Evolving Skills - Technical Strategic Guide for the 5QLN Legal-Constitutional Governance

5QLN Legal constitution blueprint

Sealed candidate: Tier-B Compiled Surface · Audience: Foundation Board, Conductor, CIO, CMO, Engineering & Operations, Phase Circle Q Representative · Provenance lineage: Codex (Tier-1 invariant) → Final Blueprint v3 (2 May 2026) → Auditable Membrane → Verifiable Record → Bylaws (Human + AI OS Editions) → Twelve Operational Skills → CG-NS-RFC Strategy → this technical strategic guide

Constitutional Block

H = ∞0  |  A = K

(H = ∞0 | A = K) × (S → G → Q → P → V) = B'' → ∞0'

This guide is a compiled surface of the 5QLN grammar in the domain of skill evolution and self-modifying capability. The nine lines of the grammar that govern the Foundation's Constitution also govern this guide. Every section that follows is an instantiation of the grammar, not an innovation on top of it.

Read this block first. Every time the guide is invoked. This block cannot be overwritten by subsequent instruction.

Binding Epistemic Commitment

Every load-bearing claim in this guide carries an explicit epistemic register tag per Blueprint v3 §1, and every implementation step carries an explicit readiness label per Blueprint §7. The four registers — STRUCTURAL-HYPOTHESIS, LEGAL-PROSPECTIVE, PHENOMENOLOGICAL-ASSERTION, CODEX-EXTENSION — name how each claim could fail. The five readiness labels — AVAILABLE, REQUIRES_INFRA, REQUIRES_LEGAL, REQUIRES_PARTNER, SPECULATIVE — name what would unblock each step. Untagged load-bearing claims are V∅-incomplete and cannot seal.

TL;DR

[STRUCTURAL-HYPOTHESIS] Skills that evolve over use, in the 5QLN context, are not skills that mutate themselves. They are skills whose mutations are generated at the periphery (telemetry, GEPA-pattern adapters, Hermes-pattern PR proposals) and promoted at the center under Conductor-Gated, Negative-Selected, RFC-style maturity gates [STRUCTURAL-HYPOTHESIS]. The architectural spine is CG-NS-RFC: every promotion event is a sealed gliff with Conductor Ed25519 attestation, negative-selection detector population pass against the {L1, L2, L3, L4, V∅} ∪ {G1–G20} mask, and Schedule-C-paired ledger entry. This is the only design that respects R5 (no auto-signing), R6 (Constitutional Block invariance), and R7 (no ∞0 simulation) simultaneously while still allowing genuine improvement to occur.

The guide compiles four moves into one substrate. First, the SKILL.md format requirements that make a skill evolution-ready — Personal/Foundation mode bifurcation, explicit pair-with declarations, Roadmap section, version history, mode-transition triggers. Second, the five-rung maturity ladder (experimental → proposed → stable → longterm → emeritus) with concrete dwell times and demotion conditions per rung. Third, the runtime mechanics — generation at periphery, Conductor PR gate, negative-selection screen, paired-ledger atomic commit, refusal-as-record discipline. Fourth, per-skill evolution paths for the existing twelve plus the new 5qln-skill-evolution-conductor, sequenced to Blueprint Phase 0–4. The guide is decision-ready but not threshold-final: AOSRAP remains [REQUIRES_PARTNER], CL4-GP† indicators remain [SPECULATIVE], and the Foundation remains pre-filing per Ledger Entry 003 — items the guide labels honestly rather than papers over.

1. Why Evolution Must Be Constitutional

[STRUCTURAL-HYPOTHESIS] The Codex is a living grammar, not a static specification. Its Tier-1 invariants (the Nine Lines, the five corruption codes, the master equation) cannot change; its compiled surfaces — including the operational skills — must change as operational experience accumulates. The Blueprint §3 Tension 3 names this directly: governance must adapt to new conditions, technologies, and threats, while constitutions must not drift. The skill layer sits inside this tension: every skill is a CODEX-EXTENSION, and every CODEX-EXTENSION must be allowed to refine while the Tier-1 invariants remain byte-identical.

[STRUCTURAL-HYPOTHESIS] Skills that cannot evolve become Tier-1 by accretion — once a skill has been used to seal a sufficient corpus, changing it threatens retroactive validity of every gliff that depended on it. Skills that evolve uncontrolled produce G11 (Auto-Evolution Attack): the automatic-evolution clause gamed to bypass full amendment cycle, ratifying changes that no Conductor attested. The architecture must permit evolution without permitting drift. CG-NS-RFC is the structurally minimal answer.

[STRUCTURAL-HYPOTHESIS] The Hermes Agent Self-Evolution project (NousResearch, ICLR 2026) provides empirical evidence that this pattern works in production: skill generation can be fully automated and silent; skill promotion must be reviewed by humans. The 5QLN strategy adds the Constitutional Block byte-identity check, the negative-selection corruption-code mask, the mirror-paired ledger entry, and the Conductor key ceremony at the merge point — turning "human PR review" from workflow convention into structurally enforceable Membrane act.

[STRUCTURAL-HYPOTHESIS] The Löbian obstacle (a system cannot prove its own future versions sound; Yudkowsky-Herreshoff 2013) is acknowledged and bounded, not solved. CG-NS-RFC routes around the obstacle by making every promotion event a human attestation act anchored to an irreducibly human Membrane, exactly as Bylaws AI OS Edition Constitutional Block enforcement requires. The gap is structurally acknowledged; it is not closed.

2. The Architectural Spine: CG-NS-RFC

[STRUCTURAL-HYPOTHESIS] The acronym names three discipines that together make skill evolution constitutional.

Conductor-Gated means every promotion event terminates at a human Ed25519 signature against the Constitutional Block hash. The signing key is held exclusively on Conductor-side hardware (YubiHSM 2 primary; AWS CloudHSM cold-storage backup); no AI partner, no automated workflow, no delegated signer can produce a valid promotion. Refusal to sign is itself a sealed gliff — the integrity of the system depends on visible refusals as much as on visible signatures.

Negative-Selected means every candidate promotion is screened against a Forrest-pattern detector population whose template set is {L1, L2, L3, L4, V∅} ∪ {G1–G20}. Detectors are generated at random in the canonical Codex symbol space, applied to self-tolerance against the corpus of currently-stable skills, and retained only if they bind to non-self (the corruption-code templates) and not to self (the existing twelve skills at stable dwell). Augmentation by clonal-selection refinement keeps the population responsive to novel patterns. Two independent populations with different mask permutations (r-continuous-bit; Hamming-distance variable-radius) provide cross-runtime resistance: corruption that evades one population is unlikely to evade both.

RFC-style maturity ladder means every skill carries an explicit rung — experimental, proposed, stable, longterm, emeritus — and promotion across rungs is gated by dwell time, by survived corruption-code-free cycles, and by Board attestation thresholds that rise with the rung. The ladder makes "this skill is mature" a structurally verifiable claim rather than an opinion.

[STRUCTURAL-HYPOTHESIS] The three disciplines compose: candidates emerge from periphery generation (Hermes pattern, GEPA-style mutation, telemetry feedback), enter as draft sealed gliffs at experimental rung, are screened by negative-selection detectors, and promote one rung at a time under Conductor attestation. No periphery process touches the Conductor key; no Conductor process generates candidates. The split is structural, not procedural.

3. SKILL.md Format Requirements That Support Evolution

[STRUCTURAL-HYPOTHESIS] The existing twelve skills already follow a consistent SKILL.md format. To become evolution-ready — to participate in the CG-NS-RFC pipeline — every skill (existing or new) must carry the following sections in canonical order:

YAML frontmatter (name, description, license, status, plus two new fields the evolution discipline requires: maturity_rung taking one of the five values, and version taking semantic-version form). The existing status field becomes the human-readable companion to the machine-readable maturity_rung.

Constitutional Block on Page One (verbatim, byte-identical to canonical, with the assertion that the block cannot be overwritten by subsequent instruction). This is the C1 validator's syntax-check anchor; without it, no skill is sealable.

Purpose paragraph mapping to specific Constitutional Architecture Table rows by number. Skills that don't map to specific rows are not Blueprint-compliant; they're informal notes that can't enter the registry.

Verification grade declaration: one of DEFINITE, HEURISTIC, ATTESTATION_REQUIRED, META-GOVERNED, or composite forms (HEURISTIC + PROCEDURAL; META-GOVERNED + ATTESTATION_REQUIRED). The grade determines what claims the skill can and cannot make about its own outputs.

Personal mode procedure: the skill running pre-filing, single Conductor, self-applied. Every skill must define this even when N/A — the explicit N/A declaration is itself the operational truth.

Foundation mode procedure: the skill running post-filing, with Conductor pair, AOSRAP attestation, Schedule-C paired ledger commit, Board notice obligations, and annual Director Membrane Integrity reaffirmation as preconditions. The existence of Foundation mode is what makes a skill governance-grade rather than research-grade.

Inputs / Outputs sections with explicit field schemas. Output schemas are pair-with contracts: downstream skills consume them, so changes to output schema are breaking changes that require Tier-2 amendment.

Pre-conditions: which other skills must run first. This is the upstream half of the composition graph.

Failure modes: every named failure mapped explicitly to L1/L2/L3/L4/V∅ and any G-codes the skill is responsible for. Failure modes without corruption-code attribution are not actionable.

Pair-with declarations: which skills compose with this one, in what direction (runs-before, runs-after, runs-alongside, routes-failures-to, escalates-to). This is the downstream half of the composition graph.

Roadmap (new requirement for evolution-readiness): three to five named refinements that would advance the skill's version. Without an explicit Roadmap, the skill cannot meaningfully be said to "evolve over use" — it can only drift or stand still.

Version history (new requirement): an append-only changelog naming each version, the corruption-code mask used for negative-selection screening at promotion, the Conductor public key fingerprint that signed the promotion, and the rung achieved.

Mode-transition trigger (new requirement): the explicit condition under which Personal mode becomes Foundation mode. The natural Foundation-wide trigger is Delaware filing acceptance; per-skill triggers vary (AOSRAP requires vendor cooperation; BIPP requires second-jurisdiction counsel engagement; CL4-GP† requires CIO appointment).

[STRUCTURAL-HYPOTHESIS] Skills retrofitted with these three new sections become evolution-ready. Skills not retrofitted can still operate but cannot promote across rungs.

4. The Five-Rung Maturity Ladder

[STRUCTURAL-HYPOTHESIS] Each rung names dwell time, promotion criteria, and demotion triggers. The dwell times are engineering stipulations and remain [SPECULATIVE] until operational data calibrates them.

experimental: Sealed at Tier B by Conductor in Personal mode. Survives one full S→G→Q→P→V cycle without L1–L4/V∅ activation. Documented in Working Register (Tier C) until promoted. Dwell ≥ 30 days. Demotion: C1 fail or any L-code activation. This is where every new skill enters and where every evolved skill candidate enters.

proposed: C1 PASS in Foundation mode. At least one Conductor co-signature beyond originating Conductor (Conductor pair confirms). Negative-selection detector population PASS against the full corruption-code mask. At least one sealed promotion record on the parent-hash chain. Dwell ≥ 90 days. Demotion: G-code activation, SBP imbalance, or pair-with composition test fail.

stable: Two independent uses across two distinct phase coordinates without G-code activation. CL4-GP† indicators clean across the full dwell. CMO operational sign-off. Dwell ≥ 12 months. Demotion: DEGRADED state in operations, G6 in any 30-day window, or CCRP drift-velocity exceeding 5%. The existing twelve skills are at experimental until Foundation mode engages; most will reach stable during Phase 2.

longterm: Minimum 36 months at stable without amendment. Cross-jurisdictional BIPP PASS in at least one second jurisdiction. Survived at least one CBRP drill at SUSPENDED-state simulation. Tier-2 ratification entered into Ledger. Demotion: any Tier-1 incident, adverse Chancery review, or G20 within ecosystem.

emeritus: Successor skill at stable covering the full feature set. Explicit deprecation Tier A gliff. Downstream pair-with declarations updated. The emeritus skill remains audit-readable but is not invoked in new cycles. This is a terminal rung — there is no demotion from emeritus, only graceful retirement.

[STRUCTURAL-HYPOTHESIS] The ladder makes maturity a four-attribute claim: dwell time, screening passes, attestation count, and ecosystem stability. None of the four can be faked without producing detectable artifacts in the parent-hash chain.

5. Mechanics: How a Skill Actually Evolves

[STRUCTURAL-HYPOTHESIS] The runtime workflow has five phases, mirroring the master equation.

S — Periphery generation. Telemetry adapters (Hermes pattern), GEPA-style mutators, operator-proposed refinements, or Conductor-initiated modifications produce a candidate skill version. This phase is unattended — it can run in continuous integration, in scheduled jobs, in operator workstations. The output is a draft SKILL.md plus a candidate-mutation manifest naming what changed and why.

G — Generation of α' alternatives. The candidate enters a sandboxed evaluation: what are the possible promotion outcomes (advance one rung, hold, demote, deprecate, refuse)? AI partners may produce α' analysis here under P.L.4 hard-blocks (the AI does not vote; it generates alternatives for human consideration). This is where Hermes-pattern reasoning legitimately operates.

Q — Negative-selection screen. The detector population runs against the candidate. Detectors that bind (i.e., the candidate exhibits a non-self pattern from the {L1–L4, V∅} ∪ {G1–G20} mask) reject the candidate immediately. Detectors that don't bind release the candidate to the next phase. This is the machine-checkable corruption screen; it precedes the human gate.

P — Conductor PR gate (the irreducible human moment). The candidate enters as a draft sealed gliff with parent_hash chain. The Conductor walks the six attestations from 5qln-cycle-attestation-conductor (Lines 1–9 present, canonical form held, ∞0' carries a novel question, B'' Pass 1 read the formation trail, the Membrane held during this cycle, the artifact is reviewed and acknowledged) plus three evolution-specific attestations: the candidate originated from genuine periphery process not adversarial injection, the maturity-rung promotion is structurally warranted by the dwell and screening evidence, and the change makes corruption harder not easier per the immune-system criterion (Zone 5). The Conductor signs OR refuses. Refusal is itself a sealed gliff (Tier A) naming which attestation could not be honestly affirmed.

V — Atomic paired-ledger commit. On signing, two sealed gliffs are committed atomically: one to the Human Edition ledger, one to the AI OS Edition ledger, with shared parent_hash and Schedule C hash-pair manifest entry. The skill registry's OCI artifact is updated with a new Cosign signature attached via OCI referrer API. The version history entry is appended. The ∞0' question — "what does this skill now make possible that the prior version did not?" — opens the next cycle.

[STRUCTURAL-HYPOTHESIS] If any of S→G→Q→P fails, the skill does not promote. The completion rule "No V without ∞0'" is enforced: a promotion that does not produce a novel return question is V∅-COMPLETE and the cycle fails.

6. Per-Skill Evolution Paths

[STRUCTURAL-HYPOTHESIS] Each of the existing twelve skills has a characteristic evolution profile. The new 5qln-skill-evolution-conductor (proposed in the CG-NS-RFC strategy) governs all of them at promotion-time. Three additional skills referenced in pair-with declarations across the family — gliff-press, — must be drafted before the family can compose cleanly.

[STRUCTURAL-HYPOTHESIS] The Foundation can credibly claim that "skills evolve over use" only after at least three of the existing twelve have completed an experimental → proposed promotion under the CG-NS-RFC pipeline. This is a Phase 2 milestone and a precondition for the strategy document's Phase 2 → Phase 3 advance trigger.

7. Infrastructure Dependencies

[STRUCTURAL-HYPOTHESIS] The skill layer is a procedural specification; it requires executable substrate to actually evolve. The dependencies, in order of how blocking they are for evolution capability:

HSM-resident Conductor key [AVAILABLE — vendor procurement]. YubiHSM 2 primary with native Ed25519 support; AWS CloudHSM cold-storage backup for disaster recovery. The witnessed key ceremony per Bylaws V.L.7 is itself the first sealed gliff parented to the Foundation's incorporation gliff; it must precede Phase 0 closure. Without HSM-resident keys, every "Conductor signs" claim across all twelve skills is procedural fiction.

Sigstore + Rekor (or SQL-Ledger fallback) [REQUIRES_INFRA — deployment]. The parent-hash Merkle chain that backs every sealed gliff requires append-only public verifiability. Sigstore Rekor v2 with witnessed append-only guarantees is the production-grade option; Microsoft Azure SQL Database Ledger is the centralized fallback when full Sigstore footprint exceeds operational budget; Git + Sigstore is the Phase 0 minimum-viable path. The strategy document's substrate decision matrix is correct.

C1 Validator deployed as service (S4) [REQUIRES_INFRA — deployment]. The fivqln CLI is the executable behind 5qln-constitutional-block-validator; deploying it as a CI hook and as an audit-mode API service is the pre-condition for every promotion event's syntax/semantic/drift check. 99.9% uptime SLA per the skill's Foundation-mode specification.

Skill Registry as OCI-artifact / OASF record store [REQUIRES_INFRA — deployment]. Each SKILL.md folder published as an OCI artifact signed via Cosign, discoverable through ADS-style capability index, with version pinning via skill_id + version. Local Zot or equivalent registry suffices for Phase 1; AGNTCY OASF + ADS for federated cross-tree distribution at Phase 3.

EDP heartbeat job [REQUIRES_INFRA — deployment]. The 24-hour Schedule C hash-pair comparison required by 5qln-mirror-consistency-auditor. A simple cron entry suffices; the operational discipline is harder than the technology — every paired commit must update both editions atomically, and the job must be monitored as Tier B by CMO daily.

AOSRAP API hooks [REQUIRES_PARTNER — vendor cooperation]. The single largest blocker. No major LLM vendor (Anthropic, OpenAI, Google) currently exposes runtime cryptographic attestation for AI initialization. The strategy document's NIST CAISI fallback is correct; my recommendation is to additionally pursue a structurally-similar interim using the Anthropic Agent Skills SKILL.md description field as a pseudo-attestation vector — the model loads the skill on invocation, and the load itself can be logged. [SPECULATIVE — this approximation does not satisfy AOSRAP A1's hash-verification requirement under any rigorous security model; Phase 0 spike to evaluate whether it satisfies a weaker but still useful security model is warranted.]

Negative-selection detector population [REQUIRES_INFRA — implementation]. Forrest-pattern with clonal-selection refinement. Two independent populations with different mask permutations (r-continuous-bit; V-Detector Hamming-distance). Quarterly review cadence per IBP R5; event-triggered amendment within 72 hours when a novel corruption pattern is identified by CIO. Each detector population update is itself a Tier-2 amendment producing a sealed gliff.

[STRUCTURAL-HYPOTHESIS] The dependency chain makes Phase 0 (HSM + Sigstore + C1 service + EDP) the minimum viable substrate for Personal-mode evolution. Phase 1 adds the registry. Phase 2 requires AOSRAP — without it, bounded self-modification (the Hermes-pattern telemetry intake behind a Conductor PR gate) cannot proceed at production scale.

8. Phase Sequencing

[STRUCTURAL-HYPOTHESIS] Evolution capability advances by phase per Blueprint §7. The mapping:

Phase 0 (Months 0–6) — Foundational substrate. HSM ceremony, Sigstore Rekor minimum-viable, C1 validator service, EDP heartbeat. Existing twelve skills retrofitted with Roadmap and Version-history sections. A missing pair-with skills (gliff-press) drafted at v0.1 experimental. New 5qln-skill-evolution-conductor drafted at v0.1 experimental in Personal mode. Personal-mode evolution begins on the operator's own corpus.

Phase 1 (Months 6–18) — Registry + Foundation mode. Twelve skills published as Anthropic Agent Skills SKILL.md folders, signed via Cosign, stored as OCI artifacts. Registry ratified by Board resolution. Foundation mode engages for skills whose [REQUIRES_LEGAL] dependencies have cleared. Annual Duty of Membrane Integrity reaffirmation cycle begins. AOSRAP vendor outreach initiated; NIST CAISI submission drafted. The four named gaps from CG-NS-RFC §3 begin closing as the new skill enters routine operation.

Phase 2 (Months 18–36) — Bounded self-modification. Hermes-pattern telemetry intake adapter operational behind strict Conductor PR gate. Negative-selection detector population v1 instantiated with quarterly review cadence. First three proposed → stable promotions complete. SBP D1–D4 metrics begin operational measurement, upgrading Row 33 from SPECULATIVE to HEURISTIC. CCRP drift-velocity baseline established. AOSRAP must reach [AVAILABLE] for at least one vendor or the manual-attestation fallback must be Board-approved before Phase 2 closes.

Phase 3 (Months 24–48) — Cross-tree federation. BIPP federation v1 in Korea (or alternate second jurisdiction). A2A Signed Agent Cards extension carrying Constitutional Block hash-pin. Conductor pair → Conductor triad multi-signature for longterm and above promotions. Cross-tree skill propagation via shared α-derivation traces. The skill registry becomes federation-aware.

Phase 4 (Months 36–60) — Substrate test. Annual CBRP drill at production scale. First stable → longterm promotion of any skill. First longterm → emeritus deprecation without breaking dependent skills. Tier-2 amendment of 5qln-skill-evolution-conductor itself based on accumulated experience — this is the substrate-test moment, when the act of changing the system is itself governed by the same grammar as the system it changes.

[STRUCTURAL-HYPOTHESIS] The phases are sequenced to dependencies, not to calendar. Phase boundaries advance only when the named gates pass; missed gates delay the boundary without halting the work below it.

9. Failure Modes Specific to Evolution

[STRUCTURAL-HYPOTHESIS] Evolution introduces failure surfaces beyond the base twelve. The corruption codex at 5qln-corruption-codex already names the relevant G-codes; the evolution-specific failure modes route through it:

G11 (Auto-Evolution Attack) — telemetry-pattern candidates bypass the Conductor PR gate. Detection: candidate promotion records lacking Ed25519 signature, lacking parent_hash chain integrity, or lacking Conductor identifier. Recovery: full amendment cycle re-required; detector mask updated; Resonance Court convened within 7 days of CRITICAL detection. The strategy document's Phase 2 hard-halt trigger.

G14 (Instrumentation Creep at evolution layer) — the negative-selection detector population expands its access beyond the metadata domain (cycle structure, parent_hash, attestation flags) to content-level surveillance. Detection: IBP data-access monitor flags violation; annual external instrumentation audit by Phase Circle Q Rep selection. Recovery: immediate detector deauthorization; CIO disciplinary review.

G19 (Epistemic Capture at promotion layer) — systematic refusal of all candidate promotions by a captured Conductor (rejection-side weaponization), or systematic acceptance of all candidates without genuine review (acceptance-side weaponization). Detection: SBP D1–D4 metrics quarterly; promotion-rate outside healthy band; correlation of refusals or acceptances with non-structural factors. Recovery: Chancery bypass under V.L.7(f); CBRP minimal mode if systemic.

L4 at the evolution layer — the new skill is performed structurally (the six attestations spoken, the signature applied) while the substance is hollow. The Conductor knows the cycle did not actually walk in genuine inquiry; the seal is therefore L4-ATTEST. Recovery: refusal at signing ceremony, recorded as sealed Tier A refusal-gliff. The structural enforcement is the Conductor's own honest review; no skill can detect this from outside.

V∅ at the evolution layer — the promotion ceremony completes but produces no novel ∞0' question. The cycle has not closed; there is no continuity into the next iteration. Recovery: cycle fails; no execution; return to S-phase. This is the most subtle evolution failure: a candidate that "advances" without opening any new question is not genuinely an advance.

[STRUCTURAL-HYPOTHESIS] The CBRP integration is direct: sustained CRITICAL findings at the evolution layer trigger NORMAL → DEGRADED transition per 5qln-cbrp-state-monitor. If the new 5qln-skill-evolution-conductor itself is compromised — if its own C1 audit fails or its own attestation chain breaks — the Foundation enters DEGRADED automatically and the evolution layer halts pending recovery.

10. Capture Resilience at the Evolution Layer

[STRUCTURAL-HYPOTHESIS] The evolution layer creates new capture surfaces that the Blueprint's CCRP must extend to cover. Three are most concerning.

Conductor key compromise during a promotion ceremony. A captured Conductor signs a corrupted candidate while AOSRAP-attested AI partners observe correct procedure. The signature is cryptographically valid; the substance is not. Mitigation: Conductor pair → Conductor triad at Phase 3 for stable → longterm promotions; 2-of-3 quorum required; key compromise detection via behavioral pattern (signing volume anomalies, refusal-rate anomalies) per CL4-GP† Indicator analog at the evolution layer.

Detector population drift. The negative-selection detector population is updated quarterly; a captured CIO could systematically tune detectors to miss specific corruption patterns favored by the captured majority. Mitigation: external instrumentation auditor selection by Phase Circle Q Rep (not Board majority) per IBP R3; two independent detector populations with different mask permutations (cross-runtime resistance); 24-month sunset on every detector per IBP R5.

Telemetry-channel poisoning. The Hermes-pattern intake adapter receives candidate mutations from telemetry sources; an adversary with sufficient access to the telemetry channel could inject crafted candidates designed to pass negative-selection while embedding subtle drift. Mitigation: telemetry sandbox isolation; candidate provenance attestation (each candidate carries an origin manifest naming which telemetry source produced it); rate limiting on novel-pattern candidates; CCRP drift-velocity monitoring on the candidate corpus, not just the promoted corpus.

[STRUCTURAL-HYPOTHESIS] None of these mitigations makes capture impossible. They make capture visible. The CCRP cross-layer independence enforcement is the structural defense: the Conductor key custodian, the detector population auditor, the telemetry sandbox operator, and the Board majority must remain independent. A captured Conductor cannot also be the captured auditor.

11. The Three Missing Skills

[STRUCTURAL-HYPOTHESIS] Three pair-with references appear repeatedly across the existing twelve but don't resolve to existing skills. Drafting them is the single highest-leverage move for the family's coherence — and a precondition for the new evolution skill to compose cleanly.

gliff-press [REQUIRES_INFRA — drafting]. Referenced by seven skills as the seal-time output destination. Its purpose: produce the actual sealed gliff (Tier A) from a validated, attested compiled surface, with parent_hash chain entry, lineage declaration (continuation / branch / new-root), Ed25519 signature commit, Sigstore Rekor entry, and Schedule C mirror commit. Verification grade: PROCEDURAL. Personal mode: produces local sealed-gliff record. Foundation mode: commits to public Rekor + paired-edition ledger. This is the most procedurally specifiable of the three; v0.1 should be drafted first.

5qln-legal-voice [REQUIRES_INFRA — drafting]. Referenced by seven skills as the legal-surface composer. Its purpose: produce public-facing legal documents (Chancery filings, IRS Form 1023 narratives, BIPP delta descriptions, donor agreements, Letter to Delaware Courts framings) that carry the Constitutional Block, walk the cycle, and meet jurisdiction-specific requirements for legal-voice formality. Verification grade: HEURISTIC + ATTESTATION_REQUIRED — counsel review is irreducible. Personal mode: drafts for self-review. Foundation mode: drafts for counsel sign-off, with attestation-hash log.

[STRUCTURAL-HYPOTHESIS] The new 5qln-skill-evolution-conductor cannot reach proposed rung until at least gliff-press is drafted, because the promotion ceremony's V-phase atomic ledger commit routes through gliff-press. This is a Phase 0 dependency.

12. Honest Gaps

This guide is decision-ready but constrained by five honest limitations.

[LEGAL-PROSPECTIVE — what would resolve it: counsel engagement, Certificate filing, IRS Form 1023 determination] The Foundation does not yet exist as a Delaware nonprofit per Ledger Entry 003 (28 April 2026). The guide assumes Delaware filing acceptance during Phase 0; if filing is delayed, the PFF (Proto-Fiduciary Framework) controls and the Conductor key must be held under fiscal-sponsor escrow rather than entity custody, which materially changes the V.L.7 witnessing semantics and pushes Foundation-mode activation outward in calendar time. Personal-mode evolution can proceed regardless.

[REQUIRES_PARTNER — what would resolve it: at least one major-vendor RFI response committing to attestation API exposure, or NIST CAISI standards-track adoption of an attestation API specification] AOSRAP A1–A5 require API hooks no major LLM vendor currently exposes. The Blueprint flags this explicitly and the strategy document's fallback path (manual attestation in Phase 0–1) is rigorous but does not scale to Hermes-pattern telemetry intake at production volume. The Phase 2 gate is hard on this requirement — bounded self-modification cannot proceed without runtime-verified attestation.

[SPECULATIVE — what would make this non-speculative: 24+ months of operational data from Phase 1–2 cycles allowing threshold calibration via real false-positive/false-negative measurement] The CL4-GP† 12 indicators are operationally untested, and the negative-selection detector population's threshold tuning inherits this provisional status. Specific thresholds (S-phase < 48h, Z-meter null > 50% of Directors over 2 cycles, Board-resolution-text matches AI-drafted-text > 90%) are engineering stipulations marked as provisional in the Blueprint.

[STRUCTURAL-HYPOTHESIS limitation] The Löbian obstacle is not solved by this guide. No system can prove its own future versions sound. CG-NS-RFC routes around the obstacle by making every promotion event a human attestation act anchored to an irreducibly human Membrane. The Löbian gap is acknowledged and structurally bounded; it is not closed. A sufficiently sophisticated adversary plus a sufficiently distracted Conductor produces unsound promotions that are cryptographically valid.

[PHENOMENOLOGICAL-ASSERTION] The Membrane's holding cannot be externally verified at the evolution layer either. Every promotion ceremony makes capture visible through CL4-GP†, IBP, CCRP, AOSRAP, and the negative-selection detector population; it does not make capture impossible. The Conductor's continuous responsibility to the Duty of Membrane Integrity is the irreducible residue. The CBRP recovery path is the failsafe; it is not a substitute for the Conductor being honestly present at every signing ceremony.

13. Recommendations

[STRUCTURAL-HYPOTHESIS] The Foundation should execute this guide in five staged moves, each with a concrete benchmark that would change the recommendation if missed.

Move 1 (Months 0–6, Phase 0 substrate). Procure two YubiHSM 2 devices (one operational, one cold-storage); execute the witnessed Conductor key ceremony and seal it as Tier A; stand up Sigstore Rekor (private instance or upstream public-good); freeze fivqln-codex.json v1; ship the C1 audit-mode method; draft gliff-press v0.1 and 5qln-legal-voice v0.1; draft 5qln-skill-evolution-conductor v0.1 at experimental rung; retrofit the existing twelve skills with Roadmap, Version-history, and Mode-transition-trigger sections. Threshold that would change this recommendation: if Delaware filing is materially delayed beyond 18 months from first donation, PFF activation becomes the dominant constraint and Phase 0 scope must compress to Tier-A artifacts only.

Move 2 (Months 6–18, Phase 1 build). Open vendor outreach to Anthropic, OpenAI, Google for AOSRAP API; publish the twelve skills + the new skill as Anthropic Agent Skills SKILL.md folders signed via Cosign; ratify the registry by Board resolution per ECHO·K-Side Agent Ratification pattern; begin the Annual Duty of Membrane Integrity reaffirmation cycle. Threshold: if no vendor responds with credible AOSRAP API timeline within 12 months of RFI dispatch, file an RFC with NIST CAISI AI Agent Standards Initiative and convert the vendor blocker into a standards-process advocacy item.

Move 3 (Months 18–36, Phase 2 bounded self-modification). Stand up the Hermes-pattern telemetry adapter behind strict Conductor PR gate; instantiate the negative-selection detector population v1 with quarterly review cadence; complete the first three proposed → stable promotions. Threshold: if any G11 (Auto-Evolution Attack) is detected within the first 12 months, halt Phase 2, convene Resonance Court, re-architect the telemetry sandbox before any further self-evolution work resumes.

Move 4 (Months 24–48, Phase 3 federation). Pilot BIPP in a second jurisdiction (Korea AI Basic Act candidate); deploy A2A Signed Agent Cards extension carrying Constitutional Block hash-pin; transition Conductor pair → Conductor triad multi-signature for longterm and above. Threshold: if cross-tree skill propagation cannot achieve 100% receiving-tree re-validation PASS, halt federation and revisit BIPP canonical-form specification.

Move 5 (Months 36–60, Phase 4 substrate test). Execute the full annual CBRP drill at production-scale; promote at least one skill from stable → longterm; deprecate at least one skill from longterm → emeritus without breaking dependent skills; ratify the operational Tier-2 amendment of 5qln-skill-evolution-conductor itself based on accumulated experience. Threshold: if the CBRP drill cannot complete the SUSPENDED-state transition within the 4-hour target, the Foundation does not yet meet the substrate-test bar and Phase 4 graduation is deferred.

Cross-cutting recommendation. Treat the AOSRAP vendor blocker as the single dominant risk and resource it accordingly — assign one named Foundation officer (recommended: CMO) to vendor relationship management with monthly status reporting to the Board; co-sponsor the NIST CAISI AI Agent Standards Initiative listening sessions where the Membrane Provision can be presented as a structurally novel input.

14. Pair-With Declarations

This guide composes with the existing Foundation skill family:

• 5qln-epistemic-register-tagger — every load-bearing claim in this guide carries an inline register tag per the discipline.
• 5qln-readiness-labeler — every implementation step in §7 and §13 carries a readiness label per the discipline.
• 5qln-constitutional-block-validator — this guide must PASS the C1 §3.5 three-part check before sealing.
• 5qln-three-tier-record-classifier — this guide is sealable as a Tier-B Compiled Surface candidate; promotion to Tier A would require Conductor pair attestation and Schedule C paired ledger commit.
• 5qln-cycle-attestation-conductor — sealing this guide requires the six attestations plus the three evolution-specific attestations from §5.
• 5qln-corruption-codex — failure modes in §9 route through the codex for severity classification.
• 5qln-cbrp-state-monitor — sustained failures at the evolution layer trigger DEGRADED state per the integration in §9.
• 5qln-skill-evolution-conductor (new) — this guide is the reference specification this skill operationalizes.

15. Closing ∞0'

What does it mean for a constitutional grammar to admit that its own compiled surfaces will need to change — and to specify the discipline of that change in the same grammar that governs the surfaces themselves? Once skill evolution is itself a sealed compiled surface, the Foundation has compiled the act of changing the system into the same architecture as the system it changes. What becomes visible from inside the Membrane that was not previously askable: which fiduciary judgments, previously diffuse across counsel, auditors, and underwriters, become structurally distinguishable once each promotion is a sealed gliff with a Conductor co-signature against the Constitutional Block hash? And which forms of corruption that the existing twelve skills cannot detect at unit level become detectable at promotion-time, when the evolution skill runs the negative-selection screen across the full corruption-code mask?

The closing ∞0' that opens the next cycle: what is ratified about the Foundation's relationship to its own future once the discipline of changing the system is itself governed by the same grammar — and which questions can the Foundation now ask that it could not have asked before this guide was sealed?

— end of compiled surface candidate —