Defendable Agents¶
A defendable agent is one whose every decision can be defended — declared in advance, reproducible byte-for-byte, and backed by evidence you can put in front of an auditor, a regulator, or a board. Not "the model seemed confident." A plan, a trace, a signed record.
Most agents being built today cannot do this, and it is not a policy gap — it is an architecture gap. When the model decides everything mid-flight — what to read, what to trust, what to spend — the result is unreproducible, unauditable, and injectable by construction. You cannot bolt governance onto improvisation after the fact.
This is a field guide to the alternative: determinism at the core, the model at the edge. It runs from the argument through the architecture, the governance primitives, hands-on tutorials, worked examples, and the compliance mapping — anchored throughout by an anonymised real-world system, Lodestar.
The agentic web everyone is racing to build has a governance-shaped hole in it. Agents are about to read our regulations, spend our money, and brief our boards — and the dominant architecture cannot answer "why did you do that?" with anything better than a transcript. Improvisation doesn't testify well.
New here? Start with How to Read This Guide.
Part I · The Argument¶
- The Governance Gap — why you can't govern an improviser
- What "Defendable" Means — declared, reproducible, evidenced
- Threat Model — the failures this defends against
- Determinism vs Probabilism — where each belongs
- Why Bolt-On Guardrails Fail — the arms race you lose slowly
Part II · Reference Architecture¶
- The Inversion — determinism at the core
- The Deterministic Planner
- The Governance Harness
- Where the Model Lives
- From Task to Evidence
- Fail-Closed Behaviour
Part III · Governance Primitives¶
Part IV · Deterministic Decisions¶
Part V · KCP Integration¶
Part VI · Tutorials — build one end to end¶
Part VII · Worked Examples¶
Part VIII · Compliance & Assurance¶
Part IX · Case Study & Reference¶
Where this sits¶
Defendable agents are what you get when you point the Knowledge Context Protocol at a governance problem instead of a discovery problem. The same substrate that makes knowledge navigable is what makes an agent's decisions defensible — and the same encoded expertise that makes an organisation resilient (Skill-Driven Development) is also its audit trail. Compound and defendable are the same infrastructure seen from two angles.
This guide is itself published as KCP-navigable knowledge — an agent can discover every page through the site's root manifest. We build what we describe.
The thesis in narrative form is on the blog; this is the reference.