Manifesto · v0.4 · 2026

An agent-native system for doing real work, correctly.

Infrastructure for agent autonomy under explicit authority. Senza bridges probabilistic reasoning and deterministic execution. This document describes what Senza is, what it is not, and the subsystems that carry the architecture.

§1

Agents that write without proof break the systems they touch

Agents can reason, and agents can call APIs. The link between the two is currently text. A model emits JSON, a wrapper executes it, and the side effect lands in a system of record. There is no gate between the probability distribution and the committed transaction.

The failures are predictable: agents write fields they were never authorized to touch; they act on stale or hallucinated context; the record of what happened lives in a model output buffer, not an audit log; a change cannot be reviewed before it lands, or reconstructed after. Each of these is treated as a prompt-engineering problem. They are not. They are architectural problems.

Senza is the architectural answer. Authority, validation, scope, permissioning, execution, and audit are named subsystems with explicit contracts. Nothing bypasses them. The rest of this document describes what they are and how they compose.

§2

Operating system for vertical agents

Senza is a runtime for agents that interact with systems of record. Where chat wrappers pass text to a model and hope, Senza enforces policy, invariants, permissions, and audit before any action commits.

Engineers define rigid boundaries for agent behaviour. Autonomy never compromises system integrity.

§3

Negative scope

Three positions define what Senza refuses to be.

Not a co-pilot.: Agents don't assist. They act, under verified authority, with audit.
Chat facilitates. Logic determines.: Chat is a surface for intent. Authority is enforced by typed actions, policy checks, and explicit commits.
Not magic.: Every decision path is traceable, reversible, and defined in code.

§4

Philosophy

Three commitments inform every design decision.

01 Authority
Intent is not permission. Agents prove authorization for specific mutations at the moment of execution, not at login.
02 Execution
Probabilistic reasoning must not directly drive deterministic writes. A validation layer sits between them.
03 Agents
Agents are software, not employees. They require observability, versioning, policy constraints, and kill-switches.

§5

Architecture

Every mutation in Senza follows the same path. Intent enters through chat or a surface. The LLM contract disambiguates it into structured tokens. SGIL validates the resulting diff against policy and invariants. The Canonical Work Graph resolves scope. Permissioning gates the write. Execution commits. Audit records. SARA observes the path at the edges.

Fig 1.0 · Write pathv0.4.1

Intent
LLM Contract
SGIL
Work Graph
Permissioning
Execution
Audit

Context Engine: hydrates scope at every step.

SARA: observes transitions at the edges; does not train on content.

§6

Subsystems

Five subsystems carry the architecture. Each has a single role, an explicit contract, and no overlap with the others.

SGIL: A deterministic, diffable, confirmable write boundary for every state mutation. SGIL is where intent becomes a reviewable transaction before it becomes a committed one. Nothing bypasses it.
Context Engine: Proposes and manages the artifact bindings an agent needs to act, staged from proposed to active, always scoped to a task or timebox. Agents don't hallucinate context; they receive it.
SARA: Edge-instrumented telemetry that learns routing and stopping decisions without using customer content as training data. Observability that sharpens the system without compromising what's in it.
Permissioning & Visibility: Tenant, connection, and owner-scoped row-level security enforced below the action layer. Authority is not implied by the caller; it is proven per-row, per-op, every time.
Audit: An append-only, immutable record of every authority-bearing action. Every commit is reconstructable after the fact, by anyone with the right to look.