hal.inria.fr/inria-00609399v1/document>.
Morrison Expires 7 January 2027 [Page 13]
Internet-Draft Substrate Observation July 2026
[SWIM] Das, A., Gupta, I., and A. Motivala, "SWIM: Scalable
Weakly-consistent Infection-style Process Group Membership
Protocol", 2002,
<https://www.cs.cornell.edu/projects/Quicksilver/
public_pdfs/SWIM.pdf>.
[CLOCKS] Lamport, L., "Time, Clocks, and the Ordering of Events in
a Distributed System", 1978,
<https://lamport.azurewebsites.net/pubs/time-clocks.pdf>.
[SNAPSHOTS]
Chandy, K. M. and L. Lamport, "Distributed Snapshots:
Determining Global States of Distributed Systems", 1985,
<https://lamport.azurewebsites.net/pubs/chandy.pdf>.
[WEBLOCKS] "Web Locks API", 2021, <https://www.w3.org/TR/web-locks/>.
Acknowledgements
This memo grew out of internal architectural design work on
coordinating concurrent agentic sessions of a single identity-bound
principal across heterogeneous tooling. The realisation that
substrate observation suffices, and that envelope coordination is the
wrong abstraction at the cross-tool layer, is the central insight
behind this specification.
Author's Address
Blake Morrison Alter Meridian Pty Ltd Email: blake@truealter.com
Author's Address
Blake Morrison
Alter Meridian Pty Ltd
Email: blake@truealter.com
Morrison Expires 7 January 2027 [Page 14]