§ SIGNIT · Operating Runbook

SIGNIT Runbook

How Autonoma Intelligence inspects, governs, and recovers its governed multi-agent system — the operating model beneath the six SIGNIT stages. The discipline is restraint: most of the system is report-only, and every consequential action is fenced behind an explicit gate and human approval.

What this is. A public capability overview and operating-model abstraction. It describes how SIGNIT is governed in principle — the control loops, the status language, the gates, and the recovery patterns. What it is not. A live operational attestation, a status dashboard, or a description of any specific run. Internal surfaces, schedules, and tooling are intentionally omitted.

Quick-start

The first five minutes

Read state before acting. Start with the system’s current operating posture, confirm the loop-board, check repository integrity, review reachability, then read the latest audit. Never act on a stale surface without re-running the relevant checker.

Step	Read	What to decide
1	Current-system-state surface	What is the system’s current operating posture?
2	Loop-board surface	Are any control loops genuinely blocked?
3	Repository-integrity surface	Is observed change expected runtime output, or source drift?
4	Operational-reachability surface	Are owners, surfaces, and mirror durability intact?
5	Nightly-audit surface	Did the latest run and audit complete with only known proof-pending items?

§ 01

What SIGNIT is

SIGNIT is the assurance-and-control layer around an autonomous research-and-publishing system. It governs whether the system’s outputs are trustworthy, reachable, evidence-bounded, and safe to move through brief-production gates. SIGNIT does not make a claim true by fiat; it proves whether the pipeline has earned the right to use a claim, surface a brief, draft prose, prepare a layout, or pursue publication.

The operating discipline is restraint. Most SIGNIT routines are report-only. Mutating actions — calling external providers, writing the knowledge stores, updating routing state, promoting canonical claims, preparing a handoff, or publishing — are fenced behind explicit gates and, for consequential actions, explicit operator approval.

§ 02

System topology

Two planes matter. A private control plane holds the authoritative source, run outputs, and assurance artifacts — the local control surface from which decisions are made. A redacted state mirror carries a safe subset of operator surfaces for external review. Mirror durability means the safe-state surface exists in the mirror; it does not mean website publication or message delivery.

Plane	Role	Operator meaning
Private control plane	Authoritative source and run-output store	The authoritative local control plane.
Redacted state mirror	Redacted operator-state surface	Readable state for external review — not public publication.

§ 03

The six operating loops

SIGNIT is organized as six governed control loops. Each carries two separate signals: implementation status (is the machinery built?) and current condition (is its latest proof present?). A loop can be fully implemented and still amber, because the latest proof artifact has not yet arrived.

Loop	What it controls	When it runs
Nightly Run Validation	Validates the production run and its post-run assurance without re-running production agents.	Scheduled, after the production run.
Brief Evidence Rescue	Prevents strong evidence from staying buried in deltas, synthesis artifacts, snapshots, and blocked queues.	On demand, when an evidence packet is partial.
Selector Allocation Quality	Ensures capped verification capacity is spent on the best eligible candidates.	Inside the production run; reviewed afterward.
Graph & Routing Usefulness	Keeps graph and routing data advisory, fresh, exact-ID joined, and never used as claim evidence.	On the authorized post-run assurance path.
Brief Readiness	Gates movement through readiness, outline, draft, provider review, layout, handoff, and publication.	On demand, before each movement gate.
Stale-Safe Surface	Prevents partial, runtime-active, stale, or unsafe surfaces from being committed or mirrored.	At pre-commit, nightly audit, and mirror sync.

§ 04

Reading green, amber, and red

Green means the applicable proof is present and clean. Amber usually means the machinery is operational but awaiting a natural run, sidecar, or expected runtime output. Red means a blocked gate, unsafe source drift, test failure, active runtime, or missing required proof that must be resolved before proceeding.

Status	Meaning
Amber — runtime or proof pending	Loops are implemented but awaiting current-run proof or sidecars.
Amber — expected runtime dirt	Dirty output is expected runtime output, not source drift.
Red — source drift	A governed source, config, or test file changed. Commit, revert, or explain it before treating the worktree as clean.
Green — reachable	Required owners, triggers, outputs, and mirrored surfaces are reachable and non-conflicting.

§ 05

What to read first

When something looks off, read the authoritative surfaces in priority order rather than reacting to a single signal.

Current system state — the system’s operating posture right now.
Loop board — the condition of each of the six loops.
Operational reachability — owners, surfaces, and mirror durability.
Repository integrity — expected runtime output vs. source drift.
Nightly audit — whether the latest run and audit completed cleanly.
Brief portfolio — where each brief sits in the lifecycle.
Graph & routing state — advisory route context and its freshness.
Operations queue — the current prioritized work.

§ 06

Scheduled work

SIGNIT runs a production pass and a separate assurance pass, plus a set of specialized monitors. The production pass writes state and may call providers; everything else is biased toward report-only and inert modes. Each class of work has an explicit boundary.

Job class	Boundary
Production run	Writes production state; may call providers.
Nightly audit	Read-only assurance. No provider calls or store writes.
Post-run routing & graph assurance	The single authorized path for routing/graph apply.
Truth reconciliation	Report-only.
Evaluator sweep	Inert dry run, report-only.
Provider watchlists	Source-monitoring surfaces.
Handoff review	A gated review path.
State-mirror sync	Redacted operator-state mirror sync.

§ 07

Graph and routing assurance

Graph and routing data are advisory, not evidentiary. A single authorized post-run path is the only writer for routing apply and graph-assurance reconciliation. Raw graph context must never enter claim evidence; its value belongs only in mediated route-state caveats or constrained allocation layers.

When the graph loop is amber awaiting exact-run sidecars, the watchdog can still report mediated route value while the exact reconciliation inputs have not arrived. The correct recovery is the natural post-run proof — never a manual graph write.

§ 08

Selector allocation and deep-fetch fairness

Selector allocation governs scarce verification capacity. The capped selector prioritizes eligible candidates by priority bucket, evidence strength, source diversity, and deterministic tiebreakers. Deep-fetch budget fairness protects promoted-memory claims from being starved by earlier queues. The budget ledger proves allocation fairness — it is not a provider call, and not a substitute for an actual deep fetch.

§ 09

Brief lifecycle gates

Brief movement is staged, and clearing one gate never clears the next. A controlled draft is not publication. A handoff preview is not delivery. A formatted preview is not layout authorization or website publication. The distinction between assurance (a verdict) and proof (the artifact behind it) holds at every gate.

Gate	What it means	What it does not mean
Readiness	Evidence appears strong enough for operator review.	Not an outline or draft authorization.
Outline	A structural packet can guide a draft.	Not a prose draft.
Controlled draft	An internal prose artifact for review.	Not final or publication-ready.
Provider review	The fact-check / red-team gate.	Not layout authorization.
Layout / formatted preview	A reviewable formatted artifact.	Not publication or delivery.
Handoff preview	A package prepared for possible delivery.	Not a send.
Publication	An external publication action.	Requires explicit separate approval.

§ 10

Mirror durability

Mirror durability proves that a redacted operator surface is mapped, present, redaction-safe, and hash-consistent in the mirror. It does not publish a brief. Only safe operator surfaces are mirrored, and only through the generator mechanism; raw databases, secrets, provider payloads, and raw logs are never mirrored. Mirror durability and public release are different states — one is internal readability, the other is an authorized publication action.

§ 11

No-touch principles

The following actions are never taken casually. Each requires the authorized path or explicit operator approval.

Run providers or models outside the authorized production or review gate.
Write production stores, promote canonical claims, or mutate finality without explicit approval.
Write graph state or apply routing updates outside the single authorized path.
Generate brief draft text from the assurance or audit path.
Record a final delivery decision without explicit delivery authorization.
Send messages, deploy website content, or publish without explicit authorization.
Change schedulers, scheduler contracts, environment configuration, or secrets without explicit operator approval.
Use broad version-control staging, force-push, or manually copy mirror surfaces outside the generator mechanism.
Delete, stash, reset, or clean expected runtime dirt merely to make status look clean.

§ 12

Recovery playbook

Most red and amber states have a known, restrained recovery. The recurring principle: distinguish expected runtime dirt from source drift, and let natural runs emit proof rather than forcing writes.

Symptom	Meaning	Recovery
Integrity: red source drift	A governed source, config, or test file was modified.	Confirm live status; commit intended path-scoped changes or revert accidental ones. Do not clean runtime dirt.
Integrity: amber runtime dirt	Expected run outputs are dirty.	Usually no action. Investigate only genuinely unexpected paths.
Red unexpected dirt	A path no registered family claims has appeared.	Identify the producer; register it narrowly if legitimate, or remove the stray artifact. Never add a broad catch-all.
Loop board: amber proof pending	The machinery works; current-run proof has not been emitted.	Wait for the natural run or post-run sidecar. Do not force production or graph writes.
Runtime active	A run is in progress.	Do not commit generated surfaces. Wait, then re-check stale-safe.
Graph missing exact sidecar	An exact-run reconciliation input is not yet available.	Let the post-run path emit it; never fix with a manual graph write.
Claim finality attention	Load-bearing claims need deep-fetch escalation.	Treat as a provider action: a production run or explicit authorization only.
Mirror missing or hash mismatch	Mirror sync failed or drifted.	Run mirror inventory and redaction checks; let path-scoped sync restore parity.
Canonical promotion blocked	Evidence quality or finality is insufficient.	Do not force promotion; require stronger evidence and operator approval.

§ 13

Proof artifacts by loop

A loop closes to green only when its proof is present and clean. Each loop has a characteristic set of closing artifacts.

Loop	Proof that closes it
Nightly Run Validation	The nightly audit record, the run-intelligence report, the claim-finality queue, the canonical inbox, and the graph watchdog.
Brief Evidence Rescue	The brief evidence-spine packet plus buried-evidence excavation artifacts.
Selector Allocation	The capacity and selection-quality review, the evidence-tiebreaker proof, and promoted-memory bridge tests.
Graph & Routing	The graph watchdog record, the graph-assurance reconciliation pass, and route/portfolio convergence proof.
Brief Readiness	The brief portfolio record, the readiness decision, the outline, and readiness-review tests.
Stale-Safe Surface	The loop board, operational reachability, repository integrity, and the stale-safe / reachability / mirror tests.

§ 14

Reading debt and watch items

Watch items are not failures. They are states that need interpretation before action. The categories below recur; before treating any of them as a defect, read the current authoritative surface, because later work may have already closed it.

Watch item	How to read it
An integrity surface can be stale	If a surface reports source drift, compare against the current head and re-run the checker.
Loops awaiting proof or sidecars	Amber is expected until the natural run or post-run proof lands.
A missing exact-run graph reconciliation	Do not force graph writes; wait for, or debug, the natural post-run path.
Claim-finality attention	Deep-fetch escalation is provider- and cost-bearing; it needs the proper run or explicit approval.
Link-validator debt	Treat as operations debt — do not confuse it with a brief-evidence failure.
Preview exists, delivery gated	A brief can have a formatted or handoff preview while delivery remains false. A preview is not a send.

§ 15

Glossary

Term	Definition
Assurance report	A derived surface that states a verdict. It is not equivalent to the operational proof artifact it summarizes.
Controlled draft	A governed internal draft artifact. Not layout-ready or publication-ready by default.
Expected runtime dirt	Run-generated output paths classified as expected by the repository-state contract.
Graph / routing advisory signal	Route-state or allocation context that may guide decisions but is never claim evidence.
Loop	One of the six operating control loops in the loop registry.
Mirror durability	Proof that a redacted operator surface is generated, mapped, redaction-safe, and present in the mirror.
Promoted memory	Claims promoted into the verification pipeline from staging, protected from deep-fetch budget starvation.
Stale-safe	The commit/mirror gate ensuring generated artifacts are complete, current, and safe before becoming authority.

§ 16

Safe-action principles

Before any consequential action, the operating model favors a small set of habits over improvisation:

Read before you write. Confirm current state from the authoritative surface; never act on a stale snapshot.
Prefer read-only and dry-run modes when inspecting, and scope every check as narrowly as the question allows.
Treat open questions as prompts, not defects — verify them against the current state before concluding anything is broken.
Let natural runs emit proof. When a loop is amber for want of a sidecar, wait for the run rather than forcing a write.
Keep mutation on the authorized path — providers, stores, routing, promotion, delivery, and publication each have one, and only one, sanctioned route.

Interested in building governed agentic systems?

SIGNIT is how Autonoma Intelligence keeps an autonomous research system trustworthy, auditable, and safe to publish from. If you are designing agentic systems that need the same discipline, we’d like to hear from you.

Contact Autonoma Intelligence →

This runbook is a public operating-model overview, not a live operational attestation. It abstracts the governance model behind SIGNIT and intentionally omits internal surfaces, schedules, and tooling. For the system at a glance, see the SIGNIT diagram; for editorial standards, see the editorial charter.