The 19 Primitives
Named patterns for governed agentic systems — runtime, lifecycle, and substrate primitives organized into the Rings Model.
The 19 primitives are the building blocks of AGF. They are not new inventions — they are named patterns drawn from established practice across distributed systems, security engineering, compliance, and control theory. The contribution is pulling them together into a composable architecture for the agentic context.
Runtime Primitives (#1–#17)
These operate within or across the ring pipeline during agent execution.
| # | Primitive | Ring | One-Line Description |
|---|---|---|---|
| 1 | Separation of Producer & Verifier | 0+1 | The agent that creates output must not be the sole agent that validates it |
| 2 | Validation Loops with Convergence Gates | 1 | Iterative verification until quality thresholds are met or budget is exhausted |
| 3 | Self-Improving Cycles | 3 | The system gets better by learning from its own execution |
| 4 | Adversarial Critique | 1 | Dedicated challenger that actively tries to find flaws |
| 5 | Structured Output Persistence | Fabric | Every ring produces and consumes structured artifacts — the data contract |
| 6 | Provenance Chains | Fabric | Every output carries its full decision history |
| 7 | Bounded Agency | 2 | Agents operate within explicit, enforced boundaries |
| 8 | Governance Gates | 2 | Explicit decision points where execution pauses for authorization |
| 9 | Policy as Code | 2 | Governance rules as versioned, executable, testable objects |
| 10 | Event-Driven Observability | Fabric | Every ring emits structured events — the shared nervous system |
| 11 | Trust Ladders | 2+3 | Trust is earned through demonstrated performance, not granted by default |
| 12 | Memory-Augmented Reasoning | 0+3 | Agents reason with persistent memory, not just immediate context |
| 13 | Error Handling & Recovery | Fabric | Graceful degradation, checkpointing, compensation |
| 14 | Identity & Attribution | Fabric | Every agent has authenticated, inspectable identity |
| 15 | Adversarial Robustness | Security | Assume breach. Defense in depth. Verify explicitly. |
| 16 | Transaction & Side-Effect Control | 0+2 | Pre-commit/commit/post-commit for irreversible actions |
| 17 | Data Governance & Confidentiality | 2+Fabric | Classification, consent, PII, lineage, retention at every data flow |
Lifecycle Primitive (#18)
| # | Primitive | Scope | One-Line Description |
|---|---|---|---|
| 18 | Evaluation & Assurance | Pre-deployment | The gate before the gate — validates configurations before they reach production |
Substrate Primitive (#19)
| # | Primitive | Scope | One-Line Description |
|---|---|---|---|
| 19 | Agent Environment Governance | All rings | Governed composition of context, instructions, tools, workspace, and memory |
How They Map to the Rings
- Ring 0 (Execution): #1, #5, #12, #14, #16 — the agent works, produces structured output, with identity
- Ring 1 (Verification): #1, #2, #4 — separate verifier, iterative loops, adversarial critique
- Ring 2 (Governance): #7, #8, #9, #11, #16, #17 — boundaries, gates, policy, trust, transactions, data governance
- Ring 3 (Learning): #3, #11, #12 — self-improvement, trust calibration, memory
- Fabric: #5, #6, #10, #13, #14, #17 — structured output, provenance, events, errors, identity, data governance
- Security: #15 — adversarial robustness as a pervasive concern
Primitive Interaction Tensions
The primitives are not always harmonious. AGF names seven tensions with architectural invariants that resolve them:
| Tension | Conflict | Invariant |
|---|---|---|
| Self-Improvement vs. Reproducibility | #3 changes behavior; #6 requires traceability | Always reproducible at a specific version |
| Trust Ladders vs. Governance Gates | #11 reduces oversight; #8 ensures accountability | Can skip a spot-check, never regulatory approval |
| Bounded Agency vs. Self-Improvement | #7 constrains; #3 improves — can it expand itself? | The box can get smarter inside. It cannot grow itself. |
| Validation vs. Latency/Cost | #2 improves quality; each pass costs time and money | Quality bounded by economics, not just capability |
| Memory vs. Signal-to-Noise | #12 accumulates knowledge; stale memories inject noise | Growth without curation is hoarding, not learning |
| Policy as Code vs. Self-Improvement | Can Ring 3 change Ring 2's policy rules? | Can suggest governance changes, cannot enact them |
| Environment vs. Governance Integrity | #19 optimizes the environment — but it IS the control surface | The environment can get better. It cannot get less governed. |
Implementation Priority
For a practical implementation roadmap organized by phase, see the AI Engineering Profile.
For the complete primitive catalog with full patterns, deployment modes, security architecture, and existing work mapping, see the canonical source.